<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Matthias,</p>
<p>Thanks for your response.</p>
<p>I did not provide any certificates to the ansible installation
process (I don't have access to any certificates), and I did not
configure letsencrypt (as the pulp server is not externally
accessible).</p>
I expect that the installation has created a self-signed
certificate. I think this will be adequate for my purposes, if
someone can explain to me how to allow me to use it with pulp-cli
and clients.
<p>If it is *necessary* to provide a certificate I will inquire
internally about how I can obtain one.</p>
<p>Thanks,<br>
Ben Stanley.<br>
</p>
<div class="moz-cite-prefix">On 29/4/21 6:55 pm, Matthias Dellweg
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAG+ryNy5RAF28N-YovLBAoMJv5tZvrURvRuz==57S9iqFfwgQQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Ben,<br>
</div>
<div>That depends a bit on the type of certificate you need to
have.</div>
<div><br>
</div>
<div>If your box is exposed to the Internet (and i think you
stated this does not apply here) you can use Let's encrypt:<br>
</div>
<div><a
href="https://pulp-installer.readthedocs.io/en/latest/letsencrypt/"
moz-do-not-send="true">https://pulp-installer.readthedocs.io/en/latest/letsencrypt/</a></div>
<div><br>
</div>
<div>If you have certificates (and keys) signed by a CA ready,
you can inject them to the ansible-installer with the
variables explained here:</div>
<div><a
href="https://pulp-installer.readthedocs.io/en/latest/roles/pulp_webserver/"
moz-do-not-send="true">https://pulp-installer.readthedocs.io/en/latest/roles/pulp_webserver/</a></div>
<div>Look for the ones prefixed with "pulp_webserver_tls".</div>
<div><br>
</div>
<div>If you didn't install with our ansible installer at all,
you'd probably still be configuring a reverse proxy, and that
is where the ssl/tls is happening.</div>
<div><br>
</div>
<div>If you did nothing like that, your installation will
probably have a self-signed certificate, and i do not know how
to make that available to curl, httpie or pulp-cli.<br>
</div>
<div><br>
</div>
<div>Hope that helps,</div>
<div> Matthias<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Apr 29, 2021 at 10:37
AM Ben Stanley <<a href="mailto:ben.stanley@gmail.com"
moz-do-not-send="true">ben.stanley@gmail.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Matthias,<br>
</p>
<p>This will become my production pulp server, so I should
do it properly. However, setting up and maintaining pulp
is not in my job description. I do it out of necessity (it
makes my other jobs much easier).</p>
<p>This server is not and will not be publicly accessible.<br>
</p>
<p>Would you be so kind as to link me to the setup step I'm
missing to set up the certificates?</p>
<p>Thanks,<br>
Ben.<br>
</p>
<div>On 29/4/21 6:27 pm, Matthias Dellweg wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Ben,</div>
<div>if this is for testing purpose only, and you don't
care to set up the certificates in your client, you
can specify to not validate them with the cli with
"--no-verify-ssl".<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Apr 29, 2021
at 10:19 AM Ben Stanley <<a
href="mailto:ben.stanley@gmail.com" target="_blank"
moz-do-not-send="true">ben.stanley@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Ina,</p>
<p>Thank you for this. I have started looking at the
docs and trying to follow them.</p>
<p>The first problem I had was how to install
pulp-cli, but I seem to have got that solved now.</p>
<p>Now I have the following problem:</p>
<p>pulp status<br>
Error: HTTPSConnectionPool(host='honeybee',
port=443): Max retries exceeded with url:
/pulp/api/v3/docs/api.json (Caused by
SSLError(SSLError(1, '[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify
failed (_ssl.c:877)'),))</p>
<p>I didn't explicitly set up any certificate, so
maybe I need to go back a few steps.<br>
</p>
<p>Ben.<br>
</p>
<div>On 29/4/21 5:10 am, Ina Panova wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hey Ben,</div>
<div><br>
</div>
<div>We also have docs on how to setup and run
the migration should that help you or make it
easier for you rather than following the
video.</div>
<div>Also docs are getting regularly updated
with the recent changes, fixes ,etc <a
href="https://pulp-2to3-migration.readthedocs.io/en/latest/workflows.html"
target="_blank" moz-do-not-send="true">https://pulp-2to3-migration.readthedocs.io/en/latest/workflows.html</a></div>
<div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr"><br>
<br>
--------<br>
Regards,<br>
<br>
Ina Panova<br>
Senior Software Engineer| Pulp| Red
Hat Inc.<br>
<br>
"Do not go where the path may lead,<br>
go instead where there is no path
and leave a trail."<br>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Apr
28, 2021 at 2:46 PM David Davis <<a
href="mailto:daviddavis@redhat.com"
