Bug 794827

Summary: [RFE] Extend plugins to allow 'ssl' protocol to be selected during agent initialization
Product: Red Hat Enterprise MRG Reporter: Trevor McKay <tmckay>
Component: condor-qmfAssignee: grid-maint-list <grid-maint-list>
Status: CLOSED WONTFIX QA Contact: MRG Quality Engineering <mrgqe-bugs>
Severity: low Docs Contact:
Priority: low    
Version: DevelopmentCC: jross, matt, pmackinn, tstclair
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-26 20:04:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 798302, 798303    
Bug Blocks: 798306    

Description Trevor McKay 2012-02-17 18:06:01 UTC 
Description of problem:

For C++ QMF agents, the protocol used defaults to 'tcp'.  Currently there is no way for a user to configure the grid plugins to use 'ssl' as the protocol when connecting to the broker.  

Consequently, even if the broker has been configured to allow ssl connections on port 5671, the plugins must still use tcp on port 5672.
Comment 1 Pete MacKinnon 2012-02-21 19:33:59 UTC 
From the Messaging Guide and confirmed in tests:

"When using SSL connections, clients must specify the location of the certificate database, a directory that contains the client's certificate and the public key of the Certificate Authority. This can be done by setting the environment variable QPID_SSL_CERT_DB to the full pathname of the directory."

Configuration in Condor is provisioned in text files for API consumption and managed by Wallaby. Env vars don't play well in this kind of setup.
Comment 2 Trevor McKay 2012-02-22 13:10:50 UTC 
As a work around for environment variables vs a programmatic interface, couldn't we use "setenv" to set appropriate environment variables under the hood and still have the values specified by condor config variables?
Comment 3 Trevor McKay 2012-02-28 15:30:41 UTC 
Added these RFEs for 1) allow use of ssl encryption without the use of certificates and 2) in the case of certificates, allow a programmatic API instead of environment variables.

The use of ssl encryption without certificates gives users the choice of an incremental improvement in security without the configuration burden of a cert db.  

https://bugzilla.redhat.com/show_bug.cgi?id=798302
https://bugzilla.redhat.com/show_bug.cgi?id=798303
Comment 4 Trevor McKay 2012-02-28 15:47:09 UTC 
Adding "blocks" for base db RFE, no sense extending the db if this isn't done.
Comment 5 Anne-Louise Tangring 2016-05-26 20:04:01 UTC 
MRG-Grid is in maintenance and only customer escalations will be considered. This issue can be reopened if a customer escalation associated with it occurs.