unable to add pulp_rpmrepo (undefined method `each' for nil:NilClass)

[TJM]

We created our pulp server today and tried to use the pulp_rpmrepo provider to configure it, but it is getting the following error: (end of puppet agent -t --debug)

Debug: Prefetching api resources for pulp_rpmrepo
Debug: Storing state
Debug: Stored state in 0.05 seconds
Error: Failed to apply catalog: undefined method `each' for nil:NilClass
Debug: Dynamically-bound server lookup failed, falling back to report_server setting
Debug: Dynamically-bound port lookup failed; falling back to report_port setting
Debug: Using cached connection for https://mbi-foreman-01.utmb.lan:8140
Debug: Caching connection for https://mbi-foreman-01.utmb.lan:8140
Debug: Closing connection for https://mbi-foreman-01.utmb.lan:8140

Here is the relevant data:

---
pulp::debugging_mode: true
pulp::log_level: DEBUG
pulp::ssl_verify_client: optional
pulp::https_cert: /etc/puppetlabs/puppet/ssl/certs/%{::fqdn}.pem
pulp::https_key: /etc/puppetlabs/puppet/ssl/private_keys/%{::fqdn}.pem
pulp::https_chain: /etc/puppetlabs/puppet/ssl/certs/ca.pem
pulp::admin::verify_ssl: false
pulp::admin::logging_filename: /var/log/pulp/admin.log
pulp::admin::logging_call_log_filename: /var/log/pulp/server_calls.log

profile::pulp::rpmrepos:
  centos-7-x86_64-base:
    display_name: CentOS 7 x86_64 Base
    feed: http://mirror.centos.org/centos/7/os/x86_64/
    relative_url: centos/7/os/x86_64/
    remove_missing: true
    retain_old_count: 2
    serve_http: true
    serve_https: true
    validate: true
  centos-7-x86_64-updates:
    display_name: CentOS 7 x86_64 Updates
    feed: http://mirror.centos.org/centos/7/updates/x86_64/
    relative_url: centos/7/updates/x86_64/
    remove_missing: true
    retain_old_count: 2
    serve_http: true
    serve_https: true
    validate: true
  centos-7-x86_64-epel:
    display_name: CentOS 7 x86_64 EPEL
    feed: http://download.fedoraproject.org/pub/epel/7/x86_64/
    relative_url: epel/7/x86_64/
    remove_missing: true
    retain_old_count: 2
    serve_http: true
    serve_https: true
    validate: true

Here is the profile/manifests/pulp.pp:

class profile::pulp (
  $rpmrepos = {},
) {

# Repo: You will have to use upstream until pulp is online, then it can point to itself
#  include ::repos::pulp2
  include ::pulp::repo::upstream

  include ::apache
  include ::apache::mod::proxy
  include ::apache::mod::headers

  include ::pulp
  include ::pulp::admin

  # RPM Repos
  create_resources('pulp_rpmrepo', $rpmrepos)

  firewall { '100 INPUT allow http(s) from all':
    dport  => [ '80', '443' ],
    proto  => 'tcp',
    action => 'accept',
    chain  => 'INPUT',
  }

  firewall { '100 INPUT allow http(s) from all IPv6':
    dport    => [ '80', '443' ],
    proto    => 'tcp',
    action   => 'accept',
    chain    => 'INPUT',
    provider => 'ip6tables',
  }
}

In addition, I had to SSH in and run pulp-admin login -u admin using the "default_password" to populate /root/.pulp/user-cert.pem. Should that be necessary? (or am I missing something, the README.md is a bit thin) :)

~tommy

[ekohl]

Do you happen to have a line number where it went wrong?

Other than that I'm surprised you have to include apache and those modules since we include what we need. If we don't, that's a bug.

For the README expansion see #242.

