Project

Profile

Help

Story #6846

closed

Story #6331: [Epic] Add SSL support

As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencrypt certificates

Added by bmbouter over 2 years ago. Updated about 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Background

In some cases users of Pulp users want TLS and would like to use a letsencrypt certificate.

Use Cases

  1. Configure new installations with a letsencrypt installation
  2. Renew letsencrypt certificates that are about to expire on existing installations (same options from the user)

Solution

Add options to the installer for the user to express their intent to have Pulp configured to use letsencrypt. If provided, the installer should create a letsencrypt certificate and configure either the Apache or Nginx configuration Pulp to run on port 443 with TLS enabled.

This cannot be enabled by default because letsencrypt can only be acquired if the Pulp host has a publicly accessible FQDN.

The same config used to configure a new install to setup a letsencrypt cert should automatically renew an existing pulp installation's letsencrypt certificate if they are within their renewal window.


Related issues

Related to Pulp - Task #7285: Add documentation about distributing the Certificate CA generated by Pulp InstallerCLOSED - CURRENTRELEASEdkliban@redhat.com

Actions
Actions #1

Updated by bmbouter over 2 years ago

  • Parent task set to #6331
Actions #2

Updated by mdepaulo@redhat.com over 2 years ago

dkliban and I just held a meeting.

We hashed out the following plan on implementing this: https://hackmd.io/wN4qE67YRB6NN9caPZSLMA?edit

Actions #3

Updated by mdepaulo@redhat.com over 2 years ago

  • Related to Task #7285: Add documentation about distributing the Certificate CA generated by Pulp Installer added
Actions #4

Updated by mdepaulo@redhat.com over 2 years ago

  • Subject changed from As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencry certificates to As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencrypt certificates

Added by Mike DePaulo over 2 years ago

Revision 1bb2d242

As an installer user, I can configure Pulp

to run with TLS enabled to install/renew using letsencrypt certificates

fixes: #6846 https://pulp.plan.io/issues/6846

Actions #5

Updated by pulpbot over 2 years ago

  • Status changed from NEW to POST
Actions #6

Updated by Anonymous over 2 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

Added by Mike DePaulo over 2 years ago

Revision b52ca13c

As an installer user, I can configure Pulp

to run with TLS enabled to install/renew using letsencrypt certificates

fixes: #6846 https://pulp.plan.io/issues/6846

Added by Mike DePaulo over 2 years ago

Revision b52ca13c

As an installer user, I can configure Pulp

to run with TLS enabled to install/renew using letsencrypt certificates

fixes: #6846 https://pulp.plan.io/issues/6846

Actions #7

Updated by ttereshc about 2 years ago

  • Sprint/Milestone set to 3.8.0
Actions #8

Updated by ttereshc about 2 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF