<div dir="ltr"><div dir="ltr">I just installed my first pulp instance on a fresh Debian Buster VM, using latest Ansible pulp_installer release (3.4.1), with my pulp.yml playbook (pasted below) modeled after <a href="https://github.com/pulp/pulp_installer/tree/3.4.1/playbooks/example-use">the official example-use playbook</a>. The playbook runs to completion, with zero failed tasks, yet I am not able to connect to the pulp content webserver using the protocol/address/port I specified in the content_origin variable. I have verified that nginx service is running, but I still get 502: Bad Gateway error. </div><div dir="ltr"><br></div><div dir="ltr">Can someone help me troubleshoot this, or direct me to troubleshooting documentation that would assist? I found <a href="https://www.datadoghq.com/blog/nginx-502-bad-gateway-errors-gunicorn/">this excellent explanation </a>which seems relevant since pulp uses the same nginx/gunicorn tech cocktail. It states:</div><div dir="ltr"><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">NGINX will return a 502 Bad Gateway error if it can’t successfully proxy a request to Gunicorn or if Gunicorn fails to respond. </blockquote><div dir="ltr"><br></div><div>I learned to look in /var/log/nginx/error.log for the reason for the issue. There I found several errors similar to this:</div><div><br></div><div><font face="monospace">[error] 4348#4348: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 10.212.134.131, server: pulp, request: "GET / HTTP/1.1", upstream: "<a href="http://127.0.1.1:24817/">http://127.0.1.1:24817/</a>", host: "pulp.my.domain"<br></font></div><div><br></div><div><div dir="ltr">I also confirmed the following pulp service statuses:<br></div><div dir="ltr"><br></div><div dir="ltr"><font face="monospace">pulpadmin@pulp:~$ sudo systemctl list-unit-files | grep pulp<br><i><b>pulpcore-api.service disabled<br></b></i>pulpcore-content.service enabled<br>pulpcore-resource-manager.service enabled<br>pulpcore-worker@.service indirect<br>dev-mapper-pulp\x2d\x2dvg\x2dswap_1.swap generated<br></font></div><div dir="ltr"></div></div><div><br></div><div>Hmm.. <i>Shouldn't pulpcore-api be enabled</i>? If so, I suppose this is the "upstream" service that nginx cannot connect to? From the error log, it looks like the address is localhost:24817, and I believe this is the default I chose. Anyone see any problem with what I'm doing here? I'm simply trying to set up "hello world" with pulp_installer targeting a dedicated remote server.</div><div><br></div><div>I applaud the pulp dev team's modularizing of the code base, but I would love to see more documentation on the architecture here, clearly illustrating all these moving parts, with links to common problems like I'm having, with troubleshooting advice.</div><div><br></div><div>Here's my pulp.yml ansible playbook:</div><div><br></div><div><font face="monospace">---<br># Playbook to provision and manage Pulp Instances for Artifact Management<br><br># Requires:<br># (<a href="https://pulp-installer.readthedocs.io/en/latest/#system-requirements">https://pulp-installer.readthedocs.io/en/latest/#system-requirements</a>)<br># 1. Debian Buster Machine Provisioned using Preseeded Installer<br># a. Really just need Debian install with:<br># i. sudo, openssh-server, python3<br># (after installing with only ssh-server and system utility packages selected, only need to:<br># su<br># vi /etc/apt/sources.list # remove CD Rom line, add buster main repo if no mirror selected during install<br># apt-get install sudo)<br># ii. update-alternatives --set editor `update-alternatives --list editor | grep vim`<br># iii. pulpadmin user with passwordless sudoer priviledges<br># (echo "pulpadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers)<br># iv. ansible controller user has installed its ssh key in remote host's known_hosts<br># (without this you'd just need to --ask-pass and supply ssh passwd at stdin)<br># TODO: capture above in a VM Snapshot in vSphere/ESXi for fast reproduction.