Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-08-25T13:26:36ZPulp
Planio Pulp - Issue #9291 (NEW): [Epic] pulp_installer upcoming issueshttps://pulp.plan.io/issues/92912021-08-25T13:26:36Zmdepaulo@redhat.com
<p>Listing misc issues that have been triaged but unassigned.</p>
<p>Issues are added based on:</p>
<ul>
<li>How important to users?</li>
<li>How easy to implement?</li>
</ul> Pulp - Issue #8993 (NEW): SELinux: avc: denied pulpcore-worker on Fedora 34https://pulp.plan.io/issues/89932021-06-30T14:02:12ZStephenW
<p>Hello</p>
<p>I installed Pulp3 on Fedora 34 using "ansible-galaxy collection install pulp.pulp_installer"</p>
<p>at the end of the Ansible run:
TASK [pulp.pulp_installer.pulp_health_check : Checking Pulp services]
msg: 'pulpcore-resource-manager.service state: stopped'</p>
<p>On the managed node, I see lots of avc: denied :</p>
<p>fedoraserver ~]# ausearch -m AVC,USER_AVC -ts recent</p>
<p>time->Tue Jun 29 15:59:06 2021
type=AVC msg=audit(1624975146.441:668194): avc: denied { name_connect } for pid=1129665 comm="pulpcore-worker" dest=6379 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:redis_port_t:s0 tclass=tcp_socket permissive=0</p>
<p>fedoraserver ~]# sepolgen-ifgen
fedoraserver ~]# audit2allow -Ral</p>
<p>require {
type init_t;
}</p>
<p>#============= init_t ==============
corenet_tcp_connect_postgresql_port(init_t)
corenet_tcp_connect_redis_port(init_t)</p>
<p>Thank you</p> Pulp - Issue #8916 (NEW): Pulp installer hanging on "Ensure Pulp is up and healthy"https://pulp.plan.io/issues/89162021-06-18T09:42:41Zsli720
<p>I tried to install pulp via the pulp installer v3.13.0 (ansible playbooks) in a fresh vagrant environment running CentOS Stream 8 but the install hangs on:</p>
<p>TASK [pulp_health_check : Ensure Pulp is up and healthy] ****************************************************************************************************************************************************
FAILED - RETRYING: Ensure Pulp is up and healthy (30 retries left).</p>
<p>I checked the service states and found pulpcore-resource-manager.service not starting because of:
pulpcore-worker[105999]: Error 13 connecting to localhost:6379. Permission denied.</p>
<p>It sounded for me like a SELinux issue so I deactivated SELinux completely and the installer run through successfully now. Could this be a bug cause in earlier version the installation worked also with SELinux turned on?</p> Pulp - Story #8846 (NEW): As a pulp_installer user, I do not need to use the latest micro release...https://pulp.plan.io/issues/88462021-06-01T21:12:19Zmdepaulo@redhat.com
<p>Basically, this means that pulp_installer 3.14.0 (or possibly 3.13.1 / 3.13.2) will be able to install pulpcore 3.14.z .</p>
<p>The benefit for users is that they will not need to always have the latest micro version of pulp_installer.</p>
<p>And the benefit to the pulp team is that we will not need to do a pulp_installer micro release for every pulpcore micro release.</p>
<p>This is a variation of the 1 year old proposal for versions/branches in pulp_installer, and a variation of the specific micro release policy we implemented originally in <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>.</p>
<p>Reference from <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>:</p>
<pre><code> * Original discussion:
* [mikedep333's proposal](https://github.com/pulp/pulp_installer/pull/203#issue-361269733)
* [bmbouter's couter-proposal to do micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-577903411)
* [mikedep333's agreement/details for micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-579450153)
</code></pre> Pulp - Story #8702 (NEW): As a user, the example-use playbook is not cluttered with object storag...https://pulp.plan.io/issues/87022021-05-05T13:31:24Zmdepaulo@redhat.com
<p>We should move the object storage checks from the the example-use playbook to the pulp_common role to solve this.</p>
<p>It will provide a better user experience. (Making the example playbook as small as possible.)</p>
