Simone Tiraboschi has posted comments on this change. Change subject: WebSocketProxy on a separate host ......................................................................
Patch Set 29: (1 comment) http://gerrit.ovirt.org/#/c/26898/29/packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py File packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py: Line 139: default=22, Line 140: ) Line 141: transport = None Line 142: try: Line 143: transport = paramiko.Transport( > I am unsure why ssh is required, and why should we have the engine fqdn and The noNVC client runs into the browser and it connects to the websocket proxy over HTTPS and so, if the websocketproxy it's not anymore on the engine host, we need an additional cert for it. Cause the user is already trusting the engine CA, I don't want to rely on a self signed cert for the websocket proxy but I prefer to have a cert for it generated and signed by the engine CA on the engine host. At that point I'm simply using scp to download it from the engine host to the websocket proxy host. Line 144: ( Line 145: self.environment[ Line 146: osetupcons.ConfigEnv.REMOTE_ENGINE_HOST Line 147: ], -- To view, visit http://gerrit.ovirt.org/26898 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I169604429e5a2d72573b05c0e5481306edfdd935 Gerrit-PatchSet: 29 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Lev Veyde <lve...@gmail.com> Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
