Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-06-01T21:20:04ZPulp
Planio Pulp - Task #8848 (NEW): pulp_installer to run CI against stable brancheshttps://pulp.plan.io/issues/88482021-06-01T21:20:04Zmdepaulo@redhat.com
<p>Currently, the source molecule tests test the master branch of pulpcore and master branch of plugins, rather than the appropriate branches like pulpcore 3.11 and pulp_rpm 3.11</p>
<p>So effectively we are relying on release jobs on old branches to catch errors, at release time.</p> Pulp - Story #8846 (NEW): As a pulp_installer user, I do not need to use the latest micro release...https://pulp.plan.io/issues/88462021-06-01T21:12:19Zmdepaulo@redhat.com
<p>Basically, this means that pulp_installer 3.14.0 (or possibly 3.13.1 / 3.13.2) will be able to install pulpcore 3.14.z .</p>
<p>The benefit for users is that they will not need to always have the latest micro version of pulp_installer.</p>
<p>And the benefit to the pulp team is that we will not need to do a pulp_installer micro release for every pulpcore micro release.</p>
<p>This is a variation of the 1 year old proposal for versions/branches in pulp_installer, and a variation of the specific micro release policy we implemented originally in <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>.</p>
<p>Reference from <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>:</p>
<pre><code> * Original discussion:
* [mikedep333's proposal](https://github.com/pulp/pulp_installer/pull/203#issue-361269733)
* [bmbouter's couter-proposal to do micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-577903411)
* [mikedep333's agreement/details for micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-579450153)
</code></pre> Pulp - Task #8469 (NEW): Ensure the docker provider can be used for dev setupshttps://pulp.plan.io/issues/84692021-03-29T17:38:12ZdaviddavisPulp - Task #7811 (NEW): pulp_installer cron job runs functional tests for multiple plugins in FI...https://pulp.plan.io/issues/78112020-11-10T14:33:28Zdkliban@redhat.com
<p>The pulp_installer CI currently tests that it can deploy pulpcore and pulp_file in a FIPS environment. This cron job needs to install all plugins that support FIPS: pulp_file, pulp_rpm, pulp_container, and pulp_ansible.</p>
<p>After pulp is deployed, the functional tests for pulpcore, pulp_file, pulp_rpm, pulp_container, and pulp_ansible need to be run.</p> Pulp - Task #7642 (NEW): Update pulp_installer's list of supported Fedora releaseshttps://pulp.plan.io/issues/76422020-10-01T18:18:58Zmdepaulo@redhat.com
<p>Fedora 32 is supported; pulplift CI tests it. Fedora 30 will probably be dropped in the task that blocks this.</p>
<p>Note that this list is in roles/*/meta/main.yml</p> Pulp - Task #7575 (NEW): pulp_installer's SELinux support should handle folder paths being changedhttps://pulp.plan.io/issues/75752020-09-25T21:09:08Zmdepaulo@redhat.com
<p>pulp_install_dir, pulp_user_home, etc are currently baked into pulpcore-selinux.</p>
<p>pulp_installer should support accommodating this, such as by replacing the .fc file from pulpcore-selinux, or running label database commands.</p> Pulp - Task #7313 (POST): The installer should be tested as a collectionhttps://pulp.plan.io/issues/73132020-08-12T09:53:56Zmdellweg
<p>We distribute the installer roles as a collection, and stuff in an ansible collection behaves different than outside, we need to test them as part of a collection.</p> Pulp - Story #7100 (NEW): As an admin I want to be able to ratelimit access to the api endpointshttps://pulp.plan.io/issues/71002020-07-07T14:09:57Zmdellweg
<p>In the most simple way, this can be added solely by adjusting the settings.
We should test this and document it with the installer.</p>
<p><a href="https://www.django-rest-framework.org/api-guide/throttling/" class="external">https://www.django-rest-framework.org/api-guide/throttling/</a></p> Pulp - Task #6942 (NEW): Update galaxy_ng docs for the pulp_installer install-from-rpm supporthttps://pulp.plan.io/issues/69422020-06-09T15:45:37Zmdepaulo@redhat.com
<p>Its docs should show the example variables for doing this.</p> Pulp - Story #6914 (NEW): nginx listen port and ip can not be configured with a variablehttps://pulp.plan.io/issues/69142020-06-05T12:18:38ZPixelfool
<p>In an IPV6 environment, it is necessary to configure the port and IP address for binding. <br>
In roles/pulp_webserver/templates/nginx.conf.j2, line 34, the configuration default is:</p>
<pre><code class="text syntaxhl" data-language="text">server {
listen 80 default deferred;
...
}
</code></pre>
<p>One solution could be</p>
<pre><code class="text syntaxhl" data-language="text">server {
listen {{ pulp_nginx_bind }} default deferred;
...
