Alon Bar-Lev has posted comments on this change.
Change subject: Wrap validation of fingerprint in each connect using
EngineSSHClient
......................................................................
Patch Set 3: (1 inline comment)
....................................................
File
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssh/EngineSSHClient.java
Line 50: super.connect();
Line 51: if (_vds != null) {
Line 52: String actual = getHostFingerprint();
Line 53: String expected = _vds.getSSHKeyFingerprint();
Line 54: if (!actual.equals(expected)) {
No... we must do this... so split this class into two... so that gluster will
use the one without the enforcement.
Examples why we must use:
1. legacy hosts will have no fingerprint, we need to update their fingerprint
at first connect, even it is not add.
2. api will be able to add host without fingerprint, we need to modify this at
first connect.
Line 55: throw new GeneralSecurityException(
Line 56: String.format(
Line 57: "Invalid fingerprint %s, expected %s",
Line 58: actual,
--
To view, visit http://gerrit.ovirt.org/16126
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ic01517a153406c8bafc672c20b0bf8686763a2f5
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Sahina Bose <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
