Add docs about configuring ALLOWED_CONTENT_CHECKSUMS

closes #8266 https://pulp.plan.io/issues/8266
pulp · Feb 18, 2021 · f75f98d · f75f98d
1 parent 7c200b5
commit f75f98d
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/CHANGES/8266.doc b/CHANGES/8266.doc
@@ -0,0 +1 @@
+Added a note that ALLOWED_CONTENT_CHECKSUMS is strongly recommended to allow all supported checksum types, and can be adjusted after the migration.
diff --git a/docs/configuration.rst b/docs/configuration.rst
@@ -6,6 +6,7 @@ Requirements
 
 * ``/var/lib/pulp`` is shared from Pulp 2 machine
 * access to Pulp 2 database
+* [recommended] all Pulp 3 supported checksum types are allowed
 
 
 Configuration
@@ -45,3 +46,21 @@ E.g.
         'verify_ssl': True,
         'ca_path': '/etc/pki/tls/certs/ca-bundle.crt',
     }
+
+3. Configure `ALLOWED_CONTENT_CHECKSUMS` in your settings, ``/etc/pulp/settings.py`` before you
+run a migration. It is recommended to list all Pulp 3 supported checksum types.
+pulp-2to3-migration is shipped with such default configuration. In case you have a custom one in
+``/etc/pulp/settings.py``, make sure it lists all types as shown below:
+
+.. code:: python
+
+    ALLOWED_CONTENT_CHECKSUMS = ['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']
+
+If you are sure that your Pulp 2 installation has no md5 or sha1 checksums for any content
+(on_demand or downloaded) or in any distributor configuration, then you are fine to exclude those
+from the setting.
+
+If you are concerned having `md5` and `sha1` enabled, you can always adjust the setting after
+the migration is done and remove those two checksum types from the allowed list. After modifying
+the setting, you likely will need to run ``pulpcore-manager handle-artifact-checksums`` to remove
+unsupported checksums from the database, or Pulp will refuse to start.