Created
June 9, 2017 00:29
-
-
Save beattidp/103a4528a67c37095a720b33c7a542e6 to your computer and use it in GitHub Desktop.
Install Pulp repository management with Debian plugin on CentOS 7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## CentOS Linux release 7.3.1611 | |
| ## MongoDB 2.6.12 is the default version for this release | |
| ## Pulp Platform Version: 2.13.1 | |
| ## | |
| ## This is cleaned-up and sanitized chronology of several console sessions | |
| ## Confirm the VM is up and running on hypervisor | |
| macturbo:~ beattidp$ ssh root@smartos 'uname -a && date && vmadm list | grep linuxrepo' | |
| SunOS 18-a9-05-73-95-99 5.11 joyent_20150820T062742Z i86pc i386 i86pc | |
| June 6, 2017 09:56:58 PM UTC | |
| e63e516e-2660-471e-acd3-fb517538c487 KVM 3072 running linuxrepo01 | |
| ## Log in as root, and create an administrative user | |
| macturbo:~ beattidp$ ssh root@linuxrepo01 | |
| # adduser itserv | |
| # passwd itserv | |
| # gpasswd -a itserv wheel | |
| # su - itserv | |
| $ id | |
| uid=1000(itserv) gid=1000(itserv) groups=1000(itserv),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 | |
| ## Add public key | |
| $ ssh-keygen -t rsa | |
| $ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtqDSik3v05bltd4ReYlGbiTdwEChn06uBmtjB4LZbyzDGSyn1ldHIUKp971lIr1pi9Q0i905a0tftYrqEew7eAWx4q6i2UkzhwYwnqyFgef+PHqEEKWjjnkMP+IHzm/VofxsMr8H1+cqjbQ29eMNHV/shRaJwP4YZFxfXJLLoyR/ZzG56uvroTyCfHEwE2AWjk7iMfuTWXiswMePB5wPZnrR5rlyNq+WpiqmXGk5yi46aEPDA7jRhSQNYs0k9jnFWZcc9fK4Vh26P838twCQBivqgRaav0fUJE1617EHG6VYylioPRzZtMcLJ/hzoM4VY9D2u0UqPzhoz+Da7ribyQ== beattidp" >> .ssh/authorized_keys | |
| $ chmod 0644 .ssh/authorized_keys | |
| $ exit | |
| # echo "192.168.0.245 linuxrepo01.machine.local linuxrepo01" >> /etc/hosts | |
| # echo "itserv ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/itserv | |
| # chown root:root /etc/sudoers.d/itserv | |
| # chmod 0440 /etc/sudoers.d/itserv | |
| # sudo id | |
| # exit | |
| macturbo:~ beattidp$ ssh itserv@linuxrepo01 | |
| ## Basic provisioning, new server | |
| $ sudo yum -y install epel-release redhat-lsb-core git # open-vm-tools | |
| $ sudo yum -y update | |
| ## BUILD DEBIAN SUPPORT, the RPM packages for pulp_deb. First we need python-debpkgr >= 1.0.0 | |
| $ sudo yum -y install rpm-build python2-devel python-setuptools python-debian | |
| ## The Python setuptools provided with CentOS 7 are only v0.9.8 | |
| ## use pip to upgrade itself and to install latest setuptools | |
| $ sudo yum -y install python-pip | |
| $ sudo pip install -U pip setuptools | |
| ## re. https://github.com/sassoftware/python-debpkgr There is a PyPi release available, 1.0.1 | |
| ## Get debpkgr from https://pypi.python.org/pypi/debpkgr#downloads | |
| $ mkdir -p ~/Downloads | |
| $ cd ~/Downloads | |
| $ curl -O https://pypi.python.org/packages/3b/d3/1029963d5dd7806a10091b5edd5b42c8f9ee6d4dbf5eb42cce00f500527b/debpkgr-1.0.1.tar.gz | |
| $ mkdir -p ~/work | |
| $ cd ~/work | |
