Simone Tiraboschi has posted comments on this change. Change subject: packaging: setup: WebSocketProxy on a separate host ......................................................................
Patch Set 11: (5 comments) http://gerrit.ovirt.org/#/c/28534/11/ovirt-engine.spec.in File ovirt-engine.spec.in: Line 193 Line 194 Line 195 Line 196 Line 197 > the pm requirement is to have this by default Done http://gerrit.ovirt.org/#/c/28534/11/packaging/setup/ovirt_engine_setup/constants.py File packaging/setup/ovirt_engine_setup/constants.py: Line 217: Line 218: KEEP_ONLY_VALID_FIREWALL_MANAGERS = \ Line 219: 'osetup.keep.only.valid.firewall.managers' Line 220: Line 221: LOCAL_WSP_CERTS_AVAILABLE = 'osetup.pki.localwsp.available' > nothing of websockets should be in common, not to mention in globals Done Line 222: Line 223: Line 224: @util.export Line 225: @util.codegen http://gerrit.ovirt.org/#/c/28534/11/packaging/setup/ovirt_engine_setup/websocket_proxy/wspconstants.py File packaging/setup/ovirt_engine_setup/websocket_proxy/wspconstants.py: Line 54: OVIRT_ENGINE_PKIDIR, Line 55: 'keys', Line 56: ) Line 57: OVIRT_ENGINE_PKICERTSDIR = os.path.join( Line 58: OVIRT_ENGINE_PKIDIR, > this patch is not to be merged at all it is very far from being complete, a can you please detail the security issues? I'll try to solve ASAP Line 59: 'certs', Line 60: ) Line 61: Line 62: OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE = os.path.join( http://gerrit.ovirt.org/#/c/28534/11/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/localwsp.py File packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/pki/localwsp.py: Line 45: condition=lambda self: self.environment[oenginecons.CoreEnv.ENABLE], Line 46: name=osetupcons.Stages.LOCAL_WSP_CERTS_AVAILABLE, Line 47: after=( Line 48: osetupcons.Stages.CA_AVAILABLE, Line 49: ), > this should be part of engine constants Done Line 50: ) Line 51: def _misc(self): Line 52: Line 53: self.logger.info(_('Creating certs for a local WebSocket Proxy')) Line 64: self.environment[oenginecons.PKIEnv.ORG], Line 65: self.environment[osetupcons.ConfigEnv.FQDN], Line 66: ), Line 67: ), Line 68: ) > yes, it's what I done: this is the engine package and it always enroll this Done Line 69: self.environment[ Line 70: otopicons.CoreEnv.MODIFIED_FILES Line 71: ].extend( Line 72: ( -- To view, visit http://gerrit.ovirt.org/28534 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ifceddd5aa44a77f67a3b6b30c6678d9a3b485f9c Gerrit-PatchSet: 11 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com> Gerrit-Reviewer: Itamar Heim <ih...@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
