Bug 1738729

Summary: engine-setup overwrites custom SSL settings in ovirt-imageio-proxy.conf
Product: [oVirt] ovirt-imageio Reporter: Chris Adams <linux>
Component: ProxyAssignee: Vojtech Juranek <vjuranek>
Status: CLOSED CURRENTRELEASE QA Contact: Ilan Zuckerman <izuckerm>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.5.1CC: aefrat, bugs, frolland, nsoffer, royoung, sgratch, tnisan, vjuranek
Target Milestone: ovirt-4.4.1Keywords: Reopened
Target Release: ---Flags: sbonazzo: ovirt-4.5?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-08 08:27:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1826679    
Bug Blocks:    

Description Chris Adams 2019-08-08 01:45:27 UTC 
I am using a 3rd-party (Let's Encrypt) SSL cert for the web interface, including the imageio-proxy. I've been pointing it to the same cert used as the web interface by setting:

ssl_key_file = /etc/pki/ovirt-engine/keys/apache.key.nopass
ssl_cert_file = /etc/pki/ovirt-engine/certs/apache.cer

in /etc/ovirt-imageio-proxy/ovirt-imageio-proxy.conf, per this page:

https://ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html

I found that every time engine-setup is run, those settings are overwritten though. I guess I could write the cert/key in two places, or change the imageio cert/key files to symlinks, but it seems like the config should not be overwritten (especially when that's the documented method to use).
Comment 1 Fred Rolland 2019-09-16 14:13:19 UTC 
Hi,

Could you specify what are the options you are changing in the engine-setup?
How do you workaround this issue?
Comment 2 Chris Adams 2019-09-16 14:24:27 UTC 
I'm not supplying any custom options to engine-setup, just running it to install updates. The work-around right now is to re-edit ovirt-imageio-proxy.conf every time I run engine-setup.

There's nothing in that file that says not to edit it, so it seems the problem is that engine-setup overwrites it without warning.
Comment 3 Nir Soffer 2020-04-26 01:08:39 UTC 
This should be fixed in ovirt-imageio 2.0 since we replaced the proxy with
the daemon.
Comment 4 Nir Soffer 2020-05-13 09:55:29 UTC 
This is actually fixed by bug 1826679. The issue is not possible now.
Comment 6 Vojtech Juranek 2020-05-14 09:39:43 UTC 
imageio-proxy was deprecated and is removed in 4.4. We don't support automated migration from 4.3 to 4.4. However, in 4.4, imageio provides drop-in configuration (see BZ #1826679), so that user can provide custom changes to the configuration and these changes won't be overwritten during next upgrade as imageio now has it's own config file and will eventually overwrite only this file.
Comment 7 Nir Soffer 2020-05-14 09:56:35 UTC 
Closing as WONTFIX is wrong for the same reasons as bug 1761960.
Comment 8 Avihai 2020-06-02 05:57:51 UTC 
(In reply to Nir Soffer from comment #7)
> Closing as WONTFIX is wrong for the same reasons as bug 1761960.
As original scenario can not be tested, please provide an alternative verification scenario.
Comment 9 Ilan Zuckerman 2020-06-02 06:25:57 UTC 
(In reply to Avihai from comment #8)
> (In reply to Nir Soffer from comment #7)
> > Closing as WONTFIX is wrong for the same reasons as bug 1761960.
> As original scenario can not be tested, please provide an alternative
> verification scenario.

I think this can be verified based on my latest comment in bug 1826679
Comment 10 Ilan Zuckerman 2020-06-02 06:48:15 UTC 
I can not verify this BZ until 'need info' on bug 1826679 is resolved, and 1826679 is verified.
Comment 11 Ilan Zuckerman 2020-06-02 09:59:14 UTC 
Verified according the verification steps from bug 1826679
Comment 12 Nir Soffer 2020-06-09 10:55:50 UTC 
Removing stale need infos.
Comment 13 Sandro Bonazzola 2020-07-08 08:27:20 UTC 
This bugzilla is included in oVirt 4.4.1 release, published on July 8th 2020.

Since the problem described in this bug report should be resolved in oVirt 4.4.1 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.