Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-08-04T14:14:02ZPulp
Planio Pulp - Issue #9211 (NEW): Vagrant devel installs have SELinux errorshttps://pulp.plan.io/issues/92112021-08-04T14:14:02Zmdepaulo@redhat.com
<p>Because SELinux installs are in editable mode, the .pyc files produce SELinux errors.</p>
<p>Other SELinux errors may exist too due to the devel installs.</p>
<pre><code class="text syntaxhl" data-language="text">TASK [pulp_devel : SELinux status] *********************************************
ok: [pulp3-source-fedora34] => {
"selinux_analyze.stdout_lines": [
"SELinux is preventing gunicorn from search access on the directory vagrant.",
"SELinux is preventing gunicorn from search access on the directory /.",
"SELinux is preventing gunicorn from getattr access on the directory /home/vagrant/devel/pulpcore.",
"SELinux is preventing gunicorn from read access on the directory models.",
"SELinux is preventing gunicorn from open access on the directory /home/vagrant/devel/pulpcore/pulpcore/app/models.",
"SELinux is preventing gunicorn from getattr access on the directory /home/vagrant.",
"SELinux is preventing gunicorn from getattr access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/settings.py.",
"SELinux is preventing gunicorn from read access on the file settings.py.",
"SELinux is preventing gunicorn from open access on the file /home/vagrant/devel/pulpcore/pulpcore/app/settings.py.",
"SELinux is preventing gunicorn from ioctl access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/settings.py.",
"SELinux is preventing pulpcore-worker from read access on the file __init__.cpython-39.pyc.",
"SELinux is preventing pulpcore-worker from open access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/__pycache__/__init__.cpython-39.pyc.",
"SELinux is preventing pulpcore-worker from ioctl access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/__pycache__/__init__.cpython-39.pyc.",
"SELinux is preventing pulpcore-worker from name_connect access on the tcp_socket port 5432.",
"SELinux is preventing pulpcore-worker from add_name access on the directory 21847@pulp3-source-fedora34.localhost.example.com.",
"SELinux is preventing pulpcore-worker from remove_name access on the directory 21235@pulp3-source-fedora34.localhost.example.com.",
"SELinux is preventing pulpcore-worker from rmdir access on the directory 21235@pulp3-source-fedora34.localhost.example.com.",
"SELinux is preventing nginx from read access on the file nginx.conf.",
"SELinux is preventing nginx from open access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/webserver_snippets/nginx.conf.",
"SELinux is preventing nginx from getattr access on the file /home/vagrant/devel/pulp_ansible/pulp_ansible/app/webserver_snippets/nginx.conf."
]
}
</code></pre> Pulp - Task #9005 (NEW): pulp_installer's molecule CI should not always connect as roothttps://pulp.plan.io/issues/90052021-07-02T18:07:29Zmdepaulo@redhat.com
<p>This seems to be a product of, or the default configuration of, the docker plugin for molecule. (molecule uses <code>docker exec</code> to talk to the container, not SSH.)</p>
<p>We should look into performance options as we solve this. Even if it means eliminating/weakening SSH encryption on the CI environment / molecule containers.</p> Pulp - Issue #8993 (NEW): SELinux: avc: denied pulpcore-worker on Fedora 34https://pulp.plan.io/issues/89932021-06-30T14:02:12ZStephenW
<p>Hello</p>
<p>I installed Pulp3 on Fedora 34 using "ansible-galaxy collection install pulp.pulp_installer"</p>
<p>at the end of the Ansible run:
TASK [pulp.pulp_installer.pulp_health_check : Checking Pulp services]
msg: 'pulpcore-resource-manager.service state: stopped'</p>
<p>On the managed node, I see lots of avc: denied :</p>
<p>fedoraserver ~]# ausearch -m AVC,USER_AVC -ts recent</p>
<p>time->Tue Jun 29 15:59:06 2021
type=AVC msg=audit(1624975146.441:668194): avc: denied { name_connect } for pid=1129665 comm="pulpcore-worker" dest=6379 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:redis_port_t:s0 tclass=tcp_socket permissive=0</p>
<p>fedoraserver ~]# sepolgen-ifgen
fedoraserver ~]# audit2allow -Ral</p>
<p>require {
type init_t;
}</p>
<p>#============= init_t ==============
corenet_tcp_connect_postgresql_port(init_t)
corenet_tcp_connect_redis_port(init_t)</p>
<p>Thank you</p> Pulp - Issue #8055 (NEW): When SELinux is enabled, pulp_installer relabels all the files in /var/...https://pulp.plan.io/issues/80552021-01-08T17:04:00Zdkliban@redhat.com
<p>The installer takes a long time to upgrade an existing system that's running with SELinux enabled because it always relabels /var/lib/pulp in the "Restore SELinux contexts on Pulp dirs that may exist" handler[0]. The list of the directories is here[1].</p>
<p>[0] <a href="https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/handlers/main.yml#L13-L21" class="external">https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/handlers/main.yml#L13-L21</a>
[1] <a href="https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/defaults/main.yml#L63-L66" class="external">https://github.com/pulp/pulp_installer/blob/3.9.0-1/roles/pulp_common/defaults/main.yml#L63-L66</a></p> Pulp - Issue #7892 (ASSIGNED): the task "Ensure pulp is part of group redis" doesn't need to crea...https://pulp.plan.io/issues/78922020-11-24T02:08:15Ztsugimur@redhat.com
<p>At roles/pulp_redis/tasks/configure_uds.yml, this task should be modified as below not to create its home directory.</p>
<p>from</p>
<pre><code>- name: Ensure pulp is part of group redis
user:
name: '{{ pulp_user }}'
groups: redis
append: true
</code></pre>
<p>to</p>
<pre><code>- name: Ensure pulp is part of group redis
user:
name: '{{ pulp_user }}'
groups: redis
append: true
create_home: false
</code></pre> Pulp - Task #7668 (NEW): remove pid files from the systemd service fileshttps://pulp.plan.io/issues/76682020-10-07T17:05:32Zdkliban@redhat.com
<p>Systemd does not need explicitly defined pid files to keep track of the services. We should make a change the systemd service files similar to the change here: <a href="https://github.com/theforeman/puppet-pulpcore/commit/b3b7c133c513dd2c30b00a81e64b2bb33ca92397" class="external">https://github.com/theforeman/puppet-pulpcore/commit/b3b7c133c513dd2c30b00a81e64b2bb33ca92397</a></p> Pulp - Task #7642 (NEW): Update pulp_installer's list of supported Fedora releaseshttps://pulp.plan.io/issues/76422020-10-01T18:18:58Zmdepaulo@redhat.com
<p>Fedora 32 is supported; pulplift CI tests it. Fedora 30 will probably be dropped in the task that blocks this.</p>
<p>Note that this list is in roles/*/meta/main.yml</p> Pulp - Issue #7640 (NEW): pulp_rpm_prerequisites sets ansible_python_interpreter unnecessarilyhttps://pulp.plan.io/issues/76402020-10-01T18:14:01Zmdepaulo@redhat.com
<p>There is no reason it should be set to:</p>
<pre><code>ansible_python_interpreter: /usr/bin/python
</code></pre>
<p>Since the behavior of auto_legacy and auto is to set it to that (python2) anyway.</p>
<p>It also would only affect the role (and later applied roles) at most, since the role is always (and conditionally) dynamically included. If it has any effect, this makes it harder to test the installer, different interpreter depending on whether or not pulp_rpm is getting installed.</p> Pulp - Task #7575 (NEW): pulp_installer's SELinux support should handle folder paths being changedhttps://pulp.plan.io/issues/75752020-09-25T21:09:08Zmdepaulo@redhat.com
<p>pulp_install_dir, pulp_user_home, etc are currently baked into pulpcore-selinux.</p>
<p>pulp_installer should support accommodating this, such as by replacing the .fc file from pulpcore-selinux, or running label database commands.</p> Pulp - Task #7313 (POST): The installer should be tested as a collectionhttps://pulp.plan.io/issues/73132020-08-12T09:53:56Zmdellweg
<p>We distribute the installer roles as a collection, and stuff in an ansible collection behaves different than outside, we need to test them as part of a collection.</p> Pulp - Task #7281 (NEW): Update docs to state that installer can only install one cluster at a timehttps://pulp.plan.io/issues/72812020-08-05T14:39:19Zdkliban@redhat.com
<p>The documentation needs to have a "Known limitations" section. One of the items should state that that the installer can only install one Pulp cluster at a time.</p> Pulp - Issue #7136 (ASSIGNED): Requirement conflict when running RUNNING HANDLER [pulp.pulp_insta...https://pulp.plan.io/issues/71362020-07-14T17:07:05Zzen42@linux.com
<p>Tried to follow the install instructions here: <a href="https://docs.pulpproject.org/installation/instructions.html" class="external">https://docs.pulpproject.org/installation/instructions.html</a></p>
<p>I have done so on 2 diffrent boxes, one was RHEL7.8 the other a vagrant centos7</p>
<p>On both I hit the below error during the ansible run:</p>
<p>RUNNING HANDLER [pulp.pulp_installer.pulp_common : Collect static content] **********************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["/usr/local/lib/pulp/bin/django-admin", "collectstatic", "--noinput", "--link"], "delta": "0:00:00.262311", "end": "2020-07-14 16:46:52.375639", "msg": "non-zero return code", "rc": 1, "start": "2020-07-14 16:46:52.113328", "stderr": "Traceback (most recent call last):\n File "/usr/local/lib/pulp/bin/django-admin", line 8, in \n sys.exit(execute_from_command_line())\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 381, in execute_from_command_line\n utility.execute()\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 325, in execute\n settings.INSTALLED_APPS\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 79, in <strong>getattr</strong>\n self._setup(name)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 66, in _setup\n self._wrapped = Settings(settings_module)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 157, in <strong>init</strong>\n mod = importlib.import_module(self.SETTINGS_MODULE)\n File "/usr/lib64/python3.6/importlib/<strong>init</strong>.py", line 126, in import_module\n return _bootstrap._gcd_import(name[level:], package, level)\n File "", line 994, in _gcd_import\n File "", line 971, in _find_and_load\n File "", line 955, in _find_and_load_unlocked\n File "", line 665, in _load_unlocked\n File "", line 678, in exec_module\n File "", line 219, in _call_with_frames_removed\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pulpcore/app/settings.py", line 73, in \n plugin_app_config = entry_point.load()\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2317, in load\n self.require(*args, **kwargs)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2340, in require\n items = working_set.resolve(reqs, env, installer, extras=self.extras)\n File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 779, in resolve\n raise VersionConflict(dist, req).with_context(dependent_req)\npkg_resources.VersionConflict: (pulpcore 3.5.0 (/usr/local/lib/pulp/lib/python3.6/site-packages), Requirement.parse('pulpcore<3.5,>=3.4'))", "stderr_lines": ["Traceback (most recent call last):", " File "/usr/local/lib/pulp/bin/django-admin", line 8, in ", " sys.exit(execute_from_command_line())", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 381, in execute_from_command_line", " utility.execute()", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/core/management/<strong>init</strong>.py", line 325, in execute", " settings.INSTALLED_APPS", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 79, in <strong>getattr</strong>", " self._setup(name)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 66, in _setup", " self._wrapped = Settings(settings_module)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/django/conf/<strong>init</strong>.py", line 157, in <strong>init</strong>", " mod = importlib.import_module(self.SETTINGS_MODULE)", " File "/usr/lib64/python3.6/importlib/<strong>init</strong>.py", line 126, in import_module", " return _bootstrap._gcd_import(name[level:], package, level)", " File "", line 994, in _gcd_import", " File "", line 971, in _find_and_load", " File "", line 955, in _find_and_load_unlocked", " File "", line 665, in _load_unlocked", " File "", line 678, in exec_module", " File "", line 219, in _call_with_frames_removed", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pulpcore/app/settings.py", line 73, in ", " plugin_app_config = entry_point.load()", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2317, in load", " self.require(*args, **kwargs)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 2340, in require", " items = working_set.resolve(reqs, env, installer, extras=self.extras)", " File "/usr/local/lib/pulp/lib64/python3.6/site-packages/pkg_resources/<strong>init</strong>.py", line 779, in resolve", " raise VersionConflict(dist, req).with_context(dependent_req)", "pkg_resources.VersionConflict: (pulpcore 3.5.0 (/usr/local/lib/pulp/lib/python3.6/site-packages), Requirement.parse('pulpcore<3.5,>=3.4'))"], "stdout": "", "stdout_lines": []}</p>
<p>The interesting bit is on the last line: Requirement.parse('pulpcore<3.5,>=3.4'))"]</p>
<p>I have tried and failed to find where this requirement is being stored but clearly it need updated for 3.5</p> Pulp - Task #6942 (NEW): Update galaxy_ng docs for the pulp_installer install-from-rpm supporthttps://pulp.plan.io/issues/69422020-06-09T15:45:37Zmdepaulo@redhat.com
<p>Its docs should show the example variables for doing this.</p> Pulp - Story #6688 (NEW): pulp_installer: preflight check and system-wide packages are incompatiblehttps://pulp.plan.io/issues/66882020-05-08T14:40:15Zmdepaulo@redhat.com
<p>Part of the pre-flight check does not understand system-wide packages, but another part is still affected by them.</p>
<p>This leads to false positives (enforcements) in addition to false negatives in the preflight check.</p>
<p>We no longer need system-wide packages, so we should remove support for it, and migrate user installs off of it, as safely as possible.</p> Pulp - Task #6306 (ASSIGNED): Request EPEL8 versions of packages in the pulp-devel rolehttps://pulp.plan.io/issues/63062020-03-06T21:22:23Zmdepaulo@redhat.com
<p>This PR has to do some workarounds for EL8 support, because the packages were not in EPEL8 yet:
<a href="https://github.com/pulp/ansible-pulp/pull/243/files#" class="external">https://github.com/pulp/ansible-pulp/pull/243/files#</a></p>
<p>Ignoring some helpful developing tools packages:
jnettop
fd-find
fzf</p>
<p>and Installing F28 (Python 3.6) versions of a package we needt:
python3-virtualenvwrapper</p>
<p>and its deps:
python3-virtualenv-clone
python3-stevedore</p>
<p>We should request that they be packaged for EPEL8.
See "## Consumer request for packages"
<a href="https://lists.fedoraproject.org/archives/list/epel-announce@lists.fedoraproject.org/thread/KXMMLYSAXAVHDKFFBVEFYYZHPJBWXOQQ/" class="external">https://lists.fedoraproject.org/archives/list/epel-announce@lists.fedoraproject.org/thread/KXMMLYSAXAVHDKFFBVEFYYZHPJBWXOQQ/</a></p>
<p>And then added to the list of packages to install as normal.</p>