[TJM]

@ekohl - Admittedly that part of the profile was 'inherited' config. It is probably not necessary. I will try removing it. It doesn't really give a line number with the error, but it works fine if I change the yaml key (such that profile::pulp::rpmrepos becomes undefined)

I even tried shortening the yaml to:

profile::pulp::rpmrepos:
  pulp-2-el7-x86_64:
    display_name: Pulp 2 Production Releases
    feed: https://repos.fedorapeople.org/repos/pulp/pulp/stable/2/7/x86_64/
    relative_url: pulp/stable/2/7/x86_64/
    gpg_key: https://repos.fedorapeople.org/repos/pulp/pulp/GPG-RPM-KEY-pulp-2

Still getting:

[root@mbi-pulp-01 ~]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for mbi-pulp-01.utmb.lan
Info: Applying configuration version '4de03acbb3fc11e7ecfefea8cf32f1a339105fbd'
Error: Failed to apply catalog: undefined method `each' for nil:NilClass
[root@mbi-pulp-01 ~]#

I also updated my pulp profile recently to include a few more things, one of which trusts the CA cert at the system level, which I read might be an issue in other issues.

class profile::pulp (
  $rpmrepos = {},
  $rpmrepos_defaults = {},
  $ca_cert = 'file:///etc/puppetlabs/puppet/ssl/certs/ca.pem'
) {

  # LVM: DataDisk Mounts - please see hieradata/role/pulp.yaml
  include ::lvm

  #  include ::repos::pulp2
  include ::pulp::repo::upstream

  include ::pulp
  include ::pulp::admin

  include ::ca_cert

  # Populate RPM-GPG-KEY files
  file {'/var/lib/pulp/static/rpm-gpg':
    ensure  => 'directory',
    owner   => 'apache',
    group   => 'apache',
    source  => "puppet:///modules/${module_name}/pulp/rpm-gpg",
    recurse => true,
  }

  # Trust CA Cert
  ca_cert::ca {'PulpCA':
    ensure => 'trusted',
    source => $ca_cert
  }

  # RPM Repos
  create_resources('pulp_rpmrepo', $rpmrepos, $rpmrepos_defaults)

  # Ordering
  Class['lvm'] -> Class['pulp'] -> File['/var/lib/pulp/static/rpm-gpg'] -> Ca_cert::Ca <| |> -> Pulp_rpmrepo <| |> -> Pulp_schedule <| |>

  # Firewall
  firewall { '100 INPUT allow http(s) from all':
    dport  => [ '80', '443' ],
    proto  => 'tcp',
    action => 'accept',
    chain  => 'INPUT',
  }

  firewall { '100 INPUT allow http(s) from all IPv6':
    dport    => [ '80', '443' ],
    proto    => 'tcp',
    action   => 'accept',
    chain    => 'INPUT',
    provider => 'ip6tables',
  }

  firewall { '200 OUTPUT allow http(s) to all':
    dport  => [ '80', '443' ],
    proto  => 'tcp',
    action => 'accept',
    chain  => 'INPUT',
  }

  firewall { '200 OUTPUT allow http(s) to all IPv6':
    dport    => [ '80', '443' ],
    proto    => 'tcp',
    action   => 'accept',
    chain    => 'INPUT',
    provider => 'ip6tables',
  }

  # firewall { '200 OUTPUT allow pulp/qpid ports from all':
  #   dport  => '5672',
  #   proto  => 'tcp',
  #   action => 'accept',
  #   chain  => 'INPUT',
  # }
}

[cristifalcas]

Can you remove the gpg_key line and try again? I think the error is from there. The provider tries to read that as a path on the disk.

[TJM]

Tried it, same error. Not sure why that would be a nil.each?

For what its worth, my data entries look like:

profile::pulp::rpmrepos:
  centos-7-x86_64-base:
    display_name: CentOS 7 x86_64 Base
    feed: http://mirror.centos.org/centos/7/os/x86_64/
    relative_url: centos/7/os/x86_64/
    gpg_key: /var/lib/pulp/static/rpm-gpg/RPM-GPG-KEY-CentOS-7
    remove_missing: true
    retain_old_count: 2
    serve_http: true
    serve_https: true
    validate: true
    repoview: false

... and I am populating /var/lib/pulp/static/rpm-gpg with puppet. (see manifest above)

[TJM]

for what its worth, I ran into a cyclic dependency issue today with this... In order to trust the CA certificate, you install the "ca-certificates" package, which, of course you have to get from pulp, with its untrusted SSL CA ... I had to make base and updates http for now till I figure that one out. :)

~tommy

[TJM]

Steps to reproduce

(READY)

1. start with a base centos 7 machine (DigitalOcean/AWS/etc)
2. bootstrap.sh (this was provided via user-data originally)

# Variables
hostname='test-pulp-01.test.lan'
role='pulp'
puppet_server='test-puppet-01.test.lan'

# Set hostname (Mostly for AWS)
[ -d /etc/cloud/cloud.cfg.d ] && echo "preserve_hostname: true" > /etc/cloud/cloud.cfg.d/99_hostname.cfg
hostnamectl set-hostname ${hostname}

