Bug 723206 - PRD32 - Ability to install/activate RHEV-H / RHEL-H hosts without the use of https (443).
PRD32 - Ability to install/activate RHEV-H / RHEL-H hosts without the use of ...
Status: CLOSED ERRATA
Product: ovirt-host-deploy
Classification: oVirt
Component: Plugins.node (Show other bugs)
---
All Linux
medium Severity medium (vote)
: ---
: 1.0.0
Assigned To: Alon Bar-Lev
Tareq Alayan
infra
: FutureFeature, Improvement
Depends On: bootstrap-rewrite
Blocks: Simon-RFE-Tracker 891778 915537
  Show dependency treegraph
 
Reported: 2011-07-19 08:18 EDT by Chris Williams
Modified: 2016-02-10 14:27 EST (History)
19 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Previously the vdsm-reg component must be used when registering the hypervisor to the manager. vdsm-reg acquires resources from the manager using unsecured protocols. Now, when users add a hypervisor from the manager, the SSH protocol is used.
Story Points: ---
Clone Of:
: 891778 (view as bug list)
Environment:
Last Closed: 2013-06-10 16:58:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
bazulay: devel_ack+


Attachments (Terms of Use)

  None (edit)
Description Chris Williams 2011-07-19 08:18:50 EDT
Proposed title of this feature request
Ability to install/activate RHEV-H / RHEL-H hosts without the use of https (443).

Who is the customer behind the request?
Thomas Krieger

Account name:
Cortal Consors S.A.

Customer segment:
1

TAM/SRM customer yes/no:
Yes

VHT score:
N/A

What is the nature and description of the request?
The customer would like to remove the https requests made from a newly installed or activated host to the RHEV-M host in order to gather certificates etc. These should be replaced with SCP transfers or transfers over the common vdsm ports. 

Why does the customer need this? (List the business requirements here)
By removing the https requests the customer is able to secure a common port between their DMZ and corp network where their RHEV-M systems are hosted.

How would the customer like to achieve this? (List the functional
requirements here)
Fix to the installation / activation code used by hosts and RHEV-M.

For each functional requirement listed in question 4, specify how Red Hat
and the customer can test to confirm the requirement is successfully
implemented.
Simply by monitoring the requests made from a host during installation / activation.

Is there already an existing RFE upstream or in Red Hat bugzilla?
No.

How quickly does this need resolved? (desired target release)
RHEV 3.0 Z-Stream or minor update.

Does this request meet the RHEL Bug and Feature Inclusion Criteria
(please review)
Yes.

List the affected packages
RHEV-H, RHEV-M, vdsm

Would the customer be able to assist in testing this functionality if
implemented?
Yes.
Comment 2 Alon Bar-Lev 2012-11-25 06:47:30 EST
After bootstrap rewrite, if initiated by the engine, host and node may be added without use HTTP protocol.

Registration of nodes still uses HTTP protocol, but this is optional process now.
Comment 4 Stephen Gordon 2012-12-18 14:45:58 EST
Hi Alon, to clarify are we saying that in 3.2 when users add a host from the management console HTTP(S) won't be required but that it will still be required if you register to the manager from the node side?
Comment 5 Alon Bar-Lev 2012-12-18 14:49:10 EST
(In reply to comment #4)
> Hi Alon, to clarify are we saying that in 3.2 when users add a host from the
> management console HTTP(S) won't be required but that it will still be
> required if you register to the manager from the node side?

Exactly.
Comment 6 Tareq Alayan 2013-02-18 06:20:08 EST
Verified.

Added the following rules to iptables of the engine:
REJECT tcp -- {IP_OF_HOST} anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable 
REJECT tcp -- {IP_OF_HOST} anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable

adding rhel-like host - PASS
adding rhevh host from rhevm - PASS
adding rhevh host (addition initiated by rhevh) - FAILED
Comment 7 Cheryn Tan 2013-04-03 02:52:16 EDT
This bug is currently attached to errata RHEA-2013:14491. If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag.

Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information:

* Cause: What actions or circumstances cause this bug to present.

* Consequence: What happens when the bug presents.

* Fix: What was done to fix the bug.

* Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore')

Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug.

For further details on the Cause, Consequence, Fix, Result format please refer to:

https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes

Thanks in advance.
Comment 8 errata-xmlrpc 2013-06-10 16:58:52 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0888.html

Note You need to log in before you can comment on or make changes to this bug.