Bug 1122570

Summary: [vdsm] /etc/pki/vdsm/keys/libvirt_password has nothing to do with PKI thus it should not be in that path
Product: [Retired] oVirt Reporter: Jiri Belka <jbelka>
Component: vdsmAssignee: Dima Kuznetsov <dkuznets>
Status: CLOSED WONTFIX QA Contact: Gil Klein <gklein>
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.5CC: alonbl, bazulay, bugs, ecohen, gklein, lsurette, mgoldboi, oourfali, rbalakri, ybronhei, yeylon
Target Milestone: ---   
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-11 20:19:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1169338    
Bug Blocks:    

Description Jiri Belka 2014-07-23 14:16:15 UTC 
Description of problem:

Following file has nothing to do with PKI, this is just password for sasl.

# ls -lZ /etc/pki/vdsm/keys/libvirt_password  -rw-------. vdsm kvm system_u:object_r:cert_t:s0     

Move it to sane location to not pollute a directory with specific sense with irrelevant files.

Version-Release number of selected component (if applicable):
vdsm-4.16.0-3.git601f786.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1. what PKI stands for?
2. how relevent to PKI is /etc/pki/vdsm/keys/libvirt_password ?
3.

Actual results:
irrelevant

Expected results:
irrelevant files should not be in /etc/pki

Additional info:
nitpicking ;)
Comment 1 Yaniv Bronhaim 2015-01-19 09:46:21 UTC 
Alon, any best fit for such file? is /etc/vdsm/ reasonable location?
Comment 2 Alon Bar-Lev 2015-01-19 10:28:48 UTC 
(In reply to Yaniv Bronhaim from comment #1)
> Alon, any best fit for such file? is /etc/vdsm/ reasonable location?

the entire vdsm/pki configuration that is not to be touched by user should be in /var/lib/vdsm, this file for example should be at /var/lib/vdsm/secrets or similar.

I suggest not to change anything at this point, there are lots of validations anyway.
Comment 3 Yaniv Bronhaim 2015-04-26 06:52:13 UTC 
To what validations do you refer to ? We are using this file only to set sasl password, so once [1] is merged we shouldn't have any more references to this file at all - I don't see any problem to move the file under /var/lib

[1] https://gerrit.ovirt.org/39823
Comment 4 Alon Bar-Lev 2015-06-11 08:05:05 UTC 
(In reply to Alon Bar-Lev from comment #2)
> I suggest not to change anything at this point, there are lots of
> validations anyway.

sorry! s/validations/violations/ :)
Comment 5 Jiri Belka 2015-06-11 21:44:15 UTC 
imo this is ridiculous, at least he said:

> ...at this point...
Comment 6 Oved Ourfali 2015-06-12 09:43:44 UTC 
I must agree with Alon and Yaniv. We should not touch this, as it doesn't interfere with anything, and I wouldn't want any change there to cause regressions in the future because someone relied on something.

That's why I agree with closing this as wontfix.