HYRAX-2041: Support updated bes installation destination that matches legacy RPM installation paths#142
HYRAX-2041: Support updated bes installation destination that matches legacy RPM installation paths#142hannahilea merged 21 commits intomasterfrom
Conversation
hannahilea
changed the title
hannahilea
changed the title
el8-builds/build-el8
Outdated
| # TODO: REVERT BEFORE MERGING!!!!!! | ||
| # BES_CORE_IMAGE_TAG="opendap/bes_core:$BES_VERSION-$TARGET_OS" | ||
| BES_CORE_IMAGE_TAG="opendap/bes_core:3.21.1-1164-el8-pull-request-test-image" |
There was a problem hiding this comment.
I'll revert these before merging this PR; it was necessary for testing, given the changes to the bes_core image!
There was a problem hiding this comment.
OK - that could be a challenging to understand issue if it does get merged!
|
I ran into a number of fun edge cases around various build scripts, so fixed those here; if you'd prefer I can pull them into a separate PR. |
| -e 's:=.*/lib/bes:=/lib/bes:' \ | ||
| -e 's:=.*/share/bes:=/share/bes:' \ | ||
| -e 's:=.*/share/hyrax:=/share/hyrax:' \ | ||
| -e 's:=/full/path/to/serverside/certificate/file.pem:=/etc/pki/bes/cacerts/file.pem:' \ |
There was a problem hiding this comment.
Yeah I too wonder about the relevance of this. There was a time when the BES was set up for secure communications with the BES Clients (such as, but not limited to, the OLFS) but we have never used it to my knowledge. @jgallagher59701 might be able to say something regarding this bit...
There was a problem hiding this comment.
It's a good question. @dh-opendap ? I don't know how the two parts of the server communicate in NGAP (via a socket, yes, but I don't know if it's TLS or TLS/SSL). I do know that we jump through hoops to to encrypt data in transit.
Outside of NGAP, these are not needed
There was a problem hiding this comment.
Hah, when we initially added in this section (a couple weeks ago) we asked @dh-opendap about it then. Let me find those links---the upshot was no, he didn't know either!
(Dan, nothing you need to add here unless you want to 😅 )
There was a problem hiding this comment.
In NGAP all of the external facing certs are handled by the OLFS. As far as I know the only thing the BES is doing with respect to TLS is being a client of other services like AWS, TEA, and CMR.
I don't know how the two parts of the server communicate in NGAP (via a socket, yes, but I don't know if it's TLS or TLS/SSL).
It is just a regular socket, no TLS between the OLFS and BES. As far as I know we have never tested/configured a TLS connection between OLFS and BES. I think it's a relic of the BES's gestational period supervised by Patrick & Jose.
There was a problem hiding this comment.
I suggest we leave it as is for now, right a ticket to remove that stuff from the code base (Or possibly turn it on and test it?), and then we can do that work and testing outside of this important task that @hannahilea needs to complete.
What say ye? @jgallagher59701, @hannahilea ??
| echo "LIBDAP Version: ${LIBDAP_VERSION}"; \ | ||
| else \ | ||
| echo "Error: Expected LIBDAP_VERSION `${LIBDAP_VERSION}`, found version `${LIBDAP_VERSION_FOUND}`. Exiting."; \ | ||
| echo "Error: Expected LIBDAP_VERSION \"${LIBDAP_VERSION}\", found version \"${LIBDAP_VERSION_FOUND}\". Exiting."; \ |
There was a problem hiding this comment.
Those back tics tho... definitely gonna exit with those! 💯 good catch
el8-builds/build-el8
Outdated
| # TODO: REVERT BEFORE MERGING!!!!!! | ||
| # BES_CORE_IMAGE_TAG="opendap/bes_core:$BES_VERSION-$TARGET_OS" | ||
| BES_CORE_IMAGE_TAG="opendap/bes_core:3.21.1-1164-el8-pull-request-test-image" |
There was a problem hiding this comment.
OK - that could be a challenging to understand issue if it does get merged!
| loggy "$HR" | ||
| loggy "$prolog BEGIN" | ||
|
|
||
| export BUILD_RECIPE="${1:-"../el9-build-recipe"}" |
There was a problem hiding this comment.
Same comment as I made in the build-el8 script
3 participants
Uh oh!
There was an error while loading. Please reload this page.