Bug 794827 - [RFE] Extend plugins to allow 'ssl' protocol to be selected during agent initialization
Summary: [RFE] Extend plugins to allow 'ssl' protocol to be selected during agent init...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: condor-qmf
Version: Development
Hardware: All
OS: All
low
low
Target Milestone: ---
: ---
Assignee: grid-maint-list
QA Contact: MRG Quality Engineering
URL:
Whiteboard:
Depends On: 798302 798303
Blocks: 798306
TreeView+ depends on / blocked
 
Reported: 2012-02-17 18:06 UTC by Trevor McKay
Modified: 2016-05-26 20:04 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-26 20:04:01 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Trevor McKay 2012-02-17 18:06:01 UTC
Description of problem:

For C++ QMF agents, the protocol used defaults to 'tcp'.  Currently there is no way for a user to configure the grid plugins to use 'ssl' as the protocol when connecting to the broker.  

Consequently, even if the broker has been configured to allow ssl connections on port 5671, the plugins must still use tcp on port 5672.

Comment 1 Pete MacKinnon 2012-02-21 19:33:59 UTC
From the Messaging Guide and confirmed in tests:

"When using SSL connections, clients must specify the location of the certificate database, a directory that contains the client's certificate and the public key of the Certificate Authority. This can be done by setting the environment variable QPID_SSL_CERT_DB to the full pathname of the directory."

Configuration in Condor is provisioned in text files for API consumption and managed by Wallaby. Env vars don't play well in this kind of setup.

Comment 2 Trevor McKay 2012-02-22 13:10:50 UTC
As a work around for environment variables vs a programmatic interface, couldn't we use "setenv" to set appropriate environment variables under the hood and still have the values specified by condor config variables?

Comment 3 Trevor McKay 2012-02-28 15:30:41 UTC
Added these RFEs for 1) allow use of ssl encryption without the use of certificates and 2) in the case of certificates, allow a programmatic API instead of environment variables.

The use of ssl encryption without certificates gives users the choice of an incremental improvement in security without the configuration burden of a cert db.  

https://bugzilla.redhat.com/show_bug.cgi?id=798302
https://bugzilla.redhat.com/show_bug.cgi?id=798303

Comment 4 Trevor McKay 2012-02-28 15:47:09 UTC
Adding "blocks" for base db RFE, no sense extending the db if this isn't done.

Comment 5 Anne-Louise Tangring 2016-05-26 20:04:01 UTC
MRG-Grid is in maintenance and only customer escalations will be considered. This issue can be reopened if a customer escalation associated with it occurs.


Note You need to log in before you can comment on or make changes to this bug.