Re: [ovirt-devel] UI plugins - talking with Engine via JSESSIONID now requires separate request header
On 07/15/2014 08:58 PM, Vojtech Szocs wrote: - Original Message - From: Sven Kieske svenkie...@gmail.com To: devel@ovirt.org Sent: Tuesday, July 15, 2014 8:26:59 PM Subject: Re: [ovirt-devel] UI plugins - talking with Engine via JSESSIONID now requires separate request header Just a few questions from someone who relies on the rest api: Background: I use rest not for UI plugins but for general management stuff (basically all ovirt operations which are possible via rest) I don't use the cookie based session management but pure rest (stateless). Questions: 1. Will stateless rest sessions always be supported or do you plan to change this in the future to just allow cookie based access (so no real rest api, as it's not stateless anymore)? My understanding is that REST API's session management feature is something on top of (stateless) REST / HTTP concept, so I'd say that stateless approach (sending user credentials with each request, without using any session) should always be supported. Stateless access to the RESTAPI is and will be supported. We don't have any plan to remove it. 2. Does this change just affect UI plugins or also other rest api usages? It just affects UI plugins deployed on Engine 3.5 or later, which are talking to Engine via session ID provided by RestApiSessionAcquired hook. If it does affect other usages, which one? Just cookie based operations? None of the above :) In general, when you ask REST API to create session (Prefer: persistent-auth header), you can also tell the preference whether you want to CSRF-protect it (Prefer: csrf-protection) or not. If a REST API session is marked as CSRF-protected, in addition to sending JSESSIONID cookie, you must also send JSESSIONID _header_ with same value. (WebAdmin UI plugin infra acquires CSRF-protected REST API session for all UI plugins.) What Vojtech says is correct, and I would like to add some details. First important thing to take into account is that the CSRF protection mechanism will be completely disabled by default in 3.5. In order to enable it the CSRFProtection parameter has to be changed to true (the default is false): # engine-config -s CSRFProtection=true # service ovirt-engine restart Second important thing is that when CSRFProtection is enabled the caller still *needs* to enable it in a per-session based, adding the Prefer: csrf-protection header to the first request of the session. If this header isn't provided then the CSRF protection is disabled for that session. In 3.5 webadmin will always request CSRF protection, so UI plugins that use the RESTAPI session provided by webadmin will need to send the JSESSIONID header. If you have UI plugins that use the RESTAPI session and can't be modified to send the JSESSIONID header then you will need to keep the CSRF protection disabled (CSRFProtection=false). Third important thing is that the CSRF protection doesn't affect at all callers that don't use sessions. Also it doesn't affect at all callers that use sessions but don't send the Prefer: csrf-protection header. -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] Yum repo file page
Yes and no, resources is basically only a view over a file tree: we cannot add comments and notes as in the wiki. Simone - Original Message - From: Brian Proffitt bprof...@redhat.com To: Simone Tiraboschi stira...@redhat.com Cc: Sandro Bonazzola sbona...@redhat.com, devel@ovirt.org Sent: Friday, July 11, 2014 5:06:47 PM Subject: Re: [ovirt-devel] Yum repo file page Is there anywhere in resources that this information can be found? BKP - Original Message - From: Simone Tiraboschi stira...@redhat.com To: Sandro Bonazzola sbona...@redhat.com Cc: devel@ovirt.org, Brian Proffitt bprof...@redhat.com Sent: Friday, July 11, 2014 6:36:52 AM Subject: Re: [ovirt-devel] Yum repo file page It's not linked to any other page but is the first results that I get if I search ovirt yum repo and so it can be useful for some users. Maybe instead of showing there the content of the repo file we can just show a link to more stable content like http://resources.ovirt.org/pub/yum-repo/ or something similar with a minimal comment. So we can reduce the chance we need to update it but at the same time we still provide a quick link for who just need that. ciao, Simone - Original Message - From: Sandro Bonazzola sbona...@redhat.com To: devel@ovirt.org, Brian Proffitt bprof...@redhat.com Sent: Friday, July 11, 2014 9:14:37 AM Subject: [ovirt-devel] Yum repo file page Hi, I propose deletion of http://www.ovirt.org/Yum_repo_file It's not linked by other pages[1] and keeping it will means that for each change in ovirt-release project the wiki page must be updated accordingly. Any objection? [1] http://www.ovirt.org/index.php?title=Special%3AWhatLinksHeretarget=Yum_repo_filenamespace= -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
