-
Notifications
You must be signed in to change notification settings - Fork 81
Import or generate key for token authentication #361
Conversation
14eccab
to
c6cd1f5
Compare
Attached issue: https://pulp.plan.io/issues/7098 |
6823c8a
to
1b9455e
Compare
Missing:
|
1b9455e
to
a3db211
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have to ask about the design.
We've alternated between using paths like /etc/pulp/private_key.pem
and /var/lib/pulp/cert/private.pem
Did we agree on what it should be? I remember a discussion.
Yes, there was a discussion, but no result that i can remember. I think |
e009aee
to
0ee07e0
Compare
I just figured, that the failures here are probably due to the openssl-modules have changed their library requirement from 2.8 to 2.9. |
3395126
to
ed5143d
Compare
|
Let's put these in /etc/pulp/ |
764d3fa
to
9a9fda3
Compare
b3b82cc
to
3c49f8c
Compare
roles/pulp_common/vars/main.yml
Outdated
@@ -10,6 +10,7 @@ pulp_install_plugins_normalized_yml: |- | |||
# A pulp_install_plugins but with the plugin names corrected: | |||
# pip/PyPI only uses dashes, not underscores. | |||
pulp_install_plugins_normalized: "{{ pulp_install_plugins_normalized_yml | from_yaml }}" | |||
__pulp_common_pulp_pki_dir: "{{ pulp_config_dir }}/cert" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's make cert plural. "{{ pulp_config_dir }}/certs"
32916fb
to
5ecf7f5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be honest, I am surprised CI is passing. See comments in particular about become
.
roles/pulp_common/vars/CentOS-7.yml
Outdated
@@ -9,3 +9,5 @@ pulp_preq_packages: | |||
- gcc # For psycopg2 | |||
- make # For make docs | |||
pulp_python_interpreter: /usr/bin/python3.6 | |||
pulp_common_python_cryptography: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I cannot find any collection-specific guidelines on this (or on our use case of having a common role), but I think we should name this pulp_python_cryptography
.
The reason being that "common" is implied in the generic "pulp" prefix, and it's less verbose.
It might also be moved to another role later, if only that role needs it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My previous review was accidentally "approve". The only mandatory comments about the become / become_user. If they are not necessary for some reason, I would really like to know. I suspect they are necessary, but the molecule / docker CI env always connects as root.
5ecf7f5
to
b566deb
Compare
Change the file names to include 'token' in the name. |
b566deb
to
e1ebd40
Compare
fixes #7098
https://pulp.plan.io/issues/7098