Fixes #33733 - generate key for db encryption

theforeman · Oct 20, 2021 · bab2fa6 · bab2fa6
1 parent bb9f167
commit bab2fa6
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -1,7 +1,7 @@
 # Configures pulp3
 # @api private
 class pulpcore::config {
-  file { $pulpcore::config_dir:
+  file { [$pulpcore::config_dir, $pulpcore::certs_dir]:
     ensure => directory,
     owner  => 'root',
     group  => 'root',
@@ -51,4 +51,17 @@
     mode   => '0770',
   }
 
+  exec { 'Create database symmetric key':
+    path    => ['/bin', '/usr/bin'],
+    command => "openssl rand -base64 32    | tr '+/' '-_' > /etc/pulp/certs/database_fields.symmetric.key",
+    creates => $pulpcore::database_key_file,
+  }
+
+  file { $pulpcore::database_key_file:
+    owner   => 'root',
+    group   => $pulpcore::group,
+    mode    => '0640',
+    require => Exec['Create database symmetric key'],
+  }
+
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -232,6 +232,8 @@
   Enum['CRITICAL', 'ERROR', 'WARNING', 'INFO', 'DEBUG'] $log_level = 'INFO',
 ) {
   $settings_file = "${config_dir}/settings.py"
+  $certs_dir = "${config_dir}/certs/"
+  $database_key_file = "${certs_dir}/database_fields.symmetric.key"
 
   contain pulpcore::install
   contain pulpcore::database