<div dir="ltr">Regarding my question about a turnkey vagrant solution, searching around pulpproject i found <a href="https://github.com/pulp/pulplift" target="_blank">pulplift</a>, which appears to contain vagrant boxes for bringing up and developing pulp on various OSes. When I get some more time, I'll try to have a deeper look and see if any of them work out of the box with my same pulp_installer version and os versions..</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 27, 2020 at 3:34 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Created this: <a href="https://pulp.plan.io/issues/7223" target="_blank">https://pulp.plan.io/issues/7223</a> <br><div><br></div><div>But would still love to get advice on how to get ANY pulp instance brought up as nothing I've tried so far has worked. Can anyone share a working vm settings/ansible playbook that "just works"? Even one that just brings it up on localhost would be fine for now.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 27, 2020 at 3:15 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Using pulp_installer 3.5.0 and this:<div><br></div><div><font face="monospace"> roles:<br> - pulp_all_services<br></font></div><div><br></div><div>also produces the version compatibility error (posted above) like I was getting using 3.4.1 which uses a different role pattern:</div><div><br></div><div><font face="monospace"> roles:<br> - pulp_database<br> - pulp_workers<br> - pulp_resource_manager<br> - pulp_webserver<br> - pulp_content<br></font></div></div><div><br></div><div>I will file a bug.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 27, 2020 at 3:04 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Correction: using pulp_installer 3.5.0, I am still getting the same error pulpcore/plugin compatibility error message I was getting with 3.4.1. (I got past the secret_key error by specifying it in plain text in my playbook instead of using vault (for now).) I am at a bit of a standstill, and am going to shift gears and wait for some guidance or suggestions for how to move forward with using pulp. Thanks again.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 27, 2020 at 2:53 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Also.. I notice that <a href="https://github.com/pulp/pulp_installer/blob/3.5.0/playbooks/example-use/playbook.yml" target="_blank">on the 3.5.0 tag of pulp_installer, the example-use playbook</a> now has gone back to using the "pulp_all_services" role instead of listing each role separately, like it was doing before. Since I'm now using 3.5.0 pulp_installer, should I be following this new pattern?<div><br></div><div>I would like to also reiterate my request for a vagrant-virtualbox-based solution that "just works" that can be shared with me and other newbies. Seems like enabling this level of turnkey automation is the whole goal of using ansible to begin with. Does this exist somewhere? Thanks.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 27, 2020 at 2:47 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Thanks Dennis. I finally got some time to work on this, and have started over again, this time using the latest centos iso: 8.2.2004. I do not have support for centos in my ansible bootstrapping playbooks, which typically operate on a debian-based machine/snapshot with a fixed hostname and user. So, for now I've done the following manual steps post centOS install, before running my *slightly simplified <font face="monospace">pulp.yml</font> ansible playbook:</div><div dir="ltr"><br></div><div>(* all my pulp.yml is doing now is configuring an admin/admin user/group, then running the pulp_installer, with same options as I posted before.)