We looked into Pulp's Docker support recently and ran into surprising problems.
Our setup is probably not the usual Pulp & Crane setup: We have detached content servers to which Pulp pushes yum and iso repositories using rsync distributors. The content servers are static web servers that make the repos available to clients. We planned to run Crane directly on the content servers using the new URL rewriting feature (we would like to avoid using a full blown Pulp installation on those servers). However, this does not seem to work out of the box: - For rpm and iso repos, the rsync publisher uses the output of the web publisher (pre-distributor). In contrast, the docker rsync distributor has the web distributor as post-distributor. The generated tree on the rsync destination can not be used by Crane as the redirect files are missing. I understand that it makes sense to have a web post-distributor if Crane runs on the Pulp node (or a node with a shared file system). But is there a reason why the docker rsync distributor does not distribute the redirect files? - The documentation [0] describes authentication for Crane, but this authenticates only the redirects delivered by Crane. When adding basic authentication to the actual content, the Docker daemon will fail. Apparently, it does not add the credentials when following the redirections. Is there a way to enable protection for both the redirections and content? (I know that crane 3.2.0 supports Akamai CDN tokens, but that does not help with a local server.) [0] https://docs.pulpproject.org/plugins/crane/index.html#user-authentication _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
