Pulp 2.6 Release Notes¶
- Pulp now connects to Qpid with the ANONYMOUS SASL authentication mechanism by default. This aligns with Qpid’s default behavior.
- A new setting named
login_methodhas been added to the
[tasks]section of server.conf. See server.conf docs for more details.
Pulp 2.6.4 is an important security update. It fixes one issue.
A security flaw (CVE-2015-5263) was discovered in Pulp’s consumer management system. When the pulp-consumer CLI is used to register to the Pulp server, it downloads a public key from the Pulp server and stores it locally. Later when the Pulp server sends messages to the client via a message broker to instruct it to perform commands, it will use the corresponding private key to sign the messages. The client checks the signatures before executing the instructions to ensure that the messages came from the Pulp server and not from an attacker.
Versions of pulp-consumer-client between 2.4.0 and 2.6.3 do not check the server’s TLS certificate signatures when retrieving the server’s public key upon registration:
This allows a man in the middle to inject their own message signing key and to then perform administrative actions on the machine, if they are able to send messages through the message broker.
Austin Macdonald fixed this issue in this commit by using our pulp.bindings library as the rest of our CLI does:
Users who do not use pulp-consumer are not affected by this issue.
Thanks to Austin Macdonald for writing the fix, to Dennis Kliban for making our beta and release build, and to Preethi Thomas for testing our releases!
Pulp 2.6.3 is released with packages for Fedora 22 and Fedora 21. Support for Fedora 20 has been dropped. Please see the Fedora lifecycle for more detail.
- Pulp has been fully tested in a clustered configuration. A new section of documentation titled Clustering Pulp is available with more detail on configuring this type of Pulp deployment.
- One area of improvement relates to upgrades. Starting with 2.6.1, Pulp processes pulp_workers, pulp_celerybeat, and pulp_resource_manager are stopped on upgrade or removal of the pulp-server package. After upgrading, you must restart all Pulp related services.
- Pulp now supports RabbitMQ as its task message broker. See the inline comments in
/etc/pulp/server.conffor instruction on configuring Pulp to use RabbitMQ.
- Pulp now allows user credentials to be read from user’s
~/.pulp/admin.conf. This should allow pulp-admin to be automated more easily and more securely. Please see our Authentication documentation for details.
- Pulp no longer requires additional configuration of Qpid after installation. It now works with the ANONYMOUS authentication mechanism. Users can still use a username/password however if they set up a SASL database as described in the installation document.
- Additional status information is available via the status API. More information is available in the status API document.
cancel_publish_repomethod provided by the
Distributorbase plugin class is deprecated and will be removed in a future release. Read more about the plugin cancellation changes.
cancel_publish_groupmethod provided by the
GroupDistributorbase plugin class is deprecated and will be removed in a future release. Read more about the plugin cancellation changes.
cancel_sync_repomethod provided by the
Importerbase plugin class is deprecated and will be removed in a future release. Read more about the plugin cancellation changes.
api_versionfield that is returned by the
/statusAPI is deprecated and will be removed in a future release.
- The python-gofer-amqplib package was discontinued in gofer 2.4. Installations must replace python-gofer-amqplib with python-gofer-amqp if installed.
Upgrade Instructions for 2.5.x –> 2.6.0¶
Prior to upgrading, all tasks must be stopped. One way to accomplish this is to stop all pulp_workers, pulp_celerybeat, and pulp_resource_manager processes and then list the current tasks using:
pulp-admin tasks list
Any task that is in the “Running” or “Waiting” state should be canceled by its <uuid> using:
pulp-admin tasks cancel --task-id <uuid>
After all tasks have been canceled upgrade the packages using:
sudo yum update
After yum completes you should migrate the database using:
sudo -u apache pulp-manage-db
After the database migrations finish, restart httpd, pulp_workers, pulp_celerybeat, and pulp_resource_manager.
- An issue in the pulp (gofer) agent plugin can cause in-progress RMI requests to be discarded when goferd is restarted. Should this occur, an entry is written to the system log on the consumer. On the Pulp server, the associated task will appear to never complete. This has been fixed in Pulp 2.6.1.
- Version 2.5 of the python-gofer-amqp messaging adapter, which is used to support RabbitMQ, contains a regression. It pertains to the reconnect logic. Depending on how a connection error manifests itself, it can result in a traceback during reconnect. Should this occur, The logged traceback would contain: RuntimeError: maximum recursion depth exceeded. This issue has already been fixed in Gofer upstream and will be included with Pulp 2.6.1.
Rest API Changes¶
- A new Task Report attribute named worker_name is introduced that holds the name of the worker a task is associated with. Previously the worker name was stored in a Task Report attribute named queue. The queue attribute now correctly records the queue a task is put in. The queue attribute is deprecated and will be removed from the Task Report in a future Pulp version.
- The URL for the content catalog entries
/v2/content/catalog/<source-id>is missing the trailing ‘/’ and has been deprecated. Support for the URL
/v2/content/catalog/<source-id>/has been added.
- A new API call is added to search profile attributes for all consumer profiles using the
/pulp/api/v2/consumers/profile/search/. With this API call all the unit profiles can be retrieved at one time instead of querying each consumer through
/v2/consumers/<consumer_id>/profiles/. It is also possible to query for a single package across all consumers.
Binding API Changes¶
Plugin API Changes¶
Plugin Cancellation Changes
Cancel now exits immediately by default. The
cancel_sync_repomethods provided by the
Importerbase plugin classes now provide a behavior that exits immediately by default. Previously these methods raised a NotImplementedError() which required plugin authors to provide an implementation for these methods. These methods will be removed in a future version of Pulp, and all plugins will be required to adopt the exit-immediately behavior.
A cancel can occur at any time, which mean that in a future version of Pulp any part of plugin code can have its execution interrupted at any time. For this reason, the following recommendations should be adopted by plugin authors going forward in preparation for this future change:
- Group together multiple database calls that need to occur together for database consistency.
- Do not use subprocess. If your plugin code process gets cancelled it could leave orphaned processes.
- Assume that plugin code which is supposed to run later may not run.
- Assume that the previous executions of plugin code may not have run to completion.
Thank you to all of Pulp’s contributors, especially these new ones!
- Adam D.
- Andrea Giardini
- Andreas Schieb
- Ina Panova
- Michael Moll
- Patrick Creech
- Vijaykumar Jain