Add support for generating and configuring repo metadata gpg keys #188
Conversation
PaulSD
force-pushed
the
master
branch
12 times, most recently
from
fe922d6 to
c6eedd4
Compare
|
ping |
PaulSD
force-pushed
the
master
branch
13 times, most recently
from
6bfd6f6 to
6993ffb
Compare
|
I think I have addressed most of your concerns. However, I'm not sure how to approach the pulp configuration part. If we move the pulp configuration to another module, then we will need an additional parameter in that other module to determine whether pulp should be configured to sign repo metadata, and users will need to specify both --certs-enable-repomd-gpg=true and this other parameter to properly configure pulp. The problem is that pulp will break if it is configured to sign repo metadata but does not have a gpg key, so users who specify this other parameter (to configure pulp) without also specifying --certs-enable-repomd-gpg=true will end up with a broken system. Leaving the pulp configuration here ensures that pulp is never configured unless a gpg key has been generated. Given that, do you still want me to move the pulp configuration to another module? |
There was a problem hiding this comment.
Given that, do you still want me to move the pulp configuration to another module?
I do. We're working hard for this module not to touch any resources other than certs because in my experience that gives a much more reliable, understandable and flexible design. It is a bit more work, but the change of regressions is smaller. It should be up to puppet-katello/puppet-foreman_proxy_content to configure puppet-certs and puppet-pulp into a working combination. puppet-certs and puppet-pulp should have no knowledge of each other.
PaulSD
force-pushed
the
master
branch
10 times, most recently
from
0bcf07e to
2164a79
Compare
| end | ||
| rpm_file = latest_rpm | ||
| if rpm_file | ||
| rpm('-Uvh', '--force', rpm_file) |
There was a problem hiding this comment.
Not sure ... I copied that code from https://github.com/theforeman/puppet-certs/blob/master/lib/puppet/provider/katello_ssl_tool.rb#L77
PaulSD
force-pushed
the
master
branch
2 times, most recently
from
6a7d525 to
07264bb
Compare
|
A complete acceptance test (covering all of the relevant PRs) is to install a Foreman server or capsule, install the generated client bootstrap RPM on a client, verify that |
|
I don't think these new test failures are caused by my changes. |
PaulSD
force-pushed
the
master
branch
2 times, most recently
from
9826bb2 to
4804dc3
Compare
|
The PRs related to this for Pulp 2 have been closed as we removed Pulp 2 from deployments. There are parts of this PR that have moved (such as RHSM reconfigure script) to other modules. Aspects of this look generic enough to be potentially be relevant to a Pulp 3 solution. We can therefore opt to leave this PR open as we explore the Pulp 3 implementation or close and approach it fresh in Pulp 3. |
|
I am going to opt to close this in favor of seeing how the Pulp 3 design shakes out. |
See https://bugzilla.redhat.com/show_bug.cgi?id=1410638 and candlepin/subscription-manager#1749