Bug 1116393

Summary: [ovirt-websocket-proxy] websocket proxy starts even SSL cert/key is not present (SSL_ONLY=Yes)
Product: [Retired] oVirt Reporter: Jiri Belka <jbelka>
Component: ovirt-engine-coreAssignee: Michal Skrivanek <michal.skrivanek>
Status: CLOSED CURRENTRELEASE QA Contact: Shira Maximov <mshira>
Severity: low Docs Contact:
Priority: low    
Version: 3.5CC: bugs, gklein, istein, michal.skrivanek, rbalakri, sbonazzo, yeylon
Target Milestone: ---   
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-04 11:37:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Belka 2014-07-04 12:43:30 UTC 
Description of problem:
websocket proxy starts even SSL cert/key is not present, which is odd as config states:

SSL_ONLY=Yes

it should fail, SSL_ONLY means only encrypted but it cannot do that logically.

~~~
/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.py -d start                            
ovirt-websocket-proxy[3025] DEBUG _daemon:403 daemon entry pid=3025
ovirt-websocket-proxy[3025] DEBUG _daemon:404 background=False
ovirt-websocket-proxy[3025] DEBUG loadFile:70 loading config '/usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf'
ovirt-websocket-proxy[3025] DEBUG loadFile:70 loading config '/etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf'
ovirt-websocket-proxy[3025] DEBUG _daemon:440 I am a daemon 3025
ovirt-websocket-proxy[3025] DEBUG _setLimits:377 Setting rlimits
WebSocket server settings:
  - Listen on *:6100
  - Flash security policy server
  - No SSL/TLS support (no cert file)
  - proxying from *:6100 to targets in /dummy

^C  1: Got SIGINT, exiting
In SystemExit
  1: Closing socket listening at *:6100
ovirt-websocket-proxy[3025] DEBUG _daemon:447 Returned normally 3025
ovirt-websocket-proxy[3025] DEBUG _daemon:453 daemon return
~~~

I would accept it would start only if SSL_ONLY=No would be used.

Version-Release number of selected component (if applicable):
ovirt-engine-websocket-proxy-3.5.0-0.0.master.20140629172257.git0b16ed7.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. rm/mv websocket proxy key/cert
2. start the daemon
3.

Actual results:
starts with 'No SSL/TLS support (no cert file)' warning

Expected results:
imho should fail

Additional info:
Comment 1 Sandro Bonazzola 2014-08-14 07:54:56 UTC 
Looking better, it's not part of the setup, it's the daemon itself.
Re-assigning to original author of the daemon.
Comment 3 Sandro Bonazzola 2015-11-04 11:37:48 UTC 
oVirt 3.6.0 has been released on November 4th, 2015 and should fix this issue.
If problems still persist, please open a new BZ and reference this one.