On Sat, Oct 27, 2018 at 2:36 PM Anastasiya Ruzhanskaya <[email protected]> wrote: > > Hello everyone!
Hi, > I am trying to analyze traffic between ovirt-engine and vdsm. > First strange thing is, that it should be encrypted by default . When I > listen in wireshark for message from engine to vdsm being on the engine > machine, the traffic is not encrypted. It is only tcp. I expect it then be > acceptable for wireshark json dissector. But this is not a json. Is this a > normal situation or I should set up encryption by myself? I think it should be encrypted. > > However, on the guest machine, I see in wireshark that the traffic between > engine and vdsm is encrypted. ( I have a configuration of my computer as a > client and two VMs as engine and node). So , I am trying to use engine's > private key to decrypt it. The private key is not engine_id_rsa (am I > right?), but it is hidden inside .p12 file. The p12 file is a PKCS#12 format archive, contains both private and public keys. The engine_id_rsa is the private key in ssh format. > To extract the key from this file I need a password. During the ovirt > installing I didn't set up any password for this. Is this maybe a default one? Yes, 'mypass'. I do not think we have a documented way to change it, might be wrong. Generally speaking, we only rely on file-level protection for this. > How can I extract a private key? Check also the script packaging/bin/pki-pkcs12-extract.sh . > > So, the final questions are: > 1) Should the traffic between engine and vdsm be encrypted by default? Yes, IMO, but I didn't fully understand what you wrote above. Do you see it encrypted on one side (vdsm) and cleartext on the other (engine)? Weird. > 2) How the private key for engine can be extracted? See also: https://ovirt.org/develop/release-management/features/infra/pki/ It's probably outdated a bit, but should still be mostly accurate. Best regards, -- Didi _______________________________________________ Devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/3GHIDUAJKI424ZGOLFT6HJJM4DP4WGZC/
