[Pulp-list] Force pulp to use system CA

Randy Barlow rbarlow at redhat.com
Tue Mar 17 22:42:28 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/17/2015 08:07 AM, Vladimir Stackov wrote:
> Is there any way to force pulp to use 
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt ?
> 
> I mean when I do # update-ca-trust enable; update-ca-trust extract 
> pulp still using
> /usr/lib/python2.7/site-packages/requests/cacert.pem instead of
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> 
> I'm using pulp 2.5.1 on CentOS 7 from fedorapeople repos [1].

One more note:

Two of us thought about this a lot, and we believe that our importers
are the only component of Pulp that use Nectar, and that Nectar is the
only part of Pulp that uses python-requests.

This is important, because most (all?) of our importers do provide a
way to specify a single CA certificate that should be used to verify
the identity of the remote server during a sync.

Perhaps that can help you? For example, in pulp-admin for Yum
repositories, you can use the --feed-ca-cert flag to set the
certificate authority that should be trusted for the sync.

- -- 
Randy Barlow
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVCK3UAAoJEIyFaKUJtmpiXzcP/AuvYdtH+7gpF4i9D/U214H7
Qr8RtzzcaSJDdVhpffycTvk7POpWDYNQ7h4XFcH5JG4wRF1ZCT/Libift11GkU1Y
USBHvFTBGxTWU3LHfhEDvyA6kkHDi9vZQWya5eBrDGtyDd6KDE5sOWQYcV6Kgf3k
Eoc0RSbluyxvaGfqjHL7OYaaBez4uFFP7B9NBZVKuwVnV/1VyZ8KbOGL8MfINoFk
SrBwRhVSPtxKxyxST2sHGZdlcNN2r+dbAKgdRW9SXJHdZcCE5gJO0EffHZeKLecc
xuktStjaZ3071bPuDi+B2LCl1FHgmoJ7+Rr9gUg7+fH6I/bgyPY/58vQOsBKaAwZ
k74bCsx0EFCEKaKON8IQDKydWDdOYOqaLxhQaINS9La7IVbzl+Qj9gDk4GiTo3/T
DgrdBy66cRYwBhnTm+jdspj+kWrpH2+BEBepXqFXaNF0t0ieapuuOptwCjc99M6i
73UTHD5uZJ3YrOeLNn88dRk5UuhS0RDziklugdljNeJivMPxxI6W/K3m4C7I7jxF
YTxvR8C3ty3ELTnZuFuGWoXb6Zb8wVz2MrEV1/8MHMSPwyrc6R1mz69cWP5Qlj5H
oBwDpITmY3D0q35EYGaSkDEWNrAMxGhWrS/iZVtnn/WC3U6s3slm/aW1jW/149oU
lkxkAFmRh0tLjlc9wgZJ
=Zc5b
-----END PGP SIGNATURE-----




More information about the Pulp-list mailing list