Task #2325
Updated by bmbouter about 7 years ago
We're planning to do out package builds using fedora's copr infrastructure from Pulp 3. We've identified two needs that need to be met for this to be viable: # Old releases need to be archived, so that downstream folks like katello can pull specific release versions. This is also just a good thing to do. Currently, we only keep the latest release of a given x.y stream, and earlier releases can't be easily found online. # Releases need to happen atomically. COPR supports this, but offers limited control over the exact moment a repository's metadata is regenerated. Pulp meets both of these needs, and should be the tool we use to distribute Pulp. :) This pulp instance will need to be secure and the following things should be ensured: # Pulp's REST API Pulp should be ran on a non default port # Pulp's content serving API should be run on ports 80 and 443 # mongo set up with authentication and listen locally (through sockets) # message brokers also set up with authentication and configured to only listen locally # The RHEL7 hardening guide is followed [0] [0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Security_Guide/Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf