HPCC-31394 WsSMC send roxie control cmd to ssl port if available

[asselitx]

Rather than default to port 9876, use the roxie farmer ports configured for sending control messages to. Prefer an ssl port if available.

Type of change:

• This change is a bug fix (non-breaking change which fixes an issue).
• This change is a new feature (non-breaking change which adds functionality).
• This change improves the code (refactor or other change that does not change the functionality)
• This change fixes warnings (the fix does not alter the functionality or the generated code)
• This change is a breaking change (fix or feature that will cause existing behavior to change).
• This change alters the query API (existing queries will have to be recompiled)

Checklist:

• My code follows the code style of this project.
  • My code does not create any new warnings from compiler, build system, or lint.
• The commit message is properly formatted and free of typos.
  • The commit message title makes sense in a changelog, by itself.
  • The commit is signed.
• My change requires a change to the documentation.
  • I have updated the documentation accordingly, or...
  • I have created a JIRA ticket to update the documentation.
  • Any new interfaces or exported functions are appropriately commented.
• I have read the CONTRIBUTORS document.
• The change has been fully tested:
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have checked that this change does not introduce memory leaks.
  • I have used Valgrind or similar tools to check for potential issues.
• I have given due consideration to all of the following potential concerns:
  • Scalability
  • Performance
  • Security
  • Thread-safety
  • Cloud-compatibility
  • Premature optimization
  • Existing deployed queries will not be broken
  • This change fixes the problem, not just the symptom
  • The target branch of this pull request is appropriate for such a change.
• There are no similar instances of the same problem that should be addressed
  • I have addressed them here
  • I have raised JIRA issues to address them separately
• This is a user interface / front-end modification
  • I have tested my changes in multiple modern browsers
  • The component(s) render as expected

Smoketest:

• Send notifications about my Pull Request position in Smoketest queue.
• Test my draft Pull Request.

Testing:

[github-actions]

https://track.hpccsystems.com/browse/HPCC-31394
Jira updated

[mckellyln]

I am still working on adding to this PR for using the same port in cascade/lock that was used to reach roxie.

[mckellyln]

@asselitx I approve this PR and I have added: #18571
So these two PRs really go together.

[mckellyln]

Approved. I added some code to PR: #18571 for HPCC-31395 for this for testsocket to Roxie.

[ghalliday]

The change looks good. One question about the way the socket factory is managed etc.

[ghalliday]

The encapsulation could be better - it is using an implementation detail of the class. Should this either be an extra parameter to createSmartSocketFactory(), or should it be using createSecureSmartSocketFactory()?

Is there other configuration information (e.g., issuer for mtls) that needs to be provided?

[ghalliday]

One initial question. I think the code is assuming that a non-null factory is returned from createSecureSocketConfig(nullptr, nullptr, nullptr). Is that a problem?

[ghalliday]

createSecureSocketConfig(nullptr, nullptr, nullptr) currently returns null. Is this doing what you expect?

[asselitx]

This is what I expect but it may not be clear, and I wasn't sure if other changes would make it better. I thought this could be a placeholder until the usage of the smart socket classes is regularized. If it would be better to have an empty rather than null object here I could adjust the createSecureSocketConfig to do so or create an alternate function. I can see how this approach may not be clear and will adjust if you'd like.

The use of the smart sockets and factories isn't entirely consistent. In some cases the users of the classes interrogate the base interface for TLS status, and in others the user knows the TLS state and uses the correct secure/insecure flavor based on its own knowledge. roxiepipe is in the second case and it doesn't rely on the smart socket class itself having a valid config, rather it has already created a secure socket version based on the ssl argument (and compile switch).

[ghalliday]

@asselitx looks good. One question.

[ghalliday]

Why the check of the name against ssl? It could do with a comment.

(For instance the value created with createIssuerTlsConfig doesn't have that name - but it isn't going through this code path...)

[asselitx]

The check does not add value on reconsideration, so I'll remove it and squash my commits.

Initially it seemed reasonable to ensure we had a configuration for SSL/TLS but given the other constructor doesn't explicitly check and has a different format it makes little sense.

[asselitx]

I see two failures. The first windows runner build failing in vcpkg step doesn't appear to be related to my changes: building icu:x64-windows. It failed again after a rebase and push. The second are roxie smoketest failures I'm looking into.

[asselitx]

@ghalliday Fixed issue when creating tlsConfig in WsECL. Remaining check that is failing is related to vcpkg on window failing on icu. Other PRs have the same problem such as Mark's: https://github.com/hpcc-systems/HPCC-Platform/actions/runs/9455013251/job/26043854433?pr=18749