Why do I have this listing in my server root ?

[rgarrigue]

Hi

The question is in the title, I dunno why I end up with this calling http://fqdn/ ?

Best regards,

[ekohl]

That doesn't sound right. Can you tell us how you deploy the module? I suspect that this module is mostly tested on the same server as Katello and you deploy it standalone. This is something I really want to improve and is on my short term agenda. Any insight on common use cases would be greatly appreciated.

[rgarrigue]

Pulp module is 4.3.0, over CentOS 7

Here's my profiles::pulp

class profiles::pulp (
    $admin_login = 'yolowunderbart',
    $admin_password = 'yolowunderbart',
    $debug = false,
    $email_enabled = true,
    $email_from = '[email protected]',
    $email_host = 'smtp.yolowunderbart.fr',
    $email_port = '25',
    $enable_docker = true,
    $enable_http = true,
    $enable_ostree = false,
    $enable_puppet = true,
    $enable_python = true,
    $enable_rpm = true,
    $puppetrepos = undef,
    $isorepos = undef,
    $rpmrepos = undef,
    $schedules = undef,
    $server_name = $::fqdn,
    $staticrepos = undef,
  ){

    Selinux::Boolean['httpd_use_openstack'] -> Yumrepo <||> -> Package <||> -> Firewalld_port <||>

    selinux::boolean { 'httpd_use_openstack': }

    yumrepo { 'epel':
      exclude => 'compat-qpid*',
    }

    yumrepo { 'pulp-2-stable':
      baseurl             => 'https://repos.fedorapeople.org/repos/pulp/pulp/stable/2/$releasever/$basearch/',
      descr               => 'Pulp 2 Production Releases',
      enabled             => true,
      gpgcheck            => true,
      gpgkey              => 'https://repos.fedorapeople.org/repos/pulp/pulp/GPG-RPM-KEY-pulp-2',
      skip_if_unavailable => true,
    }

    class { '::pulp':
      crane_debug      => $debug,
      # db_name          => $mongodb_database, # HS, cf https://github.com/Katello/puppet-pulp/issues/199
      # db_password      => $mongodb_password,
      # db_username      => $mongodb_username,
      debugging_mode   => $debug,
      default_login    => $admin_login,
      default_password => $admin_password,
      email_enabled    => $email_enabled,
      email_from       => $email_from,
      email_host       => $email_host,
      email_port       => $email_port,
      enable_crane     => $enable_docker,
      enable_docker    => $enable_docker,
      enable_http      => $enable_http,
      enable_ostree    => $enable_ostree,
      enable_puppet    => $enable_puppet,
      enable_python    => $enable_python,
      enable_rpm       => $enable_rpm,
      server_name      => $server_name,
      before           => Anchor['installation'],
    }

    file { ['/root/.pulp']:
      ensure => directory,
      owner  => root,
      group  => root,
      mode   => '0700',
    }
    ->
    file { ['/root/.pulp/admin.conf']:
      ensure  => file,
      content => template('profiles/pulp/admin.conf.erb'),
      owner   => root,
      group   => root,
      mode    => '0600',
    }

    class { '::pulp::admin':
      host                      => $server_name,
      port                      => 443,
      verify_ssl                => false,
      upload_chunk_size         => 1048576,
      extensions_dir            => '/usr/lib/pulp/admin/extensions',
      id_cert_dir               => '~/.pulp',
      id_cert_filename          => 'user-cert.pem',
      upload_working_dir        => '~/.pulp/uploads',
      log_filename              => '~/.pulp/admin.log',
      call_log_filename         => '~/.pulp/server_calls.log',
      enable_puppet             => $enable_puppet,
      enable_docker             => $enable_docker,
      enable_ostree             => $enable_ostree,
      enable_python             => $enable_python,
      enable_rpm                => $enable_rpm,
      puppet_upload_working_dir => '~/.pulp/puppet-uploads',
      puppet_upload_chunk_size  => 1048576,
      before                    => Anchor['installation'],
    }

    exec { 'pulp-auth':
      command => "/bin/pulp-admin login -u ${admin_login} -p ${admin_password}",
      creates => '/root/.pulp/user-cert.pem',
      require => Service['httpd'],
      before  => Anchor['installation'],
    }
    exec { 'pulp-ca-trust':
      command => '/bin/cp /etc/pki/pulp/ca.crt /etc/pki/ca-trust/source/anchors/pulp_ca.pem; /bin/update-ca-trust enable; /bin/update-ca-trust extract',
      creates => '/etc/pki/ca-trust/source/anchors/pulp_ca.pem',
      require => Service['httpd'],
      before  => Anchor['installation'],
    }

    anchor { 'installation': }

    if($rpmrepos) {
      create_resources(
        'pulp_rpmrepo',
        $rpmrepos,
        {
          require => Anchor['installation'],
          before => Anchor['repositories'],
        }
      )
    }
    if($puppetrepos) {
      create_resources(
        'pulp_puppetrepo',
        $puppetrepos,
        {
          require => Anchor['installation'],
          before => Anchor['repositories'],
        }
      )
    }
    if($isorepos) {
      create_resources(
        'pulp_isorepo',
        $isorepos,
        {
          require => Anchor['installation'],
          before => Anchor['repositories'],
        }
      )
    }
    if($staticrepos) {
      create_resources(
        '::apache::vhost',
        $staticrepos,
      )
    }

    anchor{ 'repositories': }

    if($schedules) {
      create_resources(
        'pulp_schedule',
        $schedules,
        {
          require => Anchor['repositories'],
        }
      )
    }

    firewalld_port { 'Ouverture du port HTTPD Pulp 80 dans la zone publique':
      ensure   => present,
      zone     => 'public',
      port     => 80,
      protocol => 'tcp',
    }
    firewalld_port { 'Ouverture du port HTTPD Pulp 443 dans la zone publique':
      ensure   => present,
      zone     => 'public',
      port     => 443,
      protocol => 'tcp',
    }
    if($enable_docker) {
      firewalld_port { 'Ouverture du port HTTPD Pulp 5000 dans la zone publique':
        ensure   => present,
        zone     => 'public',
        port     => 5000,
        protocol => 'tcp',
      }
    }
}

