Skip to content

Puppet module for setting up Pulp 2 as part of Katello installation

License

Notifications You must be signed in to change notification settings

theforeman/puppet-pulp

Repository files navigation

Puppet Forge Build Status puppetmodule.info docs

Table of Contents

  1. Overview
  2. Usage - The basics of getting started with pulp
  3. Development - Guide for contributing to the module

Overview

This module can be used to install and manage several aspects of a pulp installation.

Pulp

Installation

The main pulp server installation. This includes the Apache configuration and the various daemons.

include pulp

Note that you need EPEL and a Pulp repository. For this we recommend stahnma/epel and use of the pulp::repo::upstream class.

include epel
include pulp::repo::upstream
class { '::pulp':
  require => Class['epel', 'pulp::repo::upstream'],
}

Plugins can be enabled as well:

class { '::pulp':
  enable_docker => true,
  enable_ostree => true,
  enable_puppet => true,
  enable_python => true,
  enable_rpm    => true,
}

By default a user admin will be created with a randomized password. This is configurable with the default_login and default_password parameters:

class { '::pulp':
  default_login    => 'user',
  default_password => 'secret',
}

Security and external services

By default the MongoDB database is managed, but the manage_db parameter can be used to change this behaviour.

Likewise the broker is managed by default, but manage_broker is there. The implementation can be switched from the default qpid to rabbitmq.

There are various types that can be used to manage providers, assuming the correct plugin is installed.

For security certificates can be used. For example on the webservice:

class { '::pulp':
  https_cert   => '/path/to/public_key.pem',
  https_key    => '/path/to/private_key.pem',
  https_chain  => '/path/to/ca_chain.pem',
  # Optionally you can change the accepted protocols
  ssl_protocol => ['all', '-SSLv3', '-TLSv1', '-TLSv1.1'],
}

The connection to the MongoDB server can also be encrypted:

class { '::pulp':
  db_ssl          => true,
  db_ssl_keyfile  => '/path/to/private_key.pem',
  db_ssl_certfile => '/path/to/public_key.pem',
  db_ca_path      => '/path/to/ca.pem',
}

Similarly the connection to the message broker can be encrypted:

class { '::pulp':
  broker_url     => 'qpid://user:[email protected]:5671',
  broker_use_ssl => true,
}

The email behaviour is configurable as well:

class { '::pulp':
  email_host    => 'localhost',
  email_port    => 25,
  email_from    => '[email protected]',
  email_enabled => true,
}

In case you need to connect through a proxy you can specify the host, port, username and password. Note the proxy_url parameter actually maps to the proxy_host parameter in the configs.

class { '::pulp':
  proxy_url      => 'proxy.example.com',
  proxy_port     => 80,
  proxy_username => 'user',
  proxy_password => 'secret',
}

RPM provider

pulp_rpmrepo { 'scl_ruby22_el7':
  checksum_type    => 'sha256',
  display_name     => 'scl_ruby22_el7',
  feed             => 'https://www.softwarecollections.org/repos/rhscl/rh-ruby22/epel-7-x86_64/',
  relative_url     => 'scl_ruby22/7Server',
  remove_missing   => true,
  retain_old_count => 1,
  serve_http       => true,
  serve_https      => true,
  validate         => true,
}

Puppet provider

pulp_puppetrepo { 'company_puppet_forge':
  display_name    => 'company_puppet_forge',
  max_downloads   => 10,
  serve_http      => true,
  serve_https     => true,
  validate        => true,
  verify_feed_ssl => false,
}

ISO provider

pulp_isorepo { 'optymyze_thirdparty':
  display_name    => 'files_thirdparty',
  feed            => 'https://pulp-server.company.net/pulp/isos/files_thirdparty/',
  max_downloads   => 10,
  remove_missing  => false,
  serve_http      => true,
  serve_https     => true,
  validate        => true,
  verify_feed_ssl => false,
}

Schedule provider

pulp_schedule { 'scl_ruby22_el7':
  enabled       => 'true',
  schedule_time => '2000-W01-6T12:00Z/P1W',
}

# force schedules to be added after the repos are created
Pulp_rpmrepo <| |> -> Pulp_schedule <| |>

Pulp admin

The easiest is to use enable_admin parameter. This ensures all plugins have their admin component installed as well as configuring the client to talk to the server using the default_login and default_password parameters.

class { 'pulp':
  enable_admin => true,
}

On standalone machines it is also possible to only install the admin utility by directly using pulp::admin:

include pulp::admin

In this case plugins need to be managed explicitly.

class { 'pulp::admin':
  enable_docker => true,
  enable_ostree => true,
  enable_puppet => true,
  enable_python => true,
  enable_nodes  => true
  enable_rpm    => true,
}

Pulp Child

Manage a pulp child installation.

include pulp::child

Pulp consumer

Manage pulp consumers.

Installation

include pulp::consumer

Register consumer

pulp_register { $facts['fqdn']:
  user => 'admin',
  pass => 'admin',
}

Pulp Crane

Manage pulp crane, a minimal docker registry.

You can either deploy it standalone:

include pulp::crane

Or as part of a full Pulp installation:

class { 'pulp':
  enable_crane => true,
}

Role provider

pulp_role { 'repo_admin':
  ensure      => 'present',
  users       => ['alice', 'bob'],
  permissions => {'/' => ['READ', 'CREATE'], '/v2/repositories/scl_ruby22_el7/' => ['READ', 'EXECUTE', 'UPDATE', 'CREATE', 'DELETE']},
}

Development

See the CONTRIBUTING guide for steps on how to make a change and get it accepted upstream.