Actions
Issue #7328
closed
pulp_installer and ssl docs disagree
Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 79
Quarter:
Description
pulp_installer is generating SSL certs under /etc/pulp, but the SSL docs[1] say:
The default location for the CA certificate is /etc/pulp/certs/root.crt. The default location for the SSL certificate is /etc/pulp/certs/pulp_webserver.crt.
I think it makes more sense to update the pulp_installer to match the docs and place the certs under /etc/pulp/certs. But, then that raises questions about backwards compatibility for those that have already installed with pulp_installer.
If we update it, we can update it here: https://github.com/pulp/pulp_installer/blob/b52ca13/roles/pulp_webserver/defaults/main.yml#L8
[1] https://docs.pulpproject.org/installation/instructions.html#ssl
Actions
.
Problem: pulp_installer installs TLS certs in /etc/pulp
rather than /etc/pulp/certs/ like we decided it would, and the pulpcore docs say it defaults to.
Solution: Set the new location to /etc/pulp/certs.
And deduplicate the variables for installing python's crypto library and the dir to use for API authentication tokens, which already was /etc/pulp/certs .
No automated solution will be provided to move the keys, we will simply release ASAP before too many user installs get the wrong location. And tell users to move their keys.
fixes: #7328 pulp_installer and ssl docs disagree https://pulp.plan.io/issues/7328