Piotr Kliczewski has posted comments on this change. Change subject: core: configurable ssl protocol ......................................................................
Patch Set 6: (6 comments) http://gerrit.ovirt.org/#/c/34372/6/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/host/provider/foreman/ForemanHostProviderProxy.java: Line 370: int hostPort = hostUrl.getPort() == -1 ? HttpsURL.DEFAULT_PORT : hostUrl.getPort(); Line 371: Protocol httpsProtocol = Line 372: new Protocol(String.valueOf(HttpsURL.DEFAULT_SCHEME), Line 373: (ProtocolSocketFactory) new AuthSSLProtocolSocketFactory(ExternalTrustStoreInitializer.getTrustStore(), Line 374: Config.<String> getValue(ConfigValues.VdsmSLLProtocol)), > this is not vdsm, should be another configuration or setting within databa OK Line 375: hostPort); Line 376: httpClient.getHostConfiguration().setHost(hostUrl.getHost(), hostPort, httpsProtocol); Line 377: } else { Line 378: int hostPort = hostUrl.getPort() == -1 ? HttpURL.DEFAULT_PORT : hostUrl.getPort(); http://gerrit.ovirt.org/#/c/34372/6/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java File backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java: Line 388: @TypeConverterAttribute(Boolean.class) Line 389: @DefaultValueAttribute("true") Line 390: EncryptHostCommunication, Line 391: @TypeConverterAttribute(String.class) Line 392: @DefaultValueAttribute("TLSv1") > so the decision is that it will be defaulted to tlsv1? Yes Line 393: VdsmSLLProtocol, Line 394: @Reloadable Line 395: @TypeConverterAttribute(String.class) Line 396: @DefaultValueAttribute("oVirt") Line 389: @DefaultValueAttribute("true") Line 390: EncryptHostCommunication, Line 391: @TypeConverterAttribute(String.class) Line 392: @DefaultValueAttribute("TLSv1") Line 393: VdsmSLLProtocol, > typo. Done Line 394: @Reloadable Line 395: @TypeConverterAttribute(String.class) Line 396: @DefaultValueAttribute("oVirt") Line 397: OrganizationName, http://gerrit.ovirt.org/#/c/34372/6/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/TransportFactory.java File backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/TransportFactory.java: Line 23: if (VdsProtocol.STOMP == vdsProtocol) { Line 24: irsServer = new JsonRpcIIrsServer(JsonRpcUtils.createStompClient(hostname, Line 25: port, connectionTimeOut, clientTimeOut, clientRetries, heartbeat, Line 26: Config.<Boolean> getValue(ConfigValues.EncryptHostCommunication), Line 27: Config.<String> getValue(ConfigValues.VdsmSLLProtocol))); > so XMLRPC is out of the game for this configuration, right? The protocol is used by both. Xmlrpc configuration is in static block in different class. Line 28: } else if (VdsProtocol.XML == vdsProtocol){ Line 29: Pair<IrsServerConnector, HttpClient> returnValue = Line 30: XmlRpcUtils.getConnection(hostname, port, clientTimeOut, connectionTimeOut, Line 31: clientRetries, IrsServerConnector.class, http://gerrit.ovirt.org/#/c/34372/6/backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java File backend/manager/modules/vdsbroker/src/test/java/org/ovirt/engine/core/vdsbroker/jsonrpc/JsonRpcIntegrationTest.java: Line 26: private final static int TIMEOUT = 5000; Line 27: Line 28: @Test Line 29: public void testGetVdsCapabilities() throws InterruptedException, ExecutionException, ClientConnectionException { Line 30: JsonRpcClient client = JsonRpcUtils.createStompClient(HOST_ADDRESS, PORT, TIMEOUT, 0, TIMEOUT, TIMEOUT, true, "TLS"); > should it be TLS or TLSv1 TLS is fine as well. We can use generic TLS or specify version. In test is not important. Line 31: final JsonRpcRequest request = new RequestBuilder("Host.getCapabilities").build(); Line 32: Map<String, Object> map = new FutureMap(client, request); Line 33: assertTrue(map.isEmpty()); Line 34: } http://gerrit.ovirt.org/#/c/34372/6/packaging/etc/engine-config/engine-config.properties File packaging/etc/engine-config/engine-config.properties: Line 37: EnableVdsLoadBalancing.validValues=true,false Line 38: EncryptHostCommunication.description="Determine whether to use secure communication with hosts" Line 39: EncryptHostCommunication.type=Boolean Line 40: SSLProtocol.description="Determines protocol used by SSL" Line 41: SSLProtocol.type=String > isn't it VDSMSSLProtocol? I used SSLProtocol but Alon suggested to add VDSM. Line 42: FreeSpaceCriticalLowInGB.description="Critical low disk space alert threshold (in GB)" Line 43: FreeSpaceCriticalLowInGB.type=Integer Line 44: FreeSpaceCriticalLowInGB.validValues=0..2147483647 Line 45: FreeSpaceLow.description="Limit of % free disk-space below which it is considered low" -- To view, visit http://gerrit.ovirt.org/34372 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I33a33c15e8a995eb8de7d5131b3dbadc6191f873 Gerrit-PatchSet: 6 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Piotr Kliczewski <piotr.kliczew...@gmail.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczew...@gmail.com> Gerrit-Reviewer: Saggi Mizrahi <smizr...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
