Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-11-20T07:34:35ZPulp
Planio Pulp - Issue #9577 (NEW): Add ability to provide list of headers for pulp_webserver nginx templatehttps://pulp.plan.io/issues/95772021-11-20T07:34:35Zjamesmarshall24
<p>Add the ability to specify a list of nginx headers so users can define the headers needed to use the UI installed by pulp_installer.</p>
<p>Example variable structure:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="na">pulp_nginx_user_headers</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">X-Content-Type-Options:</span><span class="nv"> </span><span class="s">nosniff"</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">X-XSS-Protection:</span><span class="nv"> </span><span class="s">1;</span><span class="nv"> </span><span class="s">mode=block"</span>
</code></pre>
<p>Example templating for <code>/roles/pulp_webserver/templates/nginx.conf.j2</code>:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"> <span class="c1"># headers added with pulp_nginx_user_headers variable</span>
<span class="pi">{</span><span class="err">%</span> <span class="nv">for header in nginx_user_headers %</span><span class="pi">}</span>
<span class="s">add_header {{ header }}</span>
<span class="pi">{</span><span class="err">%</span> <span class="nv">endfor %</span><span class="pi">}</span>
<span class="c1"># end of headers added with pulp_nginx_user_headers variable</span>
</code></pre> Pulp - Issue #9286 (NEW): Check failed during installation when using vault encrypted variablehttps://pulp.plan.io/issues/92862021-08-24T09:46:13Zbeenje
<p>I tried installing pulp using the Pulp 3 Ansible Installer playbook:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="nn">---</span>
<span class="na">collections</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pulp.pulp_installer</span>
<span class="na">version</span><span class="pi">:</span> <span class="s">3.14.4</span>
</code></pre>
<p>I encrypted the pulp_default_admin_password and secret_key in my inventory (using ansible-vault encrypt_string -n pulp_default_admin_password xxxxxx).
When running the playbook, 2 tasks failed:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="s">ASK [pulp.pulp_installer.pulp_common</span> <span class="err">:</span> <span class="s">Check if required variables are set] ************************************************************************************</span>
<span class="na">ok</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span> <span class="s">=> (item=pulp_settings.content_origin) => {</span>
<span class="s">"__pulp_common_req_var"</span><span class="err">:</span> <span class="s2">"</span><span class="s">pulp_settings.content_origin"</span><span class="err">,</span>
<span class="s2">"</span><span class="s">ansible_loop_var"</span><span class="err">:</span> <span class="s2">"</span><span class="s">__pulp_common_req_var"</span><span class="err">,</span>
<span class="s2">"</span><span class="s">changed"</span><span class="err">:</span> <span class="no">false</span><span class="s">,</span>
<span class="s">"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">All</span><span class="nv"> </span><span class="s">assertions</span><span class="nv"> </span><span class="s">passed"</span>
<span class="err">}</span>
<span class="na">fatal</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span><span class="err">:</span> <span class="s">FAILED! => {"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">The</span><span class="nv"> </span><span class="s">conditional</span><span class="nv"> </span><span class="s">check</span><span class="nv"> </span><span class="s">'pulp_settings.secret_key</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0'</span><span class="nv"> </span><span class="s">failed.</span><span class="nv"> </span><span class="s">The</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">was:</span><span class="nv"> </span><span class="s">Unexpected</span><span class="nv"> </span><span class="s">templating</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">occurred</span><span class="nv"> </span><span class="s">on</span><span class="nv"> </span><span class="s">({%</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">pulp_settings.secret_key</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">True</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">False</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">endif</span><span class="nv"> </span><span class="s">%}):</span><span class="nv"> </span><span class="s">object</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">'AnsibleVaultEncryptedUnicode'</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">len()"</span><span class="err">}</span>
<span class="s">TASK [pulp.pulp_installer.pulp_database_config</span> <span class="err">:</span> <span class="s">Check if required variables are set] ***************************************************************************</span>
<span class="na">fatal</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span><span class="err">:</span> <span class="s">FAILED! => {"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">The</span><span class="nv"> </span><span class="s">conditional</span><span class="nv"> </span><span class="s">check</span><span class="nv"> </span><span class="s">'pulp_default_admin_password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0'</span><span class="nv"> </span><span class="s">failed.</span><span class="nv"> </span><span class="s">The</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">was:</span><span class="nv"> </span><span class="s">Unexpected</span><span class="nv"> </span><span class="s">templating</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">occurred</span><span class="nv"> </span><span class="s">on</span><span class="nv"> </span><span class="s">({%</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">pulp_default_admin_password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">True</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">False</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">endif</span><span class="nv"> </span><span class="s">%}):</span><span class="nv"> </span><span class="s">object</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">'AnsibleVaultEncryptedUnicode'</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">len()"</span><span class="err">}</span>
</code></pre>
<p>I had to use plain strings to run the playbook.
It should be possible to use encrypted strings.</p> Pulp - Issue #9211 (NEW): Vagrant devel installs have SELinux errorshttps://pulp.plan.io/issues/92112021-08-04T14:14:02Zmdepaulo@redhat.com
<p>Because SELinux installs are in editable mode, the .pyc files produce SELinux errors.</p>
<p>Other SELinux errors may exist too due to the devel installs.</p>
<pre><code class="text syntaxhl" data-language="text">TASK [pulp_devel : SELinux status] *********************************************
ok: [pulp3-source-fedora34] => {
"selinux_analyze.stdout_lines": [
"SELinux is preventing gunicorn from search access on the directory vagrant.",
"SELinux is preventing gunicorn from search access on the directory /.",
"SELinux is preventing gunicorn from getattr access on the directory /home/vagrant/devel/pulpcore.",
"SELinux is preventing gunicorn from read access on the directory models.",
"SELinux is preventing gunicorn from open access on the directory /home/vagrant/devel/pulpcore/pulpcore/app/models.",
"SELinux is preventing gunicorn from getattr access on the directory /home/vagrant.",
"SELinux is preventing gunicorn from getattr access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/settings.py.",
"SELinux is preventing gunicorn from read access on the file settings.py.",
"SELinux is preventing gunicorn from open access on the file /home/vagrant/devel/pulpcore/pulpcore/app/settings.py.",
"SELinux is preventing gunicorn from ioctl access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/settings.py.",
"SELinux is preventing pulpcore-worker from read access on the file __init__.cpython-39.pyc.",
"SELinux is preventing pulpcore-worker from open access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/__pycache__/__init__.cpython-39.pyc.",
"SELinux is preventing pulpcore-worker from ioctl access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/__pycache__/__init__.cpython-39.pyc.",
"SELinux is preventing pulpcore-worker from name_connect access on the tcp_socket port 5432.",
"SELinux is preventing pulpcore-worker from add_name access on the directory 21847@pulp3-source-fedora34.localhost.example.com.",
"SELinux is preventing pulpcore-worker from remove_name access on the directory 21235@pulp3-source-fedora34.localhost.example.com.",
"SELinux is preventing pulpcore-worker from rmdir access on the directory 21235@pulp3-source-fedora34.localhost.example.com.",
"SELinux is preventing nginx from read access on the file nginx.conf.",
"SELinux is preventing nginx from open access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/webserver_snippets/nginx.conf.",
"SELinux is preventing nginx from getattr access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/webserver_snippets/nginx.conf."
]
}
</code></pre> Pulp - Task #8848 (NEW): pulp_installer to run CI against stable brancheshttps://pulp.plan.io/issues/88482021-06-01T21:20:04Zmdepaulo@redhat.com
<p>Currently, the source molecule tests test the master branch of pulpcore and master branch of plugins, rather than the appropriate branches like pulpcore 3.11 and pulp_rpm 3.11</p>
<p>So effectively we are relying on release jobs on old branches to catch errors, at release time.</p> Pulp - Story #8846 (NEW): As a pulp_installer user, I do not need to use the latest micro release...https://pulp.plan.io/issues/88462021-06-01T21:12:19Zmdepaulo@redhat.com
<p>Basically, this means that pulp_installer 3.14.0 (or possibly 3.13.1 / 3.13.2) will be able to install pulpcore 3.14.z .</p>
<p>The benefit for users is that they will not need to always have the latest micro version of pulp_installer.</p>
<p>And the benefit to the pulp team is that we will not need to do a pulp_installer micro release for every pulpcore micro release.</p>
<p>This is a variation of the 1 year old proposal for versions/branches in pulp_installer, and a variation of the specific micro release policy we implemented originally in <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>.</p>
<p>Reference from <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>:</p>
<pre><code> * Original discussion:
* [mikedep333's proposal](https://github.com/pulp/pulp_installer/pull/203#issue-361269733)
* [bmbouter's couter-proposal to do micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-577903411)
* [mikedep333's agreement/details for micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-579450153)
</code></pre> Pulp - Backport #8835 (NEW): Backport pulp_installer FIPS fix to 3.11https://pulp.plan.io/issues/88352021-05-27T18:42:39Zironfroggy
<p>Current open ticket for FIPS issue: <a href="https://pulp.plan.io/issues/8834" class="external">https://pulp.plan.io/issues/8834</a></p> Pulp - Story #8701 (NEW): As a pulp_installer user, I can use the full logic to add repos to the ...https://pulp.plan.io/issues/87012021-05-05T12:59:40Zmdepaulo@redhat.com
