Pulp 3.11 is now Generally Available!
For a full list of bug fixes and changes that occurred as part of this release, see the changelog for this release in the Pulpcore documentation.
New in Pulp 3.11
Let’s take a look at the main features of this release.
New Artifacts Checksum Reports #7986
You can now evaluate how many content units are affected by a checksum type change by using the ‘pulpcore-manager handle-artifact-checksums –report’ command.
You can simply run this command, or run it with the --checksums
and include a comma-sseparated list of the checksums that you want to use.
With this report, you can preview the impact of any change you want to make before you change the setting.
This new feature is currently a tech preview.
Proxy Authorization Updates #8167
In previous versions of Pulp, the only way to specify a proxy username and password was to append them in the proxy_url
fields.
With this release, there are two new fields: proxy_username
and proxy_password
for remotes that you can use to enter your credentials. As a result of this change, you can no longer specify credentials as part of the proxy_url
field.
A data migration will move the proxy authentication information on existing remotes to the new fields.
Worker timeout is now configurable #8291
In previous versions of Pulp, worker timeout was hardcoded as 30 seconds. Depending on the system, and the I/O of Postgresql, this hardcoded value caused problems.
As part of this release, a new setting WORKER_TTL
has been added. You can specify the interval, in seconds, that you consider a worker as missing after its last heartbeat. The default value is 30 seconds.
You can edit the WORKER_TTL
setting in settings.py
.
QueryExistingArtifacts now enforces ALLOWED_CONTENT_CHECKSUMS #7854
An error will now occur if you sync content that includes a checksum that is not part of ALLOWED_CONTENT_CHECKSUMS
.
handle-artifact-checksums - now fully supported #7928
The handle-artifact-checksums
, command, which was introduced as a tech preview is now a fully-supported part of Pulp 3.
Update to /pulp/api/v3/status/
In earlier versions of Pulp plugins, /pulp/api/v3/status/
listed Python package names instead of Django app names.
With this release, the component
field of the versions
section of the status API /pulp/api/v3/status/
now lists the Django app name, not the Python package name. Similarly the OpenAPI schema at /pulp/api/v3
does also. To support this change, plugins are required to supply their label and version in the PulpPluginAppConfig
since 3.10. #8198
Removals
The following items have been removed from Pulpcore as part of this release:
Sensitive data removed from Remote responses #8202
Removed sensitive fields username
, password
, and client_key
from Remote responses. You can still set and update these fields, but they will no longer be readable.
Removed md5
and sha1
from ALLOWED_CONTENT_CHECKSUMS #8246
The md5
and sha1
checksums have been removed from theALLOWED_CONTENT_CHECKSUMS
setting because they are insecure.
With this release, the default ALLOWED_CONTENT_CHECKSUMS
contain sha224
, sha256
,sha384
, and sha512
.
Systems with existing Artifacts will undergo an automatic update as part of this release #8322
Due to the removal of md5
and sha1
from the ALLOWED_CONTENT_CHECKSUMS
setting, every system that had any Artifacts synced prior to Pulpcore 3.11 will have to run the pulpcore-manager handle-content-checksums
command. This release provides an automatic data migration that will run the command automatically as part of the pulpcore-manager migrate
command all upgrades must run anyway.
The key field of SigningService #8398
The key
field from the SigningService response has been removed. The SigningService contains the key information in the public_key
field already.
Addressing AccessPolicy via the viewset’s classname#8397
The ability to address AccessPolicy
using the viewset’s classname. Use the Viewset’s urlpattern
instead.
Plugin developer updates #7815
This release includes the following updates to the plugin API.
Plugin developers now have the flexibility to use more than one WorkingDirectory()
within a task, which includes nested calls. Tasks will also now use a temporary working directory by default.
Use pulpcore.app.pulp_hashlib
instead of hashlib.new
#7984
A new pulpcore.app.pulp_hashlib
module has been added, which provides the new
function and ensures that only allowed hashes listed in ALLOWED_CONTENT_CHECKSUMS
can be instantiated. Plugin writers should use this instead of hashlib.new
to generate checksum hashers.
New method for querying content #8375
Add a get_content
method to pulpcore.plugin.models.RepositoryVersion
that accepts a queryset and returns a list of content in that repository using the given queryset.
This allows for specific content type to be returned by executing repo_version.get_content(content_qs=MyContentType.objects)
.
Plugin API Removals
- Adjusted the
ALLOWED_CONTENT_CHECKSUMS
setting to removemd5
andsha1
because they are insecure. Now, by default, theALLOWED_CONTENT_CHECKSUMS
containsha224
,sha256
,sha384
, andsha512
. #8246 - Removed the unused
get_plugin_storage_path
method. #8343
Plugin API Deprecations
The pulpcore.plugin.tasking.WorkingDirectory
has been deprecated. #8231
If you have any questions or comments about anything in this release, don’t hesitate to write to us at pulp-list@redhat.com
.