Pulp OSTree Project Planning

## Milestone: OSTree Commit Delivery -1. Image Builder to be configured with an uber ceritificate or other authN to allow Pulp to AuthZ for push/pull. * https://issues.redhat.com/browse/HMS-2517 and https://issues.redhat.com/browse/HMS-2518 (pulp secrets configured in IB workers) covers talking to the API but not pulling content. * For content (e.g. pulling ostree commits), we will need a certificate with access to all content. This will require changes in osbuild. * Task: Use arbitrary certificate path for pulling ostree commit. https://issues.redhat.com/browse/HMS-2798 0. Image builder to set correlation ID header when interacting with Pulp dependency: None https://issues.redhat.com/browse/HMS-2799 1. Image builder configure content guards to protect Pulp Distributions/Repositories dependency: (8)(2) * Create content guard * Associate with Pulp Distributions https://issues.redhat.com/browse/HMS-2800 2. Image builder uploads ostree repo to Pulp instead of S3 epic: https://issues.redhat.com/browse/HMS-2340 dependency: None * Image builder support both the old build and new build architecture simultaneously * Old and new can be specified via API * Create Pulp Distributions for each OSTree repository version created task: https://issues.redhat.com/browse/HMS-2701 * definition of done is deployed in staging estimate: no estimate, almost done * https://github.com/osbuild/osbuild-composer/pull/3636 https://issues.redhat.com/browse/HMS-2801 3. Edge tells image builder to upload repo to Pulp instead of S3 dependency: (2)(6) story points estimate: 3 https://issues.redhat.com/browse/HMS-2802 4. Edge uses the Pulp url for doing the iso request for a specific version dependency: (2)(6) story points estimate: 3 https://issues.redhat.com/browse/HMS-2803 5. Edge knows for any image set if it uses the old or new style build process dependency: (2)(6) story points estimate: 5 * what type of storage for the commit * what type of storage for the iso https://issues.redhat.com/browse/HMS-2804 6. Edge feature flag to determine if new image builds are to use the new or old style building method dependency: None story points estimate: 1 https://issues.redhat.com/browse/HMS-2805 7. Edge trigger of device updates needs to change the playbook to be able to use the new style method dependency: (2)(6) story points estimate: 5 https://issues.redhat.com/browse/HMS-2806 8. Pulp needs a content guard to authorize based on the identity headers from insights certificates dependency: None story points estimate: 3 https://issues.redhat.com/browse/HMS-2807 9. Pulp configured with correlation ID header set to the request ID <---- CLOSED ALREADY DONE dependency: None story points estimate: 3 https://issues.redhat.com/browse/HMS-2808 10. Pulp is configured to allow Image Builder works to push/pull OSTree content dependency: None story points estimate: 3 https://issues.redhat.com/browse/HMS-2809 11. Image builder is configured to submit the cert authN when pulling OSTree content from Pulp dependency: 10 story points estimate: https://issues.redhat.com/browse/HMS-2810 ## Milestone: ISO Delivery 1. Image Builder accepts a commit hash along with the URL for the repository URL depends: None estimate: 1 https://issues.redhat.com/browse/HMS-2823 2. Image builder builds ISO with all the edge features in the kickstart file * User config (username, ssh key, disable password) * Activation key depends: None estimate: 5 https://issues.redhat.com/browse/HMS-2824 <------ CLOSED AS DUPLICATE 3. Image Builder uploads the ISO into Pulp and hands a URL for the ISO to Edge. depends: None estimate: 3 https://issues.redhat.com/browse/HMS-2825 4. Edge no longer explodes the ISO to inject a new kickstart. depends: 2 estimate: 3 https://issues.redhat.com/browse/HMS-2826 <---- closed as duplicate of an existing issue 5. Pulp is configured to protect iso files with cert auth depends: None estimate: 3 https://issues.redhat.com/browse/HMS-2828 6. User will need to be able to download the iso when it's hosted on Pulp instead of S3 via the browser depends: 3, 5 estimate: 1 https://issues.redhat.com/browse/HMS-2829 <---- closed as a duplicate 7. Edge sends the hash with the repo URL when requesting an ISO build depends: 1 estimate: 3 https://issues.redhat.com/browse/HMS-2827 ## Milestone: migration of existing Image Set off AWS -> Pulp Estimate: 6 month ## Milestone: UI Refactor???? ## Questions When is `rpm-ostree rebase` used? A: When upgrading from EL8 -> EL9, rebase is used, otherwise it's upgrade/deploy