Project

Profile

Help

Story #859

closed

Deprecate rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.conf

Added by bmbouter over 9 years ago. Updated over 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Motivation:

/etc/pki/pulp is designed to be shared in multi-node clustered Pulp deployments. Currently some consumer things that are meant to be exclusive to a registered consumer machine itself are registered here. These locations are configurable via consumer.conf, but the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields default to a location inside of /etc/pki/pulp. This causes unexpected behavior such as registering two pulp nodes in clustered Pulp installation will fail because the second node things its already registered due to the shared nature of /etc/pki/pulp.

Outlined solution:

We will deprecate the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields, and introduce a fallback behavior for backwards compatibility. The new locations will be as follows:

rsa_key = /var/lib/pulp-consumer/rsa.key
rsa_pub = /var/lib/pulp-consumer/rsa_pub.key
cert = /var/lib/pulp-consumer/consumer-cert.pem

When looking for any of these files, code will first check the new CONSTANT based locations, and if the rsa_key, rsa_pub, or cert cannot be found will use the conf file locations (for backwards compatibility). Unregistration will delete the credentials in either place depending on where they live.

rsa_key and rsa_pub are in [authentication]. The cert currently is made by concatenating id_cert_dir and id_cert_filename in [filesystem].

Deliverables:

  • Add the deprecation note to consumer.conf
  • Add a release note about the deprecation
  • Add the new 3 locations as CONSTANTS
  • Introduce a method/function that abstracts the finding of these files with the fallback behavior.
  • Have all create/read/write/delete code gets its path from the abstraction above instead of directly from the conf file.
  • Remove the note/warning on the scaling page that Pulp clustered nodes cannot be registered as consumers.
  • Add test code for new code introduced.

Related issues

Related to Pulp - Story #872: Remove rsa_key, rsa_pub, id_cert_dir, and id_cert_filename from consumer.confCLOSED - WONTFIX

Actions

Also available in: Atom PDF