Closed drjrkuhn closed 1 year ago
@drjrkuhn maybe we need a more precise stack trace but assuming your connection issue is primarily client-side, I would also not expect that omero.jvmcfg.append
will have an effect as it is used for configuring the server JVM settings.
I think the JAVA_OPTS
environment variable should allow you to set additional Java arguments to the command-line importer. It is sometimes used to give additional memory to the client-side candidate detection e.g. JAVA_OPTS="-Xmx2g"
but in your case, you might be able to use it as follows
JAVA_OPTS="-Djava.security.properties=/home/myusername/.java.security" omero import...
Thanks for the clarification that omero.jvmcfg.*
settings are only for the server side and not the client side. I had not tried JAVA_OPTS
yet. Great suggestion. I'll try to find the image.sc thread on certificate security issues with imports again and move this discussion there. Closing the issue.
One cannot pass additional command line arguments to the jvm when the importer.py plugin invokes java to perform file imports. The omero-py session has a builtin config option of omero.jvmcfg.append specifically for passing options to the jvm, but the pulgins/importer.py ignores this config setting.
All of this came about because I was having trouble using the importer from a remote omero-py session. I have traced it to java security policies, and would like to override the default java.security file with my own
-Djava.security.properties = /home/myusername/.java.security
. The ultimate goal is to override my systemwidejdk.tls.disabledAlgorithms=...,DH keySize < 2048,...
setting to a reasonable value of 1024 to talk to a remote omero server over SSL. One can get around the issue by using a global _JAVA_OPTION environment variable, but the default omero-py set config mechanism outlined in the properties documents should work.Incidentally, this issue is related to a lot of security and certificate issues people (including me) are having with omero-cli import. I finally traced it on my RHEL 8 install to a global security file
/etc/crypto-policies/back-ends/java.config
that overrides all other DH keySize options for TLS1.2 handshaking. After a lot of back and forth with trying to override with omero.jvmcfg.append, I realized these options were not being used in importer.py.