[Pulp-list] Qpid SSL on Pulp 2.4

Ashby, Jason (IMS) AshbyJ at imsweb.com
Fri Oct 24 18:19:59 UTC 2014 

:(

Thanks for letting me know Randy.  Back to Qpid.  Here is my server.conf:

[database]
name: pulp_database
seeds: 127.0.0.1:27017

[server]
server_name: pulp.example.com
key_url: /pulp/gpg
ks_url: /pulp/ks
debugging_mode: false

[authentication]
# rsa_key = /etc/pki/pulp/rsa.key
# rsa_pub = /etc/pki/pulp/rsa_pub.key

[security]
cacert: /etc/pki/pulp_certs/pulpca.crt
cakey: /etc/pki/pulp_certs/pulpca.key
ssl_ca_certificate: /etc/pki/pulp_certs/pulpca_chain.crt  # pulpca.crt + rootCA crt
user_cert_expiration: 7
consumer_cert_expiration: 3650
serial_number_path: /var/lib/pulp/sn.dat

[consumer_history]
lifetime: 90

[data_reaping]
reaper_interval: 0.25
archived_calls: 0.5
consumer_history: 60
repo_sync_history: 60
repo_publish_history: 60
repo_group_publish_history: 60

[oauth]
enabled: true
oauth_key: XXXXXXXX
oauth_secret: XXXXXXXX

[messaging]
url: ssl://127.0.0.1:5671
cacert: /etc/pki/pulp/qpid/ca.crt
clientcert: /etc/pki/pulp/qpid/client.crt

[tasks]
broker_url: qpid://127.0.0.1:5671/
celery_require_ssl: true
cacert: /etc/pki/pulp/qpid/ca.crt
keyfile: /etc/pki/pulp/qpid/client.crt
certfile: /etc/pki/pulp/qpid/client.crt

[email]
host: 127.0.0.1
port: 25
from: root at example.com
enabled: false

-----Original Message-----
From: pulp-list-bounces at redhat.com [mailto:pulp-list-bounces at redhat.com] On Behalf Of Randy Barlow
Sent: Friday, October 24, 2014 2:04 PM
To: pulp-list at redhat.com
Subject: Re: [Pulp-list] Qpid SSL on Pulp 2.4

On 10/24/2014 12:34 PM, Ashby, Jason (IMS) wrote:
> Not sure where you saw httpd was not starting, but anyway httpd starts up fine and seems to be working OK, at least when testing with curl or openssl.  There are some complaints in the httpd logs I listed below, but other than that httpd seems to be running OK.
>
> Anyway, I'm messing with rabbitmq now, so that I can point to certificate files directly and not worry about the NSS DB.  I feel like the issue is related to how the certutil is importing my root and intermediary CA's, and perhaps a difference in the updated software across the stack.
>
> I appreciate you taking the time.  I'll let you know how RabbitMQ goes and provide my configs as an example if it helps others, as I know the pulp docs aren't complete on that currently.

Hi Jason,

I hate to be the bearer of this news, but Pulp's tasking system is
currently broken with RabbitMQ[0]. We have fixed this in our 2.5-dev
branch, but the fix won't be released until 2.5.1 comes out. It was
fixed with a rather complicated redesign, so it's not a simple patch
that can be applied.

It does sound to me like the qpid settings in server.conf might be
incorrect. If you could show us those, it might reveal something to us.
Of course, omit usernames/passwords ☺

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1141336


________________________________

Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.

More information about the Pulp-list mailing list