Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify AT-TLS setup #1879

Open
1000TurquoisePogs opened this issue Mar 30, 2023 · 2 comments
Open

Simplify AT-TLS setup #1879

1000TurquoisePogs opened this issue Mar 30, 2023 · 2 comments
Assignees
@1000TurquoisePogs
Labels
Epic TSC Technical Steering Committee

Comments

@1000TurquoisePogs
Copy link
Member

AT-TLS could be used as a solution to HTTPS support & standardization (such as resolving problem in #1875) within zowe, but because zowe's AT-TLS setup is too complex we limit its use.

zss, app-server, and the apiml servers document how to enable at-tls on docs.zowe.org
But, the documentation is not in 1 place. It's not even in the same section of the documentation.
https://docs.zowe.org/stable/user-guide/api-mediation/api-mediation-internal-configuration/#at-tls
https://docs.zowe.org/stable/user-guide/mvd-configuration/#using-at-tls-in-the-app-framework

Users are unlikely to discover these pages exist, and therefore will not know about at-tls capabilities without being told by an expert.

Even after learning these pages exist, the instructions are overly complex, because the way in which the servers are configured to use ATTLS is not the same across all servers.

Additionally, if all servers support ATTLS, is certificate setup in Zowe needed? To what extent? Our documentation and "zwe" do not cover this, so people would likely be doing unnecessary certificate setup steps only to end up with a keystore that is not fully utilized.

Goal: Have all servers be able to turn AT-TLS on/off with a single, standardized configuration section within zowe.yaml

Solution:
Create a standard area within zowe.yaml's "zowe" section which details whether ATTLS is on or off.
Create a standard area within each "component" section of zowe.yaml such that each component could have overrides.
Document these in the Zowe schema
Enhance our servers to utilize this information when available. note: configmgr templating could be used to assign already-existing configuration parameters of our servers to these new standards, so that the enhancement could be reduced to configuration default changes rather than code changes, if desired.
Enhance servers that do not yet support ATTLS to do so, using this info
Reorganize our documentation, to better explain ATTLS, how to configure it (within the keystore setup section?), and then how to configure Zowe to use it.
Review & revise existing keystore setup code & documentation to simplify wherever possible when ATTLS is used
@1000TurquoisePogs
Copy link
Member Author

Also note previous tickets on the subject of attls automation zowe/zowe-install-packaging#432
zowe/zowe-install-packaging#1530

@1000TurquoisePogs
Copy link
Member Author

i started some work here zowe/zowe-install-packaging#3356 but would be happy if others picked it up or gave feedback, because it's something i was only working on with spare time at the moment.

@1000TurquoisePogs 1000TurquoisePogs self-assigned this Apr 14, 2023
@balhar-jakub balhar-jakub added TSC Technical Steering Committee 23pi2 23pi3 labels May 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@1000TurquoisePogs 1000TurquoisePogs

Labels
Epic TSC Technical Steering Committee
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@balhar-jakub @1000TurquoisePogs