Skip Menu | Logged in as guest | Logout
 
Ticket metadata
The Basics
Id: 3803
Status: resolved
Priority: 3/0
Queue: vdt-internal
Custom Fields
Fixed in: 1.10.1i
Fix scheduled: CUR
People
Owner: Scot Kronenfeld
Requestors: Scot Kronenfeld
Cc:
AdminCc:
Reminders
New reminder:
Dates
Created: Mon Aug 25 17:34:54 2008
Starts: Not set
Started: Tue Sep 02 08:32:32 2008
Last Contact: Not set
Due: Not set
Closed: Thu Sep 11 14:51:01 2008
Updated: Thu Sep 11 14:51:19 2008 by kronenfe
Links
Depends on: (Create)
Depended on by: (Create)
Parents: (Create)
Children: (Create)
Refers to: (Create)
Referred to by: (Create)

History Brief headersFull headers
# Mon Aug 25 17:34:54 2008 kronenfe - Ticket created [Reply
Subject: Investigate installing the VDT without CA Certificates
From: 32765
Download (untitled) / with headers
text/plain 368b
We want to prevent the CA certificates from being installed at VDT installation time. Instead, an admin will need to configure the vdt-update-certs script (to specify where to install the certs from), and then run a script to install them.

In order to do this, I am going to create a branch of VDT 1.10.1 called vdt-1.10.1-certs and build it into the 1.10.98 cache.
# Mon Aug 25 17:35:38 2008 kronenfe - Priority changed from (no value) to '3'
# Mon Aug 25 17:35:38 2008 kronenfe - Fixed in CUR added
# Wed Aug 27 15:45:13 2008 kronenfe - Reference to ticket #3727 added
# Tue Sep 02 08:32:32 2008 kronenfe - Correspondence added [Reply
Download (untitled) / with headers
text/html 1.3k

Doug Olson suggested we just drop the doegrids subdirectory, and not
do any more messing with grid-cert-request or related just (like the
ssl configuration stuff).

Dropping the doegrids directory happens for now in the VDT 1.2 branch.
It's icky, but that's what it is.

Once we do that, I think you have the technical bits ready to go,
right? The things that I know we need to think about:

- It's our goal to release an update to VDT 1.10.1 on September 8th
with all of these changes.

- vdt-update-certs will have to insist upon have cacerts_url defined
in the configuration file: no default.

- the configuration file will have to list the VDT's CA certificate
distribution and the OSG CA certificate distribution, with comments
about both.

- We have to move the location for the VDT CA certificate distribution
to a different URL, to force people to get this update and make a
choice.

- We have to figure out everywhere that needs the documentation to be
tweaked

- We have to tweak the run-time docuemntation: post-install/README,
and maybe a prominent message to stdout.

I think this touches on everything. Did I miss anything?

I should be in on Tuesday, and available to talk about it.
# Tue Sep 02 08:32:33 2008 kronenfe - Status changed from 'new' to 'open'
# Tue Sep 02 15:29:51 2008 kronenfe - Reference by ticket #3413 added
# Thu Sep 11 14:51:01 2008 kronenfe - Status changed from 'open' to 'resolved'
# Thu Sep 11 14:51:18 2008 kronenfe - Fix scheduled CUR added
# Thu Sep 11 14:51:19 2008 kronenfe - Fixed in CUR changed to 1.10.1i