Bug 1362573

Summary: [Docs][Admin] Extend appe-Red_Hat_Enterprise_Virtualization_and_SSL.html to cover websocket-proxy
Product: Red Hat Enterprise Virtualization Manager Reporter: Jiri Belka <jbelka>
Component: DocumentationAssignee: Avital Pinnick <apinnick>
Status: CLOSED CURRENTRELEASE QA Contact: Tahlia Richardson <trichard>
Severity: low Docs Contact:
Priority: low    
Version: 4.0.2CC: apinnick, irosenzw, jbelka, lbopf, lsurette, mkalinin, rbalakri, srevivo, thildred, ykaul, ylavi
Target Milestone: ovirt-4.2.2Keywords: Triaged
Target Release: ---Flags: lsvaty: testing_plan_complete-
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-12 09:01:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Docs RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1416232    
Bug Blocks:    

Description Jiri Belka 2016-08-02 14:29:06 UTC 
Description of problem:

Extend appe-Red_Hat_Enterprise_Virtualization_and_SSL.html to cover websocket-proxy, this topic was raised on ovirt-users list, see

http://lists.ovirt.org/pipermail/users/2016-August/041666.html

For custom CA and own certs for https, websocket proxy would need following changes:

# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf 
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True

original was

]# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf.orig 
PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
SSL_ONLY=True


Version-Release number of selected component (if applicable):
rhevm-doc-4.0.0-3.el7ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. check rhevm docs if there are steps how to put custom certs for spice-html5
2.
3.

Actual results:
none steps

Expected results:
docs should cover it

Additional info:
Comment 4 Ido Rosenzwig 2018-04-08 14:53:19 UTC 
No need for step 11 at 
http://file.tlv.redhat.com/~apinnick/BZ%231362573_4.2-Administration_Guide/#Replacing_the_Manager_SSL_Certificate
Comment 6 Tahlia Richardson 2018-04-10 00:54:23 UTC 
Reviewed and merged.
Comment 7 Avital Pinnick 2018-04-12 09:01:08 UTC 
Updated documents:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/administration_guide/#Replacing_the_Manager_SSL_Certificate

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2-beta/html-single/administration_guide/#Replacing_the_Manager_SSL_Certificate