From 44bf4f088eb38c3b5b8eb5067c2ab9a489c7e869 Mon Sep 17 00:00:00 2001
From: Mario Lassnig <mario.lassnig@cern.ch>
Date: Wed, 23 Oct 2019 15:21:06 +0200
Subject: [PATCH] fix certs

---
 dev/Dockerfile |  5 -----
 dev/rucio.cfg  | 32 ++++++++++++++++----------------
 dev/rucio.conf |  3 ---
 3 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/dev/Dockerfile b/dev/Dockerfile
index b372482..149f1ab 100644
--- a/dev/Dockerfile
+++ b/dev/Dockerfile
@@ -32,9 +32,6 @@ RUN yum install -y \
       python \
       python-pip \
       python-devel \
-      python34 \
-      python34-pip \
-      python34-devel \
       gmp-devel \
       krb5-devel \
       git \
@@ -70,7 +67,6 @@ RUN pip install -r /tmp/rucio/tools/pip-requires
 RUN pip install -r /tmp/rucio/tools/pip-requires-test
 RUN pip install psycopg2-binary
 RUN ln -s $RUCIOHOME/lib/rucio /usr/lib/python2.7/site-packages/rucio
-RUN ln -s $RUCIOHOME/lib/rucio /usr/lib/python3.4/site-packages/rucio
 
 COPY .pep8 .pep8
 COPY .flake8 .flake8
@@ -86,7 +82,6 @@ COPY alembic.ini $RUCIOHOME/etc/alembic.ini
 COPY aliases-py27.conf $RUCIOHOME/etc/web/aliases-py27.conf
 COPY ui-aliases-py27.conf $RUCIOHOME/etc/web/ui-aliases-py27.conf
 COPY google-cloud-storage-test.json $RUCIOHOME/etc/google-cloud-storage-test.json
-COPY certs/rucio_ca.pem $RUCIOHOME/etc/web/CERN-bundle.pem
 COPY certs/rucio_ca.pem /etc/grid-security/certificates/5fca1cb1.0
 
 COPY 00-mpm.conf /etc/httpd/conf.modules.d/00-mpm.conf
diff --git a/dev/rucio.cfg b/dev/rucio.cfg
index e9f0f8c..d39b455 100644
--- a/dev/rucio.cfg
+++ b/dev/rucio.cfg
@@ -10,8 +10,8 @@ auth_type = userpass
 username = ddmlab
 password = secret
 ca_cert = /etc/grid-security/certificates/5fca1cb1.0
-client_cert = /opt/rucio/etc/certs/usercert.pem
-client_key = /opt/rucio/etc/certs/userkey.pem
+client_cert = /opt/rucio/etc/usercert.pem
+client_key = /opt/rucio/etc/userkey.pem
 client_x509_proxy = $X509_USER_PROXY
 account = root
 request_retries = 3
@@ -31,7 +31,7 @@ userpass_identity = ddmlab
 userpass_pwd = 2ccee6f6dd1bc2269cddd7cd5e47578e98e430539807c36df23fab7dd13e7583
 userpass_email = rucio-dev@cern.ch
 
-# Default development client certificate from /opt/rucio/etc/certs/usercert.pem
+# Default development client certificate from /opt/rucio/etc/usercert.pem
 x509_identity = /CN=Rucio User
 x509_email = rucio-dev@cern.ch
 
@@ -54,12 +54,12 @@ scheme = https,davs,gsiftp,root,srm
 transfertool = fts3
 ftshosts = https://fts:8446
 cacert = /etc/grid-security/certificates/5fca1cb1.0
-usercert = /opt/rucio/etc/certs/usercertkey.pem
+usercert = /opt/rucio/etc/usercertkey.pem
 
 [messaging-fts3]
 port = 61123
-ssl_key_file = /opt/rucio/etc/certs/usercert.key.pem
-ssl_cert_file = /opt/rucio/etc/certs/usercert.pem
+ssl_key_file = /opt/rucio/etc/userkey.pem
+ssl_cert_file = /opt/rucio/etc/usercert.pem
 destination = /topic/transfer.fts_monitoring_queue_state
 brokers = activemq
 voname = atlas
@@ -71,8 +71,8 @@ port = 61613
 nonssl_port = 61613
 use_ssl = False
 destination = /queue/events
-ssl_key_file = /opt/rucio/etc/certs/usercert.key.pem
-ssl_cert_file = /opt/rucio/etc/certs/usercert.pem
+ssl_key_file = /opt/rucio/etc/userkey.pem
+ssl_cert_file = /opt/rucio/etc/usercert.pem
 brokers = activemq
 voname = atlas
 email_from = Rucio <rucio-dev@cern.ch>
@@ -104,8 +104,8 @@ topic = /topic/rucio.tracer
 [tracer-kronos]
 brokers=activemq
 port=61013
-ssl_key_file = /opt/rucio/etc/certs/usercert.key.pem
-ssl_cert_file = /opt/rucio/etc/certs/usercert.pem
+ssl_key_file = /opt/rucio/etc/userkey.pem
+ssl_cert_file = /opt/rucio/etc/usercert.pem
 queue = /queue/Consumer.kronos.rucio.tracer
 prefetch_size = 10
 chunksize = 10
@@ -128,8 +128,8 @@ cfg = /opt/rucio/etc/alembic.ini
 
 [messaging-cache]
 port = 61023
-ssl_key_file = /opt/rucio/etc/certs/usercert.key.pem
-ssl_cert_file = /opt/rucio/etc/certs/usercert.pem
+ssl_key_file = /opt/rucio/etc/userkey.pem
+ssl_cert_file = /opt/rucio/etc/usercert.pem
 destination = /topic/rucio.cache
 brokers = activemq
 voname = atlas
@@ -137,12 +137,12 @@ account = cache_mb
 
 [test]
 cacert = /etc/grid-security/certificates/5fca1cb1.0
-usercert = /opt/rucio/etc/certs/ruciouser.pem
-userkey = /opt/rucio/etc/certs/ruciouser.key.pem
+usercert = /opt/rucio/etc/usercert.pem
+userkey = /opt/rucio/etc/userkey.pem
 
 [nagios]
-proxy = /opt/rucio/etc/certs/usercertkey.pem
-rfcproxy = /opt/rucio/etc/certs/usercertkey.pem
+proxy = /opt/rucio/etc/usercertkey.pem
+rfcproxy = /opt/rucio/etc/usercertkey.pem
 fts_servers = https://fts3:8446
 
 [auditor]
diff --git a/dev/rucio.conf b/dev/rucio.conf
index c4028f1..51162f8 100644
--- a/dev/rucio.conf
+++ b/dev/rucio.conf
@@ -1,6 +1,3 @@
-LoadModule wsgi_module /usr/lib64/httpd/modules/mod_wsgi.so
-
-LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
 SSLSessionCache  shmcb:/var/log/httpd/ssl_scache(512000)
 
 Listen 443