Changelog

3.15.2+1 (2021-09-10)

Misc

Devel

  • Run pulp_installer collection on pulplift #9371

3.15.2 (2021-09-02)

Misc


3.15.1 (2021-08-31)

No significant changes.


3.15.0 (2021-08-26)

Features

  • Added support for Python 3.8 as needed by pulpcore 3.15. #9127
  • Updated minimum supported version of Debian to 11 (Bullseye). Debian 10 does not provide Python 3.8+ which is needed for pulpcore 3.15 and Django 3.2. #9136

Bugfixes

  • Generate DB fields encryption key before migrations #9200
  • Update pulpcore-selinux policies to 1.2.5. Adds support for Type=notify systemd Services (#9271). Hides a harmless SELinux denial from the audit logs when accessing /etc/httpd/mime.types on some systems like EL7 without mailcap installed. #9272

Deprecations and Removals

  • Removed support for Debian 10 due to lack of Python 3.8+ in that distribution. #9136
  • pulp_db_fields_key_remote is no longer available #9200

3.14.5 (2021-08-24)

Features

  • Have systemd manage the pulpcore-api and pulpcore-content services as type=notify rather than type=simple. This means systemd will better understand whether the service is up and running before it lists it as "running". #9271

3.14.4 (2021-08-12)

Features

  • Add configuration needed for Galaxy api access log #9177

3.14.3-1 (2021-08-04)

Bugfixes

  • Fix occasional failures on the tasks pulp-webserver: Symlink Apache snippets & pulp-webserver: Symlink nginx snippets. #9139
  • Fix the "markuppy" pkg_resources.DistributionNotFound error on the task pulp_common : Collect static content. This occurs when installing from RPM packages on EL8 (ever since EPEL8 released python-tablib-3.0.0-1.el8 on approximately 2021-07-23). #9166

Devel

  • Ensure the requirements.in points to proper value fo the plugin when git_url is specified. Given this is run before the plugins is actually clone, source_dir repo is not yet available at that stage. #9141

3.14.3 (2021-07-23)

No significant changes.


3.14.2-1 (2021-07-21)

Bugfixes

  • Add ipv6 check for roles/pulp_webserver/templates/nginx.conf.j2 redirect rule using ansible facts #9089
  • Fixed the pre-flight check accidentally producing an error (and accidentally enforcing) on EL7 when not installing pulp-rpm. This bug was introduced in 3.11.0. #9093
  • Fixed the pre-flight check not being run when pulp-rpm is being installed, and prereq_role isn't explicitly specified. #9095
  • Fix pulp_database being incompatible with RHEL7 (since 3.11.0) by enabling the RHEL7 SCL repo on it. Introduces the new variable rhel7_scl_repo. #9114

3.14.2 (2021-07-13)

Bugfixes

  • Fix failure on task pulp_api : Check for existing Pulp Database Encryption Key when connecting to the ansible-managed system as a user account other than root. #9004

Misc


3.14.1 (2021-07-08)

No significant changes.


3.14.0 (2021-07-01)

Features

  • Add git repo and revision to pulcore and plugin installer. #6547
  • Create or import a key for pulp-api to use when encrypting sensitive db fields. Introduces new variables pulp_db_fields & pulp_db_fields_key_remote. #8704

Bugfixes

  • Enable installing in FIPS mode whenever installing from RPM packages (pulp_install_source == "packages"), which may be patched for FIPS mode. #8834
  • Ensure we clean the static folder before running collectstatic. This prevents some upgrade issues. #8872
  • Fix installation of molecule on python 2 by limiting the python 2 version of ruamel.yaml.clib to 0.2.2. #8977

Deprecations and Removals

  • Remove the deprecated variable pulp_install_api_service. (It was previously stated to be removed in #7005, but was actually deprecated.) #8871

Devel

  • When CI runs for a tag (release), only run pip release and package tests, not source (devel) tests. #6550
  • Fix upgrade CI tests failing on Debian 10 & CentOS 8 during verification by upgrading systemd. #8887

3.13.0 (2021-05-26)

Features

  • Adding support to Fedora 34 #8688

Bugfixes

  • Append missing slash to the token_server path. #8763

Improved Documentation

  • Provide a much better explanation of customizing your installation, and how to use variables, in the new documentation section "Customizing Your Pulp Deployment". #8552

Devel

  • Adding release script #7961

3.12.2 (2021-04-30)

Bugfixes

  • On some environments we need to escalate privilege for Enumerate default system PATH. #8186
  • Only listen IPv6 when it is configured on the managed host #8536

