768420 – Pulp has moved it's certs from /etc/pki/content to /etc/pki/pulp/content

Bug 768420 - Pulp has moved it's certs from /etc/pki/content to /etc/pki/pulp/content

Summary: Pulp has moved it's certs from /etc/pki/content to /etc/pki/pulp/content

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Installation
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Ivan Necas
QA Contact:	Garik Khachikyan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	katello-blockers
TreeView+	depends on / blocked

Reported:	2011-12-16 15:51 UTC by John Matthews
Modified:	2019-09-25 21:08 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-22 18:15:07 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	754728	0	unspecified	CLOSED	Document how to install Satellite 6.0 with own CA	2021-02-22 00:41:40 UTC

Internal Links: 754728

Description John Matthews 2011-12-16 15:51:05 UTC

As part of bz 760683 Pulp has moved it's certs from /etc/pki/content to /etc/pki/pulp/content

This bugzilla is filed to address any work which may be needed by Katello to integrate with Pulp.

This change will be in Pulp 0.0.256+/CR20.  

In particular SELinux rules may need to be modified for Katello.
Pulp expects the locations configured in repo_auth.conf to have the context "pulp_cert_t".  Pulp will apply this context to all files under /etc/pki/pulp if this path is not used than Katello will need to handle this rule.

Comment 1 John Matthews 2011-12-16 15:55:51 UTC

Also note: Apache needs to be the owner of the certs directory.  We no longer use setfacl and require regular dir/file ownership.

Comment 2 Ivan Necas 2012-01-06 09:47:21 UTC

The changes on Katello installed reflecting this fact are ready in remote branch 768420. Once new Pulp CR with this changes is released, it can be merged to master.

Comment 3 Ivan Necas 2012-01-06 12:14:58 UTC

Just a note: this change was introduced in pulp-0.0.256-1

Comment 4 Mike McCune 2012-01-26 19:07:03 UTC

mass ON_QA move

Comment 6 Garik Khachikyan 2012-02-01 10:25:32 UTC

# VERIFIED

on recent Katello packages the installation (as well as later interaction with pulp) goes fine. certificates are located under: /etc/pki/pulp/content/
context is: pulp_cert_t

checked against version:
---
katello-configure-0.1.58-1.git.0.33f084d.el6.noarch
katello-all-0.1.207-1.git.0.1fbec20.el6.noarch
katello-0.1.207-1.git.0.1fbec20.el6.noarch
katello-cli-0.1.49-1.git.0.6962a71.el6.noarch
pulp-0.0.263-1.el6.noarch

Comment 8 Mike McCune 2013-08-16 18:05:35 UTC

getting rid of 6.0.0 version since that doesn't exist

Note You need to log in before you can comment on or make changes to this bug.