Project

Profile

Help

Story #859

Updated by bmbouter almost 9 years ago

Motivation: 

 /etc/pki/pulp is designed to be shared in multi-node clustered Pulp deployments. Currently some consumer things that are meant to be exclusive to a registered consumer machine itself are registered here. These locations are configurable via "consumer.conf":https://github.com/pulp/pulp/blob/6ffc3cfe0bd0896defcb6acd74a2903b572b5bbb/client_consumer/etc/pulp/consumer/consumer.conf, but the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields default to a location inside of /etc/pki/pulp. This causes unexpected behavior such as registering two pulp nodes in clustered Pulp installation will fail because the second node things its already registered due to the shared nature of /etc/pki/pulp. 

 Outlined solution: 

 We will deprecate the rsa_key, rsa_pub, id_cert_dir, and id_cert_filename fields, and introduce a fallback behavior for backwards compatibility. The new locations will be as follows: 

 <pre> 
 rsa_key = /var/lib/pulp-consumer/rsa.key 
 rsa_pub = /var/lib/pulp-consumer/rsa_pub.key 
 cert = /var/lib/pulp-consumer/consumer-cert.pem 
 </pre> 

 When looking for any of these files, code will first check the new CONSTANT based locations, and if the rsa_key, rsa_pub, or cert cannot be found will use the conf file locations (for backwards compatibility). Unregistration will delete the credentials in either place depending on where they live. 

 rsa_key and rsa_pub are in [authentication]. The cert currently is made by concatenating id_cert_dir and id_cert_filename in [filesystem]. 

 Deliverables: 
 * Add the deprecation note to consumer.conf 
 * Add a release note about the deprecation 
 * Add the new 3 locations as CONSTANTS 
 * Introduce a method/function that abstracts the finding of these files with the fallback behavior. 
 * Have all create/read/write/delete code gets its path from the abstraction above instead of directly from the conf file. 
 * Add test code for new code introduced.

Back