'[vdsm] Move some of code from spec file into vdsm-tool function issue'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vdsm-devel
Subject:    [vdsm] Move some of code from spec file into vdsm-tool function issue
From:       danken () redhat ! com (Dan Kenigsberg)
Date:       2012-05-28 16:11:30
Message-ID: 20120528161130.GA21481 () redhat ! com
[Download RAW message or body]

On Mon, May 28, 2012 at 04:35:26PM +0100, Daniel P. Berrange wrote:
> On Mon, May 28, 2012 at 11:33:15AM -0400, Federico Simoncelli wrote:
> > ----- Original Message -----
> > > From: "Daniel P. Berrange" <berrange at redhat.com>
> > > To: "Federico Simoncelli" <fsimonce at redhat.com>
> > > Cc: "Lei Li" <lilei at linux.vnet.ibm.com>, "Adam Litke" <agl at us.ibm.com>, \
> > > "Dan Kenigsberg" <danken at redhat.com>, "Ryan Harper" <ryanh at \
> > > linux.vnet.ibm.com>, vdsm-devel at lists.fedorahosted.org, "Ayal Baron" <abaron \
> > >                 at redhat.com>
> > > Sent: Monday, May 28, 2012 4:52:38 PM
> > > Subject: Re: Move some of code from spec file into vdsm-tool function issue
> > > 
> > > On Mon, May 28, 2012 at 10:39:08AM -0400, Federico Simoncelli wrote:
> > > > ----- Original Message -----
> > > > > From: "Lei Li" <lilei at linux.vnet.ibm.com>
> > > > > To: vdsm-devel at lists.fedorahosted.org
> > > > > Cc: "Adam Litke" <agl at us.ibm.com>, "Dan Kenigsberg"
> > > > > <danken at redhat.com>, "Federico Simoncelli"
> > > > > <fsimonce at redhat.com>,
> > > > > "Ryan Harper" <ryanh at linux.vnet.ibm.com>
> > > > > Sent: Monday, May 28, 2012 11:18:03 AM
> > > > > Subject: Move some of code from spec file into vdsm-tool function
> > > > > issue
> > > > > 
> > > > > Hi guys,
> > > > > 
> > > > > Adam point out a problem about my patch moving some of the
> > > > > post and preun section in vdsm spec file into vdsm-tool, and
> > > > > I have the same concern.
> > > > > 
> > > > > After some discussion, I'd like to ask for your suggestion
> > > > > on the patch as link below.
> > > > > 
> > > > > http://gerrit.ovirt.org/#patch,sidebyside,4528,3,vdsm.spec.in
> > > > > 
> > > > > Please let me know your idea, thanks!
> > 
> > Ok, then coming to your specific question, my opinion is:
> > 
> > - vdsm should work out of the box even if libvirt doesn't require a password
> > (polkit should be enough)
> > - vdsm-tool should (at some point) update the sasl password with the content
> > of libvirt_password (if present)
> > - an admin wanting to secure libvirt will create the libvirt_password file and
> > will use vdsm-tool to make it effective
> > - if downstream wants to automate this will drop in a %config libvirt_password
> > file (or maybe generating it runtime as we do with the certificate?) and
> > will call vdsm-tool accordingly
> > 
> > Dan? Thoughts?
> 
> That sounds like a reasonable approach from a libvirt POV

That's fine also from a RHEV POV.

However, I am not a big fan of this libvirt_password "protection", so I
wouldn't spend too much time on generating a random, secret key to put
there. For me, it only adds to the hassle of supporting this annoying
oVirt requirement.

Dan. (another one)


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic