Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2020-08-05T14:39:19ZPulp
Planio Pulp - Task #7281 (NEW): Update docs to state that installer can only install one cluster at a timehttps://pulp.plan.io/issues/72812020-08-05T14:39:19Zdkliban@redhat.com
<p>The documentation needs to have a "Known limitations" section. One of the items should state that that the installer can only install one Pulp cluster at a time.</p> Pulp - Story #7247 (NEW): As a pulp_installer developer-user, the pulp_rpm signing service will b...https://pulp.plan.io/issues/72472020-07-30T19:56:47Zmdepaulo@redhat.com
<p>The current way pulp_rpm's signing service needs to be installed is a temporary.</p>
<p>So let's add the current ansible-based solution I already developed. I developed it as part of the selinux el8 dev env, and it's in the pulp_devel (not meant for end users.)</p> Pulp - Story #7100 (NEW): As an admin I want to be able to ratelimit access to the api endpointshttps://pulp.plan.io/issues/71002020-07-07T14:09:57Zmdellweg
<p>In the most simple way, this can be added solely by adjusting the settings.
We should test this and document it with the installer.</p>
<p><a href="https://www.django-rest-framework.org/api-guide/throttling/" class="external">https://www.django-rest-framework.org/api-guide/throttling/</a></p> Pulp - Story #7007 (NEW): As a user, I do not have to worry about Pulp being accidentally upgrade...https://pulp.plan.io/issues/70072020-06-18T15:40:06Zmdepaulo@redhat.com
<p>We should pursue using dnf versionlock to accomplish this.</p>
<p>This is needed because handlers/tasks "Run database migrations" will not be run if users run <code>dnf update</code>. Pulp would be broken until users re-run the installer.</p> Pulp - Task #6942 (NEW): Update galaxy_ng docs for the pulp_installer install-from-rpm supporthttps://pulp.plan.io/issues/69422020-06-09T15:45:37Zmdepaulo@redhat.com
<p>Its docs should show the example variables for doing this.</p> Pulp - Task #6904 (NEW): Document using https://pypi.org/project/pulpcore-releases/ for the insta...https://pulp.plan.io/issues/69042020-06-03T15:25:07Zbmbouterbmbouter@redhat.com
<p>The Pulp Dependency Checker is a great tool to show compatibility between a pulpcore version and various concerns.</p>
<p>We should do three things:</p>
<ol>
<li>
<p>Move the pdc tool to the pulp org.</p>
</li>
<li>
<p>Add a very obvious link to the pulp_installer docs recommending users to use the tool to determine pulpcore and plugin compatibility</p>
</li>
<li>
<p>Update the error message that the installer puts out when the pre-flight check fails. Have that error message point users to specifically check which plugins are compatible with the pulpcore version the installer is trying to install.</p>
</li>
</ol> Pulp - Task #6798 (NEW): Document the new guidelines for plugin installation logichttps://pulp.plan.io/issues/67982020-05-21T18:47:54Zmdepaulo@redhat.com
<p>There are 3 places they could be:</p>
<ol>
<li>A role in a separate git repo and on galaxy.</li>
<li>A separate role in the pulp_installer repo (pulp_rpm will be this.)</li>
<li>Conditional logic within the pulp_installer's other roles.</li>
</ol> Pulp - Task #6747 (NEW): Demo video for pulp_installerhttps://pulp.plan.io/issues/67472020-05-14T21:48:07Zfao89
<ul>
<li>Video should not have audio</li>
<li>
<a href="https://asciinema.org/" class="external">https://asciinema.org/</a> - records terminal output and can be embedded in our docs and in the README on github</li>
<li>include RPM and Container plugins</li>
</ul> Pulp - Story #6688 (NEW): pulp_installer: preflight check and system-wide packages are incompatiblehttps://pulp.plan.io/issues/66882020-05-08T14:40:15Zmdepaulo@redhat.com
<p>Part of the pre-flight check does not understand system-wide packages, but another part is still affected by them.</p>
<p>This leads to false positives (enforcements) in addition to false negatives in the preflight check.</p>
<p>We no longer need system-wide packages, so we should remove support for it, and migrate user installs off of it, as safely as possible.</p> Pulp - Task #6625 (NEW): document the OSes the installer supportshttps://pulp.plan.io/issues/66252020-04-30T16:27:24Zfao89Pulp - Task #5889 (NEW): Add upgrade information to the docshttps://pulp.plan.io/issues/58892019-12-16T21:06:09Zbmbouterbmbouter@redhat.com
<p>The installer supports upgrading (see <a href="https://pulp.plan.io/issues/5884" class="external">https://pulp.plan.io/issues/5884</a> ) we just need to document it for the user.</p> Pulp - Story #5832 (NEW): As a developer, ansible-pulp will provide me with the cool postgres WebGUIhttps://pulp.plan.io/issues/58322019-12-03T22:35:56Zmdepaulo@redhat.com
<p>The following PoC was done. For implementation, it can be incorporated into the pulp-devel role, and pulplift.</p>
<p>On the host, reconnect to the pulplift VM pulp3-source-fedora31 with a new SSH tunnel (this will be added to pulplift config during implementation):</p>
<pre><code>vagrant ssh pulp3-source-fedora31 -- -L 8443:127.0.0.1:8443
</code></pre>
<p>On the pulplift VM pulp3-source-fedora31:</p>
<p>Modified /var/lib/pgsql/data/pg_hba.conf to replace the 127.0.0.1 line with:</p>
<pre><code>host all all 0.0.0.0/0 md5
</code></pre>
<p>(Because the container has a NAT'd IP address.)</p>
<p>Modified /var/lib/pgsql/data/postgresql.conf to contain</p>
<pre><code>listen_addresses = '*'
</code></pre>
<p>(Because otherwise it's localhost only; see above.)</p>
<pre><code>sudo systemctl restart postgresql.service
sudo dnf install -y podman-docker
docker pull dpage/pgadmin4
# "--restart always" will be ignored for podman-docker. Only real docker/moby-engine will use it. podman will need a systemd unit to survive VM reboots.
