========================= Pulp 2.6 Release Notes ========================= Pulp 2.6.5 ========== * Pulp now connects to Qpid with the ANONYMOUS SASL authentication mechanism by default. This aligns with Qpid's default behavior. * A new setting named ``login_method`` has been added to the ``[tasks]`` section of server.conf. See server.conf docs for more details. Bug Fixes --------- This is a minor release which contains bug fixes for :fixedbugs_pulp:`these issues <2.6.5>`. Pulp 2.6.4 ========== Pulp 2.6.4 is an important security update. It fixes :fixedbugs_pulp:`one issue <2.6.4>`. A security flaw (CVE-2015-5263) was discovered in Pulp's consumer management system. When the pulp-consumer CLI is used to register to the Pulp server, it downloads a public key from the Pulp server and stores it locally. Later when the Pulp server sends messages to the client via a message broker to instruct it to perform commands, it will use the corresponding private key to sign the messages. The client checks the signatures before executing the instructions to ensure that the messages came from the Pulp server and not from an attacker. Versions of pulp-consumer-client between 2.4.0 and 2.6.3 do not check the server's TLS certificate signatures when retrieving the server's public key upon registration: https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103 This allows a man in the middle to inject their own message signing key and to then perform administrative actions on the machine, if they are able to send messages through the message broker. Austin Macdonald fixed this issue in this commit by using our pulp.bindings library as the rest of our CLI does: https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754 Users who do not use pulp-consumer are not affected by this issue. Thanks to Austin Macdonald for writing the fix, to Dennis Kliban for making our beta and release build, and to Preethi Thomas for testing our releases! Pulp 2.6.3 ========== Pulp 2.6.3 is released with packages for Fedora 22 and Fedora 21. Support for Fedora 20 has been dropped. Please see the `Fedora lifecycle `_ for more detail. Bug Fixes --------- This is a minor release which contains bug fixes for :fixedbugs_pulp:`these issues <2.6.3>`. Pulp 2.6.2 ========== Bug Fixes --------- This is a minor release which contains bug fixes for :fixedbugs_pulp:`these issues <2.6.2>`. Pulp 2.6.1 ========== Bug Fixes --------- This is a minor release which contains bug fixes for :fixedbugs_pulp:`these issues <2.6.1>`. Improvements ------------ - Pulp has been fully tested in a clustered configuration. A new section of documentation titled :ref:`Clustering Pulp ` is available with more detail on configuring this type of Pulp deployment. - One area of improvement relates to upgrades. Starting with 2.6.1, Pulp processes `pulp_workers`, `pulp_celerybeat`, and `pulp_resource_manager` are stopped on upgrade or removal of the `pulp-server` package. After upgrading, you must restart all Pulp related services. Pulp 2.6.0 =========== New Features ------------ - Pulp now supports `RabbitMQ`_ as its task message broker. See the inline comments in ``/etc/pulp/server.conf`` for instruction on configuring Pulp to use RabbitMQ. - Pulp now allows user credentials to be read from user's ``~/.pulp/admin.conf``. This should allow pulp-admin to be automated more easily and more securely. Please see our :ref:`authentication` documentation for details. - Pulp no longer requires additional configuration of Qpid after installation. It now works with the ANONYMOUS authentication mechanism. Users can still use a username/password however if they set up a SASL database as described in the installation document. - Additional status information is available via the status API. More information is available in the :ref:`status API document `. .. _RabbitMQ: https://www.rabbitmq.com/ Deprecation ----------- * The ``cancel_publish_repo`` method provided by the ``Distributor`` base plugin class is deprecated and will be removed in a future release. Read more about the :ref:`plugin cancellation changes `. * The ``cancel_publish_group`` method provided by the ``GroupDistributor`` base plugin class is deprecated and will be removed in a future release. Read more about the :ref:`plugin cancellation changes `. * The ``cancel_sync_repo`` method provided by the ``Importer`` base plugin class is deprecated and will be removed in a future release. Read more about the :ref:`plugin