Here's the roles::test calling pulp

class roles::test {
    include ::profiles::common
    include ::profiles::pulp
 }

Common's just about installing vim, ntp, starting firewalld... no real impact for pulp / apache

And I'm having this hiera, no real impact here

profiles::pulp::staticrepos:
  'vagrant':
    vhost_name: '*'
    port: 80
    priority: 15
    servername: vagrant.build.adventiel.net
    docroot: /var/www/vagrant
  'windows':
    vhost_name: '*'
    port: 80
    priority: 15
    servername: windows.build.adventiel.net
    docroot: /var/www/windows

That's it for our usage of pulp, as standalone mirroring server

[djjudas21]

I am also experiencing this problem. My setup is simple:

class profile::pulp {
  include ::profile::apache
  include ::profile::apache::ssl
  include ::apache::mod::wsgi

  # Set up Pulp repo for installation
  yumrepo { 'pulp-2-stable':
    descr               => 'Pulp 2 Production Releases',
    baseurl             => 'https://repos.fedorapeople.org/repos/pulp/pulp/stable/2/$releasever/$basearch/',
    enabled             => 1,
    skip_if_unavailable => 1,
    gpgcheck            => 1,
    gpgkey              => 'https://repos.fedorapeople.org/repos/pulp/pulp/GPG-RPM-KEY-pulp-2',
  }

  # Install Pulp server with katello/pulp
  class { '::pulp':
    enable_rpm    => true,
    enable_puppet => true,
    require       => Yumrepo['pulp-2-stable'],
  }

  # Install Pulp admin utility
  class { '::pulp::admin':
    enable_puppet => true,
    enable_nodes  => true,
    enable_rpm    => true,
  }
}

[ekohl]

So the reason is https://github.com/puppetlabs/puppetlabs-apache/blob/7301123aa51afe696f129988482889f61aa4f0d0/manifests/vhost.pp#L44. The easiest patch would be to change the pulp-http vhost and add options that doesn't allow Indexes but I don't know if there are plugins which rely on indexes being available.

[djjudas21]

It can't really make it any worse 😄 At the moment, I can't use Pulp at all because of this

[rgarrigue]

Don't you think all the repos rely on index view ?

[ekohl]

That's what I suspect, but I'm still getting to know the module better and need better testing of individual parts.

[djjudas21]

I don't think it's as simple as disabling Indexes. Something is wrong with the wsgi hosting

[ekohl]

Well, you have the index but all the actual hosting happens through aliases. Those are not visible in the index but when you go to /pulp/iso I expect you do see something, just like /pulp/api.

[djjudas21]

Browsing to /pulp or /pulp/api gives me Not Found. I have no idea what the application is supposed to do 😞

[ekohl]

Then I'm wondering what pulp-admin status shows. If you create a ~/.pulp/admin.conf with:

[server]
username=username
password=password

Then you should be able to use pulp-admin repo list. Note that initial username and passwords can be found in /etc/pulp/server.conf as default_login and default_password.

Note I'm doing this without access to an actual pulp server (yay traveling without a dev box) so I might be slightly off in some details.

[djjudas21]

I created ~/.pulp/admin.conf with

[server]
verify_ssl: false

[auth]
username: admin
password: ***************

and the pulp-admin commands seem to do the right thing (although I don't have any repos yet):

[jg4461@pulp-dv0 ~]$ pulp-admin status
+----------------------------------------------------------------------+
                          Status of the server
+----------------------------------------------------------------------+

Api Version:           2
Database Connection:   
  Connected: True
Known Workers:         
  _id:            [email protected]
  _ns:            workers
  Last Heartbeat: 2017-06-06T13:04:13Z
  _id:            [email protected]
  _ns:            workers
  Last Heartbeat: 2017-06-06T13:04:15Z
  _id:            [email protected]
  _ns:            workers
  Last Heartbeat: 2017-06-06T13:04:11Z
  _id:            [email protected]
  _ns:            workers
  Last Heartbeat: 2017-06-06T13:04:15Z
Messaging Connection:  
  Connected: True
Versions:              
  Platform Version: 2.13.1

[jg4461@pulp-dv0 ~]$ pulp-admin repo list
+----------------------------------------------------------------------+
                              Repositories
+----------------------------------------------------------------------+

[ekohl]

Then I think it should be working. Note that as far as I know pulp has no UI. You can use Katello but that may not be what you're looking for. pulp-admin has commands to add repos. The pulp_rpmrepo, pulp_isorepo and pulp_puppetrepo types can be used in your puppet manifests to create the repositories. Note that due to #138 you must set ssl_username to and empty string or false to use those. It's on the roadmap to fix that.

[ccnifo]

I also have these WSGI scripts listed on my standalone deployment. I think it may be as simple as disabling Indexes because a quick test on my setup seemed to indicate everything works well without it. Also, the HTTPS vhost works fine without this "Options" line.

Regarding WSGI scripts, 1 improvement would also be to run them as a distinct, specifically created user (instead of running them as apache). I'll try to write a patch and submit a PR for this.

[ekohl]

When #252 lands there will be some acceptance tests. After those are in I'll feel a lot safer when making changes. Of course I can already use that to test submitted PRs