Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Application Framework AT-TLS configuration #989

Closed
skurnevich opened this issue Feb 27, 2024 · 4 comments
Closed

Application Framework AT-TLS configuration #989

skurnevich opened this issue Feb 27, 2024 · 4 comments
Assignees
@timgerstel @1000TurquoisePogs @skurnevich
Labels
bug Something isn't working priority-high An important issue that should be at least considered for the next PI, ideally within this one, if t
Milestone
2.16.0

Comments

@skurnevich
Copy link

The Configuring Zowe Application Framework docs page describes how to configure the app framework for HTTP, but it is impossible to disable HTTPS.

Even if you delete app-server.node.https section the values will be filled from defaults.
Then it seems that these functions were not updated for ATTLS: isServerHttps and getBestPort so if the app-server.node.https section exists it will be used and http setup will be ignored.
@skurnevich skurnevich added bug Something isn't working new not yet triaged labels Feb 27, 2024
@jalel01
Copy link

jalel01 commented Feb 29, 2024

Hi Squad, i know of a Zowe user waiting on this fix to move their Zowe instance to production with DB2 UMS. Thank you for looking into it!

@1000TurquoisePogs
Copy link
Member

I think the main problem is the app-server defaults override attempts to turn https off these days.
But, that's from a set of conditionals, and one condition we do not have is any way for the users to tell us that they intend to use attls.

Months go we drafted a schema improvement for such a way, simply zowe.network.server.attls=true and components.app-server.zowe.network.server.attls=true for per-component.

zowe/zowe-install-packaging#3446

Lets revisit this draft, get it in, and then have app-server be its first user, by having a new conditional in app-server by which if attls is set to true, then https is completely turned off.

@1000TurquoisePogs 1000TurquoisePogs added this to the 2.16.0 milestone Mar 1, 2024
@1000TurquoisePogs 1000TurquoisePogs added priority-high An important issue that should be at least considered for the next PI, ideally within this one, if t and removed new not yet triaged labels Mar 1, 2024
@achmelo
Copy link
Member

achmelo commented May 16, 2024

How does it work in the HA setup when 1 LPAR has AT-TLS and another doesn't?

@1000TurquoisePogs 1000TurquoisePogs mentioned this issue Oct 14, 2024
Open
@1000TurquoisePogs
Copy link
Member

In light of 2.18.0+ fully supporting the zowe.network.server.tls.attls: true setting, I'm closing this as fixed.

I believe HA accommodates this fine by having that section defined or not within HA blocks of the YAML.

@github-project-automation github-project-automation bot moved this from Backlog to Closed in WebUI planning board Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timgerstel timgerstel

@1000TurquoisePogs 1000TurquoisePogs

@skurnevich skurnevich

Labels
bug Something isn't working priority-high An important issue that should be at least considered for the next PI, ideally within this one, if t
Projects
WebUI planning board
Archived in project
Milestone
2.16.0
Development

No branches or pull requests
5 participants
@timgerstel @1000TurquoisePogs @achmelo @jalel01 @skurnevich