Alon Bar-Lev has posted comments on this change. Change subject: setup: move the certificate generation ......................................................................
Patch Set 2: Hello Federico, I had small talk with Ayal regarding this issue. I agree that if you use vdsClient locally, you can re-generate certificate at each boot. However, when working with remote vdsClient in standalone VDSM mode, we force user to fetch certificate of CA. In this case when ovirt-node is rebooted we need to keep the same key. Because of the above I think we should behave similar to sshd regarding keys. As we support both standard (rhel) and ovirt-node configurations, we should not expect the user to distinguish between the two, and perform manually persist if working remote and using ovirt-node. Regarding the component which needs to perform the persistence... The ovirt-node core is not aware of vdsm, its roadmap is going toward total separation between the node platform and the application that is running. As result the application should be node aware (and in fact, it is currently is). As the sshd is part of the core node, the core node persists its keys, which is correct. But core node should not persist anything of vdsm. Current implementation of vdsm init.d script is node aware and does persist resources, adding these resources as well is making sense in current implementation. In future, if the roadmap of ovirt-node of pluggable application will be manifested, we may move <something> to different locations. But for now, if we want to provide the ability of remote access we should to persist the key so standard or ovirt-node will behave the same. I will be happy to discuss with you this farther if you still think some of the above is incorrect. Thanks, Alon -- To view, visit http://gerrit.ovirt.org/8368 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I40fa3d9a6a54e312e399af3f87ac67e843078360 Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Federico Simoncelli <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Barak Azulay <[email protected]> Gerrit-Reviewer: Dan Kenigsberg <[email protected]> Gerrit-Reviewer: Douglas Schilling Landgraf <[email protected]> Gerrit-Reviewer: Federico Simoncelli <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
