Alon Bar-Lev has posted comments on this change. Change subject: packaging: setup: WebSocketProxy on a separate host ......................................................................
Patch Set 15: (6 comments) http://gerrit.ovirt.org/#/c/28534/15/packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py File packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py: Line 187: "and configure the engine about it.\n" Line 188: Line 189: "1. Please execute, on this host, this command to " Line 190: "generate the private key:\n" Line 191: " openssl genrsa -out {wsp_key} 2048\n\n" please do this using m2crypto, you can see example in ovirt-host-deploy. Line 192: "2. Please execute, on this host, this command to " Line 193: "generate the Certificate Signing Request:\n" Line 194: " openssl req -new -days 3650 -key {wsp_key} " Line 195: "-out {wsp_req} -subj \"/\"\n\n" Line 191: " openssl genrsa -out {wsp_key} 2048\n\n" Line 192: "2. Please execute, on this host, this command to " Line 193: "generate the Certificate Signing Request:\n" Line 194: " openssl req -new -days 3650 -key {wsp_key} " Line 195: "-out {wsp_req} -subj \"/\"\n\n" same Line 196: "3. Than copy {wsp_req}\n" Line 197: "from this host to the engine host on the same " Line 198: "position\n\n" Line 199: "4. Please execute, on the engine host, this command " Line 194: " openssl req -new -days 3650 -key {wsp_key} " Line 195: "-out {wsp_req} -subj \"/\"\n\n" Line 196: "3. Than copy {wsp_req}\n" Line 197: "from this host to the engine host on the same " Line 198: "position\n\n" no... you should now instruct: Enroll SSL certificate for the websocket proxy service. It can be done using engine internal CA if no 3rd party CA is available by: Line 199: "4. Please execute, on the engine host, this command " Line 200: "to enroll the cert\n" Line 201: " /usr/share/ovirt-engine/bin/pki-enroll-request.sh " Line 202: "--name={name} --subject=\"/C=<country>/" Line 201: " /usr/share/ovirt-engine/bin/pki-enroll-request.sh " Line 202: "--name={name} --subject=\"/C=<country>/" Line 203: "O=<organization>/CN={fqdn}\"\n\n" Line 204: "5. Please execute this command on the engine host: \n" Line 205: "engine-config -s WebSocketProxy={fqdn}:{port}\n\n" this should be within different instruction set, maybe even first. Line 206: "6. Than copy back the signed cert from {wsp_cert}\n" Line 207: "from the engine host to this host on the " Line 208: "same position\n\n" Line 209: "7. And copy {engine_cer}\n" Line 204: "5. Please execute this command on the engine host: \n" Line 205: "engine-config -s WebSocketProxy={fqdn}:{port}\n\n" Line 206: "6. Than copy back the signed cert from {wsp_cert}\n" Line 207: "from the engine host to this host on the " Line 208: "same position\n\n" the content of certificate should be pasted back into the dialog. Line 209: "7. And copy {engine_cer}\n" Line 210: "from the engine host to this host at " Line 211: "{engine_cer}\n\n" Line 212: Line 207: "from the engine host to this host on the " Line 208: "same position\n\n" Line 209: "7. And copy {engine_cer}\n" Line 210: "from the engine host to this host at " Line 211: "{engine_cer}\n\n" this should be downloaded automatically, again, see ovirt-host-deploy. Line 212: Line 213: ).format( Line 214: fqdn=self.environment[osetupcons.ConfigEnv.FQDN], Line 215: port=self.environment[ -- To view, visit http://gerrit.ovirt.org/28534 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ifceddd5aa44a77f67a3b6b30c6678d9a3b485f9c Gerrit-PatchSet: 15 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com> Gerrit-Reviewer: Itamar Heim <ih...@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