</div><div dir="ltr"><ol><li><font face="monospace">ssh-copy-id -i ~/.ssh/id_rsa.pub ansible@pulpcentos </font><font face="arial, sans-serif">and confirm that I can:</font></li><ol><li><font face="arial, sans-serif">ssh as ansible user without password</font></li><li><font face="arial, sans-serif">sudo as ansible user with password</font></li></ol><li><font face="monospace">sudo yum install python3</font></li></ol><div><font face="arial, sans-serif">Unfortunately, now I get an error in the compatibility check between pulpcore and plugins:</font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="monospace">TASK [Run pip-compile to check pulpcore/plugin compatibility] *****************************************************************************************************[20/7382]<br>Monday 27 July 2020 14:23:18 -0700 (0:00:00.287) 0:00:46.377 *********** [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: {{ failed_condition | default("compatibility.rc != 0") }} fatal: [pulpcentos]: FAILED! => changed=false cmd: - /usr/local/lib/pulp/bin/pip-compile delta: '0:00:03.171889' end: '2020-07-27 14:23:21.863378' failed_when_result: true msg: non-zero return code rc: 2 start: '2020-07-27 14:23:18.691489' stderr: |- Could not find a version that matches pulpcore<3.5,<3.6,==3.4.1,>=3.0,>=3.4,>=3.5 from <a href="https://files.pythonhosted.org/packages/5c/40/8dab8ccfe73982ef3a5e48489af2d83974b0e7677ca52ec232fcb4b49dfa/pulpcore-3.4.1-py3-none-any.whl#sha256=e33ca32f867201e1a18b888d72ef07e85c2cd11273a8e422e33d6a2910a64fac" target="_blank">https://files.pythonhosted.org/packages/5c/40/8dab8ccfe73982ef3a5e48489af2d83974b0e7677ca52ec232fcb4b49dfa/pulpcore-3.4.1-py3-none-any.whl#sha256=e33ca32f867201e1a18b888d72ef07e85c2cd11273a8e422e33d6a2910a64fac</a> (from -r <a href="http://requirements.in" target="_blank">requirements.in</a> (line 1)) Tried: 3.0.0, 3.0.0, 3.0.1, 3.0.1, 3.1.0, 3.1.0, 3.1.1, 3.1.1, 3.2.0, 3.2.0, 3.2.1, 3.2.1, 3.3.0, 3.3.0, 3.3.1, 3.3.1, 3.4.0, 3.4.0, 3.4.1, 3.4.1, 3.5.0, 3.5.0 Skipped pre-versions: 3.0.0b1, 3.0.0b1, 3.0.0b2, 3.0.0b2, 3.0.0b3, 3.0.0b3, 3.0.0b4, 3.0.0b4, 3.0.0b5, 3.0.0b5, 3.0.0b6, 3.0.0b6, 3.0.0b7, 3.0.0b7, 3.0.0b8, 3.0.0b8, 3.0.0b9, 3.0.0b9, 3.0.0b10, 3.0.0b10, 3.0.0b11, 3.0.0b11, 3.0.0b12, 3.0.0b12, 3.0.0b13, 3.0.0b13, 3.0.0b14, 3.0.0b14, 3.0.0b15, 3.0.0b15, 3.0.0b16, 3.0.0b16, 3.0.0b17, 3.0.0b18, 3.0.0b18, 3.0.0b19, 3.0.0b19, 3.0.0b20, 3.0.0b20, 3.0.0b21, 3.0.0b21, 3.0.0b22, 3.0.0b22, 3.0.0b23, 3.0.0b23, 3.0.0rc1, 3.0.0rc1, 3.0.0rc2, 3.0.0rc2, 3.0.0rc3, 3.0.0rc3, 3.0.0rc4, 3.0.0rc4, 3.0.0rc5, 3.0.0rc5, 3.0.0rc6, 3.0.0rc6, 3.0.0rc7, 3.0.0rc7, 3.0.0rc8, 3.0.0rc8, 3.0.0rc9, 3.0.0rc9 There are incompatible versions in the resolved dependencies: pulpcore==3.4.1 from <a href="https://files.pythonhosted.org/packages/5c/40/8dab8ccfe73982ef3a5e48489af2d83974b0e7677ca52ec232fcb4b49dfa/pulpcore-3.4.1-py3-none-any.whl#sha256=e33ca32f867201e1a18b888d72ef07e85c2cd11273a8e422e33d6a2910a64fac" target="_blank">https://files.pythonhosted.org/packages/5c/40/8dab8ccfe73982ef3a5e48489af2d83974b0e7677ca52ec232fcb4b49dfa/pulpcore-3.4.1-py3-none-any.whl#sha256=e33ca32f867201e1a18b888d72ef07e85c2cd11273a8e422e33d6a2910a64fac</a> (from -r <a href="http://requirements.in" target="_blank">requirements.in</a> (line 1))<br> pulpcore<3.6,>=3.4 (from pulp-file==1.1.0->-r <a href="http://requirements.in" target="_blank">requirements.in</a> (line 5))<br> pulpcore<3.6,>=3.4 (from pulp-container==1.4.2->-r <a href="http://requirements.in" target="_blank">requirements.in</a> (line 3))<br> pulpcore<3.5,>=3.4 (from pulp-python==3.0.0b9->-r <a href="http://requirements.in" target="_blank">requirements.in</a> (line 6))<br> pulpcore<3.6,>=3.5 (from pulp-deb==2.5.0b1->-r <a href="http://requirements.in" target="_blank">requirements.in</a> (line 4))<br> pulpcore<3.6,>=3.0 (from pulp-ansible==0.2.0b15->-r <a href="http://requirements.in" target="_blank">requirements.in</a> (line 2))<br> stderr_lines: <omitted><br> stdout: ''<br> stdout_lines: <omitted><br><br>PLAY RECAP *****************************************************************************************************************************************************************pulpcentos : ok=33 changed=14 unreachable=0 failed=1 skipped=16 rescued=0 ignored=0</font></div></div><div dir="ltr"><br></div><div>I believe this means that the version of pulp_installer role(s) I have/had installed have become broken bc of compatibility changes made to one or more versions they were referencing. This seems bad, nevertheless, I went ahead and updated my pulp_installer to a newer tag (from 3.4.1 to 3.5.0), and reran the pulp.yml playbook, with the following results:</div><div><br></div><div>With 3.5.0 pulp_installer, running against fresh new centos 8 machine, it got past the pulpcore/plugin version check, but failed here, in pulp_common's check for required variables. This worked fine before (on my debian-based machine) as you can see in my playbook I'm using an ansible-vault encrypted string as the secret_key. </div><div><br></div><div><font face="monospace">TASK [pulp_common : Check if required variables are set] *******************************************************************************************************************Monday 27 July 2020 14:34:27 -0700 (0:00:00.024) 0:00:19.821 *********** ok: [pulpcentos] => (item=pulp_settings.content_origin) => changed=false ansible_loop_var: item item: pulp_settings.content_origin msg: All assertions passed fatal: [pulpcentos]: FAILED! =><br> msg: 'The conditional check ''pulp_settings.secret_key | default('''', true) | length > 0'' failed. The error was: Unexpected templating type error occurred on ({% if pulp_settings.secret_key | default('''', true) | length > 0 %} True {% else %} False {% endif %}): object of type ''AnsibleVaultEncryptedUnicode'' has no len()'</font><br></div><div><br></div><div>Not sure what's up, but at the very least so far it's not working any better with CentOS. I'm all ears for suggestions.</div><div><br></div><div>Does anyone have a turnkey, fully-automated solution they can share, like a vagrant box that brings up a pulp instance from scratch? Seems like I'm doing a lot more work here than should be required to bring this thing up. Thanks. </div><div></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr"><br></div><div dir="ltr" class="gmail_attr">On Sat, Jul 11, 2020 at 1:49 PM Dennis Kliban <<a href="mailto:dkliban@redhat.com" target="_blank">dkliban@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I would recommend re-running the installer on a fresh VM that is running CentOS 7.7+. I've experienced this problem before when the installer had to be run multiple times due to various failures. In my case, the database migrations had not been run and the output of "systemctl status pulpcore*" showed that Pulp services were failing to start due to database issues. I suspected it was due to permissions problems with /etc/pulp/settings.py, however, I never confirmed this by actually fixing the install. I've always just reprovisioned on a new VM.</div><div><br></div><div>If you can reproduce this issue again on a new VM, I would recommend filing an issue at <a href="https://pulp.plan.io/issues/new/" target="_blank">https://pulp.plan.io/issues/new/</a>. The installer is definitely doing something wrong, but I am not sure how to reproduce the issue consistently. <br></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 10, 2020 at 11:12 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Thanks Matthias. I get 502 at <a href="http://pulp.my.domain/pulp/api/v3/status/" target="_blank">http://pulp.my.domain/pulp/api/v3/status/</a> as well. Below is my nginx.conf, pulled from my freshly provisioned pulp server. My skills are a little weak on the webserver side of things so I'm open to suggestions for any simplifications I can make to my config to get this working. I'm not trying to do anything fancy here. <div><br></div><div>/etc/nginx/nginx.conf:</div><div><br></div><div># TODO: Support IPv6.<br># TODO: Configure SSL certificates.<br># TODO: Maybe serve multiple `location`s, not just one.<br><br># Gunicorn docs suggest this value.<br>worker_processes 1;<br>events {<br> worker_connections 1024; # increase if you have lots of clients<br> accept_mutex off; # set to 'on' if nginx worker_processes > 1<br>}<br><br>http {<br> include mime.types;<br> # fallback in case we can't determine a type<br> default_type application/octet-stream;<br> sendfile on;<br><br> # If left at the default of 1024, nginx emits a warning about being unable<br> # to build optimal hash types.<br> types_hash_max_size 4096;<br><br> upstream pulp-content {<br> server <a href="http://127.0.0.1:24816" target="_blank">127.0.0.1:24816</a>;<br> }<br><br> upstream pulp-api {<br> server <a href="http://127.0.0.1:24817" target="_blank">127.0.0.1:24817</a>;<br> }<br><br> server {<br> # Gunicorn docs suggest the use of the "deferred" directive on Linux.<br> listen 80 default_server deferred;<br> server_name $hostname;<br><br> # The default client_max_body_size is 1m. Clients uploading<br> # files larger than this will need to chunk said files.<br><br> # Gunicorn docs suggest this value.<br> keepalive_timeout 5;<br><br> location /pulp/content/ {<br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br> proxy_set_header X-Forwarded-Proto $scheme;<br> proxy_set_header Host $http_host;<br> # we don't want nginx trying to do something clever with<br> # redirects, we set the Host: header above already.<br> proxy_redirect off;<br> proxy_pass <a href="http://pulp-content" target="_blank">http://pulp-content</a>;<br> }<br><br> location /pulp/api/v3/ {<br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br> proxy_set_header X-Forwarded-Proto $scheme;<br> proxy_set_header Host $http_host;<br> # we don't want nginx trying to do something clever with<br> # redirects, we set the Host: header above already.<br> proxy_redirect off;<br> proxy_pass <a href="http://pulp-api" target="_blank">http://pulp-api</a>;<br> }<br><br> location /auth/login/ {<br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br> proxy_set_header X-Forwarded-Proto $scheme;<br> proxy_set_header Host $http_host;<br> # we don't want nginx trying to do something clever with<br> # redirects, we set the Host: header above already.<br> proxy_redirect off;<br> proxy_pass <a href="http://pulp-api" target="_blank">http://pulp-api</a>;<br> }<br><br> include pulp/*.conf;<br><br> location / {<br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br> proxy_set_header X-Forwarded-Proto $scheme;<br> proxy_set_header Host $http_host;<br> # we don't want nginx trying to do something clever with<br> # redirects, we set the Host: header above already.<br> proxy_redirect off;<br> proxy_pass <a href="http://pulp-api" target="_blank">http://pulp-api</a>;<br> # static files are served through whitenoise - <a href="http://whitenoise.evans.io/en/stable/" target="_blank">http://whitenoise.evans.io/en/stable/</a><br> }<br> }<br>}<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 7, 2020 at 11:56 PM Matthias Dellweg <<a href="mailto:mdellweg@redhat.com" target="_blank">mdellweg@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The only thing that sticks out to me is `content_origin: "http://{{<br> ansible_fqdn }}:8080"`. This is the address seen from the outside, and<br> since both content and api are subject to the same reverse proxy and<br> so should be available on port 80 (and 443 soon). But that is for sure<br> not the problem you have with the API.<br> Can you, however, try `http<br> <a href="http://pulp.my.domain/pulp/api/v3/status/" rel="noreferrer" target="_blank">http://pulp.my.domain/pulp/api/v3/status/`</a>? And if it still didn't<br> produce a result, provide the content of /etc/nginx/nginx.conf ?<br> <br> On Tue, Jul 7, 2020 at 11:18 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br> ><br> > After perusing all of the roles' READMEs more thoroughly, I have updated my playbook (pasted below) with what I believe are the correct current set of available role variables in 3.4.1, with links to the docs for each. (would be nice if the example playbook was this informative.) One thing that came up with this exercise is that the example-use playbook is not including the main pulp role, however on tag 3.4.1 the pulp role appears to be a required dependency. Does the pulp role get included by the others, implicitly?<br> ><br> > Anyway, after a successful run of the modified playbook, I'm now seeing all services enabled:<br> ><br> > pulpadmin@pulp:~$ sudo systemctl list-unit-files | grep -E "(pulp|nginx)"<br> > nginx.service enabled<br> > pulpcore-api.service enabled<br> > pulpcore-content.service enabled<br> > pulpcore-resource-manager.service enabled<br> > pulpcore-worker@.service indirect<br> > dev-mapper-pulp\x2d\x2dvg\x2dswap_1.swap generated<br> ><br> > However, I'm still getting 502 trying to connect to pulp content webserver at my specified content_origin.<br> ><br> > My /var/log/nginx/error.log still shows the same type errors showing nginx can't connect with an upstream application server:<br> ><br> > 2020/07/07 13:59:41 [error] 12936#12936: *44 connect() failed (111: Connection refused) while connecting to upstream, client: 10.212.134.131, server: pulp, request: "GET /favicon.ico HTTP/1.1", upstream: "<a href="http://127.0.0.1:24817/favicon.ico" rel="noreferrer" target="_blank">http://127.0.0.1:24817/favicon.ico</a>", host: "pulp.my.domain", referrer: "<a href="http://pulp.my.domain/" rel="noreferrer" target="_blank">http://pulp.my.domain/</a>"<br> ><br> > Here's my updated pulp.yml:<br> ><br> > ---<br> > # Playbook to provision and manage Pulp Instances for Artifact Management<br> ><br> > # Requires:<br> > # (<a href="https://pulp-installer.readthedocs.io/en/latest/#system-requirements" rel="noreferrer" target="_blank">https://pulp-installer.readthedocs.io/en/latest/#system-requirements</a>)<br> > # 1. Debian Buster Machine Provisioned using Preseeded Installer<br> > # a. Really just need Debian install with:<br> > # i. sudo, openssh-server, python3<br> > # (after installing with only ssh-server and system utility packages selected, only need to:<br> > # su<br> > # vi /etc/apt/sources.list # remove CD Rom line, add buster main repo if no mirror selected during install<br> > # apt-get install sudo)<br> > # ii. update-alternatives --set editor `update-alternatives --list editor | grep vim`<br> > # iii. pulpadmin user with passwordless sudoer priviledges<br> > # (echo "pulpadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers)<br> > # iv. ansible controller user has installed its ssh key in remote host's known_hosts<br> > # (without this you'd just need to --ask-pass and supply ssh passwd at stdin)<br> > # TODO: capture above in a VM Snapshot in vSphere/ESXi for fast reproduction.<br> > # 2. Ansible Roles Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`<br> > # 3. Ansible Collection Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`<br> ><br> > # Run like this:<br> > # ansible-playbook pulp.yml --user pulpadmin --ask-pass --ask-vault-pass<br> > #<br> > # Note ansible knows what machines to run the playbook on by the `hosts` element within the playbook,<br> > # which should have names existing in hosts file(s) in inventory/.<br> ><br> > # This playbook builds upon the Engineering Services playbook template<br> > # Check imported playbook content before adding it here.<br> > - import_playbook: engineering-services-tmplt.yml<br> ><br> > - name: "Install packages we want on every Pulp instance"<br> > hosts: engineering_services_pulp<br> > gather_facts: false<br> > vars:<br> > apt_packages:<br> > - curl<br> > roles:<br> > - apt<br> ><br> > - name: Configure admin group<br> > become: true<br> > hosts: engineering_services_pulp<br> > gather_facts: false<br> > tasks:<br> > - name: Create admin group<br> > group:<br> > name: admin<br> ><br> > - name: Configure admin user<br> > become: true<br> > hosts: engineering_services_pulp<br> > gather_facts: false<br> > vars:<br> > # TODO: define these as inventory variable (standard for all machines?) so it can move out of playbook task blocks<br> > tasks:<br> > - debug: var=ansible_fqdn<br> > - name: Configure admin user account<br> > user:<br> > name: admin<br> > groups:<br> > - admin<br> ><br> > - name: Install Pulp<br> > hosts: engineering_services_pulp<br> > # gather_facts: false<br> > vars:<br> > # Main Pulp Role Variables<br> > # <a href="https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp#role-variables" rel="noreferrer" target="_blank">https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp#role-variables</a><br> > pulp_settings:<br> > secret_key: !vault |<br> > $ANSIBLE_VAULT;1.1;AES256<br> > 38383631633236306565616334663761363134613835323839653962323930616639656333653865<br> > 3264363735643430626361383132653632316139396364370a613566396133393430663962666261<br> > 35356165663639613535383563366638663635326662343133353339343262646265316630616162<br> > 