<br># 2. Ansible Roles Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`<br># 3. Ansible Collection Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`<br>#<br># Run like this:<br># ansible-playbook pulp.yml --user pulpadmin -l <controlled-pulp-hostname> --ask-pass --ask-vault-pass<br><br></font></div><div><font face="monospace"># This playbook builds upon the Engineering Services playbook template<br># Check imported playbook content before adding it here.<br>- import_playbook: engineering-services-tmplt.yml<br><br>- name: "Install packages we want on every Pulp instance"<br> hosts: engineering_services_pulp<br> gather_facts: false<br> vars:<br> apt_packages:<br> - curl<br> roles:<br> - apt<br><br>- name: Configure admin group<br> become: true<br> hosts: engineering_services_pulp<br> gather_facts: false<br> tasks:<br> - name: Create admin group<br> group:<br> name: admin<br><br>- name: Configure admin user<br> become: true<br> hosts: engineering_services_pulp<br> gather_facts: false<br> vars:<br> # TODO: define these as inventory variable (standard for all machines?) so it can move out of playbook task blocks<br> tasks:<br> - debug: var=ansible_fqdn<br> - name: Configure admin user account<br> user:<br> name: admin<br> groups:<br> - admin<br><br>- name: Install Pulp<br> hosts: engineering_services_pulp<br> # gather_facts: false<br> vars:<br> # required by pulp_installer: <a href="https://pulp-installer.readthedocs.io/en/latest/#system-requirements">https://pulp-installer.readthedocs.io/en/latest/#system-requirements</a><br> # TODO: this is now set in ansible.cfg bc it doesn't work when set here or in inventory<br> # allow_world_readable_tmpfiles: True<br> pulp_settings:<br> secret_key: !vault |<br> $ANSIBLE_VAULT;1.1;AES256<br> 38383631633236306565616334663761363134613835323839653962323930616639656333653865<br> 3264363735643430626361383132653632316139396364370a613566396133393430663962666261<br> 35356165663639613535383563366638663635326662343133353339343262646265316630616162<br> 6337346131303833610a663232633339306231613738653233646466383638333934393765373034<br> 63346437343834653964366666333061303634313864333031323735326134626432626535613436<br> 62643731343836626436383438643862396166636263646330646332633637363765623866343733<br> 616635326537346163646564653134386666<br> content_origin: "http://{{ ansible_fqdn }}:8080"<br> pulp_default_admin_password: !vault |<br> $ANSIBLE_VAULT;1.1;AES256<br> 35636365316538376363643965323035306461643239306433353665623438633535633763613662<br> 6266346236393736616532636230393136303966383339310a306563323838326431386432626465<br> 30316164383265303932643865323033623938656136306665356665336262613233653866386165<br> 3164396261326563640a613464353364656130396333613531383864323434316533663932303766<br> 3938<br> pulp_content_host: "{{ ansible_fqdn }}"<br> # pulp_content_port: 24816<br> pulp_content_port: 8080<br> pulp_api_host: "{{ ansible_fqdn }}"<br> # pulp_content_port: 24817<br> pulp_content_bind: "{{ pulp_content_host }}:{{ pulp_content_port }}"<br> pulp_install_plugins:<br> # galaxy-ng: {}<br> pulp-ansible: {}<br> # pulp-certguard: {}<br> pulp-container: {}<br> # pulp-cookbook: {}<br> pulp-deb: {}<br> pulp-file: {}<br> # pulp-gem: {}<br> # pulp-maven: {}<br> # pulp-npm: {}<br> pulp-python: {}<br> # pulp-rpm: {}<br> pre_tasks:<br> # The version string below is the highest of all those in roles' metadata:<br> # "min_ansible_version". It needs to be kept manually up-to-date.<br> - name: Verify Ansible meets min required version<br> assert:<br> that: "ansible_version.full is version_compare('2.8', '>=')"<br> msg: ><br> "You must update Ansible to at least 2.8 to use this version of Pulp 3 Installer."<br> roles:<br> - pulp_database<br> - pulp_workers<br> - pulp_resource_manager<br> - pulp_webserver<br> - pulp_content<br> environment:<br> DJANGO_SETTINGS_MODULE: pulpcore.app.settings<br></font></div><div><br></div><div>Thanks for your help. </div><div><br></div><div>Tim</div></div>