From 9d37508b4cf074de5f5d5a988202f5e823a22038 Mon Sep 17 00:00:00 2001 From: Gerrod Ubben Date: Wed, 13 Nov 2024 14:55:54 -0500 Subject: [PATCH 1/4] Update release instructions --- docs/dev/guides/release-image.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/dev/guides/release-image.md b/docs/dev/guides/release-image.md index 53fc864e..4de455ac 100644 --- a/docs/dev/guides/release-image.md +++ b/docs/dev/guides/release-image.md @@ -2,16 +2,16 @@ ## Release instructions (multi-process images) -We maintain a container tag for every pulpcore y-release (e.g. 3.7, 3.8, ...). When there's a -pulpcore z-release, the existing y-release branch is built and published again. +We maintain a container tag for every supported pulpcore y-release (e.g. 3.49, 3.63, see +`supported_release_branches` in [template_config](https://github.com/pulp/pulpcore/blob/main/template_config.yml)). +We also publish a tag for the latest pulpcore Y release nightly. When there's a pulpcore z-release, +the existing y-release branch is built and published again. -### Pulpcore Y release +### Pulpcore Y release added to supported branches -* First create a new release branch in this pulp-oci-images repo for the prior Y release - (if it does not already exist.) So if you are releasing 3.23, create the 3.22 branch. -* Update PULPCORE_VERSION in the following files on the prior Y release branch - (see [here](https://github.com/pulp/pulp-oci-images/pull/61/files) as an example, albeit of only 1 file): +* First create a new release branch in this pulp-oci-images repo for the new supported Y release + (if it does not already exist.) +* Update PULPCORE_VERSION in the following files on the new supported Y release branch + (see [here](https://github.com/pulp/pulp-oci-images/pull/628) as an example): * images/pulp/stable/Containerfile * images/pulp-minimal/stable/Containerfile.core -* Update `branches` on the latest branch `.ci/scripts/update_ci_branches.py` to include the prior Y release. - (Once merged, it will trigger a build of the new released version from the latest branch.) From 0600888645ab746b884844535235d3e5ca2eccf2 Mon Sep 17 00:00:00 2001 From: Gerrod Ubben Date: Wed, 13 Nov 2024 15:17:09 -0500 Subject: [PATCH 2/4] Add note about current state of galaxy-ng images --- docs/admin/reference/available-images/index.md | 6 ++++++ .../available-images/multi-process-images.md | 16 ++++++++-------- .../available-images/single-process-images.md | 10 ++++++---- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/docs/admin/reference/available-images/index.md b/docs/admin/reference/available-images/index.md index 91bae549..3672ff48 100644 --- a/docs/admin/reference/available-images/index.md +++ b/docs/admin/reference/available-images/index.md @@ -17,6 +17,12 @@ in a single Docker/Podman container. | galaxy-minimal | Single-Process Ansible Galaxy | | galaxy-web | Webserver for galaxy-minimal | +!!! note "Note on Galaxy images" + + We are no longer building any newer image versions of galaxy-ng>=4.10. We will still continue + to build new Z-updates for existing tags, but going forward the `stable` and `latest` tags are + now discontinued. + ## First-Party Services The first-party services are services written by the Pulp project itself. diff --git a/docs/admin/reference/available-images/multi-process-images.md b/docs/admin/reference/available-images/multi-process-images.md index b343c441..11c0054a 100644 --- a/docs/admin/reference/available-images/multi-process-images.md +++ b/docs/admin/reference/available-images/multi-process-images.md @@ -58,15 +58,15 @@ See the [Single-Process Images](../single-process-images/) page for usage. Note that this name `galaxy` used to be for single-process images. Version tags `4.6.3` and earlier are single-process rather than multi-process. -#### Tags - -- `stable`: Built nightly, with latest released version of each plugin. Also called `latest`. +Note that we are no longer building galaxy images for any new galaxy-ng versions >=4.10. We will still +publish galaxy images for Z updates on existing tags until Galaxy drops support for those versions. [Browse available tags](https://hub.docker.com/r/pulp/galaxy/tags) #### Discontinued tags - `https`: These were built nightly, with latest released version of each plugin. Nginx webserver ran with SSL/TLS. Now, use `stable` instead with `-e PULP_HTTPS=true`. +- `stable`: We are no longer building galaxy images for any new galaxy-ng version >=4.10. ## Quickstart @@ -84,25 +84,25 @@ The galaxy image can also be run just like any of the other multi process pulp i Run galaxy on localhost: ``` -$ podman run -p 8080:80 ghcr.io/pulp/galaxy:latest +$ podman run -p 8080:80 ghcr.io/pulp/galaxy:4.9 ``` Run galaxy on localhost with https: ``` -$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" ghcr.io/pulp/galaxy:latest +$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" ghcr.io/pulp/galaxy:4.9 ``` Run galaxy from a server with https: ``` -$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" -e "GALAXY_HOSTNAME=192.168.0.100" ghcr.io/pulp/galaxy:latest +$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" -e "GALAXY_HOSTNAME=192.168.0.100" ghcr.io/pulp/galaxy:4.9 ``` Modify the system settings to allow for uploads without approval: ``` -$ podman run -p 8080:80 -e "PULP_GALAXY_REQUIRE_CONTENT_APPROVAL=false" ghcr.io/pulp/galaxy:latest +$ podman run -p 8080:80 -e "PULP_GALAXY_REQUIRE_CONTENT_APPROVAL=false" ghcr.io/pulp/galaxy:4.9 ``` Mount the storage directories for persistent data and https: @@ -122,7 +122,7 @@ $ podman run --detach \ --volume "$(pwd)/pgsql":/var/lib/pgsql:Z \ --volume "$(pwd)/containers":/var/lib/containers:Z \ --device /dev/fuse \ - ghcr.io/pulp/galaxy:latest + ghcr.io/pulp/galaxy:4.9 ``` Once your containers are running see "Reset the Admin Password" section to set up your admin user. diff --git a/docs/admin/reference/available-images/single-process-images.md b/docs/admin/reference/available-images/single-process-images.md index e4d89fce..4f3089b5 100644 --- a/docs/admin/reference/available-images/single-process-images.md +++ b/docs/admin/reference/available-images/single-process-images.md @@ -75,8 +75,6 @@ and "galaxy-web" respectively.) ### Tags -- `stable`: Built nightly, with latest released version of galaxy. -- `nightly`: Built nightly, With master/main branch galaxy. - `4.y.z`: Galaxy 4.y.z version. [https://quay.io/repository/pulp/galaxy-minimal?tab=tags](https://quay.io/repository/pulp/galaxy-minimal?tab=tags) @@ -94,8 +92,12 @@ and "galaxy-web" respectively.) ### Tags -- `stable`: Built nightly, with latest released version of galaxy. -- `nightly`: Built nightly, With master/main branch galaxy. - `4.y.z`: Galaxy 4.y.z version. [https://quay.io/repository/pulp/galaxy-web?tab=tags](https://quay.io/repository/pulp/galaxy-web?tab=tags) + + +!!! note "Note on galaxy-minimal & galaxy-web images" + + We are no longer publishing any new versions of these images for galaxy-ng versions >=4.10. We + will still publish updates for new Z releases on existing tags. From 39cc45ee25fd40e8ae6fb4dc110c052598f94dd5 Mon Sep 17 00:00:00 2001 From: Gerrod Ubben Date: Wed, 13 Nov 2024 15:17:35 -0500 Subject: [PATCH 3/4] Remove duplicate guide to quickstart --- .../guides/deploy-multi-process-images.md | 379 ------------------ 1 file changed, 379 deletions(-) delete mode 100644 docs/admin/guides/deploy-multi-process-images.md diff --git a/docs/admin/guides/deploy-multi-process-images.md b/docs/admin/guides/deploy-multi-process-images.md deleted file mode 100644 index 10d8bdae..00000000 --- a/docs/admin/guides/deploy-multi-process-images.md +++ /dev/null @@ -1,379 +0,0 @@ -# Deploy a Multi-Process Container - -These images are also known as "Single Container", or "Pulp in One Container". - -Each image runs all 3 Pulp services (pulp-api, pulp-content and pulp-worker), -as well as Pulp's third-party services (nginx, postgresql and redis), -in one single container. - -## System Requirements - -Either [podman](https://podman.io/getting-started/installation) or -[docker](https://docs.docker.com/engine/install/)/[moby-engine](https://mobyproject.org/) -must be installed. - -Podman has been tested at versions as low as 1.6.4, which is available on CentOS/RHEL 7 and later. - -## Available images - -### pulp - -This image contains [Pulp](https://github.com/pulp/pulpcore) and the following plugins currently: - -- [pulp_ansible](site:pulp_ansible) -- [pulp-certguard](site:pulp_certguard) -- [pulp_container](site:pulp_container) -- [pulp_deb](site:pulp_deb) -- [pulp_file](site:pulp_file) -- [pulp_maven](site:pulp_maven) -- [pulp_python](site:pulp_python) -- [pulp_rpm](site:pulp_rpm) -- [pulp_ostree](site:pulp_ostree) - -This image can also function the same as the single-process image `pulp-minimal`. -See the [Single-Process Images](site:pulp-oci-images/docs/admin/reference/available-images/single-process-images/) page for usage. - -#### Tags - -- `stable`: Built nightly, with latest released version of each plugin. Also called `latest`. -- `nightly`: Built nightly, With master/main branches of each plugin. Also built with several - additional plugins that are not GA yet. -- `3.y`: Pulpcore 3.y version and its compatible plugins. Built whenever there is a z-release. - -[Browse available tags](https://hub.docker.com/r/pulp/pulp/tags) - -#### Discontinued tags - -- `https`: These were built nightly, with latest released version of each plugin. Nginx webserver ran with SSL/TLS. Now, use `stable` instead with `-e PULP_HTTPS=true`. -- `3.y-https`: Pulpcore 3.y version and its compatible plugins. These were built whenever there is a z-release. - Nginx webserver ran with SSL/TLS. Now, use `3.y` instead with `-e PULP_HTTPS=true`. - -### galaxy - -This image contains Ansible [Galaxy](https://github.com/ansible/galaxy_ng). - -This image can also function the same as the single-process image `galaxy-minimal`. -See the [Single-Process Images](site:pulp-oci-images/docs/admin/reference/available-images/single-process-images/) page for usage. - -Note that this name `galaxy` used to be for single-process images. Version tags `4.6.3` and earlier -are single-process rather than multi-process. - -#### Tags - -- `stable`: Built nightly, with latest released version of each plugin. Also called `latest`. - -[Browse available tags](https://hub.docker.com/r/pulp/galaxy/tags) - -#### Discontinued tags - -- `https`: These were built nightly, with latest released version of each plugin. Nginx webserver ran with SSL/TLS. Now, use `stable` instead with `-e PULP_HTTPS=true`. - -## Quickstart - -### Galaxy Quickstart - -The galaxy base image includes a default settings.py and can be configured using environment variables. This image can be configured with the following two environment variables: - -- `GALAXY_HOSTNAME`: publicly accessible hostname that the API and content app will run on. -- `GALAXY_PORT`: public port that the API and content app will run on. - -The galaxy image can also be run just like any of the other multi process pulp images by mounting a custom settings.py file, however this setup provides an easy, out of the box configuration for running galaxy. - -#### Examples - -Run galaxy on localhost: - -``` -$ podman run -p 8080:80 ghcr.io/pulp/galaxy:latest -``` - -Run galaxy on localhost with https: - -``` -$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" ghcr.io/pulp/galaxy:latest -``` - -Run galaxy from a server with https: - -``` -$ podman run -p 443:443 -e "PULP_HTTPS=true" -e "GALAXY_PORT=443" -e "GALAXY_HOSTNAME=192.168.0.100" ghcr.io/pulp/galaxy:latest -``` - -Modify the system settings to allow for uploads without approval: - -``` -$ podman run -p 8080:80 -e "PULP_GALAXY_REQUIRE_CONTENT_APPROVAL=false" ghcr.io/pulp/galaxy:latest -``` - -Mount the storage directories for persistent data and https: - -NOTE: don't mount volumes to `/etc/pulp/` as you would with the vanilla pulp images, as this will -override the default settings.py file. - -``` -$ podman run --detach \ - --publish 443:443 \ - --name pulp \ - -e "GALAXY_HOSTNAME=my.galaxy.host.example.com" \ - -e "PULP_HTTPS=true" \ - -e "GALAXY_PORT=443" \ - --volume "$(pwd)/settings/certs":/etc/pulp/certs:Z \ - --volume "$(pwd)/pulp_storage":/var/lib/pulp:Z \ - --volume "$(pwd)/pgsql":/var/lib/pgsql:Z \ - --volume "$(pwd)/containers":/var/lib/containers:Z \ - --device /dev/fuse \ - ghcr.io/pulp/galaxy:latest -``` - -Once your containers are running see "Reset the Admin Password" section to set up your admin user. - -### Create the Directories and Settings - -1st, create the directories for storage/configuration, and create the `settings.py` file: - -``` -$ mkdir -p settings/certs pulp_storage pgsql containers -$ echo "CONTENT_ORIGIN='http://$(hostname):8080' -ANSIBLE_API_HOSTNAME='http://$(hostname):8080' -ANSIBLE_CONTENT_HOSTNAME='http://$(hostname):8080/pulp/content' -CACHE_ENABLED=True" >> settings/settings.py -``` - -* For a complete list of available settings for `settings.py`, see - [the Pulpcore Settings](site:pulpcore/docs/admin/reference/settings/). - -* These 4 directories `settings pulp_storage pgsql containers` must be preserved. `settings` has - your settings, generated certificates, and generated database encrypted fields key. The - `pulp_storage pgsql containers` are the application data. - -### Starting the Container - -For systems with SELinux enabled, use the following command to start Pulp: - -``` -$ podman run --detach \ - --publish 8080:80 \ - --name pulp \ - --volume "$(pwd)/settings":/etc/pulp:Z \ - --volume "$(pwd)/pulp_storage":/var/lib/pulp:Z \ - --volume "$(pwd)/pgsql":/var/lib/pgsql:Z \ - --volume "$(pwd)/containers":/var/lib/containers:Z \ - --device /dev/fuse \ - pulp/pulp -``` - -For systems with SELinux disabled, use the following command to start Pulp: - -``` -$ podman run --detach \ - --publish 8080:80 \ - --name pulp \ - --volume "$(pwd)/settings":/etc/pulp \ - --volume "$(pwd)/pulp_storage":/var/lib/pulp \ - --volume "$(pwd)/pgsql":/var/lib/pgsql \ - --volume "$(pwd)/containers":/var/lib/containers \ - --device /dev/fuse \ - pulp/pulp -``` - -* For Docker systems, use the last 2 command, but substitute `docker` for `podman`. - -* These examples use the image `pulp` with the tag `stable` (AKA `latest`). To use an alternative image and tag like `pulp:3.21`, substitute `pulp/pulp` with `pulp/pulp:3.21`. - -* To use https instead of http, add `-e PULP_HTTPS=true` Also change `--publish 8080:80` to `--publish 8080:443` - -### Reset the Admin Password - -Now, reset the admin user’s password. - -``` -$ podman exec -it pulp bash -c 'pulpcore-manager reset-admin-password' -Please enter new password for user "admin": -Please enter new password for user "admin" again: -Successfully set password for "admin" user. -``` - -* For Docker systems, substitute `docker` for `podman`. - - -### Test Access - -At this point, both the REST API and the content app are available on your host’s port 8080. Try hitting the pulp status endpoint to confirm: - -``` -curl localhost:8080/pulp/api/v3/status/ -``` - -### What to do after the Quickstart - -To start working with Pulp, check out the [Workflows and Use Cases](https://github.com/pulp/pulpcore/issues/5593) -and explore individual Content Plugins documentation. - -If you are unsure what to pick first, try Python's -[Setup Your Own Pypi](site:pulp_python/docs/user/guides/pypi/) or RPM's -[Sync and Publish](site:pulp_rpm/docs/user/tutorials/create_sync_publish/). - -We recommend using [pulp-cli](https://github.com/pulp/pulp-cli) to interact with Pulp. If you have Python 3 installed on the host OS, you can run these commands to get started: - -``` -pip install pulp-cli[pygments] -pulp config create --username admin --base-url http://localhost:8080 --password -``` - -## Advanced Usage Instructions - -### Available Environment Variables - -The following environment variables configure the container's behavior. - -* `PULP_WORKERS` An integer that specifies the number of worker processes (which perform syncing, importing of content, and other asynchronous operations that require resource locking.) Defaults to 2. - -* `PULP_API_WORKERS` A positive integer that specifies the number of [gunicorn worker processes](https://docs.gunicorn.org/en/stable/settings.html#workers) for handling Pulp API requests. Default to 2. - -* `PULP_CONTENT_WORKERS` A positive integer that specifies the number of [gunicorn worker processes](https://docs.gunicorn.org/en/stable/settings.html#workers) for handling Pulp Content requests. Default to 2. - -* `PULP_GUNICORN_RELOAD` Set to "true" (all lowercase) for the pulpcore-api gunicorn process to be started with ["--reload"](https://docs.gunicorn.org/en/latest/settings.html?highlight=reload#reload). Intended for developers. - -* `PULP_GUNICORN_TIMEOUT` A positive integer that specifies the [timeout for gunicorn process](https://docs.gunicorn.org/en/stable/settings.html#timeout). Default to 90. - -To add one of them, modify the command you use to start pulp to include syntax like the following at the beginning: Instead of `podman run`, specify `podman run -e PULP_WORKERS=4 -e PULP_GUNICORN_TIMEOUT=30 ...