Bug 1134219

Summary: [RFE] PKI should be pluggable and api-accessible
Product: Red Hat Enterprise Virtualization Manager Reporter: Yedidyah Bar David <didi>
Component: ovirt-engineAssignee: Nobody <nobody>
Status: CLOSED DEFERRED QA Contact: Lukas Svaty <lsvaty>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bugs, chenders, lsurette, mkalinin, Rhev-m-bugs, sbonazzo, srevivo, tao, ykaul
Target Milestone: ---Keywords: FutureFeature, Improvement
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-01 14:47:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yedidyah Bar David 2014-08-27 07:10:16 UTC 
It should be possible to use another pki implementation, instead of the existing fixed one which uses an internal CA and a few shell scripts. In particular, it should be possible to interface with an external CA.

It should be possible to manage pki through the api (and web admin):

* issue a certificate request to be kept in a queue
* approve a request from the queue
* receive a certificate

Use cases:

* Have an external CA sign the certs used for engine<->host communication
* Allow easier signing of certs for remote websocket-proxy (bug #1080992) and reports (bug #1080998) hosts.
Comment 1 Yedidyah Bar David 2014-08-27 07:12:02 UTC 
*** Bug 631936 has been marked as a duplicate of this bug. ***
Comment 2 Yedidyah Bar David 2015-05-25 11:58:54 UTC 
It should also be transactional - should allow engine-setup to cleanly rollback to previous pki state on failure. See also bug 1224672.
Comment 3 Yedidyah Bar David 2015-06-10 06:46:38 UTC 
Alon, please write up some set of requirements for the new pki. How it should look like, what needs to be fixed in it compared to current, etc. Thanks.
Comment 4 Red Hat Bugzilla Rules Engine 2015-10-19 10:56:21 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 13 Michal Skrivanek 2020-03-18 15:47:00 UTC 
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly
Comment 14 Michal Skrivanek 2020-03-18 15:51:43 UTC 
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly
Comment 15 Michal Skrivanek 2020-04-01 14:47:57 UTC 
ok, closing. Please reopen if still relevant/you want to work on it.
Comment 16 Michal Skrivanek 2020-04-01 14:51:19 UTC 
ok, closing. Please reopen if still relevant/you want to work on it.