Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-08-25T13:26:36ZPulp
Planio Pulp - Issue #9291 (NEW): [Epic] pulp_installer upcoming issueshttps://pulp.plan.io/issues/92912021-08-25T13:26:36Zmdepaulo@redhat.com
<p>Listing misc issues that have been triaged but unassigned.</p>
<p>Issues are added based on:</p>
<ul>
<li>How important to users?</li>
<li>How easy to implement?</li>
</ul> Pulp - Issue #9274 (NEW): Pulp reports that python cannot access unix_dgram_socket when installin...https://pulp.plan.io/issues/92742021-08-23T14:41:17Zmdepaulo@redhat.com
<p>On CentOS 7, we have errors like the following:</p>
<pre><code>Aug 23 14:24:42 centos7 setroubleshoot: SELinux is preventing /opt/rh/rh-python38/root/usr/bin/python3.8 from connect access on the unix_dgram_socket labeled pulpcore_server_t. For complete SELinux messages run: sealert -l b988b539-f587-486d-85f6-68f9de3a3cbc
Aug 23 14:24:42 centos7 python: SELinux is preventing /opt/rh/rh-python38/root/usr/bin/python3.8 from connect access on the unix_dgram_socket labeled pulpcore_server_t.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that python3.8 should be allowed connect access on unix_dgram_socket labeled pulpcore_server_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'gunicorn' --raw | audit2allow -M my-gunicorn#012# semodule -i my-gunicorn.pp#012
</code></pre>
<p>The installer calls:</p>
<blockquote>
<p>/sbin/fixfiles restore /usr/local/lib/pulp</p>
</blockquote>
<p>But both that command and:</p>
<blockquote>
<p>/sbin/fixfiles restore /usr/local/lib/pulp/bin/gunicorn</p>
</blockquote>
<p>Incorrectly set the context . The context is instead set to:</p>
<blockquote>
<p>unconfined_u:object_r:pulpcore_server_exec_t:s0</p>
</blockquote>
<p>However, the command:</p>
<blockquote>
<p>restorecon -F /usr/local/lib/pulp/bin/gunicorn</p>
</blockquote>
<p>correctly sets it to:</p>
<blockquote>
<p>system_u:object_r:pulpcore_server_exec_t:s0</p>
</blockquote>
<p>Which makes the error go away.</p> Pulp - Task #9005 (NEW): pulp_installer's molecule CI should not always connect as roothttps://pulp.plan.io/issues/90052021-07-02T18:07:29Zmdepaulo@redhat.com
<p>This seems to be a product of, or the default configuration of, the docker plugin for molecule. (molecule uses <code>docker exec</code> to talk to the container, not SSH.)</p>
<p>We should look into performance options as we solve this. Even if it means eliminating/weakening SSH encryption on the CI environment / molecule containers.</p> Pulp - Issue #8993 (NEW): SELinux: avc: denied pulpcore-worker on Fedora 34https://pulp.plan.io/issues/89932021-06-30T14:02:12ZStephenW
<p>Hello</p>
<p>I installed Pulp3 on Fedora 34 using "ansible-galaxy collection install pulp.pulp_installer"</p>
<p>at the end of the Ansible run:
TASK [pulp.pulp_installer.pulp_health_check : Checking Pulp services]
msg: 'pulpcore-resource-manager.service state: stopped'</p>
<p>On the managed node, I see lots of avc: denied :</p>
<p>fedoraserver ~]# ausearch -m AVC,USER_AVC -ts recent</p>
<p>time->Tue Jun 29 15:59:06 2021
type=AVC msg=audit(1624975146.441:668194): avc: denied { name_connect } for pid=1129665 comm="pulpcore-worker" dest=6379 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:redis_port_t:s0 tclass=tcp_socket permissive=0</p>
<p>fedoraserver ~]# sepolgen-ifgen
fedoraserver ~]# audit2allow -Ral</p>
<p>require {
type init_t;
}</p>
<p>#============= init_t ==============
corenet_tcp_connect_postgresql_port(init_t)
corenet_tcp_connect_redis_port(init_t)</p>
<p>Thank you</p> Pulp - Issue #8916 (NEW): Pulp installer hanging on "Ensure Pulp is up and healthy"https://pulp.plan.io/issues/89162021-06-18T09:42:41Zsli720
<p>I tried to install pulp via the pulp installer v3.13.0 (ansible playbooks) in a fresh vagrant environment running CentOS Stream 8 but the install hangs on:</p>
<p>TASK [pulp_health_check : Ensure Pulp is up and healthy] ****************************************************************************************************************************************************
FAILED - RETRYING: Ensure Pulp is up and healthy (30 retries left).</p>
<p>I checked the service states and found pulpcore-resource-manager.service not starting because of:
pulpcore-worker[105999]: Error 13 connecting to localhost:6379. Permission denied.</p>
