Support Migration Notice: To update migrated JIRA cases click here to open a new case use www.vmware.com/go/sr | vFabric Hyperic 5.7.0 is Now Available

Hyperic HQ

Help information needed for RabbitMQ Configuration to instruct users to import SSL certificate to keystore

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 4.6
  • Fix Version/s: 4.6, 4.x Sprint 28
  • Component/s: Plugins
  • Environment:
    Hyperic server 4.6.0-EE-244 on CentOS 5.4 x64 with embedded Postgres DB
    Hyperic agent 4.6.0-EE-246 on RHEL 5.5 x64
     - RabbitMQ 2.5.1 running on agent platform
  • Case Links:
    none
  • Regression:
    No
  • Story Points:
    2
  • Tags:

Description

Help information needed for RabbitMQ Configuration to instruct users to import SSL certificate to keystore

With the implementation of SSL and the requirement to import the RabbitMQ server's SSL certification to a keystore that the agent can read, it is required that users are informed during configuration.

Whether or not we actually provide exact instructions on how to do it in help, we need to at least inform the user that importing the RabbitMQ server's SSL certificate to a keystore is required for the Hyperic agent to be configured.

Expected Result:
Required steps are noted in configuration help

Actual Result:
No indication that importing vCenter server's SSL certificate to keystore is noted in configuraiton help

Steps to Reproduce:

  1. Install agent on platform running RabbitMQ Server
  2. Log into Hyperic
  3. Note platform running RabbitMQ Server is auto-discovered in AIQ
  4. Add platform running RabbitMQ Server to inventory from AIQ
  5. View RabbitMQ Server within added platform
  6. Note Configuration is required
  7. Enter configuraiton parameters as required
  8. Save configuration
  9. Note error unable to find valid certification path to requested target
  10. Note no information is available to instruct users of importing SSL certification

Issue Links

Activity

Hide
Frederic Calindas added a comment - - edited

RabbitMQ information should be similar to vSphere informatino such as:

  1. Add:
    SSL Configuration Requirements (Hyperic 4.6 and later)
    There are new SSL configuration requirements for secure communication between a Hyperic 4.6 agent and RabbitMQ server. 
    
    If the accept.unverified.certificates property is false (default value) in the agent.properties file, the RabbitMQ server's SSL certificate needs to be manually imported to a keystore that the Hyperic 4.6 agent can access. Otherwise, secure communication between the Hyperic 4.6 agent and VMware vCenter server will fail. 
    
    If the accept.unverified.certificates property is true in the agent.properties file, the RabbitMQ plugin will automatically import the unverified SSL certificate of the VMware vCenter server to the keystore accessible to the Hyperic 4.6 agent. This is not recommended because it is less secure and will expose the Hyperic agent to man-in-the-middle attacks.
  2. The HTTPS flag should also be add to config properties
  3. The documentation link should be either opened in a new page or removed.
Show
Frederic Calindas added a comment - - edited RabbitMQ information should be similar to vSphere informatino such as:
  1. Add:
    SSL Configuration Requirements (Hyperic 4.6 and later)
    There are new SSL configuration requirements for secure communication between a Hyperic 4.6 agent and RabbitMQ server. 
    
    If the accept.unverified.certificates property is false (default value) in the agent.properties file, the RabbitMQ server's SSL certificate needs to be manually imported to a keystore that the Hyperic 4.6 agent can access. Otherwise, secure communication between the Hyperic 4.6 agent and VMware vCenter server will fail. 
    
    If the accept.unverified.certificates property is true in the agent.properties file, the RabbitMQ plugin will automatically import the unverified SSL certificate of the VMware vCenter server to the keystore accessible to the Hyperic 4.6 agent. This is not recommended because it is less secure and will expose the Hyperic agent to man-in-the-middle attacks.
  2. The HTTPS flag should also be add to config properties
  3. The documentation link should be either opened in a new page or removed.
Hide
Patrick Nguyen added a comment -

Updated help to specify "unverified" SSL certificate

Show
Patrick Nguyen added a comment - Updated help to specify "unverified" SSL certificate
Hide
Frederic Calindas added a comment -

Verified with Hyperic Server Daily Build 4.6.0-EE-252 (7/28/11) and upgraded agent.

Help information posted to Configuration Properties.

Show
Frederic Calindas added a comment - Verified with Hyperic Server Daily Build 4.6.0-EE-252 (7/28/11) and upgraded agent. Help information posted to Configuration Properties.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
    Last comment:
    2 years, 38 weeks, 6 days ago