Ticket #356 (closed enhancement: duplicate)

Opened 5 years ago

Last modified 4 years ago

Flukes XMPP support/flukes-only subscrube cert for XMPP

Reported by: ibaldin Owned by: vjo
Priority: major Milestone:
Component: External: Blowhole/Slice Reporting Version: baseline
Keywords: Cc: anirban, vjo

Description

As per conversation we just had, I would like to add support for XMPP to Flukes (to save users from clicking ‘Query’). I have a fairly good confidence in the performance of XMPP server recently based on what we’ve been seeing in blowhole. We may need to eventually think about federating another server in to it to spread the load, but for now things seem OK.

So Anirban will generate a subscribe-only-capable cert with permissions to be *packaged into flukes code* so users don’t have to worry about this. Since Flukes is JNLP, revoking it in case of compromise or other issues, would be trivial, since we can just push a new version of Flukes with an updated cert whenever we feel like it.

Victor - you are on this as an FYI, since you do the care and feeding of the XMPP infrastructure. Anirban will push the cert to XMPP server (I don’t even know where it is anymore… control.exogeni.net?) and I will do the flukes side of it.

Change History

Changed 5 years ago by ibaldin

  • type changed from defect to enhancement

Changed 5 years ago by ibaldin

I am attaching a keystore file for flukes-xmpp. I am also attaching the cert and key, just in case we need to generate a new keystore with another password protecting it. The credentials have been pushed. I noticed that the credential generation code issues both publish and subscribe credentials. It can’t exclusively create creds for subscribe-only.

The relevant properties are:

# ORCA pubsub properties
ORCA.pubsub.server=control.exogeni.net:5222
ORCA.pubsub.usecertificate=true
ORCA.pubsub.login=b067c547-0fbd-4de7-bc36-4826f605447a
ORCA.pubsub.password=importkey
ORCA.pubsub.keystorepath=<path_to_flukes-xmpp-gcf-encrypted.jks>
ORCA.pubsub.keystoretype=jks
ORCA.pubsub.truststorepath=<path_to_flukes-xmpp-gcf-encrypted.jks>
ORCA.pubsub.root=orca/sm

Changed 4 years ago by ibaldin

  • status changed from new to closed
  • resolution set to duplicate

Moved to github

Note: See TracTickets for help on using tickets.