[Pulp-list] Fwd: Pulp on Kubernetes

Ina Panova ipanova at redhat.com
Tue Mar 27 11:58:25 UTC 2018 

Hi Martin,

1) Pulp runs on Centos.
2) From what i can tell, the auth_ca is mentioned just in the rpm_plugin in
the distributor's params [0]. So it's mostly related to the content access
for the protected repository.
3) There is no need to store in the nss db the key for qpidd and/or the
infrastructure related needs. But I'm afraid that's not the case for the CA
used for content serving purposes. I could use some more input and
confirmation from folks.
Also not sure if you stumbled across this [1] doc page, but it might guide
you through some qpidd config steps.

Let us know in case you'd have move questions.

[0]
https://docs.pulpproject.org/plugins/pulp_rpm/tech-reference/yum-plugins.html#optional-configuration-parameters
[1] https://docs.pulpproject.org/user-guide/qpid.html



--------
Regards,

Ina Panova
Software Engineer| Pulp| Red Hat Inc.

"Do not go where the path may lead,
 go instead where there is no path and leave a trail."

On Thu, Mar 22, 2018 at 9:20 PM, Martin Horák <horak.martin at gmail.com>
wrote:

> Hello here.
> Finally I managed to run Pulp in real baremetal Kubernetes based on Michal
> Hrivnak's work (https://github.com/mhrivnak/pulp-k8s) using CephFS shared
> storage. I tried to fetch and publish some RPM repositories and it works.
> I can provide help and answers if you like and I'll know them.
> Now I would like to make some changes for semi-production usage:
> 1) Switch from Fedora to Centos if it'll be possible
> 2) Change PKI to use our own infrastructure. And here I have a couple of
> questions:
> Why are there TWO ROOT CA certificates generated (ca and auth-ca)? There
> is nothing signed with auth-ca, what is it's purpose?
> And second question: I suppose there is NO NEED for ca key in NSS database
> for qpidd, provided I have the broker certificate properly signed. Is it
> true? Then I could generate all needed certificates using our CA
> infrastructure and import them together with ca cert into NSS db.
>
> Thank you for the answer, regards,
> Martin Horak
>
> (Michael as an author of k8s solution advised me to ask in this maillist,
> that there are the best specialists) :-)
>
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20180327/a443a494/attachment.htm>

More information about the Pulp-list mailing list