<div dir="ltr"><div>Ben,<br></div><div>That depends a bit on the type of certificate you need to have.</div><div><br></div><div>If your box is exposed to the Internet (and i think you stated this does not apply here) you can use Let's encrypt:<br></div><div><a href="https://pulp-installer.readthedocs.io/en/latest/letsencrypt/">https://pulp-installer.readthedocs.io/en/latest/letsencrypt/</a></div><div><br></div><div>If you have certificates (and keys) signed by a CA ready, you can inject them to the ansible-installer with the variables explained here:</div><div><a href="https://pulp-installer.readthedocs.io/en/latest/roles/pulp_webserver/">https://pulp-installer.readthedocs.io/en/latest/roles/pulp_webserver/</a></div><div>Look for the ones prefixed with "pulp_webserver_tls".</div><div><br></div><div>If you didn't install with our ansible installer at all, you'd probably still be configuring a reverse proxy, and that is where the ssl/tls is happening.</div><div><br></div><div>If you did nothing like that, your installation will probably have a self-signed certificate, and i do not know how to make that available to curl, httpie or pulp-cli.<br></div><div><br></div><div>Hope that helps,</div><div> Matthias<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Apr 29, 2021 at 10:37 AM Ben Stanley <<a href="mailto:ben.stanley@gmail.com">ben.stanley@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Matthias,<br>
</p>
<p>This will become my production pulp server, so I should do it
properly. However, setting up and maintaining pulp is not in my
job description. I do it out of necessity (it makes my other jobs
much easier).</p>
<p>This server is not and will not be publicly accessible.<br>
</p>
<p>Would you be so kind as to link me to the setup step I'm missing
to set up the certificates?</p>
<p>Thanks,<br>
Ben.<br>
</p>
<div>On 29/4/21 6:27 pm, Matthias Dellweg
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Ben,</div>
<div>if this is for testing purpose only, and you don't care to
set up the certificates in your client, you can specify to not
validate them with the cli with "--no-verify-ssl".<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Apr 29, 2021 at 10:19
AM Ben Stanley <<a href="mailto:ben.stanley@gmail.com" target="_blank">ben.stanley@gmail.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Ina,</p>
<p>Thank you for this. I have started looking at the docs
and trying to follow them.</p>
<p>The first problem I had was how to install pulp-cli, but
I seem to have got that solved now.</p>
<p>Now I have the following problem:</p>
<p>pulp status<br>
Error: HTTPSConnectionPool(host='honeybee', port=443): Max
retries exceeded with url: /pulp/api/v3/docs/api.json
(Caused by SSLError(SSLError(1, '[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:877)'),))</p>
<p>I didn't explicitly set up any certificate, so maybe I
need to go back a few steps.<br>
</p>
<p>Ben.<br>
</p>
<div>On 29/4/21 5:10 am, Ina Panova wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hey Ben,</div>
<div><br>
</div>
<div>We also have docs on how to setup and run the
migration should that help you or make it easier for
you rather than following the video.</div>
<div>Also docs are getting regularly updated with the
recent changes, fixes ,etc <a href="https://pulp-2to3-migration.readthedocs.io/en/latest/workflows.html" target="_blank">https://pulp-2to3-migration.readthedocs.io/en/latest/workflows.html</a></div>
<div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr"><br>
<br>
--------<br>
Regards,<br>
<br>
Ina Panova<br>
Senior Software Engineer| Pulp| Red Hat Inc.<br>
<br>
"Do not go where the path may lead,<br>
go instead where there is no path and leave
a trail."<br>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Apr 28, 2021
at 2:46 PM David Davis <<a href="mailto:daviddavis@redhat.com" target="_blank">daviddavis@redhat.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi Ben,
<div><br>
</div>
<div>You're missing a slash.</div>
<div><br>
</div>
<div> http POST :/pulp/api/v3/migration-plans/
<MyPlan.json</div>
<div><br>
</div>
<div>The 301 response is trying to redirect you to <a href="https://localhost/pulp/api/v3/migration-plans/" target="_blank">https://localhost/pulp/api/v3/migration-plans/</a>.<br>
