Skip to content

Commit d463fed

Browse files
committed
updated docs, added gpg checks, simplified filters
1 parent 8f438b1 commit d463fed

File tree

10 files changed

+60
-27
lines changed

10 files changed

+60
-27
lines changed

ansible/adhoc/deploy-pulp.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
- name: Install pulp on server
44
become: yes
5-
hosts: pulp_server # TODO: add this to common/groups
5+
hosts: pulp_server
66
tasks:
77
- name: Install pulp
88
ansible.builtin.include_role:

ansible/roles/dnf_repos/tasks/disable_repos.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
file: epel
1515
description: "{{ dnf_repos_epel_description }}"
1616
baseurl: "{{ dnf_repos_epel_baseurl }}"
17-
gpgcheck: false
17+
gpgcheck: true
1818
enabled: false
1919

2020
- name: Get all repo files

ansible/roles/dnf_repos/tasks/set_repos.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
description: "{{ repo_name }}"
99
username: "{{ dnf_repos_username }}"
1010
password: "{{ dnf_repos_password }}"
11-
gpgcheck: false
11+
gpgcheck: true
1212
loop: "{{ dnf_repos_no_epel | dict2items }}"
1313
loop_control:
1414
label: "{{ repo_name }}[{{ repo_os }}]: {{ repo_values }}"
@@ -31,7 +31,7 @@
3131
description: "{{ repo_name }}"
3232
username: "{{ dnf_repos_username }}"
3333
password: "{{ dnf_repos_password }}"
34-
gpgcheck: false # TODO: is this really false here and above??
34+
gpgcheck: true
3535
loop: "{{ dnf_repos_default_epel | dict2items }}"
3636
loop_control:
3737
label: "{{ repo_name }}[{{ repo_os }}]: {{ repo_values }}"

ansible/roles/pulp_site/defaults/main.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
11
pulp_site_url: "{{ appliances_pulp_url }}"
22
pulp_site_port: 8080
33
pulp_site_username: admin # shouldn't be changed
4-
pulp_site_password: "{{ vault_pulp_admin_password }}" #todo make more obvious this is different from the password needed for ark (pulp_site_upstream_password)
4+
pulp_site_password: "{{ vault_pulp_admin_password }}"
5+
# See environments/common/inventory/groups_vars/all/pulp.yml
6+
# pulp_site_upstream_username:
7+
# pulp_site_upstream_password:
58
pulp_site_upstream_content_url: https://ark.stackhpc.com/pulp/content
69
pulp_site_default_upstream_suffix: "{{ pulp_site_target_arch }}/os"
710
pulp_site_validate_certs: false

ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,8 @@ def filters(self):
99

1010
def select_repos(self, dnf_repos, target_distro_ver): #TODO: why does baseos get a major and minor version?
1111
""" Filter dnf_repos to only those for a relevant distribution version (M.m or M). Returns a list of dicts.
12-
TODO: note this adds distro_ver and pulp_repo_name as a key
12+
Also adds pulp_repo_name field to give the repository a unique name in Pulp to be referenced by subsequent
13+
filters
1314
"""
1415

1516
target_distro_ver_major = target_distro_ver.split('.')[0]
@@ -24,35 +25,39 @@ def select_repos(self, dnf_repos, target_distro_ver): #TODO: why does baseos get
2425
else:
2526
raise ValueError(f'No key matching {target_distro_ver_major} or {target_distro_ver} found in f{repokey}')
2627
repo_data = dnf_repos[repokey][selected_ver]
27-
repo_data['distro_ver'] = selected_ver
28-
repo_data['pulp_repo_name'] = repokey
28+
repo_data['pulp_repo_name'] = f"{repokey}-{selected_ver}-{dnf_repos[repokey][selected_ver]['pulp_timestamp']}"
2929
rpm_repos.append(repo_data)
3030
return rpm_repos
3131

