.github/workflows/acceptance.yml

@@ -37,8 +37,7 @@ jobs:
           - "6"
           - "5"
         pulpcore_version:
-          - '3.6'
-          - '3.7'
+          - '3.9'
     name: Puppet ${{ matrix.puppet }} - Pulp ${{ matrix.pulpcore_version }} - ${{ matrix.setfile }}
     steps:
       - name: Enable IPv6 on docker

CHANGELOG.md

@@ -1,6 +1,44 @@
 # Changelog
 
-## [2.2.0](https://github.com/theforeman/puppet-pulpcore/tree/2.2.0) (2020-12-03)
+## [3.0.0](https://github.com/theforeman/puppet-pulpcore/tree/3.0.0) (2021-01-28)
+
+[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/2.2.2...3.0.0)
+
+**Breaking changes:**
+
+- Support Pulp 3.9, drop earlier versions [\#164](https://github.com/theforeman/puppet-pulpcore/pull/164) ([ekohl](https://github.com/ekohl))
+
+**Implemented enhancements:**
+
+- Refs [\#31670](https://projects.theforeman.org/issues/31670) - don't timeout DB migrations [\#163](https://github.com/theforeman/puppet-pulpcore/pull/163) ([evgeni](https://github.com/evgeni))
+- Allow setting parameters on the API and Content Apache proxy [\#160](https://github.com/theforeman/puppet-pulpcore/pull/160) ([ehelms](https://github.com/ehelms))
+- Increase the secret key size to 50 chars [\#158](https://github.com/theforeman/puppet-pulpcore/pull/158) ([ekohl](https://github.com/ekohl))
+- Set the reverse proxy host to the name of the service [\#153](https://github.com/theforeman/puppet-pulpcore/pull/153) ([ehelms](https://github.com/ehelms))
+
+**Fixed bugs:**
+
+- Include pulpcore in pulpcore::apache [\#169](https://github.com/theforeman/puppet-pulpcore/pull/169) ([ehelms](https://github.com/ehelms))
+- Fixes [\#31694](https://projects.theforeman.org/issues/31694): systemd service type should be Type [\#165](https://github.com/theforeman/puppet-pulpcore/pull/165) ([ehelms](https://github.com/ehelms))
+- Add proxy params to plugin Pulp 2 content routes [\#161](https://github.com/theforeman/puppet-pulpcore/pull/161) ([ehelms](https://github.com/ehelms))
+- Fixes [\#31468](https://projects.theforeman.org/issues/31468) - create import/export directories [\#154](https://github.com/theforeman/puppet-pulpcore/pull/154) ([jeremylenz](https://github.com/jeremylenz))
+
+## [2.2.2](https://github.com/theforeman/puppet-pulpcore/tree/2.2.2) (2021-01-21)
+
+[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/2.2.1...2.2.2)
+
+**Fixed bugs:**
+
+- Fixes [\#31694](https://projects.theforeman.org/issues/31694): systemd service type should be Type [\#166](https://github.com/theforeman/puppet-pulpcore/pull/166) ([ehelms](https://github.com/ehelms))
+
+## [2.2.1](https://github.com/theforeman/puppet-pulpcore/tree/2.2.1) (2020-12-09)
+
+[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/2.2.0...2.2.1)
+
+**Fixed bugs:**
+
+- Fixes [\#31468](https://projects.theforeman.org/issues/31468) - create import/export directories [\#156](https://github.com/theforeman/puppet-pulpcore/pull/156) ([ehelms](https://github.com/ehelms))
+
+## [2.2.0](https://github.com/theforeman/puppet-pulpcore/tree/2.2.0) (2020-12-07)
 
 [Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/2.1.0...2.2.0)
 

README.md

@@ -10,13 +10,9 @@ All supported versions are listed below. For every supported version, acceptance
 
 Supported operating systems are listed in `metadata.json` but individual releases can divert from that. For example, if Pulpcore x.y drops EL7, it will still be listed in metadata.json until all versions supported by the module have dropped it. Similarly, if x.z adds support for EL9, it'll be listed in `metadata.json` and all versions that don't support EL9 will have a note.
 
-### Pulpcore 3.7
+### Pulpcore 3.9
 
-Recommended version.
-
-### Pulpcore 3.6
-
-Due to the use of libexec wrappers, at least python3-pulpcore 3.6.3-2 must be installed.
+Recommended version. At least version 3.9.1 should be used.
 
