Project

Profile

Help

Task #2325

Updated by bizhang about 7 years ago

We're planning to do out package builds using fedora's copr infrastructure from Pulp 3. We've identified two needs that need to be met for this to be viable: 
 # Old releases need to be archived, so that downstream folks like katello can pull specific release versions. This is also just a good thing to do. Currently, we only keep the latest release of a given x.y stream, and earlier releases can't be easily found online. 
 # Releases need to happen atomically. COPR supports this, but offers limited control over the exact moment a repository's metadata is regenerated. 

 Pulp meets both of these needs, and should be the tool we use to distribute Pulp. :) 

 This pulp instance will need to be secure and the following things should be ensured: 

 # Pulp should be ran on a non default port 
 # mongo set up with authentication and listen locally (through sockets) 
 # SNI used for HTTPS 
 # message brokers also set up with authentication and configured to only listen locally 
 # The RHEL7 hardening guide is followed [0] 

 [0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Security_Guide/Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf

Back