The %post of the nodes.spec generates the SSL certificate generated using hard coded path to the pulp CA cert. The script needs to be broken out into a separate shell script used by the rpm. The script needs to read the CA cert location from /etc/pulp/server.conf. The script can them be called later to regenerate the certificate if the CA is changed in server.conf.
https://github.com/pulp/pulp/pull/561
build: 2.3.0-0.10.alpha
Suggest: verify by running the /usr/bin/pulp-gen-nodes-certificate. It reads the location of the pulp CA from server.conf and writes it to the location specified in the nodes.conf. playing with those values and check to see that the certificate is written in the location expected.
verified [root@pulp-v2-server ~]# cat /etc/pulp/server.conf |grep crt cacert: /etc/pki/pulp/ca.crt ssl_ca_certificate: /etc/pki/pulp/ssl_ca.crt cacert: /etc/pki/qpid/ca/ca.crt [root@pulp-v2-server ~]# cat /etc/pulp/nodes.conf |grep crt #node_certificate: /etc/pki/pulp/nodes/node.crt node_certificate: /tmp/nodes/node.crt [root@pulp-v2-server ~]# [root@pulp-v2-server ~]# /usr/bin/pulp-gen-nodes-certificate [root@pulp-v2-server ~]# [root@pulp-v2-server ~]# ls /tmp/nodes/ node.crt [root@pulp-v2-server ~]#
Pulp 2.3 released.