Bug 1918487
| Summary: | Create secure Pulp 3 deployment layout on disk | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Stephen Wadeley <swadeley> |
| Component: | Pulp | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED ERRATA | QA Contact: | Stephen Wadeley <swadeley> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.9.0 | Keywords: | Triaged |
| Target Milestone: | 6.9.0 | ||
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-04-21 13:25:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Stephen Wadeley
2021-01-20 20:48:44 UTC
Hello
Testing on Sat6.9 Snap 10
Now we can see settings.py under `/etc/pulp/`:
[root@dhcp-3-104 ~]# ls /etc/pulp/
content repo_auth.conf server server.conf settings.py streamer.conf vhosts80
[root@dhcp-3-104 ~]#
root@dhcp-3-104 ~]# systemctl cat pulpcore-api.service
# /etc/systemd/system/pulpcore-api.service
[Unit]
Description=Pulp API Server
After=network.target
Requires=pulpcore-api.socket
[Service]
Type=notify
Environment="DJANGO_SETTINGS_MODULE=pulpcore.app.settings"
Environment="PULP_SETTINGS=/etc/pulp/settings.py"
User=pulp
Group=pulp
WorkingDirectory=/var/lib/pulp
RuntimeDirectory=pulpcore-api
ExecStart=/usr/libexec/pulpcore/gunicorn pulpcore.app.wsgi:application \
--access-logfile -
ExecReload=/bin/kill -s HUP $MAINPID
ProtectSystem=full
PrivateTmp=yes
PrivateDevices=yes
SyslogIdentifier=pulpcore-api
# This provides reconnect support for PostgreSQL and Redis. Without reconnect support, if either
# is not available at startup or becomes disconnected, this process will die and not respawn.
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
[root@dhcp-3-104 ~]# systemctl cat pulpcore-content.socket
# /etc/systemd/system/pulpcore-content.socket
[Unit]
Description=Pulp Content App socket
[Socket]
ListenStream=/run/pulpcore-content.sock
SocketUser=apache
SocketMode=0600
[Install]
WantedBy=sockets.target
[root@dhcp-3-104 ~]#
[root@dhcp-3-104 ~]# systemctl cat pulpcore-content.service
# /etc/systemd/system/pulpcore-content.service
[Unit]
Description=Pulp Content App
Requires=pulpcore-content.socket
After=network.target
[Service]
Type=notify
Environment="DJANGO_SETTINGS_MODULE=pulpcore.app.settings"
Environment="PULP_SETTINGS=/etc/pulp/settings.py"
User=pulp
Group=pulp
WorkingDirectory=/var/lib/pulp
RuntimeDirectory=pulpcore-content
ExecStart=/usr/libexec/pulpcore/gunicorn pulpcore.content:server \
--worker-class 'aiohttp.GunicornWebWorker' \
-w 2 \
--access-logfile -
ExecReload=/bin/kill -s HUP $MAINPID
SyslogIdentifier=pulpcore-content
# This provides reconnect support for PostgreSQL and Redis. Without reconnect support, if either
# is not available at startup or becomes disconnected, this process will die and not respawn.
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
[root@dhcp-3-104 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1313 |