Piotr Kliczewski has uploaded a new change for review.
Change subject: core: protocol config value for foreman provider and attestation
......................................................................
core: protocol config value for foreman provider and attestation
Change-Id: I85950c1809f5480ce773daf2422bf1741609d866
Signed-off-by: pkliczewski <piotr.kliczew...@gmail.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
M
backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/attestation/AttestationService.java
M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
M packaging/etc/engine-config/engine-config.properties
5 files changed, 11 insertions(+), 2 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/55/36055/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java
index 0d3b479..9a18568 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/BaseProviderProxy.java
@@ -17,6 +17,8 @@
import org.apache.commons.codec.binary.Base64;
import org.ovirt.engine.core.common.businessentities.Provider;
+import org.ovirt.engine.core.common.config.Config;
+import org.ovirt.engine.core.common.config.ConfigValues;
import org.ovirt.engine.core.common.errors.VdcBLLException;
import org.ovirt.engine.core.common.errors.VdcBllErrors;
import org.ovirt.engine.core.utils.EngineLocalConfig;
@@ -97,7 +99,8 @@
.setTrustStore(
EngineLocalConfig.getInstance().getExternalProvidersTrustStore().getAbsolutePath())
.setTrustStorePassword(EngineLocalConfig.getInstance().getExternalProvidersTrustStorePassword())
-
.setTrustStoreType(EngineLocalConfig.getInstance().getExternalProvidersTrustStoreType());
+
.setTrustStoreType(EngineLocalConfig.getInstance().getExternalProvidersTrustStoreType())
+ .setHttpsProtocol(Config.<String>
getValue(ConfigValues.ExternalCommunicationProtocol));
}
result = builder.create();
handleCredentials(result);
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
index ce91cda..de7f232 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
@@ -391,6 +391,9 @@
@TypeConverterAttribute(String.class)
@DefaultValueAttribute("TLSv1")
VdsmSSLProtocol,
+ @TypeConverterAttribute(String.class)
+ @DefaultValueAttribute("TLSv1")
+ ExternalCommunicationProtocol,
@Reloadable
@TypeConverterAttribute(String.class)
@DefaultValueAttribute("oVirt")
diff --git
a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/attestation/AttestationService.java
b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/attestation/AttestationService.java
index 7033028..8f301f3 100644
---
a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/attestation/AttestationService.java
+++
b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/attestation/AttestationService.java
@@ -53,7 +53,7 @@
// registering the https protocol with a socket factory that
// provides client authentication.
ProtocolSocketFactory factory = new
AuthSSLProtocolSocketFactory(getTrustStore(trustStoreUrl.getPath(),
- truststorePassword), "SSLv3");
+ truststorePassword), Config.<String>
getValue(ConfigValues.ExternalCommunicationProtocol));
Protocol clientAuthHTTPS = new Protocol("https", factory,
port);
httpClient.getHostConfiguration().setHost(attestationServer,
port, clientAuthHTTPS);
diff --git a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
index dae7268..f0e48e1 100644
--- a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
+++ b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql
@@ -642,6 +642,7 @@
--Handling Use Secure Connection with Hosts
select fn_db_add_config_value('EncryptHostCommunication','true','general');
select fn_db_add_config_value('VdsmSSLProtocol','TLSv1','general');
+select
fn_db_add_config_value('ExternalCommunicationProtocol','TLSv1','general');
select
fn_db_add_config_value('TimeToReduceFailedRunOnVdsInMinutes','30','general');
select fn_db_add_config_value('UnknownTaskPrePollingLapse','60000','general');
select fn_db_add_config_value('UserSessionHardLimit','600','general');
diff --git a/packaging/etc/engine-config/engine-config.properties
b/packaging/etc/engine-config/engine-config.properties
index 666fd2c..1d58d8c 100644
--- a/packaging/etc/engine-config/engine-config.properties
+++ b/packaging/etc/engine-config/engine-config.properties
@@ -39,6 +39,8 @@
EncryptHostCommunication.type=Boolean
VdsmSSLProtocol.description="Determines protocol used by vdsm"
VdsmSSLProtocol.type=String
+ExternalCommunicationProtocol.description="Determines SSL protocol used by
external communication (external providers and attestation service)"
+ExternalCommunicationProtocol.type=String
FreeSpaceCriticalLowInGB.description="Critical low disk space alert threshold
(in GB)"
FreeSpaceCriticalLowInGB.type=Integer
FreeSpaceCriticalLowInGB.validValues=0..2147483647
--
To view, visit http://gerrit.ovirt.org/36055
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I85950c1809f5480ce773daf2422bf1741609d866
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczew...@gmail.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