Improved Documentation

  • Add more details to & update the "System Requirements" section of the docs. #8551

3.12.1 (2021-04-21)

Bugfixes

  • Fixed a bug where workers did not scale down. #8490
  • Replace yum pulpcore repository base url from https://fedorapeople.org/groups/katello/releases/yum/nightly/pulpcore/ to https://yum.theforeman.org/pulpcore/ #8586

Improved Documentation

  • Add workaround to install redis correctly #7773
  • Add hardware requirement link to docs. General doc cleanup. #8477

3.12 (2021-04-09)

Features

  • Vagrant environment: Created a pair of Pulp 2 / Pulp 3 FIPS boxes, pulp2-nightly-pulp3-source-fips-a (Pulp 3 FIPS VM) & pulp2-nightly-pulp3-source-fips-b (Pulp 2 FIPS container that runs on top of the "a" VM.) #8097
  • Allow specifying file upload limit #8212
  • Install object storage support (azure/s3) #8446
  • Introduce advanced variable: pulp_service_timeout #8498

Bugfixes

  • Avoid using shared variables from pulp_database role #8519

Devel

  • Configure pulp-cli at devel role #8416
  • Adding required collections to requirement.yml #8443

3.11.0 (2021-03-16)

Features

  • The pulp_content_workers option can be used to adjust the number of Gunicorn worker processes handling content app requests. #8267
  • Adding ansible 3 support #8365

Bugfixes

  • Fix Pulp clients experience "connection timed out" on very slow machines, such as Qemu emulated machines, by raising the the Pulp server's gunicorn worker timeout to 90 seconds. #8228
  • Fix pulp_installer, on SELinux-enabled systems, not being idemopotent and always restoring SELinux contexts. #8281

Improved Documentation

  • Adds documentation to pulplift.md on how to configure a Vagrant box on an HDD. #8285

Deprecations and Removals

  • Require postgreSQL >= 10 due to FIPS Upgrade postgreSQL 9.6 to postgreSQL 10 on CentOS 7 #8154
  • FIPS support is removed due to Django (a dependency of Pulp) not being FIPS compatible. #8258
  • Removing ansible 2.8 support #8365

Misc

Devel

  • Re-implement FIPS CI and enable future SELinux CI by using Qemu Emulation on Github Actions. #7884
  • Fix compatibility with ansible-lint 5.0.0 by having it not check requirements.yml under the molecule directories. #8234
  • The dev role patches Django to allow continued FIPS compatibility development within Pulp in preparation for Django to add FIPS support at some point. #8258

3.10.0 (2021-02-04)

Features

  • Added support for upgrading to pulpcore 3.10.

The installer moves an existing 'artifact' directory inside the MEDIA_ROOT path. #8011

Misc


3.9.1-1 (2021-01-27)

Features

  • Install the Linux distro's gpg binary command for the new SigningService functionality in pulpcore. #8163

Bugfixes

  • Fix the installer (versioned 3.9.1-x) still installing pulpcore 3.9.0 instead of 3.9.1. #8158

3.9.1 (2021-01-21)

Features

  • Add support for Fedora 33. #7800
  • Introduce the new variable pulp_firewalld_zone so that users can manually specify the firewalld zone to open up to Pulp traffic. #8107

Bugfixes

  • When upgrading from distro packages (pulp_install_source==packages & pulp_pkg_upgrade_all==true), pulp_installer will now configure dnf (CentOS/RHEL 8) to permit upgrading them to newer versions that are not necessarily the latest (dnf option best=false). This addresses the issue of python3-rq from EPEL8 being too new for Pulp, and thus upgrades failing with a depsolve error on the task "pulp_common : Upgrade all existing installed Pulp packages". #8042

3.9.0-1 (2020-12-17)

Bugfixes

  • Fixed inability to install on CentOS 8.3 or CentOS Stream due to the newly renamed "powertools" repo (formerly "PowerTools") not being enabled by the installer. #7996

Misc


3.9.0 (2020-12-07)

Features

  • Updated gunicorn access log format to include correlation id in the pulpcore api service file. #7792

Bugfixes

  • Fixed apache config to handle unix sockets. #7524

Improved Documentation

  • Added documentation how to use the pulplift vagrant facilities. #7878

Misc


3.8.1-1 (2020-11-09)

Bugfixes

  • Fixed Ansible error with loop variables when deploying webserver configuration snippets to apache. #7746
  • Fix SELinux denials on symlinking by the galaxy_ng content plugin by updating pulpcore-selinux (SELinux policies) to 1.2.3. #7780

