You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
extending #5, I'd like to have a discussion about SSL infrastructure management via this module before I run off to implement something and submit a pull request.
SSL in Pulp appears to have 2 major functions:
provide HTTPS connectivity
provide client authentication for "consumers"
while this module provides a "consumer" class, it doesn't appear to configure repo_auth anywhere. it seems like this would be required to use Pulp's built-in SSL.
personally, I only care about HTTPS connectivity. I have no desire to run consumers or manage entitlements.
alternatively, while HTTPS connectivity would be nice to have, GPG signed packages are a bigger security enhancement than HTTPS: I would be willing to completely disable Pulp SSL. it might be nice to expose disable_ssl as a parameter.
I don't know much about Pulp consumers, but if it's possible to re-use the Puppet PKI for that, I would be delighted to implement it, although I would need help testing it. I think full Puppet PKI integration with Pulp Server+Consumer would be the ideal solution: I'd get what I want (Puppet PKI HTTPS) and anyone else using Pulp would get easy-to-use Consumers.
thoughts?
The text was updated successfully, but these errors were encountered:
it looks like HTTPS connectivity is solely managed by the apache layer, so that's good. I think I'm going to take a stab at decoupling httpd management from the pulp module.
extending #5, I'd like to have a discussion about SSL infrastructure management via this module before I run off to implement something and submit a pull request.
SSL in Pulp appears to have 2 major functions:
provide HTTPS connectivity
provide client authentication for "consumers"
while this module provides a "consumer" class, it doesn't appear to configure
repo_auth
anywhere. it seems like this would be required to use Pulp's built-in SSL.personally, I only care about HTTPS connectivity. I have no desire to run consumers or manage entitlements.
alternatively, while HTTPS connectivity would be nice to have, GPG signed packages are a bigger security enhancement than HTTPS: I would be willing to completely disable Pulp SSL. it might be nice to expose
disable_ssl
as a parameter.I don't know much about Pulp consumers, but if it's possible to re-use the Puppet PKI for that, I would be delighted to implement it, although I would need help testing it. I think full Puppet PKI integration with Pulp Server+Consumer would be the ideal solution: I'd get what I want (Puppet PKI HTTPS) and anyone else using Pulp would get easy-to-use Consumers.
thoughts?
The text was updated successfully, but these errors were encountered: