pulp 2.5.2-1.el7, server-only configuration, centos 7 x86_64 minimal installation
Official documentation
Feature request to watch
installation
wget http://repos.fedorapeople.org/repos/pulp/pulp/rhel-pulp.repo -O /etc/yum.repos.d/pulp.repo
vim /etc/yum.repos.d/pulp.repo
baseurl=https://repos.fedorapeople.org/repos/pulp/pulp/stable/2/7Server/$basearch/
# the minor version is subject to change on this:
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
sudo yum install mongodb-server
sudo yum install qpid-cpp-server qpid-cpp-server-store
sudo yum install pulp-server pulp-rpm-plugins pulp-selinux python-qpid python-qpid-qmf
sudo yum install pulp-admin-client pulp-rpm-admin-extensions
vim /etc/httpd/conf.d/ssl.conf
SSLProtocol all -SSLv2 -SSLv3
vim /etc/pulp/server.conf
server_name =
vim /etc/pulp/admin/admin.conf
host =
verify_ssl = False # only use if no proper cert available
vim /etc/qpidd.conf
auth=no
# if consumer bits installed
vim /etc/pulp/consumer/consumer.conf
host =
systemctl enable mongod; systemctl start mongod;
systemctl enable qpidd; systemctl start qpidd;
sudo -u apache pulp-manage-db;
systemctl enable httpd; systemctl start httpd;
systemctl enable pulp_workers; systemctl start pulp_workers;
systemctl enable pulp_celerybeat; systemctl start pulp_celerybeat;
systemctl enable pulp_resource_manager; systemctl start pulp_resource_manager;
# stop/start all services
for s in {pulp_celerybeat,pulp_resource_manager,pulp_workers,httpd}; do sudo systemctl stop $s; done;
firewall
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
#qpidd, if using with consumers
firewall-cmd --permanent --zone=public --add-port=5672/tcp
firewall-cmd --permanent --zone=public --add-port=5671/tcp
CA creation
Create a fake CA. Don’t do this in production, use an established CA.
# Generate a private key:
openssl genrsa -out ca.key 2048
# CA certificate:
openssl req -new -x509 -days -365 -key ca.key -out ca.crt
SSL Cert generation
# generate private key:
openssl genrsa -out server.key 2048
# Generate Certificate Signing Request
openssl req -new -key server.key -out server.csr
# Give signing request to CA to sign
openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -out server.crt
# Install SSL cert into webserver (/etc/pki/example)
# Hand out ca.crt to test consumers, use sslcacert= directive in /etc/yum.repos.d/*.repo \
or "cat ca.crt >> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
pulp admin auth
pulp-admin login -u admin
pulp-admin auth user create --login test --name 'test user'
pulp-admin auth user update --login test -p
pulp-admin auth user list
pulp-admin auth permission list --resource /
pulp-admin auth permission grant --resource /repositories --login test -o create -o update -o read
pulp-admin auth permission list --resource /repositories
pulp-admin auth role create --role-id consumer-admin
pulp-admin auth role user add --role-id consumer-admin --login test
pulp-admin auth role list
pulp-admin auth permission grant --resource /repositories --role-id consumer-admin -o read
pulp repos
# create os repo as base for installation
pulp-admin rpm repo create --repo-id=centos-7-x86_64-os
# create live/unstable/stable for centos 7 updates
for repo in live unstable stable; \
do pulp-admin rpm repo create --repo-id=centos-7-x86_64-updates-${repo} \
--relative-url=centos-7-x86_64-updates-${repo}; done;
# feed ISO contents into base/os repo for sync.
# 'celery' is unable to read iso9660 filesystems due to SELinux, the rsync is kludge
sudo mount -t iso9660 -o loop,ro /root/CentOS-7.0-1406-x86_64-DVD.iso /mnt
sudo mkdir -p /opt/iso/centos_7
sudo rsync -rvP /mnt/ /opt/iso/centos7/
sudo pulp-admin rpm repo update --repo-id="centos-7-x86_64-os" --feed=file:///opt/iso/centos7
sudo pulp-admin rpm repo sync run --repo-id="centos-7-x86_64-os"
# create and sync feed for live/upstream repo
pulp-admin rpm repo update --repo-id=centos-7-x86_64-updates-live --feed=http://mirror.centos.org/centos/7/updates/x86_64/
pulp-admin rpm repo sync run --repo-id=centos-7-x86_64-updates-live
# create and sync feed for unstable/dev repo
pulp-admin rpm repo update --repo-id=centos-7-x86_64-updates-unstable --feed=file:///var/www/pub/yum/https/repos/centos-7-x86_64-updates-live/
pulp-admin rpm repo sync run --repo-id=centos-7-x86_64-updates-unstable
pulp-admin rpm repo create --repo-id=pulp-2-stable --relative-url=pulp-2-stable --feed='http://somepath'
pulp-admin iso repo create --repo-id=isos
#https://pulp-rpm-dev-guide.readthedocs.org/en/latest/iso-plugins.html#iso-importer
pulp-admin iso repo update --repo-id=isos --relative-url=isos --feed='http://somepath'
pulp-admin iso repo uploads upload --file Fedora-19-x86_64-netinst.iso --repo-id isos
pulp-admin iso repo uploads upload --file Fedora-19-x86_64-DVD.iso --repo-id isos
pulp-admin iso repo publish run --repo-id isos
#scheduling
pulp-admin rpm repo sync schedules create -s '2013-11-01T00:00Z/P1D' --repo-id=centos-7-x86_64-updates-live
pulp-admin rpm repo sync schedules create -s '2013-11-01T00:00Z/P1W' --repo-id=centos-7-x86_64-unstable-live
pulp-admin rpm repo sync schedules create -s '2013-11-01T00:00Z/P1D' --repo-id=pulp-v2-stable
pulp clone
pulp-admin rpm repo copy all --from-repo-id centos-7-x86_64-updates-live --to-repo-id centos-7-x86_64-updates-unstable
pulp tasks
pulp-admin tasks [| tail]
pulp-admin tasks detail --task-id
pulp nodes
pulp-admin rpm repo content rpm --repo-id= | grep pulp-admin rpm repo remove rpm --repo-id= --str-eq="filename="
pulp-admin rpm repo publish run --repo-id=
pulp-admin orphan remove --all
pulp remove package
pulp-admin rpm repo content rpm --repo-id= | grep pulp-admin rpm repo remove rpm --repo-id= --str-eq="filename="
pulp-admin rpm repo publish run --repo-id=
pulp-admin orphan remove --all
pulp mongodb
db.getCollectionNames()
db["repos"].find().pretty()