Bug 733481
Summary: | need base db new feature or feature update for Aviary SSL config | ||
---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | Pete MacKinnon <pmackinn> |
Component: | condor-wallaby-base-db | Assignee: | Robert Rati <rrati> |
Status: | CLOSED ERRATA | QA Contact: | Daniel Horák <dahorak> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | Development | CC: | dahorak, ltoscano, matt, mkudlej |
Target Milestone: | 2.1 | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | condor-wallaby-base-db-1.15-1 | Doc Type: | Bug Fix |
Doc Text: |
Previously, configuration scheme of secure communications for the Aviary web service and the query server using remote configuration required users to add new parameters and features to the database manually. With this update, the SSLEnabledAviaryScheduler and SSLEnabledQueryServer features have been added to the base-db and configuration for secure communication in Aviary and query server through remote configuration is now easily accomplished.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-01-23 17:28:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 743350 |
Description
Pete MacKinnon
2011-08-25 19:14:21 UTC
AVIARY_SSL conflicts = none default_val = False depends = none description = "Enable HTTPS mutual authentication in Aviary" kind = boolean level = ? must_change = no needs_restart = yes Changes to the db: Parameter "AVIARY_SSL": Name: AVIARY_SSL Type: Boolean Default: False Description: Enable HTTPS mutual authentication in Aviary MustChange: False VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_SERVER_CERT": Name: AVIARY_SSL_SERVER_CERT Type: String Default: Description: Path to Aviary SSL server certificate MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_SERVER_KEY": Name: AVIARY_SSL_SERVER_KEY Type: String Default: Description: Path to Aviary SSL server private key MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_CA_DIR": Name: AVIARY_SSL_CA_DIR Type: String Default: Description: Path to Aviary SSL CA directory MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_CA_FILE": Name: AVIARY_SSL_CA_FILE Type: String Default: Description:Parameter "AVIARY_SSL": Name: AVIARY_SSL Type: Boolean Default: False Description: Enable HTTPS mutual authentication in Aviary MustChange: False VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_SERVER_CERT": Name: AVIARY_SSL_SERVER_CERT Type: String Default: Description: Path to Aviary SSL server certificate MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_SERVER_KEY": Name: AVIARY_SSL_SERVER_KEY Type: String Default: Description: Path to Aviary SSL server private key MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_CA_DIR": Name: AVIARY_SSL_CA_DIR Type: String Default: Description: Path to Aviary SSL CA directory MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Parameter "AVIARY_SSL_CA_FILE": Name: AVIARY_SSL_CA_FILE Type: String Default: Description: Path to Aviary SSL CA file MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Feature "SecureAviaryScheduler": Feature ID: 47 Name: SecureAviaryScheduler Included Parameters: AVIARY_SSL_CA_FILE = AVIARY_SSL_SERVER_CERT = AVIARY_SSL_CA_DIR = /etc/pki/tls/certs AVIARY_SSL = True AVIARY_SSL_SERVER_KEY = Included Features: 0: AviaryScheduler Conflicts: Dependencies: Path to Aviary SSL CA file MustChange: True VisibilityLevel: 0 RequiresRestart: True Dependencies: Conflicts: Feature "SecureAviaryScheduler": Feature ID: 47 Name: SecureAviaryScheduler Included Parameters: AVIARY_SSL_CA_FILE = (uses default) AVIARY_SSL_SERVER_CERT = (uses default) AVIARY_SSL_CA_DIR = /etc/pki/tls/certs AVIARY_SSL = True AVIARY_SSL_SERVER_KEY = (uses default) Included Features: 0: AviaryScheduler Conflicts: Dependencies: Updated: Feature "SecureAviaryScheduler": Feature ID: 47 Name: SecureAviaryScheduler Included Parameters: AVIARY_SSL_CA_FILE = (uses default) AVIARY_SSL_SERVER_CERT = (uses default) AVIARY_SSL_CA_DIR = (uses default) AVIARY_SSL = True AVIARY_SSL_SERVER_KEY = (uses default) Included Features: 0: AviaryScheduler Conflicts: Dependencies: Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: C: Configuration of secure communications for aviary and query server using remote configuration C: Parameters and features would need to be added to be database by the user. F: Created SSLEnabledAviaryScheduler and SSLEnabledQueryServer in the base-db R: Configuration of secure communications for aviary and query server through remote configuration is easily accomplished. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,4 +1,4 @@ C: Configuration of secure communications for aviary and query server using remote configuration C: Parameters and features would need to be added to be database by the user. -F: Created SSLEnabledAviaryScheduler and SSLEnabledQueryServer in the base-db +C: Created SSLEnabledAviaryScheduler and SSLEnabledQueryServer in the base-db R: Configuration of secure communications for aviary and query server through remote configuration is easily accomplished. Verified on RHEL 5.7 i386 on condor-wallaby-base-db-1.16-2:
SSLEnabledAviaryScheduler and SSLEnabledQueryServer with config parameters AVIARY_SSL, AVIARY_SSL_SERVER_CERT, AVIARY_SSL_SERVER_KEY, AVIARY_SSL_CA_DIR and AVIARY_SSL_CA_FILE was added to base-db.
