/puppet-pulp

Puppet module for setting Pulp as part of Katello installation

Primary LanguageRubyGNU General Public License v3.0GPL-3.0

Puppet Forge Build Status puppetmodule.info docs

Table of Contents

  1. Overview
  2. Usage - The basics of getting started with pulp
  3. Development - Guide for contributing to the module

Overview

This module can be used to install and manage several aspects of a pulp installation.

Pulp

Installation

The main pulp server installation. This includes the Apache configuration and the various daemons.

include ::pulp

Note that you need EPEL and a Pulp repository. For this we recommend stahnma/epel and use of the pulp::repo::upstream or pulp::repo::katello.

include ::epel
include ::pulp::repo::upstream
class { '::pulp':
  require => Class['epel', 'pulp::repo::upstream'],
}

Plugins can be enabled as well:

class { '::pulp':
  enable_docker => true,
  enable_ostree => true,
  enable_puppet => true,
  enable_python => true,
  enable_rpm    => true,
}

By default a user admin will be created with a randomized password. This is configurable with the default_username and default_password parameters:

class { '::pulp':
  default_username => 'user',
  default_password => 'secret',
}

Security and external services

By default the MongoDB database is managed, but the manage_db parameter can be used to change this behaviour.

Likewise the broker is managed by default, but manage_broker is there. The implementation can be switched from the default qpid to rabbitmq.

There are various types that can be used to manage providers, assuming the correct plugin is installed.

For security certificates can be used. For example on the webservice:

class { '::pulp':
  https_cert   => '/path/to/public_key.pem',
  https_key    => '/path/to/private_key.pem',
  https_chain  => '/path/to/ca_chain.pem',
  # Optionally you can change the accepted protocols
  ssl_protocol => ['all', '-SSLv3', '-TLSv1', '-TLSv1.1'],
}

The connection to the MongoDB server can also be encrypted:

class { '::pulp':
  db_ssl          => true,
  db_ssl_keyfile  => '/path/to/private_key.pem',
  db_ssl_certfile => '/path/to/public_key.pem',
  db_ca_path      => '/path/to/ca.pem',
}

Similarly the connection to the message broker can be encrypted:

class { '::pulp':
  broker_url     => 'qpid://user:password@broker.example.com:5671',
  broker_use_ssl => true,
}

The email behaviour is configurable as well:

class { '::pulp':
  email_host    => 'localhost',
  email_port    => 25,
  email_from    => 'admin@example.com',
  email_enabled => true,
}

In case you need to connect through a proxy you can specify the host, port, username and password. Note the proxy_url parameter actually maps to the proxy_host parameter in the configs.

class { '::pulp':
  proxy_url      => 'proxy.example.com',
  proxy_port     => 80,
  proxy_username => 'user',
  proxy_password => 'secret',
}

RPM provider

pulp_rpmrepo { 'scl_ruby22_el7':
  checksum_type    => 'sha256',
  display_name     => 'scl_ruby22_el7',
  feed             => 'https://www.softwarecollections.org/repos/rhscl/rh-ruby22/epel-7-x86_64/',
  relative_url     => 'scl_ruby22/7Server',
  remove_missing   => true,
  retain_old_count => 1,
  serve_http       => true,
  serve_https      => true,
  validate         => true,
}

Puppet provider

pulp_puppetrepo { 'company_puppet_forge':
  display_name    => 'company_puppet_forge',
  max_downloads   => 10,
  serve_http      => true,
  serve_https     => true,
  validate        => true,
  verify_feed_ssl => false,
}

ISO provider

pulp_isorepo { 'optymyze_thirdparty':
  display_name    => 'files_thirdparty',
  feed            => 'https://pulp-server.company.net/pulp/isos/files_thirdparty/',
  max_downloads   => 10,
  remove_missing  => false,
  serve_http      => true,
  serve_https     => true,
  validate        => true,
  verify_feed_ssl => false,
}

Schedule provider

pulp_schedule { 'scl_ruby22_el7':
  enabled       => 'true',
  schedule_time => '2000-W01-6T12:00Z/P1W',
}

# force schedules to be added after the repos are created
Pulp_rpmrepo <| |> -> Pulp_schedule <| |>

Pulp admin

The easiest is to use enable_admin parameter. This ensures all plugins have their admin component installed as well as configuring the client to talk to the server using the default_username and default_password parameters.

class { 'pulp':
  enable_admin => true,
}

On standalone machines it is also possible to only install the admin utility by directly using pulp::admin:

include ::pulp::admin

In this case plugins need to be managed explicitly.

class { '::pulp::admin':
  enable_docker => true,
  enable_ostree => true,
  enable_puppet => true,
  enable_python => true,
  enable_nodes  => true
  enable_rpm    => true,
}

Pulp Child

Manage a pulp child installation.

include ::pulp::child

Pulp consumer

Manage pulp consumers.

Installation

include ::pulp::consumer

Register consumer

pulp_register { $::fqdn:
  user => 'admin',
  pass => 'admin',
}

Pulp Crane

Manage pulp crane, a minimal docker registry.

You can either deploy it standalone:

include ::pulp::crane

Or as part of a full Pulp installation:

class { '::pulp':
  enable_crane => true,
}

Role provider

pulp_role { 'repo_admin':
  ensure      => 'present',
  users       => ['alice', 'bob'],
  permissions => {'/' => ['READ', 'CREATE'], '/v2/repositories/scl_ruby22_el7/' => ['READ', 'EXECUTE', 'UPDATE', 'CREATE', 'DELETE']},
}

Development

See the CONTRIBUTING guide for steps on how to make a change and get it accepted upstream.