[libvirt] [PATCH v2] libvirtd: clarify the TLS conf default vaule setting
From: Chen Hanxiao <chenhanxiao@gmail.com> As the description of daemon/libvirtd.conf, setting key_file, cert_file or key_file will override the default value. But if we set any one of them, we need to set all the rest of them. This patch clarify that description. Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com> --- v2: fix a typo daemon/libvirtd.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf index 8e0c0d96d..7040ff26b 100644 --- a/daemon/libvirtd.conf +++ b/daemon/libvirtd.conf @@ -183,6 +183,9 @@ # +# NB, if the default value of 'key_file', 'cert_file' or +# 'ca_file' would be changed, +# all of them should be changed together. # Override the default server key file path # #key_file = "/etc/pki/libvirt/private/serverkey.pem" -- 2.14.3
s/vaule/value On 01/12/2018 05:33 AM, Chen Hanxiao wrote:
From: Chen Hanxiao <chenhanxiao@gmail.com>
As the description of daemon/libvirtd.conf, setting key_file, cert_file or key_file will override the default value. But if we set any one of them, we need to set all the rest of them.
This patch clarify that description.
More simply stated: Provide more details related to the requirement that setting one of the values requires setting all of them.
Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com> --- v2: fix a typo
daemon/libvirtd.conf | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf index 8e0c0d96d..7040ff26b 100644 --- a/daemon/libvirtd.conf +++ b/daemon/libvirtd.conf @@ -183,6 +183,9 @@ #
+# NB, if the default value of 'key_file', 'cert_file' or +# 'ca_file' would be changed, +# all of them should be changed together.
How about this instead: # Use of TLS requires that x509 certificates be issued. The default locations # for the certificate files is as follows: # # /etc/pki/CA/cacert.pem - The CA master certificate # /etc/pki/libvirt/servercert.pem - The server certificate signed with # the cacert.pem # /etc/pki/libvirt/private/serverkey.pem - The server private key # # It is possible to override the default locations by altering the 'key_file', # 'cert_file', and 'ca_file' values and uncommenting them below. # # NB, overriding the default of one location requires uncommenting and # possibly additionally overriding the other settings. #
# Override the default server key file path # #key_file = "/etc/pki/libvirt/private/serverkey.pem"
On Fri, Jan 19, 2018 at 05:20:10PM -0500, John Ferlan wrote: [...]
More simply stated:
Provide more details related to the requirement that setting one of the values requires setting all of them.
Sounds clearer. [...]
How about this instead:
# Use of TLS requires that x509 certificates be issued. The default locations # for the certificate files is as follows: # # /etc/pki/CA/cacert.pem - The CA master certificate # /etc/pki/libvirt/servercert.pem - The server certificate signed with # the cacert.pem # /etc/pki/libvirt/private/serverkey.pem - The server private key # # It is possible to override the default locations by altering the 'key_file', # 'cert_file', and 'ca_file' values and uncommenting them below. # # NB, overriding the default of one location requires uncommenting and # possibly additionally overriding the other settings. #
Noticed this change randomly. The above looks much better to me. So, if we go with the above: Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com> -- /kashyap
participants (3)
-
Chen Hanxiao -
John Ferlan -
Kashyap Chamarthy