Unify use of pulp_content_bind and pulp_api_bind
#322
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Attached issue: https://pulp.plan.io/issues/6921 |
Spredzy
changed the title
pulp_content_bind and pulp_api_binDpulp_content_bind and pulp_api_binD
|
This PR has been successfully tested with the following two scenarios. The design make it so it should be transparent for current user/deployments while allowing one to specify UDS. Scenario 1: Using Unix Domain SoocketScenario 2: Current implementation binding to 127.0.0.1Note: I am not aware of the upgrade (if any) and the variable deprecation (if any) process. My change hence might not be compatible with those said processes. Please let me know if there is any doc I can check to update my PR accordingly. |
Spredzy
changed the title
pulp_content_bind and pulp_api_binDpulp_content_bind and pulp_api_binD
Spredzy
changed the title
pulp_content_bind and pulp_api_binDpulp_content_bind and pulp_api_bind
fao89
approved these changes
Jun 8, 2020
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 9, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). [1] pulp#322
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 9, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). [1] pulp#322
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 9, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). [1] pulp#322
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 9, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). [1] pulp#322
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 9, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). fixes #6931 [1] pulp#322
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 9, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). fixes #6931 [1] pulp#322
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 9, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). fixes #6931 [1] pulp#322
|
Before merging I want to finalize the discussion on the ticket. |
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 10, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). fixes #6931 [1] pulp#322
mikedep333
approved these changes
Jun 10, 2020
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 10, 2020
This commit ensures one can configure redis so it listens to unix domain socket (if wanted) rather than forcing it to listen on TCP socket. Benefits of this commit has been higlighted in previous PR[1]. Also, this commit introduces `pulp_redis_bind` to offer an expected experience for people using `pulp/pulp_installer` when it comes to configure network services (ie. `pulp_api_bind`, `pulp_content_bind`). fixes #6931 [1] pulp#322
bmbouter
requested changes
Jun 17, 2020
There was a problem hiding this comment.
We do not need to carry the [deprecated] fields. Can those please be removed?
Also for any vars that are removed, can you add a 6921.removal changelog (separate from the feature changelog). This will clearly call that out as a breaking change for users.
Also can changelogs be line wrapped to 100 chars. Sorry the CI doesn't let you know this. It's part of the Pulp community style guide, but it should also be more clear for contributors on individual repos.
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 18, 2020
In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816). While this is easily solved by the introduction of Unix Domain Socket in pulp#322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set. Flag to enable: httpd_can_network_connect fixes #6998
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 18, 2020
In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816). While this is easily solved by the introduction of Unix Domain Socket in pulp#322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set. Flag to enable: httpd_can_network_connect fixes #6998
Spredzy
added a commit
to Spredzy/pulp_installer
that referenced
this pull request
Jun 18, 2020
In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816). While this is easily solved by the introduction of Unix Domain Socket in pulp#322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set. Flag to enable: httpd_can_network_connect fixes #6998
bmbouter
reviewed
Jun 18, 2020
bmbouter
reviewed
Jun 18, 2020
bmbouter
reviewed
Jun 18, 2020
bmbouter
reviewed
Jun 18, 2020
bmbouter
reviewed
Jun 18, 2020
Spredzy
force-pushed
the
uds-capabilities
branch
from
c5c02b5
to
68631c8
Compare
Spredzy
force-pushed
the
uds-capabilities
branch
from
68631c8
to
8e9e632
Compare
bmbouter
requested changes
Jun 22, 2020
Spredzy
force-pushed
the
uds-capabilities
branch
from
8e9e632
to
fbf199a
Compare
bmbouter
reviewed
Jun 22, 2020
In its current state, the installer relies on `pulp_content_bind` and
`pulp_api_bind` for the following roles: `pulp` and `pulp_content`.
Yet, for `pulp_webserver` it relies on a new set of parameters for the
exact same purposes (note: those parameters are only used in this role);
namely: `pulp_content_host`, `pulp_content_port`, `pulp_api_host` and
`pulp_api_port`
While it would be less error prone to follow the 'define it once use
it everywhere pattern', the following PR also allows has the benefit
of:
* Enabling the use of Unix Domain Socket (UDS) to improve scale
(ie. `/var/run/pulpcore-api/pulpcore-api.sock`) and apply best
practice (if you only deal with localhost you don't need to get
the network stack involved)
* Pave the way for a better IPv6 integration. 127.0.0.1 doesn't
exist in IPv6 only servers. By using UDS as previously mentionned
this limitation becomes void for those two (api and content)
components
fixes #6921
Spredzy
force-pushed
the
uds-capabilities
branch
from
fbf199a
to
afbf826
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In its current state, the installer relies on
pulp_content_bindandpulp_api_bindfor the following roles:pulpandpulp_content.Yet, for
pulp_webserverit relies on a new set of parameters for theexact same purposes (note: those parameters are only used in this role);
namely:
pulp_content_host,pulp_content_port,pulp_api_hostandpulp_api_port.While it would be less error prone to follow the 'define it once use
it everywhere pattern', the following PR also allows has the benefit
of:
Enabling the use of Unix Domain Socket (UDS) to improve scale
(ie.
/var/run/pulpcore-api/pulpcore-api.sock) and apply bestpractice (if you only deal with localhost you don't need to get
the network stack involved)
Pave the way for a better IPv6 integration. 127.0.0.1 doesn't
exist in IPv6 only servers. By using UDS as previously mentionned
this limitation becomes void for those two (api and content)
components
fixes #6921