` - -### Adding Signing Services - -Administrators can add signing services to Pulp using the command line tools. Users may then associate the signing services with repositories that support content signing. -See [Signing Services](site:pulp-oci-images/docs/admin/guides/configure-signing-service/) documentation for more information. - -### Certificates and Keys - -Follow the instructions from [certificates](site:pulp-oci-images/docs/admin/guides/configure-certificates/) documentation for more information about how to configure custom certificates. - -Check [database encryption](site:pulp-oci-images/docs/admin/guides/configure-database-encryption/) documentation for more information about the key to encrypt sensitive fields in the database. - -### Command to specify - -To run all the services, you do not need to specify a container command ("CMD"). The default CMD is: - -- **/init** - The [s6 service manager](https://github.com/just-containers/s6-overlay) that runs all the services. - -## Upgrading - -To upgrade to a newer version of Pulp, such as the `latest` image which is published every night, start by running: - -``` -podman stop pulp -podman rm pulp -``` - -Then update the image in the local podman/docker cache: - -``` -podman pull pulp/pulp -``` - -Then repeat the original command in [Starting the Container](#starting-the-container) (with any customizations you added to it.) - - -## Known Issues - -### NFS or SSHFS - -When using rootless podman, you cannot create the directories (settings pulp_storage pgsql containers) on [NFS](https://github.com/containers/podman/blob/master/rootless.md#shortcomings-of-rootless-podman), SSHFS, or certain other non-standard filesystems. - -### Podman on CentOS 7 - -When using on CentOS 7, container-selinux has a -limitation. [1](https://github.com/containers/podman/issues/9513) -[2](https://github.com/containers/podman/issues/6414) -SELinux denials will prevent Pulp from running. To -overcome it, you must do one of the following: - -* Run the container with "--privileged" -* Run the container as root -* Disable SELinux - -Additionally, you will likely run into a limit on the number of open files (ulimit) in the -container. -One way to overcome this is to add `DefaultLimitNOFILE=65536` to `/etc/systemd/system.conf`. - -### Docker on CentOS 7 - -While using the version of Docker that is provided with CentOS 7, there are known issues that cause the following errors to occur: - -* When starting the container: - - `FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": No such file or directory` - -* (If the preceding error is worked around,) when executing `docker exec -it pulp bash -c 'pulpcore-manager reset-admin-password'`: - - ``` - psycopg2.OperationalError: could not connect to server: No such file or directory - Is the server running locally and accepting - connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"? - ``` - -* Pulp tasks are stuck in `waiting` status, and executing `docker exec -it pulp bash -c 'rq info'` returns `0 workers`: - - ``` - 1 queues, 2 jobs total - - 0 workers, 1 queues - ``` - -The version of Docker that is provided with CentOS 7 mounts `tmpfs` on `/run`. The Pulp Container recipe uses `/var/run`, which is a symlink to `/run`, and expects its contents to be available at container run time. You can work around this by specifying an additional `/run` volume, which suppresses this behavior of the Docker runtime. Docker will copy the image's contents to that volume and the container should start as expected. - -The `/run` volume will need to contain a `postgresql` directory (with permissions that the container's postgresql can write to) and a separate `pulpcore-*` directory for the rq manager and its workers to start: - -```console -$ mkdir -p settings pulp_storage pgsql containers run/postgresql run/pulpcore-{resource-manager,worker-{1,2}} -$ chmod a+w run/postgresql -``` - -### Upgrading from ``pulp/pulp-fedora31`` image - -The ``pulp/pulp-fedora31`` container vendored PostgreSQL 11. The ``pulp/pulp`` image vendors PostgreSQL 13, and only automatically upgrades from PostgreSQL 12. To upgrade the database from 11 to 12, refer to [PostgreSQL documentation](https://www.postgresql.org/docs/12/upgrading.html). - - -## Build instructions - -The Container file and all other assets used to build the container image are available on [GitHub](https://github.com/pulp/pulp-oci-images). - -```bash -$ --file images/Containerfile.core.base --tag pulp/base:latest . -$ --file images/pulp_ci_centos/Containerfile --tag pulp/pulp-ci-centos:latest . -$ --file images/pulp/Containerfile --tag pulp/pulp:latest . -$ --file images/galaxy/Containerfile --tag pulp/galaxy:latest . -``` - -### Specifying versions - -By default, containers get built using the latest version of each Pulp component. If you want to -specify a version of a particular component, you can do so with args: - -```bash -$ --build_arg PULPCORE_VERSION="==3.5.0" --file images/pulp/Containerfile -$ --build_arg PULP_FILE_VERSION=">=1.0.0" --file images/pulp/Containerfile -``` - -## Debugging instructions - -### Debugging the services - -To debug the services and actually see their output, after stating the container run: -```bash -docker logs -f pulp -``` -You will then see the output of the commands and echo statements from the service scripts on the -console. - -Afterwards, to see what services started successfully: -```bash -s6-rc -a list -``` -And what services failed to start: -```bash -s6-rc -da list -``` -To attempt to manually start a failed service: -```bash -s6-rc change servicename -``` From 0233d6c0ba5dd84ac1654ed6a54aa36d20a4d92f Mon Sep 17 00:00:00 2001 From: Gerrod Ubben Date: Thu, 14 Nov 2024 15:52:15 -0500 Subject: [PATCH 4/4] Add docs on building custom pulp images --- .../admin/guides/build-your-own-pulp-image.md | 147 ++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 docs/admin/guides/build-your-own-pulp-image.md diff --git a/docs/admin/guides/build-your-own-pulp-image.md b/docs/admin/guides/build-your-own-pulp-image.md new file mode 100644 index 00000000..5857ed9b --- /dev/null +++ b/docs/admin/guides/build-your-own-pulp-image.md @@ -0,0 +1,147 @@ +# Build your own Pulp image + +The Pulp images (`pulp/pulp` and `pulp/pulp-minimal`) come pre-installed with the set of plugins +we officially support. However, these images can be easily customized to suit your specific content +needs. + +## Change the versions of the plugins + +The easiest way to customize the images is to specify the plugin versions that should be used when +building them. Clone and check out the `pulp-oci-images` repository to use the following commands. + +```bash +# Using docker to build pulp/pulp with a custom pulpcore version +$ docker build --build-arg PULPCORE_VERSION="==3.65.0" --file images/pulp/Containerfile --tag pulp/pulp:custom +# Using buildah to build pulp/pulp-minimal & pulp-web with a custom pulp_gem version +$ buildah bud --build-arg PULP_GEM_VERSION=">=2.22.0" --file images/pulp-minimal/Containerfile.core --tag pulp/pulp-minimal:custom +$ buildah bud --build-arg FROM_TAG="custom" --file images/pulp-minimal/Containerfile.webserver --tag pulp/pulp-web:custom +``` + +## Add/remove plugins + +If you want to build a custom image with a different set of plugins then the official images you are +going to need to write a custom Containerfile. The Containerfiles for `pulp` and `pulp-minimal` +should be used as templates for creating your custom image. First clone and check out the +`pulp-oci-images` repository. Then create a new directory in the `images/` directory for your +custom image and copy over the corresponding Containerfile for the `pulp` or `pulp-minimal` image +into your new directory. See [Available Images](site:pulp-oci-images/docs/admin/reference/available-images/) +for more information on the difference between the two images. + +### pulp image customization + +Here is an example of a customized Containerfile for the multiprocess image. + +```dockerfile title="custom/Containerfile" +ARG FROM_TAG="latest" +# The multiprocess pulp image must inherit from pulp/pulp-ci-centos9 +# The tags