Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-07-29T09:20:22ZPulp
Planio Debian Support - Task #9175 (CLOSED - CURRENTRELEASE): Backport 9162 to 2.14https://pulp.plan.io/issues/91752021-07-29T09:20:22Zquba42
<p><a href="https://github.com/pulp/community/discussions/59" class="external">https://github.com/pulp/community/discussions/59</a></p> Debian Support - Task #9162 (CLOSED - CURRENTRELEASE): Comply with orphan clean changes made in p...https://pulp.plan.io/issues/91622021-07-28T08:52:57Zquba42
<p><a href="https://github.com/pulp/community/discussions/59" class="external">https://github.com/pulp/community/discussions/59</a></p> Debian Support - Task #8682 (CLOSED - CURRENTRELEASE): Migrate to new Distribution model for pulp...https://pulp.plan.io/issues/86822021-05-03T12:21:35Zquba42Debian Support - Task #8388 (CLOSED - CURRENTRELEASE): Handle ALLOWED_CONTENT_CHECKSUMS settinghttps://pulp.plan.io/issues/83882021-03-11T14:59:24Zquba42
<p>Right now the pulp_deb plugin is dependend on the following hashs being present on artifacts: md5, sha1, sha256, sha512.</p>
<p>Starting with pulpcore 3.11 will exclude md5 and sha1 from ALLOWED_CONTENT_CHECKSUMS by default.</p>
<p>Pulp deb will need to handle this gracefully. There is still some debate on whether pulp_deb makes sense without md5 feature wise. As a result, the solution may need to include demanding or encouraging a different configuration from pulp_deb users than the pulpcore default configuration.</p>
<p>See the following mailing list threads:</p>
<ul>
<li><a href="https://listman.redhat.com/archives/pulp-dev/2021-February/msg00017.html" class="external">https://listman.redhat.com/archives/pulp-dev/2021-February/msg00017.html</a></li>
<li><a href="https://listman.redhat.com/archives/pulp-dev/2021-March/msg00013.html" class="external">https://listman.redhat.com/archives/pulp-dev/2021-March/msg00013.html</a></li>
</ul> RPM Support - Story #4812 (CLOSED - CURRENTRELEASE): As a user, I can publish a Yum repository t...https://pulp.plan.io/issues/48122019-05-10T15:07:36Zdalleydalley@redhat.com
<p>(Clone of Pulp 2 issue <a href="https://pulp.plan.io/issues/3055" class="external">https://pulp.plan.io/issues/3055</a>)</p>
<p>To allow a Yum repository to be used with Yum clients that have repo_gpgcheck=1 configured in /etc/yum.conf:</p>
<ol>
<li>Create a new GPG signing key that can be used by Pulp worker processes without a password. (Documentation provides example procedures.)</li>
<li>Append the public key associated with the new GPG signing key to the gpgkey file specified in the distributor config for the Yum repository in Pulp.</li>
<li>Set gpg_sign_metadata to True in the distributor config for the Yum repository in Pulp.</li>
</ol>
<p>See also <a href="https://access.redhat.com/solutions/2850911" class="external">https://access.redhat.com/solutions/2850911</a></p>
<p>More detailed description from Neal Gompa (Conan_Kudo, Fedora contributor):</p>
<p>Signed repositories (for RPM repos) are when the `repomd.xml` file (the index file referencing all other parts of the RPM metadata) is signed using <em>a</em> GPG key (but does not necessarily have to be the same key as the packages, though usually is) in the form of a detached signature (`repomd.xml.asc`) that is placed next to the `repomd.xml` file. Package managers like DNF, Zypper, and YUM can use this when `repo_gpgcheck=1` is set in the .repo file to validate the XML before reading it. SUSE systems <em>require</em> this by default and will not normally fetch repos that are not signed. If the GPG key for the repository metadata differs from the packages' GPG key, its public key must <em>also</em> be present in the `gpgkey=` list in the .repo file.</p> Pulp - Test #4359 (CLOSED - COMPLETE): 2.18.1 Testinghttps://pulp.plan.io/issues/43592019-01-29T16:02:43Zbherring