6337346131303833610a663232633339306231613738653233646466383638333934393765373034<br> > 63346437343834653964366666333061303634313864333031323735326134626432626535613436<br> > 62643731343836626436383438643862396166636263646330646332633637363765623866343733<br> > 616635326537346163646564653134386666<br> > content_origin: "http://{{ ansible_fqdn }}:8080"<br> > pulp_install_plugins:<br> > pulp-ansible: {}<br> > pulp-container: {}<br> > pulp-deb: {}<br> > pulp-file: {}<br> > pulp-python: {}<br> > pulp_default_admin_password: !vault |<br> > $ANSIBLE_VAULT;1.1;AES256<br> > 35636365316538376363643965323035306461643239306433353665623438633535633763613662<br> > 6266346236393736616532636230393136303966383339310a306563323838326431386432626465<br> > 30316164383265303932643865323033623938656136306665356665336262613233653866386165<br> > 3164396261326563640a613464353364656130396333613531383864323434316533663932303766<br> > 3938<br> > pulp_api_bind: "{{ ansible_fqdn }}"<br> > pulp_api_workers: 4 # defaults to 1<br> ><br> > # Pulp Content Role Variables<br> > # <a href="https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_content#pulp_content" rel="noreferrer" target="_blank">https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_content#pulp_content</a><br> > # pulp_content_bind: # Defaults to <a href="http://127.0.0.1:24816" rel="noreferrer" target="_blank">127.0.0.1:24816</a><br> ><br> > # Pulp Database Role Variables<br> > # <a href="https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_database" rel="noreferrer" target="_blank">https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_database</a><br> > # None<br> ><br> > # Pulp Resource Manager Role Variables<br> > # <a href="https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_resource_manager" rel="noreferrer" target="_blank">https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_resource_manager</a><br> > # pulp_resouce_manager_state: # defaults to started<br> > # pulp_resouce_manager_enabled: # defaults to true<br> ><br> > # Pulp Webserver Role Variables<br> > # <a href="https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_webserver" rel="noreferrer" target="_blank">https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_webserver</a><br> > # pulp_webserver_server: # defauls to nginx<br> > # pulp_content_port: # defaults to 24816<br> > # pulp_content_host: # defaults to localhost<br> > # pulp_api_port: # defaults to 24817<br> > # pulp_api_host: # defaults to localhost<br> > # pulp_configure_firewall: # defaults to auto, which is same as firewalld. Change to none to disable.<br> ><br> > # Pulp Workers Role Variables<br> > # <a href="https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_workers" rel="noreferrer" target="_blank">https://github.com/pulp/pulp_installer/tree/3.4.1/roles/pulp_workers</a><br> > # TODO: how is this different from pulp_api_workers in the main Pulp Role??<br> > # pulp_workers: 4 # defaults to 2<br> ><br> > pre_tasks:<br> > # The version string below is the highest of all those in roles' metadata:<br> > # "min_ansible_version". It needs to be kept manually up-to-date.<br> > - name: Verify Ansible meets min required version<br> > assert:<br> > that: "ansible_version.full is version_compare('2.8', '>=')"<br> > msg: ><br> > "You must update Ansible to at least 2.8 to use this version of Pulp 3 Installer."<br> > roles:<br> > # Is pulp role implicitly included by the others?<br> > - pulp_database<br> > - pulp_workers<br> > - pulp_resource_manager<br> > - pulp_webserver<br> > - pulp_content<br> > environment:<br> > DJANGO_SETTINGS_MODULE: pulpcore.app.settings<br> ><br> > On Tue, Jul 7, 2020 at 12:24 PM Tim Black <<a href="mailto:timblaktu@gmail.com" target="_blank">timblaktu@gmail.com</a>> wrote:<br> >><br> >> I just installed my first pulp instance on a fresh Debian Buster VM, using latest Ansible pulp_installer release (3.4.1), with my pulp.yml playbook (pasted below) modeled after the official example-use playbook. The playbook runs to completion, with zero failed tasks, yet I am not able to connect to the pulp content webserver using the protocol/address/port I specified in the content_origin variable. I have verified that nginx service is running, but I still get 502: Bad Gateway error.