Open rgarrigue opened 7 years ago
ekohl
commented
7 years ago That doesn't sound right. Can you tell us how you deploy the module? I suspect that this module is mostly tested on the same server as Katello and you deploy it standalone. This is something I really want to improve and is on my short term agenda. Any insight on common use cases would be greatly appreciated.
rgarrigue
commented
7 years ago Pulp module is 4.3.0, over CentOS 7
Here's my profiles::pulp
class profiles::pulp (
$admin_login = 'yolowunderbart',
$admin_password = 'yolowunderbart',
$debug = false,
$email_enabled = true,
$email_from = 'pulp@yolowunderbart.fr',
$email_host = 'smtp.yolowunderbart.fr',
$email_port = '25',
$enable_docker = true,
$enable_http = true,
$enable_ostree = false,
$enable_puppet = true,
$enable_python = true,
$enable_rpm = true,
$puppetrepos = undef,
$isorepos = undef,
$rpmrepos = undef,
$schedules = undef,
$server_name = $::fqdn,
$staticrepos = undef,
){
Selinux::Boolean['httpd_use_openstack'] -> Yumrepo <||> -> Package <||> -> Firewalld_port <||>
selinux::boolean { 'httpd_use_openstack': }
yumrepo { 'epel':
exclude => 'compat-qpid*',
}
yumrepo { 'pulp-2-stable':
baseurl => 'https://repos.fedorapeople.org/repos/pulp/pulp/stable/2/$releasever/$basearch/',
descr => 'Pulp 2 Production Releases',
enabled => true,
gpgcheck => true,
gpgkey => 'https://repos.fedorapeople.org/repos/pulp/pulp/GPG-RPM-KEY-pulp-2',
skip_if_unavailable => true,
}
class { '::pulp':
crane_debug => $debug,
# db_name => $mongodb_database, # HS, cf https://github.com/Katello/puppet-pulp/issues/199
# db_password => $mongodb_password,
# db_username => $mongodb_username,
debugging_mode => $debug,
default_login => $admin_login,
default_password => $admin_password,
email_enabled => $email_enabled,
email_from => $email_from,
email_host => $email_host,
email_port => $email_port,
enable_crane => $enable_docker,
enable_docker => $enable_docker,
enable_http => $enable_http,
enable_ostree => $enable_ostree,
enable_puppet => $enable_puppet,
enable_python => $enable_python,
enable_rpm => $enable_rpm,
server_name => $server_name,
before => Anchor['installation'],
}
file { ['/root/.pulp']:
ensure => directory,
owner => root,
group => root,
mode => '0700',
}
->
file { ['/root/.pulp/admin.conf']:
ensure => file,
content => template('profiles/pulp/admin.conf.erb'),
owner => root,
group => root,
mode => '0600',
}
class { '::pulp::admin':
host => $server_name,
port => 443,
verify_ssl => false,
upload_chunk_size => 1048576,
extensions_dir => '/usr/lib/pulp/admin/extensions',
id_cert_dir => '~/.pulp',
id_cert_filename => 'user-cert.pem',
upload_working_dir => '~/.pulp/uploads',
log_filename => '~/.pulp/admin.log',
call_log_filename => '~/.pulp/server_calls.log',
enable_puppet => $enable_puppet,
enable_docker => $enable_docker,
enable_ostree => $enable_ostree,
enable_python => $enable_python,
enable_rpm => $enable_rpm,
puppet_upload_working_dir => '~/.pulp/puppet-uploads',
puppet_upload_chunk_size => 1048576,
before => Anchor['installation'],
}
exec { 'pulp-auth':
command => "/bin/pulp-admin login -u ${admin_login} -p ${admin_password}",
creates => '/root/.pulp/user-cert.pem',
require => Service['httpd'],
before => Anchor['installation'],
}
exec { 'pulp-ca-trust':
command => '/bin/cp /etc/pki/pulp/ca.crt /etc/pki/ca-trust/source/anchors/pulp_ca.pem; /bin/update-ca-trust enable; /bin/update-ca-trust extract',
creates => '/etc/pki/ca-trust/source/anchors/pulp_ca.pem',
require => Service['httpd'],
before => Anchor['installation'],
}
anchor { 'installation': }
if($rpmrepos) {
create_resources(
'pulp_rpmrepo',
$rpmrepos,
{
require => Anchor['installation'],
before => Anchor['repositories'],
}
)
}
if($puppetrepos) {
create_resources(
'pulp_puppetrepo',
$puppetrepos,
{
require => Anchor['installation'],
before => Anchor['repositories'],
}
)
}
if($isorepos) {
create_resources(
'pulp_isorepo',
$isorepos,
{
require => Anchor['installation'],
before => Anchor['repositories'],
}
)
}
if($staticrepos) {
create_resources(
'::apache::vhost',
$staticrepos,
)
}
anchor{ 'repositories': }
if($schedules) {
create_resources(
'pulp_schedule',
$schedules,
{
require => Anchor['repositories'],
}
)
}
firewalld_port { 'Ouverture du port HTTPD Pulp 80 dans la zone publique':
ensure => present,
zone => 'public',
port => 80,
protocol => 'tcp',
}
firewalld_port { 'Ouverture du port HTTPD Pulp 443 dans la zone publique':
ensure => present,
zone => 'public',
port => 443,
protocol => 'tcp',
}
if($enable_docker) {
firewalld_port { 'Ouverture du port HTTPD Pulp 5000 dans la zone publique':
ensure => present,
zone => 'public',
port => 5000,
protocol => 'tcp',
}
}
}Here's the roles::test calling pulp
class roles::test {
include ::profiles::common
include ::profiles::pulp
}Common's just about installing vim, ntp, starting firewalld... no real impact for pulp / apache
And I'm having this hiera, no real impact here
profiles::pulp::staticrepos:
'vagrant':
vhost_name: '*'
port: 80
priority: 15
servername: vagrant.build.adventiel.net
docroot: /var/www/vagrant
'windows':
vhost_name: '*'
port: 80
priority: 15
servername: windows.build.adventiel.net
docroot: /var/www/windowsThat's it for our usage of pulp, as standalone mirroring server
djjudas21
commented
7 years ago I am also experiencing this problem. My setup is simple:
class profile::pulp {
include ::profile::apache
include ::profile::apache::ssl
include ::apache::mod::wsgi
# Set up Pulp repo for installation
yumrepo { 'pulp-2-stable':
descr => 'Pulp 2 Production Releases',
baseurl => 'https://repos.fedorapeople.org/repos/pulp/pulp/stable/2/$releasever/$basearch/',
enabled => 1,
skip_if_unavailable => 1,
gpgcheck => 1,
gpgkey => 'https://repos.fedorapeople.org/repos/pulp/pulp/GPG-RPM-KEY-pulp-2',
}
# Install Pulp server with katello/pulp
class { '::pulp':
enable_rpm => true,
enable_puppet => true,
require => Yumrepo['pulp-2-stable'],
}
# Install Pulp admin utility
class { '::pulp::admin':
enable_puppet => true,
enable_nodes => true,
enable_rpm => true,
}
}So the reason is https://github.com/puppetlabs/puppetlabs-apache/blob/7301123aa51afe696f129988482889f61aa4f0d0/manifests/vhost.pp#L44. The easiest patch would be to change the pulp-http vhost and add options that doesn't allow Indexes but I don't know if there are plugins which rely on indexes being available.
djjudas21
commented
7 years ago It can't really make it any worse :smile: At the moment, I can't use Pulp at all because of this
rgarrigue
commented
7 years ago Don't you think all the repos rely on index view ?
ekohl
commented
7 years ago That's what I suspect, but I'm still getting to know the module better and need better testing of individual parts.
djjudas21
commented
7 years ago I don't think it's as simple as disabling Indexes. Something is wrong with the wsgi hosting
ekohl
commented
7 years ago Well, you have the index but all the actual hosting happens through aliases. Those are not visible in the index but when you go to /pulp/iso I expect you do see something, just like /pulp/api.
djjudas21
commented
7 years ago Browsing to /pulp or /pulp/api gives me Not Found. I have no idea what the application is supposed to do :disappointed:
ekohl
commented
7 years ago Then I'm wondering what pulp-admin status shows. If you create a ~/.pulp/admin.conf with:
[server]
username=username
password=passwordThen you should be able to use pulp-admin repo list. Note that initial username and passwords can be found in /etc/pulp/server.conf as default_login and default_password.
Note I'm doing this without access to an actual pulp server (yay traveling without a dev box) so I might be slightly off in some details.
djjudas21
commented
7 years ago I created ~/.pulp/admin.conf with
[server]
verify_ssl: false
[auth]
username: admin
password: ***************and the pulp-admin commands seem to do the right thing (although I don't have any repos yet):
[jg4461@pulp-dv0 ~]$ pulp-admin status
+----------------------------------------------------------------------+
Status of the server
+----------------------------------------------------------------------+
Api Version: 2
Database Connection:
Connected: True
Known Workers:
_id: scheduler@pulp-dv0.nomadic-core.bris.ac.uk
_ns: workers
Last Heartbeat: 2017-06-06T13:04:13Z
_id: reserved_resource_worker-1@pulp-dv0.nomadic-core.bris.ac.uk
_ns: workers
Last Heartbeat: 2017-06-06T13:04:15Z
_id: reserved_resource_worker-0@pulp-dv0.nomadic-core.bris.ac.uk
_ns: workers
Last Heartbeat: 2017-06-06T13:04:11Z
_id: resource_manager@pulp-dv0.nomadic-core.bris.ac.uk
_ns: workers
Last Heartbeat: 2017-06-06T13:04:15Z
Messaging Connection:
Connected: True
Versions:
Platform Version: 2.13.1
[jg4461@pulp-dv0 ~]$ pulp-admin repo list
+----------------------------------------------------------------------+
Repositories
+----------------------------------------------------------------------+Then I think it should be working. Note that as far as I know pulp has no UI. You can use Katello but that may not be what you're looking for. pulp-admin has commands to add repos. The pulp_rpmrepo, pulp_isorepo and pulp_puppetrepo types can be used in your puppet manifests to create the repositories. Note that due to #138 you must set ssl_username to and empty string or false to use those. It's on the roadmap to fix that.
ccnifo
commented
7 years ago I also have these WSGI scripts listed on my standalone deployment. I think it may be as simple as disabling Indexes because a quick test on my setup seemed to indicate everything works well without it. Also, the HTTPS vhost works fine without this "Options" line.
Regarding WSGI scripts, 1 improvement would also be to run them as a distinct, specifically created user (instead of running them as apache). I'll try to write a patch and submit a PR for this.
ekohl
commented
7 years ago When https://github.com/Katello/puppet-pulp/pull/252 lands there will be some acceptance tests. After those are in I'll feel a lot safer when making changes. Of course I can already use that to test submitted PRs
Hi
The question is in the title, I dunno why I end up with this calling http://fqdn/ ?
Best regards,