OUTLINE vdsm-reg is currently used for ovirt-node registration. It is doing much more than it should, and using low quality implementation. Since ovirt-engine-3.2 there is no actual need for vdsm-reg, we should be able to retire this component when interacting with >=ovirt-engine-3.2 quite easily. This regadless of the proper method to do this using a generic ovirt-node registration (bug#875088). It would be best if we have some anonymous engine API to return version, but for now, we will just add a checkbox/parameter for user manual use. DESIGN COMPONENT: Registration module Common to interactive and non interactive processing. INPUT engine_url - url engine_gt_32 - boolean callbacks - object boolean ca_confirm(string pem) OUTPUT success failure - network and other issues aborted - aborted by user, user did not accept CA We can do this with exceptions, then we need a special exception for aborted state... or with return enum. LOGIC 1. If Web CA certificate is missing a. download into *TEMPORARY* location. b. extract PEM, callback.ca_confirm(pem) c. store certificate into final location. 2. Download/store SSH public key. 3. Get vdsmid (create /etc/vdsm/vdsm.id if required) 4. If not enigne_gt_32 use legacy vdsm_reg logic. 5. If engine_gt_32 perform registration using engine_url, please make sure that user:password@ trigger authentication header. COMPONENT: UI Two fields: Engine URL: _https://____________ (default: https://) [X] Engine version is 3.2 or above (default: checked) LOGIC 1. Register callback to present certificate CN and fingerprint and accept. 2. call registration module and call it with UI parameters and callback COMPONENT: Non interactive 1. add two kernel arguments: a. management_server_url (url) b. management_server_gt_32 (boolean, default: 1) LOGIC 1. register callback to verify management_server_fingerprint against certificate. 2. if management_server_url available: a. call python module with management_server_url, management_server_gt_32 3. if management_server_url is unavailable but management_server is: a. call python module with https://management_server:management_port, !engine_gt_32 b. if fail, call python module with http://management_server:management_port, !engine_gt_32
*** Bug 970667 has been marked as a duplicate of this bug. ***
COMPONENT: CLI Command-line interface to perform registration. ovirt-engine-registration --url= --ca-fingerprint=(*|sha1)
Implementation notes: Best if the python library and the CLI can be run on any computer not just ovirt-node, this will allow us to register standard hosts. Implications are: persist only at ovirt-node... more?
(In reply to Alon Bar-Lev from comment #3) > Implementation notes: > > Best if the python library and the CLI can be run on any computer not just > ovirt-node, this will allow us to register standard hosts. > > Implications are: persist only at ovirt-node... more? pass parameter of host type by the client as part of registration?
(In reply to Itamar Heim from comment #4) > (In reply to Alon Bar-Lev from comment #3) > > Implementation notes: > > > > Best if the python library and the CLI can be run on any computer not just > > ovirt-node, this will allow us to register standard hosts. > > > > Implications are: persist only at ovirt-node... more? > > pass parameter of host type by the client as part of registration? Why? we should detect host type while actually installing.
*** Bug 1097713 has been marked as a duplicate of this bug. ***
*** Bug 1113622 has been marked as a duplicate of this bug. ***
Closing this bug as duplicate of bz#1231379 which has all flags for 3.6 release and it's related to the new tool which will deprecate vdsm-reg. For the record, the tool uses the new registration service as requested in bz#994451 and bz#1135921 and it's integrated to ovirt-node and can be used in a ordinary distro. *** This bug has been marked as a duplicate of bug 1231379 ***