Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2020-06-09T15:45:37ZPulp
Planio Pulp - Task #6942 (NEW): Update galaxy_ng docs for the pulp_installer install-from-rpm supporthttps://pulp.plan.io/issues/69422020-06-09T15:45:37Zmdepaulo@redhat.com
<p>Its docs should show the example variables for doing this.</p> Pulp - Story #6914 (NEW): nginx listen port and ip can not be configured with a variablehttps://pulp.plan.io/issues/69142020-06-05T12:18:38ZPixelfool
<p>In an IPV6 environment, it is necessary to configure the port and IP address for binding. <br>
In roles/pulp_webserver/templates/nginx.conf.j2, line 34, the configuration default is:</p>
<pre><code class="text syntaxhl" data-language="text">server {
listen 80 default deferred;
...
}
</code></pre>
<p>One solution could be</p>
<pre><code class="text syntaxhl" data-language="text">server {
listen {{ pulp_nginx_bind }} default deferred;
...
}
</code></pre>
<p>Expected result:</p>
<pre><code class="text syntaxhl" data-language="text">server {
listen [2001:db8::1]:80 default deferred;
...
}
</code></pre> Pulp - Task #6904 (NEW): Document using https://pypi.org/project/pulpcore-releases/ for the insta...https://pulp.plan.io/issues/69042020-06-03T15:25:07Zbmbouterbmbouter@redhat.com
<p>The Pulp Dependency Checker is a great tool to show compatibility between a pulpcore version and various concerns.</p>
<p>We should do three things:</p>
<ol>
<li>
<p>Move the pdc tool to the pulp org.</p>
</li>
<li>
<p>Add a very obvious link to the pulp_installer docs recommending users to use the tool to determine pulpcore and plugin compatibility</p>
</li>
<li>
<p>Update the error message that the installer puts out when the pre-flight check fails. Have that error message point users to specifically check which plugins are compatible with the pulpcore version the installer is trying to install.</p>
</li>
</ol> Pulp - Issue #6896 (NEW): [pulp_installer] Parametrize postgres package in roles/pulp_databasehttps://pulp.plan.io/issues/68962020-06-03T11:03:10Zspredzy
<p>As a user, while the default postgresql package is called rh-postgrelsql96 - which is fine - I would like to be able to specify a different package name, as we can specify various diffferents parameters name.</p>
<p>It is currently hardcoded at the playbook level[1] which prevents any overloading.</p>
<p>[1] <a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_database/tasks/install_postgres.yml#L13" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_database/tasks/install_postgres.yml#L13</a></p> Pulp - Task #6798 (NEW): Document the new guidelines for plugin installation logichttps://pulp.plan.io/issues/67982020-05-21T18:47:54Zmdepaulo@redhat.com
<p>There are 3 places they could be:</p>
<ol>
<li>A role in a separate git repo and on galaxy.</li>
<li>A separate role in the pulp_installer repo (pulp_rpm will be this.)</li>
<li>Conditional logic within the pulp_installer's other roles.</li>
</ol> Pulp - Story #6797 (ASSIGNED): [epic] As a user, I can consume all the plugin prereq roles in the...https://pulp.plan.io/issues/67972020-05-21T18:45:22Zmdepaulo@redhat.com
<p>pulp_rpm_prerequisites exists because the installer has had a plugin neutral policy.</p>
<p>This policy was for very long misunderstood: It's not about avoiding favoritism to any plugins, it's about not tying the installer (which is tied to pulpcore releases) to plugin releases. So that say pulpcore 3.3 logic would be in pulp_installer 3.3 release, and so that pulp_cardboardbox 0.7 logic would be in the pulp_cardboardbox_prerequisites 0.7 role.</p>
<p>The team now agrees that this policy is counter-productive because:</p>
<ol>
<li>Having a role in a separate repo (not part of the pulp_installer collection) is extra work for developers, and for users.</li>
<li>The only plugin that currently needs a prereq role, pulp_rpm, has version numbers and releases that correspond to pulpcore releases. pulp_rpm 3.3.z needs pulpcore 3.3.z, etc. So the pulp_rpm specific installation logic can be safely bundled in pulp_installer 99% of the time.</li>
</ol> Pulp - Task #6747 (NEW): Demo video for pulp_installerhttps://pulp.plan.io/issues/67472020-05-14T21:48:07Zfao89
<ul>
<li>Video should not have audio</li>
<li>
<a href="https://asciinema.org/" class="external">https://asciinema.org/</a> - records terminal output and can be embedded in our docs and in the README on github</li>
<li>include RPM and Container plugins</li>
</ul> Pulp - Issue #6658 (NEW): Pain points when trying Pulp3 for the first timehttps://pulp.plan.io/issues/66582020-05-05T16:28:58Zxenlo
<a name="Intro"></a>
<h3 >Intro<a href="#Intro" class="wiki-anchor">¶</a></h3>
<p>@dkliban asked me some feedback (pain points) about trying to put Pulp3 in place.</p>
<a name="Background-on-my-use-case"></a>
<h3 >Background on my use case<a href="#Background-on-my-use-case" class="wiki-anchor">¶</a></h3>
<p>In the company I work for, we use ansible in our automation process. And in our automated deployment we provision infrastructure with Debian, OpenSuse and SLES. So for now we manage a server that mirror repos for all those distro. This is a collection of different tools apt-mirror, createrepo, RMT, wget and rsync glued with shell scripts and published with half thousand(for now) of soft links.</p>
<p>So I was interested to put in place Pulp3 with deb, rpm and file plugin on a Debian 10 host, installed with Ansible playbook <code>pulp_installer</code>.</p>
<a name="Pain-Point-List"></a>
<h3 >Pain Point List<a href="#Pain-Point-List" class="wiki-anchor">¶</a></h3>
<p>I think that most of all my expectations was something more mature, closer to 'Production ready' tool.</p>
<ul>
<li>I expected some CLI as user interface, as I think that a big part of public for this tool is SysAdmin.