}
</code></pre>
<p>Expected result:</p>
<pre><code class="text syntaxhl" data-language="text">server {
listen [2001:db8::1]:80 default deferred;
...
}
</code></pre> Pulp - Task #6625 (NEW): document the OSes the installer supportshttps://pulp.plan.io/issues/66252020-04-30T16:27:24Zfao89Pulp - Task #5889 (NEW): Add upgrade information to the docshttps://pulp.plan.io/issues/58892019-12-16T21:06:09Zbmbouterbmbouter@redhat.com
<p>The installer supports upgrading (see <a href="https://pulp.plan.io/issues/5884" class="external">https://pulp.plan.io/issues/5884</a> ) we just need to document it for the user.</p> Pulp - Story #5832 (NEW): As a developer, ansible-pulp will provide me with the cool postgres WebGUIhttps://pulp.plan.io/issues/58322019-12-03T22:35:56Zmdepaulo@redhat.com
<p>The following PoC was done. For implementation, it can be incorporated into the pulp-devel role, and pulplift.</p>
<p>On the host, reconnect to the pulplift VM pulp3-source-fedora31 with a new SSH tunnel (this will be added to pulplift config during implementation):</p>
<pre><code>vagrant ssh pulp3-source-fedora31 -- -L 8443:127.0.0.1:8443
</code></pre>
<p>On the pulplift VM pulp3-source-fedora31:</p>
<p>Modified /var/lib/pgsql/data/pg_hba.conf to replace the 127.0.0.1 line with:</p>
<pre><code>host all all 0.0.0.0/0 md5
</code></pre>
<p>(Because the container has a NAT'd IP address.)</p>
<p>Modified /var/lib/pgsql/data/postgresql.conf to contain</p>
<pre><code>listen_addresses = '*'
</code></pre>
<p>(Because otherwise it's localhost only; see above.)</p>
<pre><code>sudo systemctl restart postgresql.service
sudo dnf install -y podman-docker
docker pull dpage/pgadmin4
# "--restart always" will be ignored for podman-docker. Only real docker/moby-engine will use it. podman will need a systemd unit to survive VM reboots.
docker run --restart always -p 8443:8443 -e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' -e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' -e 'PGADMIN_LISTEN_PORT=8443' -d dpage/pgadmin4
</code></pre>
<p>Now back on your host:</p>
<p>Open your browser to:<br>
<a href="http://127.0.0.1:8443/" class="external">http://127.0.0.1:8443/</a><br>
And login with the username/email and password listed above.</p>
<p>Then create a new connection to:<br>
The IP address of the pulplift VM<br>
database: pulp<br>
user: pulp<br>
password: pulp<br>
(These settings will later be set via PGADMIN_SERVER_JSON_FILE)</p>
<p>Rererence:<br>
<a href="https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples" class="external">https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples</a></p> Pulp - Task #4969 (NEW): Improve documentation on the nginx and apache deployment offered by the ...https://pulp.plan.io/issues/49692019-06-13T19:07:45Zbmbouterbmbouter@redhat.com
<p>These docs should be in the pulp docs, not the ansible installer docs. It should clarify with a diagram the reverse proxy deployment provided by:</p>
<p><a href="https://pulp.plan.io/issues/4966" class="external">https://pulp.plan.io/issues/4966</a><br>
<a href="https://pulp.plan.io/issues/4967" class="external">https://pulp.plan.io/issues/4967</a></p> Pulp - Story #97 (NEW): As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 V...https://pulp.plan.io/issues/972015-01-08T15:50:12Zcduryeecduryee@redhat.com
<p>The real deliverables are in the checklist, but here is some extra info on how to compile it.</p>
<p>To compile and install the Pulp SELinux with Ansible for Vagrant you will need to:</p>
<ul>
<li>Install selinux-policy-devel rpm with ansible</li>
<li>Compile the policy similar to <code>make NAME=celery -f /usr/share/selinux/devel/Makefile DISTRO=fedora24</code> except with ansible</li>
<li>Install the policy using Ansible</li>
<li>Have ansible call the restorecon script or fixfiles (see checklist item) so that all the right restorecon calls occur. Stay DRY with these calls if possible.[0]</li>
<li>If necessary, have the policy use "developer layout" .fc files to cause the .te compiled policies to be compatible with the layout used by Vagrant.</li>
</ul>
<p>Use the <code>ps -awfuxZ | grep celery</code> to verify it is becoming the celery_t security label type. Similarly httpd should get an httpd security type. Then do some testing with Pulp and SELinux enabled.</p>
<p>[0]: <a href="https://github.com/pulp/pulp/blob/master/server/selinux/server/relabel.sh" class="external">https://github.com/pulp/pulp/blob/master/server/selinux/server/relabel.sh</a></p>