Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OMERO-test-integration: install self-signed certificates #195

Merged
merged 1 commit into from
Oct 8, 2022
Merged

OMERO-test-integration: install self-signed certificates #195

merged 1 commit into from
Oct 8, 2022

Conversation

sbesson
Copy link
Member

@sbesson sbesson commented Oct 3, 2022

This mirrors the configuration made in OMERO-server and configure omero-certificates on the integration OMERO.server

Discovered while trying to run Python integration tests directly from the Docker environments using https://omero.readthedocs.io/en/stable/developers/testing.html#running-tests-directly and receiving the famous Ice.SecurityException: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12] error. I suspect the CI job set-up includes some bootstrap configuration which allows to avoid the issue but since setting up certificates everywhere is our recommendation, I expect this is a harmless addition.

@sbesson
OMERO-test-integration: install self-signed certificates
a108090 
This mirrors the configuration made in OMERO-server and configure
omero-certificates on the integration OMERO.server
@joshmoore joshmoore requested a review from jburel October 4, 2022 09:56
@sbesson sbesson mentioned this pull request Oct 6, 2022
Merged
@jburel
Copy link
Member

jburel commented Oct 7, 2022

I also had to install openssl on test_integration

@sbesson
Copy link
Member Author

sbesson commented Oct 7, 2022
edited
Loading

I also had to install openssl on test_integration

👍 definitely a requirement for omero-certificates. I believe https://github.com/ome/devspace/pull/195/files#diff-2aaf9bb653b87c21b2707f34b52ac053e2d84407c8f0107d4f1bff21b6d9eaccR79 should ensure this requirement is satisfied newly created environments. The primary limitation is that it will not work on a running container and would require the image to be rebuilt and the service to be restarted

@jburel
Copy link
Member

jburel commented Oct 7, 2022
edited
Loading

I assumed openssl was already installed and the change in this PR was catching up.

@sbesson
Copy link
Member Author

sbesson commented Oct 7, 2022

Looking quickly at my history

[sbesson@idr1-slot2 ~]$ docker exec -it latest-ci_omero_1 bash
bash-4.2$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

I installed openssl on https://latest-ci.openmicroscopy.org/jenkins and restarted the server by hand with my local modifications to confirm it was sufficient to get the tests running.
But I haven't made any permanent modification to the job configuration as I wanted to start the proposal via PR first.

@jburel jburel merged commit 42bab07 into ome:master Oct 8, 2022
@sbesson sbesson deleted the integration_certificates branch October 8, 2022 10:27
@sbesson
Copy link
Member Author

sbesson commented Nov 22, 2022

@jburel I suspect this change was not applied to latest-ci. With the inclusion in ome/omero-py#336, this is now a requirement to connect to the server using OMERO.py and should fix all the OMERO.py tests which failed in the nightly build - https://latest-ci.openmicroscopy.org/jenkins/job/OMERO-test-integration/1132/

@jburel jburel mentioned this pull request Jun 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jburel jburel jburel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sbesson @jburel