# condor_configure_store -l -f SSLEnabledAviaryScheduler,SSLEnabledQueryServer
Feature "SSLEnabledAviaryScheduler":
Feature ID: 34
Name: SSLEnabledAviaryScheduler
Included Parameters:
SCHEDD.AVIARY_SSL = True
SCHEDD.AVIARY_SSL_SERVER_CERT =
SCHEDD.AVIARY_SSL_CA_DIR =
SCHEDD.AVIARY_SSL_CA_FILE =
SCHEDD.AVIARY_SSL_SERVER_KEY =
Included Features:
0: AviaryScheduler
Conflicts:
Dependencies:
Feature "SSLEnabledQueryServer":
Feature ID: 2
Name: SSLEnabledQueryServer
Included Parameters:
QUERY_SERVER.AVIARY_SSL = True
QUERY_SERVER.AVIARY_SSL_CA_FILE =
QUERY_SERVER.AVIARY_SSL_CA_DIR =
QUERY_SERVER.AVIARY_SSL_SERVER_KEY =
QUERY_SERVER.AVIARY_SSL_SERVER_CERT =
Included Features:
0: QueryServer
Conflicts:
Dependencies:
# condor_configure_pool -n $(hostname) -a -f SSLEnabledAviaryScheduler
Apply these changes [Y/n] ? y
The following parameters need to be set for this configuration to be valid.
SCHEDD.AVIARY_SSL_CA_DIR
SCHEDD.AVIARY_SSL_CA_FILE
SCHEDD.AVIARY_SSL_SERVER_CERT
SCHEDD.AVIARY_SSL_SERVER_KEY
Set these parameters now ? [y/N] y
SCHEDD.AVIARY_SSL_CA_DIR: /etc/pki/tls/certs
SCHEDD.AVIARY_SSL_CA_FILE: /etc/pki/tls/certs/ca-bundle.crt
SCHEDD.AVIARY_SSL_SERVER_CERT: /etc/pki/tls/certs/server.crt
SCHEDD.AVIARY_SSL_SERVER_KEY: /etc/pki/tls/certs/server.key
Configuration applied
Create a named snapshot of this configuration [y/N] ?
Activate the changes [y/N] ? y
Activating configuration. This may take a while, please be patient
The configuration is not valid
Node: dhcp-37-137.lab.eng.brq.redhat.com
Unsatisfied feature dependencies:
BaseJobExecuter
BaseScheduler
Master
NodeAccess
Configuration not activated
# condor_configure_pool -n $(hostname) -a -f BaseJobExecuter,BaseScheduler,Master,NodeAccess
Apply these changes [Y/n] ? y
The following parameters need to be set for this configuration to be valid.
ALLOW_READ
ALLOW_WRITE
CONDOR_HOST
Set these parameters now ? [y/N] y
ALLOW_READ: *
ALLOW_WRITE: *
CONDOR_HOST: dhcp-37-137.lab.eng.brq.redhat.com
Configuration applied
Create a named snapshot of this configuration [y/N] ?
Activate the changes [y/N] ? y
Activating configuration. This may take a while, please be patient
Configuration activated
Configuration saved
# condor_config_val SCHEDD.AVIARY_SSL
True
# condor_config_val SCHEDD.AVIARY_SSL_SERVER_CERT
/etc/pki/tls/certs/server.crt
# condor_config_val SCHEDD.AVIARY_SSL_CA_DIR
/etc/pki/tls/certs
# condor_config_val SCHEDD.AVIARY_SSL_CA_FILE
/etc/pki/tls/certs/ca-bundle.crt
# condor_config_val SCHEDD.AVIARY_SSL_SERVER_KEY
/etc/pki/tls/certs/server.key
Output on RHEL 5.7 x86_64, RHEL 6.1 i386 and RHEL 6.1 x86_64 and with feature SSLEnabledQueryServer is similar.
>>> VERIFIED
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,4 +1 @@ -C: Configuration of secure communications for aviary and query server using remote configuration +Previously, configuration scheme of secure communications for the Aviary web service and the query server using remote configuration required users to add new parameters and features to the database manually. With this update, the SSLEnabledAviaryScheduler and SSLEnabledQueryServer components have been added in the base-db and configuration for secure communication in Aviary and query server through remote configuration is now easily accomplished.-C: Parameters and features would need to be added to be database by the user. -C: Created SSLEnabledAviaryScheduler and SSLEnabledQueryServer in the base-db -R: Configuration of secure communications for aviary and query server through remote configuration is easily accomplished. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Previously, configuration scheme of secure communications for the Aviary web service and the query server using remote configuration required users to add new parameters and features to the database manually. With this update, the SSLEnabledAviaryScheduler and SSLEnabledQueryServer components have been added in the base-db and configuration for secure communication in Aviary and query server through remote configuration is now easily accomplished.+Previously, configuration scheme of secure communications for the Aviary web service and the query server using remote configuration required users to add new parameters and features to the database manually. With this update, the SSLEnabledAviaryScheduler and SSLEnabledQueryServer features have been added to the base-db and configuration for secure communication in Aviary and query server through remote configuration is now easily accomplished. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0045.html |