Yedidyah Bar David has posted comments on this change. Change subject: packaging: setup: libvirt and system PKI ......................................................................
Patch Set 2: (2 comments) http://gerrit.ovirt.org/#/c/25142/2/src/plugins/ovirt-hosted-engine-setup/pki/vdsmpki.py File src/plugins/ovirt-hosted-engine-setup/pki/vdsmpki.py: Line 86: (ohostedcons.FileLocations.LIBVIRT_CLIENT_CERT, Line 87: ohostedcons.FileLocations.LIBVIRT_SERVER_CERT), Line 88: (ohostedcons.FileLocations.LIBVIRT_CLIENT_KEY, Line 89: ohostedcons.FileLocations.LIBVIRT_SERVER_KEY), Line 90: ): > Maybe you can use a localtransaction and filetransaction here. I agree in principle, but in practice I think it makes sense only if we also do the same for _generateVDSMcerts (which currently calls VDSM's vdsm-gencerts.sh). Currently, it would even make sense to submit this change as a patch for VDSM (to make vdsm-gencerts.sh also do what this change does instead of hosted-engine doing it), but it will be harder to manage (versions etc.), but again, I wouldn't want to deal with versions etc. Line 91: self._safecopy(s, d) Line 92: os.chown(d, 0, 0) Line 93: Line 94: for f in ( Line 194: ] Line 195: ) Line 196: rc, stdout, stderr = self.execute( Line 197: ( Line 198: self.command.get('restorecon'), > what if selinux is disabled? Copied code from add_host.py. I considered copying system/selinux.py from the engine and decided not to, for now - and I think it makes more sense to do that in otopi, or in some new package where we put that one as well as other things that are useful in more than one otopi user. Line 199: '-r', Line 200: cert_dir Line 201: ) Line 202: ) -- To view, visit http://gerrit.ovirt.org/25142 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I74f44c46e6720ca8c62af1afa6df4a5d7c013b49 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-hosted-engine-setup Gerrit-Branch: master Gerrit-Owner: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: Greg Padgett <gpadg...@redhat.com> Gerrit-Reviewer: Martin Sivák <msi...@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <simone.tirabos...@gmail.com> Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
