Enforce TLS for pmgserver (!12) · Merge requests · atlas-tdaq-software / ProcessManager

Reiner Hauser requested to merge rhauser/ProcessManager:enforce-tls into master Nov 27, 2024

This bites the bullet and enforces TLS for the pmgserver daemon in all cases. There should be no option to disable it. A related IPC patch ipc!10 (merged) enables the internal TLS mechanism by default (the way we were running nightly since months anyway since the relevant variables were set in setup.sh and OKS)

By default the IPC internal TLS setup is used where keys and certificates are generated in the process itself.

It is still possible to disable this via the TDAQ_IPC_ENABLE_TLS=0 env variable but in that case it is left to whoever deploys it to manually configure keys and certificates (via ORB config settings).

In addition this commit adds the missing acquire() argument to the command line tools that don't go through the singleton.

cc: @avolio @kolos

Edited Nov 27, 2024 by Reiner Hauser

Enforce TLS for pmgserver

Merge request reports