[v7r1] Modifications to manage certificates to access the Elias (Elaasticsea…#4924
Merged
Conversation
fstagni
requested changes
Jan 26, 2021
fstagni
left a comment
Contributor
There was a problem hiding this comment.
Thanks!
It's missing some changes in the documentation too.
| # Elasticsearch use certs | ||
| result = gConfig.getOption(cs_path + '/CRT') | ||
| if not result['OK']: | ||
| # No host name found, try at the common place |
Contributor
There was a problem hiding this comment.
Wrong (copy-pasted) comment (also below).
Contributor
There was a problem hiding this comment.
Just change this comment please, and the ones below, and then I approve.
Contributor
Author
|
Hi Federico,
I am sorry for these errors that I fixed.
Could you please tell me the procedure I have to use to check/validate the code before submitting a pull request?
Thank you in advance for your answer.
Michele
… Le 26 janv. 2021 à 15:50, fstagni ***@***.***> a écrit :
@fstagni requested changes on this pull request.
Thanks!
It's missing some changes in the documentation too.
In ConfigurationSystem/Client/Utilities.py <#4924 (comment)>:
> @@ -530,6 +530,62 @@ def getElasticDBParameters(fullname):
ssl = False if result['Value'].lower() in ('false', 'no', 'n') else True
parameters['SSL'] = ssl
+ # Elasticsearch use certs
+ result = gConfig.getOption(cs_path + '/CRT')
+ if not result['OK']:
+ # No host name found, try at the common place
Wrong (copy-pasted) comment (also below).
In ConfigurationSystem/Client/Utilities.py <#4924 (comment)>:
> @@ -530,6 +530,62 @@ def getElasticDBParameters(fullname):
ssl = False if result['Value'].lower() in ('false', 'no', 'n') else True
parameters['SSL'] = ssl
+ # Elasticsearch use certs
+ result = gConfig.getOption(cs_path + '/CRT')
+ if not result['OK']:
+ # No host name found, try at the common place
+ result = gConfig.getOption('/Systems/NoSQLDatabases/CRT')
+ if not result['OK']:
+ gLogger.warn("Failed to get the configuration parameter: certs. Using False")
certs or CRT ?
In Core/Utilities/ElasticSearchDB.py <#4924 (comment)>:
> @@ -105,6 +110,14 @@ def __init__(self, host, port, user=None, password=None, indexPrefix='', useSSL=
use_ssl=True,
verify_certs=True,
ca_certs=casFile)
+ elif useCRT:
+ self.client = Elasticsearch(self.__url,
+ timeout=self.__timeout,
bad indentation.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#4924 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABWD6GNJ7CEQSZOVPTGJB2TS33JE3ANCNFSM4WTR2K3A>.
|
Contributor
|
No problem, we all commit/fix/re-fix PRs. There's quite some doc in https://dirac.readthedocs.io/en/integration/DeveloperGuide/index.html and for the tests we run a mix of unit and integration tests, as well as static code checks and so on. |
Contributor
Author
|
Done! Thank you!
Cheers,
Michèle
… Le 29 janv. 2021 à 13:11, fstagni ***@***.***> a écrit :
@fstagni commented on this pull request.
In ConfigurationSystem/Client/Utilities.py <#4924 (comment)>:
> @@ -530,6 +530,62 @@ def getElasticDBParameters(fullname):
ssl = False if result['Value'].lower() in ('false', 'no', 'n') else True
parameters['SSL'] = ssl
+ # Elasticsearch use certs
+ result = gConfig.getOption(cs_path + '/CRT')
+ if not result['OK']:
+ # No host name found, try at the common place
Just change this comment please, and the ones below, and then I approve.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#4924 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABWD6GJZG2IUSP6EZ3S6KRDS4KQYHANCNFSM4WTR2K3A>.
|
fstagni
approved these changes
Jan 29, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Configuration we used in /opt/dirac/etc/dirac.cfg to access the ELIAS database hosted at CC-IN2P3
/DIRAC/Setups/CTA-cert/Monitoring = Certification
/Systems/Monitoring/Certification/Databases/MonitoringDB
{
Host = elias-beta.cc.in2p3.fr
Port = 9200
SSL = False
IndexPrefix = cta-
CRT = True
ca_certs = /opt/dirac/etc/grid-security/ES/ca.crt
client_key = /opt/dirac/etc/grid-security/ES/ctacertbot.key
client_cert = /opt/dirac/etc/grid-security//ES/ctacertbot.crt
}
BEGINRELEASENOTES
*Monitoring
NEW: added possibility to login to ES via certificates.
ENDRELEASENOTES