Ben, That depends a bit on the type of certificate you need to have. If your box is exposed to the Internet (and i think you stated this does not apply here) you can use Let's encrypt: https://pulp-installer.readthedocs.io/en/latest/letsencrypt/
If you have certificates (and keys) signed by a CA ready, you can inject them to the ansible-installer with the variables explained here: https://pulp-installer.readthedocs.io/en/latest/roles/pulp_webserver/ Look for the ones prefixed with "pulp_webserver_tls". If you didn't install with our ansible installer at all, you'd probably still be configuring a reverse proxy, and that is where the ssl/tls is happening. If you did nothing like that, your installation will probably have a self-signed certificate, and i do not know how to make that available to curl, httpie or pulp-cli. Hope that helps, Matthias On Thu, Apr 29, 2021 at 10:37 AM Ben Stanley <[email protected]> wrote: > Matthias, > > This will become my production pulp server, so I should do it properly. > However, setting up and maintaining pulp is not in my job description. I do > it out of necessity (it makes my other jobs much easier). > > This server is not and will not be publicly accessible. > > Would you be so kind as to link me to the setup step I'm missing to set up > the certificates? > > Thanks, > Ben. > On 29/4/21 6:27 pm, Matthias Dellweg wrote: > > Ben, > if this is for testing purpose only, and you don't care to set up the > certificates in your client, you can specify to not validate them with the > cli with "--no-verify-ssl". > > On Thu, Apr 29, 2021 at 10:19 AM Ben Stanley <[email protected]> > wrote: > >> Ina, >> >> Thank you for this. I have started looking at the docs and trying to >> follow them. >> >> The first problem I had was how to install pulp-cli, but I seem to have >> got that solved now. >> >> Now I have the following problem: >> >> pulp status >> Error: HTTPSConnectionPool(host='honeybee', port=443): Max retries >> exceeded with url: /pulp/api/v3/docs/api.json (Caused by >> SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify >> failed (_ssl.c:877)'),)) >> >> I didn't explicitly set up any certificate, so maybe I need to go back a >> few steps. >> >> Ben. >> On 29/4/21 5:10 am, Ina Panova wrote: >> >> Hey Ben, >> >> We also have docs on how to setup and run the migration should that help >> you or make it easier for you rather than following the video. >> Also docs are getting regularly updated with the recent changes, fixes >> ,etc https://pulp-2to3-migration.readthedocs.io/en/latest/workflows.html >> >> >> -------- >> Regards, >> >> Ina Panova >> Senior Software Engineer| Pulp| Red Hat Inc. >> >> "Do not go where the path may lead, >> go instead where there is no path and leave a trail." >> >> >> On Wed, Apr 28, 2021 at 2:46 PM David Davis <[email protected]> >> wrote: >> >>> Hi Ben, >>> >>> You're missing a slash. >>> >>> http POST :/pulp/api/v3/migration-plans/ <MyPlan.json >>> >>> The 301 response is trying to redirect you to >>> https://localhost/pulp/api/v3/migration-plans/. >>> >>> Also, we've since added support for the pulp-2to3-migration to our CLI >>> which may be a bit easier to use than httpie. >>> >>> https://github.com/pulp/pulp-cli >>> >>> David >>> >>> >>> On Wed, Apr 28, 2021 at 4:32 AM Ben Stanley <[email protected]> >>> wrote: >>> >>>> Hello Pulp People, >>>> >>>> I think I've finally got my pulp3 + plugins installed. I can access >>>> http://localhost/pulp/api/v3/ and see the schema. >>>> >>>> Now I'm up to trying to migrate the content from my pulp2 server. I >>>> have >>>> installed the pulp-2to3-migration plugin (note that the ansible >>>> installation instructions didn't describe how to do it. I manually >>>> added >>>> pulp-2to3-migration to the pulp_install.yml file). >>>> >>>> I'm following the instructions provided by Tanya Tereshchenko in the >>>> video "Don't get stuck on Pulp 2!". I have created a simple plan for >>>> the >>>> pulp-file plugin to import my ISO repos. I was confused where Tanya >>>> starts using the http command. After quite a bit of searching I found >>>> out that it is provided by the httpie package. >>>> >>>> So I tried the command >>>> >>>> http POST :/pulp/api/v3/migration-plans <MyPlan.json >>>> >>>> Tanya's video shows the response: >>>> >>>> ==================================== >>>> HTTP/1.1 201 Created >>>> Access-Control-Expose-Headers: Correlation-ID >>>> Allow: GET, POST, HEAD, OPTIONS >>>> Connection: Keep-Alive >>>> Content-Length: 705 >>>> Content-Type: application/json >>>> Correlation-ID: 166793e08cee499eb20573cfcf7befb5 >>>> Date: Wed, 20 Jan 2021 13:22:32 GMT >>>> Keep-Alive: timeout=5, max=10000 >>>> Location: >>>> /pulp/api/v3/migration-plans/76aea09f-04a8-4ace-9188-1e5e579f76e0/ >>>> Server: gunicorn/20.0.4 >>>> Vary: Accept, Cookie >>>> X-Frame-Options: SAMEORIGIN >>>> ========================================== >>>> >>>> Unfortunately my response looks very different: >>>> >>>> ========================================= >>>> HTTP://1.1301 Moved Permanently >>>> Connection: keep-alive >>>> Content-Lenght: 169 >>>> Content-Type: text/html >>>> Date: Wed, 28 Apr 2021 08:15:00 GMT >>>> Location: https://localhost/pulp/api/v3/migration-plans/ >>>> Server: nginx/1.16.1 >>>> >>>> <html> >>>> <head><title>301 Moved Permanently</title></head> >>>> <body> >>>> >>>> <center><h1>301 Moved Permanently</h1></center> >>>> <hr><center>nginx/1.16.1</center> >>>> </body> >>>> </html> >>>> ========================================== >>>> >>>> What have I done wrong? >>>> >>>> I can see that Tanya's system is running gunicorn web server, whereas >>>> in >>>> my system the response is provided by nginx directly. Do I need to set >>>> up another web server? At the moment I'm just running whatever ansible >>>> set up for me. >>>> >>>> Ben. >>>> >>>> >>>> _______________________________________________ >>>> Pulp-list mailing list >>>> [email protected] >>>> https://listman.redhat.com/mailman/listinfo/pulp-list >>>> >>>> _______________________________________________ >>> Pulp-list mailing list >>> [email protected] >>> https://listman.redhat.com/mailman/listinfo/pulp-list >> >> _______________________________________________ >> Pulp-list mailing list >> [email protected] >> https://listman.redhat.com/mailman/listinfo/pulp-list > >
_______________________________________________ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
