search

ome / ansible-role-omero-server

Installs and configures OMERO.server
https://galaxy.ansible.com/ome/omero_server/
BSD 2-Clause "Simplified" License
4 stars 14 forks source link

CentOS 7: configure omero-certificates #58

Closed sbesson closed 3 years ago

sbesson commented 3 years ago

Fixes https://github.com/ome/ansible-role-omero-server/issues/57

As a result of TLS 1.0/1.1 being now disabled by default in OpenJDK incl. 8 and 11, all base CentOS 7 installations start failing import with a SSLHandshakeException.

This PR configures omero-certificates to generate self-signed certificates exactly like what is currently done in Ubuntu 18.04 and Ubuntu 20.04. This seems to be sufficient to fix the failing import tests.

Note 900548e ensures openssl is installed on the system but I suspect we might want to push this installation down to ome.basedeps. Opening this PR as it is anyways to start the discussion

sbesson commented 3 years ago

Having the openssl installed as part of this role would have the advantage of being able to release an immediate patch release (and fix the downstream Docker image). So happy to go that route if we are all comfortable.

We could also add the dependency to ome.basedeps as a follow-up PR in which case it would become a no-op.

joshmoore commented 3 years ago

So happy to go that route if we are all comfortable.

:+1: