[Pulp-dev] Pulp Installers team meeting minutes 2021-06-10 to 2021-07-07

Mike DePaulo mikedep333 at redhat.com
Thu Jul 8 15:35:21 UTC 2021

It looks like I haven't sent multiple previous minutes, so here is the last

## Jul 14 Agenda
* 2 user requests for offline installation
    * My IRC explanation
        * For a disconnected install, you need to use RPMs (install from a
yum a mirror of pulp) rather than installing from pip packages, and you
need to add offline copies of repos to the system yourself beforehand.
            * set pulp_install_plugins to packages
            * Set pulp_pkg_repo to your network's copy of
ansible_distribution_major_version }}/$basearch/
            * Add the other repos like the centos software collection (that
it tried to add) manually before running the installer.
            * You also need to modify the files under /etc/yum.repos.d/
that got added by the packages centos-release-scl-rh and centos-release-scl
so that they are disabled, and your network's mirror is used instead.
        * I've been meaning to implement a better alternative to #4:
        * Also, this requires CentOS 7 / RHEL 7 or CentOS 8 / RHEL 8.
Because RPM packages only exist for them (and they are actually provided by
our sister project Foreman, and they do not make every plugin available.)

## Jul 07 Agenda
* [Optimizing the db fields key generation](
    * I think I should stop spending time on this just because it is
optimizing code, and I've spent like 1.5 days on it.
    * Mike to follow up with Dennis
* Mike still debugging the pulplift Mac issues
    * Mike unable to reproducing DavidN's virtualbox performance issue,
which suggests something else on his laptop is amiss

## Jun 30 Agenda
* tons of backporting to 3.11
* lots of little CI breakage (actually ability to install breakage often)
* [pulplift on Mac issues](https://hackmd.io/IsVY2y8RQn6bPZjWOQTERQ)
    * Dennis working on docker kfor the sake of the galaxy_ng devs

## Jun 16 Agenda
* Fixed CI with inspec
* Still need to schedule a scope reduction meeting
    * Mike to survey what features / support are adding lots of code
        * Like causing really complex jinja2 in certain tasks.

## Jun 10 Agenda
* People not updating code in multiple places
    * I want to apologize if it sounded like I was scolding in the 5/27
    * Bruno Rocha was affected by this recently (added cloning to
pulp_common, but cloning was in molecule prepare.yml)
    * Do people have any suggestions on this other than encouraging devs to
        * [ppicka] Dropping complexity will reduce code & minimize this
* I noticed inconsistencies between how we import keys:
    * pulp webserver TLS has 3 vars:
        * `pulp_webserver_tls_key`: Relative or absolute path to the TLS
(SSL) key
           one wants to import.
        * `pulp_webserver_tls_custom_ca_cert` A custom CA certificate to
import on the server.
        * `pulp_webserver_tls_files_remote`: Whether or not
          `pulp_webserver_tls_key` & `pulp_webserver_tls_custom_ca_cert`
are on the webserver (`true`)
           or on the ansible management node (`false`). Defaults to `false`.
    * pulp token has 1 var:
        * `pulp_token_auth_key`: Location of the openssl private key (in
pem format) to use for token
          authentication. If not specified, a new key wil be generated.
    * Should we add the latter 2 options for token auth?
        * Agreed: Ask (& write up) if anyone will need the cert import.
They both make sense though.
* Scope reduction proposals
    * Agreed: We will cover this in a separate meeting. Advertise to users?
    * Problem: Too much work to maintain pulp_installer
    * Proposed:
        * 1. Drop support for upgrades from early Pulp 3.x releases.
            * Eliminates need for this portion of [this epic]() "We no
longer need system-wide packages, so we should remove support for it, and
migrate user installs off of it, as safely as possible."
        * 2. Drop EL7 support
            * However, [adding Python 3.8 support was easy after all](
            * [Awaiting confirmation that we can do this](
            * Pavel & mikedep333 agree that maintaining support for Ubuntu
would be much easier than maintaining support for EL7.
            * Drop Python2 support from the managed node, but we can just
pre-require Python3 (assuming SELinux bindings exist.)
        * 3. Drop Python2 support from the managmenet node.
        * 4. Drop FIPS (& future-implemented SELinux) CI tests
            * Another reason is that on some distros the source/devel CI
takes 1:40, others more like 4:00.
            * We will encounter breakage at `vagrant up` time though.
        * 5. What else? Othercustomization options like custom install
paths that bloat our ansible tasks with lots of jinja2?
* Latest CI failure
    * Error downloading debian key:
    * https://github.com/pulp/pulp_installer/pull/651
    * Note: This is good that CI is catching unreliable 3rd party repos,
users would occassionally experience this.


Mike DePaulo

He / Him / His

Service Reliability Engineer, Pulp

Red Hat <https://www.redhat.com/>

IM: mikedep333

GPG: 51745404
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20210708/a73602dc/attachment.htm>

More information about the Pulp-dev mailing list