Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DM-45049: Add support for SSL/TLS in the Qserv Czar frontend #859

Merged
merged 5 commits into from
Jul 18, 2024
Merged

DM-45049: Add support for SSL/TLS in the Qserv Czar frontend #859

merged 5 commits into from
Jul 18, 2024

Conversation

iagaponenko
Copy link
Contributor

This effort is about replacing the non-encrypted HTTP protocol with HTTPS in the Qserv Czar front end: https://confluence.lsstcorp.org/display/DM/HTTP+frontend+of+Qserv

The new implementation of the front end’s REST API will be based on the built-in HTTP server https://github.com/yhirose/cpp-httplib added to Qserv in DM-44780.

No changes to the functionality of the front end are expected to be made. No modifications to the REST API version will be made either. The user documentation on the REST API will be updated accordingly.

The implementation provides two options for the SSL certificates:

  • The certificates can be injected into the service’s container via a mount point at the default location expected by the front end. An alternative location of the certificate files could be specified via the optional parameters of the container’s entry point
  • If no certificates are found by the container's entry point at the expected (or overridden) location then the entry point will automatically generate self-signed certificates at the same location area.

@iagaponenko iagaponenko force-pushed the tickets/DM-45049 branch 6 times, most recently from 742c1dd to d8572b2 Compare July 5, 2024 20:28
fritzm
fritzm approved these changes Jul 17, 2024
View reviewed changes
Copy link
Contributor

@fritzm fritzm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! LGTM

@iagaponenko
Refactoring in a hierarchy of the HTTP modules
9fba535 
The former base class http::ModuleBase was split into
the HTTP library neutral class http::Module and the QHTTP-specific
intermediate base class http::QhttpModule. All existing modules that were
based on the former were migrated to depend on the the latter.

This refactoring prepared ground for introducing another intermediate
base class for the HTTPLIB-based REST services.
@iagaponenko
Added an intermediate base class for the CPP-HTTPLIB-based REST services
bba044f
@iagaponenko
Added CPP-HTTPLIB-based version of the meta module
afd6d1f
@iagaponenko
Implemented HTTPS-based Czar front-end
da1f607 
Eliminated classes of the QHTTP-based version of the Czar frontend
@iagaponenko
Extended the entry point for Czar HTTP frontend to support SSL/TLS co…
d47dea3 
…nfig

Switched to the SSL-based REST services for testing.
@iagaponenko iagaponenko merged commit 35d9599 into main Jul 18, 2024
9 of 11 checks passed
@iagaponenko iagaponenko deleted the tickets/DM-45049 branch July 18, 2024 00:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fritzm fritzm fritzm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@iagaponenko @fritzm