Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add section on certificates layout #965

Draft
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

ehelms
Copy link
Member

@ehelms ehelms commented Aug 29, 2024

I couldn't find a spot where we laid this out in detail, so I wrote it up and am starting here to capture the information. Perhaps this best lives here, perhaps best in foreman-documentation.

There is some information, that is out of date in some spots, also collected in these locations:

Consolidating and making this better will be a useful activity that I will continue to look into. I do not want that cleanup to necessarily detract from this information which I hope can be helpful in understanding and being able to make changes in the future.

A few questions:

  • Is there anything missing?
  • Is there additional information that would be helpful in understanding?

Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yesterday I was thinking about writing a blog series "Katello from scratch" which doesn't use the installer but just regular packages and manual work. Could be interesting to discuss certificates at some point.

  • Is there anything missing?

  • Is there additional information that would be helpful in understanding?

I think there are 2 ways of looking at it: the various settings and where files end up being deployed.

I'd like a table with all the installer parameters that affect these and what their default values are.

Comment on lines +118 to +119
* **default CA** - a CA generated by the installer, and used to generate server and client certificates. This CA is used by Candlepin to generate client certificates.
* **server CA** - a CA that can be provided by the user, or is a copy of the default CA, used by all public facing interfaces
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really Katello terminology that we don't use for Foreman. I'd be explicit in that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants