Bug 1134219 - [RFE] PKI should be pluggable and api-accessible
Summary: [RFE] PKI should be pluggable and api-accessible
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Nobody
QA Contact: Lukas Svaty
URL:
Whiteboard:
: 631936 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-27 07:10 UTC by Yedidyah Bar David
Modified: 2020-04-01 14:51 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-01 14:47:57 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 57646 0 None None None 2018-11-14 18:39:31 UTC
Red Hat Knowledge Base (Solution) 288083 0 None None None 2018-11-14 18:39:31 UTC

Description Yedidyah Bar David 2014-08-27 07:10:16 UTC 
It should be possible to use another pki implementation, instead of the existing fixed one which uses an internal CA and a few shell scripts. In particular, it should be possible to interface with an external CA.

It should be possible to manage pki through the api (and web admin):

* issue a certificate request to be kept in a queue
* approve a request from the queue
* receive a certificate

Use cases:

* Have an external CA sign the certs used for engine<->host communication
* Allow easier signing of certs for remote websocket-proxy (bug #1080992) and reports (bug #1080998) hosts.
Comment 1 Yedidyah Bar David 2014-08-27 07:12:02 UTC 
*** Bug 631936 has been marked as a duplicate of this bug. ***
Comment 2 Yedidyah Bar David 2015-05-25 11:58:54 UTC 
It should also be transactional - should allow engine-setup to cleanly rollback to previous pki state on failure. See also bug 1224672.
Comment 3 Yedidyah Bar David 2015-06-10 06:46:38 UTC 
Alon, please write up some set of requirements for the new pki. How it should look like, what needs to be fixed in it compared to current, etc. Thanks.
Comment 4 Red Hat Bugzilla Rules Engine 2015-10-19 10:56:21 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 13 Michal Skrivanek 2020-03-18 15:47:00 UTC 
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly
Comment 14 Michal Skrivanek 2020-03-18 15:51:43 UTC 
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly
Comment 15 Michal Skrivanek 2020-04-01 14:47:57 UTC 
ok, closing. Please reopen if still relevant/you want to work on it.
Comment 16 Michal Skrivanek 2020-04-01 14:51:19 UTC 
ok, closing. Please reopen if still relevant/you want to work on it.
Note You need to log in before you can comment on or make changes to this bug.