Pulp bootstrap runbook¶
This runbook explains the current Milestone 1 bootstrap flow for the low-side Ubuntu jammy mirror. The Azure happy path now targets Azure Container Apps. Local Docker Compose remains the fastest workstation validation path.
What the Azure wrapper does¶
automation/bootstrap/run_e2e.sh expands to this sequence:
python3 automation/bootstrap/prepare_container_apps.py --resource-group <rg>python3 automation/bootstrap/validate_upstream.py --allow-fallbackpython3 automation/bootstrap/deploy_container_apps.py --resource-group <rg> --upstream-url <resolved-url>- start the ACA
pulp-db-initjob and wait for it to succeed - wait for
https://<api-host>/pulp/api/v3/status/to return HTTP 200 - start the ACA
pulp-reconcilejob and wait for it to succeed - verify the three jammy
Releasefiles return HTTP 200
Artifacts land under artifacts/e2e/<timestamp>/, including validate_upstream.log, db-init-execution.json, reconcile-execution.json, and run_e2e.log.
Azure prerequisites¶
az logincomplete and target subscription selectedinfra/low-side/main.bicepalready deployed successfully- local Python dependencies installed:
enablePublicValidation=truefor the current wrapper flow
If this fails: missing Python dependencies map to R-10; ingress or CIDR issues map to R-23.
Step 1 — prepare ACA runtime secrets¶
This ensures the Key Vault contains the runtime secrets the ACA apps and jobs reference.
What you should see: secret creation or reuse messages and a clean exit.
If this fails: Key Vault permission issues map to R-16.
Step 2 — validate upstream reachability¶
The script checks the configured Ubuntu upstream, which defaults to archive.ubuntu.com.
What you should see: an export PULP_UBUNTU_REMOTE_URL=... line in the output.
If this fails: upstream or egress issues map to R-23.
Step 3 — build and deploy the ACA workloads¶
python3 automation/bootstrap/deploy_container_apps.py \
--resource-group <rg> \
--upstream-url <resolved-url>
This builds the derived image in ACR and deploys the pulp-api, pulp-content, pulp-worker, pulp-db-init, and pulp-reconcile ACA resources.
What you should see: a successful ACR build followed by a successful deployment of infra/low-side/containerapps.bicep.
If this fails: image build or deployment failures map to R-24.
Step 4 — initialize the database and publish content¶
The wrapper starts the jobs for you, but the underlying commands are:
az containerapp job start --resource-group <rg> --name <resource-suffix>-pulp-db-init
az containerapp job start --resource-group <rg> --name <resource-suffix>-pulp-reconcile
What you should see: both job executions reach Succeeded.
If this fails: inspect the execution JSON in artifacts/e2e/<timestamp>/ and see R-24.
Step 5 — validate the published endpoints¶
curl -s https://<api-host>/pulp/api/v3/status/ | jq .versions[0]
curl -I https://<content-host>/pulp/content/ubuntu/jammy/amd64/base/dists/jammy/Release
curl -I https://<content-host>/pulp/content/ubuntu/jammy/amd64/updates/dists/jammy-updates/Release
curl -I https://<content-host>/pulp/content/ubuntu/jammy/amd64/security/dists/jammy-security/Release
What you should see: HTTP 200 from the API status endpoint and all three Release files.
If this fails: authentication problems map to R-20; ingress issues map to R-23.
Local Docker validation¶
The local path is still useful when you want fast workstation feedback before pushing an Azure deployment:
docker compose --env-file runtime/compose/.env -f runtime/compose/docker-compose.yml config
docker compose --env-file runtime/compose/.env -f runtime/compose/docker-compose.yml up -d postgres redis pulp-api pulp-content pulp-worker
docker compose --env-file runtime/compose/.env -f runtime/compose/docker-compose.yml --profile runtime --profile bootstrap run --rm bootstrap
curl http://localhost:18080/pulp/api/v3/status/
That path validates the source-driven Pulp config, but it is no longer the Azure happy path.