Re: [ovirt-devel] ovirt 3.5 Test day 1 - vdsm-tool configure libvirt with python code

From: "ybronhei" <ybronhei(a)redhat.com&gt; To: "Yedidyah Bar David" <didi(a)redhat.com&gt;, "Mooli Tayer" <mtayer(a)redhat.com&gt; Cc: devel(a)ovirt.org Sent: Thursday, July 3, 2014 6:22:52 PM Subject: Re: [ovirt-devel] ovirt 3.5 Test day 1 - vdsm-tool configure libvirt with python code On 07/03/2014 06:11 PM, Yedidyah Bar David wrote: > ----- Original Message ----- >> From: "ybronhei" <ybronhei(a)redhat.com&gt; >> To: "Yedidyah Bar David" <didi(a)redhat.com&gt;, devel(a)ovirt.org >> Sent: Thursday, July 3, 2014 6:05:52 PM >> Subject: Re: [ovirt-devel] ovirt 3.5 Test day 1 - vdsm-tool configure >> libvirt with python code >> >> On 07/01/2014 05:13 PM, Yedidyah Bar David wrote: >>> Hi all, >>> >>> I was assigned to test [1], which was fixed by [2], which pointed >>> at [3]. >>> >>> Most things worked as expected. >>> >>> Issues I noticed: >>> >>> * the table says that vdsClient with or without '-s' should work against >>> vdsm with ssl=true or ssl=false. In my tests '-s' worked with true, >>> without >>> '-s' worked with false, but the other options didn't work. >>> >> "vdsClient -s" means to use secure communication, which will work >> properly if "ssl=true" is configured in vdsm.conf (btw, if ssl not >> specified there true is the default). >> >> bare in mind, that after changing the conf file you need to restart >> vdsmd service. >> >> when you change vdsm.conf like "ssl=true" to "ssl=false", before running >> vdsmd again, you need to perform "vdsm-tool configure" to configure all >> related service to work properly with the new vdsm configuration (in >> that case, not secured which require libvirtd.conf and qemu.conf update) >> >> after vdsm-tool configures libvirtd.conf and qemu.conf accordingly , you >> can start vdsmd and see that "vdsClient" (without -s) works properly. >> >> this works as far as I checked in vdsm 3.5 > > Not sure I got you right - with the above (edit/configure/restart), is it > intended that '-s' will work with 'ssl=false'? Because iirc it didn't. -s means secured, and you set ssl=false. so no, when you set ssl to false, vdsClient with -s should not work.

> > I do not think it's important that it works - if a user wants ssl they > should > obviously do 'ssl=true' and '-s', and if not, 'ssl=false' and no '-s'. The > only reason I tested this and point out above is that it is mentioned in > the > wiki table that it's supposed to work and it didn't for me (again, if I > understood everything correctly). mooli, maybe the wiki misleading in that area. consider to update it > -- Yaniv Bronhaim.