Deprecate rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.conf
/etc/pki/pulp is designed to be shared in multi-node clustered Pulp deployments. Currently some consumer things that are meant to be exclusive to a registered consumer machine itself are registered here. These locations are configurable via consumer.conf, but the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields default to a location inside of /etc/pki/pulp. This causes unexpected behavior such as registering two pulp nodes in clustered Pulp installation will fail because the second node things its already registered due to the shared nature of /etc/pki/pulp.
We will deprecate the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields, and introduce a fallback behavior for backwards compatibility. The new locations will be as follows:
rsa_key = /var/lib/pulp-consumer/rsa.key rsa_pub = /var/lib/pulp-consumer/rsa_pub.key cert = /var/lib/pulp-consumer/consumer-cert.pem
When looking for any of these files, code will first check the new CONSTANT based locations, and if the rsa_key, rsa_pub, or cert cannot be found will use the conf file locations (for backwards compatibility). Unregistration will delete the credentials in either place depending on where they live.
rsa_key and rsa_pub are in [authentication]. The cert currently is made by concatenating id_cert_dir and id_cert_filename in [filesystem].Deliverables:
- Add the deprecation note to consumer.conf
- Add a release note about the deprecation
- Add the new 3 locations as CONSTANTS
- Introduce a method/function that abstracts the finding of these files with the fallback behavior.
- Have all create/read/write/delete code gets its path from the abstraction above instead of directly from the conf file.
- Remove the note/warning on the scaling page that Pulp clustered nodes cannot be registered as consumers.
- Add test code for new code introduced.
#1 Updated by bmbouter over 4 years ago
This is likely reverse incompatible, but I can think of one way it could not be. If we deprecate these four settings altogether and make them constants we could have the gofer package move the files as part of the upgrade in the pulp-consumer spec file. Or is it the gofer spec file? Is it valuable to have the user able to set the location of these?
#6 Updated by bmbouter over 4 years ago
- Tracker changed from Task to Story
- Subject changed from Move all consumer files out of /etc/pki/pulp/ to Deprecate rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.conf
- Description updated (diff)
Updating the story with everything from the notes discussion.
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.
Please register to edit this issue