Bug 760683

Summary: Move location of certs away from /etc/pki/content to a Pulp specific directory
Product: [Retired] Pulp Reporter: John Matthews <jmatthew>
Component: z_otherAssignee: John Matthews <jmatthew>
Status: CLOSED CURRENTRELEASE QA Contact: Preethi Thomas <pthomas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: skarmark
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-24 20:16:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 747661    

Description John Matthews 2011-12-06 19:06:49 UTC 
Description of problem:
As part of writing the SELinux policy we are considering moving Pulp certs normally under /etc/pki/content to a Pulp specific directory.  This is to ensure Pulp owns the directory and it's not shared with other services.

The dir:  /etc/pki/content  seems like it may be generic and could be used by other services later and result in a collision, hence something like /etc/pki/pulp/content is what we are thinking about.

This change needs to be communicated to Candlepin for CRL setup and Katello at a minimum.
Comment 1 John Matthews 2011-12-16 15:04:25 UTC 
Commit below:

http://git.fedorahosted.org/git/?p=pulp.git;a=commitdiff;h=51aab402b2a0dbc667c98176c733c021b270c6bf


QE:  Verify Pulp repo auth is functional and you are able to install a package remotely to a consumer registered to a protected repo.
Comment 2 Jeff Ortel 2012-01-04 21:48:44 UTC 
build: 0.256
Comment 3 Preethi Thomas 2012-01-06 16:19:52 UTC 
verified

[root@preethi ~]# rpm -q pulp
pulp-0.0.256-1.fc15.noarch

Id                 	rhel6_x86_64_preserve    
Name               	rhel6_x86_64_preserve    
Repo URL           	https://preethi.usersys.redhat.com/pulp/repos/content/dist/rhel/rhui/server-6/updates/6Server/x86_64/os/
Feed URL           	https://cdn.redhat.com/content/dist/rhel/rhui/server-6/updates/6Server/x86_64/os/
Feed Type          	remote                   
Content Type       	yum                      
Feed Certs         	CA:Yes   Cert:Yes
Consumer Certs     	CA:No   Cert:No
Architecture       	noarch                   
Sync Schedule      	None                     
Packages           	6707                     
Files              	0                        
Distributions      	None                     
Publish            	True                     
Clones             	[]                       
Groups             	None                     
Filters            	[]                       
Notes              	{}                       
Preserve Metadata  	True                     
Checksum Type      	sha256                   


[root@preethi ~]# ls -l /etc/pki/pulp/content/rhel6_x86_64_preserve/
total 40
-rw-r--r--. 1 apache apache 11184 Jan  6 11:10 feed-rhel6_x86_64_preserve.ca
-rw-r--r--. 1 apache apache 27130 Jan  6 11:10 feed-rhel6_x86_64_preserve.cert
[root@preethi ~]# pulp-admin package install -n zsh --consumerid=el6-client 
Created task id: fc62c140-3883-11e1-8072-002564a85a58
Waiting: [\] 
[u'zsh-4.3.10-4.1.el6.x86_64'] installed on el6-client
Comment 4 Preethi Thomas 2012-02-24 20:16:34 UTC 
Pulp v1.0 is released
Closed Current Release.
Comment 5 Preethi Thomas 2012-02-24 20:17:52 UTC 
Pulp v1.0 is released.