# Updates and install Puppet Agent
yum -y update
yum -y install https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum -y install puppet-agent

## Role
#mkdir -p /etc/puppetlabs/facter/facts.d
#echo "role=$role" > /etc/puppetlabs/facter/facts.d/role.txt
cat > /etc/puppetlabs/puppet/csr_attributes.yaml << YAML
# custom_attributes:
#     1.2.840.113549.1.9.7: mySuperAwesomePassword
extension_requests:
    pp_role: ${role}
YAML

# Configure Puppet Agent
PATH=$PATH:/opt/puppetlabs/puppet/bin
augtool -s "set /files/etc/puppetlabs/puppet/puppet.conf/agent/server ${puppet_server}"
augtool -s "set /files/etc/puppetlabs/puppet/puppet.conf/agent/environment ${puppet_env}"
systemctl enable puppet

echo " *** Don't forget to \"reboot\" to apply updates ***"

3. reboot # (if updates installed)
4. In lieu of a proper puppet master, lets generate our own SSL cert, so that everything is in the same place

[root@test-pulp-01 ~]# hostname -f
test-pulp-01.test.lan
[root@test-pulp-01 ~]# puppet cert generate $(hostname -f)
Notice: Signed certificate request for ca
Notice: test-pulp-01.test.lan has a waiting certificate request
Notice: Signed certificate request for test-pulp-01.test.lan
Notice: Removing file Puppet::SSL::CertificateRequest test-pulp-01.test.lan at '/etc/puppetlabs/puppet/ssl/ca/requests/test-pulp-01.test.lan.pem'
Notice: Removing file Puppet::SSL::CertificateRequest test-pulp-01.test.lan at '/etc/puppetlabs/puppet/ssl/certificate_requests/test-pulp-01.test.lan.pem'
[root@test-pulp-01 ~]#

5. Install pulp module

• puppet module install katello-pulp
• cd /etc/puppetlabs/code/environments/production/modules
• rm -rf pulp
• yum -y install git
• yum -y install epel-release
  • I know I could have done this via puppet, but thats not what we are testing, and might be a bug all by itself.
• git clone https://github.com/Katello/puppet-pulp.git pulp

6. Populate local skeleton of puppet pulp profile and data

• mkdir -p /etc/puppetlabs/code/environments/production/modules/profile/manifests
• /etc/puppetlabs/code/environments/production/modules/profile/manifests/pulp.pp:

# profile::pulp
class profile::pulp (
  $rpmrepos = {},
  $rpmrepos_defaults = {},
) {
  # LVM: DataDisk Mounts - please see hieradata/role/pulp.yaml
  # include ::lvm
  #  include ::repos::pulp2
  include ::pulp::repo::upstream
  include ::pulp
  include ::pulp::admin

  # RPM Repos
  create_resources('pulp_rpmrepo', $rpmrepos, $rpmrepos_defaults)

  # Ordering
  #Class['lvm'] -> Class['pulp'] -> File['/var/lib/pulp/static/rpm-gpg'] -> Pulp_rpmrepo <| |> -> Pulp_schedule <| |>
  Class['pulp'] -> Pulp_rpmrepo <| |> -> Pulp_schedule <| |>

}

• /etc/puppetlabs/code/environments/production/hieradata/common.yaml

---
pulp::debugging_mode: true
pulp::log_level: DEBUG
pulp::ssl_verify_client: optional
pulp::https_cert: /etc/puppetlabs/puppet/ssl/certs/%{::fqdn}.pem
pulp::https_key: /etc/puppetlabs/puppet/ssl/private_keys/%{::fqdn}.pem
pulp::https_chain: /etc/puppetlabs/puppet/ssl/certs/ca.pem

pulp::admin::verify_ssl: false
pulp::admin::logging_filename: /var/log/pulp/admin.log
pulp::admin::logging_call_log_filename: /var/log/pulp/server_calls.log

profile::pulp::rpmrepos_defaults:
  remove_missing: true
  retain_old_count: 2
  serve_http: true
  serve_https: true
  validate: true
  repoview: false

profile::pulp::rpmrepos:
  centos-7-x86_64-base:
    display_name: CentOS 7 x86_64 Base
    feed: http://mirror.centos.org/centos/7/os/x86_64/
    relative_url: centos/7/os/x86_64/
    gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  centos-7-x86_64-updates:
    display_name: CentOS 7 x86_64 Updates
    feed: http://mirror.centos.org/centos/7/updates/x86_64/
    relative_url: centos/7/updates/x86_64/
    gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

