Hide Forgot
Description of problem: For C++ QMF agents, the protocol used defaults to 'tcp'. Currently there is no way for a user to configure the grid plugins to use 'ssl' as the protocol when connecting to the broker. Consequently, even if the broker has been configured to allow ssl connections on port 5671, the plugins must still use tcp on port 5672.
From the Messaging Guide and confirmed in tests: "When using SSL connections, clients must specify the location of the certificate database, a directory that contains the client's certificate and the public key of the Certificate Authority. This can be done by setting the environment variable QPID_SSL_CERT_DB to the full pathname of the directory." Configuration in Condor is provisioned in text files for API consumption and managed by Wallaby. Env vars don't play well in this kind of setup.
As a work around for environment variables vs a programmatic interface, couldn't we use "setenv" to set appropriate environment variables under the hood and still have the values specified by condor config variables?
Added these RFEs for 1) allow use of ssl encryption without the use of certificates and 2) in the case of certificates, allow a programmatic API instead of environment variables. The use of ssl encryption without certificates gives users the choice of an incremental improvement in security without the configuration burden of a cert db. https://bugzilla.redhat.com/show_bug.cgi?id=798302 https://bugzilla.redhat.com/show_bug.cgi?id=798303
Adding "blocks" for base db RFE, no sense extending the db if this isn't done.
MRG-Grid is in maintenance and only customer escalations will be considered. This issue can be reopened if a customer escalation associated with it occurs.