Bug 1003117

Summary: Make UseSecureConnectionWithServers config option availabe via rhevm-config
Product: Red Hat Enterprise Virtualization Manager Reporter: Marina Kalinin <mkalinin>
Component: ovirt-engine-configAssignee: Douglas Schilling Landgraf <dougsland>
Status: CLOSED ERRATA QA Contact: Jiri Belka <jbelka>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.3.0CC: acathrow, adahms, bazulay, dougsland, iheim, lpeer, Rhev-m-bugs, srevivo, yeylon, yzaslavs
Target Milestone: ---   
Target Release: 3.3.0   
Hardware: All   
OS: Linux   
Whiteboard: infra
Fixed In Version: is20 Doc Type: Bug Fix
Doc Text:
Previously, administrators were not able to use engine-config to define whether communication between the Red Hat Enterprise Virtualization Manager and hosts was secure. With this update, administrators can now use engine-config to define whether communication is secure with the EncryptHostCommunication configuration key.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-21 17:36:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 902971, 1026487    

Description Marina Kalinin 2013-08-30 21:00:33 UTC 
Make UseSecureConnectionWithServers config option availabe via rhevm-config.

2. Who is the customer behind the request?
Account: name (acct #) DREAMWORKS ANIMATION
TAM customer:  yes
SRM customer: yes
Strategic: yes

3. What is the nature and description of the request?
UseSecureConnectionWithServers config option should be accessible via config tool (as well as SSLEnabled is already available).

4. Why does the customer need this? (List the business requirements here)
Customer needs to disable ssl communication between RHEV-M and the hosts for his internal tests/implementation every now and then.

5. How would the customer like to achieve this? (List the functional requirements here)
Be able to change this value using rhevm-config tool.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
See#5.

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
I could not find.

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
No. 
But would be nice to have it soon, especially since easily implemented - just 2 lines in engine-config.properties files.

9. Is the sales team involved in this request and do they have any additional input?
No.

10. List any affected packages or components.
engine-config

11. Would the customer be able to assist in testing this functionality if implemented?
GSS would be able to assist.
Comment 6 Jiri Belka 2013-10-29 11:30:59 UTC 
is20 - `rhevm-config -s EncryptHostCommunication=false` does not work out of the box, because it is missing in /etc/ovirt-engine/engine-config/engine-config.properties. Comment #5 supposes it should work without any hacks.

-%-
# engine-config -s EncryptHostCommunication=false
Error setting EncryptHostCommunication's value. No such entry.
-%-
Comment 7 Shai Revivo 2013-11-03 09:08:41 UTC 
now in build 21
Comment 8 Jiri Belka 2013-11-04 10:50:35 UTC 
ok, is21. with engine-config -s EncryptHostCommunication=false i can see plain-text communication on the wire.
Comment 9 Jiri Belka 2013-11-04 11:30:31 UTC 
FYI to make plaintext communication work in reality, one has to:

# grep ^ssl /etc/vdsm/vdsm.conf 
ssl = false

on the host.
Comment 10 Charlie 2013-11-28 00:19:36 UTC 
This bug is currently attached to errata RHEA-2013:15231. If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag.

Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information:

* Cause: What actions or circumstances cause this bug to present.
* Consequence: What happens when the bug presents.
* Fix: What was done to fix the bug.
* Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore')

Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug.

For further details on the Cause, Consequence, Fix, Result format please refer to:

https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes 

Thanks in advance.
Comment 11 errata-xmlrpc 2014-01-21 17:36:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0038.html