The latest Pulp in RHUI has the ability to sync Docker/OSTree content. RHUI needs to be updated to take advantage of these content types and serve them up for consumers. RHUI will need to: Sync OSTree repos Sync Docker content Serve docker content using Crane on CDS servers Serve OSTree content Provide client configurations to consume the content.
Failed QA. Docker repos are not available for CLI since they are not available to be added to an entitlement certificate: ISO 20161109/10 1. add Docker repos 2. sync them 3. generate an entitlement certificate, no docker repos displayed there to be included in the cert (see the attachment and logs below) 4. create custom client rpm 5. install that client rpm on a client machine 6. see all repos, but no dockers' Actual results: >> rhui (repo) => l Custom Repositories protected_repo unproteted_repo Red Hat Repositories redhat-cert_docker rhel6_mini_docker rhel7_rsyslog_docker Beta RHEL RHUI Server 7 Optional OS (x86_64) RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386) RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64) Red Hat Storage 2.0 (source) for RHUI (x86_64) Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386) Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64) >> rhui (sync) => dr Last Refreshed: 10:17:53 (updated every 5 seconds, ctrl+c to exit) Next Sync Last Sync Last Result ------------------------------------------------------------------------------ Beta RHEL RHUI Server 7 Optional OS (x86_64) 11-10-2016 15:52 11-10-2016 10:08 Success RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386) 11-10-2016 15:52 11-10-2016 09:52 Success RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64) 11-10-2016 15:52 11-10-2016 10:00 Success Red Hat Storage 2.0 (source) for RHUI (x86_64) 11-10-2016 15:52 11-10-2016 09:53 Success Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386) 11-10-2016 15:52 11-10-2016 09:53 Success Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64) 11-10-2016 15:52 11-10-2016 09:53 Success redhat-cert_docker 11-10-2016 15:54 11-10-2016 10:06 Success rhel6_mini 11-10-2016 15:59 11-10-2016 10:16 Success rhel7_rsyslog 11-10-2016 15:58 11-10-2016 10:16 Success Connected: rhua.example.com >> pulp-admin -u admin -p admin repo list +----------------------------------------------------------------------+ Repositories +----------------------------------------------------------------------+ Id: rhel-rhui-server-6-rhscl-1-debug-6Server-i386 Display Name: RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386) Description: RHEL RHUI Server 6 Rhscl 1 Debug (6Server-i386) Content Unit Counts: Id: rhs-2-for-rhui-server-source-x86_64 Display Name: Red Hat Storage 2.0 (source) for RHUI (x86_64) Description: Red Hat Storage 2.0 (source) for RHUI (x86_64) Content Unit Counts: Erratum: 10 Srpm: 40 Id: rhui-2.0-6Server-i386 Display Name: Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386) Description: Red Hat Update Infrastructure 2.0 (RPMs) (6Server-i386) Content Unit Counts: Id: rhui-2.0-6Server-x86_64 Display Name: Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64) Description: Red Hat Update Infrastructure 2.0 (RPMs) (6Server-x86_64) Content Unit Counts: Rpm: 95 Id: rhel-rhui-server-6-rhscl-1-debug-6Server-x86_64 Display Name: RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64) Description: RHEL RHUI Server 6 Rhscl 1 Debug (6Server-x86_64) Content Unit Counts: Erratum: 181 Rpm: 423 Yum Repo Metadata File: 1 Id: redhat-cert_docker Display Name: redhat-cert_docker Description: redhat-cert_docker Content Unit Counts: Docker Blob: 7 Docker Manifest: 7 Docker Tag: 7 Id: beta-rhel-rhui-server-7-optional-os-x86_64 Display Name: Beta RHEL RHUI Server 7 Optional OS (x86_64) Description: Beta RHEL RHUI Server 7 Optional OS (x86_64) Content Unit Counts: Rpm: 4473 Yum Repo Metadata File: 1 Id: rhel7_rsyslog Display Name: rhel7_rsyslog Description: rhel7_rsyslog Content Unit Counts: Docker Blob: 33 Docker Manifest: 21 Docker Tag: 21 Id: rhel6_mini Display Name: rhel6_mini Description: rhel6_mini Content Unit Counts: Docker Blob: 20 Docker Manifest: 22 Docker Tag: 22 Id: unproteted_repo Display Name: unproteted_repo Description: unproteted_repo Content Unit Counts: Rpm: 2 Id: protected_repo Display Name: protected_repo Description: protected_repo Content Unit Counts: Rpm: 2 >> rhui (client) => e Select one or more repositories to include in the entitlement certificate: Custom Repositories - 1 : protected/protected_repo protected_repo Red Hat Repositories - 2 : Beta RHEL RHUI Server 7 Optional OS - 3 : RHEL RHUI Server 6 Rhscl 1 Debug - 4 : RHEL RHUI Server 7 Optional OS - 5 : Red Hat Storage 2.0 (source) for RHUI - 6 : Red Hat Update Infrastructure 2.0 (RPMs) Enter value (1-6) to toggle selection, 'c' to confirm selections, or '?' for more commands: a Select one or more repositories to include in the entitlement certificate: Custom Repositories x 1 : protected/protected_repo protected_repo Red Hat Repositories x 2 : Beta RHEL RHUI Server 7 Optional OS x 3 : RHEL RHUI Server 6 Rhscl 1 Debug x 4 : RHEL RHUI Server 7 Optional OS x 5 : Red Hat Storage 2.0 (source) for RHUI x 6 : Red Hat Update Infrastructure 2.0 (RPMs) Enter value (1-6) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Name of the certificate. This will be used as the name of the certificate file (name.crt) and its associated private key (name.key). Choose something that will help identify the products contained with it: ent_rhel7_cli Local directory in which to save the generated certificate [current directory]: /tmp Number of days the certificate should be valid [365]: Repositories to be included in the entitlement certificate: Custom Entitlements protected/protected_repo Red Hat Repositories Beta RHEL RHUI Server 7 Optional OS RHEL RHUI Server 6 Rhscl 1 Debug RHEL RHUI Server 7 Optional OS Red Hat Storage 2.0 (source) for RHUI Red Hat Update Infrastructure 2.0 (RPMs) Proceed? (y/n) y ......