 ## Installation layout
 
@@ -30,8 +26,6 @@ There are also the [STATIC_ROOT](https://docs.djangoproject.com/en/2.2/ref/setti
 
 These is also the `cache_dir` which is used to configure [WORKING_DIRECTORY](https://docs.pulpproject.org/settings.html#working-directory) and [FILE_UPLOAD_TEMP_DIR](https://docs.djangoproject.com/en/2.2/ref/settings/#file-upload-temp-dir). This defaults to `/var/lib/pulp/tmp`. It is strongly recommended that this is on the same filesystem as `MEDIA_ROOT`.
 
-There is also `chunked_upload_dir` to configure the undocumented `CHUNKED_UPLOAD_DIR`. This directory stores the temporary files used for files uploaded as chunks.
-
 Apache is configured to use an empty directory as docroot (`$apache_docroot`, default `/var/lib/pulp/pulpcore_static`). Doing so prevents Apache from bypassing the Pulp content app. When Apache is not managed, this directory is not managed.
 
 While Pulp can create most of these directories at runtime, they're explicitly managed to set the correct permissions and, if pulpcore-selinux is installed, enforce the correct labels.
@@ -46,10 +40,9 @@ This results into the following structure, using `tree -pug`:
     └── [drwxr-xr-x root     root    ]  lib
         └── [drwxrwxr-x pulp     pulp    ]  pulp ($user_home)
             ├── [drwxr-xr-x pulp     pulp    ]  assets ($static_root)
-            ├── [drwxr-xr-x pulp     pulp    ]  docroot ($apache_docroot)
+            ├── [drwxr-xr-x pulp     pulp    ]  pulpcore_static ($apache_docroot)
             ├── [drwxr-x--- pulp     pulp    ]  media ($media_root)
-            ├── [drwxr-x--- pulp     pulp    ]  tmp ($cache_dir)
-            └── [drwxr-x--- pulp     pulp    ]  upload ($chunked_upload_dir)
+            └── [drwxr-x--- pulp     pulp    ]  tmp ($cache_dir)
 ```
 
 ## Service setup

manifests/admin.pp

@@ -20,6 +20,9 @@
 # @param pulp_settings
 #   Root directory for static content
 #
+# @param timeout
+#   The command should timeout after so many seconds.
+#
 # @see exec
 define pulpcore::admin(
   String $command = $title,
@@ -28,6 +31,7 @@
   Array[Stdlib::Absolutepath] $path = ['/usr/bin'],
   String $user = $pulpcore::user,
   Stdlib::Absolutepath $pulp_settings = $pulpcore::settings_file,
+  Optional[Integer[0]] $timeout = undef,
 ) {
   Concat <| title == 'pulpcore settings' |>
   -> exec { "pulpcore-manager ${command}":
@@ -36,6 +40,7 @@
     environment => ["PULP_SETTINGS=${pulp_settings}"],
     refreshonly => $refreshonly,
     unless      => $unless,
+    timeout     => $timeout,
     logoutput   => 'on_failure',
   }
 }

manifests/apache.pp

@@ -7,13 +7,17 @@
   Hash[String, Any] $http_vhost_options = {},
   Hash[String, Any] $https_vhost_options = {},
   Enum['none', 'optional', 'require', 'optional_no_ca'] $ssl_verify_client = 'optional',
+  Hash $content_proxy_params = {'timeout' => '600'},
+  Hash $api_proxy_params = {'timeout' => '600'},
 ) {
+  include pulpcore
+
   $vhost_priority = $pulpcore::apache_vhost_priority
   $api_path = '/pulp/api/v3'
-  $api_base_url = "unix://${pulpcore::api_socket_path}|http://${pulpcore::servername}"
+  $api_base_url = "unix://${pulpcore::api_socket_path}|http://pulpcore-api"
   $api_url = "${api_base_url}${api_path}"
   $content_path = '/pulp/content'
-  $content_base_url = "unix://${pulpcore::content_socket_path}|http://${pulpcore::servername}"
+  $content_base_url = "unix://${pulpcore::content_socket_path}|http://pulpcore-content"
   $content_url = "${content_base_url}${content_path}"
 
   $docroot_directory = {
@@ -27,7 +31,8 @@
     'provider'        => 'location',
     'proxy_pass'      => [
       {
-        'url' => $content_url,
+        'url'    => $content_url,
+        'params' => $content_proxy_params,
       },
     ],
     'request_headers' => [
@@ -44,7 +49,8 @@
     'provider'        => 'location',
     'proxy_pass'      => [
       {
-        'url' => $api_url,
+        'url'    => $api_url,
+        'params' => $api_proxy_params,
       },
     ],
