=========================
Pulp 2.6 Release Notes
=========================

Pulp 2.6.5
==========

* Pulp now connects to Qpid with the ANONYMOUS SASL authentication mechanism by
  default. This aligns with Qpid's default behavior.

* A new setting named ``login_method`` has been added to the ``[tasks]`` section of server.conf.
  See server.conf docs for more details.

Bug Fixes
---------

This is a minor release which contains bug fixes for :fixedbugs:`these issues <2.6.5>`.

Pulp 2.6.4
==========

Pulp 2.6.4 is an important security update. It fixes
:fixedbugs:`one issue <2.6.4>`.

A security flaw (CVE-2015-5263) was discovered in Pulp's consumer
management system. When the pulp-consumer CLI is used to register to the
Pulp server, it downloads a public key from the Pulp server and stores
it locally. Later when the Pulp server sends messages to the client via
a message broker to instruct it to perform commands, it will use the
corresponding private key to sign the messages. The client checks the
signatures before executing the instructions to ensure that the messages
came from the Pulp server and not from an attacker.

Versions of pulp-consumer-client between 2.4.0 and 2.6.3 do not check
the server's TLS certificate signatures when retrieving the server's
public key upon registration:

https://github.com/pulp/pulp/blob/aa432bf58497b5e3682333b1d5f5ae4f45788a61/client_consumer/pulp/client/consumer/cli.py#L103

This allows a man in the middle to inject their own message signing
key and to then perform administrative actions on the machine, if they
are able to send messages through the message broker.

Austin Macdonald fixed this issue in this commit by using our
pulp.bindings library as the rest of our CLI does:

https://github.com/pulp/pulp/commit/b542d7465f7e6e02e1ea1aec059ac607a65cefe7#diff-17110211f89c042a9267e2167dedd754

Users who do not use pulp-consumer are not affected by this issue.

Thanks to Austin Macdonald for writing the fix, to Dennis Kliban for making
our beta and release build, and to Preethi Thomas for testing our
releases!

Pulp 2.6.3
==========

Pulp 2.6.3 is released with packages for Fedora 22 and Fedora 21. Support for
Fedora 20 has been dropped. Please see the `Fedora lifecycle
<https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule>`_
for more detail.

Bug Fixes
---------

This is a minor release which contains bug fixes for :fixedbugs:`these issues <2.6.3>`.

Pulp 2.6.2
==========

Bug Fixes
---------

This is a minor release which contains bug fixes for :fixedbugs:`these issues <2.6.2>`.

Pulp 2.6.1
==========

Bug Fixes
---------

This is a minor release which contains bug fixes for :fixedbugs:`these issues <2.6.1>`.

Improvements
------------

- Pulp has been fully tested in a clustered configuration. A new section of documentation titled
  :ref:`Clustering Pulp <clustering>` is available with more detail on configuring this type of Pulp
  deployment.

- One area of improvement relates to upgrades. Starting with 2.6.1, Pulp processes `pulp_workers`,
  `pulp_celerybeat`, and `pulp_resource_manager` are stopped on upgrade or removal of the
  `pulp-server` package. After upgrading, you must restart all Pulp related services.


Pulp 2.6.0
===========

New Features
------------

- Pulp now supports `RabbitMQ`_ as its task message broker. See the inline comments in
  ``/etc/pulp/server.conf`` for instruction on configuring Pulp to use RabbitMQ.

- Pulp now allows user credentials to be read from user's ``~/.pulp/admin.conf``.
  This should allow pulp-admin to be automated more easily and more securely.
  Please see our :ref:`authentication` documentation for details.

- Pulp no longer requires additional configuration of Qpid after installation.
  It now works with the ANONYMOUS authentication mechanism. Users can still use a
  username/password however if they set up a SASL database as described in the
  installation document.

- Additional status information is available via the status API.  More
  information is available in the :ref:`status API document <getting_the_server_status>`.

.. _RabbitMQ: https://www.rabbitmq.com/

Deprecation
-----------

 * The ``cancel_publish_repo`` method provided by the ``Distributor`` base plugin class is
   deprecated and will be removed in a future release. Read more about the
   :ref:`plugin cancellation changes <plugin_cancel_now_exits_behavior_change>`.

 * The ``cancel_publish_group`` method provided by the ``GroupDistributor`` base plugin class is
   deprecated and will be removed in a future release. Read more about the
   :ref:`plugin cancellation changes <plugin_cancel_now_exits_behavior_change>`.

