Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Default to SSL to comply with pve and fix typo
SSL encrypted communication, so we set it as default. As pve generates a self signed certificate we set insecure ssl as default option. A unencrypted connection is rejected by the PVE proxy so it isn't needed as an option. Also a typo (opts instead of options) was corrected.
- Loading branch information
c0a6b25
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, as it stands, --ssl, --ssl-secure, and --ssl-insecure are not registered keys in the options dictionary so every one of those options would fail.
Something like this would be needed.
c0a6b25
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, that with the options clearly my fault, I missed that completely and relied uppon the existence of this two as they were already in the code, my bad sorry!
I now also think it's better to default to SSL verification, as even if self signed certificates are default on Proxmox VE you should explicitly state that it's okay to not verify it.
Do you already have a patch prepared? Else I would make the "dirty work", I mean it's partly my fault.
Thanks for noticing this!
c0a6b25
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Eh follow up, maybe I should drink a coffee before answering such stuff.
Naturally ssl, ssl-secure and ssl-insecure exist! They only are not in this file as they get inherited from the base fencing class. See
fence-agents/fence/agents/lib/fencing.py.py
Line 183 in 7e65180
The fence agents test system in fact runs regression test on all agents so that an error like a wrong option would fail the build, I did test this change it was only a bit to long ago to remember :)
So nothing needs to be changed, at least regarding this.