Improved Documentation

  • Configured content_origin' to properly choose betweenhttpandhttps` in the example playbooks as well as the vagrant playbooks. #7798

Misc


3.8.1 (2020-11-02)

Features

  • Added a pulpcore-manager wrapper to setup the environment and call the real pulpcore-admin command as pulp user. #7155
  • Migrated Vagrant infrastructure from pulplift to this repository. #7527

Bugfixes

  • Added become and proper condition to SELinux handlers. This fixes an issue with installations that are not run as root. #7736

Misc


3.8.0 (2020-10-21)

Features

  • Compile and install the pulpcore-selinux policy on CentOS/RHEL/Fedora. #7574
  • When installing from distro packages (pulp_install_source==packages), from a repo (pulp_pkg_repo), and upgrading them (pulp_pkg_upgrade_all==true), pulp_installer will now upgrade all the packages from the repo. This addresses any incorrect dependency declarations in the repo, which would cause pulp_installer to fail on collectstatic. #7646
  • Allow one to customize webserver ports pulp will be listening on via pulp_webserver_http_port (defaults to 80) and pulp_webserver_https_port (defaults to 443). #7662
  • Start rq & gunicorn from the bash wrapper scripts provided by newer pulpcore 3.7 RPM packages, /usr/libexec/pulpcore/{rq,gunicorn}. These scripts enable pulp processes to transitioning to the Pulp SELinux context, rather than the generic rq/gunicorn context. #7667

Deprecations and Removals

  • pulp_installer will no longer set SELinux to enabled, permissive and enforcing (casually referred to as "disabled") on CentOS/RHEL/Fedora. #7573
  • pulp_installer no longer supports installing from older RPM packages that lack the wrapper scripts /usr/libexec/pulpcore/{rq,gunicorn}. #7667

Misc


3.7.5 (2021-04-12)

No significant changes.


3.7.4 (2021-03-16)

Features

  • Install the Linux distro's gpg binary command for the new SigningService functionality in pulpcore. #8406

Bugfixes

  • Fixed inability to install on CentOS 8.3 or CentOS Stream due to the newly renamed "powertools" repo (formerly "PowerTools") not being enabled by the installer. #8407

3.7.3 (2020-10-29)

Bugfixes

  • Backport of a bug fix to import EPEL GPG keys before using EPEL. This is needed due to a recent change in ansible. #7769

3.7.2 (2020-10-21)

No significant changes.


3.7.1 (2020-09-30)

Bugfixes

  • Fixed Apache config bug that prevented Pulp 2 API from being accessible. #7481

3.7.0 (2020-09-23)

Features

  • Install patched dependencies that are modified for FIPS compatibility on Red Hat based operating systems. Additionally remove md5 from the ALLOWED_CONTENT_CHECKSUMS setting. Users can override the ALLOWED_CONTENT_CHECKSUMS if a new value is provided. #6988

Bugfixes

  • Changed the mechanism to only set the admin password on first installation. Removed the depedency of pulp_health_check on the variable pulp_default_admin_password. #7499

Devel

  • pulp_devel role now installs distro-specific packages in parallel, for better performance when run against hosts running multiple distros (like our molecule CI). #7516
  • pulp_installer's CI/molecule "packages mode" tests now test a new Foreman/Katello project URL for RPM packages. Has pulpcore 3.6 rather than 3.4. #7517

3.6.3-1 (2020-09-15)

Bugfixes

  • Changed pulp users main group from 'users' to '{{ pulp_group }}'. #7173
  • Fix auth migrations being run for galaxy_ng. Due to code removal, the pulp_default_admin_password is now set whenever pulpcore is 1st installed, updated/upgraded, or when pulp_upgraded_manually==true. #7493
  • Fix upgrades from pulpcore 3.0 failing at collectstatic by upgrading dynaconf to at least 3.1.1rc2. #7503

Devel

  • Install pulp-rpm in the RPM package molecule / CI tests. (In addition to pulp-file.) #7455
  • Molecule & pulp_installer CI no longer update the CentOS 8 container to CentOS Stream. (They were doing it always, since 8.2 released by accident.) #7456
  • CI: Do not install dnf on CentOS 7. So as to actually test yum (yum 3), like most users use. #7473

3.6.2 (2020-09-02)

No significant changes.