7. APPLY!

• puppet apply --verbose -e 'include profile::pulp'

RESULTS:

Pulp is installed, but we got this error:

ERROR1:

Error: Failed to apply catalog: https request for repo "# threw exception No such file or directory @ rb_sysopen - /root/.pulp/user-cert.pem. Connection details: url=https://test-pulp-01.test.lan:443/pulp/api/v2/repositories///, cert_path=/root/.pulp/user-cert.pem.

WORKAROUND1:

• Get the password from /etc/pulp/server.conf
  • grep password /etc/pulp/server.conf
• Login to pulp-admin
  • pulp-admin login -u admin (paste password when prompted)

[root@test-pulp-01 modules]# grep ^default_password /etc/pulp/server.conf
default_password: (censored)
[root@test-pulp-01 modules]# pulp-admin login -u admin
Enter password:
Successfully logged in. Session certificate will expire at Jun  1 23:44:58 2017
GMT.

[root@test-pulp-01 modules]#
[root@test-pulp-01 modules]# ls -l /root/.pulp/user-cert.pem
-rw------- 1 root root 2120 May 25 23:44 /root/.pulp/user-cert.pem

• Run puppet apply again:
  • puppet apply --verbose -e 'include profile::pulp'

ERROR2:

Notice: Compiled catalog for test-pulp-01.test.lan in environment production in 2.88 seconds
Info: Applying configuration version '1495756029'
Error: Failed to apply catalog: undefined method `each' for nil:NilClass

• Change the rpmrepos to disable creation of repos
  • sed -i -e 's/rpmrepos:/DISABLErpmrepos:/' /etc/puppetlabs/code/environments/production/hieradata/common.yaml
• Puppet Apply

[root@test-pulp-01 modules]# puppet apply --verbose -e 'include profile::pulp'
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
Info: Loading facts
##(SNIP DEPRECATION WARNINGS FROM stdlib)###
Notice: Compiled catalog for test-pulp-01.test.lan in environment production in 2.80 seconds
Info: Applying configuration version '1495756252'
Notice: Applied catalog in 1.18 seconds
[root@test-pulp-01 modules]#

I hope this helps!

[ekohl]

With the following test.pp:

pulp_rpmrepo { 'centos-7-x86_64-base':
  display_name     => 'CentOS 7 x86_64 Base',
  feed             => 'http://mirror.centos.org/centos/7/os/x86_64/',
  relative_url     => 'centos/7/os/x86_64/',
  gpg_key          => '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7',
  remove_missing   => true,
  retain_old_count => 2,
  serve_http       => true,
  serve_https      => true,
  validate         => true,
  repoview         => false,
}

Then it applies succesfully:

[root@centos-7-x64 /]# puppet apply test.pp                  
Notice: Compiled catalog for centos-7-x64.example.com in environment production in 0.08 seconds
Notice: /Stage[main]/Main/Pulp_rpmrepo[centos-7-x86_64-base]/ensure: created
Notice: Applied catalog in 0.36 seconds

I extended the code in #248 with an additional acceptance test locally.

Could you create a repository using pure puppet code? I wonder if there's some odd conversion going on somewhere with hiera.

[TJM]

I added "test-" in front, to be sure it wasn't clashing with one of my manually added repos...

  # RPM Repos
  #create_resources('pulp_rpmrepo', $rpmrepos, $rpmrepos_defaults)

  pulp_rpmrepo { 'centos-7-x86_64-base':
    display_name     => 'CentOS 7 x86_64 Base',
    feed             => 'http://mirror.centos.org/centos/7/os/x86_64/',
    relative_url     => 'centos/7/os/x86_64/',
    gpg_key          => '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7',
    remove_missing   => true,
    retain_old_count => 2,
    serve_http       => true,
    serve_https      => true,
    validate         => true,
    repoview         => false,
  }

and the results:

[root@mbi-pulp-01 ~]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for mbi-pulp-01.utmb.lan
Info: Applying configuration version '93cc89a8d5f1b65adcb128f2e485e3e71291f800'
Error: Failed to apply catalog: undefined method `each' for nil:NilClass
[root@mbi-pulp-01 ~]#

still getting the same error :(

I wonder if there is something else (some other packages?) that are interfering somehow?

[root@mbi-pulp-01 ~]# rpm -q puppet-agent
puppet-agent-1.10.1-1.el7.x86_64

Not sure what to check next?

[ekohl]

I suspect you have something in your pulp database that the provider doesn't handle properly. I'm currently looking into them and clean them up a bit but for now my knowledge about them is still a bit limited.

[TJM]

I see (a/the) problem:

Here is a small portion of the "provider" (that has a .each)

  def self.instances
    all=[]
    @pulp = Puppet::Util::PulpUtil.new
    @pulp.get_repos.each { |repo|
      next if repo['notes']['_repo-type'] != 'rpm-repo'
      hash_properties = get_resource_properties(repo['id'])
      all << new(hash_properties)
    }
    all
  end

irb(main):001:0> require File.expand_path('../../../util/pulp_util', __FILE__)
=> true
irb(main):002:0>     all=[]
=> []
irb(main):003:0>     @pulp = Puppet::Util::PulpUtil.new
=> #<Puppet::Util::PulpUtil:0x00000001448df0 @config={:host=>"mbi-pulp-01.utmb.lan", :port=>"443", :api_prefix=>"/pulp/api", :verify_ssl=>"false", :cert_dir=>"~/.pulp", :cert_file=>"user-cert.pem"}>
irb(main):004:0> @pulp.get_repos
=> nil
irb(main):005

For what its worth, this has plenty of repos, using pulp-admin repo list, but maybe there should be a nil check there? Even if it just emitted a log entry saying it was unable to retrieve repos (which is a different problem)

On that whim, I tried tailing the weblogs and:

==> /var/log/httpd/pulp-https_access_ssl.log <==
172.21.50.219 - admin:admin:5924cd33b96b075501960280 [30/May/2017:17:20:33 +0000] "GET /pulp/api/v2/repositories/ HTTP/1.1" 401 552 "-" "Ruby"
Error: Failed to apply catalog: undefined method `each' for nil:NilClass

[ekohl]

That's not the only place where nils can show up and there are no checks for it.

[walkamongus]

@TJM the get_repos method doesn't use pulp-admin repo list but rather a direct API call: https://github.com/Katello/puppet-pulp/blob/master/lib/puppet/util/pulp_util.rb#L21

I dunno if this will affect the nil value or not...just noting that there maybe a response difference between the command and the API.

[TJM]

I moved my ~/.pulp/admin.conf aside (that had a username and password in it) and tried to use pulp-admin login -u admin ... which said it was successful:

[root@mbi-pulp-01 .pulp]# pulp-admin login -u
==> /var/log/httpd/pulp-https_access_ssl.log <==
172.21.10.49 - mbi-pulp-01 [30/May/2017:17:35:30 +0000] "GET /pulp/api/v2/consumers/mbi-pulp-01/ HTTP/1.1" 401 486 "-" "-"
admin
Enter password:

==> /var/log/httpd/pulp-https_error_ssl.log <==
[Tue May 30 17:35:39.165487 2017] [ssl:warn] [pid 24692] [client 172.21.10.49:33566] AH02227: Failed to set r->user to 'SSL_CLIENT_S_DN_CN'

==> /var/log/httpd/pulp-https_access_ssl.log <==
172.21.10.49 - - [30/May/2017:17:35:39 +0000] "POST /pulp/api/v2/actions/login/ HTTP/1.1" 200 2186 "-" "-"
Successfully logged in. Session certificate will expire at Jun  6 17:35:39 2017
GMT.

[root@mbi-pulp-01 .pulp]#

but...

[1]+  Running                 tail -f /var/log/httpd/*log &
[root@mbi-pulp-01 .pulp]# pulp-admin repo list
+----------------------------------------------------------------------+
                              Repositories
+----------------------------------------------------------------------+

172.21.10.49 - admin:admin:5924cd33b96b075501960280 [30/May/2017:17:39:45 +0000] "GET /pulp/api/v2/repositories/ HTTP/1.1" 401 552 "-" "-"
The specified user does not have permission to execute the given command

So, problems are...