<p>It sounded for me like a SELinux issue so I deactivated SELinux completely and the installer run through successfully now. Could this be a bug cause in earlier version the installation worked also with SELinux turned on?</p> Pulp - Task #8848 (NEW): pulp_installer to run CI against stable brancheshttps://pulp.plan.io/issues/88482021-06-01T21:20:04Zmdepaulo@redhat.com
<p>Currently, the source molecule tests test the master branch of pulpcore and master branch of plugins, rather than the appropriate branches like pulpcore 3.11 and pulp_rpm 3.11</p>
<p>So effectively we are relying on release jobs on old branches to catch errors, at release time.</p> Pulp - Story #8846 (NEW): As a pulp_installer user, I do not need to use the latest micro release...https://pulp.plan.io/issues/88462021-06-01T21:12:19Zmdepaulo@redhat.com
<p>Basically, this means that pulp_installer 3.14.0 (or possibly 3.13.1 / 3.13.2) will be able to install pulpcore 3.14.z .</p>
<p>The benefit for users is that they will not need to always have the latest micro version of pulp_installer.</p>
<p>And the benefit to the pulp team is that we will not need to do a pulp_installer micro release for every pulpcore micro release.</p>
<p>This is a variation of the 1 year old proposal for versions/branches in pulp_installer, and a variation of the specific micro release policy we implemented originally in <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>.</p>
<p>Reference from <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>:</p>
<pre><code> * Original discussion:
* [mikedep333's proposal](https://github.com/pulp/pulp_installer/pull/203#issue-361269733)
* [bmbouter's couter-proposal to do micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-577903411)
* [mikedep333's agreement/details for micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-579450153)
</code></pre> Pulp - Story #8702 (NEW): As a user, the example-use playbook is not cluttered with object storag...https://pulp.plan.io/issues/87022021-05-05T13:31:24Zmdepaulo@redhat.com
<p>We should move the object storage checks from the the example-use playbook to the pulp_common role to solve this.</p>
<p>It will provide a better user experience. (Making the example playbook as small as possible.)</p>
<p>It will also enforce the checks for users that do not use the example-use playbook.</p>
<p><a href="https://github.com/pulp/pulp_installer/blob/master/playbooks/example-use/playbook.yml" class="external">https://github.com/pulp/pulp_installer/blob/master/playbooks/example-use/playbook.yml</a></p>
<p><a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/main.yml#L16" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/main.yml#L16</a></p> Pulp - Story #8701 (NEW): As a pulp_installer user, I can use the full logic to add repos to the ...https://pulp.plan.io/issues/87012021-05-05T12:59:40Zmdepaulo@redhat.com
<p>As mentioned in <a class="issue tracker-1 status-11 priority-6 priority-default closed" title="Issue: pulp_installer fails to install redis due to no EPEL7 (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/7773">#7773</a> , we should refactor our logic to add repos to the system (in a robust & configurable manner) into another role like <code>pulp_repos</code>.</p>
<p>I propose the following design:</p>
<ol>
<li>This is a dependency role. pulp_common, pulp_redis, pulp_database, will all depend on it.</li>
<li>When a role like pulp_common depends on it, it passes variables like <code>__pulp_repos_epel: true</code> to denote which repos the role needs. It passes variables via roles/pulp_common/meta/main.yml : <code>dependencies:</code>
</li>
<li>If a user wants to disable the logic to add the repo (if they added it manually), they'll pass a variable like <code>pulp_repos_epel: false</code> to disable it.</li>
<li>Existing variables for configuring how we add the repos to the system, like <code>epel_release_packages</code>, should still used.</li>
</ol>
<p>This logic is found in:</p>
<ul>
<li>roles/pulp_common/tasks/ambiguously-named-repo.yml</li>
<li>roles/pulp_common/tasks/repos.yml</li>
</ul> Pulp - Story #8491 (NEW): As a user I only download needed collections dependencieshttps://pulp.plan.io/issues/84912021-03-31T20:31:18Zfao89
<p>As some modules are leaving ansible core to collections, we need to declare collections as dependencies so ansible-galaxy can install them.</p>
<p>pulp_installer provides a set of roles, and the user may not use all the roles, pulp_database role needs community.postgresql for example.</p>
<p>How can we deal with these "conditional dependencies"?
