Project

Profile

Help

Task #2325

closed

Distribute Pulp with Pulp

Added by semyers over 7 years ago. Updated almost 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Sprint:
Quarter:

Description

We're planning to do out package builds using fedora's copr infrastructure from Pulp 3. We've identified two needs that need to be met for this to be viable:

  1. Old releases need to be archived, so that downstream folks like katello can pull specific release versions. This is also just a good thing to do. Currently, we only keep the latest release of a given x.y stream, and earlier releases can't be easily found online.
  2. Releases need to happen atomically. COPR supports this, but offers limited control over the exact moment a repository's metadata is regenerated.

Pulp meets both of these needs, and should be the tool we use to distribute Pulp. :)

This pulp instance will need to be secure and the following things should be ensured:

  1. Pulp's REST API should be ran on a non default port
  2. Pulp's content serving API should be run on ports 80 and 443
  3. mongo set up with authentication and listen locally (through sockets)
  4. message brokers also set up with authentication and configured to only listen locally
  5. The RHEL7 hardening guide is followed [0]

[0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Security_Guide/Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf


Related issues

Blocks Pulp - Task #2145: Ansible playbooks need to pull from PulpCLOSED - WONTFIX

Actions

Also available in: Atom PDF