Pulp Installers Meeting Minutes

Minutes
#10

Mar 10 Agenda

  • onboarding new team members
    • read pulp 3 docs, particularly architecture
    • familiarity with task tracking
  • Status of galaxy signing service
    • going fairly well
    • wrapping around gpg commands is awkward but doable
    • this might help for some gpg commands: Ansible Galaxy
  • PR for repos role usage
  • merging of certs fix
#11

Mar 16 Agenda

  • Is it possible to have 2 dynaconf settings files, one generated by installer, and a user-override?
  • Status of AH signing service
    • 1 remaining bug affecting release installs on EL7 only
#12

Mar 23 Agenda

  • Most of the way done on making db encryption keys the same
    • Use of run_once / register / debug module to desgignate the primary host
    • How to handle non-identical keys already on the cluster?
    • Worker nodes need the key too, right?
  • Working partial implementation of a cluster for release-dynamic
  • Resolved multiple accidental dependencies of pulp_common on pulp_database
  • Need to do a release still for the AH signing service
    • SELinux updates just merged
  • galaxy-importer support in SELinux
    • Need test steps
    • agreed: reach out to AH
  • settings.local.py
    • agreed: Put header at the top of settings.py saying to modify settings.local.py instead
  • Settings pulp_user_home should set the entirety of /var/lib/pulp
    • There is a mismatch between certain variables and certain sub-variables of pulp_settings
    • We should look for ways to merge these variables into 1.
    • ppicka will address if he has time
#13

Mar 30 Agenda

  • Inconsistency in default config for postgres/redis
    • Currently:
      • postgres binds to 0.0.0.0
      • postgres only permits connections from 127.0.0.1
      • redis binds to 127.0.0.1
    • What should we default to?
      • Accept connections / bind to 0.0.0.0
    • Can we configure postgres to allow the other hosts by IP?
      • we cannot guess correctly enough which is the correct IP address
  • Refactoring pulp_webserver to use the __pulp_database_config_real_sole_host instead of installing pulp-common
  • Current status of fixing non-identical database fields key
    • Will not do anything about non-identical existing keys but to throw a proper error message in the installer
    • Lots of effort involved in picking the correct host to run pulp_database_config.
#14

Apr 6 Agenda

  • Welcome Humberto!
  • Figured out how to set the most global of variables
    • access once set with hostvars[‘localhost’][‘var_name’]
      • as opposed to the normal way “var_name” which can be also done as: hostvars[inventory_hostname][‘var_name’]
    • set with “set_fact:” and “delegate_facts: True” “delegate_to: localhost” “run_once: True”
#15

Apr 13 Agenda

#16

Apr 20 Agenda

  • Status of database fields key PR
    • Satoe messaged me privately with an error, which leads to a design question.
  • Should we continue to wait for the database fields key PR to release pulp_installer 3.19.0?
    • agreed: Release it beforehand if someone complains.
  • 3.18 RPMs
#17

Apr 27 Agenda

  • Updated the db fields encryption keys PR to support replacing other hosts’ keys with 1 host’s key
#18

May 9 Agenda

  • Status of 2 big cluster support PRs:
    • Cluster CI
    • pulp_webserver independence
    • dependent on the epel7 PR
  • Status of el7 support in packages?
    • el7 packages will still be built for pulpcore 3.18 RPMs.
  • docs examples not showing up properly Customizing Your Pulp Deployment - Pulp Installer
  • Suggestions on renaming / moving: Customizing Your Pulp Deployment - Pulp Installer
    • How about move to a new page called “cluster examples”?
      • Not technically accurate because 1 example is an external postgres/redis, but they could be postgres/redis clusters.
  • Suggestions on renaming / moving: Customizing Your Pulp Deployment - Pulp Installer
    • How about “specifying plugin versions” or “Installing specific plugin versions”
  • Running into an issue with my easy-approach-to-settings
    • Desire: settings like content_origin get set to “the 1 host that will run pulp-webserver”
    • Problem example: content_origin needs to be set for the pulp-api host, but pulp webserver gets deployed afterwards. I cannot determine “the 1 host that will run pulp-webserver”, only “the 1 host that has already run pulp-webserver”.
    • Possible solution: Special group names like pulp_webservers? A host could be in multiple groups. Users would still need to apply the correct roles list to each host.
    • agreed: follow up with pavel
#19