Even API is a great interface, it's not comfortable for SysAdmin to manager repos (even more true we it needs to discover how it works)</li>
<li>The lack of external doc, like "tuto: How I mirror Centos and Debian with Pulp"…</li>
<li>Some confusion if the doc/tool is for Pulp2 or Pulp3</li>
<li>Yet another issue tracker to rise issues
(I didn't try really hard but my attempt to auth with github failed…)</li>
<li>The doc to install doc tells you that the prefered method is with Ansible but don't explain you how. Just redirect you to a git repo where you have to found the corresponding doc, which is not easy to find and which is not in line with the latest version on the repo (already explaned that point)</li>
<li>The pulp_installer don't list the system prereq. That's sad because, at least on a fresh installed Debian 10, the playbook fails. I had to add some packages and force the ansible_python_interpreter get the work done.</li>
<li>On the project page you tells that Pulp can manage plainty of repo type, but in fact if you take a fresh version only few plugins are working. Is there at least a compatibility/status matrix explaining that?</li>
</ul>
<a name="Thanks"></a>
<h3 >Thanks<a href="#Thanks" class="wiki-anchor">¶</a></h3>
<p>Nevertheless, I wanted to close on a more positive point, the IRC channel is highly responsive, and people hanging out there are full of goodwill.
Thanks for that!</p> Pulp - Task #6625 (NEW): document the OSes the installer supportshttps://pulp.plan.io/issues/66252020-04-30T16:27:24Zfao89Pulp - Issue #6274 (NEW): Problem: existing Pulp deployments with system-wide packages conflict w...https://pulp.plan.io/issues/62742020-03-03T19:51:59Zmdepaulo@redhat.com
<p>Note: This issue is specificaly about running ansible-pulp against existing deployments of Pulp.</p>
<p>Manual testing with <a href="https://quay.io/repository/pulp/pulp_rpm-ci-c7" class="external">centos 7 pulp_rpm images</a> reveals that we can modify /usr/local/lib/pulp/pyvenv.cfg to not use system-wide packages anymore, and then let the <code>pip install</code> commands fix the missing dependencies. So this is the approach that ansible-pulp should take when <code>pulp_use_system_wide_pkgs</code> is false (or perhaps whenever centos 7 is in use.)</p> Pulp - Task #5889 (NEW): Add upgrade information to the docshttps://pulp.plan.io/issues/58892019-12-16T21:06:09Zbmbouterbmbouter@redhat.com
<p>The installer supports upgrading (see <a href="https://pulp.plan.io/issues/5884" class="external">https://pulp.plan.io/issues/5884</a> ) we just need to document it for the user.</p> Pulp - Story #5832 (NEW): As a developer, ansible-pulp will provide me with the cool postgres WebGUIhttps://pulp.plan.io/issues/58322019-12-03T22:35:56Zmdepaulo@redhat.com
<p>The following PoC was done. For implementation, it can be incorporated into the pulp-devel role, and pulplift.</p>
<p>On the host, reconnect to the pulplift VM pulp3-source-fedora31 with a new SSH tunnel (this will be added to pulplift config during implementation):</p>
<pre><code>vagrant ssh pulp3-source-fedora31 -- -L 8443:127.0.0.1:8443
</code></pre>
<p>On the pulplift VM pulp3-source-fedora31:</p>
<p>Modified /var/lib/pgsql/data/pg_hba.conf to replace the 127.0.0.1 line with:</p>
<pre><code>host all all 0.0.0.0/0 md5
</code></pre>
<p>(Because the container has a NAT'd IP address.)</p>
<p>Modified /var/lib/pgsql/data/postgresql.conf to contain</p>
<pre><code>listen_addresses = '*'
</code></pre>
<p>(Because otherwise it's localhost only; see above.)</p>
<pre><code>sudo systemctl restart postgresql.service
sudo dnf install -y podman-docker
docker pull dpage/pgadmin4
# "--restart always" will be ignored for podman-docker. Only real docker/moby-engine will use it. podman will need a systemd unit to survive VM reboots.