1. PulpUtil should probably detect a 401 (Unauthorized) and emit some sort of error about it, which would make whatever error handling done in the provider make more sense.
2. There should be a nil? check on API calls before trying to run .each on them (provider)
3. My "out of the box" pulp doesn't appear to work with SSL Cert authentication. I did try the API call using curl, and it works with -u "admin:pass", but not --cert ~/.pulp/user-cert.pem (401 unauthorized)

[root@mbi-pulp-01 ~]# curl  -cert ~/.pulp/user-cert.pem -s -D - https://mbi-pulp-01.utmb.lan/pulp/api/v2/repositories/
HTTP/1.1 401 UNAUTHORIZED
Date: Tue, 30 May 2017 18:21:55 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 417
Content-Type: application/json; charset=utf-8

{"http_request_method": "GET", "exception": null, "error_message": "Authentication with username None failed: invalid SSL certificate.", "_href": "/pulp/api/v2/repositories/", "http_status": 401, "error": {"code": "PLP0027", "data": {"user": null}, "description": "Authentication with username None failed: invalid SSL certificate.", "sub_errors": []}, "traceback": null, "auth_error_code": "invalid_ssl_certificate"

The one thing that might be different then... according to my puppet manifest, I am using "repos::upstream" ... maybe I should not be?

[TJM]

Updating the curl line from above, --cert tommy :)

[root@mbi-pulp-01 .pulp]# curl  --cert ~/.pulp/user-cert.pem -s -D - https://mbi-pulp-01.utmb.lan/pulp/api/v2/repositories/
HTTP/1.1 401 UNAUTHORIZED
Date: Tue, 30 May 2017 18:38:20 GMT
Server: Apache/2.4.6 (CentOS)
Content-Length: 552
Content-Type: application/json; charset=utf-8

{"http_request_method": "GET", "exception": null, "error_message": "Authentication with username admin:admin:5924cd33b96b075501960280 failed: preauthenticated remote user is missing.", "_href": "/pulp/api/v2/repositories/", "http_status": 401, "error": {"code": "PLP0029", "data": {"user": "admin:admin:5924cd33b96b075501960280"}, "description": "Authentication with username admin:admin:5924cd33b96b075501960280 failed: preauthenticated remote user is missing.", "sub_errors": []}, "traceback": null, "auth_error_code": "pre_auth_remote_user_missing"}

[TJM]

https://www.redhat.com/archives/pulp-list/2016-March/msg00050.html

I took the SSLUsername SSL_CLIENT_S_DN_CN out of the config, and its happier now....

https://github.com/Katello/puppet-pulp/blob/master/manifests/apache.pp#L51-L62

https://github.com/Katello/puppet-pulp/blob/master/manifests/init.pp#L105-L106

I think I can workaround this by setting pulp::ssl_username: false in hieradata. I wonder if that "default" value needs adjusted?

[TJM]

OK, so I have solved Problem 3 (my SSL Cert auth/e was broken), but these are still up for grabs:

• PulpUtil should probably detect a 401 (Unauthorized) and emit some sort of error about it, which would make whatever error handling done in the provider make more sense.
• There should be a nil? check on API calls before trying to run .each on them (provider)

[ekohl]

I think I can workaround this by setting pulp::ssl_username: false in hieradata. I wonder if that "default" value needs adjusted?

I think it does. See #138 as well for why it's there but it's not a good default.

I wasn't aware (yet) that it does a direct API call. That makes me wonder if we should drop pulp-admin altogether and fully move to the API.

[walkamongus]

I would say either use the API or use pulp-admin for everything. I have a pulp rpm repo provider written that uses only API calls if anyone is interested. I am requiring the Puppet user to set login credentials in a file and these are used to login and retrieve certificates via the API whenever the user cert is expired.

[TJM]

@ekohl - Yes, #138 is the same issue I saw. The problem is the way that pulp server generates its auth certs is not compatible with whatever else is generating auth certs (guessing thats katello related).... and I do realize that I am using Katello/puppet-pulp, but I would say the default needs to change.

I agree with @walkamongus. I suggest going all one direction or the other. The pulp-admin command needs the ability to output "structured" data (json/xml/yaml), which would eliminate the need to write an API wrapper, but for now, fixing the API wrapper (pulp::util) to detect error conditions (maybe using yours) would be a good interim fix.

Tommy

[ccnifo]

I would say either use the API or use pulp-admin for everything.

I quite agree with that but it looks like each one is used when it's more relevant: state checking is done through the API (whose syntax fits better for that) and modifications are made much easier by using pulp-admin, which makes adding optional params easy.