May 11 Agenda

  • Remaining CentOS 9 work
    • vagrant box
    • upgrade images
  • Additional complexity in implementing webserver support for multiple api/content hosts
    • This is basically load balancing
    • Load balancing parameters per-host
    • Global load balancing parameters
    • Proposed design
      • pulp_webserver_api_balancing_params:
        foo: bar
        foo2: bar2
      • pulp_webserver_api_servers:
        • url: pulp-api-1:24817
          parameters:
          foo: bar
          foo2: bar2
        • url: pulp-api-2:24817
          parameters:
          foo: bar
          foo2: bar2
      • pulp_webserver_content_balancing_params:
        foo: bar
        foo2: bar2
      • pulp_webserver_content_servers:
        • url: pulp-content-1:24816
          parameters:
          foo: bar
          foo2: bar2
        • url: pulp-content-2:24816
          parameters:
          foo: bar
          foo2: bar2
  • Lets triage open issues
#20

May 17 Agenda

  • Mike’s desire to make vagrant installs no longer build & install the collection
    • https://github.com/pulp/pulp_installer/pull/1099
    • This conflicts with molecule, which does not build and install the collection. But the installed collection takes precedence over the local repo.
      • I have repeatedly run molecule commands, 2 only to have to repeat them a 3rd time after deleting the collection.
    • Making this change would require all vagrant users to run rm -rf ~/.ansible/collections/ansible_collections/pulp/
    • agreed: Make this change, and communicate it well. Devs often use vagrant envs for months.
#21

May 26 Agenda

#22

Jun 1 Agenda

#23

Jun 8 Agenda

  • In the LDAP PR, I managed to make the extras variable usable even when users provide a string rather than a list.
  • In the LDAP PR, I did not do a case-insensitive search, even though extras are case-insensitive.
#24

Jun 15 Agenda

  • Research into other ansible installers:
    • ansible-freeipa
      • Has 1 role (e.g. “ipaclient”) per machine-type, but also has 1 hostgroup (e.g, “ipaclients”) per machine type.
      • Uses lots of custom python modules, and plugins
      • Custom python modules put the server application in the correct state after packages lay down files
      • installs RPM/deb packages
      • Has an uninstaller (`state|default(‘present’)``)
        • But wraps around a binary uninstall command
      • Specifies role short name rather than FQCN
    • foreman_basic_installer
      • Has 1 role (e.g. “foreman_smart_proxy”) per machine-type, but also has 1 hostgroup (e.g, “foreman_smart_proxy”) per machine type.
      • has a group_vars/all.yml.sample, with a long list of variables, that users can copy & modify
      • Has an inventory.sample file, which shows the hostgroups
      • Calls foreman-installer commands
      • Not idempotent, always restarts the webserver service for example.
    • AAP
      • Each webserver/pulp-host sets the content_origin to its own individual ansible_fqdn.
        • We could default it to the 1st host in pulp_webservers
    • brightcomputing/installer
      • Uses a table to describe variables.
      • specifies role’s FQCN
    • Team agreements:
      • Adopt hostgroups for the usability epic
  • lint failing on 3.18 branch
    • It’s as if GHA is like “I’m going to ignore existing lint errors, but not ones that are fixed on the other branch.”
    • Agreed: Just fix the lint errors
#25

Jun 22 Agenda

  • Need to answer these questions: https://issues.redhat.com/browse/AAP-4342
    • Only need help answering the question about what bug it will cause
    • Ask Ina
  • Status of fixing #1196 re-labeling mid-install
    • Can’t use ansible_facts.mounts because the options are excessively verbose, need to parse /etc/fstab instead
  • Status of fix for dev environments
#26

Jun 29 Agenda

  • [mikedep333] Focusing on the dev env for AH
    • Not blocking anyone’s work on the usability epic, am I?
  • vagrant for the old pulp2/pulp3 combo is broken
    • probably won’t need it soon because migration plugin will be EOL
    • look into whether hostmanager plugin breaks regular VMs
  • planning for the usability epic
    • desire for the installer to provide a “distribution” of pulp + plugins at specific versions
      • start a thread on discourse to discuss the installer providing default z-stream releases for plugins
  • updated centos 8stream vagrant images still not available
#27

Jul 13 Agenda

#28

Jul 20 Agenda

  • Making progress on special variable cleanup
    • Installer mimics the default behavior of pulpcore settings.py
#29

Jul 27 Agenda

  • I finished the special variable cleanup
  • In the middle of docs updates
    • Worry that the table will be too wide
  • In the middle of fixing 3.9 CI
    • For last 3.9 release, CI did not run. It seems to not run at all occassionally.
  • How to fix the ulimit bug on the operator
    • ulimit cannot be changed in the container
    • cgroups does not prescribe file limits (or other ulimits)