[Pulp-list] Pulp v2.4 with SSL
Trey Dockendorf
treydock at gmail.com
Thu Sep 25 16:12:09 UTC 2014
I just upgraded from 2.3 to 2.4. I merged my Pulp server's database
settings and left of the 2.4 settings as default. In order to use
pulp-admin commands using default SSL settings required I set
verify_ssl to False.
I'd like to use verify_ssl, but unsure how to go about this.
I use Puppet for my infrastructure, and am comfortable re-using that
CA for Pulp, but unsure how to make that work in Pulp.
My other option would be to get a trusted SSL cert from my University.
My University (where these servers run) provides InCommon SSL certs.
Again, unsure how to configure Pulp if I get a certificate that's
trusted.
My concern is how Pulp interacts with SSL in terms of consumers /
clients. Does Pulp have to be able to sign the clients, or are the
clients expected to have a certificate from the CA used by Pulp?
Getting a certificate from my University for every client would be
difficult and time consuming, and impossible to automate.
Using Puppet certificates can be automated, as I do that currently for
my LDAP setup, but if Pulp is expected to sign certificates, that
would be an issue, at least in my limited understanding.
Currently I do not use the consumer/client functionality of Pulp. My
current deployment is on a HPC cluster, and Pulp is used only to
manage clones or external repositories as well as manages our internal
yum repo. Once I deploy Pulp into my departmental servers, I will
likely rely on the consumer functionality.
Thanks,
- Trey
More information about the Pulp-list
mailing list