| $ tar xzf ~/Downloads/debpkgr-1.0.1.tar.gz | |
| $ cd debpkgr-1.0.1/ | |
| $ python setup.py bdist --formats=rpm | |
| $ sudo yum -y install dist/debpkgr-1.0.1-1.noarch.rpm | |
| ## Now build pulp-deb RPMs | |
| $ mkdir -p ~/rpmbuild/SOURCES/ | |
| $ cd ~/work/ | |
| $ git clone https://github.com/pulp/pulp_deb.git pulp-deb-1.5.1 | |
| [itserv@linuxrepo01 work]$ cd pulp-deb-1.5.1/ | |
| ## Apparently 'python-debpkgr' was renamed at 1.0.1 to 'debpkgr'? | |
| ## The spec file doesn't reflect this. Do a "sed-patch" right here. | |
| $ sed -i -E -e 's/^Requires: python-debpkgr/Requires: debpkgr/' pulp-deb.spec | |
| ## TEST/VERIFY: | |
| ## $ grep -n debpkgr pulp-deb.spec | |
| ## 94:Requires: debpkgr >= 1.0.0 | |
| ## Now create an archive of the current source folder in its expected location | |
| $ tar -C .. -czf ~/rpmbuild/SOURCES/pulp-deb-1.5.1.tar.gz pulp-deb-1.5.1 | |
| ## And build the RPMs... | |
| $ rpmbuild -ba ./pulp-deb.spec | |
| ## There should be 3 of them | |
| $ ls -1 ~/rpmbuild/RPMS/noarch/ | |
| pulp-deb-admin-extensions-1.5.1-1.el7.centos.noarch.rpm | |
| pulp-deb-plugins-1.5.1-1.el7.centos.noarch.rpm | |
| python-pulp-deb-common-1.5.1-1.el7.centos.noarch.rpm | |
| ## Add the Pulp repository | |
| $ sudo curl -o /etc/yum.repos.d/rhel-pulp.repo https://repos.fedorapeople.org/repos/pulp/pulp/rhel-pulp.repo | |
| $ sudo yum -y install mongodb-server | |
| $ sudo systemctl enable mongod | |
| $ sudo systemctl start mongod | |
| $ sudo yum -y install qpid-cpp-server qpid-cpp-server-linearstore | |
| $ sudo systemctl enable qpidd | |
| $ sudo systemctl start qpidd | |
| $ sudo yum -y install pulp-server python-gofer-qpid python-qpid qpid-tools | |
| $ sudo yum -y install pulp-rpm-plugins # pulp-puppet-plugins pulp-docker-plugins | |
| ## And install Debian package support; pulp_deb plugin plus admin | |
| $ cd ~/rpmbuild/RPMS/noarch/ | |
| $ sudo yum -y install ./python-pulp-deb-common-1.5.1-1.el7.centos.noarch.rpm | |
| $ sudo yum -y install ./pulp-deb-plugins-1.5.1-1.el7.centos.noarch.rpm | |
| $ sudo yum -y install ./pulp-deb-admin-extensions-1.5.1-1.el7.centos.noarch.rpm | |
| ## MongoDB command-line tools | |
| $ sudo yum -y install mongodb | |
| $ cd ~/tmp/ | |
| $ cat > newAdmin.js << _EOF | |
| /* newAdmin.js */ | |
| conn = new Mongo(); | |
| db = conn.getDB("admin"); | |
| db.createUser( | |
| { | |
| user: "mongoadmin", | |
| pwd: "Cpu#admin1", | |
| roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] | |
| } | |
| ) | |
| _EOF | |
| $ sudo -u mongodb mongo ./newAdmin.js | |
| $ rm newAdmin.js | |
| $ cat > pulpdbuser.js << _EOF | |
| /* pulpdbuser.js */ | |
| conn = new Mongo(); | |
| db = conn.getDB("pulp_database"); | |
| db.createUser( { | |
| user: "pulpdbuser", | |
| pwd: "Cpu#dbuser1", | |
| roles: [ "readWrite", | |
| "dbAdmin" ] } ) | |
| _EOF | |
| $ sudo -u mongodb mongo ./pulpdbuser.js | |
| $ rm pulpdbuser.js | |
| ## Make the MongoDB REST interface available for verification purposes; | |
