[Pulp-list] Pulp 2: Docker rsync distributors & Crane
Simon Baatz
gmbnomis at gmail.com
Wed Jun 13 13:48:04 UTC 2018
On Mon, Jun 11, 2018 at 08:25:39AM -0400, Dennis Kliban wrote:
> On Wed, Jun 6, 2018 at 9:11 AM, Simon Baatz <[1]gmbnomis at gmail.com>
> ...
>
> We did not have a use case for distributing the redirect files. This
> would be a good feature to add. If you are interested in adding this
> functionality, you should start by filing a Story on [2]pulp.plan.io.
> Reply with the issue link here and we can work out the details on the
> ticket.
I am not sure whether we can contribute this feature (in the end this
depends on the complexity). As suggested, I created story #3761 (at
[1]) to find out the details and how complex this will be.
> - The documentation [0] describes authentication for Crane, but this
> authenticates only the redirects delivered by Crane. When adding
> basic authentication to the actual content, the Docker daemon will
> fail. Apparently, it does not add the credentials when following
> the
> redirections.
> Is there a way to enable protection for both the redirections and
> content? (I know that crane 3.2.0 supports Akamai CDN tokens, but
> that does not help with a local server.)
>
> There is not a way to add content protection for the content itself
> right now.
We found a possible solution: Basic authentication works for content
if Crane serves the content directly instead of redirecting. We
found that it is surprisingly simple to let Crane do that.
As Flask supports "X-Sendfile" out of the box, this should be
efficient as well (even more efficient than redirecting. The client
does not need the additional round-trip for every artifact.)
I think we could post some code soon, which allows to switch
between "redirect" and "local content" mode. Should we do the same
here and create a story?
[1] https://pulp.plan.io/issues/3761
More information about the Pulp-list
mailing list