docker run --restart always -p 8443:8443 -e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' -e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' -e 'PGADMIN_LISTEN_PORT=8443' -d dpage/pgadmin4
</code></pre>
<p>Now back on your host:</p>
<p>Open your browser to:<br>
<a href="http://127.0.0.1:8443/" class="external">http://127.0.0.1:8443/</a><br>
And login with the username/email and password listed above.</p>
<p>Then create a new connection to:<br>
The IP address of the pulplift VM<br>
database: pulp<br>
user: pulp<br>
password: pulp<br>
(These settings will later be set via PGADMIN_SERVER_JSON_FILE)</p>
<p>Rererence:<br>
<a href="https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples" class="external">https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html#examples</a></p> Pulp - Story #5618 (NEW): As a user, I can download & run a version of the ansible installer that...https://pulp.plan.io/issues/56182019-10-25T08:37:28Zmdepaulo@redhat.com
<p>Currently users are encouraged to get the latest ansible-pulp roles via git cloning. Later on, Ansible Galaxy.</p>
<p>The only stable tag ever done was 3.0.0rc1. Presumably we will create them for 3.0.0 and later.<br>
<a href="https://github.com/pulp/ansible-pulp/releases" class="external">https://github.com/pulp/ansible-pulp/releases</a></p>
<p>However, consider the following scenario (hypothetical release dates):<br>
1. They download the roles (either method) on Apr 1. They are versioned as 3.0.3 and install pulp 3.0.3<br>
2. They run them against their test env and it works.<br>
3. Pulp 3.1.0 & ansible-pulp 3.1.0 are released on Apr 15.<br>
4. They run the 3.0.3 roles against their prod env on May 1.<br>
5. The 3.0.3 roles try to install pulp 3.1.0 from pip, but fails due to the lack of new logic.</p>
<p>It would make sense to have a variable for the pulp version to install, that defaults to the same version as the roles, but can be overriden (but doing so is discouraged.)</p>
<p>Plugin versions would also be an issue. Let's discuss how this can be handled.</p>
<p>Also, I am not sure if there is an existing task for publishing the roles (other than pulp_rpm_prerequisites) to Ansible Galaxy (pulp project on it.):<br>
<a href="https://galaxy.ansible.com/pulp" class="external">https://galaxy.ansible.com/pulp</a></p> Pulp - Task #4969 (NEW): Improve documentation on the nginx and apache deployment offered by the ...https://pulp.plan.io/issues/49692019-06-13T19:07:45Zbmbouterbmbouter@redhat.com
<p>These docs should be in the pulp docs, not the ansible installer docs. It should clarify with a diagram the reverse proxy deployment provided by:</p>
<p><a href="https://pulp.plan.io/issues/4966" class="external">https://pulp.plan.io/issues/4966</a><br>
<a href="https://pulp.plan.io/issues/4967" class="external">https://pulp.plan.io/issues/4967</a></p> Pulp - Story #97 (NEW): As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 V...https://pulp.plan.io/issues/972015-01-08T15:50:12Zcduryeecduryee@redhat.com
<p>The real deliverables are in the checklist, but here is some extra info on how to compile it.</p>
<p>To compile and install the Pulp SELinux with Ansible for Vagrant you will need to:</p>
<ul>
<li>Install selinux-policy-devel rpm with ansible</li>
<li>Compile the policy similar to <code>make NAME=celery -f /usr/share/selinux/devel/Makefile DISTRO=fedora24</code> except with ansible</li>
<li>Install the policy using Ansible</li>
<li>Have ansible call the restorecon script or fixfiles (see checklist item) so that all the right restorecon calls occur. Stay DRY with these calls if possible.[0]</li>
<li>If necessary, have the policy use "developer layout" .fc files to cause the .te compiled policies to be compatible with the layout used by Vagrant.</li>
</ul>
<p>Use the <code>ps -awfuxZ | grep celery</code> to verify it is becoming the celery_t security label type. Similarly httpd should get an httpd security type. Then do some testing with Pulp and SELinux enabled.</p>
<p>[0]: <a href="https://github.com/pulp/pulp/blob/master/server/selinux/server/relabel.sh" class="external">https://github.com/pulp/pulp/blob/master/server/selinux/server/relabel.sh</a></p>