Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-11-20T07:34:35ZPulp
Planio Pulp - Issue #9577 (NEW): Add ability to provide list of headers for pulp_webserver nginx templatehttps://pulp.plan.io/issues/95772021-11-20T07:34:35Zjamesmarshall24
<p>Add the ability to specify a list of nginx headers so users can define the headers needed to use the UI installed by pulp_installer.</p>
<p>Example variable structure:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="na">pulp_nginx_user_headers</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">X-Content-Type-Options:</span><span class="nv"> </span><span class="s">nosniff"</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">X-XSS-Protection:</span><span class="nv"> </span><span class="s">1;</span><span class="nv"> </span><span class="s">mode=block"</span>
</code></pre>
<p>Example templating for <code>/roles/pulp_webserver/templates/nginx.conf.j2</code>:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"> <span class="c1"># headers added with pulp_nginx_user_headers variable</span>
<span class="pi">{</span><span class="err">%</span> <span class="nv">for header in nginx_user_headers %</span><span class="pi">}</span>
<span class="s">add_header {{ header }}</span>
<span class="pi">{</span><span class="err">%</span> <span class="nv">endfor %</span><span class="pi">}</span>
<span class="c1"># end of headers added with pulp_nginx_user_headers variable</span>
</code></pre> Pulp - Issue #9286 (NEW): Check failed during installation when using vault encrypted variablehttps://pulp.plan.io/issues/92862021-08-24T09:46:13Zbeenje
<p>I tried installing pulp using the Pulp 3 Ansible Installer playbook:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="nn">---</span>
<span class="na">collections</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pulp.pulp_installer</span>
<span class="na">version</span><span class="pi">:</span> <span class="s">3.14.4</span>
</code></pre>
<p>I encrypted the pulp_default_admin_password and secret_key in my inventory (using ansible-vault encrypt_string -n pulp_default_admin_password xxxxxx).
When running the playbook, 2 tasks failed:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="s">ASK [pulp.pulp_installer.pulp_common</span> <span class="err">:</span> <span class="s">Check if required variables are set] ************************************************************************************</span>
<span class="na">ok</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span> <span class="s">=> (item=pulp_settings.content_origin) => {</span>
<span class="s">"__pulp_common_req_var"</span><span class="err">:</span> <span class="s2">"</span><span class="s">pulp_settings.content_origin"</span><span class="err">,</span>
<span class="s2">"</span><span class="s">ansible_loop_var"</span><span class="err">:</span> <span class="s2">"</span><span class="s">__pulp_common_req_var"</span><span class="err">,</span>
<span class="s2">"</span><span class="s">changed"</span><span class="err">:</span> <span class="no">false</span><span class="s">,</span>
<span class="s">"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">All</span><span class="nv"> </span><span class="s">assertions</span><span class="nv"> </span><span class="s">passed"</span>
<span class="err">}</span>
<span class="na">fatal</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span><span class="err">:</span> <span class="s">FAILED! => {"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">The</span><span class="nv"> </span><span class="s">conditional</span><span class="nv"> </span><span class="s">check</span><span class="nv"> </span><span class="s">'pulp_settings.secret_key</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0'</span><span class="nv"> </span><span class="s">failed.</span><span class="nv"> </span><span class="s">The</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">was:</span><span class="nv"> </span><span class="s">Unexpected</span><span class="nv"> </span><span class="s">templating</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">occurred</span><span class="nv"> </span><span class="s">on</span><span class="nv"> </span><span class="s">({%</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">pulp_settings.secret_key</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">True</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">False</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">endif</span><span class="nv"> </span><span class="s">%}):</span><span class="nv"> </span><span class="s">object</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">'AnsibleVaultEncryptedUnicode'</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">len()"</span><span class="err">}</span>