<br> >><br> >> Can someone help me troubleshoot this, or direct me to troubleshooting documentation that would assist? I found this excellent explanation which seems relevant since pulp uses the same nginx/gunicorn tech cocktail. It states:<br> >><br> >>> NGINX will return a 502 Bad Gateway error if it can’t successfully proxy a request to Gunicorn or if Gunicorn fails to respond.<br> >><br> >><br> >> I learned to look in /var/log/nginx/error.log for the reason for the issue. There I found several errors similar to this:<br> >><br> >> [error] 4348#4348: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 10.212.134.131, server: pulp, request: "GET / HTTP/1.1", upstream: "<a href="http://127.0.1.1:24817/" rel="noreferrer" target="_blank">http://127.0.1.1:24817/</a>", host: "pulp.my.domain"<br> >><br> >> I also confirmed the following pulp service statuses:<br> >><br> >> pulpadmin@pulp:~$ sudo systemctl list-unit-files | grep pulp<br> >> pulpcore-api.service disabled<br> >> pulpcore-content.service enabled<br> >> pulpcore-resource-manager.service enabled<br> >> pulpcore-worker@.service indirect<br> >> dev-mapper-pulp\x2d\x2dvg\x2dswap_1.swap generated<br> >><br> >> Hmm.. Shouldn't pulpcore-api be enabled? If so, I suppose this is the "upstream" service that nginx cannot connect to? From the error log, it looks like the address is localhost:24817, and I believe this is the default I chose. Anyone see any problem with what I'm doing here? I'm simply trying to set up "hello world" with pulp_installer targeting a dedicated remote server.<br> >><br> >> I applaud the pulp dev team's modularizing of the code base, but I would love to see more documentation on the architecture here, clearly illustrating all these moving parts, with links to common problems like I'm having, with troubleshooting advice.<br> >><br> >> Here's my pulp.yml ansible playbook:<br> >><br> >> ---<br> >> # Playbook to provision and manage Pulp Instances for Artifact Management<br> >><br> >> # Requires:<br> >> # (<a href="https://pulp-installer.readthedocs.io/en/latest/#system-requirements" rel="noreferrer" target="_blank">https://pulp-installer.readthedocs.io/en/latest/#system-requirements</a>)<br> >> # 1. Debian Buster Machine Provisioned using Preseeded Installer<br> >> # a. Really just need Debian install with:<br> >> # i. sudo, openssh-server, python3<br> >> # (after installing with only ssh-server and system utility packages selected, only need to:<br> >> # su<br> >> # vi /etc/apt/sources.list # remove CD Rom line, add buster main repo if no mirror selected during install<br> >> # apt-get install sudo)<br> >> # ii. update-alternatives --set editor `update-alternatives --list editor | grep vim`<br> >> # iii. pulpadmin user with passwordless sudoer priviledges<br> >> # (echo "pulpadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers)<br> >> # iv. ansible controller user has installed its ssh key in remote host's known_hosts<br> >> # (without this you'd just need to --ask-pass and supply ssh passwd at stdin)<br> >> # TODO: capture above in a VM Snapshot in vSphere/ESXi for fast reproduction.<br> >> # 2. Ansible Roles Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`<br> >> # 3. Ansible Collection Installed via Galaxy using `$ ansible-galaxy install -r requirements-pulp.yml`<br> >> #<br> >> # Run like this:<br> >> # ansible-playbook pulp.yml --user pulpadmin -l <controlled-pulp-hostname> --ask-pass --ask-vault-pass<br> >><br> >> # This playbook builds upon the Engineering Services playbook template<br> >> # Check imported playbook content before adding it here.