[Pulp-list] Publishing web-accessible symlinks

2016-06-17 Thread Baird, Josh 
Hi,

We cut quarterly snapshots of the RHEL repositories and publish them as 
'/rhel/7Server/x86_64/snapshot/2016XXYY.'  I'm looking for a way to create a 
'latest' symlink (/rhel/7Server/x86_64/snapshot/latest -> 2016XXYY) that links 
to the latest snapshot date available.

Is there any way to create and publish web-accessible symlinks with Pulp?

Thanks,

Josh
___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

Re: [Pulp-list] Publishing web-accessible symlinks

2016-06-17 Thread Kodiak Firesmith 
Dunno how technically correct this solution is, but it seems to work:

$pwd
/var/www/pub/yum/https/repos/

$sudo -u apache ln -s rhel-os/server/7/7Server/x86_64 rhel-7-latest

$ls -lah
drwxr-x---.  3 apache apache   33 Jun 17 10:38 rhel-os
lrwxrwxrwx.  1 apache apache   31 Jun 17 11:49 rhel-7-latest ->
rhel-os/server/7/7Server/x86_64

Contents of my RHEL 7 repos are now avail at rhel-7-latest:
https://pulp-beta.somecollege.edu/pulp/repos/rhel-7-latest/

That's a helluva lot simpler than my original thought for you quandry which
would be to create a blank repo called rhel-7-server-latest, do an rpm copy
job on all the rpms in your latest snapshot, then tear that -latest repo
down and recreate quarterly with the new latest quarterly snapshot.

 - Kodiak


On Fri, Jun 17, 2016 at 11:21 AM, Baird, Josh  wrote:

> Hi,
>
>
>
> We cut quarterly snapshots of the RHEL repositories and publish them as
> ‘/rhel/7Server/x86_64/snapshot/2016XXYY.’  I’m looking for a way to create
> a ‘latest’ symlink (/rhel/7Server/x86_64/snapshot/latest -> 2016XXYY) that
> links to the latest snapshot date available.
>
>
>
> Is there any way to create and publish web-accessible symlinks with Pulp?
>
>
>
> Thanks,
>
>
>
> Josh
>
> ___
> Pulp-list mailing list
> Pulp-list@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

Re: [Pulp-list] Publishing web-accessible symlinks

2016-06-17 Thread Baird, Josh 
Yeah, this does work.  I was hoping to be able to somehow do this via the API 
or pulp-admin since that’s how we create the snapshots.

From: Kodiak Firesmith [mailto:kfiresm...@gmail.com]
Sent: Friday, June 17, 2016 11:57 AM
To: Baird, Josh 
Cc: pulp-list@redhat.com
Subject: Re: [Pulp-list] Publishing web-accessible symlinks

Dunno how technically correct this solution is, but it seems to work:

$pwd
/var/www/pub/yum/https/repos/

$sudo -u apache ln -s rhel-os/server/7/7Server/x86_64 rhel-7-latest
$ls -lah
drwxr-x---.  3 apache apache   33 Jun 17 10:38 rhel-os
lrwxrwxrwx.  1 apache apache   31 Jun 17 11:49 rhel-7-latest -> 
rhel-os/server/7/7Server/x86_64
Contents of my RHEL 7 repos are now avail at rhel-7-latest:  
https://pulp-beta.somecollege.edu/pulp/repos/rhel-7-latest/
That's a helluva lot simpler than my original thought for you quandry which 
would be to create a blank repo called rhel-7-server-latest, do an rpm copy job 
on all the rpms in your latest snapshot, then tear that -latest repo down and 
recreate quarterly with the new latest quarterly snapshot.
 - Kodiak


On Fri, Jun 17, 2016 at 11:21 AM, Baird, Josh 
mailto:jba...@follett.com>> wrote:
Hi,

We cut quarterly snapshots of the RHEL repositories and publish them as 
‘/rhel/7Server/x86_64/snapshot/2016XXYY.’  I’m looking for a way to create a 
‘latest’ symlink (/rhel/7Server/x86_64/snapshot/latest -> 2016XXYY) that links 
to the latest snapshot date available.

Is there any way to create and publish web-accessible symlinks with Pulp?

Thanks,

Josh

___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

Re: [Pulp-list] Publishing web-accessible symlinks

2016-06-17 Thread Kodiak Firesmith 
Well an RPM repo copy job is basically just a ton of symlinks.  The problem
you'll have is each time you do it if you want the old stuff gone before
updating -latest to the newest snapshot copy you'll have to remove
everything in latest then re-copy.

I don't see an easier way but then again we roll risky - we let the updates
come as they appear upstream.

