Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1519079 - [RFE] Add instructions on how to configure SSL support for database replication between a global region and sub regions
Summary: [RFE] Add instructions on how to configure SSL support for database replicati...
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: GA
: 5.10.z
Assignee: Red Hat CloudForms Documentation
QA Contact: Red Hat CloudForms Documentation
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-30 05:13 UTC by tachoi
Modified: 2019-03-26 03:32 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Category: ---
Cloudforms Team: Documentation


Attachments (Terms of Use)

Description tachoi 2017-11-30 05:13:10 UTC
Description of problem:
PostgeSQL SSL support is needed for database replication - sub region to master region
We have SSL support between db appliance and worker appliance[1] but no info available for db replication
CFME 5.8.2

[1] https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html-single/appliance_hardening_guide/#chap_red_hat_cloudforms_security_guide_setting_ssl_for_the_database_appliance

Version-Release number of selected component (if applicable):
CFME 5.8.2

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 6 Nick Carboni 2017-12-12 20:05:55 UTC
The same steps which are currently documented should configure ssl connections for replication as well as ssl between app servers and the database within a remote region.

See https://bugzilla.redhat.com/show_bug.cgi?id=1482697#c8 for more details around why this is the case.

I would suggest making this a documentation issue.

Comment 7 tachoi 2017-12-12 21:40:01 UTC
Thanks Nick for the review of doc.
Let me ask one more question.

I've copied the information[1] from existing SSL config doc between worker appliance and db one. Can you tell me what is this for ? 

Do you mean that we don't need to create root.crt and copy over to client side whatever scenario we are at(worker-db, or db-db)?
 
[1] Section 1 step 4 (creating /var/www/miq/vmdb/certs/root.crt) and copy over root.crt to client side.

Thanks
Taeho

Comment 8 Nick Carboni 2017-12-12 22:22:56 UTC
> I've copied the information[1] from existing SSL config doc between worker appliance and db one. Can you tell me what is this for ? 

I'm not sure. As far as I can tell it isn't need to configure server ssl so I think it's just confusing people at this point.

> Do you mean that we don't need to create root.crt and copy over to client side whatever scenario we are at(worker-db, or db-db)?

Yes.


Note You need to log in before you can comment on or make changes to this bug.