Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mlaunch: Support --ssl option to automatically setup a fully SSL-enabled cluster #127

Closed
devkev opened this issue Nov 7, 2013 · 4 comments
Closed

mlaunch: Support --ssl option to automatically setup a fully SSL-enabled cluster #127

devkev opened this issue Nov 7, 2013 · 4 comments
Assignees
@ajdavis
Labels
improvement mlaunch
Milestone
1.3.1

Comments

@devkev
Copy link
Contributor

devkev commented Nov 7, 2013

Assuming you already have an SSL-enabled build. Currently you have to muck about generating a keypair with openssl, followed by adding --sslOnNormalPorts and --sslPEMKeyFile <filename> to the command line.
@rueckstiess
Copy link
Owner

Can you help me with that? I haven't played around with SSL yet. Can I tell if a build has SSL enabled? For example by parsing the --help output or someting?

@devkev
Copy link
Contributor Author

devkev commented Feb 3, 2014

That would probably work. But rather than trying to second guess whether it's there (which is needlessly fragile/racy in general), wouldn't it just be better to just do it, and see if the mongod exits with an error?

I believe the necessary steps are to create a PEM file (not sure if there is a more portable way than calling out to the openssl utility), then add the --sslOnNormalPorts --sslPEMKeyFile /path/to/pem/file.pem options.

If the build lacks SSL support, it will just fail to accept the --sslOnNormalPorts option, same as any other option it doesn't understand:

$ mongod --sslOnNormalPorts
error command line: unknown option sslOnNormalPorts
use --help for help
$ echo $?
1

Are such errors currently caught and returned to the user? If so, I think this would be explanatory enough. If not, and the failure is completely silent (except that doing mlaunch list after mlaunch init --ssl shows everything down), then that would not be good. :)

@ajdavis ajdavis self-assigned this Sep 22, 2017
ajdavis added a commit to ajdavis/mtools that referenced this issue Sep 22, 2017
@ajdavis
Support SSL parameters (rueckstiess#127)
215c336
@stennie stennie added this to the 1.3.1 milestone Sep 22, 2017
ajdavis added a commit to ajdavis/mtools that referenced this issue Sep 23, 2017
@ajdavis
Initialize SSL parameters (rueckstiess#127)
bb6ba97
ajdavis added a commit to ajdavis/mtools that referenced this issue Sep 25, 2017
@ajdavis
Use SSL with "list" and "stop" (rueckstiess#127)
69a328d
kevinadi pushed a commit that referenced this issue Sep 26, 2017
@ajdavis @kevinadi
Support SSL parameters (#127) (#524)
7e2dfe3 
* Support SSL parameters (#127)
* Initialize SSL parameters (#127)
* Use SSL with "list" and "stop" (#127)
@stennie
Copy link
Collaborator

stennie commented Oct 4, 2017

Fixed with PR#524

@stennie stennie closed this as completed Oct 4, 2017
@p-mongo
Copy link
Contributor

p-mongo commented Sep 28, 2018

#524 adds a bunch of SSL options but it does not appear that it has any functionality to generate the apparently required pem file to launch an SSL-enabled cluster.

@stennie stennie mentioned this issue Sep 28, 2018
Closed
This was referenced Oct 1, 2018
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajdavis ajdavis

Labels
improvement mlaunch
Projects
None yet
Milestone
1.3.1
Development

No branches or pull requests
6 participants
@stennie @ajdavis @rueckstiess @gianpaj @devkev @p-mongo