Project

Profile

Help

Story #6846

Story #6331: [Epic] Add SSL support

As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencrypt certificates

Added by bmbouter about 1 year ago. Updated 10 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Category:
Installer
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Background

In some cases users of Pulp users want TLS and would like to use a letsencrypt certificate.

Use Cases

  1. Configure new installations with a letsencrypt installation
  2. Renew letsencrypt certificates that are about to expire on existing installations (same options from the user)

Solution

Add options to the installer for the user to express their intent to have Pulp configured to use letsencrypt. If provided, the installer should create a letsencrypt certificate and configure either the Apache or Nginx configuration Pulp to run on port 443 with TLS enabled.

This cannot be enabled by default because letsencrypt can only be acquired if the Pulp host has a publicly accessible FQDN.

The same config used to configure a new install to setup a letsencrypt cert should automatically renew an existing pulp installation's letsencrypt certificate if they are within their renewal window.


Related issues

Related to Pulp - Task #7285: Add documentation about distributing the Certificate CA generated by Pulp InstallerCLOSED - CURRENTRELEASE

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision 1bb2d242 View on GitHub
Added by Mike DePaulo 12 months ago

As an installer user, I can configure Pulp

to run with TLS enabled to install/renew using letsencrypt certificates

fixes: #6846 https://pulp.plan.io/issues/6846

Revision b52ca13c View on GitHub
Added by Mike DePaulo 12 months ago

As an installer user, I can configure Pulp

to run with TLS enabled to install/renew using letsencrypt certificates

fixes: #6846 https://pulp.plan.io/issues/6846

Revision b52ca13c View on GitHub
Added by Mike DePaulo 12 months ago

As an installer user, I can configure Pulp

to run with TLS enabled to install/renew using letsencrypt certificates

fixes: #6846 https://pulp.plan.io/issues/6846

History

#1 Updated by bmbouter about 1 year ago

  • Parent task set to #6331

#2 Updated by mdepaulo@redhat.com 12 months ago

dkliban and I just held a meeting.

We hashed out the following plan on implementing this: https://hackmd.io/wN4qE67YRB6NN9caPZSLMA?edit

#3 Updated by mdepaulo@redhat.com 12 months ago

  • Related to Task #7285: Add documentation about distributing the Certificate CA generated by Pulp Installer added

#4 Updated by mdepaulo@redhat.com 12 months ago

  • Subject changed from As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencry certificates to As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencrypt certificates

#5 Updated by pulpbot 12 months ago

  • Status changed from NEW to POST

#6 Updated by Anonymous 12 months ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#7 Updated by ttereshc 10 months ago

  • Sprint/Milestone set to 3.8.0

#8 Updated by ttereshc 10 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF