Bug 1026300 - [core] post-deploy vdsm configuration change (disable ssl)
[core] post-deploy vdsm configuration change (disable ssl)
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.2.0
Unspecified Unspecified
unspecified Severity medium
: ---
: 3.4.0
Assigned To: Alon Bar-Lev
infra
: Reopened, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-04 06:34 EST by Jiri Belka
Modified: 2016-02-10 14:16 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-11 07:16:03 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jiri Belka 2013-11-04 06:34:26 EST
Description of problem:
BZ1003117 introduced easy way how to define plain-text communication between engine and hosts. But to make it work practically, one has to modify vdsm.conf on the hosts.

As 'EncryptHostCommunication' is now available to admins, it would be probably wise to offer configuration of the other part (hosts) - ssl knob inside host properties dialog.

Version-Release number of selected component (if applicable):
is21

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Alon Bar-Lev 2013-11-04 17:03:34 EST
This is already supported, if you deploy host after setting of the EncryptHostCommunication to false at engine side.

Please reopen if not working.
Comment 2 Jiri Belka 2013-11-05 03:05:33 EST
So if I already have host in the setup before EncryptHostCommunication=false am I left to do manual kung-fu? This is the point of my BZ.
Comment 3 Alon Bar-Lev 2013-11-05 03:36:19 EST
(In reply to Jiri Belka from comment #2)
> So if I already have host in the setup before EncryptHostCommunication=false
> am I left to do manual kung-fu? This is the point of my BZ.

We do not touch vdsm configuration post host-deploy.

Besides, turning off SSL via engine after deployment is breaking security trust.

Had the ssl setting was per host, I could have imagine that something can be done.

Reopening, while I do not think this should be implemented.
Comment 4 Eli Mesika 2013-11-05 05:56:27 EST
Arthur , Please see comment 3 and decide what should be done here
Comment 5 Arthur Berezin 2013-11-12 09:23:37 EST
We do have some missing parts to make this feature complete:

1. Make EncryptHostCommunication configurable per host.

2. Engine should be able to switch between Encrypted/PlainText without the admin manually configuring vdsm.conf for each host.
2.1 Engine should be able to fail-back if it switched between encrypted/plain-text and failed to communicate with the host.

3. Add Cluster level configuration for encrypted / plain-text with hosts.

3. When moving hosts between clusters we should make sure a host can communicate with new security policy [ encrypted | plain-text ]before moving to the new cluster.

4. On hosts general tab we should indication if the communication with a host is encrypted or plaintext.


Arthur
Comment 6 Alon Bar-Lev 2013-11-12 10:09:23 EST
(In reply to Arthur Berezin from comment #5)
> We do have some missing parts to make this feature complete:
> 
> 1. Make EncryptHostCommunication configurable per host.
> 
> 2. Engine should be able to switch between Encrypted/PlainText without the
> admin manually configuring vdsm.conf for each host.
> 2.1 Engine should be able to fail-back if it switched between
> encrypted/plain-text and failed to communicate with the host.
> 
> 3. Add Cluster level configuration for encrypted / plain-text with hosts.
> 
> 3. When moving hosts between clusters we should make sure a host can
> communicate with new security policy [ encrypted | plain-text ]before moving
> to the new cluster.
> 
> 4. On hosts general tab we should indication if the communication with a
> host is encrypted or plaintext.
> 
> 
> Arthur

While I do not understand the actual requirement, nor the use case.

I expect:

vdsm to listen to both encrypted and plain text ports, similar to httpd for http and https.

Or:

vdsm to support startTLS protocol on single port, so we can work encrypted or plain on same port.

And:

add vdsm command via its protocol to enable/disable plain text communication.

<then copy above requirements>
Comment 7 Arthur Berezin 2013-11-13 02:43:11 EST
Thanks Alon. We introduced a new security feature, now it has to be visible to the user, and the user should be able to use it easily via UI at cluster level. 

Does both encrypted and plain text use port 54321, if not we have to take under account that other ports might be blocked by firewall, and alert the user.
Comment 8 Alon Bar-Lev 2013-11-13 02:47:10 EST
> Thanks Alon. We introduced a new security feature, now it has to be visible to the user, and the user should be able to use it easily via UI at cluster level. 

when have we introduced security feature? the SSL protocol can be disabled only because in the past developers needed that to setup their development environment.

disabling SSL will also disable protocol authentication, and allow *ANY* host to completely control vdsm.

please explain what is the "security feature" and the reason to disable ssl post installation exposing the host.

you are actually adding security vulnerability to the product!
Comment 9 Alon Bar-Lev 2013-12-08 13:50:00 EST
Hello,

I want to clean this as WONTFIX, if anyone has something to say, please speak now.

Thanks,

Note You need to log in before you can comment on or make changes to this bug.