Bug 1122570 - [vdsm] /etc/pki/vdsm/keys/libvirt_password has nothing to do with PKI thus it should not be in that path
Summary: [vdsm] /etc/pki/vdsm/keys/libvirt_password has nothing to do with PKI thus it...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: oVirt
Classification: Retired
Component: vdsm
Version: 3.5
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 3.6.0
Assignee: Dima Kuznetsov
QA Contact: Gil Klein
URL:
Whiteboard: infra
Depends On: 1169338
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-23 14:16 UTC by Jiri Belka
Modified: 2016-02-10 19:30 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-06-11 20:19:04 UTC
oVirt Team: Infra


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 37049 master ABANDONED packaging: Move libvirt_password out of PKI Never

Description Jiri Belka 2014-07-23 14:16:15 UTC
Description of problem:

Following file has nothing to do with PKI, this is just password for sasl.

# ls -lZ /etc/pki/vdsm/keys/libvirt_password  -rw-------. vdsm kvm system_u:object_r:cert_t:s0     

Move it to sane location to not pollute a directory with specific sense with irrelevant files.

Version-Release number of selected component (if applicable):
vdsm-4.16.0-3.git601f786.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1. what PKI stands for?
2. how relevent to PKI is /etc/pki/vdsm/keys/libvirt_password ?
3.

Actual results:
irrelevant

Expected results:
irrelevant files should not be in /etc/pki

Additional info:
nitpicking ;)

Comment 1 Yaniv Bronhaim 2015-01-19 09:46:21 UTC
Alon, any best fit for such file? is /etc/vdsm/ reasonable location?

Comment 2 Alon Bar-Lev 2015-01-19 10:28:48 UTC
(In reply to Yaniv Bronhaim from comment #1)
> Alon, any best fit for such file? is /etc/vdsm/ reasonable location?

the entire vdsm/pki configuration that is not to be touched by user should be in /var/lib/vdsm, this file for example should be at /var/lib/vdsm/secrets or similar.

I suggest not to change anything at this point, there are lots of validations anyway.

Comment 3 Yaniv Bronhaim 2015-04-26 06:52:13 UTC
To what validations do you refer to ? We are using this file only to set sasl password, so once [1] is merged we shouldn't have any more references to this file at all - I don't see any problem to move the file under /var/lib

[1] https://gerrit.ovirt.org/39823

Comment 4 Alon Bar-Lev 2015-06-11 08:05:05 UTC
(In reply to Alon Bar-Lev from comment #2)
> I suggest not to change anything at this point, there are lots of
> validations anyway.

sorry! s/validations/violations/ :)

Comment 5 Jiri Belka 2015-06-11 21:44:15 UTC
imo this is ridiculous, at least he said:

> ...at this point...

Comment 6 Oved Ourfali 2015-06-12 09:43:44 UTC
I must agree with Alon and Yaniv. We should not touch this, as it doesn't interfere with anything, and I wouldn't want any change there to cause regressions in the future because someone relied on something.

That's why I agree with closing this as wontfix.


Note You need to log in before you can comment on or make changes to this bug.