<p>It will also enforce the checks for users that do not use the example-use playbook.</p>
<p><a href="https://github.com/pulp/pulp_installer/blob/master/playbooks/example-use/playbook.yml" class="external">https://github.com/pulp/pulp_installer/blob/master/playbooks/example-use/playbook.yml</a></p>
<p><a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/main.yml#L16" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/main.yml#L16</a></p> Pulp - Story #8701 (NEW): As a pulp_installer user, I can use the full logic to add repos to the ...https://pulp.plan.io/issues/87012021-05-05T12:59:40Zmdepaulo@redhat.com
<p>As mentioned in <a class="issue tracker-1 status-11 priority-6 priority-default closed" title="Issue: pulp_installer fails to install redis due to no EPEL7 (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/7773">#7773</a> , we should refactor our logic to add repos to the system (in a robust & configurable manner) into another role like <code>pulp_repos</code>.</p>
<p>I propose the following design:</p>
<ol>
<li>This is a dependency role. pulp_common, pulp_redis, pulp_database, will all depend on it.</li>
<li>When a role like pulp_common depends on it, it passes variables like <code>__pulp_repos_epel: true</code> to denote which repos the role needs. It passes variables via roles/pulp_common/meta/main.yml : <code>dependencies:</code>
</li>
<li>If a user wants to disable the logic to add the repo (if they added it manually), they'll pass a variable like <code>pulp_repos_epel: false</code> to disable it.</li>
<li>Existing variables for configuring how we add the repos to the system, like <code>epel_release_packages</code>, should still used.</li>
</ol>
<p>This logic is found in:</p>
<ul>
<li>roles/pulp_common/tasks/ambiguously-named-repo.yml</li>
<li>roles/pulp_common/tasks/repos.yml</li>
</ul> Pulp - Story #7689 (NEW): As a user I want my socket to be backed up by a systemd implementationhttps://pulp.plan.io/issues/76892020-10-12T13:25:04Zspredzy
<p>As a user I want my socket to be backed up by a systemd implementation.</p>
<p>Under its current form, the installer allows one to use unix domain socket, but not to configure them with a native systemd implementation. This is a RFE for this.</p> Pulp - Issue #7627 (NEW): Can't use the installer with iptables (and firewalld being masked)https://pulp.plan.io/issues/76272020-09-30T07:40:36Zttereshcttereshc@redhat.com
<p>From a user report on irc:</p>
<pre><code>I am trying to install the latest version of pulp using ansible and am getting an error in regards to the firewall towards the end of the run
Fatal: [host1]: FAILED! => {"changed": false, "msg": "Unable to enable service firewalld: Failed to execute operation: Cannot send after transport endpoint shutdown\n"}
Would it have something to do with, "Ansibles Python interpreter must have the package installed: * psycopg2 * firewall (if firewalld should be configured; you can disable that with pulp_configure_firewall=false)"
I looked for the string "pulp_configure_firewall" in the ansible collection but from what i see the only two options are "Valid values are 'auto', 'firewalld',"
firewalld was masked as iptables was in use on the box.. once i unmasked it the playbook could complete
</code></pre> Pulp - Story #7247 (NEW): As a pulp_installer developer-user, the pulp_rpm signing service will b...https://pulp.plan.io/issues/72472020-07-30T19:56:47Zmdepaulo@redhat.com
<p>The current way pulp_rpm's signing service needs to be installed is a temporary.</p>
<p>So let's add the current ansible-based solution I already developed. I developed it as part of the selinux el8 dev env, and it's in the pulp_devel (not meant for end users.)</p> Pulp - Story #7007 (NEW): As a user, I do not have to worry about Pulp being accidentally upgrade...https://pulp.plan.io/issues/70072020-06-18T15:40:06Zmdepaulo@redhat.com
<p>We should pursue using dnf versionlock to accomplish this.</p>
