[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pulp-list] Repo Sync Filters

Hi Jake,

On Mon, 01 Jul 2013 12:37:11 -0400, Jake Davis <jake imapenguin com> wrote:
Thanks for the clarification. I can work with that. 
It brings up a couple of question in regards to automation. In essence I will want to do something like copy all units from upstream that are not already in testing (minus "kernel-*").  Do I need to manually determine the delta between upstream and testing to craft my filter, or is there some way to automatically avoid copying duplicate units? Or is the nature of the storage such that copying is too cheap to concern ourselves with duplicate operations? Examples would be quite valuable :)

There is probably not a great way to automatically avoid calling copy on duplicate units, but copying in Pulp is a very cheap operation, especially when the unit is already associated with the destination repository. It should be fast enough that it's not worth trying to avoid copying duplicates, because it is very likely a no-op. I should mention that things will get more expensive if dependency resolution is involved.

Also, I can schedule a sync but not a copy operation. Would I need to pass --password on the command line to automate, or is there another way that doesn't involve human intervention?

pulp-admin login will retrieve a certificate that can be used for a while to authenticate against the API, so that subsequent calls to pulp-admin don't need the --password flag. There are a few caveats to using this approach:

1) The certificate does expire, I think every two weeks. I am not sure if this is currently configurable.

2) You would need to call login with the same user that will be performing the automated calls.

3) Due to a bug[0], the authentication certificates are stored world-readable by default, so you might wish to chmod them to 600.

All of this is weighed against the security risk of using the --password on the command line, since process arguments are available for users on the system to read.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=980506

Randy Barlow

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]