Alon Bar-Lev has posted comments on this change.
Change subject: setup: move the certificate generation
......................................................................
Patch Set 2:
1. persisting the key/ca/certificate is *not* mandatory because if
you want to use the host locally you are allowed to do so (even without persisting). If
you personally as sysadmin want to commit to a key/ca then persist it.
We are not asking sysadmin to persist anything, we are doing this for sysadmin in call use
cases. I would not like to introduce new sysadmin requirement only because we moved the
place we generate keys.
Why do you ignore the remote usecase?
2. if you really want to persist key/ca/certificate (but as I said in
1 is not required) you can do it in the ovirt-node as you already do it for all the other
standard services
standard services are what ovirt-node manages, vdsm is not standard service.
vdsm should take care of his own persistence as done so far.
3. as you may know ovirt-node is going to support other applications
(as for example gluster), are you going to argue with all project to add a persist call
when they make a change to their files?
yes I do.
---
I will have Barak add his comments. As I your argue the current implementation and future
implementation, and clearly we need more views.
--
To view, visit
http://gerrit.ovirt.org/8368
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I40fa3d9a6a54e312e399af3f87ac67e843078360
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Federico Simoncelli <fsimonce(a)redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl(a)redhat.com>
Gerrit-Reviewer: Barak Azulay <bazulay(a)redhat.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Douglas Schilling Landgraf <dougsland(a)redhat.com>
Gerrit-Reviewer: Federico Simoncelli <fsimonce(a)redhat.com>