| ## hide any bind_ip, implicit 0.0.0.0, enable REST interface over HTTP | |
| $ sudo sed -i -E -e "/bind_ip/ s/^/#/" /etc/mongod.conf | |
| $ sudo sed -i -E -e "/rest =/ s/#//" /etc/mongod.conf | |
| $ sudo sed -i -E -e "/httpinterface =/ s/#//" /etc/mongod.conf | |
| ## TEST/VERIFY: | |
| ## $ egrep "bind_ip =|rest =|httpinterface =" /etc/mongod.conf | |
| ## #bind_ip = 127.0.0.1 | |
| ## httpinterface = true | |
| ## rest = true | |
| $ sudo systemctl restart mongod | |
| ## TEST/VERIFY: | |
| ## $ curl -s --digest --user "mongoadmin:Cpu#admin1" `hostname`:28017 | head -n2 | |
| ## <html><head> | |
| ## <title>mongod linuxrepo01.machine.local</title> | |
| ## Open public REST interface to MongoDB | |
| $ sudo firewall-cmd --zone=public --add-port=28017/tcp --permanent | |
| $ sudo firewall-cmd --reload | |
| ## Open ports 80,443,5671,5672 per installation rerequisites (Pulp documentation) | |
| $ sudo firewall-cmd --zone=public --permanent --add-service=http | |
| $ sudo firewall-cmd --zone=public --permanent --add-service=https | |
| $ sudo firewall-cmd --zone=public --permanent --add-port=5671/tcp | |
| $ sudo firewall-cmd --zone=public --permanent --add-port=5672/tcp | |
| $ sudo firewall-cmd --reload | |
| ## TEST/VERIFY: | |
| ## $ sudo firewall-cmd --list-all | |
| ## Specify server hostname and default administrative credentials | |
| $ sudo sed -i "/\[server]/s/.*/&\nserver_name: $(hostname)\ndefault_login: admin\ndefault_password: admin/" /etc/pulp/server.conf | |
| ## TEST/VERIFY: | |
| ## $ sudo grep -A4 "server]" /etc/pulp/server.conf | |
| ## [server] | |
| ## server_name: linuxrepo01.machine.local | |
| ## Add pulp_database 'pulpdbuser' to database configuration | |
| ## (re. http://docs.pulpproject.org/en/2.13/user-guide/installation/extra_configuration.html#mongodb-authentication ) | |
| $ sudo sed -i "/\[database]/s/.*/&\nname: pulp_database\nusername: pulpdbuser\npassword: Cpu#dbuser1/" /etc/pulp/server.conf | |
| ## TEST/VERIFY: | |
| ## $ sudo grep -A5 "database]" /etc/pulp/server.conf | |
| ## [database] | |
| ## name: pulp_database | |
| ## username: pulpdbuser | |
| ## password: Cpu#dbuser1 | |
| ## # name: pulp_database | |
| ## # seeds: localhost:27017 | |
| $ sudo sed -i "/\[server]/s/.*/&\nhost: $(hostname)\nverify_ssl: False/" /etc/pulp/admin/admin.conf | |
| $ sudo grep -A3 "server]" /etc/pulp/admin/admin.conf | |
| $ sudo sed -i -E -e "/^#? ?PULP_MAX_TASKS_PER_CHILD/ s/# ?//" /etc/default/pulp_workers | |
| ## TEST/VERIFY: | |
| ## $ grep "PER_CHILD=" /etc/default/pulp_workers | |
| ## PULP_MAX_TASKS_PER_CHILD=2 | |
| ## Automate (for this user) Basic Auth for pulp-admin | |
| $ cat > ~/.pulp/admin.conf << _EOF | |
| [auth] | |
| username: admin | |
| password: admin | |
| _EOF | |
| $ chmod 0600 .pulp/admin.conf | |
| ## Generate RSA key pair and SSL CA certificate: | |
| $ sudo pulp-gen-key-pair | |
| $ sudo pulp-gen-ca-certificate | |
| ## Initalize the database before starting any services | |