 * The ``cancel_sync_repo`` method provided by the ``Importer`` base plugin class is deprecated and
   will be removed in a future release. Read more about the
   :ref:`plugin cancellation changes <plugin_cancel_now_exits_behavior_change>`.

 * The ``api_version`` field that is returned by the ``/status`` API is
   deprecated and will be removed in a future release.

 * The python-gofer-amqplib package was discontinued in gofer 2.4. Installations must replace
   python-gofer-amqplib with python-gofer-amqp if installed.


.. _2.5.x_upgrade_to_2.6.0:

Upgrade Instructions for 2.5.x --> 2.6.0
-----------------------------------------

Prior to upgrading, all tasks must be stopped. One way to accomplish this is to stop all
`pulp_workers`, `pulp_celerybeat`, and `pulp_resource_manager` processes and then list the current
tasks using:

::

    pulp-admin tasks list

Any task that is in the "Running" or "Waiting" state should be canceled by its <uuid> using:

::

    pulp-admin tasks cancel --task-id <uuid>

After all tasks have been canceled upgrade the packages using:

::

    sudo yum update

After yum completes you should migrate the database using:

::

    sudo -u apache pulp-manage-db

After the database migrations finish, restart `httpd`, `pulp_workers`, `pulp_celerybeat`, and
`pulp_resource_manager`.

Bugs
----

This release has fixes for :fixedbugs:`these issues <2.6.0>`.

Known Issues
------------

* An issue in the pulp (gofer) agent plugin *can* cause in-progress RMI requests to be
  discarded when `goferd` is restarted. Should this occur, an entry is written to the system log
  on the consumer. On the Pulp server, the associated task will appear to never complete.
  This has been fixed in Pulp 2.6.1.

* Version 2.5 of the python-gofer-amqp messaging adapter, which is used to support RabbitMQ,
  contains a regression. It pertains to the reconnect logic. Depending on how a connection
  error manifests itself, it *can* result in a traceback during reconnect. Should this occur,
  The logged traceback would contain: `RuntimeError: maximum recursion depth exceeded`.
  This issue has already been fixed in Gofer upstream and will be included with Pulp 2.6.1.

Client Changes
--------------

Agent Changes
-------------

Rest API Changes
----------------

* A new `Task Report` attribute named `worker_name` is introduced that holds the name of the worker
  a task is associated with. Previously the worker name was stored in a `Task Report` attribute
  named `queue`. The `queue` attribute now correctly records the queue a task is put in. The
  `queue` attribute is deprecated and will be removed from the `Task Report` in a future Pulp 
  version.

* The URL for the content catalog entries ``/v2/content/catalog/<source-id>`` is missing
  the trailing '/' and has been deprecated. Support for the URL ``/v2/content/catalog/<source-id>/``
  has been added.

* A new API call is added to search profile attributes for all consumer profiles using the
  Search API. ``/pulp/api/v2/consumers/profile/search/``. With this API call all the unit profiles
  can be retrieved at one time instead of querying each consumer through
  ``/v2/consumers/<consumer_id>/profiles/``. It is also possible to query for a single package
  across all consumers.

Binding API Changes
-------------------

Plugin API Changes
------------------

.. _plugin_cancel_now_exits_behavior_change:

**Plugin Cancellation Changes**

    Cancel now exits immediately by default. The ``cancel_publish_repo``, ``cancel_publish_group``,
    and ``cancel_sync_repo`` methods provided by the ``Distributor``, ``GroupDistributor``, and
    ``Importer`` base plugin classes now provide a behavior that exits immediately by default.
    Previously these methods raised a NotImplementedError() which required plugin authors to
    provide an implementation for these methods. These methods will be removed in a future version
    of Pulp, and all plugins will be required to adopt the exit-immediately behavior.

    A cancel can occur at any time, which mean that in a future version of Pulp any part of plugin
    code can have its execution interrupted at any time. For this reason, the following
    recommendations should be adopted by plugin authors going forward in preparation for this
    future change:

     * Group together multiple database calls that need to occur together for database consistency.

     * Do not use subprocess. If your plugin code process gets cancelled it could leave orphaned
       processes.

     * Assume that plugin code which is supposed to run later may not run.

     * Assume that the previous executions of plugin code may not have run to completion.

Thank You
---------

Thank you to all of Pulp's contributors, especially these new ones!

- Adam D.
- Andrea Giardini
- Andreas Schieb
- Ina Panova
- Michael Moll
- Patrick Creech
- Vijaykumar Jain
