[Engine-patches] Change in ovirt-host-deploy[master]: vdsm: pki: install libvirt client duplicate certificates

Sun, 16 Dec 2012 06:12:05 -0800 

Alon Bar-Lev has uploaded a new change for review.

Change subject: vdsm: pki: install libvirt client duplicate certificates
......................................................................

vdsm: pki: install libvirt client duplicate certificates

libvirtd does allow us to configure the location of pki artifacts, and
vdsm configure it properly to access its certificates.

However, vdsm does not configure the libvirt client, thus libvirt
accesses the default location.

Change-Id: If03db2d3ec26d21b74e2c8363f927ed5865667d5
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M src/ovirt_host_deploy/constants.py
M src/plugins/ovirt-host-deploy/vdsm/pki.py
2 files changed, 19 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-host-deploy 
refs/changes/10/10110/1

diff --git a/src/ovirt_host_deploy/constants.py 
b/src/ovirt_host_deploy/constants.py
index 5d72233..6b14255 100644
--- a/src/ovirt_host_deploy/constants.py
+++ b/src/ovirt_host_deploy/constants.py
@@ -42,6 +42,13 @@
     VDSM_SPICE_KEY_FILE = 'libvirt-spice/server-key.pem'
     VDSM_ID_FILE = '/etc/vdsm/vdsm.id'
 
+    # vdsm does not configure libvirt client
+    # so libvirt client accesses the default locations.
+    LIBVIRT_DEFAULT_TRUST_STORE = '/etc/pki/libvirt'
+    LIBVIRT_DEFAULT_CLIENT_CA_FILE = '../CA/cacert.pem'
+    LIBVIRT_DEFAULT_CLIENT_CERT_FILE = 'clientcert.pem'
+    LIBVIRT_DEFAULT_CLIENT_KEY_FILE = 'private/clientkey.pem'
+
     VDSM_DATA_DIR = '/usr/share/vdsm'
 
     KEY_SIZE = 2048
diff --git a/src/plugins/ovirt-host-deploy/vdsm/pki.py 
b/src/plugins/ovirt-host-deploy/vdsm/pki.py
index 5c6da5d..528e406 100644
--- a/src/plugins/ovirt-host-deploy/vdsm/pki.py
+++ b/src/plugins/ovirt-host-deploy/vdsm/pki.py
@@ -306,6 +306,10 @@
                     vdsmTrustStore,
                     odeploycons.Const.VDSM_SPICE_CA_FILE,
                 ),
+                os.path.join(
+                    odeploycons.Const.LIBVIRT_DEFAULT_TRUST_STORE,
+                    odeploycons.Const.LIBVIRT_DEFAULT_CLIENT_CA_FILE,
+                ),
             ):
                 self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
                     filetransaction.FileTransaction(
@@ -328,6 +332,10 @@
                     vdsmTrustStore,
                     odeploycons.Const.VDSM_SPICE_CERT_FILE,
                 ),
+                os.path.join(
+                    odeploycons.Const.LIBVIRT_DEFAULT_TRUST_STORE,
+                    odeploycons.Const.LIBVIRT_DEFAULT_CLIENT_CERT_FILE,
+                ),
             ):
                 self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
                     filetransaction.FileTransaction(
@@ -350,6 +358,10 @@
                     vdsmTrustStore,
                     odeploycons.Const.VDSM_SPICE_KEY_FILE,
                 ),
+                os.path.join(
+                    odeploycons.Const.LIBVIRT_DEFAULT_TRUST_STORE,
+                    odeploycons.Const.LIBVIRT_DEFAULT_CLIENT_KEY_FILE,
+                ),
             ):
                 self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
                     filetransaction.FileTransaction(


--
To view, visit http://gerrit.ovirt.org/10110
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If03db2d3ec26d21b74e2c8363f927ed5865667d5
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-host-deploy
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to