New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1900138: Removed support for insecure mode for oVirt/RHV installation #4404
Bug 1900138: Removed support for insecure mode for oVirt/RHV installation #4404
Conversation
@janoszen: This pull request references Bugzilla bug 1900138, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@janoszen: This pull request references Bugzilla bug 1900138, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
/assign @Gal-Zaidman |
@janoszen: This pull request references Bugzilla bug 1900138, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@Gal-Zaidman this one's next. We may need QA to look at this before we merge and we still need text for it. |
@janoszen: This pull request references Bugzilla bug 1900138, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1 similar comment
@janoszen: This pull request references Bugzilla bug 1900138, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Can you also look at the commits I think something funky happened there |
@Gal-Zaidman thanks, resolved the issue with the commits. QA got back to us and it looks good to them too, now we are just waiting for docs. |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to make sure that LINK is persistent as it will be hardcoded in the code
@eslutsky the docs bug is here: https://issues.redhat.com/browse/OCPRHV-426 |
thanks , replied in the bug |
…ure mode for oVirt/RHV installation This change removes support for the insecure mode from the oVirt installer. Previously, when no certificate could be obtained from the oVirt engine the installer would proceed without certificate verification. Due to recent improvements this is no longer a valid use case and is being deprecated. The user is instead presented with a message explaining the situation and linking to the to-be-written documentation. If the user wants to use insecure mode they have to create a file named ~/.ovirt/ovirt-config.yaml with the following contents before running the installer: ```yaml ovirt_url: https://ovirt.example.com/ovirt-engine/api ovirt_fqdn: ovirt.example.com ovirt_pem_url: "" ovirt_username: admin@internal ovirt_password: super-secret-password ovirt_insecure: true ```
Link issue has been resolved in the latest update. |
Can we start review this one? I see WIP in the title. |
The patch looks good but I would exit the loop in case user reach the level of insecure as it's a critical thing and they would need to fix their env. |
@dougsland not necessarily, they might just land in that branch by mistake. Very few people will actually want to use it without any verification, I can't even think of a single reason why you would want that. |
If you believe it's a dead code/scenario, probably consider removing the entire condition.
From my understanding: If you believe 100% users will achieve this code part as a mistake flow and want to continue the installer alive I would replace error with info message type. |
I think there is a case where you've made a genuine mistake in the certificates (like point to an expired one) , we should give you a chance to fix it, instead of failing immediately. The install will loop on this 3 times, and then fail. This seem like a good compromise of being forgiving, but not letting the user do something dangerous. |
Moving forward as PM requested. |
/lgtm |
/approve |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dougsland, staebler The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
11 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
@janoszen: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@janoszen: All pull requests linked via external trackers have merged: Bugzilla bug 1900138 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This change removes support for the insecure mode from the oVirt installer. Previously, when no certificate could be obtained from the oVirt engine the installer would proceed without certificate verification. This PR is based on #4387 and depends on OCPRHV-426.
Due to recent improvements this is no longer a valid use case and is being deprecated. The user is instead presented with a message explaining the situation and linking to the to-be-written documentation. If the user wants to use insecure mode they have to create a file named
~/.ovirt/ovirt-config.yaml
with the following contents before running the installer:User experience