perfsonar-user - Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Doug Wussler <>
- To: Andrew Lake <>, Alex Hsia <>
- Cc: "" <>, "" <>, "Garnizov, Ivan (RRZE)" <>
- Subject: Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file
- Date: Fri, 9 Nov 2018 17:19:42 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:gid3zx3pmcotglSlsmDT+DRfVm0co7zxezQtwd8ZsesQLPjxwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfVwZKPdec4RS3RHUMhfSidNBpqwYoUKA+cHIO1WrZTyp0EWoBW+GweiGf/vxDFLiH/436I60vguHg7d0QM6A94OtW7ZoMnpOKoQV+2+0anGzS/Eb/NTwTrz5o/Icg0uofqRXb1wbNHRyVIrFwzblFWbtIvoMC6S1uQQvGiX9eRhVf+0i248rwF+vCKvy9wiionSm4IZ0E7L+jhkwIssI9CzVUB1YdmhEJRKtiGaMZN7QsM+Q2F0oCY60aQKtJChcycS0JsnyB/fa+CHc4iV+R3vTvqeITB9hH19YLKwmQyy8Ua7yu37UMm7ykxKoTJZktnLsXAN0x/T6smbSvRl/0ehwi2P1x3N5eFfOU84i67WJ4M5zr4xkJoTrVrMHjXwmErokK+aaF8o9fa15OT6ernmqJmcOJVwig3kPaQundK/Dfw9MggVUGiX5fiw2KHh8ED4WrlKjuE2kqzdsJzCKsQbp7K5Aw9I0ok49ha/FCmp0M4EknkAKlJFZAyIj471O13UPP/4CvK/j0yjkDdq2/DGPqDhDY7XInffl7fheK5x61ZGyAo0ytBf6YpUCrYAIPL1Rk/9rsDXDhg8MwCsxubnD9R81oIaWWKLGKCVKqTSsUWH5u43LemDfpIVtCzgJPc74fPlkHw3mUcFcKW3x5QbdG20E/F7L0mEfHbhh9kBHGgWsgYiSeHqhkONXDFJaHu3Wq8x5y83BYC+AYveWIygg6aN0Dq4E5BXfGxLBF6BHW32e4mYR/sAcCySLdFinzAYULWsTpEu2B6yuAL+zrdoNenZ9yIduJ/n1tV5++PTmBQp+jF2EciSz2eARHxukGwSXT85xqV/rFR9ylid1ah4hORVG8RP6v1OTgs3O4fQwvF4BNzsQw7BecyGR0i8TtWhHDExUsk+w9gTY0Z7BtqulAjD3zCtA78JibOEGIA08qPb33j3Pcp9zGvG1LUlj1khRctPNneqibJ49wjWH4LJkkOZmLi2dakEwiLC7nuPwXeLsU1FTQJ8TKDIXX4Qa0fKsdj0403CQKGhBLs9NwZMzM+PJrVIZ9HxiFVJXvbjONDQY2KrnGewAA6Fya6LbIr3dGURxivcCFUfkwAI+XaJKxI+Czyvo2LFETxiD0zgbF7x8eVmsnO0Ulc0zx2Wb01mz7e14gAaheaSS/MI2bIEvj0uqy9tEFagxNLZFcCAqhFlfKVdetM9/ExH2XzDuwx8OJygM75thkQYcwtpo0PiyQ97BZtdnsg3/zsXyhFvI/eYzE9ZbGHfmo3qPrHaJGT05x3pc7TR3V/G19eQ5uEE7/F/tQ+koRutQVd382l7y8IQiFKr0ZHLFxYJF5P3Tkst8RVm/ffXbjQK/JLRzXRbKqi7tDjM1eUxCfEr0RGmds0aao+ZDwLoXcFPK9eLBuUT1VP8TiohIPlP5pw2HPL9LuGa27+EBshmpXy82GV4wIR46EWv2DF9Y9Pn+rJZwOGZ4iW8cgnSjmyDjfjVq8V9dDUJQG6E13CqAdsKOoQudoIvL0iuHtaP3/JShJTxaSV86WKSWUw+9M6YSyq9VHjAwVJ3+G8Y72fygHOhxBp2yRAg96yojReL+bXbWihCBWcRb2B53He9HtWYhugFbEStKjFyzFWosBXHwbNGrvF/M3XLWhUPOCz3NH15FKq2qreYZcNTstUlvTgQS/W5eVndUb/ypRwU3WT7EnFQ3zc9fivvp470hU9Gjze0KnppoWWRXchzyF+L7drQVNZcxXwASTUuzXH+AlWsd/my/Nzcw57Hv/D4V3mgX7VVdiDii4yHqn3oy3dtBEiTmO280uL6ChM+3DWzg9VtSCqOswvneY3mzYy0Kv8hc0V1Ugyvo/FmE51zx9NjzKob3mIX09DMpSFdyzX6LMlb1KTibXEEWT8MxZvP7RP43FF4cCnb3Jr3A3OaxMYpJ8K3ZG8bwGoc14hLE+/Vid4Mhi5puhy9pAPVb+J6m2IRzuYhrmEHmPoNtRAFwD6ARL0eABoQMA==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Thanks for explaining that. I didn’t realize that was how it worked. So, you’re saying that you currently replace SSL.CONF with every update. You will change this so that an update does not touch SSL.CONF. Your SSL* options will be global defaults set in an ancillary config file and this is the file that
will get replaced with every update. Yes, that definitely works. Thank you.
From: Andrew Lake <> Hi Doug, Yes, I think you are correct we could shuffle things a bit differently to get this to work. Just to clarify, we don’t actually put the ssl.conf in place, mod_ssl creates the version that
has those options in a VirtualHost, we just use sed to replace them wherever they are in the file. That being said I think below summarizes what you are suggesting which I think would work: 1. On install, update the ssl.conf installed by mod_ssl to exclude the options in question from the default VirtualHost defined by mod_ssl. After initial install, perfsonar never touches
ssl.conf again. 2. Create a separate file controlled by a perfsonar package that globally sets the SSL* options we care about. This is the file that will get modified on perfsonar package update and
should not be manually edited. 3. If someone wants to override our options, they can edit the VirtualHost in ssl.conf. Since it is inside the VirtualHost, those options will take precedence over the global options
set by perfSONAR and we all live happily ever after. Does that sound correct? As Michael said in the note before mine, I think that is something we can tackle. Thanks, Andy I had to give myself on a refresher about who makes what change but to summarize what we could On November 9, 2018 at 10:27:11 AM, Doug Wussler () wrote:
|
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Alex Hsia, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Michael Johnson, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Alex Hsia, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Andrew Lake, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Andrew Lake, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Andrew Lake, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Doug Wussler, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Michael Johnson, 11/09/2018
- Re: [perfsonar-user] AW: Automatic yum update changed the ssl.conf file, Alex Hsia, 11/09/2018
Archive powered by MHonArc 2.6.19.