Bug 1379932

Summary: [CodeChange] drop usage of M2Crypto from engine-setup
Product: [oVirt] ovirt-engine Reporter: Sandro Bonazzola <sbonazzo>
Component: Setup.CoreAssignee: Gal Zaidman <gzaidman>
Status: CLOSED NOTABUG QA Contact: Pavel Stehlik <pstehlik>
Severity: high Docs Contact:
Priority: high    
Version: 4.1.0CC: bugs, didi, mperina, pkliczew, sbonazzo, ylavi
Target Milestone: ovirt-4.3.0Keywords: CodeChange
Target Release: ---Flags: rule-engine: ovirt-4.3+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-16 05:06:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Sandro Bonazzola 2016-09-28 07:27:55 UTC 
Description of problem:
M2Crypto is not available for python 3 and we want to move to python 3 for Fedora support.
Comment 1 Sandro Bonazzola 2016-10-21 07:49:18 UTC 
See http://stackoverflow.com/questions/33962928/alternative-to-m2cryptos-evp-in-python-3
Comment 2 Yaniv Kaul 2017-03-12 19:03:47 UTC 
Mainly because we'd like to have TLS 1.2.
Comment 3 Yaniv Kaul 2017-06-06 20:38:38 UTC 
A lot of work has already been done (https://gerrit.ovirt.org/#/q/m2crypto) - is this still in NEW state?
Comment 4 Yedidyah Bar David 2017-06-07 05:54:35 UTC 
(In reply to Yaniv Kaul from comment #3)
> A lot of work has already been done (https://gerrit.ovirt.org/#/q/m2crypto)

AFAIU almost all the work done there for removing m2crypto is on vdsm, not engine-setup (and similar).

> - is this still in NEW state?

Yes, AFAIU.

IIRC the only relevant patch is [1], which was pushed against a different, more-specific bug, with the intention to support recent fedora (but still with python2 - although that patch does help current bug as well).

I didn't look yet what was done in vdsm. We should probably follow it.

[1] https://gerrit.ovirt.org/#/c/73148/
Comment 11 Yedidyah Bar David 2018-07-10 05:21:04 UTC 
Gal, following our discussion from yesterday: It seems like we'll have to make 4.3 work in both el7 (python2) and recent fedora (28, or 29). So please check the status of the ssl builtin library in python 2.7, and if it's not good enough (or not as good as python 3), we'll have to make the code work with either m2crypto or ssl, depending on (perhaps) python version.

It might be best to do this by moving all ssl-related code to a separate library, e.g. packaging/setup/ovirt_engine_setup, or even in ovirt-setup-lib, that encapsulates all our uses of ssl, and can work with either. It might be best to do this anyway...
Comment 12 Gal Zaidman 2018-07-16 05:06:32 UTC 
M2Crypto supports py3 from version 0.28 as you can see here:
https://gitlab.com/m2crypto/m2crypto/blob/master/CHANGES

and here: http://py3readiness.org/

we probably need to require m2crypto is above 0.28 but that's for a different bug