Project

General

Profile

Feature #33733

need to generate private db key for pulpcore 3.15

Added by Justin Sherrill 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Category:
Foreman modules
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

The pulp installer runs:

openssl rand -base64 32    | tr '+/' '-_' > /etc/pulp/certs/database_fields.symmetric.key

and sets ownership to pulp

https://github.com/pulp/pulp_installer/blob/120942e1cb98ad3fb47c63ac9568f2fda09f25f5/roles/pulp_database_config/tasks/generate_database_fields_key.yml

Associated revisions

Revision 06f9e45d (diff)
Added by Justin Sherrill 3 months ago

Fixes #33733 - generate key for db encryption

History

#1 Updated by Justin Sherrill 3 months ago

foreman does something similar by running a rake task in an rpm script, i could see doing this either in:
1) the installer
2) the pulpcore rpm post script

#2 Updated by Evgeni Golov 3 months ago

  • Description updated (diff)

#3 Updated by Ewoud Kohl van Wijngaarden 3 months ago

  • Target version set to 3.1.0

Justin Sherrill wrote:

The pulp installer runs:

[...]

and sets ownership to pulp

Does it need to own it or should it really be read-only to the pulp user? If so I'd prefer to set the owner to root and group to pulp.

#4 Updated by Justin Sherrill 3 months ago

  • Target version deleted (3.1.0)

I think what you suggest with regard to ownership makes sense, edit isn't needed

#5 Updated by Justin Sherrill 3 months ago

  • Target version set to 3.1.0

#6 Updated by The Foreman Bot 3 months ago

  • Assignee set to Justin Sherrill
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-pulpcore/pull/235 added

#7 Updated by Justin Sherrill 3 months ago

  • Status changed from Ready For Testing to Closed

#8 Updated by Ewoud Kohl van Wijngaarden 3 months ago

  • Triaged changed from No to Yes
  • Fixed in Releases 3.1.0 added

Also available in: Atom PDF