[ovirt-devel] [QE][ACTION NEEDED] oVirt 3.5.0 Second Beta status
Hi, We're going to compose oVirt 3.5.0 Second Beta on Mon *2014-07-21 08:00 UTC*. Maintainers: - Please be sure that 3.5 snapshot allow to create VMs before *2014-07-20 15:00 UTC* The bug tracker [1] shows the following proposed blockers to be reviewed: Bug ID Whiteboard Status Summary 1115044 infra POSTHost stuck in Unassinged state when using jsonrpc and disconnection from pool failed 1115152 infra POSTCannot edit or create block storage doamin when using jsonrpc 1113974 integration POSTHostname validation during all-in-one setup 1115001 network ASSIGNEDError code 23 when invoking Setup Networks 1119019 network POSTRemove network with network custom properties from Host fails 1110305 virtPOSTBSOD - CLOCK_WATCHDOG_TIMEOUT_2 - Win 7SP1 guest, need to set hv_relaxed Feature freeze is now effective, and branch has been created. All new patches must be backported to 3.5 branch too. Features completed are marked in green on Features Status Table [2] There are still 412 bugs [3] targeted to 3.5.0. Excluding node and documentation bugs we still have 364 bugs [4] targeted to 3.5.0. Maintainers / Assignee: - Please check ensure that completed features are marked in green on Features Status Table [2] - Please remember to rebuild your packages before *2014-07-20 15:00* if needed, otherwise nightly snapshot will be taken. - Please be sure that 3.5 snapshot allow to create VMs before *2014-07-20 15:00 UTC* - If you find a blocker bug please remember to add it to the tracker [1] - Please start filling release notes, the page has been created here [5] - Please review and add test cases to oVirt 3.5 Second Test Day [6] Community: - save the date for second test day scheduled on 2014-07-24! - You're welcome to join us testing next beta release and getting involved in oVirt Quality Assurance[7]! [1] http://bugzilla.redhat.com/1073943 [2] http://bit.ly/17qBn6F [3] http://red.ht/1pVEk7H [4] http://red.ht/1rLCJwF [5] http://www.ovirt.org/OVirt_3.5_Release_Notes [6] http://www.ovirt.org/OVirt_3.5_TestDay [7] http://www.ovirt.org/OVirt_Quality_Assurance Thanks, -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
[ovirt-devel] oVirt Node Weekly Meeting Minutes - July 16 2014
Minutes:http://ovirt.org/meetings/ovirt/2014/ovirt.2014-07-15-13.17.html Minutes (text): http://ovirt.org/meetings/ovirt/2014/ovirt.2014-07-15-13.17.txt Log: http://ovirt.org/meetings/ovirt/2014/ovirt.2014-07-15-13.17.log.html = #ovirt: oVirt Node Weekly Meeting = Meeting started by fabiand at 13:17:08 UTC. The full logs are available at http://ovirt.org/meetings/ovirt/2014/ovirt.2014-07-15-13.17.log.html . Meeting summary --- * Agenda (fabiand, 13:19:01) * Action Item Review (fabiand, 13:19:18) * Next Release (3.1) (fabiand, 13:19:29) * 3.5 Feature Status (fabiand, 13:20:51) * Other Items (fabiand, 13:20:59) * Action Item Review (fabiand, 13:21:17) * LINK: http://resources.ovirt.org/meetings/ovirt/2014/ovirt.2014-07-08-13.03.txt (fabiand, 13:21:55) * fabiand and rbarry to test the ovirt-node iso (fabiand, 13:22:12) * QE team discovered some issues (fabiand, 13:23:15) * LINK: http://lists.ovirt.org/pipermail/devel/2014-July/008142.html (fabiand, 13:24:30) * Next Release (3.1) (fabiand, 13:26:40) * 3.5 Feature Status (fabiand, 13:29:55) * generic-registration -- Needs some clearifying (fabiand, 13:30:48) * hosted-engine-plugin -- Needs a maintainer (fabiand, 13:31:03) * virtual-appliance -- Has a working jenkins build (fabiand, 13:31:22) * Other Items (fabiand, 13:35:45) * LINK: http://bpaste.net/show/HrZnry3kru8D1naejzt7/ (peetaur2, 15:39:00) Meeting ended at 14:04:49 UTC. Action Items Action Items, by person --- * **UNASSIGNED** * (none) People Present (lines said) --- * fabiand (44) * YamakasY_ (40) * peetaur2 (32) * clarkee (22) * ojorge (21) * thomas (20) * jhernand (13) * bkp (12) * msivak (12) * sbonazzo (10) * jvandewege (8) * urthmover (8) * rbarry (8) * dougsland (5) * YamakasY (5) * leaboy (3) * Dick-Tracy (3) * ovirtbot (3) * oved_ (2) * SvenKieske (2) * lvernia (2) * kobi (1) * Moe__ (1) * derez (1) * dcaro (1) * eedri (1) * yzaslavs|mtg (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
