Bug 52274 - Run UMC-Server with additional UNIX-socket and let UMC-Webserver connect to this
Run UMC-Server with additional UNIX-socket and let UMC-Webserver connect to this
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-6-errata
Assigned To: Florian Best
Dirk Wiesenthal
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-10-28 12:51 CET by Florian Best
Modified: 2020-11-25 12:07 CET (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup, Large environments, UCS Performance
Max CVSS v3 score:
best: Patch_Available+


Attachments
patch (git:fbest/52274-umc-server-unix-socket) (8.43 KB, patch)
2020-10-28 12:51 CET, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2020-10-28 12:51:23 CET
Created attachment 10537 [details]
patch (git:fbest/52274-umc-server-unix-socket)

The UMC-Server currently runs with TCP socket at Port 6670 including SSL/TLS.

To gain performance we should let the UMC-Server run without TLS on a UNIX-Socket additionally.
The UMC-Webserver should connect to this instead.

We must keep the TCP Port 6670 still alive, as it is still used in some umc-command calls in the product.
Comment 1 Florian Best univentionstaff 2020-11-02 19:04:17 CET
You can already do the QA with git:7e979cf830b907722e07557db2367172bc854622 and git:0b82b28676bca85254fbf8b903993a53b5194397.
Comment 2 Florian Best univentionstaff 2020-11-13 14:53:55 CET
univention-management-console (11.0.5-15)
614b0edab221 | Bug #52274: debian/changelog + dependency
ab0fa9b99183 | Bug #52274: fix error handling of socket.errors in non-TLS mode
    Bug #52274: fix error handling of socket.errors in non-TLS mode
    
    As we don't wrap the socket with TLS the raw exceptions socket.error
    exceptions will be raised instead, which now needs to be handled as
    well.

d5e345546d1e | Bug #52274: run UMC-Server with addditional UNIX socket
    Bug #52274: run UMC-Server with addditional UNIX socket
    
    Start the UMC-Server with an additional UNIX socket and let the
    UMC-Webserver connect to this.
    Therefor we prevent the long runnning TLS handshake between the two
    services which we trust anyway.
    We must keep the TCP port 6670 currently opened because there are a few
    umc-command calls which still connect remotely to it.

univention-management-console.yaml
496160ac83f9 | YAML Bug #52274
Comment 3 Dirk Wiesenthal univentionstaff 2020-11-24 17:04:10 CET
Sockets: OK, used
umc-command: Still working
YAML: OK