Simone Tiraboschi has posted comments on this change. Change subject: packaging: setup: WebSocketProxy on a separate host ......................................................................
Patch Set 18: (13 comments) http://gerrit.ovirt.org/#/c/28534/18/packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py File packaging/setup/plugins/ovirt-engine-setup/websocket_proxy/config.py: > please put all pki related in pki.py Done Line 1: # Line 2: # ovirt-engine-setup -- ovirt engine setup Line 3: # Copyright (C) 2013 Red Hat, Inc. Line 4: # Line 48: @util.export Line 49: class Plugin(plugin.PluginBase): Line 50: """websocket proxy plugin.""" Line 51: Line 52: def _genReqM2Crypto(self): > you do not support both openssl... so you can remove the M2Crypt :) Done Line 53: Line 54: rsa = RSA.gen_key( Line 55: self.environment[owspcons.ConfigEnv.KEY_SIZE], Line 56: 65537, Line 63: req.set_pubkey(evp) Line 64: req.sign(evp, 'sha1') Line 65: return rsapem, req.as_pem() Line 66: Line 67: def _getChainM2Crypto(self, chain): > I am unsure we need this, we can just take the pasted chain as is into the Done Line 68: Line 69: cacert = None Line 70: wspchain = '' Line 71: bio = None Line 287: @plugin.event( Line 288: stage=plugin.Stages.STAGE_MISC, Line 289: condition=lambda self: ( Line 290: self._enabled and Line 291: self._on_separate_h > this is not the condition. the condition should be if the certificate and k Done Line 292: ), Line 293: after=( Line 294: owspcons.Stages.REMOTE_VDC, Line 295: ), Line 291: self._on_separate_h Line 292: ), Line 293: after=( Line 294: owspcons.Stages.REMOTE_VDC, Line 295: ), > no reason to order this. Done Line 296: ) Line 297: def _misc_pki(self): Line 298: Line 299: wspkey, req = self._genReqM2Crypto() Line 308: ) Line 309: Line 310: self.dialog.note( Line 311: text=_( Line 312: "Please execute, on the engine host, this command " > again, using engine ca should be only an option. the text should be clear t Done Line 313: "to enroll the cert\n" Line 314: " /usr/share/ovirt-engine/bin/pki-enroll-request.sh " Line 315: "--name={name} --subject=\"/C=<country>/" Line 316: "O=<organization>/CN={fqdn}\"\n" Line 311: text=_( Line 312: "Please execute, on the engine host, this command " Line 313: "to enroll the cert\n" Line 314: " /usr/share/ovirt-engine/bin/pki-enroll-request.sh " Line 315: "--name={name} --subject=\"/C=<country>/" > this requires to put the request file in specific location and name, it sho Done Line 316: "O=<organization>/CN={fqdn}\"\n" Line 317: "Substitute <country>, <organization> to suite your " Line 318: "environment\n(i.e. the values must match values in the " Line 319: "certificate authority of your engine)\n\n" Line 312: "Please execute, on the engine host, this command " Line 313: "to enroll the cert\n" Line 314: " /usr/share/ovirt-engine/bin/pki-enroll-request.sh " Line 315: "--name={name} --subject=\"/C=<country>/" Line 316: "O=<organization>/CN={fqdn}\"\n" > please try to have lines within this text to match what logical: Done Line 317: "Substitute <country>, <organization> to suite your " Line 318: "environment\n(i.e. the values must match values in the " Line 319: "certificate authority of your engine)\n\n" Line 320: Line 314: " /usr/share/ovirt-engine/bin/pki-enroll-request.sh " Line 315: "--name={name} --subject=\"/C=<country>/" Line 316: "O=<organization>/CN={fqdn}\"\n" Line 317: "Substitute <country>, <organization> to suite your " Line 318: "environment\n(i.e. the values must match values in the " > if you put \n within text, please also start a new line of quote Done Line 319: "certificate authority of your engine)\n\n" Line 320: Line 321: ).format( Line 322: fqdn=self.environment[osetupcons.ConfigEnv.FQDN], Line 332: chain = self.dialog.queryMultiString( Line 333: name=owspcons.Queries.CERTIFICATE_CHAIN, Line 334: note=_( Line 335: '\n\nPlease input WSP certificate chain that ' Line 336: 'matches certificate request, top is issuer\n\n' > issuer can be removed, we need the chain which is the intermediate and on. Done Line 337: ), Line 338: ) Line 339: Line 340: cacert, wspchain = self._getChainM2Crypto(chain) Line 376: 'Please provide the FQDN or IP ' Line 377: 'of the remote engine host: ' Line 378: ), Line 379: prompt=True, Line 380: ) > this should be available via environment as we do with rest. I'll put in the environment just the engine cert, not the remote engine hostname cause I'm gonna to ask it till I get a valid cert to skip bad typing Line 381: Line 382: with contextlib.closing( Line 383: urllib2.urlopen( Line 384: 'https://{engine_fqdn}/ovirt-engine/services/pki-resource?' Line 380: ) Line 381: Line 382: with contextlib.closing( Line 383: urllib2.urlopen( Line 384: 'https://{engine_fqdn}/ovirt-engine/services/pki-resource?' > if you do not make any validation, use http Done Line 385: 'resource=engine-certificate&format=X509-PEM'.format( Line 386: engine_fqdn=remote_engine_host Line 387: ) Line 388: ) Line 413: condition=lambda self: ( Line 414: self._enabled, Line 415: ), Line 416: after=( Line 417: owspcons.Stages.CA_AVAILABLE, > CA belongs to engine only Done Line 418: ), Line 419: ) Line 420: def _misc_config(self): Line 421: self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append( -- To view, visit http://gerrit.ovirt.org/28534 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ifceddd5aa44a77f67a3b6b30c6678d9a3b485f9c Gerrit-PatchSet: 18 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com> Gerrit-Reviewer: Itamar Heim <ih...@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
