Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unattended Install with SSL configuration results in error #7717

Open
0x010C opened this issue Apr 24, 2024 · 1 comment
Open

Unattended Install with SSL configuration results in error #7717

0x010C opened this issue Apr 24, 2024 · 1 comment
Labels
bug
Milestone
4.3.3

Comments

@0x010C
Copy link

0x010C commented Apr 24, 2024
edited

Bug Report

iRODS Version, OS and Version

iRODS v4.3.1 on Debian 12

What did you try to do?

I'm currently automating the deployment of iRODS servers on our infrastructure. For this I use the --json_configuration_file parameter of the setup_irods.py script. This works perfectly until I tried to activate SSL.

$ cat irods_unattended_installation.json
{
        .....
        "service_account_environment":{
                "irods_client_server_negotiation": "request_server_negotiation",
                "irods_client_server_policy": "CS_NEG_REQUIRE",
                "irods_ssl_certificate_chain_file": "/etc/ssl/irods/fullchain.pem",
                "irods_ssl_certificate_key_file": "/etc/ssl/irods/privkey.pem",
                "irods_ssl_dh_params_file": "/etc/ssl/irods/dhparams.pem",
                ...
        }
}

$ python3 /var/lib/irods/scripts/setup_irods.py --json_configuration_file irods_unattended_installation.json

Expected behavior

I'm expecting to have an up and running iRODS server with SSL enabled.

Observed behavior (including steps to reproduce, if applicable)

sudo python3 /var/lib/irods/scripts/setup_irods.py --json_configuration_file irods_unattended_installation.json
Error encountered running setup_irods:
Traceback (most recent call last):
  File "/var/lib/irods/scripts/setup_irods.py", line 523, in main
    setup_server(irods_config,
  File "/var/lib/irods/scripts/setup_irods.py", line 148, in setup_server
    test_put(irods_config)
  File "/var/lib/irods/scripts/setup_irods.py", line 180, in test_put
    raise IrodsError('Post-install test failed. Please check your configuration.')
irods.exceptions.IrodsError: Post-install test failed. Please check your configuration.

Looking closer, the script does not update the SSL setting in the /etc/irods/core.re file, although it does for the default resource for example.

$cat /etc/irods/core.re 
...
acPreConnect(*OUT) { *OUT="CS_NEG_REFUSE"; }
...
acSetRescSchemeForCreate {msiSetDefaultResc("myResc","null"); }
acSetRescSchemeForRepl {msiSetDefaultResc("myResc","null"); }
...

For information currently as a workaround I directly patch the /var/lib/irods/packaging/core.re.template file before calling setup_irods.py, but I feel it would be cleaner if it could work without this hack.
@trel
Copy link
Member

trel commented Apr 24, 2024

Thanks.

@trel trel added the bug label Apr 24, 2024
@alanking alanking added this to the 4.3.3 milestone Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
4.3.3
Development

No branches or pull requests
3 participants
@trel @0x010C @alanking