</div>
<div><br>
</div>
<div>Also, we've since added support for the
pulp-2to3-migration to our CLI which may be a bit
easier to use than httpie.</div>
<div><br>
</div>
<div><a href="https://github.com/pulp/pulp-cli" target="_blank">https://github.com/pulp/pulp-cli</a></div>
<div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>David</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Apr 28,
2021 at 4:32 AM Ben Stanley <<a href="mailto:ben.stanley@gmail.com" target="_blank">ben.stanley@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Pulp
People,<br>
<br>
I think I've finally got my pulp3 + plugins
installed. I can access <br>
<a href="http://localhost/pulp/api/v3/" rel="noreferrer" target="_blank">http://localhost/pulp/api/v3/</a>
and see the schema.<br>
<br>
Now I'm up to trying to migrate the content from
my pulp2 server. I have <br>
installed the pulp-2to3-migration plugin (note
that the ansible <br>
installation instructions didn't describe how to
do it. I manually added <br>
pulp-2to3-migration to the pulp_install.yml file).<br>
<br>
I'm following the instructions provided by Tanya
Tereshchenko in the <br>
video "Don't get stuck on Pulp 2!". I have created
a simple plan for the <br>
pulp-file plugin to import my ISO repos. I was
confused where Tanya <br>
starts using the http command. After quite a bit
of searching I found <br>
out that it is provided by the httpie package.<br>
<br>
So I tried the command<br>
<br>
http POST :/pulp/api/v3/migration-plans
<MyPlan.json<br>
<br>
Tanya's video shows the response:<br>
<br>
====================================<br>
HTTP/1.1 201 Created<br>
Access-Control-Expose-Headers: Correlation-ID<br>
Allow: GET, POST, HEAD, OPTIONS<br>
Connection: Keep-Alive<br>
Content-Length: 705<br>
Content-Type: application/json<br>
Correlation-ID: 166793e08cee499eb20573cfcf7befb5<br>
Date: Wed, 20 Jan 2021 13:22:32 GMT<br>
Keep-Alive: timeout=5, max=10000<br>
Location:
/pulp/api/v3/migration-plans/76aea09f-04a8-4ace-9188-1e5e579f76e0/<br>
Server: gunicorn/20.0.4<br>
Vary: Accept, Cookie<br>
X-Frame-Options: SAMEORIGIN<br>
==========================================<br>
<br>
Unfortunately my response looks very different:<br>
<br>
=========================================<br>
<a href="HTTP://1.1301" rel="noreferrer" target="_blank">HTTP://1.1301</a>
Moved Permanently<br>
Connection: keep-alive<br>
Content-Lenght: 169<br>
Content-Type: text/html<br>
Date: Wed, 28 Apr 2021 08:15:00 GMT<br>
Location: <a href="https://localhost/pulp/api/v3/migration-plans/" rel="noreferrer" target="_blank">https://localhost/pulp/api/v3/migration-plans/</a><br>
Server: nginx/1.16.1<br>
<br>
<html><br>
<head><title>301 Moved
Permanently</title></head><br>
<body><br>
<br>
<center><h1>301 Moved
Permanently</h1></center><br>
<hr><center>nginx/1.16.1</center><br>
</body><br>
</html><br>
==========================================<br>
<br>
What have I done wrong?<br>
<br>
I can see that Tanya's system is running gunicorn
web server, whereas in <br>
my system the response is provided by nginx
directly. Do I need to set <br>
up another web server? At the moment I'm just
running whatever ansible <br>
set up for me.<br>
<br>
Ben.<br>
<br>
<br>
_______________________________________________<br>
Pulp-list mailing list<br>
<a href="mailto:Pulp-list@redhat.com" target="_blank">Pulp-list@redhat.com</a><br>
<a href="https://listman.redhat.com/mailman/listinfo/pulp-list" rel="noreferrer" target="_blank">https://listman.redhat.com/mailman/listinfo/pulp-list</a><br>
<br>
</blockquote>
</div>
_______________________________________________<br>
Pulp-list mailing list<br>
<a href="mailto:Pulp-list@redhat.com" target="_blank">Pulp-list@redhat.com</a><br>
<a href="https://listman.redhat.com/mailman/listinfo/pulp-list" rel="noreferrer" target="_blank">https://listman.redhat.com/mailman/listinfo/pulp-list</a></blockquote>
</div>
</blockquote>
</div>
_______________________________________________<br>
Pulp-list mailing list<br>
<a href="mailto:Pulp-list@redhat.com" target="_blank">Pulp-list@redhat.com</a><br>
<a href="https://listman.redhat.com/mailman/listinfo/pulp-list" rel="noreferrer" target="_blank">https://listman.redhat.com/mailman/listinfo/pulp-list</a></blockquote>
</div>
</blockquote>
</div>
</blockquote></div>