Installing Pulp3 as a container

Posted on by Marco Antonio Carcano

Pulp is the repository manager used by Katello (the upstream project of Red Hat Network Satellite server 6.x). This Pulp version is really exciting, since it comes with several plugins that let you host several kind of repositories:

  • generic files
  • software packages: RPM packages, Deb Packages and even Container Images
  • software modules: Python modules, Maven contents, Ruby Gem
  • contents configuration management software: Ansible roles and collections and Chef cookbooks

In this post I'll show you how easy it is to install Pulp3 as container using the official container image.

The whole post is based on Red Hat Enterprise Linux 8 as well as CentOS 8. You can however succeed into install it onto Red Hat Enterprise Linux 7 / CentOS 7 using almost the same commands - the most straightforward is "yum" command instead of "dnf".

Install the container management runtimes

Since we are dealing with a container image, we need something to manage containers: in this post we use Podman, but everything works pretty same way even using Docker.

Let's install Podman:

sudo dnf install -y podman

if you don't have a Red Hat subscriptions to download container images from Red Hat's CDN, you can configure "/etc/containers/registries.conf" to use only "docker.io" registry:

# To ensure compatibility with docker we've included docker.io in the default search list. However
# Red Hat does not curate, patch or maintain container images from the docker.io registry.
[registries.search]
registries = ['docker.io']

Create filesystems to store settings and data

Let's begin by properly partitioning the system: in this example we configure "repos" LVM Volume Group to use "/dev/sdb" disk as Physical Volume:

DISK="/dev/sdb"
sudo parted -a optimal ${DISK} mklabel gpt
SDB_DISK_SIZE=$(sudo parted ${DISK} unit s print free |grep -v "^$" |tail -n 1|awk '{ print $2 }')
sudo parted -a optimal ${DISK} mkpart primary 2048s ${SDB_DISK_SIZE=}
sudo parted ${DISK} set 1 lvm on
sudo pvcreate ${DISK}1
sudo vgcreate repos ${DISK}1

now let's create the Logical Volumes necessary to keep things separated so to avoid to run out of disk space simply because somebody by blindly uploading software fill-up the whole storage and cause Pulp3 service to fail.

sudo lvcreate -L 3GiB -n pulp_storage repos
sudo lvcreate -L 3GiB -n pulp_pgsql repos
sudo lvcreate -L 3GiB -n pulp_containers repos

let's create the XFS filesystems into them:

sudo mkfs.xfs /dev/mapper/repos-pulp_storage
sudo mkfs.xfs /dev/mapper/repos-pulp_pgsql
sudo mkfs.xfs /dev/mapper/repos-pulp_containers

eventually let's create the necessary mount points and configure the automatic mount at boot:

sudo mkdir -m 755 -p /opt/pulp/storage
sudo mkdir -m 755 /opt/pulp/pgsql
sudo mkdir -m 755 /opt/pulp/containers
sudo tee -a /etc/fstab >/dev/null <<-EOF
/dev/mapper/repos-pulp_storage     /opt/pulp/storage    xfs     defaults        0 0
/dev/mapper/repos-pulp_pgsql   /opt/pulp/pgsql      xfs     defaults        0 0
/dev/mapper/repos-pulp_containers   /opt/pulp/containers      xfs     defaults        0 0
EOF

and mount them all:

sudo mount -a

let's verify that everything has been properly setup:

df -Ph /opt/pulp/storage/ /opt/pulp/pgsql/ /opt/pulp/containers/

the outcome should be as follows

Filesystem                   Size  Used Avail Use% Mounted on
/dev/mapper/pulp-storage     3.0G   54M  3.0G   2% /opt/pulp/storage
/dev/mapper/pulp-pgsql       3.0G   54M  3.0G   2% /opt/pulp/pgsql
/dev/mapper/pulp-containers  3.0G   54M  3.0G   2% /opt/pulp/containers

Create the directory where to store Pulp3 configuration files:

sudo mkdir -m 755  /opt/pulp/settings
sudo ln -s /opt/pulp/settings/ /etc/pulp
Although this is not really necessary, as you see we also create a symlink to "/opt/pulp/settings" beneath "/etc" directory: we did so since it is very likely that someone looks into "/etc/pulp" when seeking the configuration files. This eases the work of who's on call and have to quickly troubleshoot in the middle of the night a system he sees for the first time.

