Open 1000TurquoisePogs opened 1 year ago
1000TurquoisePogs
commented
1 year ago Also note previous tickets on the subject of attls automation https://github.com/zowe/zowe-install-packaging/issues/432 https://github.com/zowe/zowe-install-packaging/issues/1530
1000TurquoisePogs
commented
1 year ago i started some work here https://github.com/zowe/zowe-install-packaging/pull/3356 but would be happy if others picked it up or gave feedback, because it's something i was only working on with spare time at the moment.
AT-TLS could be used as a solution to HTTPS support & standardization (such as resolving problem in #1875) within zowe, but because zowe's AT-TLS setup is too complex we limit its use.
zss, app-server, and the apiml servers document how to enable at-tls on docs.zowe.org But, the documentation is not in 1 place. It's not even in the same section of the documentation. https://docs.zowe.org/stable/user-guide/api-mediation/api-mediation-internal-configuration/#at-tls https://docs.zowe.org/stable/user-guide/mvd-configuration/#using-at-tls-in-the-app-framework
Users are unlikely to discover these pages exist, and therefore will not know about at-tls capabilities without being told by an expert.
Even after learning these pages exist, the instructions are overly complex, because the way in which the servers are configured to use ATTLS is not the same across all servers.
Additionally, if all servers support ATTLS, is certificate setup in Zowe needed? To what extent? Our documentation and "zwe" do not cover this, so people would likely be doing unnecessary certificate setup steps only to end up with a keystore that is not fully utilized.
Goal: Have all servers be able to turn AT-TLS on/off with a single, standardized configuration section within zowe.yaml
Solution: Create a standard area within zowe.yaml's "zowe" section which details whether ATTLS is on or off. Create a standard area within each "component" section of zowe.yaml such that each component could have overrides. Document these in the Zowe schema Enhance our servers to utilize this information when available. note: configmgr templating could be used to assign already-existing configuration parameters of our servers to these new standards, so that the enhancement could be reduced to configuration default changes rather than code changes, if desired. Enhance servers that do not yet support ATTLS to do so, using this info Reorganize our documentation, to better explain ATTLS, how to configure it (within the keystore setup section?), and then how to configure Zowe to use it. Review & revise existing keystore setup code & documentation to simplify wherever possible when ATTLS is used