Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

discussion around SSL infrastructure #6

Open
neoice opened this issue Sep 11, 2014 · 1 comment
Open

discussion around SSL infrastructure #6

neoice opened this issue Sep 11, 2014 · 1 comment

Comments

@neoice
Copy link

neoice commented Sep 11, 2014

extending #5, I'd like to have a discussion about SSL infrastructure management via this module before I run off to implement something and submit a pull request.

SSL in Pulp appears to have 2 major functions:

  1. provide HTTPS connectivity

  2. provide client authentication for "consumers"

while this module provides a "consumer" class, it doesn't appear to configure repo_auth anywhere. it seems like this would be required to use Pulp's built-in SSL.

personally, I only care about HTTPS connectivity. I have no desire to run consumers or manage entitlements.

alternatively, while HTTPS connectivity would be nice to have, GPG signed packages are a bigger security enhancement than HTTPS: I would be willing to completely disable Pulp SSL. it might be nice to expose disable_ssl as a parameter.

I don't know much about Pulp consumers, but if it's possible to re-use the Puppet PKI for that, I would be delighted to implement it, although I would need help testing it. I think full Puppet PKI integration with Pulp Server+Consumer would be the ideal solution: I'd get what I want (Puppet PKI HTTPS) and anyone else using Pulp would get easy-to-use Consumers.

thoughts?

@neoice
Copy link
Author

neoice commented Sep 11, 2014

it looks like HTTPS connectivity is solely managed by the apache layer, so that's good. I think I'm going to take a stab at decoupling httpd management from the pulp module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant