From: Chen Hanxiao <chenhanxiao@gmail.com>

As the description of daemon/libvirtd.conf, setting
key_file, cert_file or key_file will override the default value.
But if we set any one of them, we need to set all the rest of them.

This patch clarify that description.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
---
v2:
 fix a typo

 daemon/libvirtd.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf
index 8e0c0d96d..7040ff26b 100644
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -183,6 +183,9 @@
 #
 
 
+# NB, if the default value of 'key_file', 'cert_file' or
+# 'ca_file' would be changed,
+# all of them should be changed together.
 # Override the default server key file path
 #
 #key_file = "/etc/pki/libvirt/private/serverkey.pem"
-- 
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

s/vaule/value

On 01/12/2018 05:33 AM, Chen Hanxiao wrote:
> From: Chen Hanxiao <chenhanxiao@gmail.com>
> 
> As the description of daemon/libvirtd.conf, setting
> key_file, cert_file or key_file will override the default value.
> But if we set any one of them, we need to set all the rest of them.
> 
> This patch clarify that description.

More simply stated:

Provide more details related to the requirement that setting one
of the values requires setting all of them.

> 
> Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
> ---
> v2:
>  fix a typo
> 
>  daemon/libvirtd.conf | 3 +++
>  1 file changed, 3 insertions(+)
> > diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf
> index 8e0c0d96d..7040ff26b 100644
> --- a/daemon/libvirtd.conf
> +++ b/daemon/libvirtd.conf
> @@ -183,6 +183,9 @@
>  #
>  
>  
> +# NB, if the default value of 'key_file', 'cert_file' or
> +# 'ca_file' would be changed,
> +# all of them should be changed together.

How about this instead:

# Use of TLS requires that x509 certificates be issued. The default locations
# for the certificate files is as follows:
#
#   /etc/pki/CA/cacert.pem                 - The CA master certificate
#   /etc/pki/libvirt/servercert.pem        - The server certificate signed with
#                                            the cacert.pem
#   /etc/pki/libvirt/private/serverkey.pem - The server private key
#
# It is possible to override the default locations by altering the 'key_file',
# 'cert_file', and 'ca_file' values and uncommenting them below.
#
# NB, overriding the default of one location requires uncommenting and
# possibly additionally overriding the other settings.
#

>  # Override the default server key file path
>  #
>  #key_file = "/etc/pki/libvirt/private/serverkey.pem"
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On Fri, Jan 19, 2018 at 05:20:10PM -0500, John Ferlan wrote:

[...]

> More simply stated:
> 
> Provide more details related to the requirement that setting one
> of the values requires setting all of them.

Sounds clearer.

[...]

> How about this instead:
> 
> # Use of TLS requires that x509 certificates be issued. The default locations
> # for the certificate files is as follows:
> #
> #   /etc/pki/CA/cacert.pem                 - The CA master certificate
> #   /etc/pki/libvirt/servercert.pem        - The server certificate signed with
> #                                            the cacert.pem
> #   /etc/pki/libvirt/private/serverkey.pem - The server private key
> #
> # It is possible to override the default locations by altering the 'key_file',
> # 'cert_file', and 'ca_file' values and uncommenting them below.
> #
> # NB, overriding the default of one location requires uncommenting and
> # possibly additionally overriding the other settings.
> #

Noticed this change randomly.  The above looks much better to me.  So,
if we go with the above: 

Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>

-- 
/kashyap

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list