follow pulpcore-versioning 3.Y(.Z), we recommend using "latest" +FROM pulp/pulp-ci-centos9:${FROM_TAG} + +# These are extra pip requirements needed to run Pulp +COPY images/assets/requirements.extra.txt /requirements.extra.txt + +# Here you customize the plugins and their versions that you want to install +RUN pip3 install --upgrade \ + pulpcore[s3,google,azure] \ + pulp-custom-plugin \ + -r /requirements.extra.txt \ + -c /constraints.txt && \ + rm -rf /root/.cache/pip + +# collectstatic makes the api browsable in a web browser +USER pulp:pulp +RUN PULP_STATIC_ROOT=/var/lib/operator/static/ PULP_CONTENT_ORIGIN=localhost \ + /usr/local/bin/pulpcore-manager collectstatic --clear --noinput --link +USER root:root + +# If you plugin has extra API routes you need to link them here into /etc/nginx/pulp/ +RUN ln $(pip3 show pulp_custom_plugin | sed -n -e 's/Location: //p')/pulp_custom_plugin/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_custom_plugin.conf + +# Add pulp-ui to the image, specified using a build-arg PULP_UI_URL +ARG PULP_UI_URL +ENV PULP_UI=${PULP_UI_URL:-false} +RUN \ + if [ -n "$PULP_UI_URL" ]; then \ + mkdir -p "${PULP_STATIC_ROOT}pulp_ui"; \ + curl -Ls $PULP_UI_URL | tar -xzv -C "${PULP_STATIC_ROOT}pulp_ui"; \ + fi +``` + +Build your custom `pulp` image + +```bash +# Run from the root of the pulp-oci-images/ repository +$ docker build --file images/custom/Containefile . --tag pulp/pulp:custom +``` + +### pulp-minimal customization + +Here is an example of a customized Containerfile for the single-process image. + +```dockerfile title="custom-minimal/Containerfile.core" +ARG FROM_TAG="latest" +# The single-process pulp-minimal image must inherit from pulp/base +# The tags follow pulpcore-versioning 3.Y(.Z), we recommend using "latest" +FROM pulp/base:${FROM_TAG} + +COPY images/assets/requirements.extra.txt /requirements.extra.txt +COPY images/assets/requirements.minimal.txt /requirements.minimal.txt + +# Here you customize the plugins and their versions that you want to install +RUN pip3 install --upgrade \ + pulpcore[s3,google,azure] \ + pulp-custom-plugin \ + -r /requirements.extra.txt \ + -r /requirements.minimal.txt \ + -c /constraints.txt && \ + rm -rf /root/.cache/pip + +# Prevent pip-installed /usr/local/bin/pulp-content from getting run instead of +# our /usr/bin/pulp-content script. +RUN rm -f /usr/local/bin/pulp-content + +# collectstatic makes the api browsable in a web browser +USER pulp:pulp +RUN PULP_STATIC_ROOT=/var/lib/operator/static/ PULP_CONTENT_ORIGIN=localhost \ + /usr/local/bin/pulpcore-manager collectstatic --clear --noinput --link +USER root:root + +# Correct the permissions needed for Pulp folders +RUN chmod 2775 /var/lib/pulp/{scripts,media,tmp,assets} +RUN chown :root /var/lib/pulp/{scripts,media,tmp,assets} +``` + +### pulp-web customization + +If you customize the `pulp-minimal` image you will also need to customize the `pulp-web` image. + +```dockerfile title="custom-minimal/Containerfile.webserver" +ARG FROM_TAG="custom" +# The web image must inherit from your custom pulp-minimal image, if you rename +# the image then you should rename it here, else we recommend changing the +# default FROM_TAG to your custom tag +FROM pulp/pulp-minimal:${FROM_TAG} as builder + +# Necessary directories for the web image +RUN mkdir -p /etc/nginx/pulp \ + /www/data \ + +# Here you should link every plugin that offers extra API routes to the +# /etc/nginx/pulp/ directory +RUN ln $(pip3 show pulp_custom_plugin | sed -n -e 's/Location: //p')/pulp_custom_plugin/app/webserver_snippets/nginx.conf /etc/nginx/pulp/pulp_custom_plugin.conf + +# The rest should be left untouched unless you want a different nginx image/configuration +FROM docker.io/centos/nginx-116-centos7:1.16 + +COPY --from=builder /etc/nginx/pulp/*.conf "${NGINX_DEFAULT_CONF_PATH}"/ + +# Run script uses standard ways to run the application +CMD nginx -g "daemon off;" +``` + +Afterwards you can build both images with these commands: + +```bash +$ docker build --file images/custom-minimal/Containerfile.core . --tag pulp/pulp-minimal:custom +$ docker build --build-arg FROM_TAG="custom" --file images/custom-minimal/Containerfile.webserver --tag pulp/pulp-web:custom +```