From 67e8b2f219a8fddb35a2f3029250882ad99e7aaa Mon Sep 17 00:00:00 2001 From: pavanshekar Date: Mon, 20 Apr 2026 11:33:37 -0400 Subject: [PATCH] Add apache config support for /pypi --- src/roles/httpd/defaults/main.yml | 1 + src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 | 4 ++++ src/roles/httpd/templates/pypi.j2 | 7 +++++++ src/vars/base.yaml | 1 + src/vars/flavors/katello.yml | 1 + tests/httpd_test.py | 8 ++++++++ 6 files changed, 22 insertions(+) create mode 100644 src/roles/httpd/templates/pypi.j2 diff --git a/src/roles/httpd/defaults/main.yml b/src/roles/httpd/defaults/main.yml index 471fe0edb..7f4f7b35a 100644 --- a/src/roles/httpd/defaults/main.yml +++ b/src/roles/httpd/defaults/main.yml @@ -3,6 +3,7 @@ httpd_pulp_api_backend: http://localhost:24817 httpd_pulp_content_backend: http://localhost:24816 httpd_foreman_backend: http://localhost:3000 httpd_pub_dir: /var/www/html/pub +httpd_enabled_pulp_snippets: [] # MPM event module defaults httpd_server_limit: 25 diff --git a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 index af895755b..dfec667b5 100644 --- a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 +++ b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 @@ -68,6 +68,10 @@ ProxyPassReverse {{ httpd_pulp_content_backend }}/pulp/content +{% for httpd_pulp_snippet in httpd_enabled_pulp_snippets %} +{% include httpd_pulp_snippet+'.j2' %} +{% endfor %} + RequestHeader unset REMOTE_USER RequestHeader unset REMOTE-USER diff --git a/src/roles/httpd/templates/pypi.j2 b/src/roles/httpd/templates/pypi.j2 new file mode 100644 index 000000000..40c5257cb --- /dev/null +++ b/src/roles/httpd/templates/pypi.j2 @@ -0,0 +1,7 @@ + + RequestHeader unset X-CLIENT-CERT + RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT + RequestHeader set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME} + ProxyPass {{ httpd_pulp_api_backend }}/pypi timeout=600 + ProxyPassReverse {{ httpd_pulp_api_backend }}/pypi + diff --git a/src/vars/base.yaml b/src/vars/base.yaml index 99f4d3ea2..1926ebc6f 100644 --- a/src/vars/base.yaml +++ b/src/vars/base.yaml @@ -26,6 +26,7 @@ httpd_server_ca_certificate: "{{ server_ca_certificate }}" httpd_client_ca_certificate: "{{ client_ca_certificate }}" httpd_server_certificate: "{{ server_certificate }}" httpd_server_key: "{{ server_key }}" +httpd_enabled_pulp_snippets: "{{ ['pypi'] if 'pulp_python' in pulp_plugins else [] }}" pulp_content_origin: "https://{{ ansible_facts['fqdn'] }}" pulp_pulp_url: "https://{{ ansible_facts['fqdn'] }}" diff --git a/src/vars/flavors/katello.yml b/src/vars/flavors/katello.yml index bd87829c0..ca5cd86d0 100644 --- a/src/vars/flavors/katello.yml +++ b/src/vars/flavors/katello.yml @@ -5,4 +5,5 @@ flavor_features: - content/ansible - content/container - content/deb + - content/python - content/rpm diff --git a/tests/httpd_test.py b/tests/httpd_test.py index 76f5994fe..fe07d2d4d 100644 --- a/tests/httpd_test.py +++ b/tests/httpd_test.py @@ -63,6 +63,14 @@ def test_https_pulp_auth(server, certificates, server_fqdn): assert cmd.stdout == '200' +def test_https_pypi_endpoint(server, certificates, server_fqdn): + cmd = server.run(f"curl --cacert {certificates['server_ca_certificate']} https://{server_fqdn}/pypi/test/") + assert cmd.succeeded + # Verify route proxies to Pulp's Python plugin by checking for PythonDistribution in response + # (Rails or unconfigured routes would return different errors) + assert "PythonDistribution" in cmd.stdout + + def test_pub_directory_exists(server): pub_dir = server.file(HTTPD_PUB_DIR) assert pub_dir.exists