Bug 1162502

Summary: targetd should refuse to start if SSL credentials are missing
Product: Red Hat Enterprise Linux 7 Reporter: Bruno Goncalves <bgoncalv>
Component: targetdAssignee: Tony Asleson <tasleson>
Status: CLOSED ERRATA QA Contact: Martin Hoyer <mhoyer>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: agrover, mhoyer, mthacker, tasleson
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1162278 Environment:
Last Closed: 2017-08-01 20:43:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1162278    
Bug Blocks: 1385242    

Description Bruno Goncalves 2014-11-11 08:03:04 UTC 
+++ This bug was initially created as a clone of Bug #1162278 +++

from bgoncalv:

I configured targetd to support ssl on yaml file and the service started without problem.

As I didn't create targetd_key.pem nor targetd_cert.pem shouldn't the service fail to start? As it happens if VG or Password are not set.
Comment 1 Bruno Goncalves 2014-11-11 08:03:29 UTC 
Just to track the port of the patch to RHEL-7
Comment 5 Tony Asleson 2017-02-06 21:30:09 UTC 
What happens is the missing certificate files are not noticed until a client actually tries to use the service.  It would be better to check that the required files are present at start up to ensure that the clients can hopefully connect cleanly.

Traceback (most recent call last):
  File "/usr/lib64/python2.7/SocketServer.py", line 290, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/lib64/python2.7/SocketServer.py", line 318, in process_request
    self.finish_request(request, client_address)
  File "/home/tasleson/projects/targetd/targetd/main.py", line 160, in finish_request
    suppress_ragged_eofs=True)
  File "/usr/lib64/python2.7/ssl.py", line 943, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib64/python2.7/ssl.py", line 554, in __init__
    self._context.load_cert_chain(certfile, keyfile)
IOError: [Errno 2] No such file or directory
Comment 7 Martin Hoyer 2017-04-28 12:26:16 UTC 
Tested with targetd-0.8.5-1.el7, works well.
No regression found.
Comment 8 errata-xmlrpc 2017-08-01 20:43:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1982