Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enh(as400): add ssl connection option #5476

Merged
merged 16 commits into from
Mar 5, 2025
Merged

enh(as400): add ssl connection option #5476

merged 16 commits into from
Mar 5, 2025

Conversation

sdepassio
Copy link
Contributor

@sdepassio sdepassio commented Feb 28, 2025
edited
Loading

Community contributors

Description

Includes PR #5383 by @garnier-quentin
Add capability to use AS400 SSL connection.
The plugin has a new option: --ssl.

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Functionality enhancement or optimization (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software

How this pull request can be tested ?

For the SSL connection, the port 9475 must be opened from the poller. If you check it, you surely have the error:

UNKNOWN: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

You need to import the target AS400 certificate on your poller. How could do that ?

Get the certificate (change the IP with your AS400 IP):

openssl s_client -showcerts -connect 192.168.23.13:9475
....
-----BEGIN CERTIFICATE-----
MIIBzTCCAXKgAwIBAgIHZ2AwVwa86DAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJJ
VDEMMAoGA1UECBMDSVRBMQswCQYDVQQKEwJBNDEXMBUGA1UEAxMOYTQuaG9yc2Eu
bG9jYWwwHhcNMjQxMjE1MTM1MTE5WhcNMjUxMjE2MTM1MTE5WjBEMQswCQYDVQQG
EwJJVDEMMAoGA1UECBMDSVRBMQ4wDAYDVQQKEwVob3JzYTEXMBUGA1UEAxMOYTQu
aG9yc2EubG9jYWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATqCX0phiFrLWO4
DIQPgia3tUWDR3AhG9bj1nJZGH18DzdFo3Vmkw7OIXd8Hb4h/SPU9RW4UJP2mkye
fQ7KYjT3o1IwUDAdBgNVHQ4EFgQUbXG2MgF61atRpOPk8bqE00sTtWwwHwYDVR0j
BBgwFoAUA2TweBcnGgh+RoLcNFzlncglz/MwDgYDVR0PAQH/BAQDAgPoMAoGCCqG
SM49BAMCA0kAMEYCIQC/vW+MKDb+qmS2z2bHhmXL9hBdxlWneU3IMvQyz/bGtQIh
ALikXP2MyNN79k/CTewYI929gPQ19GAohyXWkAjq8LoC
-----END CERTIFICATE-----
...

Create a file as400_192.168.23.13.crt with the BEGIN and END certificate section from previous command.
Import the certificate (the path is for centos 7):

# keytool -importcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.412.b08-1.el7_9.x86_64/jre/lib/security/cacerts -storepass changeit -file as400_192.168.23.13.crt -alias " as400_192.168.23.13"
...
Trust this certificate? [no]:  yes
Certificate was added to keystore

Now it should work with option --ssl.

Checklist

  • I have followed the coding style guidelines provided by Centreon
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have rebased my development branch on the base branch (develop).
  • I have provide data or shown output displaying the result of this code in the plugin area concerned.

@sdepassio sdepassio mentioned this pull request Feb 28, 2025
Closed
8 tasks
@sdepassio sdepassio force-pushed the CTOR-1291-plugin-os-as-400-connector-add-secure-connection-option branch from f4a4da7 to 18b7cab Compare March 3, 2025 09:06
@sdepassio sdepassio marked this pull request as ready for review March 3, 2025 16:43
@sdepassio sdepassio requested review from a team as code owners March 3, 2025 16:43
kduret
kduret reviewed Mar 4, 2025
View reviewed changes
@sdepassio sdepassio force-pushed the CTOR-1291-plugin-os-as-400-connector-add-secure-connection-option branch from 3485332 to eeccfed Compare March 4, 2025 09:46
@sdepassio sdepassio requested a review from kduret March 4, 2025 14:37
omercier
omercier previously approved these changes Mar 4, 2025
View reviewed changes
@sdepassio sdepassio force-pushed the CTOR-1291-plugin-os-as-400-connector-add-secure-connection-option branch from 63d0a10 to 92ea421 Compare March 5, 2025 12:41
@sdepassio sdepassio force-pushed the CTOR-1291-plugin-os-as-400-connector-add-secure-connection-option branch from ce07327 to 2e695f3 Compare March 5, 2025 13:03
@sdepassio sdepassio requested a review from Evan-Adam March 5, 2025 14:08
@Evan-Adam Evan-Adam merged commit baf7035 into develop Mar 5, 2025
28 checks passed
@Evan-Adam Evan-Adam deleted the CTOR-1291-plugin-os-as-400-connector-add-secure-connection-option branch March 5, 2025 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bouda1 bouda1 bouda1 approved these changes

@kduret kduret kduret approved these changes

@Evan-Adam Evan-Adam Evan-Adam approved these changes

@omercier omercier omercier left review comments

@mushroomempires mushroomempires Awaiting requested review from mushroomempires mushroomempires is a code owner automatically assigned from centreon/owners-pipelines

@jean-christophe81 jean-christophe81 Awaiting requested review from jean-christophe81 jean-christophe81 is a code owner automatically assigned from centreon/owners-robot-e2e

@lucie-dubrunfaut lucie-dubrunfaut Awaiting requested review from lucie-dubrunfaut lucie-dubrunfaut is a code owner automatically assigned from centreon/owners-perl

Assignees
No one assigned
Labels
skip-workflow-as400 skip-workflow-docker-builder-packaging-plugins skip-workflow-plugins
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sdepassio @bouda1 @kduret @omercier @Evan-Adam @garnier-quentin