Description of problem: Pulp cannot connect to MongoDB using SSL. It would be superior if Pulp could connect to Mongo using SSL. pymongo does have the ability to do this[0]. Version-Release number of selected component (if applicable): 2.4.0-1 How reproducible: Every time. Steps to Reproduce: 1. Try to get Pulp to connect to Mongo using SSL. Actual results: Note that you failed because Pulp doesn't have any setting to express that the user wants an SSL protected MongoDB connection. Expected results: You should have succeeded. Additional info: [0] http://docs.mongodb.org/manual/tutorial/configure-ssl-clients/#pymongo
I've submitted a pull request[0] to add this feature. There are several new settings in the [database] section of server.conf. There are a number of potential QE test cases: 1) Make sure that non-SSL connections still work. 2) Configure MongoDB to do SSL, and give it a self-signed certificate: 2a) With Pulp's [database] --> verify_ssl set to false and ssl set to true, Pulp should connect just fine to this. 2b) Setting verify_ssl to True should cause a connection failure in Pulp. 3) Configure MongoDB to do SSL and give it a properly signed cert. Pulp should connect to it with verify_ssl set to True. [0] https://github.com/pulp/pulp/pull/1263
Fixed in 2.5.0-0.12.beta.
I just discovered that I had forgotten about the Mongo connection that's used for the results backend ☹
https://github.com/pulp/pulp/pull/1271
https://github.com/pulp/pulp/pull/1272
verified [root@cloud-qe-17 ~]# rpm -qa pulp-server pulp-server-2.5.0-0.14.beta.el6.noarch [root@cloud-qe-17 ~]# 1. Created CA & Certs for testing 2. Updated mongod.conf In mongodb.conf (for mong 2.4) #Configure SSL support #sslMode = requireSSL (this is 2.6) sslOnNormalPorts = true #sslPEMKeyFile = /etc/pki/tls/private/mongo-cert.pem sslPEMKeyFile = /etc/pki/tls/private/mongodb.pem sslCAFile = /etc/pki/tls/private/CA.crt #sslWeakCertificateValidation = true 3. Updated server.conf [database] # name: pulp_database seeds: localhost:27017 # operation_retries: 2 # username: # password: # replica_set: ssl: true #ssl_keyfile: ssl_certfile:/etc/pki/tls/private/mongodb.pem verify_ssl: true ca_path: /etc/pki/tls/private/CA.crt Restarted mongo & httpd And pulp works without any issues Tested with a different set of certs in the server.conf with turning sslWeakCertificateValidation = false in mongodb.conf Also tested different scenarios mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1153344#c1