Add info on ENABLE_SHA1 flag on cache and origin containers (SOFTWARE-5809) #155
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
We do have an xrootd-standalone image. Does anybody use it? 🤷🏽
I don't think this is necessary for a CE since we use LE + tokens
Agreed. I've been a bit hesitant on this because it feels like something people will set and forget. |
|
Tagging in @mwestphall for the review |
Well, it's not documented in this repository at least :) As a side note the xrootd-standalone docs have not been updated for OSG 23 yet. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These are the two places I could find to add the info on the ENABLE_SHA1 flag. The documentation for running a hosted CE is elsewhere; Frontier-Squids I assume don't use grid certs for auth; we don't have an XRootD-Standalone image; ENABLE_SHA1 doesn't work on the EP containers (because they don't run as root and you need root to run update-crypto-policy).
There are numerous non-containerized services where a blurb mentioning EL9 and update-crypto-policy might be useful, though, but that should be a separate PR (and perhaps ticket).