Implemented in https://issues.redhat.com/browse/CPDEVOPS-231

Mirrorlist URL updated successfully. I tested on engine-phx and everything seems to work, there’s also traffic now showing up in the HTTPS log. This should make everyone using the default release RPM access resources using HTTPS. The mirrorlist file itself is still fetched using HTTP and this will stay till we merge the second patch. It will only affect the current version however while I still see mirrorlist request for versions as old as oVirt 3.5 in the logs. Need to test how good yum is at handling HTTP/302 redirects. In any case, there are no updates published for these old versions so even if stuff breaks there it should not cause any outages. It could make installing old oVirt versions impossible in theory, however I’m not sure this is possible now even since some dependency repos are probably gone/broken now and newer CentOS versions may be incompatible with older oVirt releases.

ok for me to switch to https. before turning off http please wait till this is properly communicated and all relevant linking is fixed in packages and website.

https://gerrit.ovirt.org/102952 use HTTPS to access resources and website

Using “http” instead of “https” nowadays seems like using “telnet” instead of “ssh”, so I understand why security team is concerned. Unfortunately if something is not working it is not a question of if we still need to do it, but how to fix it instead.

I think we are ok to proceed given that we do it gradually and test for any issues. Once issues are identified we can discuss how to approach them.