Hi Martin, 1) Pulp runs on Centos. 2) From what i can tell, the auth_ca is mentioned just in the rpm_plugin in the distributor's params [0]. So it's mostly related to the content access for the protected repository. 3) There is no need to store in the nss db the key for qpidd and/or the infrastructure related needs. But I'm afraid that's not the case for the CA used for content serving purposes. I could use some more input and confirmation from folks. Also not sure if you stumbled across this [1] doc page, but it might guide you through some qpidd config steps.
Let us know in case you'd have move questions. [0] https://docs.pulpproject.org/plugins/pulp_rpm/tech-reference/yum-plugins.html#optional-configuration-parameters [1] https://docs.pulpproject.org/user-guide/qpid.html -------- Regards, Ina Panova Software Engineer| Pulp| Red Hat Inc. "Do not go where the path may lead, go instead where there is no path and leave a trail." On Thu, Mar 22, 2018 at 9:20 PM, Martin Horák <[email protected]> wrote: > Hello here. > Finally I managed to run Pulp in real baremetal Kubernetes based on Michal > Hrivnak's work (https://github.com/mhrivnak/pulp-k8s) using CephFS shared > storage. I tried to fetch and publish some RPM repositories and it works. > I can provide help and answers if you like and I'll know them. > Now I would like to make some changes for semi-production usage: > 1) Switch from Fedora to Centos if it'll be possible > 2) Change PKI to use our own infrastructure. And here I have a couple of > questions: > Why are there TWO ROOT CA certificates generated (ca and auth-ca)? There > is nothing signed with auth-ca, what is it's purpose? > And second question: I suppose there is NO NEED for ca key in NSS database > for qpidd, provided I have the broker certificate properly signed. Is it > true? Then I could generate all needed certificates using our CA > infrastructure and import them together with ca cert into NSS db. > > Thank you for the answer, regards, > Martin Horak > > (Michael as an author of k8s solution advised me to ask in this maillist, > that there are the best specialists) :-) > > > > _______________________________________________ > Pulp-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-list >
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
