1576377 – engine-setup rewrites SSL*File options

Bug 1576377 - engine-setup rewrites SSL*File options

Summary: engine-setup rewrites SSL*File options

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	Setup.Engine
Sub Component:
Version:	4.2.3.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ovirt-4.2.4
Target Release:	---
Assignee:	Yedidyah Bar David
QA Contact:	Lucie Leistnerova
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-05-09 10:14 UTC by Yedidyah Bar David
Modified:	2018-06-26 08:41 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2018-06-26 08:41:53 UTC
oVirt Team:	Integration
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.2+ rule-engine: exception+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	91829	0	master	MERGED	packaging: setup: Keep some httpd params on update	2020-03-09 15:00:37 UTC
oVirt gerrit	91878	0	ovirt-engine-4.2	MERGED	packaging: setup: Keep some httpd params on update	2020-03-09 15:00:37 UTC

Description Yedidyah Bar David 2018-05-09 10:14:02 UTC

Description of problem:

See bug 1558500.

This means also that a sysadmin changing ssl.conf after setup to use custom certs (probably signed by a 3rd party CA), gets these changes overwritten back to engine-setup's default, which is the internal CA.

This was first reported on the thread starting with:

https://lists.ovirt.org/archives/list/users@ovirt.org/thread/FSREE7KQOZ32IWSYTGIQ5JIJFQM25BV3/

(Current archive seems to not be up-to-date so does not include latest relevent emails).

Version-Release number of selected component (if applicable):

4.2.3

How reproducible:

Always

Steps to Reproduce:
1. Install and setup a 4.1 engine, as in bug 1558500.
2. Manually configure 3rd-party CA certs for apache httpd in ssl.conf
3. Upgrade to 4.2.3

Actual results:

Manual changes to SSLCertificateFile, SSLCertificateKeyFile or SSLCACertificateFile done in step (2.) are reverted

Expected results:

Only changes to SSLProtocol and CustomLog options are done, but not to the SSL*File options.

Additional info:

Comment 1 Lucie Leistnerova 2018-06-12 09:26:12 UTC

engine-setup asks for changes in ssl.conf and then changes only SSLProtocol, CustomLog. SSLCertificate settings are unchanged.

verified in ovirt-engine-setup-4.2.4.2-0.1.el7_3.noarch

Comment 2 Sandro Bonazzola 2018-06-26 08:41:53 UTC

This bugzilla is included in oVirt 4.2.4 release, published on June 26th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.4 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.