Story #859
Updated by bmbouter over 9 years ago
Motivation:
/etc/pki/pulp is designed to be shared in multi-node clustered Pulp deployments. Currently some consumer things that are meant to be exclusive to a registered consumer machine itself are registered here. These locations are configurable via "consumer.conf":https://github.com/pulp/pulp/blob/6ffc3cfe0bd0896defcb6acd74a2903b572b5bbb/client_consumer/etc/pulp/consumer/consumer.conf, but the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields default to a location inside of /etc/pki/pulp. This causes unexpected behavior such as registering two pulp nodes in clustered Pulp installation will fail because the second node things its already registered due to the shared nature of /etc/pki/pulp.
Outlined solution:
We will deprecate the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields, and introduce a fallback behavior for backwards compatibility. The new locations will be as follows:
<pre>
rsa_key = /var/lib/pulp-consumer/rsa.key
rsa_pub = /var/lib/pulp-consumer/rsa_pub.key
cert = /var/lib/pulp-consumer/consumer-cert.pem
</pre>
When looking for any of these files, code will first check the new CONSTANT based locations, and if the rsa_key, rsa_pub, or cert cannot be found will use the conf file locations (for backwards compatibility). Unregistration will delete the credentials in either place depending on where they live.
rsa_key and rsa_pub are in [authentication]. The cert currently is made by concatenating id_cert_dir and id_cert_filename in [filesystem].
Deliverables:
* Add the deprecation note to consumer.conf
* Add a release note about the deprecation
* Add the new 3 locations as CONSTANTS
* Introduce a method/function that abstracts the finding of these files with the fallback behavior.
* Have all create/read/write/delete code gets its path from the abstraction above instead of directly from the conf file.
* Add test code for new code introduced.