3232
def to_rpm_repos(self, rpm_info, content_url, repo_defaults):
33-
""" TODO """
33+
""" Filter repo object list given by select_repos into dict required by the pulp_repository_rpm_repos variable
34+
from stackhpc.pulp.pulp_repository role
35+
"""
3436
rpm_repos = []
3537
for repo_data in rpm_info:
3638
rpm_data = repo_defaults.copy() # NB: this changes behaviour vs before, so now defaults can correctly be overriden
37-
rpm_data['name'] = get_repo_name(repo_data)
39+
rpm_data['name'] = repo_data['pulp_repo_name']
3840
rpm_data['url'] = '/'.join([content_url, repo_data['pulp_path'], repo_data['pulp_timestamp']])
3941
rpm_data['state'] = 'present'
4042
rpm_repos.append(rpm_data)
4143
return rpm_repos
4244

4345
def to_rpm_pubs(self, list):
46+
""" Filter repo object list given by select_repos into dict required by the pulp_publication_rpm variable
47+
from stackhpc.pulp.pulp_publication role
48+
"""
4449
pub_list = map(lambda x: {
45-
'repository': get_repo_name(x),
50+
'repository': x['pulp_repo_name'],
4651
'state': 'present' }, list)
4752
return pub_list
4853

4954
def to_rpm_distros(self, list):
55+
""" Filter repo object list given by select_repos into dict required by the pulp_distirubtion_rpm variable
56+
from stackhpc.pulp.pulp_distribution role
57+
"""
5058
distro_list = map(lambda x: {
5159
'name': x['pulp_repo_name'],
52-
'repository': get_repo_name(x),
60+
'repository': x['pulp_repo_name'],
5361
'base_path': '/'.join([x['pulp_path'],x['pulp_timestamp']]),
5462
'state': 'present' }, list)
5563
return distro_list
56-
57-
def get_repo_name(dnf_repos_data):
58-
return f"{dnf_repos_data['pulp_repo_name']}-{dnf_repos_data['distro_ver']}-{dnf_repos_data['pulp_timestamp']}"

docs/experimental/pulp.md

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,17 @@ In order to ensure reproducible builds, the appliance can build images using rep
55
## Deploying/configuring Pulp Server
66

77
### Deploying a Pulp server
8-
A playbook is provided to install and configure a Pulp server on a given host. Admin credentials for this server are automatically generated through the `ansible/adhoc/generate-passwords.yml` playbook. To use this, create an inventory file defining a group `pulp_server` containing a single host. The hostvar `ansible_host` should be defined, giving the IP address Ansible should use for ssh.
8+
A playbook is provided to install and configure a Pulp server on a given host. Admin credentials for this server are automatically generated through the `ansible/adhoc/generate-passwords.yml` playbook. To use this, create an inventory file defining a group `pulp_server` containing a single host, which requires at least 2 vCPUs and 4GB RAM. Deploying and syncing Pulp has been tested on an RL9 host. The hostvar `ansible_host` should be defined, giving the IP address Ansible should use for ssh. For example:
99

10-
**TODO: should be RL9 (or RL8?)**
11-
**TODO: add size required (2 vCPUs, 4GB RAM)**
12-
**TODO: example inventory file**
10+
```
11+
[pulp_server]
12+
pulp_host ansible_host=<VM-ip-address> # Note the host name can't conflict with group names i.e can't be called `pulp` or `pulp_server`
13+
```
1314

1415
Once complete, it will print a message giving a value to set for `appliances_pulp_url`, assuming the `ansible_host` address is also the address the cluster
1516
should use to reach the Pulp server.
1617

17-
**TODO: example config**
18-
19-
Note access to this server's content isn't authenticated so this assumes the `pulp_server` host is not externall reachable.
18+
Note access to this server's content isn't authenticated so this assumes the `pulp_server` host is not externally reachable.
2019

2120
**TODO: You can actually do this using additional_nodes now, how would we make the pulp store persistant?**
2221
**TODO: don't advise that, we want single server for all environments**
@@ -29,4 +28,12 @@ An existing Pulp server can be used to host Ark repos by overriding `pulp_site_p
2928

3029
If the `pulp` group is added to the Packer build groups, the local Pulp server will be synced with Ark on build. You must authenticate with Ark by overriding `pulp_site_upstream_username` and `pulp_site_upstream_password` with your vault encrypted Ark dev credentials. `dnf_repos_username` and `dnf_repos_password` must remain unset to access content from the local Pulp.
3130

