Red Hat Bugzilla – Full Text Bug Listing
|Summary:||secure SSL communication out of the box|
|Product:||[Other] RHQ Project||Reporter:||Aleksandar Kostadinov <akostadi>|
|Component:||Agent, Core Server||Assignee:||RHQ Project Maintainer <rhq-maint>|
|Status:||NEW ---||QA Contact:||Mike Foley <mfoley>|
|Version:||4.3||CC:||dlackey, hbrock, hrupp, mazz, mharvey, mjc, myarboro|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Aleksandar Kostadinov 2012-01-19 02:28:50 EST
Description of problem: Currently JON server communicates with agents without encryption and authentication. So here is a proposal for making SSL the default with I believe no user configuration complexity increase: * registration token be replaced with a certificate * a new agent should receive as configuration a CA certificate, if not then it should ask user for confirming server cert (a force command line switch may override this) * a new agent should receive as configuration agent certificate, if such configuration parameter is not present, then agent should generate a new self-signed certificate by itself * of course JON server should also by default have https enabled (I think this is already the case) * when agent tries to register with server, SSL connection should be established ** if agent certificate is not known to server, put agent in discovery queue ** if agent certificate is known to be same as existing agent, then allow agent connection (agent name should match, otherwise put in discovery queue) ** if agent is a new one but certificate is signed by a CA configured into the JON server, then automatically inventory it ** if agent certificate is close to expiring, agent should be able to automatically create new self-signed certificate and that should be accepted by server (I think this makes sense even if initial agent certificate was signed by a CA) * JON server -> agent connection should also be SSL where both sides verify certificates Please note that agent should always go to discovery queue if certificate is unknown, expired, revoked or some other problem. Perhaps there could sections in UI differentiating between cause for putting an agent into it. Admin should be given enough information (name, cert, claimed host/port, host/port current request comes from, etc.) to decide which agents in that queue are legitimate and what actions are necessary to inventory them. Perhaps there would be other details for UI and possible corner cases but I think the main idea is clear.
Comment 2 Mike Harvey 2012-01-19 13:26:59 EST
I'm in favor. This ssl "ease of configuration feature" is inspired by cloud certification program, EC2 testing, and other cloud providers to be certified in the future as well.
Comment 4 Mike Foley 2012-01-23 11:17:20 EST
per scrum 1/23/2012 crouch, loleary, mfoley