Story #859
Updated by bmbouter about 9 years ago
Motivation: /etc/pki/pulp is designed to be shared in multi-node clustered Pulp deployments. Currently some consumer things that are meant to be exclusive to a registered consumer machine itself are registered here. These locations are configurable via "consumer.conf":https://github.com/pulp/pulp/blob/6ffc3cfe0bd0896defcb6acd74a2903b572b5bbb/client_consumer/etc/pulp/consumer/consumer.conf, but the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields many of them default to a location inside of /etc/pki/pulp. This causes unexpected behavior such as registering two pulp nodes in clustered Pulp installation will fail because the second node things its already registered due to the shared nature of /etc/pki/pulp. /etc/pki/pulp Outlined solution: We will deprecate the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields, and introduce a fallback behavior for backwards compatibility. The new locations will be as follows: <pre> rsa_key = /var/lib/pulp-consumer/rsa.key rsa_pub = /var/lib/pulp-consumer/rsa_pub.key cert = /var/lib/pulp-consumer/consumer-cert.pem </pre> When looking for any I'm not 100% sure of these files, code will first check all of the new CONSTANT based locations, and if the rsa_key, rsa_pub, or cert cannot things that need to move, but I think anything that is written by pulp-consumer AFTER install time should be found will use the conf file locations (for backwards compatibility). Unregistration will delete the credentials in either place depending on where they live. moved. Here are some things I know need to go: rsa_key and rsa_pub are in [authentication]. The cert currently is made by concatenating Also id_cert_dir and id_cert_filename in [filesystem]. [filesystem] together identify where the registered consumer's cert lives, which needs to also not be in /etc/pki/pulp
.