Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-11-20T07:34:35ZPulp
Planio Pulp - Issue #9577 (NEW): Add ability to provide list of headers for pulp_webserver nginx templatehttps://pulp.plan.io/issues/95772021-11-20T07:34:35Zjamesmarshall24
<p>Add the ability to specify a list of nginx headers so users can define the headers needed to use the UI installed by pulp_installer.</p>
<p>Example variable structure:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="na">pulp_nginx_user_headers</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">X-Content-Type-Options:</span><span class="nv"> </span><span class="s">nosniff"</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">X-XSS-Protection:</span><span class="nv"> </span><span class="s">1;</span><span class="nv"> </span><span class="s">mode=block"</span>
</code></pre>
<p>Example templating for <code>/roles/pulp_webserver/templates/nginx.conf.j2</code>:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"> <span class="c1"># headers added with pulp_nginx_user_headers variable</span>
<span class="pi">{</span><span class="err">%</span> <span class="nv">for header in nginx_user_headers %</span><span class="pi">}</span>
<span class="s">add_header {{ header }}</span>
<span class="pi">{</span><span class="err">%</span> <span class="nv">endfor %</span><span class="pi">}</span>
<span class="c1"># end of headers added with pulp_nginx_user_headers variable</span>
</code></pre> Pulp - Issue #9286 (NEW): Check failed during installation when using vault encrypted variablehttps://pulp.plan.io/issues/92862021-08-24T09:46:13Zbeenje
<p>I tried installing pulp using the Pulp 3 Ansible Installer playbook:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="nn">---</span>
<span class="na">collections</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pulp.pulp_installer</span>
<span class="na">version</span><span class="pi">:</span> <span class="s">3.14.4</span>
</code></pre>
<p>I encrypted the pulp_default_admin_password and secret_key in my inventory (using ansible-vault encrypt_string -n pulp_default_admin_password xxxxxx).
When running the playbook, 2 tasks failed:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="s">ASK [pulp.pulp_installer.pulp_common</span> <span class="err">:</span> <span class="s">Check if required variables are set] ************************************************************************************</span>
<span class="na">ok</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span> <span class="s">=> (item=pulp_settings.content_origin) => {</span>
<span class="s">"__pulp_common_req_var"</span><span class="err">:</span> <span class="s2">"</span><span class="s">pulp_settings.content_origin"</span><span class="err">,</span>
<span class="s2">"</span><span class="s">ansible_loop_var"</span><span class="err">:</span> <span class="s2">"</span><span class="s">__pulp_common_req_var"</span><span class="err">,</span>
<span class="s2">"</span><span class="s">changed"</span><span class="err">:</span> <span class="no">false</span><span class="s">,</span>
<span class="s">"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">All</span><span class="nv"> </span><span class="s">assertions</span><span class="nv"> </span><span class="s">passed"</span>
<span class="err">}</span>
<span class="na">fatal</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span><span class="err">:</span> <span class="s">FAILED! => {"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">The</span><span class="nv"> </span><span class="s">conditional</span><span class="nv"> </span><span class="s">check</span><span class="nv"> </span><span class="s">'pulp_settings.secret_key</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0'</span><span class="nv"> </span><span class="s">failed.</span><span class="nv"> </span><span class="s">The</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">was:</span><span class="nv"> </span><span class="s">Unexpected</span><span class="nv"> </span><span class="s">templating</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">occurred</span><span class="nv"> </span><span class="s">on</span><span class="nv"> </span><span class="s">({%</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">pulp_settings.secret_key</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">True</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">False</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">endif</span><span class="nv"> </span><span class="s">%}):</span><span class="nv"> </span><span class="s">object</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">'AnsibleVaultEncryptedUnicode'</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">len()"</span><span class="err">}</span>
<span class="s">TASK [pulp.pulp_installer.pulp_database_config</span> <span class="err">:</span> <span class="s">Check if required variables are set] ***************************************************************************</span>
<span class="na">fatal</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span><span class="err">:</span> <span class="s">FAILED! => {"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">The</span><span class="nv"> </span><span class="s">conditional</span><span class="nv"> </span><span class="s">check</span><span class="nv"> </span><span class="s">'pulp_default_admin_password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0'</span><span class="nv"> </span><span class="s">failed.</span><span class="nv"> </span><span class="s">The</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">was:</span><span class="nv"> </span><span class="s">Unexpected</span><span class="nv"> </span><span class="s">templating</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">occurred</span><span class="nv"> </span><span class="s">on</span><span class="nv"> </span><span class="s">({%</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">pulp_default_admin_password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">True</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">False</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">endif</span><span class="nv"> </span><span class="s">%}):</span><span class="nv"> </span><span class="s">object</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">'AnsibleVaultEncryptedUnicode'</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">len()"</span><span class="err">}</span>
</code></pre>
<p>I had to use plain strings to run the playbook.