<a name="Notes"></a>
<h2 >Notes<a href="#Notes" class="wiki-anchor">¶</a></h2>
<p>Testing Coverage for 2.18.1 will consist of the following</p>
<ul>
<li>Migration/Upgrade Testing
<ul>
<li>2.17.0 --> 2.18.1
<ul>
<li>FIPS</li>
<li>Non-FIPS</li>
</ul>
</li>
</ul>
</li>
<li>2.18.1 Functional Testing Suite
<ul>
<li>FIPS</li>
<li>Non-FIPS</li>
</ul>
</li>
</ul> Pulp - Test #4357 (CLOSED - COMPLETE): Pulp 2.19 master pulled epel django instead of pulp 2 djangohttps://pulp.plan.io/issues/43572019-01-29T12:41:38Zbherring
<a name="Problem"></a>
<h2 >Problem<a href="#Problem" class="wiki-anchor">¶</a></h2>
<p>When running nightly rhel76-fips testing, there were 500 errors [0] on jenkins tests since 1/23 and issues in journalctl with django [1].</p>
<p>After talking with asmacdo and daviddavis, it appears this may be a django being pulled from EPEL and not from our Pulp 2 repos on build [2][3]</p>
<a name="Testing"></a>
<h2 >Testing<a href="#Testing" class="wiki-anchor">¶</a></h2>
<p>It was determined this was the result of EPEL django precedence over the pulp.repo version that was built. This issue has been seen before.</p>
<p>Forced installation of the <strong>python2-django-1.11.17-1</strong> from the fedorapeople repo [3] and restart of services (or with a hammer of <strong>shutdown now -r</strong>) resulted in a functioning pulp install.</p>
<pre><code>[root@rhel76-fips ~]# journalctl -f
-- Logs begin at Mon 2019-01-28 12:33:13 EST. --
Jan 28 12:34:38 rhel76-fips pulp[5046]: kombu.transport.qpid:INFO: Connected to qpid with SASL mechanism ANONYMOUS
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) Internal Server Error: /pulp/api/v2/status/
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) Traceback (most recent call last):
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 131, in get_response
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) response = middleware_method(request, response)
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) File "/usr/lib/python2.7/site-packages/django/middleware/http.py", line 23, in process_response
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) set_response_etag(response)
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) File "/usr/lib/python2.7/site-packages/django/utils/cache.py", line 109, in set_response_etag
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) response['ETag'] = quote_etag(hashlib.md5(response.content).hexdigest())
Jan 28 12:34:38 rhel76-fips pulp[5046]: django.request:ERROR: (5046-27424) ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
</code></pre>
<a name="Actions"></a>
<h2 >Actions<a href="#Actions" class="wiki-anchor">¶</a></h2>
<p>Pulp-dev determined this issue as a low priority issue where documentation exercise may happen as a result of this issue.</p>
<p>For QE, this is a critical breakage of CI as the ansible install fails on FIPS installation and puts the box into a non-testable state. QE will be opening a related Urgent test tracker to fix the issue in the pulp-ci installer to fix mission critical work.</p>
<a name="References"></a>
<h2 >References<a href="#References" class="wiki-anchor">¶</a></h2>
<p>[0] - <a href="https://paste.fedoraproject.org/paste/bPRtYPa4ZCLShrZ7VUMqMQ" class="external">https://paste.fedoraproject.org/paste/bPRtYPa4ZCLShrZ7VUMqMQ</a><br>
[1] - <a href="https://pulp-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Pulp%202%20-%20Master/job/pulp-2-master-dev-rhel7-fips/228/" class="external">https://pulp-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Pulp%202%20-%20Master/job/pulp-2-master-dev-rhel7-fips/228/</a><br>
