Comments (11)
cben
commented on July 26, 2024
See also the UI PR ManageIQ/manageiq-ui-classic#450 for more screenshots.
from manageiq-documentation.
jhernand
commented on July 26, 2024
For the oVirt case the user will need to disable TLS certificate verification, or else provide the trusted CA certificates. Both things can be done via the GUI. The key point to make this secure is to make sure that the CA certificates are really trusted. The best way to achieve that is to request the trusted CA certificates from a trusted oVirt administrator, and using a trusted communications channel. The oVirt administrator can find out the CA certificates in use by the oVirt system logging to the oVirt engine machine and checking the SSLCACertificateParameter parameter in the /etc/httpd/conf.d/ssl.conf file:
# grep '^SSLCACertificateFile' /etc/httpd/conf.d/ssl.conf
SSLCACertificateFile /etc/pki/ovirt-engine/apache-ca.pem
The value of that parameter will usually be /etc/pki/ovirt-engine/apache-ca.pem, but it may have been manually changed by the oVirt administrator. The content of that file can be directly pasted in the Trusted CA Certificates text box in the ManageIQ GUI. But it is convenient to remove everything except the text between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- marks, to make it shorter.
Alternatively, and less secure, if the IP network is trusted, the certificate can be obtained using the openssl s_client command:
openssl s_client -connect ovirt.example.com:443 -showcerts < /dev/null
That will show the certificate chain presented by the oVirt engine. The last certificate in that chain will be the CA certificate. Note that again that this is less secure than requesting the CA certificate to a trusted oVirt administrator.
from manageiq-documentation.
cben
commented on July 26, 2024
Doc BZ for container provider docs: https://bugzilla.redhat.com/show_bug.cgi?id=1432260
from manageiq-documentation.
cben
commented on July 26, 2024
cc @dayleparker @adahms these changes also affected RHV & Middleware providers — are there similar efforts to update those docs?
- Containers & RHV started enforcing previously insecure SSL, which may break existing providers until edited.
- Middleware didn't support HTTPS, so nothing broke, just new options.
ManageIQ/manageiq-ui-classic#759 also moved "Security Protocol" field above hostname, port for several providers whose SSL support didn't change. That PR may be helpful as overview — has screenshots of I believe final look of all affected providers.
from manageiq-documentation.
adahms
commented on July 26, 2024
@cben - Yes, we have bugs to track the changes required for RHV and Middleware providers here -
Hawkular
https://bugzilla.redhat.com/show_bug.cgi?id=1437286
RHV
https://bugzilla.redhat.com/show_bug.cgi?id=1431869
Thank you for letting us know about the updates - I understand we may need to raise a few more bugs to ensure all changes are updated, and will review #759 for changes as well.
Feel free to let us know at any stage if there are any specific details you feel we should add!
from manageiq-documentation.
dayleparker
commented on July 26, 2024
@cben, thanks for all the details, it's very helpful.
BTW, we have a new bug now for the OpenShift/RHV SSL updates so as to not hold up the other updated parts of the procedures -- I've added you to the CC list: https://bugzilla.redhat.com/show_bug.cgi?id=1440602
from manageiq-documentation.
dayleparker
commented on July 26, 2024
Hi @cben and @blomquisg,
We need to link to a downstream bug to publish a Known Issue in the Release Notes (Our RNs bug: https://bugzilla.redhat.com/show_bug.cgi?id=1444325).
Can you please link me to the related engineering bug? I've searched and unfortunately haven't had any luck finding this particular one.
Thank you for your help,
Dayle
from manageiq-documentation.
cben
commented on July 26, 2024
perhaps https://bugzilla.redhat.com/show_bug.cgi?id=1429891 "[RFE] Support SSL with Validation (CA) for OpenShift Provider"
@jhernand @josejulio did you have any BZ for oVirt / Middleware SSL?
from manageiq-documentation.
josejulio
commented on July 26, 2024
I had this JIRA: https://issues.jboss.org/browse/HAWKULAR-1199
from manageiq-documentation.
dayleparker
commented on July 26, 2024
Thanks @cben and @josejulio.
I've tied this known issue in the RNs to BZ#1429891, and have updated the Gitlab repo now.
@adahms, do we need to create doc text, or attach any flags/keywords to the bug to make it an official 'known issue'?
from manageiq-documentation.
cben
commented on July 26, 2024
I think this has long been documented and can be closed.
from manageiq-documentation.
Related Issues (20)
- Installing on OpenShift Container Platform topic is missing from TOC HOT 6
- Broken links in ManageIQ latest docs HOT 7
- [Lasker] Migration Path from Appliance to Podified
- [RFE] Provider Discovery via `nmap` HOT 1
- Bad method name in 'methods available for automation' for Kasparov & Jansa HOT 2
- Update PowerVC & PowerVS Cloud Provider Capabilities Matrix HOT 2
- Update providers-overview HOT 3
- Extract service and ansible playbook information from talk article HOT 1
- Need to document create_from_git action on automate_domains API HOT 1
- Need to review and update HA Guide to align with current build process HOT 8
- Dead links in the documentation HOT 1
- Document how to add "additional" regions to providers that support that. HOT 3
- Automate Domain API git import is not documented HOT 3
- External Authentication Revamp HOT 2
- Broken URLs HOT 3
- Adding URL to link back to real doc site HOT 1
- Root-level docs are not rendering HOT 6
- Documentation restructuring HOT 3
- Dependency Dashboard
- Documentation missing on VM retirement tagging options HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from manageiq-documentation.