"if the user gets pulp_dabase role install community.postgresql else don't install it"</p>
<p><a href="https://github.com/pulp/pulp_installer/pull/567" class="external">https://github.com/pulp/pulp_installer/pull/567</a></p> Pulp - Issue #8379 (NEW): pulp_installer depends on unsupported community collectionshttps://pulp.plan.io/issues/83792021-03-10T19:59:42Zironfroggy
<p>It has come to the attention of the Ansible Platform team that pulp_installer, which we use to install Hub as part of the platform, depends on community.general, but Platform cannot depend on community collections. We can only depend on supported, official ansible-namespace content.</p>
<p>The current blocker is ini_file from community.general. There may be others.</p>
<p>Ideally, we could get these dependencies moved into a supported collection, ansible.utils, and pulp_installer could depend on that, instead.</p> Pulp - Issue #7993 (NEW): pulp_installer fails to create the database on EL7 when LANG=C.UTF-8https://pulp.plan.io/issues/79932020-12-11T18:14:24Zmdepaulo@redhat.com
<p>If the managed system is EL7 and has LANG=C.UTF-8, it fails.</p>
<p>This includes when the Vagrant host (Github Actions CI) has LANG=C.UTF-8, it bleeds over to the managed guest by Vagrant design:</p>
<pre><code>fatal: [pulp3-source-centos7]: FAILED! => {"changed": true, "cmd": ["/opt/rh/rh-postgresql96/root/bin/initdb", "-D", "/var/opt/rh/rh-postgresql96/lib/pgsql/data"], "delta": "0:00:08.709082", "end": "2020-12-09 03:28:35.519257", "msg": "non-zero return code", "rc": 1, "start": "2020-12-09 03:28:26.810175", "stderr": "FATAL: invalid input syntax for integer: \"NAMEDATALEN\"
child process exited with exit code 1
initdb: removing contents of data directory \"/var/opt/rh/rh-postgresql96/lib/pgsql/data\"", "stderr_lines": ["FATAL: invalid input syntax for integer: \"NAMEDATALEN\"", "child process exited with exit code 1", "initdb: removing contents of data directory \"/var/opt/rh/rh-postgresql96/lib/pgsql/data\""], "stdout": "The files belonging to this database system will be owned by user \"postgres\".
This user must also own the server process.
The database cluster will be initialized with locale \"C\".
The default database encoding has accordingly been set to \"SQL_ASCII\".
The default text search configuration will be set to \"english\".
Data page checksums are disabled.
fixing permissions on existing directory /var/opt/rh/rh-postgresql96/lib/pgsql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... ", "stdout_lines": ["The files belonging to this database system will be owned by user \"postgres\".", "This user must also own the server process.", "", "The database cluster will be initialized with locale \"C\".", "The default database encoding has accordingly been set to \"SQL_ASCII\".", "The default text search configuration will be set to \"english\".", "", "Data page checksums are disabled.", "", "fixing permissions on existing directory /var/opt/rh/rh-postgresql96/lib/pgsql/data ... ok", "creating subdirectories ... ok", "selecting default max_connections ... 100", "selecting default shared_buffers ... 128MB", "selecting dynamic shared memory implementation ... posix", "creating configuration files ... ok", "running bootstrap script ... "]}
</code></pre>
<p>I have an incomplete fix here:</p>
<p><a href="https://gist.github.com/mikedep333/c70a1da4230af5da3daec545e304ffa2" class="external">https://gist.github.com/mikedep333/c70a1da4230af5da3daec545e304ffa2</a></p>
<p>(It's not working properly, LANG is still C.UTF-8 in the postgresql role when I added debug statements to said role.)</p>
<p>I will workaround this on Github Actions CI by changing LANG on the host.</p>
<p>The permanent fix will be to just upgrade CentOS 7 systems to PostgreSQL 10 instead.</p> Pulp - Issue #7479 (NEW): pulp_installer source-upgrade CI is failing on pkg_resources.Contextual...https://pulp.plan.io/issues/74792020-09-09T13:50:14Zmdepaulo@redhat.com