     'request_headers' => [

manifests/config.pp

@@ -30,11 +30,25 @@
     mode   => '0775',
   }
 
-  file { [$pulpcore::cache_dir, $pulpcore::chunked_upload_dir, $pulpcore::media_root]:
+  file { [$pulpcore::cache_dir, $pulpcore::media_root]:
     ensure => directory,
     owner  => $pulpcore::user,
     group  => $pulpcore::group,
     mode   => '0750',
   }
 
+  file { $pulpcore::allowed_import_path:
+    ensure => directory,
+    owner  => $pulpcore::user,
+    group  => $pulpcore::group,
+    mode   => '0770',
+  }
+
+  file { $pulpcore::allowed_export_path:
+    ensure => directory,
+    owner  => $pulpcore::user,
+    group  => $pulpcore::group,
+    mode   => '0770',
+  }
+
 }

manifests/database.pp

@@ -1,6 +1,8 @@
 # Set up the PostgreSQL and Redis databases
 # @api private
-class pulpcore::database {
+class pulpcore::database(
+  Integer[0] $timeout = 3600,
+) {
   if $pulpcore::postgresql_manage_db {
     include postgresql::client
     include postgresql::server
@@ -14,6 +16,7 @@
   }
 
   pulpcore::admin { 'migrate --noinput':
+    timeout     => $timeout,
     unless      => 'pulpcore-manager migrate --plan | grep "No planned migration operations"',
     refreshonly => false,
   }

manifests/init.pp

@@ -56,10 +56,6 @@
 #   Pulp cache directory. This is used to configure WORKING_DIRECTORY and
 #   FILE_UPLOAD_TEMP_DIR.
 #
-# @param chunked_upload_dir
-#   Pulp chunked upload directory. This is used to configure CHUNKED_UPLOAD_DIR
-#   and is used by Pulp to temporarily store files that are uploaded in chunks.
-#
 # @param apache_docroot
 #   Root directory for the Apache vhost. Only created if the Apache vhost is
 #   managed by this module.
@@ -149,7 +145,6 @@
   Stdlib::Absolutepath $user_home = '/var/lib/pulp',
   Stdlib::Absolutepath $config_dir = '/etc/pulp',
   Stdlib::Absolutepath $cache_dir = '/var/lib/pulp/tmp',
-  Stdlib::Absolutepath $chunked_upload_dir = '/var/lib/pulp/upload',
   Stdlib::Absolutepath $media_root = '/var/lib/pulp/media',
   Stdlib::Absolutepath $static_root = '/var/lib/pulp/assets',
   Pattern['^/.+/$'] $static_url = '/assets/',
@@ -174,7 +169,7 @@
   Optional[Stdlib::Absolutepath] $postgresql_db_ssl_cert = undef,
   Optional[Stdlib::Absolutepath] $postgresql_db_ssl_key = undef,
   Optional[Stdlib::Absolutepath] $postgresql_db_ssl_root_ca = undef,
-  String $django_secret_key = extlib::cache_data('pulpcore_cache_data', 'secret_key', extlib::random_password(32)),
+  String $django_secret_key = extlib::cache_data('pulpcore_cache_data', 'secret_key', extlib::random_password(50)),
   Integer[0] $redis_db = 8,
   Stdlib::Fqdn $servername = $facts['networking']['fqdn'],
   Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports'],

manifests/plugin/deb.pp

@@ -11,7 +11,8 @@
           'path'            => '/pulp/deb',
           'proxy_pass'      => [
             {
-              'url' => $pulpcore::apache::content_url,
+              'url'    => $pulpcore::apache::content_url,
+              'params' => $pulpcore::apache::content_proxy_params,
             },
           ],
           'request_headers' => [

manifests/plugin/file.pp

@@ -12,7 +12,8 @@
           'path'            => '/pulp/isos',
           'proxy_pass'      => [
             {
-              'url' => $pulpcore::apache::content_url,
+              'url'    => $pulpcore::apache::content_url,
+              'params' => $pulpcore::apache::content_proxy_params,
             },
           ],
           'request_headers' => [

manifests/plugin/rpm.pp

@@ -12,7 +12,8 @@
           'path'            => '/pulp/repos',
           'proxy_pass'      => [
             {
-              'url' => $pulpcore::apache::content_url,
+              'url'    => $pulpcore::apache::content_url,
+              'params' => $pulpcore::apache::content_proxy_params,
             },
           ],
           'request_headers' => [

manifests/repo.pp

@@ -3,7 +3,7 @@
 # @param version
 #   The Pulpcore version to use
 class pulpcore::repo (
-  Pattern['^\d+\.\d+$'] $version = '3.7',
