[Pulp-list] Pulp 2: Docker rsync distributors & Crane

Dennis Kliban dkliban at redhat.com
Mon Jun 11 12:25:39 UTC 2018 

On Wed, Jun 6, 2018 at 9:11 AM, Simon Baatz <gmbnomis at gmail.com> wrote:

> We looked into Pulp's Docker support recently and ran into surprising
> problems.
>
> Our setup is probably not the usual Pulp & Crane setup: We have
> detached content servers to which Pulp pushes yum and iso repositories
> using rsync distributors. The content servers are static web servers
> that make the repos available to clients.
>
> We planned to run Crane directly on the content servers using the new
> URL rewriting feature (we would like to avoid using a full blown Pulp
> installation on those servers). However, this does not seem to work
> out of the box:
>
> - For rpm and iso repos, the rsync publisher uses the output of the
>   web publisher (pre-distributor). In contrast, the docker rsync
>   distributor has the web distributor as post-distributor. The
>   generated tree on the rsync destination can not be used by Crane as
>   the redirect files are missing.
>
>   I understand that it makes sense to have a web post-distributor if
>   Crane runs on the Pulp node (or a node with a shared file
>   system). But is there a reason why the docker rsync distributor
>   does not distribute the redirect files?
>
>
We did not have a use case for distributing the redirect files. This would
be a good feature to add. If you are interested in adding this
functionality, you should start by filing a Story on pulp.plan.io. Reply
with the issue link here and we can work out the details on the ticket.


> - The documentation [0] describes authentication for Crane, but this
>   authenticates only the redirects delivered by Crane. When adding
>   basic authentication to the actual content, the Docker daemon will
>   fail. Apparently, it does not add the credentials when following the
>   redirections.
>
>   Is there a way to enable protection for both the redirections and
>   content? (I know that crane 3.2.0 supports Akamai CDN tokens, but
>   that does not help with a local server.)
>
>
There is not a way to add content protection for the content itself right
now.


>
> [0] https://docs.pulpproject.org/plugins/crane/index.html#user-
> authentication
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20180611/0854442e/attachment.htm>

More information about the Pulp-list mailing list