Bug 883025

Summary: pulp-qpid-ssl-cfg script should mention copying of certs and creating /etc/pki/pulp/qpid/ directory on the consumers
Product: [Retired] Pulp Reporter: Sayli Karmarkar <skarmark>
Component: consumersAssignee: Jeff Ortel <jortel>
Status: CLOSED CURRENTRELEASE QA Contact: Preethi Thomas <pthomas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0.6CC: cperry
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-07 14:09:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sayli Karmarkar 2012-12-03 16:30:26 UTC
Description of problem:

[messaging]
scheme=ssl
port=5671
cacert=/etc/pki/pulp/qpid/ca.crt
clientcert=/etc/pki/pulp/qpid/client.crt

if /etc/pki/pulp/qpid/ca.crt and /etc/pki/pulp/qpid/client.crt are not copied over to the consumer, error message we see is very confusing, so we should suggest copying them similar to config changes.

Comment 1 Jeff Ortel 2012-12-04 19:12:41 UTC
https://github.com/pulp/pulp/pull/180

Comment 2 Jay Dobies 2012-12-07 14:06:11 UTC
Fixed in the 0.12 beta.

Comment 3 Preethi Thomas 2012-12-07 21:12:56 UTC
verified

[root@preethi ~]# pulp-qpid-ssl-cfg

Working in: /tmp/tmp6957


Please specify a directory into which the created NSS database
and associated certificates will be installed.

Enter a directory [/etc/pki/pulp/qpid]:
/etc/pki/pulp/qpid

Please enter a password for the NSS database.  Generated if not specified.

Enter a password:
Using password: [redhat]

Please specify a CA.  Generated if not specified.

Enter a path: 

Password file created.

Database created.

Creating CA certificate:


Generating key.  This may take a few moments...

CA created

Creating BROKER certificate:


Generating key.  This may take a few moments...

Broker certificate created.

Creating CLIENT certificate:


Generating key.  This may take a few moments...

Client certificate created.
pk12util: PKCS12 EXPORT SUCCESSFUL
MAC verified OK
Client key & certificate exported

Artifacts copied to: /etc/pki/pulp/qpid.

Recommended properties in /etc/qpidd.conf:

auth=no
# SSL
require-encryption=yes
ssl-require-client-authentication=yes
ssl-cert-db=/etc/pki/pulp/qpid/nss
ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password
ssl-cert-name=broker
ssl-port=5671
...


Recommended properties in /etc/pulp/server.conf:

...
[messaging]
url=ssl://<host>:5671
cacert=/etc/pki/pulp/qpid/ca.crt
clientcert=/etc/pki/pulp/qpid/client.crt


Recommended properties in /etc/pulp/consumer/consumer.conf:

...
[messaging]
scheme=ssl
port=5671
cacert=/etc/pki/pulp/qpid/ca.crt
clientcert=/etc/pki/pulp/qpid/client.crt


NOTE: The /etc/pki/pulp/qpid/ca.crt and /etc/pki/pulp/qpid/client.crt certificates will
need to be manually copied to each consumer.

[root@preethi ~]#

Comment 4 Preethi Thomas 2013-01-07 14:09:23 UTC
Pulp 2.0 released.