<p>This occurs in debian-10 when running collect static after pulp_devel, not when running it after installing pulp via <code>pulp_all_services</code>.</p>
<p>It started occurring on daily CI and pull requests on 2020-09-8. I re-ran the overnight CI from the prior day (which originally succeeded), and when it did, it failed.</p>
<p>This error stands out as a dependency issue. Sometimes a package other than toml is listed though:</p>
<pre><code>pkg_resources.ContextualVersionConflict: (toml 0.10.1 (/usr/local/lib/pulp/lib/python3.7/site-packages), Requirement.parse('toml<=0.10.0'), {'dynaconf'})
</code></pre>
<p><a href="https://github.com/pulp/pulp_installer/runs/1091080108?check_suite_focus=true#step:7:1467" class="external">https://github.com/pulp/pulp_installer/runs/1091080108?check_suite_focus=true#step:7:1467</a></p>
<p>Full error:</p>
<pre><code> RUNNING HANDLER [pulp_common : Collect static content] *************************
Wednesday 09 September 2020 12:42:43 +0000 (0:00:02.148) 0:08:16.417 ***
fatal: [debian-10]: FAILED! => {
"changed": true,
"cmd": [
"/usr/local/lib/pulp/bin/django-admin",
"collectstatic",
"--noinput",
"--link"
],
"delta": "0:00:00.358256",
"end": "2020-09-09 12:42:43.925665",
"rc": 1,
"start": "2020-09-09 12:42:43.567409"
}
STDERR:
Traceback (most recent call last):
File "/usr/local/lib/pulp/bin/django-admin", line 8, in <module>
sys.exit(execute_from_command_line())
File "/usr/local/lib/pulp/lib/python3.7/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
File "/usr/local/lib/pulp/lib/python3.7/site-packages/django/core/management/__init__.py", line 325, in execute
settings.INSTALLED_APPS
File "/usr/local/lib/pulp/lib/python3.7/site-packages/django/conf/__init__.py", line 79, in __getattr__
self._setup(name)
File "/usr/local/lib/pulp/lib/python3.7/site-packages/django/conf/__init__.py", line 66, in _setup
self._wrapped = Settings(settings_module)
File "/usr/local/lib/pulp/lib/python3.7/site-packages/django/conf/__init__.py", line 157, in __init__
mod = importlib.import_module(self.SETTINGS_MODULE)
File "/usr/lib/python3.7/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
File "<frozen importlib._bootstrap>", line 983, in _find_and_load
File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 728, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/usr/local/lib/pulp/lib/python3.7/site-packages/pulpcore/app/settings.py", line 76, in <module>
plugin_app_config = entry_point.load()
File "/usr/local/lib/pulp/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2410, in load
self.require(*args, **kwargs)
File "/usr/local/lib/pulp/lib/python3.7/site-packages/pkg_resources/__init__.py", line 2433, in require
items = working_set.resolve(reqs, env, installer, extras=self.extras)
File "/usr/local/lib/pulp/lib/python3.7/site-packages/pkg_resources/__init__.py", line 791, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (toml 0.10.1 (/usr/local/lib/pulp/lib/python3.7/site-packages), Requirement.parse('toml<=0.10.0'), {'dynaconf'})
MSG:
non-zero return code
changed: [fedora-31]
</code></pre> Pulp - Story #7247 (NEW): As a pulp_installer developer-user, the pulp_rpm signing service will b...https://pulp.plan.io/issues/72472020-07-30T19:56:47Zmdepaulo@redhat.com
<p>The current way pulp_rpm's signing service needs to be installed is a temporary.</p>
<p>So let's add the current ansible-based solution I already developed. I developed it as part of the selinux el8 dev env, and it's in the pulp_devel (not meant for end users.)</p> Pulp - Story #6688 (NEW): pulp_installer: preflight check and system-wide packages are incompatiblehttps://pulp.plan.io/issues/66882020-05-08T14:40:15Zmdepaulo@redhat.com
<p>Part of the pre-flight check does not understand system-wide packages, but another part is still affected by them.</p>
<p>This leads to false positives (enforcements) in addition to false negatives in the preflight check.</p>
<p>We no longer need system-wide packages, so we should remove support for it, and migrate user installs off of it, as safely as possible.</p>