Pulp

Motivation:

/etc/pki/pulp is designed to be shared in multi-node clustered Pulp deployments. Currently some consumer things that are meant to be exclusive to a registered consumer machine itself are registered here. These locations are configurable via consumer.conf, but the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields default to a location inside of /etc/pki/pulp. This causes unexpected behavior such as registering two pulp nodes in clustered Pulp installation will fail because the second node things its already registered due to the shared nature of /etc/pki/pulp.

Outlined solution:

We will deprecate the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields, and introduce a fallback behavior for backwards compatibility. The new locations will be as follows:

rsa_key = /var/lib/pulp-consumer/rsa.key
rsa_pub = /var/lib/pulp-consumer/rsa_pub.key
cert = /var/lib/pulp-consumer/consumer-cert.pem

When looking for any of these files, code will first check the new CONSTANT based locations, and if the rsa_key, rsa_pub, or cert cannot be found will use the conf file locations (for backwards compatibility). Unregistration will delete the credentials in either place depending on where they live.

rsa_key and rsa_pub are in [authentication]. The cert currently is made by concatenating id_cert_dir and id_cert_filename in [filesystem].

Deliverables:

• Add the deprecation note to consumer.conf
• Add a release note about the deprecation
• Add the new 3 locations as CONSTANTS
• Introduce a method/function that abstracts the finding of these files with the fallback behavior.
• Have all create/read/write/delete code gets its path from the abstraction above instead of directly from the conf file.
• Remove the note/warning on the scaling page that Pulp clustered nodes cannot be registered as consumers.
• Add test code for new code introduced.