Issue #7328
closed
pulp_installer and ssl docs disagree
Description
pulp_installer is generating SSL certs under /etc/pulp, but the SSL docs[1] say:
The default location for the CA certificate is /etc/pulp/certs/root.crt. The default location for the SSL certificate is /etc/pulp/certs/pulp_webserver.crt.
I think it makes more sense to update the pulp_installer to match the docs and place the certs under /etc/pulp/certs. But, then that raises questions about backwards compatibility for those that have already installed with pulp_installer.
If we update it, we can update it here: https://github.com/pulp/pulp_installer/blob/b52ca13/roles/pulp_webserver/defaults/main.yml#L8
[1] https://docs.pulpproject.org/installation/instructions.html#ssl
Updated by mdepaulo@redhat.com over 3 years ago
Installer is incorrect, and docs are correct.
We feel we should just do a release (3.6.0-1, or 3.6.0-2) ASAP, rather than write migration code.
Updated by mdepaulo@redhat.com over 3 years ago
- Assignee set to mdepaulo@redhat.com
Updated by mdepaulo@redhat.com over 3 years ago
- Status changed from NEW to ASSIGNED
Status update: I'm in the middle of working on this.
I plan to finish it up later this evening, or tomorrow morning.
Added by Mike DePaulo over 3 years ago
Added by Mike DePaulo over 3 years ago
Revision f4fd4608 | View on GitHub
Problem: pulp_installer installs TLS certs in /etc/pulp
rather than /etc/pulp/certs/ like we decided it would, and the pulpcore docs say it defaults to.
Solution: Set the new location to /etc/pulp/certs.
And deduplicate the variables for installing python's crypto library and the dir to use for API authentication tokens, which already was /etc/pulp/certs .
No automated solution will be provided to move the keys, we will simply release ASAP before too many user installs get the wrong location. And tell users to move their keys.
fixes: #7328 pulp_installer and ssl docs disagree https://pulp.plan.io/issues/7328
Updated by pulpbot over 3 years ago
- Status changed from ASSIGNED to POST
Updated by Anonymous over 3 years ago
- Status changed from POST to MODIFIED
Applied in changeset ansible-pulp|f4fd4608e4e93864d2c9e09c161be8b7010260fd.
Updated by mdepaulo@redhat.com over 3 years ago
Released in pulp_installer 3.6.0-1 .
Updated by mdepaulo@redhat.com over 3 years ago
- Sprint/Milestone deleted (
3.8.0)
Updated by mdepaulo@redhat.com over 3 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
.
Problem: pulp_installer installs TLS certs in /etc/pulp
rather than /etc/pulp/certs/ like we decided it would, and the pulpcore docs say it defaults to.
Solution: Set the new location to /etc/pulp/certs.
And deduplicate the variables for installing python's crypto library and the dir to use for API authentication tokens, which already was /etc/pulp/certs .
No automated solution will be provided to move the keys, we will simply release ASAP before too many user installs get the wrong location. And tell users to move their keys.
fixes: #7328 pulp_installer and ssl docs disagree https://pulp.plan.io/issues/7328