<p>This is needed because handlers/tasks "Run database migrations" will not be run if users run <code>dnf update</code>. Pulp would be broken until users re-run the installer.</p> Pulp - Issue #6896 (NEW): [pulp_installer] Parametrize postgres package in roles/pulp_databasehttps://pulp.plan.io/issues/68962020-06-03T11:03:10Zspredzy
<p>As a user, while the default postgresql package is called rh-postgrelsql96 - which is fine - I would like to be able to specify a different package name, as we can specify various diffferents parameters name.</p>
<p>It is currently hardcoded at the playbook level[1] which prevents any overloading.</p>
<p>[1] <a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_database/tasks/install_postgres.yml#L13" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_database/tasks/install_postgres.yml#L13</a></p> Pulp - Task #6798 (NEW): Document the new guidelines for plugin installation logichttps://pulp.plan.io/issues/67982020-05-21T18:47:54Zmdepaulo@redhat.com
<p>There are 3 places they could be:</p>
<ol>
<li>A role in a separate git repo and on galaxy.</li>
<li>A separate role in the pulp_installer repo (pulp_rpm will be this.)</li>
<li>Conditional logic within the pulp_installer's other roles.</li>
</ol> Pulp - Issue #6658 (NEW): Pain points when trying Pulp3 for the first timehttps://pulp.plan.io/issues/66582020-05-05T16:28:58Zxenlo
<a name="Intro"></a>
<h3 >Intro<a href="#Intro" class="wiki-anchor">¶</a></h3>
<p>@dkliban asked me some feedback (pain points) about trying to put Pulp3 in place.</p>
<a name="Background-on-my-use-case"></a>
<h3 >Background on my use case<a href="#Background-on-my-use-case" class="wiki-anchor">¶</a></h3>
<p>In the company I work for, we use ansible in our automation process. And in our automated deployment we provision infrastructure with Debian, OpenSuse and SLES. So for now we manage a server that mirror repos for all those distro. This is a collection of different tools apt-mirror, createrepo, RMT, wget and rsync glued with shell scripts and published with half thousand(for now) of soft links.</p>
<p>So I was interested to put in place Pulp3 with deb, rpm and file plugin on a Debian 10 host, installed with Ansible playbook <code>pulp_installer</code>.</p>
<a name="Pain-Point-List"></a>
<h3 >Pain Point List<a href="#Pain-Point-List" class="wiki-anchor">¶</a></h3>
<p>I think that most of all my expectations was something more mature, closer to 'Production ready' tool.</p>
<ul>
<li>I expected some CLI as user interface, as I think that a big part of public for this tool is SysAdmin.
Even API is a great interface, it's not comfortable for SysAdmin to manager repos (even more true we it needs to discover how it works)</li>
<li>The lack of external doc, like "tuto: How I mirror Centos and Debian with Pulp"…</li>
<li>Some confusion if the doc/tool is for Pulp2 or Pulp3</li>
<li>Yet another issue tracker to rise issues
(I didn't try really hard but my attempt to auth with github failed…)</li>
<li>The doc to install doc tells you that the prefered method is with Ansible but don't explain you how. Just redirect you to a git repo where you have to found the corresponding doc, which is not easy to find and which is not in line with the latest version on the repo (already explaned that point)</li>
<li>The pulp_installer don't list the system prereq. That's sad because, at least on a fresh installed Debian 10, the playbook fails. I had to add some packages and force the ansible_python_interpreter get the work done.</li>
<li>On the project page you tells that Pulp can manage plainty of repo type, but in fact if you take a fresh version only few plugins are working. Is there at least a compatibility/status matrix explaining that?</li>
</ul>
<a name="Thanks"></a>
<h3 >Thanks<a href="#Thanks" class="wiki-anchor">¶</a></h3>
<p>Nevertheless, I wanted to close on a more positive point, the IRC channel is highly responsive, and people hanging out there are full of goodwill.
