Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable SSL on PostgreSQL server #15

Merged
merged 1 commit into from
Jun 21, 2017
Merged

Enable SSL on PostgreSQL server #15

merged 1 commit into from
Jun 21, 2017

Conversation

valeriap
Copy link
Contributor

  • PostgreSQL has native support for using SSL connections to encrypt client/server communications for increased security.
    • Two new properties have been added:
      • databases.tls.certificate
      • databases.tls.private_key
    • If the tlssection is specified in the postgres job properties, PostgreSQL is started with SSL enabled.
    • The script generate-postgres-certs is provided that creates a CA, generates a keypair, and signs it with the CA.
    • The template use_ssl.ymlis also provided to show how use BOSH variables to generate the certificates.
    • Acceptance tests have been extended to cover ssl scenario
  • The postgres job spec has been improved to provide examples for array of hashes properties
  • References to the tagproperty have been removed from templates
  • The sample templates have been modified to use bosh v2 cli:
    • bosh v2 syntax has been introduced
    • bosh variables and operations file have been used instead of spiff to generate the manifest

@cfdreddbot
Copy link

Hey valeriap!

Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/147577385

The labels on this github issue will be updated when the story is started.

suhlig
suhlig reviewed Jun 21, 2017
View reviewed changes
src/acceptance-tests/deploy/deploy_single_node_test.go Outdated
func createDeployment(postgresReleaseVersion int, manifestPath string, prefix string) error {
name := helpers.GenerateEnvName(prefix)
return updateDeployment(postgresReleaseVersion, manifestPath, name)
}
func updateDeployment(postgresReleaseVersion int, manifestPath string, name string) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we call this CreateOrUpdateDeployment to express the actual functionality?

suhlig
suhlig suggested changes Jun 21, 2017
View reviewed changes
Copy link
Contributor

@suhlig suhlig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work! Can we address the one comment I made about CreateOrUpdate?

@valeriap
Enable optional SSL on Postgres server
2757b26 
- Remove references to tag property in databases and roles
- Provide script for generating SSL certificates

[#146008833]

Signed-off-by: Steffen Uhlig <Steffen.Uhlig@de.ibm.com>
@suhlig suhlig merged commit dbe26cb into develop Jun 21, 2017
@suhlig suhlig deleted the wip-ssl branch June 21, 2017 09:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@suhlig suhlig suhlig requested changes

Assignees
No one assigned
Labels
accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@valeriap @cfdreddbot @cf-gitbot @suhlig