On Fri, Jun 17, 2016 at 12:00 PM, Baird, Josh  wrote:

> Yeah, this does work.  I was hoping to be able to somehow do this via the
> API or pulp-admin since that’s how we create the snapshots.
>
>
>
> *From:* Kodiak Firesmith [mailto:kfiresm...@gmail.com]
> *Sent:* Friday, June 17, 2016 11:57 AM
> *To:* Baird, Josh 
> *Cc:* pulp-list@redhat.com
> *Subject:* Re: [Pulp-list] Publishing web-accessible symlinks
>
>
>
> Dunno how technically correct this solution is, but it seems to work:
>
> $pwd
> /var/www/pub/yum/https/repos/
>
> $sudo -u apache ln -s rhel-os/server/7/7Server/x86_64 rhel-7-latest
>
> $ls -lah
> drwxr-x---.  3 apache apache   33 Jun 17 10:38 rhel-os
> lrwxrwxrwx.  1 apache apache   31 Jun 17 11:49 rhel-7-latest ->
> rhel-os/server/7/7Server/x86_64
>
> Contents of my RHEL 7 repos are now avail at rhel-7-latest:
> https://pulp-beta.somecollege.edu/pulp/repos/rhel-7-latest/
>
> That's a helluva lot simpler than my original thought for you quandry
> which would be to create a blank repo called rhel-7-server-latest, do an
> rpm copy job on all the rpms in your latest snapshot, then tear that
> -latest repo down and recreate quarterly with the new latest quarterly
> snapshot.
>
>  - Kodiak
>
>
>
>
>
> On Fri, Jun 17, 2016 at 11:21 AM, Baird, Josh  wrote:
>
> Hi,
>
>
>
> We cut quarterly snapshots of the RHEL repositories and publish them as
> ‘/rhel/7Server/x86_64/snapshot/2016XXYY.’  I’m looking for a way to create
> a ‘latest’ symlink (/rhel/7Server/x86_64/snapshot/latest -> 2016XXYY) that
> links to the latest snapshot date available.
>
>
>
> Is there any way to create and publish web-accessible symlinks with Pulp?
>
>
>
> Thanks,
>
>
>
> Josh
>
>
> ___
> Pulp-list mailing list
> Pulp-list@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
>
___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

[Pulp-list] Pulp 2.8.5 Beta Released with Security and bug fixes

2016-06-17 Thread Sean Myers 
Pulp 2.8.5 Beta 1 is now available in the beta repositories:

https://repos.fedorapeople.org/repos/pulp/pulp/beta/2.8/

This release addresses two identified Pulp platform security flaws,
and also includes bugfixes for the Pulp platform and all supported plugins.


Upgrading
=

User action is required to address the CVEs associated with this upgrade!

Included in the list of :fixedbugs:`2.8.4` are two CVEs:

CVE-2016-3696: Leakage of CA key in pulp-qpid-ssl-cfg
CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password and seed


Upgrade instructions


The CVEs require user interaction to remedy if you have been using qpid, and if
you used pulp-qpid-ssl-cfg to generate the TLS keys. Rabbit users and users who
generated their own keys for qpidd are not affected by these CVEs.

Begin by upgrading to Pulp 2.8.4 and running migrations:

> $ sudo systemctl stop qpidd httpd pulp_workers pulp_resource_manager 
> pulp_celerybeat goferd
> $ sudo yum upgrade
> $ sudo -u apache pulp-manage-db

Note: You don't need to restart goferd if goferd isn't installed.

Any qpidd CA, server and client certificate and key pairs that were generated 
with
pulp-qpid-ssl-cfg are unsafe and should be replaced. After upgrading to 2.8.4
(as we did above), you can use the script to replace the certificates and keys:

> $ sudo pulp-qpid-ssl-cfg

Now we are ready to start the services again:

> $ sudo systemctl start qpidd httpd pulp_workers pulp_resource_manager 
> pulp_celerybeat goferd