+  Pattern['^\d+\.\d+$'] $version = '3.9',
 ) {
   $context = {
     'version'   => $version,

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "theforeman-pulpcore",
-  "version": "2.2.0",
+  "version": "3.0.0",
   "author": "theforeman",
   "summary": "Installs next generation Pulp server",
   "license": "GPL-3.0-or-later",

spec/classes/plugin_deb_spec.rb

@@ -28,7 +28,29 @@
             is_expected.to compile.with_all_deps
             is_expected.to contain_pulpcore__apache__fragment('plugin-deb')
             is_expected.to contain_apache__vhost__fragment('pulpcore-http-plugin-deb')
+              .with_content(
+<<CONTENT
+
+  <Location "/pulp/deb">
+    RequestHeader unset X-CLIENT-CERT
+    RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+    ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content timeout=600
+    ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
+  </Location>
+CONTENT
+              )
             is_expected.to contain_apache__vhost__fragment('pulpcore-https-plugin-deb')
+              .with_content(
+<<CONTENT
+
+  <Location "/pulp/deb">
+    RequestHeader unset X-CLIENT-CERT
+    RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+    ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content timeout=600
+    ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
+  </Location>
+CONTENT
+              )
           end
         end
       end

spec/classes/plugin_file_spec.rb

@@ -18,6 +18,39 @@
             .that_subscribes_to('Class[Pulpcore::Install]')
             .that_notifies(['Class[Pulpcore::Database]', 'Class[Pulpcore::Service]'])
         end
+
+        context 'with pulp2 content route' do
+          let(:params) { { use_pulp2_content_route: true } }
+
+          it 'contains the Apache fragment' do
+            is_expected.to compile.with_all_deps
+            is_expected.to contain_pulpcore__apache__fragment('plugin-file')
+            is_expected.to contain_apache__vhost__fragment('pulpcore-http-plugin-file')
+              .with_content(
+<<CONTENT
+
+  <Location "/pulp/isos">
+    RequestHeader unset X-CLIENT-CERT
+    RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+    ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content timeout=600
+    ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
+  </Location>
+CONTENT
+              )
+            is_expected.to contain_apache__vhost__fragment('pulpcore-https-plugin-file')
+              .with_content(
+<<CONTENT
+
+  <Location "/pulp/isos">
+    RequestHeader unset X-CLIENT-CERT
+    RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+    ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content timeout=600
+    ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
+  </Location>
+CONTENT
+              )
+          end
+        end
       end
     end
   end

spec/classes/plugin_rpm_spec.rb

@@ -28,7 +28,29 @@
             is_expected.to compile.with_all_deps
             is_expected.to contain_pulpcore__apache__fragment('plugin-rpm')
             is_expected.to contain_apache__vhost__fragment('pulpcore-http-plugin-rpm')
+              .with_content(
+<<CONTENT
+
+  <Location "/pulp/repos">
+    RequestHeader unset X-CLIENT-CERT
+    RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+    ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content timeout=600
+    ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
+  </Location>
+CONTENT
+              )
             is_expected.to contain_apache__vhost__fragment('pulpcore-https-plugin-rpm')
+              .with_content(
+<<CONTENT
+
+  <Location "/pulp/repos">
+    RequestHeader unset X-CLIENT-CERT
+    RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT
+    ProxyPass unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content timeout=600
+    ProxyPassReverse unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/content
+  </Location>
+CONTENT
+              )
           end
         end
       end