[ovirt-users] Re: Cannot import a qcow2 image
On Fri, Jul 6, 2018 at 9:35 AM, <etienne.charlier(a)reduspaceservices.eu>
wrote:
From a user point of view ...
Letsencrypt or another certificate authority ... it should not matter...
Just having one set of files ( cer/key/ca-chain) with a clear name
referenced from "all config files" would be the easiest...
Please realize that the engine CA is _mainly_ used to sign hosts' keys.
We do not want to let the user do this with a 3rd party (well, until we
fix bz 1134219 <https://bugzilla.redhat.com/show_bug.cgi?id=1134219>;, see
my other reply). Signing all the other keys is only
done "because we can" :-), to simplify things by default.
Once you get the certs from you provider, you just overwrite the files
with your own , restart the services and "that's it" ;-)
That's the one-line summary of:
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
<https://bugzilla.redhat.com/show_bug.cgi?id=1134219>
or at least that's the intention.
Letsencrypt renewing does not have to be handled on ovirt host (on a
bastion host where LE is configured, a simple script can be run to update
the certs and restart the services...)
Indeed.
My 0.02€
Etienne
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
message/QJIAZ25JQYO76OI5T3CAS2E4CKLS2LMU/
--
Didi
Attachments:
- attachment.html (text/html — 3.1 KB)