It should be possible to use encrypted strings.</p> Pulp - Backport #8835 (NEW): Backport pulp_installer FIPS fix to 3.11https://pulp.plan.io/issues/88352021-05-27T18:42:39Zironfroggy
<p>Current open ticket for FIPS issue: <a href="https://pulp.plan.io/issues/8834" class="external">https://pulp.plan.io/issues/8834</a></p> Pulp - Story #8491 (NEW): As a user I only download needed collections dependencieshttps://pulp.plan.io/issues/84912021-03-31T20:31:18Zfao89
<p>As some modules are leaving ansible core to collections, we need to declare collections as dependencies so ansible-galaxy can install them.</p>
<p>pulp_installer provides a set of roles, and the user may not use all the roles, pulp_database role needs community.postgresql for example.</p>
<p>How can we deal with these "conditional dependencies"?
"if the user gets pulp_dabase role install community.postgresql else don't install it"</p>
<p><a href="https://github.com/pulp/pulp_installer/pull/567" class="external">https://github.com/pulp/pulp_installer/pull/567</a></p> Pulp - Issue #8130 (POST): Installer is doubling http on apache snippetshttps://pulp.plan.io/issues/81302021-01-20T14:48:31Zfao89
<p>Currently, apache and nginx have a scheme inconsistency:</p>
<pre><code class="text syntaxhl" data-language="text">nginx: pulp-api = 127.0.0.1
apache: pulp-api = http://127.0.0.1
</code></pre>
<p>which means:</p>
<pre><code class="text syntaxhl" data-language="text">http://pulp-api on nginx = http://127.0.0.1
http://${pulp-api} on apache = http://http://127.0.0.1
</code></pre>
<p>It causes proxy error when running plugins on apache.</p>
<pre><code class="text syntaxhl" data-language="text">ProxyPass /token http://${pulp-api}/token
ProxyPassReverse /token http://${pulp-api}/token
</code></pre>
<p>Both nginx and apache uses <em>pulp_api_bind</em>, but nginx does use "raw" <em>pulp_api_bind</em>:</p>
<ul>
<li><a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/templates/nginx.conf.j2#L29" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/templates/nginx.conf.j2#L29</a></li>
</ul>
<p>While apache injects "http://" on it:</p>
<ul>
<li><a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/vars/main.yml" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/vars/main.yml</a></li>
</ul>
<p>Example of plugin snippets:</p>
<ul>
<li><a href="https://github.com/pulp/pulp_container/tree/master/pulp_container/app/webserver_snippets" class="external">https://github.com/pulp/pulp_container/tree/master/pulp_container/app/webserver_snippets</a></li>
<li><a href="https://github.com/pulp/pulp_ansible/tree/master/pulp_ansible/app/webserver_snippets" class="external">https://github.com/pulp/pulp_ansible/tree/master/pulp_ansible/app/webserver_snippets</a></li>
<li><a href="https://github.com/ansible/galaxy_ng/tree/master/galaxy_ng/app/webserver_snippets" class="external">https://github.com/ansible/galaxy_ng/tree/master/galaxy_ng/app/webserver_snippets</a></li>
</ul> Pulp - Story #8086 (NEW): pulp_installer should use latest version of pip to install packageshttps://pulp.plan.io/issues/80862021-01-13T13:42:45Zdkliban@redhat.com
<p>The newer versions of pip include an improved dependency resolution mechanism. The pulp_installer needs a task added to upgrade pip before installing any pulp packages.</p> Pulp - Issue #8055 (NEW): When SELinux is enabled, pulp_installer relabels all the files in /var/...https://pulp.plan.io/issues/80552021-01-08T17:04:00Zdkliban@redhat.com
<p>The installer takes a long time to upgrade an existing system that's running with SELinux enabled because it always relabels /var/lib/pulp in the "Restore SELinux contexts on Pulp dirs that may exist" handler[0]. The list of the directories is here[1].</p>
<p>[0] <a href="https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/handlers/main.yml#L13-L21" class="external">https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/handlers/main.yml#L13-L21</a>
[1] <a href="https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/defaults/main.yml#L63-L66" class="external">https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/defaults/main.yml#L63-L66</a></p> Pulp - Task #7724 (NEW): Improve runtime of new installation of Pulphttps://pulp.plan.io/issues/77242020-10-20T14:06:47Zbmbouterbmbouter@redhat.com
<p>The request to make the installer go faster</p>
<pre><code>A tower standalone install with automation hub takes about ~40 mins. Which is almost more than double of a normal
Tower install. It seems the most of the time we spent is on pulp-common role. Is there anything we are planning to do
in terms of making it little faster (not running same tasks many time, which pulp common role does) ?
