Project

Profile

Help

Issue #7328

closed

pulp_installer and ssl docs disagree

Added by cognifloyd over 4 years ago. Updated about 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 79
Quarter:

Description

pulp_installer is generating SSL certs under /etc/pulp, but the SSL docs[1] say:

The default location for the CA certificate is /etc/pulp/certs/root.crt. The default location for the SSL certificate is /etc/pulp/certs/pulp_webserver.crt.

I think it makes more sense to update the pulp_installer to match the docs and place the certs under /etc/pulp/certs. But, then that raises questions about backwards compatibility for those that have already installed with pulp_installer.

If we update it, we can update it here: https://github.com/pulp/pulp_installer/blob/b52ca13/roles/pulp_webserver/defaults/main.yml#L8

[1] https://docs.pulpproject.org/installation/instructions.html#ssl

Actions #1

Updated by mdepaulo@redhat.com over 4 years ago

Installer is incorrect, and docs are correct.

We feel we should just do a release (3.6.0-1, or 3.6.0-2) ASAP, rather than write migration code.

Actions #2

Updated by mdepaulo@redhat.com over 4 years ago

  • Assignee set to mdepaulo@redhat.com
Actions #3

Updated by mdepaulo@redhat.com over 4 years ago

  • Status changed from NEW to ASSIGNED

Status update: I'm in the middle of working on this.

I plan to finish it up later this evening, or tomorrow morning.

Added by Mike DePaulo over 4 years ago

Revision f4fd4608 | View on GitHub

Problem: pulp_installer installs TLS certs in /etc/pulp

rather than /etc/pulp/certs/ like we decided it would, and the pulpcore docs say it defaults to.

Solution: Set the new location to /etc/pulp/certs.

And deduplicate the variables for installing python's crypto library and the dir to use for API authentication tokens, which already was /etc/pulp/certs .

No automated solution will be provided to move the keys, we will simply release ASAP before too many user installs get the wrong location. And tell users to move their keys.

fixes: #7328 pulp_installer and ssl docs disagree https://pulp.plan.io/issues/7328

Added by Mike DePaulo over 4 years ago

Revision f4fd4608 | View on GitHub

Problem: pulp_installer installs TLS certs in /etc/pulp

rather than /etc/pulp/certs/ like we decided it would, and the pulpcore docs say it defaults to.

Solution: Set the new location to /etc/pulp/certs.

And deduplicate the variables for installing python's crypto library and the dir to use for API authentication tokens, which already was /etc/pulp/certs .

No automated solution will be provided to move the keys, we will simply release ASAP before too many user installs get the wrong location. And tell users to move their keys.

fixes: #7328 pulp_installer and ssl docs disagree https://pulp.plan.io/issues/7328

Actions #4

Updated by pulpbot over 4 years ago

  • Status changed from ASSIGNED to POST
Actions #5

Updated by Anonymous over 4 years ago

  • Status changed from POST to MODIFIED
Actions #6

Updated by ttereshc about 4 years ago

  • Sprint/Milestone set to 3.8.0
Actions #7

Updated by mdepaulo@redhat.com about 4 years ago

Released in pulp_installer 3.6.0-1 .

Actions #8

Updated by mdepaulo@redhat.com about 4 years ago

  • Sprint/Milestone deleted (3.8.0)
Actions #9

Updated by mdepaulo@redhat.com about 4 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions #10

Updated by mdepaulo@redhat.com about 4 years ago

  • Sprint set to Sprint 79

Also available in: Atom PDF