[2] - <a href="https://paste.fedoraproject.org/paste/6eHTS1Uc3NkC0hohvKe-TA" class="external">https://paste.fedoraproject.org/paste/6eHTS1Uc3NkC0hohvKe-TA</a> [from the affected 2.19a1-nightly box under test<br>
[3] - 2.11.17-1 <a href="https://repos.fedorapeople.org/repos/pulp/pulp/v2/testing/automation/2.19/stage/7Server/x86_64/" class="external">https://repos.fedorapeople.org/repos/pulp/pulp/v2/testing/automation/2.19/stage/7Server/x86_64/</a><br>
[4] - <a href="https://wiki.centos.org/PackageManagement/Yum/Priorities" class="external">https://wiki.centos.org/PackageManagement/Yum/Priorities</a></p> RPM Support - Test #4351 (CLOSED - COMPLETE): modules.yaml reference in repomd.xml does not use s...https://pulp.plan.io/issues/43512019-01-24T14:13:07Zbherring
<p>A report from upstream katello (<a href="https://projects.theforeman.org/issues/25529" class="external">https://projects.theforeman.org/issues/25529</a>) indicates that pulp generates a repomd.xml file that claims to use the checksum type that has been set on the publisher, but in fact is not using that:</p>
<p>In this example it purports to have used a sha1 checksum, but in fact its actually a sha256 checksum:</p>
<pre><code> <data type="modules">
<location href="repodata/824ffe238f202a0612ecbb2b0c0459dc289a7ef47adb1f26406453d41f476449-modules.yaml.gz"/>
<timestamp>1542811864</timestamp>
<size>33</size>
<checksum type="sha1">824ffe238f202a0612ecbb2b0c0459dc289a7ef47adb1f26406453d41f476449</checksum>
<open-size>0</open-size>
<open-checksum type="sha1">da39a3ee5e6b4b0d3255bfef95601890afd80709</open-checksum>
</data>
</code></pre>
<p>To reproduce:</p>
<p>1. create and sync a yum repository<br>
2. set a checksum type of sha1<br>
3. publish the repository</p> RPM Support - Test #4350 (CLOSED - COMPLETE): modules.yaml file is generated on repository with n...https://pulp.plan.io/issues/43502019-01-24T14:12:25Zbherring
<p>It seems that syncing and publishing a repository without any modularity info, still results in a modules.yaml being generated.</p>
<p>See: <a href="https://projects.theforeman.org/issues/25529" class="external">https://projects.theforeman.org/issues/25529</a> for more information</p> RPM Support - Test #4269 (CLOSED - COMPLETE): Recursive and conservative recursive copyhttps://pulp.plan.io/issues/42692018-12-14T17:36:04Zmilan
<a name="Description"></a>
<h2 >Description<a href="#Description" class="wiki-anchor">¶</a></h2>
<p>With the <a href="https://github.com/pulp/pulp_rpm/pull/1226" class="external">fix</a> for the Issue <a class="issue tracker-1 status-11 priority-6 priority-default closed" title="Issue: Regression Pulp 2.17.1: recursive copy of RPMs does not copy partially resolvable dependencies (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/4152">#4152</a>, the default behaviour of recursive copy changes back to the state before 2.17, rendering the test case <a href="https://github.com/PulpQE/Pulp-2-Tests/blob/c9277928c2788bced8d0ae3f630a46b6162fc4c9/pulp_2_tests/tests/rpm/api_v2/test_rich_weak_dependencies.py#L183" class="external">CopyRecursiveUnitsTestCase</a> broken.<br>
The behaviour specified in the <a href="https://github.com/PulpQE/pulp-smash/issues/1090" class="external">pulp smash issue 1090</a>, as requested in the Issue <a class="issue tracker-3 status-11 priority-6 priority-default closed" title="Story: Support more conservative dependency solving (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/2478">#2478</a>, is now optional and can be triggered by providing the <code>"recursive_conservative": true</code> config override instead of the default <code>"recursive": true</code>.<br>
