Project

Profile

Help

Story #859

Deprecate rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.conf

Added by bmbouter over 4 years ago. Updated 6 months ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Platform Release:
Blocks Release:
Backwards Incompatible:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

Motivation:

/etc/pki/pulp is designed to be shared in multi-node clustered Pulp deployments. Currently some consumer things that are meant to be exclusive to a registered consumer machine itself are registered here. These locations are configurable via consumer.conf, but the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields default to a location inside of /etc/pki/pulp. This causes unexpected behavior such as registering two pulp nodes in clustered Pulp installation will fail because the second node things its already registered due to the shared nature of /etc/pki/pulp.

Outlined solution:

We will deprecate the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields, and introduce a fallback behavior for backwards compatibility. The new locations will be as follows:

rsa_key = /var/lib/pulp-consumer/rsa.key
rsa_pub = /var/lib/pulp-consumer/rsa_pub.key
cert = /var/lib/pulp-consumer/consumer-cert.pem

When looking for any of these files, code will first check the new CONSTANT based locations, and if the rsa_key, rsa_pub, or cert cannot be found will use the conf file locations (for backwards compatibility). Unregistration will delete the credentials in either place depending on where they live.

rsa_key and rsa_pub are in [authentication]. The cert currently is made by concatenating id_cert_dir and id_cert_filename in [filesystem].

Deliverables:
  • Add the deprecation note to consumer.conf
  • Add a release note about the deprecation
  • Add the new 3 locations as CONSTANTS
  • Introduce a method/function that abstracts the finding of these files with the fallback behavior.
  • Have all create/read/write/delete code gets its path from the abstraction above instead of directly from the conf file.
  • Remove the note/warning on the scaling page that Pulp clustered nodes cannot be registered as consumers.
  • Add test code for new code introduced.

Related issues

Related to Pulp - Story #872: Remove rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.conf CLOSED - WONTFIX Actions

History

#1 Updated by bmbouter over 4 years ago

This is likely reverse incompatible, but I can think of one way it could not be. If we deprecate these four settings altogether and make them constants we could have the gofer package move the files as part of the upgrade in the pulp-consumer spec file. Or is it the gofer spec file? Is it valuable to have the user able to set the location of these?

#2 Updated by bmbouter over 4 years ago

The new location could be a folder that pulp-consumer manages in /etc/pki like /etc/pki/pulp-consumer/. It could also be one that adheres to Table 3-2 in this doc.

#3 Updated by jortel@redhat.com over 4 years ago

It's important to note that pulp-consumer actually writes to these locations. Not goferd.

#4 Updated by bmbouter over 4 years ago

  • Description updated (diff)

Good point; pulp-consumer does the writing. I updated the story description.

#5 Updated by mhrivnak over 4 years ago

I suggest putting this data in /var/lib/pulp-consumer/. For backward-compatibility, we can continue to look in the location designated by the config file as a fallback.

#6 Updated by bmbouter over 4 years ago

  • Tracker changed from Task to Story
  • Subject changed from Move all consumer files out of /etc/pki/pulp/ to Deprecate rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.conf
  • Description updated (diff)

Updating the story with everything from the notes discussion.

#7 Updated by bmbouter over 4 years ago

  • Description updated (diff)

#8 Updated by bmbouter over 4 years ago

  • Related to Story #872: Remove rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.conf added

#9 Updated by bmbouter over 4 years ago

  • Description updated (diff)

#10 Updated by bmbouter 6 months ago

  • Status changed from NEW to CLOSED - WONTFIX

#11 Updated by bmbouter 6 months ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#12 Updated by bmbouter 6 months ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF