Increase the secret key size to 50 chars
This is recommended by Django and generates a warning about this when doing production checks. Since it's using cached data, this doesn't affect upgrading users.
Correct directory tree in README
23bff59 changed the docroot default, but I forgot this entry.
Allow setting parameters on the API and Content Apache proxy
Adds a default timeout of 5 minutes to the parameters to address issues seen when syncing from a Pulp 3 to a Pulp 3 mirror.
Support Pulp 3.9, drop earlier versions
Pulp 3.9 changes CHUNKED_UPLOAD_DIR from an absolute path to a relative path. It must be within MEDIA_ROOT and there's no need to manage it. Pulp defaults are correct and overriding it is not recommended upstream. This does rely on a fix in Pulpcore 3.9.1. Technically older versions will continue to work but the upload directory may not exist and the pulp user may not have permission to create it. Rather than documenting these, it's chosen to only support the latest version. This also saves CI resources.
Include pulpcore in pulpcore::apache
The pulpcore::apache::fragment defines includes pulpcore::apache, so if used stand-alone will fail since pulpcore::apache relies upon variables from the main pulpcore class.
Update Github Actions workflow
This applies the lessons learned while applying this to Voxpupuli and The Foreman orgs.
Pin camptocamp/systemd to 2.12.0 in testing
Git master has dropped daemon reloading code which we currently depend on. This pins to the latest released version. I tried to support both, but currently there's no way to distinguish 2.x and 3.x.
Fixes #32309 - Run admin commands from Pulp's home
* Dynaconf seems to always be using the current directory. As such, the cwd could be a directory that is unreadable by the pulp user. Pulp's user home must always be readable by the pulp user.
Refs #32338 - Add support for ALLOWED_CONTENT_CHECKSUMS
Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
Refs #32383: Configurable client certificate authentication to Pulp
Allows a user supplied mapping of certificate CN to Pulp user name. If this is present, set the REMOTE_USER to a Pulp user defined in the parameter to pass along to Pulp. This changes from having to generate a client certificate with a valid user (e.g. admin) as the CN to allowing to use a client certificate generated with a more standard CN (e.g. FQDN) and act as a user in Pulp suppplied to the parameter.
This marks that the next version is at least 3.4.0 but not a release yet.
Fixes #32622: Include StdEnvVars, ExportCertData SSL options in Apache
When deploying a stand-alone vhost, Pulp needs these SSL options set in order for X-CLIENT-CERT to be set.
