[Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?
Brian Bouterse
bmbouter at redhat.com
Fri May 7 14:51:06 UTC 2021
awwww yisssss
On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar <faguiard at redhat.com> wrote:
> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
> latest as is, and the new tag: https
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam <https://www.redhat.com/>
> +55 22 999000595
>
>
>
> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse <bmbouter at redhat.com>
> wrote:
>
>> +1 to this observation, we probably need to either ship both or make it
>> configurable somehow. Shipping both is probably easier on users.
>>
>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg <mdellweg at redhat.com>
>> wrote:
>>
>>> This is a great piece of work!
>>> The problem I see is that the SSL free container image may be used in
>>> places we do not control. And having this http based container equipped
>>> with an external https reverse proxy is imho a valid use case.
>>> Therefore i would prefer, if we could provide both versions of the image
>>> (with and without SSL) as different tags.
>>> This would also give us the opportunity to switch the plugins one by one
>>> to use the new container.
>>> Ideally, the SSL container would be a thin OCI-layer on top of the http
>>> version.
>>>
>>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar <faguiard at redhat.com>
>>> wrote:
>>>
>>>> I finally made pulp_container CI work with https,
>>>> I also did some changes on pulp_installer, I believe these changes will
>>>> make it possible to run functional tests on dev environment.
>>>>
>>>> I think now it is a matter of deciding when is the best time to merge
>>>> the PR on the single container and if latest tag should be https or not
>>>>
>>>> PRs:
>>>> https://github.com/pulp/pulp-oci-images/pull/73
>>>> https://github.com/pulp/pulp_installer/pull/614
>>>> https://github.com/pulp/plugin_template/pull/379
>>>> https://github.com/pulp/pulpcore/pull/1283
>>>> https://github.com/pulp/pulp_container/pull/304
>>>> https://github.com/pulp/pulp_rpm/pull/1977
>>>> https://github.com/pulp/pulp_ansible/pull/572
>>>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>>>
>>>> Best regards,
>>>> Fabricio Aguiar
>>>> Software Engineer, Pulp Project
>>>> Red Hat Brazil - Latam <https://www.redhat.com/>
>>>> +55 22 999000595
>>>>
>>>>
>>>>
>>>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar <faguiard at redhat.com>
>>>> wrote:
>>>>
>>>>> I created https branch:
>>>>> https://github.com/pulp/pulp-oci-images/tree/https
>>>>> and pushed the following images:
>>>>> - pulp/pulp-ci-centos:https
>>>>> - pulp/pulp:https
>>>>>
>>>>> Now we can test on the plugins,
>>>>> I followed your suggestion and did it on pulp_npm:
>>>>> https://github.com/pulp/pulp_npm/pull/89
>>>>>
>>>>> Best regards,
>>>>> Fabricio Aguiar
>>>>> Software Engineer, Pulp Project
>>>>> Red Hat Brazil - Latam <https://www.redhat.com/>
>>>>> +55 22 999000595
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Apr 27, 2021 at 9:25 AM David Davis <daviddavis at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> This is great. Thank you for working on it.
>>>>>>
>>>>>> As a next step, would it make sense to create a branch and then try
>>>>>> to deploy a new temporary tag from that branch? Then maybe we can test a
>>>>>> plugin (eg pulp_npm) against this new image and see what breaks.
>>>>>>
>>>>>> David
>>>>>>
>>>>>>
>>>>>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <faguiard at redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
>>>>>>> It enables https on the single container, once merged, the CI for
>>>>>>> every plugin will run the functional tests using https.
>>>>>>> Probably it would break the majority of the CIs, we need to discuss
>>>>>>> when is the best moment to merge this PR or discuss alternatives
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Fabricio Aguiar
>>>>>>> Software Engineer, Pulp Project
>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/>
>>>>>>> +55 22 999000595
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar <faguiard at redhat.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Our nginx conf only supports http now:
>>>>>>>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
>>>>>>>> For not breaking all plugins, I believe we can build a new CI image
>>>>>>>> that supports https.
>>>>>>>> Maybe a template_config parameter - test_https: true would switch
>>>>>>>> the images
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Fabricio Aguiar
>>>>>>>> Software Engineer, Pulp Project
>>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/>
>>>>>>>> +55 22 999000595
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg <
>>>>>>>> mdellweg at redhat.com> wrote:
>>>>>>>>
>>>>>>>>> I believe this is at least solving the problem partially:
>>>>>>>>>
>>>>>>>>> https://github.com/pulp/pulp-smash/pull/1251
>>>>>>>>>
>>>>>>>>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse <bmbouter at redhat.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> I believe all of our plugins (and CI) require HTTP and do not
>>>>>>>>>> work with HTTPS. I'm not well versed in what needs to be done to fix this,
>>>>>>>>>> but I think we should fix it.
>>>>>>>>>>
>>>>>>>>>> Can the CI group have a 30 min call to talk over what needs to be
>>>>>>>>>> done? Or maybe share some info here?
>>>>>>>>>>
>>>>>>>>>> The main issue I'm aware of is that the tests are not prepared to
>>>>>>>>>> trust an https certificate that is self-signed. I'm not exactly sure where
>>>>>>>>>> we can change that in one place either.
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>> Brian
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Pulp-dev mailing list
>>>>>>>>>> Pulp-dev at redhat.com
>>>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Pulp-dev mailing list
>>>>>>>>> Pulp-dev at redhat.com
>>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>> Pulp-dev mailing list
>>>>>>> Pulp-dev at redhat.com
>>>>>>> https://listman.redhat.com/mailman/listinfo/pulp-dev
>>>>>>>
>>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20210507/37d93ee6/attachment.htm>
More information about the Pulp-dev
mailing list