diff --git a/doc/source/configuration/release-train.rst b/doc/source/configuration/release-train.rst
index 9df55e232..20b43d674 100644
--- a/doc/source/configuration/release-train.rst
+++ b/doc/source/configuration/release-train.rst
@@ -7,7 +7,7 @@ StackHPC provides packages and container images for OpenStack via `Ark
Deployments should use a local `Pulp `__ repository
server to synchronise content from Ark and serve it locally. Access to the
-repositories on Ark is controlled via X.509 certificates issued by StackHPC.
+repositories on Ark is controlled via user accounts issued by StackHPC.
This configuration is a base, and should be merged with any existing Kayobe
configuration. It currently provides the following:
@@ -41,20 +41,14 @@ Pulp startup.
StackHPC Ark
------------
-The container image registry credentials issued by StackHPC should be
-configured in ``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the
-password:
+The Ark pulp credentials issued by StackHPC should be configured in
+``etc/kayobe/pulp.yml``, using Ansible Vault to encrypt the password:
.. code-block:: yaml
stackhpc_release_pulp_username:
stackhpc_release_pulp_password:
-The client certificate and private key issued by StackHPC should be stored in
-``etc/kayobe/ansible/certs/ark.stackhpc.com/client-cert.pem`` and
-``etc/kayobe/ansible/certs/ark.stackhpc.com/client-key.pem``, respectively,
-with the private key encrypted via Ansible Vault.
-
The distribution name for the environment should be configured as either
``development`` or ``production`` via ``stackhpc_repo_distribution`` in
``etc/kayobe/stackhpc.yml``.
@@ -153,3 +147,30 @@ with the push repository using the pulp CLI:
(venv-pulp) [stack@seed ~]$ pulp --base-url http://:8080--username admin --password container distribution destroy --name stackhpc/centos-source-prometheus-jiralert
Started background task /pulp/api/v3/tasks/1f0a474a-b7c0-44b4-9ef4-ed633077f4d8/
.Done.
+
+HTTP Error 404: Not Found
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If your login credentials are incorrect, or lack the required permissions,
+you will see a 404 error during ``pulp-repo-sync.yml``:
+
+.. code-block:: console
+
+ TASK [stackhpc.pulp.pulp_repository : Sync RPM remotes into repositories] ****************************************************************************************************************************************
+ An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Task failed to complete. (failed; 404, message='Not Found', url=URL('https://ark.stackhpc.com/pulp/content/centos/8-stream/BaseOS/x86_64/os/20211122T102435'))
+ failed: [localhost] (item=centos-stream-8-baseos-development) => changed=false
+ ansible_loop_var: item
+ item:
+ name: centos-stream-8-baseos-development
+ policy: on_demand
+ proxy_url: __omit_place_holder__d35452c39719f081229941a64fd2cdce1188a287
+ remote_password:
+ remote_username:
+ required: true
+ state: present
+ sync_policy: mirror_complete
+ url: https://ark.stackhpc.com/pulp/content/centos/8-stream/BaseOS/x86_64/os/20211122T102435
+ msg: Task failed to complete. (failed; 404, message='Not Found', url=URL('https://ark.stackhpc.com/pulp/content/centos/8-stream/BaseOS/x86_64/os/20211122T102435')) '''
+
+The issue can be rectified by updating the ``stackhpc_release_pulp_username``
+and ``stackhpc_release_pulp_password`` variables
diff --git a/etc/kayobe/ansible/certs/ark.stackhpc.com/client-cert.pem b/etc/kayobe/ansible/certs/ark.stackhpc.com/client-cert.pem
deleted file mode 100644
index e69de29bb..000000000
diff --git a/etc/kayobe/ansible/certs/ark.stackhpc.com/client-key.pem b/etc/kayobe/ansible/certs/ark.stackhpc.com/client-key.pem
deleted file mode 100644
index e69de29bb..000000000
diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml
index bd4d27e3f..77aaa9f99 100644
--- a/etc/kayobe/ansible/requirements.yml
+++ b/etc/kayobe/ansible/requirements.yml
@@ -3,6 +3,6 @@ collections:
- name: stackhpc.cephadm
version: 1.10.0
- name: stackhpc.pulp
- version: 0.3.0
+ version: 0.4.1
roles:
- src: stackhpc.vxlan
diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml
index 41cd600d4..55d0e0384 100644
--- a/etc/kayobe/pulp.yml
+++ b/etc/kayobe/pulp.yml
@@ -23,11 +23,6 @@ stackhpc_release_pulp_url: "https://ark.stackhpc.com"
stackhpc_release_pulp_username:
stackhpc_release_pulp_password:
-# Client certificates used to access StackHPC Ark repositories.
-# They are trusted by the 'release' cert guard's CA.
-stackhpc_release_pulp_client_cert: "{{ lookup('file', kayobe_config_path ~ '/ansible/certs/ark.stackhpc.com/client-cert.pem') | trim }}"
-stackhpc_release_pulp_client_key: "{{ lookup('file', kayobe_config_path ~ '/ansible/certs/ark.stackhpc.com/client-key.pem') | trim }}"
-
# Content URL of the StackHPC Pulp service.
stackhpc_release_pulp_content_url: "{{ stackhpc_release_pulp_url }}/pulp/content"
@@ -44,8 +39,8 @@ stackhpc_pulp_repository_deb_repos:
# Base Ubuntu Focal repositories
- name: Ubuntu focal
url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/focal/{{ stackhpc_pulp_repo_ubuntu_focal_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
architectures: amd64
@@ -57,8 +52,8 @@ stackhpc_pulp_repository_deb_repos:
- name: Ubuntu focal security
url: "{{ stackhpc_release_pulp_content_url }}/ubuntu/focal-security/{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
architectures: amd64
@@ -71,8 +66,8 @@ stackhpc_pulp_repository_deb_repos:
# Ubuntu Cloud Archive (UCA) repositories
- name: Ubuntu Cloud Archive
url: "{{ stackhpc_release_pulp_content_url }}/ubuntu-cloud-archive/{{ stackhpc_pulp_repo_ubuntu_cloud_archive_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
architectures: amd64
@@ -85,8 +80,8 @@ stackhpc_pulp_repository_deb_repos:
# Third-party repositories
- name: Docker CE for Ubuntu
url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/ubuntu/{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
architectures: amd64
@@ -193,8 +188,8 @@ stackhpc_pulp_repository_rpm_repos:
# Base CentOS 8 Stream repositories
- name: CentOS Stream 8 - AppStream
url: "{{ stackhpc_release_pulp_content_url }}/centos/8-stream/AppStream/x86_64/os/{{ stackhpc_pulp_repo_centos_stream_8_appstream_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
sync_policy: mirror_complete
@@ -202,8 +197,8 @@ stackhpc_pulp_repository_rpm_repos:
required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}"
- name: CentOS Stream 8 - BaseOS
url: "{{ stackhpc_release_pulp_content_url }}/centos/8-stream/BaseOS/x86_64/os/{{ stackhpc_pulp_repo_centos_stream_8_baseos_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
sync_policy: mirror_complete
@@ -211,8 +206,8 @@ stackhpc_pulp_repository_rpm_repos:
required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}"
- name: CentOS Stream 8 - Extras
url: "{{ stackhpc_release_pulp_content_url }}/centos/8-stream/extras/x86_64/os/{{ stackhpc_pulp_repo_centos_stream_8_extras_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
sync_policy: mirror_complete
@@ -222,40 +217,40 @@ stackhpc_pulp_repository_rpm_repos:
# Base Rocky 8 repositories
- name: Rocky Linux 8 - AppStream
url: "{{ stackhpc_release_pulp_content_url }}/rocky/8.{{ stackhpc_pulp_repo_rocky_8_minor_version }}/AppStream/x86_64/os/{{ stackhpc_pulp_repo_rocky_8_appstream_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
sync_policy: mirror_complete
state: present
required: "{{ stackhpc_pulp_sync_rocky_8 | bool }}"
- name: Rocky Linux 8 - BaseOS
url: "{{ stackhpc_release_pulp_content_url }}/rocky/8.{{ stackhpc_pulp_repo_rocky_8_minor_version }}/BaseOS/x86_64/os/{{ stackhpc_pulp_repo_rocky_8_baseos_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
sync_policy: mirror_complete
state: present
required: "{{ stackhpc_pulp_sync_rocky_8 | bool }}"
- name: Rocky Linux 8 - Extras
url: "{{ stackhpc_release_pulp_content_url }}/rocky/8.{{ stackhpc_pulp_repo_rocky_8_minor_version }}/extras/x86_64/os/{{ stackhpc_pulp_repo_rocky_8_extras_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
sync_policy: mirror_complete
state: present
required: "{{ stackhpc_pulp_sync_rocky_8 | bool }}"
- name: Rocky Linux 8 - NFV
url: "{{ stackhpc_release_pulp_content_url }}/rocky/8.{{ stackhpc_pulp_repo_rocky_8_minor_version }}/nfv/x86_64/os/{{ stackhpc_pulp_repo_rocky_8_nfv_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
sync_policy: mirror_complete
state: present
required: "{{ stackhpc_pulp_sync_rocky_8 | bool }}"
- name: Rocky Linux 8 - PowerTools
url: "{{ stackhpc_release_pulp_content_url }}/rocky/8.{{ stackhpc_pulp_repo_rocky_8_minor_version }}/PowerTools/x86_64/os/{{ stackhpc_pulp_repo_rocky_8_6_powertools_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
sync_policy: mirror_complete
state: present
@@ -264,8 +259,8 @@ stackhpc_pulp_repository_rpm_repos:
# EPEL repositories
- name: Extra Packages for Enterprise Linux 8 - x86_64
url: "{{ stackhpc_release_pulp_content_url }}/epel/8/Everything/x86_64/{{ stackhpc_pulp_repo_epel_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
sync_policy: mirror_content_only
@@ -273,8 +268,8 @@ stackhpc_pulp_repository_rpm_repos:
required: "{{ stackhpc_pulp_sync_el_8 | bool }}"
- name: Extra Packages for Enterprise Linux Modular 8 - x86_64
url: "{{ stackhpc_release_pulp_content_url }}/epel/8/Modular/x86_64/{{ stackhpc_pulp_repo_epel_modular_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
sync_policy: mirror_complete
@@ -284,8 +279,8 @@ stackhpc_pulp_repository_rpm_repos:
# Third-party repositories
- name: Docker CE for CentOS 8
url: "{{ stackhpc_release_pulp_content_url }}/docker-ce/centos/8/x86_64/stable/{{ stackhpc_pulp_repo_docker_version }}"
- client_cert: "{{ stackhpc_release_pulp_client_cert }}"
- client_key: "{{ stackhpc_release_pulp_client_key }}"
+ remote_username: "{{ stackhpc_release_pulp_username }}"
+ remote_password: "{{ stackhpc_release_pulp_password }}"
policy: on_demand
proxy_url: "{{ pulp_proxy_url }}"
sync_policy: mirror_complete