<span class="s">TASK [pulp.pulp_installer.pulp_database_config</span> <span class="err">:</span> <span class="s">Check if required variables are set] ***************************************************************************</span>
<span class="na">fatal</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">w-v-pulp-0</span><span class="pi">]</span><span class="err">:</span> <span class="s">FAILED! => {"msg"</span><span class="err">:</span> <span class="s2">"</span><span class="s">The</span><span class="nv"> </span><span class="s">conditional</span><span class="nv"> </span><span class="s">check</span><span class="nv"> </span><span class="s">'pulp_default_admin_password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0'</span><span class="nv"> </span><span class="s">failed.</span><span class="nv"> </span><span class="s">The</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">was:</span><span class="nv"> </span><span class="s">Unexpected</span><span class="nv"> </span><span class="s">templating</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">error</span><span class="nv"> </span><span class="s">occurred</span><span class="nv"> </span><span class="s">on</span><span class="nv"> </span><span class="s">({%</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">pulp_default_admin_password</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">default('',</span><span class="nv"> </span><span class="s">true)</span><span class="nv"> </span><span class="s">|</span><span class="nv"> </span><span class="s">length</span><span class="nv"> </span><span class="s">></span><span class="nv"> </span><span class="s">0</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">True</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">%}</span><span class="nv"> </span><span class="s">False</span><span class="nv"> </span><span class="s">{%</span><span class="nv"> </span><span class="s">endif</span><span class="nv"> </span><span class="s">%}):</span><span class="nv"> </span><span class="s">object</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">type</span><span class="nv"> </span><span class="s">'AnsibleVaultEncryptedUnicode'</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">no</span><span class="nv"> </span><span class="s">len()"</span><span class="err">}</span>
</code></pre>
<p>I had to use plain strings to run the playbook.
It should be possible to use encrypted strings.</p> Pulp - Story #8846 (NEW): As a pulp_installer user, I do not need to use the latest micro release...https://pulp.plan.io/issues/88462021-06-01T21:12:19Zmdepaulo@redhat.com
<p>Basically, this means that pulp_installer 3.14.0 (or possibly 3.13.1 / 3.13.2) will be able to install pulpcore 3.14.z .</p>
<p>The benefit for users is that they will not need to always have the latest micro version of pulp_installer.</p>
<p>And the benefit to the pulp team is that we will not need to do a pulp_installer micro release for every pulpcore micro release.</p>
<p>This is a variation of the 1 year old proposal for versions/branches in pulp_installer, and a variation of the specific micro release policy we implemented originally in <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>.</p>
<p>Reference from <a class="issue tracker-3 status-1 priority-6 priority-default child parent" title="Story: As a user, I can download & run a version of the ansible installer that a specific version of Pulp 3 (NEW)" href="https://pulp.plan.io/issues/5618">#5618</a>:</p>
<pre><code> * Original discussion:
* [mikedep333's proposal](https://github.com/pulp/pulp_installer/pull/203#issue-361269733)
* [bmbouter's couter-proposal to do micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-577903411)
* [mikedep333's agreement/details for micro-versioned releases](https://github.com/pulp/pulp_installer/pull/203#issuecomment-579450153)
</code></pre> Pulp - Backport #8835 (NEW): Backport pulp_installer FIPS fix to 3.11https://pulp.plan.io/issues/88352021-05-27T18:42:39Zironfroggy
<p>Current open ticket for FIPS issue: <a href="https://pulp.plan.io/issues/8834" class="external">https://pulp.plan.io/issues/8834</a></p> Pulp - Story #8701 (NEW): As a pulp_installer user, I can use the full logic to add repos to the ...https://pulp.plan.io/issues/87012021-05-05T12:59:40Zmdepaulo@redhat.com
<p>As mentioned in <a class="issue tracker-1 status-11 priority-6 priority-default closed" title="Issue: pulp_installer fails to install redis due to no EPEL7 (CLOSED - CURRENTRELEASE)" href="https://pulp.plan.io/issues/7773">#7773</a> , we should refactor our logic to add repos to the system (in a robust & configurable manner) into another role like <code>pulp_repos</code>.</p>
