Dominic Cleal reports: /etc/pki/tls/private/katello-node.key is created in the apache::certs class in node-installer when a child Pulp node is deployed. It contains the private key for the node, that's normally kept in files with 0600 permissions.
Upstream commit: https://github.com/Katello/node-installer/commit/15e01086bcb3f5d42525730e8b162bca11bec85e
Added a patch accidentally to this BZ entry, removed.
This was verified and delivered with Satellite 6 MDP2. Upstream has also been addressed.
This flaw is already been fixed: * Actual tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1021119 * Downstream patch: https://gitlab.satellite.lab.eng.rdu2.redhat.com/satellite6/katello-installer/-/commit/15e01086bcb3f5d42525730e8b162bca11bec85e * Fixed erratas: https://errata.devel.redhat.com/package/show/katello-installer * Fixed versions (from released erratas): - katello-installer-0.0.67-1.el7sat - katello-installer-0.0.64-1.el7sat