Hide Forgot
Description of problem: The Query Server also needs a feature for enabling ssl support. Since it uses the same params as aviary for ssl, the ssl params will need to be scope to the subsystem (subsys.ssl_param). In addition to the new feature, the SecureAviaryScheduler should be renamed to allow other means to secure Aviary. Something like SSLEnabledAviaryScheduler and SSLEnabledQueryServer. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Proposed changes: SSLEnabledQueryServer name: "SSLEnabledQueryServer" params: {"QUERY_SERVER.AVIARY_SSL_CA_DIR"=>"", "QUERY_SERVER.AVIARY_SSL"=>"True", "QUERY_SERVER.AVIARY_SSL_SERVER_KEY"=>"", "QUERY_SERVER.AVIARY_SSL_SERVER_CERT"=>"", "QUERY_SERVER.AVIARY_SSL_CA_FILE"=>""} depends: [] conflicts: [] included_features: ["QueryServer"] SSLEnabledAviaryScheduler name: "SSLEnabledAviaryScheduler" params: {"SCHEDD.AVIARY_SSL_SERVER_KEY"=>"", "SCHEDD.AVIARY_SSL_SERVER_CERT"=>"", "SCHEDD.AVIARY_SSL_CA_FILE"=>"", "SCHEDD.AVIARY_SSL"=>"True", "SCHEDD.AVIARY_SSL_CA_DIR"=>""} depends: [] conflicts: [] included_features: ["AviaryScheduler"] QUERY_SERVER.AVIARY_SSL_CA_DIR kind: "String" default: "" description: "Path to Aviary SSL CA directory used by the Query Server" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] QUERY_SERVER.AVIARY_SSL kind: "Boolean" default: "False" description: "Enable HTTPS mutual authentication for Aviary in the Query Server" must_change: false requires_restart: true visibility_level: 0 depends: [] conflicts: [] QUERY_SERVER.AVIARY_SSL_SERVER_KEY kind: "String" default: "" description: "Path to Aviary SSL server private key used by the Query Server" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] QUERY_SERVER.AVIARY_SSL_SERVER_CERT kind: "String" default: "" description: "Path to Aviary SSL server certificate used by the Query Server" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] QUERY_SERVER.AVIARY_SSL_CA_FILE kind: "String" default: "" description: "Path to Aviary SSL CA file used by the Query Server" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] SCHEDD.AVIARY_SSL_SERVER_KEY kind: "String" default: "" description: "Path to Aviary SSL server private key used by the Scheduler" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] SCHEDD.AVIARY_SSL_SERVER_CERT kind: "String" default: "" description: "Path to Aviary SSL server certificate used by the Scheduler" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] SCHEDD.AVIARY_SSL_CA_FILE kind: "String" default: "" description: "Path to Aviary SSL CA file used by the Scheduler" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] SCHEDD.AVIARY_SSL kind: "Boolean" default: "False" description: "Enable HTTPS mutual authentication for Aviary in the Scheduler" must_change: false requires_restart: true visibility_level: 0 depends: [] conflicts: [] SCHEDD.AVIARY_SSL_CA_DIR kind: "String" default: "" description: "Path to Aviary SSL CA directory used by the Scheduler" must_change: true requires_restart: true visibility_level: 0 depends: [] conflicts: [] Removed Params: AVIARY_SSL_SERVER_KEY AVIARY_SSL_SERVER_CERT AVIARY_SSL_CA_FILE AVIARY_SSL AVIARY_SSL_CA_DIR
Fixed on: BZ734848-QueryServer-SSL
Tested with: condor-wallaby-base-db-1.16-2 Tested on: RHEL6 x86_64, i386 RHEL5 x86_64, i386 - !ruby/object:Mrg::Grid::SerializedConfigs::Feature conflicts: [] depends: [] included: - AviaryScheduler name: SSLEnabledAviaryScheduler params: SCHEDD.AVIARY_SSL_SERVER_KEY: 0 SCHEDD.AVIARY_SSL_SERVER_CERT: 0 SCHEDD.AVIARY_SSL_CA_FILE: 0 SCHEDD.AVIARY_SSL: "True" SCHEDD.AVIARY_SSL_CA_DIR: 0 - !ruby/object:Mrg::Grid::SerializedConfigs::Feature conflicts: [] depends: [] included: - QueryServer name: SSLEnabledQueryServer params: QUERY_SERVER.AVIARY_SSL_CA_DIR: 0 QUERY_SERVER.AVIARY_SSL: "True" QUERY_SERVER.AVIARY_SSL_SERVER_KEY: 0 QUERY_SERVER.AVIARY_SSL_SERVER_CERT: 0 QUERY_SERVER.AVIARY_SSL_CA_FILE: 0 - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL CA directory used by the Scheduler kind: String level: 0 must_change: true name: SCHEDD.AVIARY_SSL_CA_DIR needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "False" depends: [] description: Enable HTTPS mutual authentication for Aviary in the Query Server kind: Boolean level: 0 must_change: false name: QUERY_SERVER.AVIARY_SSL needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL CA directory used by the Query Server kind: String level: 0 must_change: true name: QUERY_SERVER.AVIARY_SSL_CA_DIR needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL CA file used by the Query Server kind: String level: 0 must_change: true name: QUERY_SERVER.AVIARY_SSL_CA_FILE needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL server certificate used by the Query Server kind: String level: 0 must_change: true name: QUERY_SERVER.AVIARY_SSL_SERVER_CERT needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL server private key used by the Query Server kind: String level: 0 must_change: true name: QUERY_SERVER.AVIARY_SSL_SERVER_KEY needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "False" depends: [] description: Enable HTTPS mutual authentication for Aviary in the Scheduler kind: Boolean level: 0 must_change: false name: SCHEDD.AVIARY_SSL needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL CA file used by the Scheduler kind: String level: 0 must_change: true name: SCHEDD.AVIARY_SSL_CA_FILE needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL server certificate used by the Scheduler kind: String level: 0 must_change: true name: SCHEDD.AVIARY_SSL_SERVER_CERT needs_restart: true - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter conflicts: [] default_val: "" depends: [] description: Path to Aviary SSL server private key used by the Scheduler kind: String level: 0 must_change: true name: SCHEDD.AVIARY_SSL_SERVER_KEY needs_restart: true All features and parameters were checked in configuration store snapshot file. No AVIARY_SSL* parameters without 'SCHEDD.' or 'QUERY_SERVER.' present. >>> VERIFIED