3.6.1 (2020-09-02)

Bugfixes

  • Restart services after collect static #7366
  • Fixed bug where pulp_install_plugins source_dir vcs was being used when checking depdencies via pip-compile #7382

3.6.0-1 (2020-08-20)

Bugfixes

  • pulp_installer now uses ansible_facts namespaced vars instead of relying on INJECT_FACTS_AS_VARS=True <https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars>_. #7322
  • Assuring to restart only pulpcore services #7334
  • Fix template for pulp_health_check #7335
  • Accept unix socket on pulp_health_check #7349
  • Fix failure on task "pulp_common: Make /var/lib/pulp world executable" by creating the directory (and giving it owner user permissions as well). Occurs when specifying an existing user account as pulp_user but not having /var/lib/pulp (pulp_user_home) already present. pulplift would trigger this. #7359

Deprecations and Removals

  • The default location for Pulp Webserver's TLS certificates was changed from /etc/pulp to /etc/pulp/certs/ . Users that wish to continue using their current certificate and key must run sudo mv -t /etc/pulp/certs/ /etc/pulp/pulp_webserver.{key,crt} before upgrading / running the new pulp_installer version. Alternatively, users can control the directory with the variable pulp_certs_dir, which was renamed from pulp_webserver_tls_folder. pulp_certs_dir now also controls where the keys for API authentication tokens are installed as well. #7328

3.6.0 (2020-08-13)

Features

  • Allow an installer user to configure Pulp to run with TLS enabled using custom provided certificates. #6845
  • Misc webserver changes so that Let's Encrypt and other ACME protocol CAs can be used via 3rd-party ansible roles, primarily for HTTP-01 verification. See docs/letsencrypt.md for a full HTTP-01 example playbook and explanation. #6846
  • Allow an installer user to configure Pulp to run with TLS enabled using self-signed certificates. #6847
  • A key for token authentication is installed from either a specified file or a newly generated one. #7098
  • Enable resource accounting via systemd. #7192
  • Verify if Pulp Services are up & listening #7259

Bugfixes

  • Fix the tasks "Install pulpcore via PyPI" & "Install Pulp plugins via PyPI" always reporting CHANGED when pip 20.2 is installed. #7254
  • Fix services not starting due to pulp_installer putting the wrong path to binaries like gunicorn in systemd unit files. Only occured when installing in packages mode. #7255
  • Fix pulp_installer failing on the task "pulp_common: Add pulpcore RPM repositories" when installing in packages mode, and when ansible_user is not root. #7275
  • Fix pulp_installer failing on task "pulp_webserver : Set httpd_can_network_connect flag on and keep it persistent across reboots" on hosts with SELinux enabled (enforcing/permissive) by installing the SELinux python RPM dependencies. #7276

Deprecations and Removals

  • Remove the systemd sandboxing features from the pulpcore-api systemd unit file. This was preventing pulpcore-api from starting on containers running systemd (due to namespace capabilities), such as our molecule tests & CI. #6586
  • Installations will have https enabled by default. Users need to configure their CONTENT_ORIGIN accordingly. #6845

Misc

Devel

  • Fix molecule (CI or local) often failing to test more than 1 OS a time. #7263
  • Add verification that Pulp is running at the end of pulp_installer CI, via inspec. #7272

3.5.0 (2020-07-09)

Breaking Change

  • New list of Ansible roles to run - blog post

Features

  • Add the ability to install Pulp from Linux distro (RPM) packages. #6793
  • Let users specify an RPM repo containing Pulp. Introduces the new variable: pulp_pkg_repo #6794
  • Add variables so users can specify the names of each RPM package to install (pulp_pkg_pulpcore_name & pulp_install_plugins's pkg_name) or to just override the prefix (pulp_pkg_name_prefix). #6795
  • Merging the pulp_rpm_prerequisites role into pulp_installer #6799
  • Allow user to specify redis package and service name. #6895
  • Allow one to specify a pulp_ld_library_path when wanted #6913
  • Unify the use of pulp_content_bind and pulp_api_bind across all network facing role. this inherently allow one to rely on Unix Domain Socket (UDS) if wanted based on the deployment scenario. #6921
  • Allow Nginx to listen for both IPv4 and IPv6 connections. #6923
  • Allow a user to use Unix Domain Socket (UDS) for the redis server. #6931
  • Set httpd_can_network_connect SELinux boolean when needed. #6998
  • Provide a single "pulp_all_services" role that users can specify instead of the current role list, and refactor the underlying roles and their dependency tree. #7005
  • Split the pulp_database role into pulp_database (installs postgres database) and pulp_database_config (configures Pulp database) for the sake of proper design. pulp_database no longer depends on pulp_common, so it can now be run against a separate database server without Pulp installed. #7037
  • Provide the "pulp_services" role that users can specify to install all of Pulp's first-party services, but not its third-party services (database server, redis server & webserver.) #7038