Configure the Pulp3 service

Let's create the main configuration file:

CONTENT_ORIGIN='http://repo-ci-up2a001.core.carcano.local:8080'
ANSIBLE_API_HOSTNAME='http://repo-ci-up2a001.core.carcano.local:8080'
ANSIBLE_CONTENT_HOSTNAME='http://repo-ci-up2a001.core.carcano.local:8080/pulp/content'
TOKEN_AUTH_DISABLED=True

as you can see, only a very few settings are necessary to have an up and running Pulp3.

Here we automatically guess the FQDN value using "hostname" command; however take in account that if you put Pulp behind a proxy-balancer you should specify the FQDN of the virtualhost dedicated to Pulp on the proxy balancer instead.

Run the Pulp3 container for the first time

We are ready to create the Pulp3 Container - let's start by pulling the image:

sudo podman pull pulp/pulp-fedora31

it takes some time to download the image: it's quite a huge one.

Trying to pull docker.io/pulp/pulp-fedora31...
Getting image source signatures
Copying blob d148f84634cf done  
Copying blob d26278d60d49 [==============>-----------------------] 107.2MiB / 278.9MiB
Copying blob 854946d575a4 done

When finished, create the container as follows:

podman run --detach \
             --publish 8080:80 \
             --name pulp \
             --volume /opt/pulp/settings:/etc/pulp:Z \
             --volume /opt/pulp/storage:/var/lib/pulp:Z \
             --volume /opt/pulp/pgsql:/var/lib/pgsql:Z \
             --volume /opt/pulp/containers:/var/lib/containers:Z \
             --device /dev/fuse \
             pulp/pulp-fedora31

Wow the container should be up and running.

Set the administrative password

We should set the administrative password as follows:

sudo podman exec -it pulp bash -c 'pulpcore-manager reset-admin-password'

just type the password you want to use.

The username of the administrative user is "admin".

Create the systemd unit

There's one thing still missing: the systemd unit file to run it as a service. We can easily create is as follows:

sudo tee -a /etc/systemd/system/pulp.service >/dev/null <<-EOF
[Unit]
Description=Pulp
Wants=syslog.service

[Service]
Restart=always
ExecStart=/usr/bin/podman start -a pulp
ExecStop=/usr/bin/podman stop -t 2 pulp

[Install]
WantedBy=multi-user.target
EOF

let's reload systemd to make it aware of this new unit file:

sudo systemctl daemon-reload

We should of course configure selinux to grant containers to manage cgroup, or the sytemd unit won't work:

setsebool -P container_manage_cgroup on

we can enable the unit to start at boot:

systemctl enable pulp

restart the server

sudo shutdown -r now

At the next boot your Pulp3 repository should be up and running: open the following URL with your borwser:

Have a go on Pulp3

http://127.0.0.1:8080/pulp/api/v3/docs/

You should get the documentation of the API:

 

Footnotes

Here it ends first post about Pulp3: I hope you enjoyed it. Pulp3 is certainly a very good piece of software and looks very promising. You can use it as a local repository to mirror online repositories as well as the Definitive Media Library where to store your software, artifacts and configuration management stuff.

The only thing it still lacks is a web UI, but it's API is really well designed and easy to use, and this makes it very suitable to work with automation tools and scripts: we'll see how to use it in the next post.

Well, what to do next? A very hot topic is to use it as a local Ansible-Galaxy repository to store roles and collections. This will be the topic of the next post.

Writing a post like this takes a lot of hours. I'm doing it for the only pleasure of sharing knowledge and thoughts, but all of this does not come for free: it is a time consuming volunteering task. This blog is not affiliated to anybody, does not show advertisements nor sells data of visitors. The only goal of this blog is to make ideas flow. So please, if you liked this post, spend a little of your time to share it on Linkedin or Twitter using the buttons below: seeing that posts are actually read is the only way I have to understand if I'm really sharing thought or if I'm just wasting time and I'd better give up.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>