Alon Bar-Lev has uploaded a new change for review.
Change subject: vdsm: pki: install spice duplicate certificates
......................................................................
vdsm: pki: install spice duplicate certificates
Change-Id: I1fbe29b53cded96aff786a8ec81db992e028b6a9
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M src/ovirt_host_deploy/constants.py
M src/plugins/ovirt-host-deploy/vdsm/pki.py
2 files changed, 68 insertions(+), 44 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-host-deploy
refs/changes/44/10044/1
diff --git a/src/ovirt_host_deploy/constants.py
b/src/ovirt_host_deploy/constants.py
index 28f8686..5d72233 100644
--- a/src/ovirt_host_deploy/constants.py
+++ b/src/ovirt_host_deploy/constants.py
@@ -37,6 +37,9 @@
VDSM_CERT_FILE = 'certs/vdsmcert.pem'
VDSM_KEY_FILE = 'keys/vdsmkey.pem'
VDSM_KEY_PENDING_FILE = 'keys/vdsmkey.pending.pem'
+ VDSM_SPICE_CA_FILE = 'libvirt-spice/ca-cert.pem'
+ VDSM_SPICE_CERT_FILE = 'libvirt-spice/server-cert.pem'
+ VDSM_SPICE_KEY_FILE = 'libvirt-spice/server-key.pem'
VDSM_ID_FILE = '/etc/vdsm/vdsm.id'
VDSM_DATA_DIR = '/usr/share/vdsm'
diff --git a/src/plugins/ovirt-host-deploy/vdsm/pki.py
b/src/plugins/ovirt-host-deploy/vdsm/pki.py
index eea7a89..5c6da5d 100644
--- a/src/plugins/ovirt-host-deploy/vdsm/pki.py
+++ b/src/plugins/ovirt-host-deploy/vdsm/pki.py
@@ -297,55 +297,76 @@
else:
cacert, vdsmchain = self._getChainOpenSSL(chain)
- self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
- filetransaction.FileTransaction(
- name=os.path.join(
- vdsmTrustStore,
- odeploycons.Const.VDSM_CA_FILE,
- ),
- owner='root',
- enforcePermissions=True,
- content=cacert,
- modifiedList=self.environment[
- otopicons.CoreEnv.MODIFIED_FILES
- ],
+ for f in (
+ os.path.join(
+ vdsmTrustStore,
+ odeploycons.Const.VDSM_CA_FILE,
+ ),
+ os.path.join(
+ vdsmTrustStore,
+ odeploycons.Const.VDSM_SPICE_CA_FILE,
+ ),
+ ):
+ self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
+ filetransaction.FileTransaction(
+ name=f,
+ owner='root',
+ enforcePermissions=True,
+ content=cacert,
+ modifiedList=self.environment[
+ otopicons.CoreEnv.MODIFIED_FILES
+ ],
+ )
)
- )
- self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
- filetransaction.FileTransaction(
- name=os.path.join(
- vdsmTrustStore,
- odeploycons.Const.VDSM_CERT_FILE,
- ),
- owner='root',
- enforcePermissions=True,
- content=vdsmchain,
- modifiedList=self.environment[
- otopicons.CoreEnv.MODIFIED_FILES
- ],
+ for f in (
+ os.path.join(
+ vdsmTrustStore,
+ odeploycons.Const.VDSM_CERT_FILE,
+ ),
+ os.path.join(
+ vdsmTrustStore,
+ odeploycons.Const.VDSM_SPICE_CERT_FILE,
+ ),
+ ):
+ self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
+ filetransaction.FileTransaction(
+ name=f,
+ owner='root',
+ enforcePermissions=True,
+ content=vdsmchain,
+ modifiedList=self.environment[
+ otopicons.CoreEnv.MODIFIED_FILES
+ ],
+ )
)
- )
- self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
- filetransaction.FileTransaction(
- name=os.path.join(
- vdsmTrustStore,
- odeploycons.Const.VDSM_KEY_FILE,
- ),
- owner='vdsm',
- group='kvm',
- downer='vdsm',
- dgroup='kvm',
- mode=0o440,
- dmode=0o750,
- enforcePermissions=True,
- content=vdsmkey,
- modifiedList=self.environment[
- otopicons.CoreEnv.MODIFIED_FILES
- ],
+ for f in (
+ os.path.join(
+ vdsmTrustStore,
+ odeploycons.Const.VDSM_KEY_FILE,
+ ),
+ os.path.join(
+ vdsmTrustStore,
+ odeploycons.Const.VDSM_SPICE_KEY_FILE,
+ ),
+ ):
+ self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
+ filetransaction.FileTransaction(
+ name=f,
+ owner='vdsm',
+ group='kvm',
+ downer='vdsm',
+ dgroup='kvm',
+ mode=0o440,
+ dmode=0o750,
+ enforcePermissions=True,
+ content=vdsmkey,
+ modifiedList=self.environment[
+ otopicons.CoreEnv.MODIFIED_FILES
+ ],
+ )
)
- )
@plugin.event(
stage=plugin.Stages.STAGE_CLOSEUP,
--
To view, visit http://gerrit.ovirt.org/10044
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1fbe29b53cded96aff786a8ec81db992e028b6a9
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-host-deploy
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