target="_blank" moz-do-not-send="true">daviddavis@redhat.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi Ben,
<div><br>
</div>
<div>You're missing a slash.</div>
<div><br>
</div>
<div> http POST
:/pulp/api/v3/migration-plans/
<MyPlan.json</div>
<div><br>
</div>
<div>The 301 response is trying to redirect
you to <a
href="https://localhost/pulp/api/v3/migration-plans/"
target="_blank" moz-do-not-send="true">https://localhost/pulp/api/v3/migration-plans/</a>.<br>
</div>
<div><br>
</div>
<div>Also, we've since added support for the
pulp-2to3-migration to our CLI which may
be a bit easier to use than httpie.</div>
<div><br>
</div>
<div><a
href="https://github.com/pulp/pulp-cli"
target="_blank" moz-do-not-send="true">https://github.com/pulp/pulp-cli</a></div>
<div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>David</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed,
Apr 28, 2021 at 4:32 AM Ben Stanley <<a
href="mailto:ben.stanley@gmail.com"
target="_blank" moz-do-not-send="true">ben.stanley@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Hello
Pulp People,<br>
<br>
I think I've finally got my pulp3 +
plugins installed. I can access <br>
<a href="http://localhost/pulp/api/v3/"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://localhost/pulp/api/v3/</a>
and see the schema.<br>
<br>
Now I'm up to trying to migrate the
content from my pulp2 server. I have <br>
installed the pulp-2to3-migration plugin
(note that the ansible <br>
installation instructions didn't describe
how to do it. I manually added <br>
pulp-2to3-migration to the
pulp_install.yml file).<br>
<br>
I'm following the instructions provided by
Tanya Tereshchenko in the <br>
video "Don't get stuck on Pulp 2!". I have
created a simple plan for the <br>
pulp-file plugin to import my ISO repos. I
was confused where Tanya <br>
starts using the http command. After quite
a bit of searching I found <br>
out that it is provided by the httpie
package.<br>
<br>
So I tried the command<br>
<br>
http POST :/pulp/api/v3/migration-plans
<MyPlan.json<br>
<br>
Tanya's video shows the response:<br>
<br>
====================================<br>
HTTP/1.1 201 Created<br>
Access-Control-Expose-Headers:
Correlation-ID<br>
Allow: GET, POST, HEAD, OPTIONS<br>
Connection: Keep-Alive<br>
Content-Length: 705<br>
Content-Type: application/json<br>
Correlation-ID:
166793e08cee499eb20573cfcf7befb5<br>
Date: Wed, 20 Jan 2021 13:22:32 GMT<br>
Keep-Alive: timeout=5, max=10000<br>
Location:
/pulp/api/v3/migration-plans/76aea09f-04a8-4ace-9188-1e5e579f76e0/<br>
Server: gunicorn/20.0.4<br>
Vary: Accept, Cookie<br>
X-Frame-Options: SAMEORIGIN<br>
==========================================<br>
<br>
Unfortunately my response looks very
different:<br>
<br>
=========================================<br>
<a href="HTTP://1.1301" rel="noreferrer"
target="_blank" moz-do-not-send="true">HTTP://1.1301</a>
Moved Permanently<br>
Connection: keep-alive<br>
Content-Lenght: 169<br>
Content-Type: text/html<br>
Date: Wed, 28 Apr 2021 08:15:00 GMT<br>
Location: <a
href="https://localhost/pulp/api/v3/migration-plans/"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://localhost/pulp/api/v3/migration-plans/</a><br>
Server: nginx/1.16.1<br>
<br>
<html><br>
<head><title>301 Moved
Permanently</title></head><br>
<body><br>
<br>
<center><h1>301 Moved
Permanently</h1></center><br>
<hr><center>nginx/1.16.1</center><br>
</body><br>
</html><br>
==========================================<br>
<br>
What have I done wrong?<br>
<br>
I can see that Tanya's system is running
gunicorn web server, whereas in <br>
my system the response is provided by
nginx directly. Do I need to set <br>
up another web server? At the moment I'm
just running whatever ansible <br>
set up for me.<br>
<br>
Ben.<br>
<br>
<br>
_______________________________________________<br>
Pulp-list mailing list<br>
<a href="mailto:Pulp-list@redhat.com"
target="_blank" moz-do-not-send="true">Pulp-list@redhat.com</a><br>
<a
href="https://listman.redhat.com/mailman/listinfo/pulp-list"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://listman.redhat.com/mailman/listinfo/pulp-list</a><br>
<br>
</blockquote>
</div>
_______________________________________________<br>
Pulp-list mailing list<br>
<a href="mailto:Pulp-list@redhat.com"
target="_blank" moz-do-not-send="true">Pulp-list@redhat.com</a><br>
<a
href="https://listman.redhat.com/mailman/listinfo/pulp-list"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://listman.redhat.com/mailman/listinfo/pulp-list</a></blockquote>
</div>
</blockquote>
</div>
_______________________________________________<br>
Pulp-list mailing list<br>
<a href="mailto:Pulp-list@redhat.com" target="_blank"
moz-do-not-send="true">Pulp-list@redhat.com</a><br>
<a
href="https://listman.redhat.com/mailman/listinfo/pulp-list"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://listman.redhat.com/mailman/listinfo/pulp-list</a></blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>