rmq certification is changed

[GHYOON]

Issue branch: develop

Local host VOLTTRON_HOME is mounted.

The cert file is changed for every execution.

I think it makes sense that the cert file created in the host mount folder is not changed.

It is expected to be a problem especially when using external interfaces such as federation and shovel.

[bonicim]

Issue branch: develop

Local host VOLTTRON_HOME is mounted.

The cert file is changed for every execution.

I think it makes sense that the cert file created in the host mount folder is not changed.

It is expected to be a problem especially when using external interfaces such as federation and shovel.

@GHYOON What do you mean when "cert file is changed for every execution"? Are you pointing to the code in core/setup.py?

Can you explain further the expected problem with using external interfaces?

[GHYOON]

@bonicim I mean that Cert files is for RMQ bus.

There is example directory in VOLTTRON_HOME

├── certificates
│   ├── ca_db
│   │   ├── volttron1-root-ca-cadb.json
│   │   └── volttron1-root-ca-serial
│   ├── certs
│   │   ├── platform_web-server.crt
│   │   ├── volttron1-admin.crt
│   │   ├── volttron1.aip.crt
│   │   ├── volttron1.config.store.crt
│   │   ├── volttron1.control.connection.crt
│   │   ├── volttron1.control.crt
│   │   ├── volttron1.listener.crt
│   │   ├── volttron1.platform.actuator.crt
│   │   ├── volttron1.platform.agent.crt
│   │   ├── volttron1.platform.auth.crt
│   │   ├── volttron1.platform.driver.crt
│   │   ├── volttron1.platform.health.crt
│   │   ├── volttron1.platform.historian.crt
│   │   ├── volttron1.platform_web.crt
│   │   ├── volttron1-root-ca.crt
│   │   ├── volttron1.router.crt
│   │   ├── volttron1-server.crt
│   │   ├── volttron1-trusted-cas.crt
│   │   ├── volttron1.volttron.central.crt
│   │   └── volttron1.zmq.proxy.router.crt
│   ├── pending_certs
│   ├── pending_csr
│   │   ├── volttron1.volttron1.platform.agent.csr
│   │   └── volttron1.volttron1.platform.agent.json
│   ├── private
│   │   ├── platform_web-server.pem
│   │   ├── volttron1-admin.pem
│   │   ├── volttron1.aip.pem
│   │   ├── volttron1.config.store.pem
│   │   ├── volttron1.control.connection.pem
│   │   ├── volttron1.control.pem
│   │   ├── volttron1.listener.pem
│   │   ├── volttron1.platform.actuator.pem
│   │   ├── volttron1.platform.agent.pem
│   │   ├── volttron1.platform.auth.pem
│   │   ├── volttron1.platform.driver.pem
│   │   ├── volttron1.platform.health.pem
│   │   ├── volttron1.platform.historian.pem
│   │   ├── volttron1.platform_web.pem
│   │   ├── volttron1-root-ca.pem
│   │   ├── volttron1.router.pem
│   │   ├── volttron1-server.pem
│   │   ├── volttron1.volttron.central.pem
│   │   └── volttron1.zmq.proxy.router.pem
│   ├── remote_certs
│   └── whitelist

External interface:

• case1: VOLTTRON Instance <--> other VOLTTRON Instance
• case2: VOLTTRON Instance <--> other RMQ bus :: Python based RabbitMQ client for VOLTTRON

For external interface, first step is exchanging Certification files

Copy the self signed root CA certificates from machine 1 to machine 2 and vice versa using scp command. For example to copy from machine 1 (volttron) to machine 2(non volttron)

scp $VOLTTRON_HOME/certificates/certs/-root-ca.crt @:

And to copy from machine 2 to machine 1

scp ~/tls-gen/basic/result/ca_certificate.pem @:

If certification files are changed each time, the external interface configuration step must be performed again.

[bonicim]

@GHYOON Have you signed up as an Eclipse contributor? If not, please sign the committer's agreement at: https://www.eclipse.org/legal/ECA.php in order to accept your past and future PR's.

[GHYOON]

@bonicim I am not familiar with open source activities and communities. I would like to ask a question before registering for ECA. Is ECA a mandatory requirement for open source activities?

[bonicim]

@bonicim I am not familiar with open source activities and communities. I would like to ask a question before registering for ECA. Is ECA a mandatory requirement for open source activities?

@GHYOON For contributors to Volttron, it is required. Other open source projects may have their own policies. But for Volttron, we require contributors to sign the Eclipse committer's agreement.

[shwethanidd]

@GHYOON : VOLTTRON is part of Eclipse community now. Please refer to: https://volttron.readthedocs.io/en/develop/developing-volttron/contributing-code.html?highlight=contributing

[GHYOON]

@bonicim @shwethanidd Thank you for your kind answer and I have registered for ECA.