On Mon, May 28, 2012 at 11:33:15AM -0400, Federico Simoncelli wrote:
> ----- Original Message -----
> > From: "Daniel P. Berrange" <berra...@redhat.com>
> > To: "Federico Simoncelli" <fsimo...@redhat.com>
> > Cc: "Lei Li" <li...@linux.vnet.ibm.com>, "Adam Litke" <a...@us.ibm.com>, 
> > "Dan Kenigsberg" <dan...@redhat.com>, "Ryan
> > Harper" <ry...@linux.vnet.ibm.com>, vdsm-devel@lists.fedorahosted.org, 
> > "Ayal Baron" <aba...@redhat.com>
> > Sent: Monday, May 28, 2012 4:52:38 PM
> > Subject: Re: Move some of code from spec file into vdsm-tool function issue
> > 
> > On Mon, May 28, 2012 at 10:39:08AM -0400, Federico Simoncelli wrote:
> > > ----- Original Message -----
> > > > From: "Lei Li" <li...@linux.vnet.ibm.com>
> > > > To: vdsm-devel@lists.fedorahosted.org
> > > > Cc: "Adam Litke" <a...@us.ibm.com>, "Dan Kenigsberg"
> > > > <dan...@redhat.com>, "Federico Simoncelli"
> > > > <fsimo...@redhat.com>,
> > > > "Ryan Harper" <ry...@linux.vnet.ibm.com>
> > > > Sent: Monday, May 28, 2012 11:18:03 AM
> > > > Subject: Move some of code from spec file into vdsm-tool function
> > > > issue
> > > > 
> > > > Hi guys,
> > > > 
> > > > Adam point out a problem about my patch moving some of the
> > > > post and preun section in vdsm spec file into vdsm-tool, and
> > > > I have the same concern.
> > > > 
> > > > After some discussion, I'd like to ask for your suggestion
> > > > on the patch as link below.
> > > > 
> > > > http://gerrit.ovirt.org/#patch,sidebyside,4528,3,vdsm.spec.in
> > > > 
> > > > Please let me know your idea, thanks!
> 
> Ok, then coming to your specific question, my opinion is:
> 
> - vdsm should work out of the box even if libvirt doesn't require a password
>   (polkit should be enough)
> - vdsm-tool should (at some point) update the sasl password with the content
>   of libvirt_password (if present)
> - an admin wanting to secure libvirt will create the libvirt_password file and
>   will use vdsm-tool to make it effective
> - if downstream wants to automate this will drop in a %config libvirt_password
>   file (or maybe generating it runtime as we do with the certificate?) and
>   will call vdsm-tool accordingly
> 
> Dan? Thoughts?

That sounds like a reasonable approach from a libvirt POV

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|
_______________________________________________
vdsm-devel mailing list
vdsm-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/vdsm-devel

Reply via email to