Saturday, June 25, 2011

How to Configure Pulp: The Ultimate Repository Management Tool

Pulp is a nifty piece of python code which I recently deployed to manage some ( a lot, actually) external linux repositories. Pulp is a great tool if you want to manage a lot of repositories and related content like packages, arches, distros and erratas etc. It'll not only help you to mirror the repositories but also to do remote installs to the clients (pulp calls it consumers) and groups. So, let us get started.
Make sure that you have a good amount of disk space on your server.

There is a really good documentation here on how the installation works. I'll write about some tips and tricks which are not there in the documentation.

1. How do I install it on Scientific Linux and other Enterprise Linux Servers, nss package is not of the latest version?
You need to enable the rolling repo for in Scientific Linux for this. It is not included in the yum.conf.d by default so chances are that you'll get an older version of nss if rolling repo is not added.

2. I am getting a "SSL WrongHost" error. How do I fix that?
First, you need to pick a hostname for the server (localhost.localdomain is a bad choice). Set the hostname using command "hostname <hostname>". Now we are going to generate a certificate for this domain to get rid of ssl error.
Just do a "cd /etc/pki/tls/certs/" and there will be a localhost.crt. Just rename it to something else and run "make testcrt" to get a new certificate. Follow the said steps closely in order.

3. I installed both pulp and pulp-cds on same server and now I am getting httpd alias problem. How to resolve?
Well, I understand the enthusiasm of trying out stuff but pulp and pulp-cds are not supposed to be installed on same server, not unless you know the ins and outs of pulp and what you are doing. The problem occurs because both pulp.conf and pulp-cds.conf in conf.d has same alias defined but for different targets. So comment out the Alias in pulp-cds.conf or get rid of the pulp-cds package all together, I would do the later one.

4. I want to use the repo using http. How do I do that?
Just find out the lines mentioned below in httpd conf directory and comment them out using "#".

SSLRequireSSL
SSLVerifyClient optional_no_ca
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData

Watch out this post for more tips and hacks.