32-
Content can also be synced by running `ansible/adhoc/sync-pulp.yml`. By default this syncs repositories for Rocky 9.5 <TODO: is this correct?> but this can be overridden by setting extra variables for `pulp_site_target_arch`, `pulp_site_target_distribution`, `pulp_site_target_distribution_version` and `pulp_site_target_distribution_version_major`.
31+
Content can also be synced by running `ansible/adhoc/sync-pulp.yml`. By default this syncs repositories for the latest version of Rocky supported by the appliance but this can be overridden by setting extra variables for `pulp_site_target_arch`, `pulp_site_target_distribution` and `pulp_site_target_distribution_version`.
32+
33+
## Example config in site variables
34+
35+
```
36+
appliances_pulp_url: "http://<pulp-host-ip>:8080"
37+
pulp_site_upstream_username: <Ark-username>
38+
pulp_site_upstream_password: <Ark-password>
39+
```

environments/common/files/grafana/grafana.repo.j2

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{{ ansible_managed | comment }}
22
[grafana]
3-
baseurl = {{ appliances_pulp_url }}/pulp/content/{{ appliances_pulp_repos.grafana[ansible_distribution_major_version] | appliances_repo_to_subpath }}
3+
baseurl = {{ appliances_pulp_url }}/pulp/content/{{ dnf_repos_all['grafana'][ansible_distribution_version_major]['pulp_path'] }}/{{ dnf_repos_all['grafana'][ansible_distribution_major_version]['pulp_timestamp'] }}
44
enabled = 0
55
name = grafana
66
async = 1
Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
1-
dnf_repos_all: "{{ dnf_repos_no_epel | combine(dnf_repos_default_epel) }}" #see timestamps.yml
1+
dnf_repos_all: "{{ dnf_repos_no_epel | combine(dnf_repos_default_epel) }}"
22
dnf_repos_no_epel: |
33
{{ dnf_repos_default['base']
44
| combine(dnf_repos_default['ohpc'] if (openhpc_install_type | default('ohpc')) == 'ohpc' else {})
55
| combine(dnf_repos_extra) }}
66
dnf_repos_default_epel: "{{ dnf_repos_default['epel'] }}"
7-
dnf_repos_extra: {}
7+
8+
# see timestamps.yml for dnf_repos_default definition, default repos should be in format
89
# dnf_repos_default:
910
# base: # top level keys for internal indexing only, see `dnf_repos_all` and `dnf_repos_no_epel`
1011
# appstream: # yum_repository:name
@@ -14,4 +15,11 @@ dnf_repos_extra: {}
1415
# pulp_path: rocky/8.10/AppStream/x86_64/os
1516
# pulp_timestamp: 20250614T013846
1617
# # pulp_content_url: # optional, dnf_repos_pulp_content_url
17-
# pulp_repo_name: appstream # pulp repository name
18+
# pulp_repo_name: appstream # pulp repository name
19+
20+
# Should be in same format as dnf_repos_default, except without the top level indexing keys e.g
21+
# dnf_repos_extra:
22+
# appstream:
23+
# 8.10:
24+
# ...
25+
dnf_repos_extra: {}

environments/common/inventory/groups

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -213,4 +213,8 @@ extra_packages
213213
# Hosts to configure for node health checks - either entire 'compute' group or empty
214214

215215
[pulp_server]
216+
# Host to deploy a Pulp server on and sync with mirrors of upstream Ark repositories. Should be a group containing a single VM provisioned
217+
# separately from the appliance. e.g
218+
# pulp_host ansible_host=<VM-ip-address>
219+
# Note the host name can't conflict with group names i.e can't be called `pulp` or `pulp_server`
216220

environments/site/inventory/groups

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,3 +157,9 @@ compute
157157
# Should be set to `compute` if enabled
158158
# Note that this feature currently assumes all compute nodes are VMs, enabling
159159
# when the cluster contains baremetal compute nodes may lead to unexpected scheduling behaviour
160+
161+
[pulp_server]
162+
# Host to deploy a Pulp server on and sync with mirrors of upstream Ark repositories. Should be a group containing a single VM provisioned
163+
# separately from the appliance. e.g
164+
# pulp_host ansible_host=<VM-ip-address>
165+
# Note the host name can't conflict with group names i.e can't be called `pulp` or `pulp_server`

0 commit comments

Comments
 (0)