Thanks for that!</p> Pulp - Story #5832 (NEW): As a developer, ansible-pulp will provide me with the cool postgres WebGUIhttps://pulp.plan.io/issues/58322019-12-03T22:35:56Zmdepaulo@redhat.com
<p>The following PoC was done. For implementation, it can be incorporated into the pulp-devel role, and pulplift.</p>
<p>On the host, reconnect to the pulplift VM pulp3-source-fedora31 with a new SSH tunnel (this will be added to pulplift config during implementation):</p>
<pre><code>vagrant ssh pulp3-source-fedora31 -- -L 8443:127.0.0.1:8443
</code></pre>
<p>On the pulplift VM pulp3-source-fedora31:</p>
<p>Modified /var/lib/pgsql/data/pg_hba.conf to replace the 127.0.0.1 line with:</p>
<pre><code>host all all 0.0.0.0/0 md5
</code></pre>
<p>(Because the container has a NAT'd IP address.)</p>
<p>Modified /var/lib/pgsql/data/postgresql.conf to contain</p>
<pre><code>listen_addresses = '*'
</code></pre>
<p>(Because otherwise it's localhost only; see above.)</p>
<pre><code>sudo systemctl restart postgresql.service
sudo dnf install -y podman-docker
docker pull dpage/pgadmin4
# "--restart always" will be ignored for podman-docker. Only real docker/moby-engine will use it. podman will need a systemd unit to survive VM reboots.
docker run --restart always -p 8443:8443 -e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' -e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' -e 'PGADMIN_LISTEN_PORT=8443' -d dpage/pgadmin4
</code></pre>
<p>Now back on your host:</p>
<p>Open your browser to:<br>
<a href="http://127.0.0.1:8443/" class="external">http://127.0.0.1:8443/</a><br>
And login with the username/email and password listed above.</p>
<p>Then create a new connection to:<br>
The IP address of the pulplift VM<br>
database: pulp<br>
user: pulp<br>
password: pulp<br>
(These settings will later be set via PGADMIN_SERVER_JSON_FILE)</p>
<p>Rererence:<br>
<a href="https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples" class="external">https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples</a></p> Pulp - Story #5618 (NEW): As a user, I can download & run a version of the ansible installer that...https://pulp.plan.io/issues/56182019-10-25T08:37:28Zmdepaulo@redhat.com
<p>Currently users are encouraged to get the latest ansible-pulp roles via git cloning. Later on, Ansible Galaxy.</p>
<p>The only stable tag ever done was 3.0.0rc1. Presumably we will create them for 3.0.0 and later.<br>
<a href="https://github.com/pulp/ansible-pulp/releases" class="external">https://github.com/pulp/ansible-pulp/releases</a></p>
<p>However, consider the following scenario (hypothetical release dates):<br>
1. They download the roles (either method) on Apr 1. They are versioned as 3.0.3 and install pulp 3.0.3<br>
2. They run them against their test env and it works.<br>
3. Pulp 3.1.0 & ansible-pulp 3.1.0 are released on Apr 15.<br>
4. They run the 3.0.3 roles against their prod env on May 1.<br>
5. The 3.0.3 roles try to install pulp 3.1.0 from pip, but fails due to the lack of new logic.</p>
<p>It would make sense to have a variable for the pulp version to install, that defaults to the same version as the roles, but can be overriden (but doing so is discouraged.)</p>
<p>Plugin versions would also be an issue. Let's discuss how this can be handled.</p>
<p>Also, I am not sure if there is an existing task for publishing the roles (other than pulp_rpm_prerequisites) to Ansible Galaxy (pulp project on it.):<br>
<a href="https://galaxy.ansible.com/pulp" class="external">https://galaxy.ansible.com/pulp</a></p>