https://dev.arvados.org/https://dev.arvados.org/favicon.ico?15576888422018-05-09T15:33:53ZArvadosArvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=625302018-05-09T15:33:53ZTom Morristfmorris@veritasgenetics.com
<ul><li><strong>Target version</strong> set to <i>2018-05-23 Sprint</i></li><li><strong>Story points</strong> set to <i>1.0</i></li></ul> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=625312018-05-09T15:36:10ZTom Cleggtom@curii.com
<ul><li><strong>Assigned To</strong> set to <i>Tom Clegg</i></li></ul> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=625592018-05-09T18:04:38ZTom Cleggtom@curii.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li></ul> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=625642018-05-09T19:58:10ZTom Cleggtom@curii.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/62564/diff?detail_id=59597">diff</a>)</li></ul><p>13446-keepstore-tls @ <a class="changeset" title="13446: Enable TLS if given TLSCertificateFile and TLSKeyFile. Arvados-DCO-1.1-Signed-off-by: Tom..." href="https://dev.arvados.org/projects/arvados/repository/arvados/revisions/b4a283a9f142209b22fabda98ea2573cf0dbe281">b4a283a9f142209b22fabda98ea2573cf0dbe281</a></p>
<p>New config parameters added:</p>
<pre>
TLSCertificateFile:
Path to server certificate file in X509 format. Enables TLS mode.
Example: /var/lib/acme/live/keep0.example.com/fullchain
TLSKeyFile:
Path to server key file in X509 format. Enables TLS mode.
The key pair is read from disk during startup, and whenever SIGHUP
is received.
Example: /var/lib/acme/live/keep0.example.com/privkey
</pre> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=625742018-05-10T13:38:33ZTom Cleggtom@curii.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/62574/diff?detail_id=59606">diff</a>)</li></ul> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=625912018-05-10T15:31:37ZTom Cleggtom@curii.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/62591/diff?detail_id=59619">diff</a>)</li></ul> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=626072018-05-10T18:32:08ZTom Cleggtom@curii.com
<ul></ul><p><a class="external" href="https://ci.curoverse.com/job/developer-run-tests/711/">https://ci.curoverse.com/job/developer-run-tests/711/</a></p> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=626082018-05-10T18:54:06ZTom Cleggtom@curii.com
<ul></ul><p>checked with ops about config/docs in note-4 → "sounds reasonable"</p> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=626132018-05-10T20:06:33ZPeter Amstutzpeter.amstutz@curii.com
<ul></ul><p>This business of circulating the current certificate through a buffered channel seems excessively clever compared to a plain old mutex, but it seems to be sound.</p>
<p>LGTM.</p> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=628532018-05-22T14:57:30ZWard Vandewegeward@curii.com
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li></ul> Arvados - Idea #13446: [keepstore] secure keepstore traffic with TLShttps://dev.arvados.org/issues/13446?journal_id=647332018-07-23T18:41:48ZTom Morristfmorris@veritasgenetics.com
<ul><li><strong>Release</strong> set to <i>13</i></li></ul>