Bug #15163

Use new oVirt CA cert endpoint

Added by Lukas Zapletal 11 months ago. Updated 6 months ago.

Status:Closed
Priority:Normal
Assigned To:Lukas Zapletal
Category:Compute resources - oVirt
Target version:Team Daniel - iteration 3
Difficulty: Bugzilla link:1370169
Found in release: Pull request:https://github.com/theforeman/foreman/pull/3548
Story points-
Velocity based estimate-
Release1.12.0Release relationshipAuto

Description

Until now, we are downloading /ca.crt file from RHEV/oVirt. From version 3.4+ new endpoint is available (/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA HTTP GET) and the old one will be deprecated.


Related issues

Related to Foreman - Feature #16317: Download oVirt/RHEL CA cert from HTTP handshake rather th... New 08/26/2016

Associated revisions

Revision bf416ab2
Added by Lukas Zapletal 11 months ago

Fixes #15163 - use new oVirt CA cert endpoint

History

#1 Updated by The Foreman Bot 11 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3548 added

#2 Updated by Lukas Zapletal 11 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#3 Updated by Dominic Cleal 11 months ago

  • Release set to 1.12.0

#4 Updated by Ohad Levy 8 months ago

  • Bugzilla link set to 1370169

#5 Updated by Juan Hernández 8 months ago

Please take into account that both the old and new endpoints return the certificate of the CA that was created when the RHV/oVirt engine was installed. But the RHV/oVirt administrator may later replace the certificates, specially the web server certificate, see [1]. If that happens the CA certificate obtained from those endpoints won't work to connect to the engine. I'd suggest that you take the certificate directly from the SSL handshake, that will always work.

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html)

#6 Updated by Lukas Zapletal 8 months ago

  • Related to Feature #16317: Download oVirt/RHEL CA cert from HTTP handshake rather than from API added

#7 Updated by Lukas Zapletal 8 months ago

Thanks, created ticket for that.

#8 Updated by Daniel Lobato Garcia 8 months ago

  • Target version set to Team Daniel - iteration 2

#9 Updated by Daniel Lobato Garcia 6 months ago

  • Target version changed from Team Daniel - iteration 2 to Team Daniel - iteration 3

Also available in: Atom PDF