With that setting, the test case <a href="https://github.com/PulpQE/Pulp-2-Tests/blob/c9277928c2788bced8d0ae3f630a46b6162fc4c9/pulp_2_tests/tests/rpm/api_v2/test_rich_weak_dependencies.py#L183" class="external">CopyRecursiveUnitsTestCase</a> should agin pass as is.</p>
<a name="Proposed-solution"></a>
<h2 >Proposed solution<a href="#Proposed-solution" class="wiki-anchor">¶</a></h2>
<p>Split the test case <a href="https://github.com/PulpQE/Pulp-2-Tests/blob/c9277928c2788bced8d0ae3f630a46b6162fc4c9/pulp_2_tests/tests/rpm/api_v2/test_rich_weak_dependencies.py#L183" class="external">CopyRecursiveUnitsTestCase</a> such that it asserts:</p>
<ul>
<li>a failure in the terms described in <a href="https://github.com/PulpQE/pulp-smash/issues/1090" class="external">pulp smash issue 1090</a> with the default <code>"recursive": true</code> config override setting</li>
<li>a success once the non-default <code>"recursive_conservative": true</code> config override setting is provided</li>
</ul> Pulp - Test #4258 (CLOSED - COMPLETE): Publishing incorrect branch head.https://pulp.plan.io/issues/42582018-12-11T13:33:31Zbherring
<a name="Notes"></a>
<h2 >Notes<a href="#Notes" class="wiki-anchor">¶</a></h2>
<ul>
<li>ostree smash test? ping jeff</li>
</ul> Pulp - Story #3778 (CLOSED - CURRENTRELEASE): [Epic] As a user, I can run Pulp 3 in a FIPS-enable...https://pulp.plan.io/issues/37782018-06-21T16:13:49ZdaviddavisPulp - Story #2843 (CLOSED - CURRENTRELEASE): As an authenticated user, I can create an Artifac...https://pulp.plan.io/issues/28432017-06-26T17:22:30Zdkliban@redhat.com
<p>For an API user to create an Artifact, Pulp 3 needs to have the following:</p>
<p>- updated Artifact[0] model without a 'content' foreign key nor the 'relative_path' field. A uniqueness constraint should be added on the sha256 field.<br>
- viewset that can handle CRD operations for Artifacts. It most likely needs to use the FileUploadParser[1] and a custom Django Upload Handler[2].<br>
- serializer for the viewset which will return all serialized fields of the Artifact model. The file field should be it's full path on disk.<br>
- API endpoint at /api/v3/content/artifacts<br>
- POST request to the /api/v3/content/artifacts/ endpoint creates an Artifact. The body of the request contains multipart form data with the following:</p>
<blockquote>
<p>file - The file being uploaded<br>
size - The size of the file in bytes.<br>
md5 - The MD5 checksum of the file.<br>
sha1 - The SHA-1 checksum of the file.<br>
sha224 - The SHA-224 checksum of the file.<br>
sha256 - The SHA-256 checksum of the file.<br>
sha384 - The SHA-384 checksum of the file.<br>
sha512 - The SHA-512 checksum of the file.</p>
</blockquote>
<p>Before the model is saved, a SHA-256 checksum (digest) of the uploaded file is generated.<br>
If a sha256 was specified in POST parameters, the generated hash is validated against the value specified as the POST parameter. If the values don't match a validation exception is raised.<br>
If an Artifact with the same sha256 checksum already exists, a 400 response is returned to the user.<br>
When the model is saved, the file is written to MEDIA_ROOT/content/units/digest[0:2]/digest[2:]<br>
After a successful save, a serialized version of the Artifact is returned.</p>
<p>- GET request to the /api/v3/content/artifacts/<artifact id> returns serialized Artifact</p>
<p>- DELETE request to the /api/v3/content/artifacts/<artifact id>/ raises an exception if the Artifact is still associated with any ContentUnit. The exception should provide a list of content units still associated with the Artifact. If an exception is not raised, Artifact is removed from the database and the file is removed from disk.</p>
