Bug 991247 - nodes SSL certificate generated using hard coded path to the pulp CA cert
nodes SSL certificate generated using hard coded path to the pulp CA cert
Status: CLOSED CURRENTRELEASE
Product: Pulp
Classification: Community
Component: nodes (Show other bugs)
2.2 Beta
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 2.3.0
Assigned To: Jeff Ortel
Preethi Thomas
: FutureFeature, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-01 20:52 EDT by Jeff Ortel
Modified: 2013-12-09 09:31 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-09 09:31:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Ortel 2013-08-01 20:52:52 EDT
The %post of the nodes.spec generates the SSL certificate generated using hard coded path to the pulp CA cert.  The script needs to be broken out into a separate shell script used by the rpm.  The script needs to read the CA cert location from /etc/pulp/server.conf.  The script can them be called later to regenerate the certificate if the CA is changed in server.conf.
Comment 1 Jeff Ortel 2013-08-14 18:03:34 EDT
https://github.com/pulp/pulp/pull/561
Comment 2 Jeff Ortel 2013-09-12 18:36:05 EDT
build: 2.3.0-0.10.alpha
Comment 3 Jeff Ortel 2013-10-07 16:45:15 EDT
Suggest: verify by running the /usr/bin/pulp-gen-nodes-certificate.  It reads the location of the pulp CA from server.conf and writes it to the location specified in the nodes.conf.  playing with those values and check to see that the certificate is written in the location expected.
Comment 4 Preethi Thomas 2013-10-08 09:43:52 EDT
verified

[root@pulp-v2-server ~]# cat /etc/pulp/server.conf |grep crt
cacert: /etc/pki/pulp/ca.crt
ssl_ca_certificate: /etc/pki/pulp/ssl_ca.crt
cacert: /etc/pki/qpid/ca/ca.crt


[root@pulp-v2-server ~]# cat /etc/pulp/nodes.conf |grep crt
#node_certificate: /etc/pki/pulp/nodes/node.crt
node_certificate: /tmp/nodes/node.crt
[root@pulp-v2-server ~]# 
[root@pulp-v2-server ~]# /usr/bin/pulp-gen-nodes-certificate 
[root@pulp-v2-server ~]# 
[root@pulp-v2-server ~]# ls /tmp/nodes/
node.crt
[root@pulp-v2-server ~]#
Comment 5 Preethi Thomas 2013-12-09 09:31:55 EST
Pulp 2.3 released.

Note You need to log in before you can comment on or make changes to this bug.