docker run --restart always -p 8443:8443 -e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' -e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' -e 'PGADMIN_LISTEN_PORT=8443' -d dpage/pgadmin4
</code></pre>
<p>Now back on your host:</p>
<p>Open your browser to:<br>
<a href="http://127.0.0.1:8443/" class="external">http://127.0.0.1:8443/</a><br>
And login with the username/email and password listed above.</p>
<p>Then create a new connection to:<br>
The IP address of the pulplift VM<br>
database: pulp<br>
user: pulp<br>
password: pulp<br>
(These settings will later be set via PGADMIN_SERVER_JSON_FILE)</p>
<p>Rererence:<br>
<a href="https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples" class="external">https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples</a></p> Pulp - Story #5618 (NEW): As a user, I can download & run a version of the ansible installer that...https://pulp.plan.io/issues/56182019-10-25T08:37:28Zmdepaulo@redhat.com
<p>Currently users are encouraged to get the latest ansible-pulp roles via git cloning. Later on, Ansible Galaxy.</p>
<p>The only stable tag ever done was 3.0.0rc1. Presumably we will create them for 3.0.0 and later.<br>
<a href="https://github.com/pulp/ansible-pulp/releases" class="external">https://github.com/pulp/ansible-pulp/releases</a></p>
<p>However, consider the following scenario (hypothetical release dates):<br>
1. They download the roles (either method) on Apr 1. They are versioned as 3.0.3 and install pulp 3.0.3<br>
2. They run them against their test env and it works.<br>
3. Pulp 3.1.0 & ansible-pulp 3.1.0 are released on Apr 15.<br>
4. They run the 3.0.3 roles against their prod env on May 1.<br>
5. The 3.0.3 roles try to install pulp 3.1.0 from pip, but fails due to the lack of new logic.</p>
<p>It would make sense to have a variable for the pulp version to install, that defaults to the same version as the roles, but can be overriden (but doing so is discouraged.)</p>
<p>Plugin versions would also be an issue. Let's discuss how this can be handled.</p>
<p>Also, I am not sure if there is an existing task for publishing the roles (other than pulp_rpm_prerequisites) to Ansible Galaxy (pulp project on it.):<br>
<a href="https://galaxy.ansible.com/pulp" class="external">https://galaxy.ansible.com/pulp</a></p> Pulp - Task #4969 (NEW): Improve documentation on the nginx and apache deployment offered by the ...https://pulp.plan.io/issues/49692019-06-13T19:07:45Zbmbouterbmbouter@redhat.com
<p>These docs should be in the pulp docs, not the ansible installer docs. It should clarify with a diagram the reverse proxy deployment provided by:</p>
<p><a href="https://pulp.plan.io/issues/4966" class="external">https://pulp.plan.io/issues/4966</a><br>
<a href="https://pulp.plan.io/issues/4967" class="external">https://pulp.plan.io/issues/4967</a></p> Pulp - Story #97 (NEW): As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 V...https://pulp.plan.io/issues/972015-01-08T15:50:12Zcduryeecduryee@redhat.com
<p>The real deliverables are in the checklist, but here is some extra info on how to compile it.</p>
<p>To compile and install the Pulp SELinux with Ansible for Vagrant you will need to:</p>
<ul>
<li>Install selinux-policy-devel rpm with ansible</li>
<li>Compile the policy similar to <code>make NAME=celery -f /usr/share/selinux/devel/Makefile DISTRO=fedora24</code> except with ansible</li>
<li>Install the policy using Ansible</li>
<li>Have ansible call the restorecon script or fixfiles (see checklist item) so that all the right restorecon calls occur. Stay DRY with these calls if possible.[0]</li>
<li>If necessary, have the policy use "developer layout" .fc files to cause the .te compiled policies to be compatible with the layout used by Vagrant.</li>
</ul>
<p>Use the <code>ps -awfuxZ | grep celery</code> to verify it is becoming the celery_t security label type. Similarly httpd should get an httpd security type. Then do some testing with Pulp and SELinux enabled.</p>
<p>[0]: <a href="https://github.com/pulp/pulp/blob/master/server/selinux/server/relabel.sh" class="external">https://github.com/pulp/pulp/blob/master/server/selinux/server/relabel.sh</a></p>