Issues Addressed


  Crane
1958uninstall causes POSTUN script failure
  Docker Support
1994Docker v1 links missed by 0002 (storage path) migration.
1831sync of non-existing repo does not report an error
1644Users cannot download Blobs in parallel
1646It is theoretically possible for a v2 sync to enter an infinite 
recursion loop
1909Repository syncs fail
  Nectar
1372Nectar logging is vague when a certificate is untrusted.
1820Fix checking for config.proxy_username
  OSTree Support
1934OSTree syncs are broken
  Pulp
1923POST /pulp/api/v2/content/actions/delete_orphans/ is broken
1854CVE-2016-3696 Leakage of CA key in pulp-qpid-ssl-cfg
1712Our packages that depend on pulp-selinux do not Require: that 
package in our spec file
1858CVE-2016-3704: Unsafe use of bash $RANDOM for NSS DB password 
and seed
1890pulp-qpid-ssl-cfg echoes the NSS DB password
1937Syncing a puppet module with the same content as a different 
repo results in no content
1113If an instance of pulp_celerybeat dies unexpectedly, Pulp 
incorrectly tries to "cancel all tasks in its queue"
  Puppet Support
1950module upload fails with IOError: [Errno 2] No such file or 
directory
1879Incorrect name when syncing puppet module from the filesystem
1880PLP: Update failed (The dotted field 
'thomasmckay-rsync-0.4.1-thomasmckay'
  Python Support
1973Repo symlinks are not removed after repository delete
  RPM Support
1944YumMetadataFile copy does not save its new storage_path
1954The distribution storage path migration fails when variant is 
not in the document.
2007Errata install API should expect 'id' as part of unit key
1895Recursive RPM unit copies are not recursive
1897catalog entries not created for pre-existing units
858 As a user, I would like to receive updated errata metadata
1462Errata Install to Content Host takes too long and doesn't scale 
well
1955Need a migration to ensure that Distribution units have a 
default value of '' for variant.
1972migration 28 misses distribution symlinks
1775Content removed from a repository never returns
1979metadata unit copy action creates incorrect unit count on repo
1901Fix error handling during the erratum update
1910Errata update fails when id of the repo is added to the 
existing collection
1288warning log level for "Overwriting existing metadata file" is 
misleading
1783figure out how we want to test collections and package lists in 
errata advisories



signature.asc
Description: OpenPGP digital signature
___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

Re: [Pulp-list] Publishing web-accessible symlinks

2016-06-17 Thread Jiri Tyr 
I would create a repo called "latest" which I would sync every quarter.
Right after every sync, I would create the snapshot "2016XXYY" by copying
all the content of the "latest" repo to the snapshot repo:

# Do once:
pulp-admin rpm repo create --repo-id latest --feed
https://server.com/path/to/the/repo/

# Do every quarter:
pulp-admin rpm repo sync run --repo-id latest
pulp-admin rpm repo create --repo-id 2016XXYY
pulp-admin rpm repo copy all --from-repo-id latest --to-repo-id 2016XXYY

The snapshot repo won't take any extra disk space as it's just a bunch of
symlinks.


On Fri, Jun 17, 2016 at 5:08 PM, Kodiak Firesmith 
wrote:

> Well an RPM repo copy job is basically just a ton of symlinks.  The
> problem you'll have is each time you do it if you want the old stuff gone
> before updating -latest to the newest snapshot copy you'll have to remove
> everything in latest then re-copy.
>
> I don't see an easier way but then again we roll risky - we let the
> updates come as they appear upstream.
>
> On Fri, Jun 17, 2016 at 12:00 PM, Baird, Josh  wrote:
>
>> Yeah, this does work.  I was hoping to be able to somehow do this via the
>> API or pulp-admin since that’s how we create the snapshots.
>>
>>
>>
>> *From:* Kodiak Firesmith [mailto:kfiresm...@gmail.com]
>> *Sent:* Friday, June 17, 2016 11:57 AM
>> *To:* Baird, Josh 
>> *Cc:* pulp-list@redhat.com
>> *Subject:* Re: [Pulp-list] Publishing web-accessible symlinks
>>
>>
>>
>> Dunno how technically correct this solution is, but it seems to work:
>>
>> $pwd
>> /var/www/pub/yum/https/repos/
>>
>> $sudo -u apache ln -s rhel-os/server/7/7Server/x86_64 rhel-7-latest
>>
>> $ls -lah
>> drwxr-x---.  3 apache apache   33 Jun 17 10:38 rhel-os
>> lrwxrwxrwx.  1 apache apache   31 Jun 17 11:49 rhel-7-latest ->
>> rhel-os/server/7/7Server/x86_64
>>
>> Contents of my RHEL 7 repos are now avail at rhel-7-latest:
>> https://pulp-beta.somecollege.edu/pulp/repos/rhel-7-latest/
>>
>> That's a helluva lot simpler than my original thought for you quandry
>> which would be to create a blank repo called rhel-7-server-latest, do an
>> rpm copy job on all the rpms in your latest snapshot, then tear that
>> -latest repo down and recreate quarterly with the new latest quarterly
>> snapshot.
>>
>>  - Kodiak
>>
>>
>>
>>
>>
>> On Fri, Jun 17, 2016 at 11:21 AM, Baird, Josh  wrote:
>>
>> Hi,
>>
>>
>>
>> We cut quarterly snapshots of the RHEL repositories and publish them as
>> ‘/rhel/7Server/x86_64/snapshot/2016XXYY.’  I’m looking for a way to create
>> a ‘latest’ symlink (/rhel/7Server/x86_64/snapshot/latest -> 2016XXYY) that
>> links to the latest snapshot date available.
>>
>>
>>
>> Is there any way to create and publish web-accessible symlinks with Pulp?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Josh
>>
>>
>> ___
>> Pulp-list mailing list
>> Pulp-list@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
>>
>>
>>
>
>
> ___
> Pulp-list mailing list
> Pulp-list@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list