Bug 883025
Summary: | pulp-qpid-ssl-cfg script should mention copying of certs and creating /etc/pki/pulp/qpid/ directory on the consumers | ||
---|---|---|---|
Product: | [Retired] Pulp | Reporter: | Sayli Karmarkar <skarmark> |
Component: | consumers | Assignee: | Jeff Ortel <jortel> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 2.0.6 | CC: | cperry |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-07 14:09:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sayli Karmarkar
2012-12-03 16:30:26 UTC
Fixed in the 0.12 beta. verified [root@preethi ~]# pulp-qpid-ssl-cfg Working in: /tmp/tmp6957 Please specify a directory into which the created NSS database and associated certificates will be installed. Enter a directory [/etc/pki/pulp/qpid]: /etc/pki/pulp/qpid Please enter a password for the NSS database. Generated if not specified. Enter a password: Using password: [redhat] Please specify a CA. Generated if not specified. Enter a path: Password file created. Database created. Creating CA certificate: Generating key. This may take a few moments... CA created Creating BROKER certificate: Generating key. This may take a few moments... Broker certificate created. Creating CLIENT certificate: Generating key. This may take a few moments... Client certificate created. pk12util: PKCS12 EXPORT SUCCESSFUL MAC verified OK Client key & certificate exported Artifacts copied to: /etc/pki/pulp/qpid. Recommended properties in /etc/qpidd.conf: auth=no # SSL require-encryption=yes ssl-require-client-authentication=yes ssl-cert-db=/etc/pki/pulp/qpid/nss ssl-cert-password-file=/etc/pki/pulp/qpid/nss/password ssl-cert-name=broker ssl-port=5671 ... Recommended properties in /etc/pulp/server.conf: ... [messaging] url=ssl://<host>:5671 cacert=/etc/pki/pulp/qpid/ca.crt clientcert=/etc/pki/pulp/qpid/client.crt Recommended properties in /etc/pulp/consumer/consumer.conf: ... [messaging] scheme=ssl port=5671 cacert=/etc/pki/pulp/qpid/ca.crt clientcert=/etc/pki/pulp/qpid/client.crt NOTE: The /etc/pki/pulp/qpid/ca.crt and /etc/pki/pulp/qpid/client.crt certificates will need to be manually copied to each consumer. [root@preethi ~]# Pulp 2.0 released. |