Pulp

Lazy sync introduces several new WSGI applications, processes, files, etc. SELinux rules need to be written to support lazy.

The following processes are new:

• squid
  - I expect this to already have an SELinux policy somewhere and we probably don't need to do anything.

• pulp_streamer
  - Currently set to run as the 'apache' user.
  - Launches a twistd application in /srv/pulp/streamer.tac
  - Its systemd unit and init script can be found in the streamer package in pulp for more information
  - Currently runs in the 'system_u:system_r:unconfined_service_t:s0' context
  - Reads a configuration file at '/etc/pulp/streamer.conf'
  - Communicates with MongoDB

In addition to those processes, there are two new WSGI applications:

• streamer_auth.wsgi
  - Reads '/etc/pulp/server.conf'
  - Loads the RSA public key specified in the 'authentication' section, 'rsa_pub' value in above config

• content.wsgi
  - Reads '/etc/pulp/server.conf'
  - Loads the RSA private key specified in the 'authentication' section, 'rsa_key' value in above config
  - calls `os.path.realpath` on provided file paths. These links will be in /var/www/pub/<something> and should resolve to something in /var/lib/pulp/content