cancellation changes `. * The ``api_version`` field that is returned by the ``/status`` API is deprecated and will be removed in a future release. * The python-gofer-amqplib package was discontinued in gofer 2.4. Installations must replace python-gofer-amqplib with python-gofer-amqp if installed. .. _2.5.x_upgrade_to_2.6.0: Upgrade Instructions for 2.5.x --> 2.6.0 ----------------------------------------- Prior to upgrading, all tasks must be stopped. One way to accomplish this is to stop all `pulp_workers`, `pulp_celerybeat`, and `pulp_resource_manager` processes and then list the current tasks using: :: pulp-admin tasks list Any task that is in the "Running" or "Waiting" state should be canceled by its using: :: pulp-admin tasks cancel --task-id After all tasks have been canceled upgrade the packages using: :: sudo yum update After yum completes you should migrate the database using: :: sudo -u apache pulp-manage-db After the database migrations finish, restart `httpd`, `pulp_workers`, `pulp_celerybeat`, and `pulp_resource_manager`. Bugs ---- This release has fixes for :fixedbugs_pulp:`these issues <2.6.0>`. Known Issues ------------ * An issue in the pulp (gofer) agent plugin *can* cause in-progress RMI requests to be discarded when `goferd` is restarted. Should this occur, an entry is written to the system log on the consumer. On the Pulp server, the associated task will appear to never complete. This has been fixed in Pulp 2.6.1. * Version 2.5 of the python-gofer-amqp messaging adapter, which is used to support RabbitMQ, contains a regression. It pertains to the reconnect logic. Depending on how a connection error manifests itself, it *can* result in a traceback during reconnect. Should this occur, The logged traceback would contain: `RuntimeError: maximum recursion depth exceeded`. This issue has already been fixed in Gofer upstream and will be included with Pulp 2.6.1. Client Changes -------------- Agent Changes ------------- Rest API Changes ---------------- * A new `Task Report` attribute named `worker_name` is introduced that holds the name of the worker a task is associated with. Previously the worker name was stored in a `Task Report` attribute named `queue`. The `queue` attribute now correctly records the queue a task is put in. The `queue` attribute is deprecated and will be removed from the `Task Report` in a future Pulp version. * The URL for the content catalog entries ``/v2/content/catalog/`` is missing the trailing '/' and has been deprecated. Support for the URL ``/v2/content/catalog//`` has been added. * A new API call is added to search profile attributes for all consumer profiles using the Search API. ``/pulp/api/v2/consumers/profile/search/``. With this API call all the unit profiles can be retrieved at one time instead of querying each consumer through ``/v2/consumers//profiles/``. It is also possible to query for a single package across all consumers. Binding API Changes ------------------- Plugin API Changes ------------------ .. _plugin_cancel_now_exits_behavior_change: **Plugin Cancellation Changes** Cancel now exits immediately by default. The ``cancel_publish_repo``, ``cancel_publish_group``, and ``cancel_sync_repo`` methods provided by the ``Distributor``, ``GroupDistributor``, and ``Importer`` base plugin classes now provide a behavior that exits immediately by default. Previously these methods raised a NotImplementedError() which required plugin authors to provide an implementation for these methods. These methods will be removed in a future version of Pulp, and all plugins will be required to adopt the exit-immediately behavior. A cancel can occur at any time, which mean that in a future version of Pulp any part of plugin code can have its execution interrupted at any time. For this reason, the following recommendations should be adopted by plugin authors going forward in preparation for this future change: * Group together multiple database calls that need to occur together for database consistency. * Do not use subprocess. If your plugin code process gets cancelled it could leave orphaned processes. * Assume that plugin code which is supposed to run later may not run. * Assume that the previous executions of plugin code may not have run to completion. Thank You --------- Thank you to all of Pulp's contributors, especially these new ones! - Adam D. - Andrea Giardini - Andreas Schieb - Ina Panova - Michael Moll - Patrick Creech - Vijaykumar Jain