| ## This must be done as user 'apache' | |
| $ sudo -u apache pulp-manage-db | |
| ## NOTE | |
| ## # Set SELinux to permissive | |
| ## $ cat > /tmp/se-permissive.sh << _EOF | |
| ## echo 0 > /sys/fs/selinux/enforce | |
| ## sestatus | |
| ## _EOF | |
| ## $ chmod +x /tmp/se-permissive.sh | |
| ## $ sudo /tmp/se-permissive.sh | |
| ## Enable and start all required services | |
| $ sudo systemctl enable httpd pulp_workers pulp_resource_manager pulp_celerybeat | |
| $ sudo systemctl start httpd pulp_workers pulp_resource_manager pulp_celerybeat | |
| ## $ sudo systemctl status httpd pulp_workers pulp_resource_manager pulp_celerybeat # pulp_streamer goferd | |
| $ pulp-admin status | |
| $ pulp-admin auth user list | |
| $ sudo yum -y install pulp-rpm-admin-extensions | |
| $ pulp-admin server types | |
| ## Now try the RPM Quickstart | |
| ## (re. http://docs.pulpproject.org/en/2.13/plugins/pulp_rpm/user-guide/quick-start.html ) | |
| $ pulp-admin rpm repo create --repo-id=zoo --relative-url=zoo \ | |
| --feed=http://repos.fedorapeople.org/repos/pulp/pulp/demo_repos/zoo/ | |
| $ pulp-admin rpm repo sync run --repo-id=zoo | |
| $ curl -k https://`hostname`:443/pulp/repos/zoo | |
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <title>Pulp Repository Index</title> | |
| </head> | |
| <body> | |
| <h1>Pulp Repository Content</h1> | |
| <a href="../">Parent Directory</a> | |
| <ul style='list-style: none outside none; font-family: monospace'> | |
| <li><a href="Packages/">Packages/</a></li> | |
| <li><a href="repodata/">repodata/</a></li> | |
| </ul> | |
| </body> | |
| </html> | |
| $ exit | |
| macturbo:~ beattidp$ ssh admin@centos7vm | |
| ## Now, verify connectivity to the example 'zoo' repo on separate CentOS system: | |
| [admin@centos7vm ~]$ cd /tmp/ | |
| [admin@centos7vm tmp]$ cat > zoo.repo << _EOF | |
| [zoo] | |
| name=Pulp RPM Example Repository | |
| baseurl=https://linuxrepo01.machine.local/pulp/repos/zoo | |
| enabled=1 | |
| sslverify=0 | |
| _EOF | |
| [admin@centos7vm tmp]$ sudo cp zoo.repo /etc/yum.repos.d/zoo.repo | |
| [admin@centos7vm tmp]$ sudo yum search walrus | grep dummy | |
| walrus.noarch : A dummy package of walrus | |
| [admin@centos7vm tmp]$ sudo yum info walrus | egrep "Repo|Summary" | |
| Repo : zoo | |
| Summary : A dummy package of walrus | |
| [admin@centos7vm tmp]$ exit | |
| ## Back to the Pulp server | |
| macturbo:~ beattidp$ ssh itserv@linuxrepo01 | |
| ## Test pulp_deb, create DEBIAN Ubuntu 14 (Trusty) Security repo only | |
| $ pulp-admin deb repo create \ | |
| --repo-id=ubuntu-trusty-SECURITY-main-binary-amd64 \ | |
| --relative-url=ubuntu/dists/trusty-security/main/binary-amd64 \ | |
| --feed=http://security.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/ \ | |
| --serve-http=true | |
| $ pulp-admin deb repo sync run \ | |
| --repo-id=ubuntu-trusty-SECURITY-main-binary-amd64 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment