I just upgraded from 2.3 to 2.4. I merged my Pulp server's database settings and left of the 2.4 settings as default. In order to use pulp-admin commands using default SSL settings required I set verify_ssl to False.
I'd like to use verify_ssl, but unsure how to go about this. I use Puppet for my infrastructure, and am comfortable re-using that CA for Pulp, but unsure how to make that work in Pulp. My other option would be to get a trusted SSL cert from my University. My University (where these servers run) provides InCommon SSL certs. Again, unsure how to configure Pulp if I get a certificate that's trusted. My concern is how Pulp interacts with SSL in terms of consumers / clients. Does Pulp have to be able to sign the clients, or are the clients expected to have a certificate from the CA used by Pulp? Getting a certificate from my University for every client would be difficult and time consuming, and impossible to automate. Using Puppet certificates can be automated, as I do that currently for my LDAP setup, but if Pulp is expected to sign certificates, that would be an issue, at least in my limited understanding. Currently I do not use the consumer/client functionality of Pulp. My current deployment is on a HPC cluster, and Pulp is used only to manage clones or external repositories as well as manages our internal yum repo. Once I deploy Pulp into my departmental servers, I will likely rely on the consumer functionality. Thanks, - Trey _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
