Comments (6)
This problem has been tied back to a requirement to install the ca-gpolab.crt into the service registry. This is captured in proto-ch ticket #884 and this one should be closed as a duplicate of that one.
We've tested that flack works when this cert is installed in the service registry.
Trac comment by mbrinn (github user: MarshallBrinn) on 11-13-2013 at 11:42
from geni-ch.
In order for Flack to speak to the portal, we need to pass Flack the cert that signed the apache certs. This is located in /etc/ssl/certs/ca-gpolab.cert
. A change should be made to the install_db script to insert this cert into the service_registry using a SQL expression like:
insert into service_registry (service_url, service_type, service_cert) values (, 7, '/etc/ssl/certs/ca-gpolab.crt');
The fix needs to go in install_db.
Trac comment by tmitchel (github user: tcmitchell) on 11-13-2013 at 11:47
from geni-ch.
Reminder: the location of the signing cert is different for nye than for the sandboxes, so you don't want to hardcode it as ca-gpolab.
Puppet knows the location of the correct signer for each portal/CH, so if you'd like, i can have puppet put a file in /etc/geni-chapi/ containing this insert statement with the right cert for each portal/CH, and then the installer can just execute that file. Up to y'all.
Trac comment by chaos on 11-13-2013 at 12:01
from geni-ch.
Per discussion with Tom, i went ahead and had apache create this file in /etc/geni-chapi. Here's how it looks on tau-ceti:
$ cat /etc/geni-chapi/update_service_registry.01.sql
-- --- Service registry insert for CH apache signing cert
--
-- DO NOT EDIT except via CVS (cvs.gpolab.bbn.com:/srv/cvs)
--
-- See /var/lib/puppet/vtf/apache_update_service_registry.01.sql
-- for a copy of this file containing the RCS info
insert into service_registry (service_url, service_type, service_cert) values
(, 7, '/etc/ssl/certs/ca-gpolab.crt');
So the install script should be able to execute that and get the correct per-CH filename.
Trac comment by chaos on 11-18-2013 at 14:54
from geni-ch.
Tom and i found/fixed a typo in the insert. Now the file reads:
$ cat /etc/geni-chapi/update_service_registry.01.sql
-- --- Service registry insert for CH apache signing cert
--
-- DO NOT EDIT except via CVS (cvs.gpolab.bbn.com:/srv/cvs)
--
-- See /var/lib/puppet/vtf/apache_update_service_registry.01.sql
-- for a copy of this file containing the RCS info
insert into service_registry (service_url, service_type, service_cert) values
('', 7, '/etc/ssl/certs/ca-gpolab.crt');
Trac comment by chaos on 11-18-2013 at 15:14
from geni-ch.
Fix added to install_db. If the file exists, execute it in psql.
Trac comment by tmitchel (github user: tcmitchell) on 11-18-2013 at 18:17
from geni-ch.
Related Issues (20)
- SERVICE_TYPE is not a valid string HOT 1
- utah-clab UI_AM_TYPE is ui_other_am HOT 2
- Add VCU-IG to GENI portal HOT 1
- Add ucsd-ig to Geni CH HOT 1
- Enable stitching and federation flag for hawaii-ig HOT 1
- Decommision utah-ig HOT 1
- Add vt-ig to Geni CH HOT 1
- Add osu-ig to Geni CH HOT 1
- Add princeton-ig to Geni CH HOT 1
- Add odu-ig to Geni CH HOT 1
- Move colorado-ig from experimental rack to production rack HOT 1
- Geni CH user cert expiry time invalid
- nwu-ig and umich-ig were missing stitching flags
- Slice certificates are being issued with a 10 year lifetime HOT 1
- Change private key size to 2014 bits
- Add ExtendedKeyUsage options to SSL Certificates
- Deommision Utah DDC Instageni
- Add lat-eg to Geni CH
- Add New Aggregates HOT 1
- Bug in generating new usernames HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from geni-ch.