<p>[0] <a href="https://github.com/pulp/pulp/blob/3.0-dev/platform/pulpcore/app/models/content.py#L72" class="external">https://github.com/pulp/pulp/blob/3.0-dev/platform/pulpcore/app/models/content.py#L72</a><br>
[1] <a href="http://www.django-rest-framework.org/api-guide/parsers/#fileuploadparser" class="external">http://www.django-rest-framework.org/api-guide/parsers/#fileuploadparser</a><br>
[2] <a href="https://docs.djangoproject.com/en/1.11/topics/http/file-uploads/#upload-handlers" class="external">https://docs.djangoproject.com/en/1.11/topics/http/file-uploads/#upload-handlers</a></p> Packaging - Task #2228 (CLOSED - CURRENTRELEASE): Improve nodepool node launch demand calculationhttps://pulp.plan.io/issues/22282016-09-02T19:12:45Zsemyerssean.myers@redhat.com
<p>Because of a needed tweak to nodepool[0] we already running a fork. After chatting with elyezer, there are some further improvements I'd like to include on the fork.</p>
<p>Currently, nodepoold uses a tool called "geard" to determine node launch demand, based on the configure label demands of queued jobs. I believe that when nodepool was first being used, this information was not obtainable via the Jenkins API. Now, however, it is[1]. Furthermore, the geard integration simply doesn't work, afaict, for our use-case, unless we want to go nuts and bring in more pieces of openstack automation (e.g. zuul).</p>
<p>I've already done some preliminary work[2] to try to determine label demand based on the current jenkins build queue, so all that remains is wiring it into the nodepool fork and getting rid of the geard stuff that doesn't meet our needs.</p>
<p>[0]: <a href="https://github.com/seandst/nodepool/commit/1a807c8def36d62e80aaaa0e4e961a176e9ce746" class="external">https://github.com/seandst/nodepool/commit/1a807c8def36d62e80aaaa0e4e961a176e9ce746</a><br>
[1]: <a href="https://python-jenkins.readthedocs.io/en/latest/api.html#jenkins.Jenkins.get_queue_info" class="external">https://python-jenkins.readthedocs.io/en/latest/api.html#jenkins.Jenkins.get_queue_info</a><br>
[2]: <a href="https://gist.github.com/seandst/8e9b62f7b46bb5baa88a8bf5fbb11215" class="external">https://gist.github.com/seandst/8e9b62f7b46bb5baa88a8bf5fbb11215</a></p> Pulp - Task #1941 (CLOSED - CURRENTRELEASE): Strict/nitpicky sphinx settings break our rpm buildshttps://pulp.plan.io/issues/19412016-05-23T22:40:42Zsemyerssean.myers@redhat.com
<p>This is a post-mortem report of the task of diagnosing and fixing broken builds.</p>
<hr>
<p>In <a class="issue tracker-2 status-11 priority-6 priority-default closed" title="Task: Consolidate platform and plugin docs into a static site. (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/950">#950</a>, we turned on strict docs builds, but this ended up breaking our builds.</p>
<p>The problem was that there's no internet access inside the mock buildroot, so when sphinx went to download the intersphinx inventory files it would fail. Normally this triggers a warning, but enabling strict mode promotes all build warnings to errors. It's worth pointing out that the intersphinx downloads have always been failing during RPM build, the only thing new was our strictness.</p>
<p>Strict building is good; at the moment work is ongoing in <a class="issue tracker-2 status-11 priority-6 priority-default closed" title="Task: Consolidate platform and plugin docs into a static site. (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/950">#950</a> to modify our docs build process to hopefully (among many other goals) allow us to once again do strict builds with sphinx without breaking the build.</p>