[Pulp-list] Fwd: Pulp on Kubernetes
Martin Horák
horak.martin at gmail.com
Tue Mar 27 12:13:47 UTC 2018
Hi Ina.
Thank you very much for the answer. I'm going to go through the doc links
and make some experiments, but this week I'm fully busy and the next I'm (I
strongly hope :)) on holiday. So please have some patience with me. :-)
Martin
On Tue, Mar 27, 2018 at 1:58 PM, Ina Panova <ipanova at redhat.com> wrote:
> Hi Martin,
>
> 1) Pulp runs on Centos.
> 2) From what i can tell, the auth_ca is mentioned just in the rpm_plugin
> in the distributor's params [0]. So it's mostly related to the content
> access for the protected repository.
> 3) There is no need to store in the nss db the key for qpidd and/or the
> infrastructure related needs. But I'm afraid that's not the case for the CA
> used for content serving purposes. I could use some more input and
> confirmation from folks.
> Also not sure if you stumbled across this [1] doc page, but it might guide
> you through some qpidd config steps.
>
> Let us know in case you'd have move questions.
>
> [0] https://docs.pulpproject.org/plugins/pulp_rpm/tech-
> reference/yum-plugins.html#optional-configuration-parameters
> [1] https://docs.pulpproject.org/user-guide/qpid.html
>
>
>
> --------
> Regards,
>
> Ina Panova
> Software Engineer| Pulp| Red Hat Inc.
>
> "Do not go where the path may lead,
> go instead where there is no path and leave a trail."
>
> On Thu, Mar 22, 2018 at 9:20 PM, Martin Horák <horak.martin at gmail.com>
> wrote:
>
>> Hello here.
>> Finally I managed to run Pulp in real baremetal Kubernetes based on
>> Michal Hrivnak's work (https://github.com/mhrivnak/pulp-k8s) using
>> CephFS shared storage. I tried to fetch and publish some RPM repositories
>> and it works.
>> I can provide help and answers if you like and I'll know them.
>> Now I would like to make some changes for semi-production usage:
>> 1) Switch from Fedora to Centos if it'll be possible
>> 2) Change PKI to use our own infrastructure. And here I have a couple of
>> questions:
>> Why are there TWO ROOT CA certificates generated (ca and auth-ca)? There
>> is nothing signed with auth-ca, what is it's purpose?
>> And second question: I suppose there is NO NEED for ca key in NSS
>> database for qpidd, provided I have the broker certificate properly signed.
>> Is it true? Then I could generate all needed certificates using our CA
>> infrastructure and import them together with ca cert into NSS db.
>>
>> Thank you for the answer, regards,
>> Martin Horak
>>
>> (Michael as an author of k8s solution advised me to ask in this maillist,
>> that there are the best specialists) :-)
>>
>>
>>
>> _______________________________________________
>> Pulp-list mailing list
>> Pulp-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20180327/d2266ddd/attachment.htm>
More information about the Pulp-list
mailing list