Pavel Picka pavelpicka

Two ways to do it, but only worked for me so I'll put it first and the second for reference:

$ openssl pkcs12 -export -in hostname.crt -inkey hsotname.key -out hostname.p12
$ openssl pkcs12 -in hostname.p12 -nodes -out hostname.pem

Other options for this method in comments below:

# Note, the -certfile root.crt appends all CA certs to the export, I've never needed these so it's optional for my personal steps
$ openssl pkcs12 -export -in hostname.crt -inkey hsotname.key -certfile root.crt -out hostname.p12

Note, I've always had my hostname.crt as part of my .pem, so I keep my certs but apparently you may not have to, hence the nocerts flag being an extra option in this sample

README

Create a template service file at /etc/systemd/system/[email protected]. The template parameter will correspond to the name of target host:

[Unit]
Description=Setup a secure tunnel to %I
After=network.target

	async def run(self):
	async for batch in self.batches():
	if AlternateContentSource.objects.exists(): # HERE
	# Gather batch d_artifact checksums
	batch_checksums = defaultdict(list)
	for d_content in batch:
	for d_artifact in d_content.d_artifacts:
	for cks_type in d_artifact.artifact.COMMON_DIGEST_FIELDS:
	if getattr(d_artifact.artifact, cks_type):
	batch_checksums[cks_type].append(

	existing_ras = (
	# RemoteArtifact.objects.acs().filter(batch_query).prefetch_related("remote")
	RemoteArtifact.objects.acs().filter(batch_query).only('url', 'remote').prefetch_related("remote")
	)
	existing_ras_dict = dict()
	for ra in existing_ras:
	for c_type in Artifact.COMMON_DIGEST_FIELDS:
	if getattr(ra, c_type):
	existing_ras_dict[getattr(ra, c_type)] = {'remote': ra.remote_id, 'url': ra.url}

	{
	"count": 3,
	"next": null,
	"previous": null,
	"results": [
	{
	"pulp_href": "/pulp/api/v3/content/file/files/ff5a3b62-298f-4a21-a01b-1bf1c4dc56ec/",
	"pulp_created": "2021-07-07T16:25:15.526131Z",
	"artifact": null,
	"relative_path": "3.iso",

	GET /pulp/api/v3/content/file/files/
	HTTP 200 OK
	Allow: GET, POST, HEAD, OPTIONS
	Content-Type: application/json
	Vary: Accept

	{
	"count": 3,
	"next": null,
	"previous": null,

	(pulp) [vagrant@pulp3-source-fedora33 devel]$ get /pulp/api/v3/tasks/25f3ef74-3f43-4127-a291-cf60f1aa8c34/
	HTTP/1.1 200 OK
	Access-Control-Expose-Headers: Correlation-ID
	Allow: GET, PATCH, DELETE, HEAD, OPTIONS
	Connection: close
	Content-Length: 770
	Content-Type: application/json
	Correlation-ID: c2080c8ed5e344369084753ae1696741
	Date: Wed, 23 Jun 2021 19:43:11 GMT
	Server: gunicorn

	Jun 22 17:35:34 pulp3-source-fedora33.pavels-macbook-pro.example.com gunicorn[31659]: pulp [0b268092a60646b1a23d3ec8431352ed]: pulpcore.deprecation:WARNING: The argument <class 'pulp_file.app.serializers.FileAlternateContentSourceSerializer'> is of type <class 'rest_framework.serializers.SerializerMetaclass'>, which is not JSON serializable. The use of non JSON serializable objects for `args` and `kwargs` to tasks is deprecated as of pulpcore==3.12.
	Jun 22 17:35:34 pulp3-source-fedora33.pavels-macbook-pro.example.com gunicorn[31659]: pulp [0b268092a60646b1a23d3ec8431352ed]: django.request:ERROR: Internal Server Error: /pulp/api/v3/acs/file/file/
	Jun 22 17:35:34 pulp3-source-fedora33.pavels-macbook-pro.example.com gunicorn[31659]: Traceback (most recent call last):
	Jun 22 17:35:34 pulp3-source-fedora33.pavels-macbook-pro.example.com gunicorn[31659]: File "/usr/local/lib/pulp/lib64/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner
	Jun 22 17:35:34 pulp3-source-fedora33.pavels-macboo

	(pulp) [vagrant@pulp3-source-fedora33 ~]$ prestart; http --verify=no -F POST :/pulp/api/v3/acs/file/file/56aac36a-24ff-4f49-946a-5fd82f344308/refresh/
	systemctl restart pulpcore-content pulpcore-worker@1 pulpcore-worker@2 pulpcore-resource-manager pulpcore-api
	HTTP/1.1 405 Method Not Allowed
	Access-Control-Expose-Headers: Correlation-ID
	Allow: POST, OPTIONS
	Connection: keep-alive
	Content-Length: 40
	Content-Type: application/json
	Correlation-ID: d59ac5fbb8d94c0da7c884942425e5a9
	Date: Wed, 09 Jun 2021 17:48:14 GMT