Showing with 25 additions and 5 deletions.
  1. +13 −0 CHANGELOG.md
  2. +2 −2 README.md
  3. +2 −0 manifests/apache.pp
  4. +4 −0 manifests/init.pp
  5. +1 −1 metadata.json
  6. +3 −1 spec/classes/pulpcore_spec.rb
  7. +0 −1 templates/settings.py.erb
13 changes: 13 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
# Changelog

## [7.1.0](https://github.com/theforeman/puppet-pulpcore/tree/7.1.0) (2022-12-13)

[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/7.0.1...7.1.0)

**Implemented enhancements:**

- Remove unused CONTENT\_HOST setting [\#271](https://github.com/theforeman/puppet-pulpcore/pull/271) ([ekohl](https://github.com/ekohl))
- Expose Apache server aliases as a parameter [\#269](https://github.com/theforeman/puppet-pulpcore/pull/269) ([ekohl](https://github.com/ekohl))

**Fixed bugs:**

- Fix broken links in `README.md` [\#273](https://github.com/theforeman/puppet-pulpcore/pull/273) ([alexjfisher](https://github.com/alexjfisher))

## [7.0.1](https://github.com/theforeman/puppet-pulpcore/tree/7.0.1) (2022-11-02)

[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/7.0.0...7.0.1)
Expand Down
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ Pulpcore doesn't mandate a specific layout so this module creates and manages th

As part of the installation, it creates a user (default `pulp`) and group (default `pulp`). This user gets a home directory (default `/var/lib/pulp`). There is also a config dir (default `/etc/pulp`) under which a `settings.py` file is created.

The media root (default `/var/lib/pulp/media`) refers to the [MEDIA_ROOT setting](https://docs.djangoproject.com/en/2.2/ref/settings/#media-root). In Pulp this should not be served by Apache. Instead of [MEDIA_URL](https://docs.djangoproject.com/en/2.2/ref/settings/#media-url) Pulp has a dedicated `pulpcore-content` service which can also perform permission checks. Only the Pulp services need to read the files so directory permissions are set to `0750`. Note this default differs from [Pulp's default](https://docs.pulpproject.org/settings.html#media-root). A subdirectory of the home directory allows a stricter lockdown and avoids any risk of uploading media files into the wrong directory.
The media root (default `/var/lib/pulp/media`) refers to the [MEDIA_ROOT setting](https://docs.djangoproject.com/en/2.2/ref/settings/#media-root). In Pulp this should not be served by Apache. Instead of [MEDIA_URL](https://docs.djangoproject.com/en/2.2/ref/settings/#media-url) Pulp has a dedicated `pulpcore-content` service which can also perform permission checks. Only the Pulp services need to read the files so directory permissions are set to `0750`. Note this default differs from [Pulp's default](https://docs.pulpproject.org/pulpcore/configuration/settings.html#media-root). A subdirectory of the home directory allows a stricter lockdown and avoids any risk of uploading media files into the wrong directory.

There are also the [STATIC_ROOT](https://docs.djangoproject.com/en/2.2/ref/settings/#std:setting-STATIC_ROOT) and [STATIC_URL](https://docs.djangoproject.com/en/2.2/ref/settings/#static-url) settings. These serve the static assets used by Pulp. This includes CSS and Javascript for the HTML pages. They're not needed for the application to function, but make browsing the API more convenient.

These is also the `cache_dir` which is used to configure [WORKING_DIRECTORY](https://docs.pulpproject.org/settings.html#working-directory) and [FILE_UPLOAD_TEMP_DIR](https://docs.djangoproject.com/en/2.2/ref/settings/#file-upload-temp-dir). This defaults to `/var/lib/pulp/tmp`. It is strongly recommended that this is on the same filesystem as `MEDIA_ROOT`.
These is also the `cache_dir` which is used to configure [WORKING_DIRECTORY](https://docs.pulpproject.org/pulpcore/configuration/settings.html#working-directory) and [FILE_UPLOAD_TEMP_DIR](https://docs.djangoproject.com/en/2.2/ref/settings/#file-upload-temp-dir). This defaults to `/var/lib/pulp/tmp`. It is strongly recommended that this is on the same filesystem as `MEDIA_ROOT`.

Apache is configured to use an empty directory as docroot (`$apache_docroot`, default `/var/lib/pulp/pulpcore_static`). Doing so prevents Apache from bypassing the Pulp content app. When Apache is not managed, this directory is not managed.

Expand Down
2 changes: 2 additions & 0 deletions manifests/apache.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@
include apache::mod::headers
apache::vhost { $http_vhost_name:
servername => $pulpcore::servername,
serveraliases => $pulpcore::serveraliases,
port => $http_port,
priority => $vhost_priority,
docroot => $pulpcore::apache_docroot,
Expand Down Expand Up @@ -111,6 +112,7 @@
include apache::mod::headers
apache::vhost { $https_vhost_name:
servername => $pulpcore::servername,
serveraliases => $pulpcore::serveraliases,
port => $https_port,
ssl => true,
priority => $vhost_priority,
Expand Down
4 changes: 4 additions & 0 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,9 @@
# @param servername
# Server name of the VirtualHost in the webserver
#
# @param serveraliases
# Server aliases of the VirtualHost in the webserver
#
# @param remote_user_environ_name
# Django remote user environment variable
#
Expand Down Expand Up @@ -217,6 +220,7 @@
String $django_secret_key = extlib::cache_data('pulpcore_cache_data', 'secret_key', extlib::random_password(50)),
Integer[0] $redis_db = 8,
Stdlib::Fqdn $servername = $facts['networking']['fqdn'],
Array[Stdlib::Fqdn] $serveraliases = [],
Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports'],
Array[Stdlib::Absolutepath] $allowed_export_path = [],
Pulpcore::ChecksumTypes $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'],
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "theforeman-pulpcore",
"version": "7.0.1",
"version": "7.1.0",
"author": "theforeman",
"summary": "Installs next generation Pulp server",
"license": "GPL-3.0-or-later",
Expand Down
4 changes: 3 additions & 1 deletion spec/classes/pulpcore_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@
it 'configures apache' do
is_expected.to contain_class('pulpcore::apache')
is_expected.to contain_apache__vhost('pulpcore')
is_expected.not_to contain_apache__vhost__fragment('pulpcore-http-pulpcore')
.with_serveraliases([])
.with_directories([
{
'provider' => 'Directory',
Expand All @@ -100,7 +100,9 @@
],
},
])
is_expected.not_to contain_apache__vhost__fragment('pulpcore-http-pulpcore')
is_expected.to contain_apache__vhost('pulpcore-https')
.with_serveraliases([])
.with_directories([
{
'path' => '/var/lib/pulp/pulpcore_static',
Expand Down
1 change: 0 additions & 1 deletion templates/settings.py.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
TELEMETRY = <%= scope.call_function('to_python', [scope['pulpcore::telemetry']]) %>
<% end -%>

CONTENT_HOST = "<%= scope['pulpcore::servername'] %>"
CONTENT_ORIGIN = "https://<%= scope['pulpcore::servername'] %>"
SECRET_KEY = "<%= scope['pulpcore::django_secret_key'] %>"
DATABASES = {
Expand Down