Alon Bar-Lev has posted comments on this change.
Change subject: setup: move the certificate generation
......................................................................
Patch Set 2:
Hello Federico,
I had small talk with Ayal regarding this issue.
I agree that if you use vdsClient locally, you can re-generate certificate at each boot.
However, when working with remote vdsClient in standalone VDSM mode, we force user to
fetch certificate of CA. In this case when ovirt-node is rebooted we need to keep the same
key.
Because of the above I think we should behave similar to sshd regarding keys.
As we support both standard (rhel) and ovirt-node configurations, we should not expect the
user to distinguish between the two, and perform manually persist if working remote and
using ovirt-node.
Regarding the component which needs to perform the persistence... The ovirt-node core is
not aware of vdsm, its roadmap is going toward total separation between the node platform
and the application that is running. As result the application should be node aware (and
in fact, it is currently is).
As the sshd is part of the core node, the core node persists its keys, which is correct.
But core node should not persist anything of vdsm.
Current implementation of vdsm init.d script is node aware and does persist resources,
adding these resources as well is making sense in current implementation.
In future, if the roadmap of ovirt-node of pluggable application will be manifested, we
may move <something> to different locations.
But for now, if we want to provide the ability of remote access we should to persist the
key so standard or ovirt-node will behave the same.
I will be happy to discuss with you this farther if you still think some of the above is
incorrect.
Thanks,
Alon
--
To view, visit
http://gerrit.ovirt.org/8368
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40fa3d9a6a54e312e399af3f87ac67e843078360
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Federico Simoncelli <fsimonce(a)redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Barak Azulay <bazulay(a)redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Douglas Schilling Landgraf <dougsland(a)redhat.com>
Gerrit-Reviewer: Federico Simoncelli <fsimonce(a)redhat.com>