[Pulp-dev] Crane redirects - internal and external content

Mihai Ibanescu mihai.ibanescu at gmail.com
Thu Dec 21 16:45:33 UTC 2017 

Great point, Simon. Thank you for sharing that.

On Thu, Dec 21, 2017 at 8:26 AM, Simon Baatz <gmbnomis at gmail.com> wrote:

> On Tue, Dec 19, 2017 at 12:41:08PM -0500, Dennis Kliban wrote:
> >    Crane cannot perform a rewrite of the redirect URL at this time. This
> >    seems like a reasonable feature request. I recommend filing a story -
> >    we can discuss the feature details on there.
> >
>
> That would be a nice feature indeed.  In the meantime, you could try
> to let Apache rewrite the "Location" header used for redirection
> (using the mod_headers module in Apache 2.4).
>
> We did not fully test this (let alone use it in production), but for
> a test setup with Pulp & crane running in a VM and port forwardings
> (Host 5000 -> VM 5000, Host 9443 -> VM 443), we can 'docker pull' on
> the host from crane using the following Apache config:
>
> <VirtualHost *:5000>
>     Header edit Location "^https://[^/]+" "https://localhost:9443"
>     WSGIScriptAlias / /usr/share/crane/crane.wsgi
>     <Location /crane>
>         Require host localhost
>     </Location>
>     <Directory /usr/share/crane/>
>         Require all granted
>     </Directory>
> </VirtualHost>
>
> For example, without changing "Location", you would get this on
> the host:
>
> $ docker pull 127.0.0.1:5000/busybox:latest
> Trying to pull repository 127.0.0.1:5000/busybox ...
> Get https://default-bento-centos-74.vagrantup.com/pulp/docker/
> v2/busybox/manifests/list/latest: Not Found
>
> Using the cofiguration from above, you get:
>
> $ docker pull 127.0.0.1:5000/busybox:1.27.0-glibc
> Trying to pull repository 127.0.0.1:5000/busybox ...
> sha256:ebeb530823bf0f229b2e2559a1ea92298d7f1ce2efabd9030c5d2b1deac83af6:
> Pulling from 127.0.0.1:5000/busybox
> 02b2b239e358: Pull complete
>
>
> - Simon
>
>
> >    On Wed, Dec 13, 2017 at 11:29 AM, Mihai Ibanescu
> >    <[1]mihai.ibanescu at gmail.com> wrote:
> >
> >    Hi,
> >    In our current setup, we have a purely internal pulp deployment, that
> >    publishes to an NFS share.
> >    HTTP frontend machines handle the cert-based authn/authz and serve the
> >    content from the NFS share.
> >    We have an internal set of HTTP frontend machines, and an internal
> >    customer has access to published content for all development stages
> >    (dev/test/prod).
> >    We also have an external set of HTTP frontend machines, that handle
> >    external customer requests, and only serve the prod stage. Content
> from
> >    the internal NFS share is selectively rsynced into the external disk
> >    share.
> >    This all works great for rpm and such.
> >    I believe there is a problem with docker. We would have one internal
> >    and one external crane deployment, as expected. Content would be
> >    rsynced, as usual. However, because the redirect URL is "baked" into
> >    the redirect json files, the external Crane would redirect to the
> >    internal system, which is not helpful.
> >    We would prefer not to republish / recreate the redirect files in our
> >    transition from internal to external content.
> >    One way to handle this would be a Crane configuration option that
> >    directs crane to rewrite the redirect URL. In that case, internal and
> >    external crane systems would be configured differently.
> >    The questions:
> >    * Is there such an option in Crane? (looking at the code, I believe
> the
> >    answer is no)
> >    * Is there a feature request for something like this already?
> >    * If not, do you agree what I've described above is a valid customer
> >    use case, and should I file it as a feature request?
> >    Thanks!
> >    Mihai
> >
> >      _______________________________________________
> >      Pulp-dev mailing list
> >      [2]Pulp-dev at redhat.com
> >      [3]https://www.redhat.com/mailman/listinfo/pulp-dev
> >
> > References
> >
> >    1. mailto:mihai.ibanescu at gmail.com
> >    2. mailto:Pulp-dev at redhat.com
> >    3. https://www.redhat.com/mailman/listinfo/pulp-dev
>
> > _______________________________________________
> > Pulp-dev mailing list
> > Pulp-dev at redhat.com
> > https://www.redhat.com/mailman/listinfo/pulp-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20171221/2c6270d1/attachment.htm>

More information about the Pulp-dev mailing list