<p>As mentioned in <a class="issue tracker-1 status-11 priority-6 priority-default closed" title="Issue: pulp_installer fails to install redis due to no EPEL7 (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/7773">#7773</a> , we should refactor our logic to add repos to the system (in a robust & configurable manner) into another role like <code>pulp_repos</code>.</p>
<p>I propose the following design:</p>
<ol>
<li>This is a dependency role. pulp_common, pulp_redis, pulp_database, will all depend on it.</li>
<li>When a role like pulp_common depends on it, it passes variables like <code>__pulp_repos_epel: true</code> to denote which repos the role needs. It passes variables via roles/pulp_common/meta/main.yml : <code>dependencies:</code>
</li>
<li>If a user wants to disable the logic to add the repo (if they added it manually), they'll pass a variable like <code>pulp_repos_epel: false</code> to disable it.</li>
<li>Existing variables for configuring how we add the repos to the system, like <code>epel_release_packages</code>, should still used.</li>
</ol>
<p>This logic is found in:</p>
<ul>
<li>roles/pulp_common/tasks/ambiguously-named-repo.yml</li>
<li>roles/pulp_common/tasks/repos.yml</li>
</ul> Pulp - Issue #8055 (NEW): When SELinux is enabled, pulp_installer relabels all the files in /var/...https://pulp.plan.io/issues/80552021-01-08T17:04:00Zdkliban@redhat.com
<p>The installer takes a long time to upgrade an existing system that's running with SELinux enabled because it always relabels /var/lib/pulp in the "Restore SELinux contexts on Pulp dirs that may exist" handler[0]. The list of the directories is here[1].</p>
<p>[0] <a href="https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/handlers/main.yml#L13-L21" class="external">https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/handlers/main.yml#L13-L21</a>
[1] <a href="https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/defaults/main.yml#L63-L66" class="external">https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/defaults/main.yml#L63-L66</a></p> Pulp - Issue #7641 (NEW): pulp_installer role READMEs should not tell users to set ansible_python...https://pulp.plan.io/issues/76412020-10-01T18:17:29Zmdepaulo@redhat.com
<p>Multiple roles' README.md files list under variables:</p>
<pre><code>ansible_python_interpreter`: **Required**. Path to the Python interpreter.
</code></pre>
<p>It definitely isn't required to be set, since the default behavior is auto_legacy in Ansible 2.8 through 2.11, and auto in 2.12 (planned.)</p>
<p>Furthermore, we probably shouldn't even list it. It is a common built-in Ansible variable that. There are many others, and there seems to be nothing special about it. Perhaps we should list it in case users are running Fedora 30.</p> Pulp - Issue #7640 (NEW): pulp_rpm_prerequisites sets ansible_python_interpreter unnecessarilyhttps://pulp.plan.io/issues/76402020-10-01T18:14:01Zmdepaulo@redhat.com
<p>There is no reason it should be set to:</p>
<pre><code>ansible_python_interpreter: /usr/bin/python
</code></pre>
<p>Since the behavior of auto_legacy and auto is to set it to that (python2) anyway.</p>
<p>It also would only affect the role (and later applied roles) at most, since the role is always (and conditionally) dynamically included. If it has any effect, this makes it harder to test the installer, different interpreter depending on whether or not pulp_rpm is getting installed.</p> Pulp - Issue #7627 (NEW): Can't use the installer with iptables (and firewalld being masked)https://pulp.plan.io/issues/76272020-09-30T07:40:36Zttereshcttereshc@redhat.com
<p>From a user report on irc:</p>
<pre><code>I am trying to install the latest version of pulp using ansible and am getting an error in regards to the firewall towards the end of the run
Fatal: [host1]: FAILED! => {"changed": false, "msg": "Unable to enable service firewalld: Failed to execute operation: Cannot send after transport endpoint shutdown\n"}
Would it have something to do with, "Ansibles Python interpreter must have the package installed: * psycopg2 * firewall (if firewalld should be configured; you can disable that with pulp_configure_firewall=false)"
I looked for the string "pulp_configure_firewall" in the ansible collection but from what i see the only two options are "Valid values are 'auto', 'firewalld',"
firewalld was masked as iptables was in use on the box.. once i unmasked it the playbook could complete
</code></pre> Pulp - Issue #7472 (NEW): pulp_installer does not apply some tasks to RHEL8 properlyhttps://pulp.plan.io/issues/74722020-09-08T17:18:09Zmdepaulo@redhat.com
<p>A quick glance through the repo shows some tasks that can be easily fixed to support RHEL8 in addition to CentOS 8:
<a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_devel/templates/venv.bashrc.j2" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_devel/templates/venv.bashrc.j2</a>
<a href="https://github.com/pulp/pulp_installer/search?q=CentOS+path%3Aroles&unscoped_q=CentOS+path%3Aroles" class="external">https://github.com/pulp/pulp_installer/search?q=CentOS+path%3Aroles&unscoped_q=CentOS+path%3Aroles</a></p>
<p><a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_database/tasks/install_postgres.yml" class="external">RHEL7 is an issue as well, but would be more difficult.</a></p> Pulp - Issue #6896 (NEW): [pulp_installer] Parametrize postgres package in roles/pulp_databasehttps://pulp.plan.io/issues/68962020-06-03T11:03:10Zspredzy
<p>As a user, while the default postgresql package is called rh-postgrelsql96 - which is fine - I would like to be able to specify a different package name, as we can specify various diffferents parameters name.</p>
<p>It is currently hardcoded at the playbook level[1] which prevents any overloading.</p>
<p>[1] <a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_database/tasks/install_postgres.yml#L13" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_database/tasks/install_postgres.yml#L13</a></p> Pulp - Issue #6658 (NEW): Pain points when trying Pulp3 for the first timehttps://pulp.plan.io/issues/66582020-05-05T16:28:58Zxenlo
<a name="Intro"></a>
<h3 >Intro<a href="#Intro" class="wiki-anchor">¶</a></h3>
<p>@dkliban asked me some feedback (pain points) about trying to put Pulp3 in place.</p>
<a name="Background-on-my-use-case"></a>
<h3 >Background on my use case<a href="#Background-on-my-use-case" class="wiki-anchor">¶</a></h3>
<p>In the company I work for, we use ansible in our automation process. And in our automated deployment we provision infrastructure with Debian, OpenSuse and SLES. So for now we manage a server that mirror repos for all those distro. This is a collection of different tools apt-mirror, createrepo, RMT, wget and rsync glued with shell scripts and published with half thousand(for now) of soft links.</p>
<p>So I was interested to put in place Pulp3 with deb, rpm and file plugin on a Debian 10 host, installed with Ansible playbook <code>pulp_installer</code>.</p>
<a name="Pain-Point-List"></a>
<h3 >Pain Point List<a href="#Pain-Point-List" class="wiki-anchor">¶</a></h3>
<p>I think that most of all my expectations was something more mature, closer to 'Production ready' tool.</p>
<ul>
<li>I expected some CLI as user interface, as I think that a big part of public for this tool is SysAdmin.
Even API is a great interface, it's not comfortable for SysAdmin to manager repos (even more true we it needs to discover how it works)</li>
<li>The lack of external doc, like "tuto: How I mirror Centos and Debian with Pulp"…</li>
<li>Some confusion if the doc/tool is for Pulp2 or Pulp3</li>
<li>Yet another issue tracker to rise issues
(I didn't try really hard but my attempt to auth with github failed…)</li>
<li>The doc to install doc tells you that the prefered method is with Ansible but don't explain you how. Just redirect you to a git repo where you have to found the corresponding doc, which is not easy to find and which is not in line with the latest version on the repo (already explaned that point)</li>
<li>The pulp_installer don't list the system prereq. That's sad because, at least on a fresh installed Debian 10, the playbook fails. I had to add some packages and force the ansible_python_interpreter get the work done.</li>
<li>On the project page you tells that Pulp can manage plainty of repo type, but in fact if you take a fresh version only few plugins are working. Is there at least a compatibility/status matrix explaining that?</li>
</ul>
<a name="Thanks"></a>
<h3 >Thanks<a href="#Thanks" class="wiki-anchor">¶</a></h3>
<p>Nevertheless, I wanted to close on a more positive point, the IRC channel is highly responsive, and people hanging out there are full of goodwill.
Thanks for that!</p> Pulp - Issue #6274 (NEW): Problem: existing Pulp deployments with system-wide packages conflict w...https://pulp.plan.io/issues/62742020-03-03T19:51:59Zmdepaulo@redhat.com
<p>Note: This issue is specificaly about running ansible-pulp against existing deployments of Pulp.</p>
<p>Manual testing with <a href="https://quay.io/repository/pulp/pulp_rpm-ci-c7" class="external">centos 7 pulp_rpm images</a> reveals that we can modify /usr/local/lib/pulp/pyvenv.cfg to not use system-wide packages anymore, and then let the <code>pip install</code> commands fix the missing dependencies. So this is the approach that ansible-pulp should take when <code>pulp_use_system_wide_pkgs</code> is false (or perhaps whenever centos 7 is in use.)</p>