</code></pre> Pulp - Task #7668 (NEW): remove pid files from the systemd service fileshttps://pulp.plan.io/issues/76682020-10-07T17:05:32Zdkliban@redhat.com
<p>Systemd does not need explicitly defined pid files to keep track of the services. We should make a change the systemd service files similar to the change here: <a href="https://github.com/theforeman/puppet-pulpcore/commit/b3b7c133c513dd2c30b00a81e64b2bb33ca92397" class="external">https://github.com/theforeman/puppet-pulpcore/commit/b3b7c133c513dd2c30b00a81e64b2bb33ca92397</a></p> Pulp - Issue #7443 (ASSIGNED): pulp installer does not set ownership and permissions correctly be...https://pulp.plan.io/issues/74432020-09-02T10:23:03Zipanova@redhat.comipanova@redhat.com
<p>Some steps are skipped because user apache cannot be found and added to the pulp group <a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133</a></p>
<pre><code>TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]
</code></pre>
<p>After install finishes</p>
<pre><code>$ stat /var/lib/pulp
File: ‘/var/lib/pulp’
Size: 184 Blocks: 0 IO Block: 4096 directory
Device: fd01h/64769d Inode: 5121737 Links: 9
Access: (0775/drwxrwxr-x) Uid: ( 1000/ vagrant) Gid: ( 1001/ pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
Birth: -
$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
</code></pre>
<p>There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo.
Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.</p>
<pre><code>
$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
drwxr-xr-x. 3 apache apache 19 Sep 2 07:32 content
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
</code></pre>
<p>This makes it impossible to create hard link during the migration <a href="https://pulp.plan.io/issues/7244" class="external">https://pulp.plan.io/issues/7244</a></p> Pulp - Task #7281 (NEW): Update docs to state that installer can only install one cluster at a timehttps://pulp.plan.io/issues/72812020-08-05T14:39:19Zdkliban@redhat.com
<p>The documentation needs to have a "Known limitations" section. One of the items should state that that the installer can only install one Pulp cluster at a time.</p> Pulp - Task #6904 (NEW): Document using https://pypi.org/project/pulpcore-releases/ for the insta...https://pulp.plan.io/issues/69042020-06-03T15:25:07Zbmbouterbmbouter@redhat.com
<p>The Pulp Dependency Checker is a great tool to show compatibility between a pulpcore version and various concerns.</p>
<p>We should do three things:</p>
<ol>
<li>
<p>Move the pdc tool to the pulp org.</p>
</li>
<li>
<p>Add a very obvious link to the pulp_installer docs recommending users to use the tool to determine pulpcore and plugin compatibility</p>
</li>
<li>
<p>Update the error message that the installer puts out when the pre-flight check fails. Have that error message point users to specifically check which plugins are compatible with the pulpcore version the installer is trying to install.</p>
</li>
</ol> Pulp - Task #6747 (NEW): Demo video for pulp_installerhttps://pulp.plan.io/issues/67472020-05-14T21:48:07Zfao89
<ul>
<li>Video should not have audio</li>
<li>
<a href="https://asciinema.org/" class="external">https://asciinema.org/</a> - records terminal output and can be embedded in our docs and in the README on github</li>
<li>include RPM and Container plugins</li>
</ul> Pulp - Issue #6274 (NEW): Problem: existing Pulp deployments with system-wide packages conflict w...https://pulp.plan.io/issues/62742020-03-03T19:51:59Zmdepaulo@redhat.com
<p>Note: This issue is specificaly about running ansible-pulp against existing deployments of Pulp.</p>
<p>Manual testing with <a href="https://quay.io/repository/pulp/pulp_rpm-ci-c7" class="external">centos 7 pulp_rpm images</a> reveals that we can modify /usr/local/lib/pulp/pyvenv.cfg to not use system-wide packages anymore, and then let the <code>pip install</code> commands fix the missing dependencies. So this is the approach that ansible-pulp should take when <code>pulp_use_system_wide_pkgs</code> is false (or perhaps whenever centos 7 is in use.)</p> Pulp - Story #5618 (NEW): As a user, I can download & run a version of the ansible installer that...https://pulp.plan.io/issues/56182019-10-25T08:37:28Zmdepaulo@redhat.com
<p>Currently users are encouraged to get the latest ansible-pulp roles via git cloning. Later on, Ansible Galaxy.</p>
<p>The only stable tag ever done was 3.0.0rc1. Presumably we will create them for 3.0.0 and later.<br>
<a href="https://github.com/pulp/ansible-pulp/releases" class="external">https://github.com/pulp/ansible-pulp/releases</a></p>
<p>However, consider the following scenario (hypothetical release dates):<br>
1. They download the roles (either method) on Apr 1. They are versioned as 3.0.3 and install pulp 3.0.3<br>
2. They run them against their test env and it works.<br>
3. Pulp 3.1.0 & ansible-pulp 3.1.0 are released on Apr 15.<br>
4. They run the 3.0.3 roles against their prod env on May 1.<br>
5. The 3.0.3 roles try to install pulp 3.1.0 from pip, but fails due to the lack of new logic.</p>
<p>It would make sense to have a variable for the pulp version to install, that defaults to the same version as the roles, but can be overriden (but doing so is discouraged.)</p>
<p>Plugin versions would also be an issue. Let's discuss how this can be handled.</p>
<p>Also, I am not sure if there is an existing task for publishing the roles (other than pulp_rpm_prerequisites) to Ansible Galaxy (pulp project on it.):<br>
<a href="https://galaxy.ansible.com/pulp" class="external">https://galaxy.ansible.com/pulp</a></p>