+++ ...........................................+++ Entitlement certificate created at /tmp/ent_rhel7_cli.crt ------------------------------------------------------------------------------ rhui (client) => с Invalid menu item; type "?" for a list of available commands rhui (client) => c Full path to local directory in which the client configuration files generated by this tool should be stored (if this directory does not exist, it will be created): /tmp Name of the RPM: rpm_cli7 Version of the configuration RPM [2.0]: Full path to the entitlement certificate authorizing the client to access specific channels: /tmp/ent_rhel7_cli.crt Full path to the private key for the above entitlement certificate: /tmp/ent_rhel7_cli.key Port to serve Docker content on (default 5000): Select any unprotected repositories to be included in the client configuration: - 1 : unproteted_repo Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: 1 Select any unprotected repositories to be included in the client configuration: x 1 : unproteted_repo Enter value (1-1) to toggle selection, 'c' to confirm selections, or '?' for more commands: c Successfully created client configuration RPM. RPMs can be found at /tmp After custom client rpm install: >>yum repolist repo id repo name status rhui-beta-rhel-rhui-server-7-optional-os/x86_64 Beta RHEL RHUI Server 7 Optional OS 4,473 rhui-custom-protected_repo Custom Repositories - protected_repo 2 rhui-rhel-rhui-server-6-rhscl-1-debug/7Server/x86_64 RHEL RHUI Server 6 Rhscl 1 Debug 0 rhui-rhel-rhui-server-7-optional-os/7Server/x86_64 RHEL RHUI Server 7 Optional OS 0 rhui-rhs-2-for-rhui-server-source/x86_64 Red Hat Storage 2.0 (source) for RHUI 40 rhui-rhui-2.0/7Server/x86_64 Red Hat Update Infrastructure 2.0 (RPMs) 0 rhui-unproteted_repo unproteted_repo 2 repolist: 4,517
Created attachment 1219455 [details] no docker repos to add to the cert
there really isn't an entitlmenet workflow for docker repos... so adding them to a cert isn't really possible The way to consume the docker repo is to have the docker config point to the cds, then the docker client can pull from the rhui cds We do need to make sure that a 'client install' sets this properly. After looking into it further, it isn't clear if the 'client config rpm' does this in any meaningful way. Or if it can. Looking into it and will provide followup
Patrick, a custom cli rpm created in rhui-manager adds /etc/docker/certs.d/cds.example.com:5000/ca.crt on CLI machine. To create a custom cli rpm, one needs to generate an entitlement certificate first (Since crt and key files are prompted there). Entitlement certificate can be generated only when there are RH content or custom protected repos ssociated to RHUI. If one addes RH Docker repos ONLY and then wants to generate an entitlement certificate and create a custom cli rpm to make those Docker repos available to CLI, one will not be able to do it, since "There are no repository associated to RHUI, please add a Red Hat repo or create a custom repo in the manage repository subsection." is shown. It seems, it's not OK, agree?
Following instructions from comment #5, I was able to set up CLI to consume Docker content: >> docker pull rhel-cert_docker Using default tag: latest Trying to pull repository cds.example.com:5000/rhel-cert_docker ... latest: Pulling from cds.example.com:5000/rhel-cert_docker 30cf2e26a24f: Pull complete 99dd41655d8a: Pull complete 27dc5eaef277: Pull complete Digest: sha256:83d4e7a94b123449557323292c688141b858f479cf351c7d630c7018a0dd9dad Status: Downloaded newer image for cds.example.com:5000/rhel-cert_docker:latest >> docker images REPOSITORY TAG IMAGE ID CREATED SIZE cds.example.com:5000/rhel-cert_docker latest 44793dff9fef 8 weeks ago 299.1 MB
As for Atomic, things that we've tried work well. For example, after creating a configuration tar, copying it to an Atomic host and running install.sh, I'm able to do these things: ==== # ostree remote list rhui-rhel-rhui-atomic-7-ostree-repo # ostree pull rhui-rhel-rhui-atomic-7-ostree-repo:rhel-atomic-host/7/x86_64/standard 1 metadata, 0 content objects fetched; 837 B transferred in 1 seconds [root@ip-10-15-69-52 atomic-tar]# less ../.bash_history [root@ip-10-15-69-52 atomic-tar]# ostree remote summary rhui-rhel-rhui-atomic-7-ostree-repo * rhel-atomic-host/7/x86_64/standard Latest Commit (230 bytes): 42cfe1ca3305defb16dfd59cd0be5c539f19ea720dba861ed11e13941423ae86 ostree.static-deltas: {} # ostree log rhel-atomic-host/7/x86_64/standard commit 42cfe1ca3305defb16dfd59cd0be5c539f19ea720dba861ed11e13941423ae86 Date: 2016-11-30 02:14:24 +0000 Version: 7.3.1 (no subject) commit 90c9735becfff1c55c8586ae0f2c904bc0928f042cd4d016e9e0e2edd16e5e97 Date: 2016-10-26 14:24:09 +0000 Version: 7.3 (no subject) << History beyond this commit not fetched >> ==== Irina, can this RFE be considered VERIFIED? Or do you want to wait until the bugs in the dependency tree are all VERIFIED, too? Also, I don't think the needinfo regarding docker is necessary anymore.
clearing needinfo
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0367