Bugfixes

  • Fix webserver snippets not being installed when pulp_install_dir is changed from the default value. #6956
  • Fix documentation about certain variables being required, and error early with clear error messages if they are unset or set to empty strings. #6958
  • Add new RHUI repo name rhel-7-server-rhui-optional-rpms in rhel7_optional_repo. #6960
  • Fix apache installation #7010
  • Fix issue whereby for certain users, the firewall may not be configured. Also fix an issue whereby for certain pulp_devel role users, the Galaxy NG WebUI may not be built. #7062

Improved Documentation

  • Adding changelog to readthedocs site #7033
  • Removing outdated reference to unavailablity of Roles on Ansible Galaxy. #7055

Deprecations and Removals

  • The pulp_api_host (127.0.0.1) and pulp_api_port (24817) have been removed and replaced by pulp_api_bind (127.0.0.1:24817). Same happened for pulp_content_host and pulp_content_port in favor of pulp_content_bind. #6921
  • Removed pulp_redis dependency from pulp_workers and pulp_resource_manager. Users need to adjust their playbook to run the pulp_redis role. #6975
  • pulp_database, which is now separate from pulp_database_config, no longer understands the variable pulp_install_db. Installing the postgres database server is now controlled by whether or not pulp_database is in the role list, and pulp_database_config must be in the list. #7037
  • Removed the task to add a redis PPA on all Ubuntu releases. Existing Ubuntu Pulp installations will still have the PPA enabled. #7063

Misc

Devel

  • For developers, enable source-checkout of a plugin without also having a source checkout of pulpcore #6910
  • Adding dev type changelog #7034

3.4.1 (2020-06-03)

Bugfixes

  • Ensure that pip-tools is at least 5.2.0, so that the pre-flight (compatibility) check does not error on the attribute "editable". #6864

Improved Documentation

  • Document how to install from galaxy #6836
  • Replaced root README.md with a short README.md pointing users to the docs site #6843
  • Added a contributing guide, and moved testing out of the home page to it. #6862
  • Added a documentation section on Recommended Versioning Workflows #6874
  • Document how to file an issue #6879

3.4.0 (2020-05-27)

Features

  • Make gunicorn --workers parameter configurable #6727

Bugfixes

  • Enforce new lines when listing plugins on requirements.in #6697
  • Fixed CodeReady repo name for RHEL8 AWS installations #6805

Improved Documentation

  • Document the conflict between version and upgrade when configuring plugins #6669
  • Documented system requirements for ansible when using the installer. #6725

Deprecations and Removals

  • Fitting directories into collection structure #6458
  • Renaming roles to use underscores rather than dashes #6663
  • Replaced pulp_workers dictionary variable with the pulp_workers integer variable. pulp_workers is now simply the number of workers. #6774

3.3.1 (2020-05-08)

Features

  • Introduced a CentOS version check #6102
  • Replaced nginx/apache alias with proxying to whitenoise #6561
  • Created a directory for Pulp nginx snippets #6594

Bugfixes

  • Fixed: pulp_installer devel role failing on CentOS 8 Stream (pre-8.2) with a module metadata error for the dependency criu. #6509
  • Fixed several issues that cause the pre-flight check to not enforce (not terminating the install early on), which would lead to the instaler erroring at collectstatic, and leave users with a broken pulp installation. #6623
  • Fixed the pulpcore/plugin compatibility check not enforcing on upgrades from Pulp prior to 3.2.0, potentially resulting in a failure on collectstatic. #6642
  • Fixed the pulpcore/plugin compatibility check accidentally enforcing on upgrades when plugins have their upgrade variable specified, and the latest version of the plugin actually is compatible. #6643
  • Fixed the pulpcore/plugin compatibility check not enforcing on upgrades when some currently installed plugins are not specified by the user in pulp_install_plugins. #6644
  • Fixed the pulpcore/plugin compatibility check getting not enforcing when it needs the prereq roles applied to evaluate compatibility. It now runs before (and if necessary, after) the prereq roles. #6645
  • Fixed pre-flight check producing an error (and accidentally enforcing) when a package is installed system-wide at a version that is not available on PyPI. This issue was never present on the previous release, only on the develoment branch. #6689
  • Fixed pre-flight check producing an error (and accidentally enforcing) when trying & failing to build certain packages from PyPI that are actually available as a system-wide (RPM/deb-installed) package in the virtualenv. This issue was never present on the previous release, only on the develoment branch. #6690

Deprecations and Removals

  • Removed the pulp_webserver_static_dir option. This fixes a bug where installations served content they should not. #6601

Misc