<br> >> - import_playbook: engineering-services-tmplt.yml<br> >><br> >> - name: "Install packages we want on every Pulp instance"<br> >> hosts: engineering_services_pulp<br> >> gather_facts: false<br> >> vars:<br> >> apt_packages:<br> >> - curl<br> >> roles:<br> >> - apt<br> >><br> >> - name: Configure admin group<br> >> become: true<br> >> hosts: engineering_services_pulp<br> >> gather_facts: false<br> >> tasks:<br> >> - name: Create admin group<br> >> group:<br> >> name: admin<br> >><br> >> - name: Configure admin user<br> >> become: true<br> >> hosts: engineering_services_pulp<br> >> gather_facts: false<br> >> vars:<br> >> # TODO: define these as inventory variable (standard for all machines?) so it can move out of playbook task blocks<br> >> tasks:<br> >> - debug: var=ansible_fqdn<br> >> - name: Configure admin user account<br> >> user:<br> >> name: admin<br> >> groups:<br> >> - admin<br> >><br> >> - name: Install Pulp<br> >> hosts: engineering_services_pulp<br> >> # gather_facts: false<br> >> vars:<br> >> # required by pulp_installer: <a href="https://pulp-installer.readthedocs.io/en/latest/#system-requirements" rel="noreferrer" target="_blank">https://pulp-installer.readthedocs.io/en/latest/#system-requirements</a><br> >> # TODO: this is now set in ansible.cfg bc it doesn't work when set here or in inventory<br> >> # allow_world_readable_tmpfiles: True<br> >> pulp_settings:<br> >> secret_key: !vault |<br> >> $ANSIBLE_VAULT;1.1;AES256<br> >> 38383631633236306565616334663761363134613835323839653962323930616639656333653865<br> >> 3264363735643430626361383132653632316139396364370a613566396133393430663962666261<br> >> 35356165663639613535383563366638663635326662343133353339343262646265316630616162<br> >> 6337346131303833610a663232633339306231613738653233646466383638333934393765373034<br> >> 63346437343834653964366666333061303634313864333031323735326134626432626535613436<br> >> 62643731343836626436383438643862396166636263646330646332633637363765623866343733<br> >> 616635326537346163646564653134386666<br> >> content_origin: "http://{{ ansible_fqdn }}:8080"<br> >> pulp_default_admin_password: !vault |<br> >> $ANSIBLE_VAULT;1.1;AES256<br> >> 35636365316538376363643965323035306461643239306433353665623438633535633763613662<br> >> 6266346236393736616532636230393136303966383339310a306563323838326431386432626465<br> >> 30316164383265303932643865323033623938656136306665356665336262613233653866386165<br> >> 3164396261326563640a613464353364656130396333613531383864323434316533663932303766<br> >> 3938<br> >> pulp_content_host: "{{ ansible_fqdn }}"<br> >> # pulp_content_port: 24816<br> >> pulp_content_port: 8080<br> >> pulp_api_host: "{{ ansible_fqdn }}"<br> >> # pulp_content_port: 24817<br> >> pulp_content_bind: "{{ pulp_content_host }}:{{ pulp_content_port }}"<br> >> pulp_install_plugins:<br> >> # galaxy-ng: {}<br> >> pulp-ansible: {}<br> >> # pulp-certguard: {}<br> >> pulp-container: {}<br> >> # pulp-cookbook: {}<br> >> pulp-deb: {}<br> >> pulp-file: {}<br> >> # pulp-gem: {}<br> >> # pulp-maven: {}<br> >> # pulp-npm: {}<br> >> pulp-python: {}<br> >> # pulp-rpm: {}<br> >> pre_tasks:<br> >> # The version string below is the highest of all those in roles' metadata:<br> >> # "min_ansible_version". It needs to be kept manually up-to-date.<br> >> - name: Verify Ansible meets min required version<br> >> assert:<br> >> that: "ansible_version.full is version_compare('2.8', '>=')"<br> >> msg: ><br> >> "You must update Ansible to at least 2.8 to use this version of Pulp 3 Installer."<br> >> roles:<br> >> - pulp_database<br> >> - pulp_workers<br> >> - pulp_resource_manager<br> >> - pulp_webserver<br> >> - pulp_content<br> >> environment:<br> >> DJANGO_SETTINGS_MODULE: pulpcore.app.settings<br> >><br> >> Thanks for your help.<br> >><br> >> Tim<br> ><br> > _______________________________________________<br> > Pulp-list mailing list<br> > <a href="mailto:Pulp-list@redhat.com" target="_blank">Pulp-list@redhat.com</a><br> > <a href="https://www.redhat.com/mailman/listinfo/pulp-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/pulp-list</a><br> <br> </blockquote></div> _______________________________________________<br> Pulp-list mailing list<br> <a href="mailto:Pulp-list@redhat.com" target="_blank">Pulp-list@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/pulp-list" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/pulp-list</a></blockquote></div> </blockquote></div></div> </blockquote></div> </blockquote></div> </blockquote></div></div> </blockquote></div> </blockquote></div>