Closed benibr closed 11 months ago
jonasbardino
commented
11 months ago Good idea! Merging but with manual adjustments to set the password policy back to MEDIUM for now and maybe sync to defaults-gdp.env in line with my comment to defaults.env
benibr
commented
11 months ago I don't understand the "correction" part here. It's an arbitrary port range and usually chosen somewhere in the range 8000-9000 for historical reasons and firewall friendliness, but dynamically negotiated with clients. We have other services running on 80XY and 8443 in some setups so we just allocated 8100-8200 to avoid conflicts. Is there any need for more passive ports?
During testing I saw failed connection attempts to FTP passive ports above 8200 so I just added the range to the env files.
I guess that https://github.com/ucphhpc/migrid-sync/blob/a9ad32683eb1b0d7a039d51c65633b6105956402/mig/shared/configuration.py#L499 somehow applies even if the FTPS_PASSIVE_PORTS is set, cause it is not explicitly listed in the Dockerfiles during config generation?!
jonasbardino
commented
11 months ago During testing I saw failed connection attempts to FTP passive ports above 8200 so I just added the range to the env files.
I guess that https://github.com/ucphhpc/migrid-sync/blob/a9ad32683eb1b0d7a039d51c65633b6105956402/mig/shared/configuration.py#L499 somehow applies even if the
FTPS_PASSIVE_PORTSis set, cause it is not explicitly listed in the Dockerfiles during config generation?!
The corresponding ftps_pasv_ports setting was not exposed in generateconfs.py, so it was not possible to pass it there in Dockerfile and the environment thus had no effect either. I'll add it on the migrid side now so feel free to add the docker-migrid bindings.
This PR adds some basic tests scripts that are executable via
make test.They test:
For testing a curl docker container is used since docker must be available anyway and one can remove host dependencies this way. There is a bug with FTPS which is triggered when curl is used with OpenSSL above
1.1.1k. As a workaround the curl version is pinned to an older one here.The tests work with the default.env for now and should be extended in future. They also might serve as automatic CI testing in future to test changes in this repository.