<p>I propose the following design:</p>
<ol>
<li>This is a dependency role. pulp_common, pulp_redis, pulp_database, will all depend on it.</li>
<li>When a role like pulp_common depends on it, it passes variables like <code>__pulp_repos_epel: true</code> to denote which repos the role needs. It passes variables via roles/pulp_common/meta/main.yml : <code>dependencies:</code>
</li>
<li>If a user wants to disable the logic to add the repo (if they added it manually), they'll pass a variable like <code>pulp_repos_epel: false</code> to disable it.</li>
<li>Existing variables for configuring how we add the repos to the system, like <code>epel_release_packages</code>, should still used.</li>
</ol>
<p>This logic is found in:</p>
<ul>
<li>roles/pulp_common/tasks/ambiguously-named-repo.yml</li>
<li>roles/pulp_common/tasks/repos.yml</li>
</ul> Pulp - Issue #8130 (POST): Installer is doubling http on apache snippetshttps://pulp.plan.io/issues/81302021-01-20T14:48:31Zfao89
<p>Currently, apache and nginx have a scheme inconsistency:</p>
<pre><code class="text syntaxhl" data-language="text">nginx: pulp-api = 127.0.0.1
apache: pulp-api = http://127.0.0.1
</code></pre>
<p>which means:</p>
<pre><code class="text syntaxhl" data-language="text">http://pulp-api on nginx = http://127.0.0.1
http://${pulp-api} on apache = http://http://127.0.0.1
</code></pre>
<p>It causes proxy error when running plugins on apache.</p>
<pre><code class="text syntaxhl" data-language="text">ProxyPass /token http://${pulp-api}/token
ProxyPassReverse /token http://${pulp-api}/token
</code></pre>
<p>Both nginx and apache uses <em>pulp_api_bind</em>, but nginx does use "raw" <em>pulp_api_bind</em>:</p>
<ul>
<li><a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/templates/nginx.conf.j2#L29" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/templates/nginx.conf.j2#L29</a></li>
</ul>
<p>While apache injects "http://" on it:</p>
<ul>
<li><a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/vars/main.yml" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_webserver/vars/main.yml</a></li>
</ul>
<p>Example of plugin snippets:</p>
<ul>
<li><a href="https://github.com/pulp/pulp_container/tree/master/pulp_container/app/webserver_snippets" class="external">https://github.com/pulp/pulp_container/tree/master/pulp_container/app/webserver_snippets</a></li>
<li><a href="https://github.com/pulp/pulp_ansible/tree/master/pulp_ansible/app/webserver_snippets" class="external">https://github.com/pulp/pulp_ansible/tree/master/pulp_ansible/app/webserver_snippets</a></li>
<li><a href="https://github.com/ansible/galaxy_ng/tree/master/galaxy_ng/app/webserver_snippets" class="external">https://github.com/ansible/galaxy_ng/tree/master/galaxy_ng/app/webserver_snippets</a></li>
</ul> Pulp - Story #8086 (NEW): pulp_installer should use latest version of pip to install packageshttps://pulp.plan.io/issues/80862021-01-13T13:42:45Zdkliban@redhat.com
<p>The newer versions of pip include an improved dependency resolution mechanism. The pulp_installer needs a task added to upgrade pip before installing any pulp packages.</p> Pulp - Issue #7892 (ASSIGNED): the task "Ensure pulp is part of group redis" doesn't need to crea...https://pulp.plan.io/issues/78922020-11-24T02:08:15Ztsugimur@redhat.com
<p>At roles/pulp_redis/tasks/configure_uds.yml, this task should be modified as below not to create its home directory.</p>
<p>from</p>
<pre><code>- name: Ensure pulp is part of group redis
user:
name: '{{ pulp_user }}'
groups: redis
append: true
</code></pre>
<p>to</p>
<pre><code>- name: Ensure pulp is part of group redis
user:
name: '{{ pulp_user }}'
groups: redis
append: true
create_home: false
</code></pre> Pulp - Issue #7443 (ASSIGNED): pulp installer does not set ownership and permissions correctly be...https://pulp.plan.io/issues/74432020-09-02T10:23:03Zipanova@redhat.comipanova@redhat.com
<p>Some steps are skipped because user apache cannot be found and added to the pulp group <a href="https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133" class="external">https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133</a></p>
<pre><code>TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]
</code></pre>
<p>After install finishes</p>
<pre><code>$ stat /var/lib/pulp
File: ‘/var/lib/pulp’
Size: 184 Blocks: 0 IO Block: 4096 directory
Device: fd01h/64769d Inode: 5121737 Links: 9
Access: (0775/drwxrwxr-x) Uid: ( 1000/ vagrant) Gid: ( 1001/ pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
Birth: -
$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
</code></pre>
<p>There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo.
Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.</p>
<pre><code>
$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
drwxr-xr-x. 3 apache apache 19 Sep 2 07:32 content
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
</code></pre>
<p>This makes it impossible to create hard link during the migration <a href="https://pulp.plan.io/issues/7244" class="external">https://pulp.plan.io/issues/7244</a></p> Pulp - Task #7313 (POST): The installer should be tested as a collectionhttps://pulp.plan.io/issues/73132020-08-12T09:53:56Zmdellweg
<p>We distribute the installer roles as a collection, and stuff in an ansible collection behaves different than outside, we need to test them as part of a collection.</p> Pulp - Issue #7136 (ASSIGNED): Requirement conflict when running RUNNING HANDLER [pulp.pulp_insta...https://pulp.plan.io/issues/71362020-07-14T17:07:05Zzen42@linux.com
<p>Tried to follow the install instructions here: <a href="https://docs.pulpproject.org/installation/instructions.html" class="external">https://docs.pulpproject.org/installation/instructions.html</a></p>
<p>I have done so on 2 diffrent boxes, one was RHEL7.8 the other a vagrant centos7</p>
<p>On both I hit the below error during the ansible run:</p>
<p>RUNNING HANDLER [pulp.pulp_installer.pulp_common : Collect static content] **********************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["/usr/local/lib/pulp/bin/django-admin", "collectstatic", "--noinput", "--link"], "delta": "0:00:00.262311", "end": "2020-07-14 16:46:52.375639", "msg": "non-zero return code", "rc": 1, "start": "2020-07-14 16:46:52.113328", "stderr": "Traceback (most recent call last):\n File "/usr/local/lib/pulp/bin/django-admin", line 8, in \n sys.exit(execute_from_command_line())\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 381, in execute_from_command_line\n utility.execute()\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 325, in execute\n settings.INSTALLED_APPS\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 79, in <strong>getattr</strong>\n self._setup(name)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 66, in _setup\n self._wrapped = Settings(settings_module)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 157, in <strong>init</strong>\n mod = importlib.import_module(self.SETTINGS_MODULE)\n File "/usr/lib64/python3.6/importlib/<strong>init</strong>.py", line 126, in import_module\n return _bootstrap._gcd_import(name[level:], package, level)\n File "", line 994, in _gcd_import\n File "", line 971, in _find_and_load\n File "", line 955, in _find_and_load_unlocked\n File "", line 665, in _load_unlocked\n File "", line 678, in exec_module\n File "", line 219, in _call_with_frames_removed\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pulpcore/app/settings.py", line 73, in \n plugin_app_config = entry_point.load()\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2317, in load\n self.require(*args, **kwargs)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2340, in require\n items = working_set.resolve(reqs, env, installer, extras=self.extras)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 779, in resolve\n raise VersionConflict(dist, req).with_context(dependent_req)\npkg_resources.VersionConflict: (pulpcore 3.5.0 (/usr/local/lib/pulp/lib/python3.6/site-packages), Requirement.parse('pulpcore<3.5,>=3.4'))", "stderr_lines": ["Traceback (most recent call last):", " File "/usr/local/lib/pulp/bin/django-admin", line 8, in ", " sys.exit(execute_from_command_line())", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 381, in execute_from_command_line", " utility.execute()", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 325, in execute", " settings.INSTALLED_APPS", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 79, in <strong>getattr</strong>", " self._setup(name)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 66, in _setup", " self._wrapped = Settings(settings_module)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 157, in <strong>init</strong>", " mod = importlib.import_module(self.SETTINGS_MODULE)", " File "/usr/lib64/python3.6/importlib/<strong>init</strong>.py", line 126, in import_module", " return _bootstrap._gcd_import(name[level:], package, level)", " File "", line 994, in _gcd_import", " File "", line 971, in _find_and_load", " File "", line 955, in _find_and_load_unlocked", " File "", line 665, in _load_unlocked", " File "", line 678, in exec_module", " File "", line 219, in _call_with_frames_removed", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pulpcore/app/settings.py", line 73, in ", " plugin_app_config = entry_point.load()", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2317, in load", " self.require(*args, **kwargs)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2340, in require", " items = working_set.resolve(reqs, env, installer, extras=self.extras)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 779, in resolve", " raise VersionConflict(dist, req).with_context(dependent_req)", "pkg_resources.VersionConflict: (pulpcore 3.5.0 (/usr/local/lib/pulp/lib/python3.6/site-packages), Requirement.parse('pulpcore<3.5,>=3.4'))"], "stdout": "", "stdout_lines": []}</p>
<p>The interesting bit is on the last line: Requirement.parse('pulpcore<3.5,>=3.4'))"]</p>
<p>I have tried and failed to find where this requirement is being stored but clearly it need updated for 3.5</p> Pulp - Story #7043 (ASSIGNED): As a user, I have pulp_installer compile and install the pulpcore-...https://pulp.plan.io/issues/70432020-06-24T15:52:24Zdkliban@redhat.com
<a name="Overview"></a>
<h2 >Overview<a href="#Overview" class="wiki-anchor">¶</a></h2>
<p>On Red Hat systems, Pulp installer needs to clone pulpcore-selinux repository[0], compile the policy inside of it, and install the policy, label all the ports used by pulp services[1].</p>
<p>[0] <a href="https://github.com/pulp/pulpcore-selinux" class="external">https://github.com/pulp/pulpcore-selinux</a>
[1] <a href="https://github.com/pulp/pulpcore-selinux#labeling-pulpcore_port" class="external">https://github.com/pulp/pulpcore-selinux#labeling-pulpcore_port</a></p>
<a name="File-Path-RequirementsDetails"></a>
<h2 >File Path Requirements/Details<a href="#File-Path-RequirementsDetails" class="wiki-anchor">¶</a></h2>
<p>The SELinux policy is built assuming default file paths. For example things like /var/lib/pulp, etc. Those defaults are in the policy's ".fc" file <a href="https://github.com/pulp/pulpcore-selinux/blob/master/pulpcore.fc" class="external">here</a>.</p>
<p>On producton systems when these paths are changed the compiled policy will need to generate a correct .fc file to use when compiling the policy.</p>
<p>On dev systems, a new .fc file will need to be generated as well for the dev environment.</p>
<p>Alternatively, we can call commands/modules to update the label database with these changed paths.</p>
<a name="install-from-RPM-mode"></a>
<h2 >install-from-RPM mode<a href="#install-from-RPM-mode" class="wiki-anchor">¶</a></h2>
<p>Currently not needed (Dennis & Mike), the policies get installed (pre-compiled) via pulpcore-selinux RPM package, which the installer defaults to installing.</p>
<p>Because /usr/bin/rq and /usr/bin/gunicorn are generic, this mode will require wrapper scripts like Katello creates. If we are to support this mode at all (usually policies are in a separate RPM package.)</p>
<a name="Which-version-of-pulpcore-selinux-gets-installed"></a>
<h2 >Which version of pulpcore-selinux gets installed?<a href="#Which-version-of-pulpcore-selinux-gets-installed" class="wiki-anchor">¶</a></h2>
<p>Currently the "master" branch. Alternatives, like tagged releases, are TBD.</p>
<a name="How-to-test-branches-of-pulpcore-selinux"></a>
<h2 >How to test branches of pulpcore-selinux?<a href="#How-to-test-branches-of-pulpcore-selinux" class="wiki-anchor">¶</a></h2>
<p>The git repo and branch ("master") are configurable via 2 private variables, but there is no "Required PR" support because it is a lot of work and may not pay off. They can be overriden via <code>__pulp_selinux_repo</code> and <code>__pulp_selinux_version.</code> We should set these in molecule vars files for CI when needed.</p>
<a name="Provide-support-for-disabling-SELinux-in-the-installer"></a>
<h2 >Provide support for disabling SELinux in the installer?<a href="#Provide-support-for-disabling-SELinux-in-the-installer" class="wiki-anchor">¶</a></h2>
<p>This is worth considering in case an incompatible plugin will be installed. However, universally disabling SELinux is outside of of the scope of the installer now.</p>
<a name="Installing-the-1-package-for-the-ports-should-be-in-pulp_api-amp-pulp_content-roles"></a>
<h2 >Installing the 1 package for the ports should be in pulp_api & pulp_content roles.<a href="#Installing-the-1-package-for-the-ports-should-be-in-pulp_api-amp-pulp_content-roles" class="wiki-anchor">¶</a></h2>
<p>Doing so would be ideal, but our current implementation of installing it in pulp_common is good enough. (Dennis & Mike)</p>
<a name="Also-install-the-policy-for-the-other-selinux-modes-mls-strict-amp-targeted-not-just-the-current-one"></a>
<h2 >Also install the policy for the other selinux modes (mls, strict & targeted), not just the current one.<a href="#Also-install-the-policy-for-the-other-selinux-modes-mls-strict-amp-targeted-not-just-the-current-one" class="wiki-anchor">¶</a></h2>
<p>Current is good enough, we do only targeted for Pulp 2. (Dennis & Mike)</p>
<a name="Support-for-dev-mode-installs-with-pulp-source-installed-in-editable-mode"></a>
<h2 >Support for dev mode installs, with pulp source installed in editable mode?<a href="#Support-for-dev-mode-installs-with-pulp-source-installed-in-editable-mode" class="wiki-anchor">¶</a></h2>
<p>Tracked via: <a href="https://pulp.plan.io/issues/97" class="external">https://pulp.plan.io/issues/97</a></p> Pulp - Story #6797 (ASSIGNED): [epic] As a user, I can consume all the plugin prereq roles in the...https://pulp.plan.io/issues/67972020-05-21T18:45:22Zmdepaulo@redhat.com
<p>pulp_rpm_prerequisites exists because the installer has had a plugin neutral policy.</p>
<p>This policy was for very long misunderstood: It's not about avoiding favoritism to any plugins, it's about not tying the installer (which is tied to pulpcore releases) to plugin releases. So that say pulpcore 3.3 logic would be in pulp_installer 3.3 release, and so that pulp_cardboardbox 0.7 logic would be in the pulp_cardboardbox_prerequisites 0.7 role.</p>
<p>The team now agrees that this policy is counter-productive because:</p>
<ol>
<li>Having a role in a separate repo (not part of the pulp_installer collection) is extra work for developers, and for users.</li>
<li>The only plugin that currently needs a prereq role, pulp_rpm, has version numbers and releases that correspond to pulpcore releases. pulp_rpm 3.3.z needs pulpcore 3.3.z, etc. So the pulp_rpm specific installation logic can be safely bundled in pulp_installer 99% of the time.</li>
</ol> Pulp - Issue #6696 (ASSIGNED): pulp_installer fails to run "Collect static content" task when pul...https://pulp.plan.io/issues/66962020-05-08T19:25:22Zironfroggy
<p>Either needs to be a documented incompatibility and issue an error, or needs to run the correct steps when galaxy_ng is installed and the UI must be part of the installation.</p>
<p>This is not a problem for most uses but will be an issue if we need to test unreleased changes in pulpcore for QA purposes.</p>
<p>Working:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">all</span>
<span class="na">vars</span><span class="pi">:</span>
<span class="na">pulp_settings</span><span class="pi">:</span>
<span class="na">secret_key</span><span class="pi">:</span> <span class="s">secret</span>
<span class="na">content_origin</span><span class="pi">:</span> <span class="s2">"</span><span class="s">http://{{</span><span class="nv"> </span><span class="s">ansible_fqdn</span><span class="nv"> </span><span class="s">}}"</span>
<span class="na">pulp_default_admin_password</span><span class="pi">:</span> <span class="s">password</span>
<span class="na">pulp_install_plugins</span><span class="pi">:</span>
<span class="na">pulp-ansible</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">galaxy-ng</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">pulp-container</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">roles</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">pulp-database</span>
<span class="pi">-</span> <span class="s">pulp-workers</span>
<span class="pi">-</span> <span class="s">pulp-resource-manager</span>
<span class="pi">-</span> <span class="s">pulp-webserver</span>
<span class="pi">-</span> <span class="s">pulp-content</span>
<span class="na">environment</span><span class="pi">:</span>
<span class="na">DJANGO_SETTINGS_MODULE</span><span class="pi">:</span> <span class="s">pulpcore.app.settings</span>
</code></pre>
<p>Not Working:</p>
<pre><code class="yaml syntaxhl" data-language="yaml"><span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">all</span>
<span class="na">vars</span><span class="pi">:</span>
<span class="na">pulp_settings</span><span class="pi">:</span>
<span class="na">secret_key</span><span class="pi">:</span> <span class="s">secret</span>
<span class="na">content_origin</span><span class="pi">:</span> <span class="s2">"</span><span class="s">http://{{</span><span class="nv"> </span><span class="s">ansible_fqdn</span><span class="nv"> </span><span class="s">}}"</span>
<span class="na">pulp_default_admin_password</span><span class="pi">:</span> <span class="s">password</span>
<span class="na">pulp_install_plugins</span><span class="pi">:</span>
<span class="na">pulp-ansible</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">galaxy-ng</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">pulp-container</span><span class="pi">:</span> <span class="pi">{}</span>
<span class="na">pulp_source_dir</span><span class="pi">:</span> <span class="s2">"</span><span class="s">git+https://github.com/pulp/pulpcore.git@3.3.0#egg=pulpcore"</span>
<span class="na">roles</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">pulp-database</span>
<span class="pi">-</span> <span class="s">pulp-workers</span>
<span class="pi">-</span> <span class="s">pulp-resource-manager</span>
<span class="pi">-</span> <span class="s">pulp-webserver</span>
<span class="pi">-</span> <span class="s">pulp-content</span>
<span class="na">environment</span><span class="pi">:</span>
<span class="na">DJANGO_SETTINGS_MODULE</span><span class="pi">:</span> <span class="s">pulpcore.app.settings</span>
</code></pre> Pulp - Task #6306 (ASSIGNED): Request EPEL8 versions of packages in the pulp-devel rolehttps://pulp.plan.io/issues/63062020-03-06T21:22:23Zmdepaulo@redhat.com
<p>This PR has to do some workarounds for EL8 support, because the packages were not in EPEL8 yet:
<a href="https://github.com/pulp/ansible-pulp/pull/243/files#" class="external">https://github.com/pulp/ansible-pulp/pull/243/files#</a></p>
<p>Ignoring some helpful developing tools packages:
jnettop
fd-find
fzf</p>
<p>and Installing F28 (Python 3.6) versions of a package we needt:
python3-virtualenvwrapper</p>
<p>and its deps:
python3-virtualenv-clone
python3-stevedore</p>
<p>We should request that they be packaged for EPEL8.
See "## Consumer request for packages"
<a href="https://lists.fedoraproject.org/archives/list/epel-announce@lists.fedoraproject.org/thread/KXMMLYSAXAVHDKFFBVEFYYZHPJBWXOQQ/" class="external">https://lists.fedoraproject.org/archives/list/epel-announce@lists.fedoraproject.org/thread/KXMMLYSAXAVHDKFFBVEFYYZHPJBWXOQQ/</a></p>
<p>And then added to the list of packages to install as normal.</p>