Matthias,
Thanks for your response.
I did not provide any certificates to the ansible installation process
(I don't have access to any certificates), and I did not configure
letsencrypt (as the pulp server is not externally accessible).
I expect that the installation has created a self-signed certificate. I
think this will be adequate for my purposes, if someone can explain to
me how to allow me to use it with pulp-cli and clients.
If it is *necessary* to provide a certificate I will inquire internally
about how I can obtain one.
Thanks,
Ben Stanley.
On 29/4/21 6:55 pm, Matthias Dellweg wrote:
Ben,
That depends a bit on the type of certificate you need to have.
If your box is exposed to the Internet (and i think you stated this
does not apply here) you can use Let's encrypt:
https://pulp-installer.readthedocs.io/en/latest/letsencrypt/
<https://pulp-installer.readthedocs.io/en/latest/letsencrypt/>
If you have certificates (and keys) signed by a CA ready, you can
inject them to the ansible-installer with the variables explained here:
https://pulp-installer.readthedocs.io/en/latest/roles/pulp_webserver/
<https://pulp-installer.readthedocs.io/en/latest/roles/pulp_webserver/>
Look for the ones prefixed with "pulp_webserver_tls".
If you didn't install with our ansible installer at all, you'd
probably still be configuring a reverse proxy, and that is where the
ssl/tls is happening.
If you did nothing like that, your installation will probably have a
self-signed certificate, and i do not know how to make that available
to curl, httpie or pulp-cli.
Hope that helps,
Matthias
On Thu, Apr 29, 2021 at 10:37 AM Ben Stanley <[email protected]
<mailto:[email protected]>> wrote:
Matthias,
This will become my production pulp server, so I should do it
properly. However, setting up and maintaining pulp is not in my
job description. I do it out of necessity (it makes my other jobs
much easier).
This server is not and will not be publicly accessible.
Would you be so kind as to link me to the setup step I'm missing
to set up the certificates?
Thanks,
Ben.
On 29/4/21 6:27 pm, Matthias Dellweg wrote:
Ben,
if this is for testing purpose only, and you don't care to set up
the certificates in your client, you can specify to not validate
them with the cli with "--no-verify-ssl".
On Thu, Apr 29, 2021 at 10:19 AM Ben Stanley
<[email protected] <mailto:[email protected]>> wrote:
Ina,
Thank you for this. I have started looking at the docs and
trying to follow them.
The first problem I had was how to install pulp-cli, but I
seem to have got that solved now.
Now I have the following problem:
pulp status
Error: HTTPSConnectionPool(host='honeybee', port=443): Max
retries exceeded with url: /pulp/api/v3/docs/api.json (Caused
by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:877)'),))
I didn't explicitly set up any certificate, so maybe I need
to go back a few steps.
Ben.
On 29/4/21 5:10 am, Ina Panova wrote:
Hey Ben,
We also have docs on how to setup and run the migration
should that help you or make it easier for you rather than
following the video.
Also docs are getting regularly updated with the recent
changes, fixes ,etc
https://pulp-2to3-migration.readthedocs.io/en/latest/workflows.html
<https://pulp-2to3-migration.readthedocs.io/en/latest/workflows.html>
--------
Regards,
Ina Panova
Senior Software Engineer| Pulp| Red Hat Inc.
"Do not go where the path may lead,
go instead where there is no path and leave a trail."
On Wed, Apr 28, 2021 at 2:46 PM David Davis
<[email protected] <mailto:[email protected]>> wrote:
Hi Ben,
You're missing a slash.
http POST :/pulp/api/v3/migration-plans/ <MyPlan.json
The 301 response is trying to redirect you to
https://localhost/pulp/api/v3/migration-plans/
<https://localhost/pulp/api/v3/migration-plans/>.
Also, we've since added support for the
pulp-2to3-migration to our CLI which may be a bit easier
to use than httpie.
https://github.com/pulp/pulp-cli
<https://github.com/pulp/pulp-cli>
David
On Wed, Apr 28, 2021 at 4:32 AM Ben Stanley
<[email protected] <mailto:[email protected]>>
wrote:
Hello Pulp People,
I think I've finally got my pulp3 + plugins
installed. I can access
http://localhost/pulp/api/v3/
<http://localhost/pulp/api/v3/> and see the schema.
Now I'm up to trying to migrate the content from my
pulp2 server. I have
installed the pulp-2to3-migration plugin (note that
the ansible
installation instructions didn't describe how to do
it. I manually added
pulp-2to3-migration to the pulp_install.yml file).
I'm following the instructions provided by Tanya
Tereshchenko in the
video "Don't get stuck on Pulp 2!". I have created a
simple plan for the
pulp-file plugin to import my ISO repos. I was
confused where Tanya
starts using the http command. After quite a bit of
searching I found
out that it is provided by the httpie package.
So I tried the command
http POST :/pulp/api/v3/migration-plans <MyPlan.json
Tanya's video shows the response:
====================================
HTTP/1.1 201 Created
Access-Control-Expose-Headers: Correlation-ID
Allow: GET, POST, HEAD, OPTIONS
Connection: Keep-Alive
Content-Length: 705
Content-Type: application/json
Correlation-ID: 166793e08cee499eb20573cfcf7befb5
Date: Wed, 20 Jan 2021 13:22:32 GMT
Keep-Alive: timeout=5, max=10000
Location:
/pulp/api/v3/migration-plans/76aea09f-04a8-4ace-9188-1e5e579f76e0/
Server: gunicorn/20.0.4
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN
==========================================
Unfortunately my response looks very different:
=========================================
HTTP://1.1301 <HTTP://1.1301> Moved Permanently
Connection: keep-alive
Content-Lenght: 169
Content-Type: text/html
Date: Wed, 28 Apr 2021 08:15:00 GMT
Location:
https://localhost/pulp/api/v3/migration-plans/
<https://localhost/pulp/api/v3/migration-plans/>
Server: nginx/1.16.1
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
==========================================
What have I done wrong?
I can see that Tanya's system is running gunicorn
web server, whereas in
my system the response is provided by nginx
directly. Do I need to set
up another web server? At the moment I'm just
running whatever ansible
set up for me.
Ben.
_______________________________________________
Pulp-list mailing list
[email protected] <mailto:[email protected]>
https://listman.redhat.com/mailman/listinfo/pulp-list
<https://listman.redhat.com/mailman/listinfo/pulp-list>
_______________________________________________
Pulp-list mailing list
[email protected] <mailto:[email protected]>
https://listman.redhat.com/mailman/listinfo/pulp-list
<https://listman.redhat.com/mailman/listinfo/pulp-list>
_______________________________________________
Pulp-list mailing list
[email protected] <mailto:[email protected]>
https://listman.redhat.com/mailman/listinfo/pulp-list
<https://listman.redhat.com/mailman/listinfo/pulp-list>
_______________________________________________
Pulp-list mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/pulp-list
