Bug 1159277
Summary: | [RFE] Configuration parameter to set Private SSL certificates allowed | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Kenjiro Nakayama <knakayam> |
Component: | Node | Assignee: | Luke Meyer <lmeyer> |
Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 2.1.0 | CC: | adellape, bleanhar, erich, jialiu, jokerman, knakayam, libra-onpremise-devel, mmccomas, xiama |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openshift-origin-broker-1.16.2.2-1.el6op rubygem-openshift-origin-controller-1.32.3.2-1.el6op | Doc Type: | Enhancement |
Doc Text: |
Previously, administrators could set the SSL certificate capability for user accounts using the oo-admin-ctl-user tool with the --allowprivatesslcertificates option, but there was no default configuration setting for this capability. This enhancement adds the DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES parameter to the /etc/openshift/broker.conf file on broker hosts. This parameter defaults to "false", but when "true" adds the SSL certificate capability to newly created user accounts. After applying this update, the openshift-broker service must be restarted for any changes to the DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES parameter to take effect.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-12-10 13:24:58 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kenjiro Nakayama
2014-10-31 11:18:49 UTC
I have re-sent pull reqeust to origin-server with fixed my mistake. https://github.com/openshift/origin-server/pull/5971 Commit pushed to master at https://github.com/openshift/li https://github.com/openshift/li/commit/00d02224f3373de9d33b70f1e192f82fde6dd48f broker: set default for private ssl certs Bug 1159277 - [RFE] Configuration parameter to set Private SSL certificates allowed https://bugzilla.redhat.com/show_bug.cgi?id=1159277 Check on puddle [2.2.2/2014-11.25.3] 1. check the value of DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES is false # grep "DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES" /etc/openshift/broker.conf DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES="false" 2. setup with xiama #rhc setup -l xiama 3. check the properties of xiama #oo-admin-ctl-user -l xiama <--snip--> private SSL certificates allowed: false <--snip--> 4. create an app, add SSL certificates. #rhc app create xiama1 php-5.4 -s #rhc alias add test.com.cn -a xiama1 # rhc alias update-cert test.com.cn --certificate yourca.cert --private-key yourca.key --passphrase test -a xiama1 -l xiama User is not authorized to update private SSL certificates 5. set the value of DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES to true #vim /etc/openshift/broker.conf DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES="true" #/etc/init.d/openshift-broker restart 6. setup with ftest and check the properties of ftest #rhc setup -l ftest #oo-admin-ctl-user -l ftest <--snip--> private SSL certificates allowed: true <--snip--> 7 create an app, add SSL certificates. #rhc app create ftest1 php-5.4 -s #rhc alias add test.com -a ftest1 # rhc alias update-cert test.com --certificate yourca.cert --private-key yourca.key --passphrase test -a ftest1 -l ftest SSL certificate successfully added. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2014-1979.html |