> On Feb. 1, 2017, 9:51 a.m., Jie Yu wrote: > > src/uri/fetchers/docker.cpp, lines 470-514 > > <https://reviews.apache.org/r/54537/diff/3/?file=1619966#file1619966line470> > > > > In fact, a second thought on this. Should we rename `getAuthToken` to > > `getAuthHeader` and put all the logic of generating the auth header in that > > function? In that way, you don't need to implement the same logic multiple > > times.
Great idea. It simplify the logic. > On Feb. 1, 2017, 9:51 a.m., Jie Yu wrote: > > src/uri/fetchers/docker.cpp, lines 483-493 > > <https://reviews.apache.org/r/54537/diff/3/?file=1619966#file1619966line483> > > > > I saw this several places. Is there a way to factor out this into a > > helper: > > ``` > > Option<string> getAuthFromConfig(const URI& uri); > > ``` Not doing that for now since it only exist in `getAuthHeader()` and we need to do differently for `Basic` auth and `Bearer` auth. - Gilbert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/54537/#review163759 ----------------------------------------------------------- On Feb. 1, 2017, 4:42 p.m., Gilbert Song wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/54537/ > ----------------------------------------------------------- > > (Updated Feb. 1, 2017, 4:42 p.m.) > > > Review request for mesos, Avinash sridharan, Artem Harutyunyan, Jie Yu, Shuai > Lin, and Timothy Chen. > > > Bugs: MESOS-6758 > https://issues.apache.org/jira/browse/MESOS-6758 > > > Repository: mesos > > > Description > ------- > > This patch implements the support for 'Basic' docker registry > authorization. It is tested by a local authenticated private > registry using 'localhost:443/alpine' docker image. > Please note that the AWS ECS uses Basic authorization but it > does not work yet due to the redirect issue MESOS-5172. > > > Diffs > ----- > > src/uri/fetchers/docker.cpp 5dd7b91a5302067ce150bd632a05eccaf424a8a8 > > Diff: https://reviews.apache.org/r/54537/diff/ > > > Testing > ------- > > make check > > Tested with local authenticated registry. Please follow the steps below: > > 1. Start a local private registry and push an image to it. > ``` > docker run -d -p 443:5000 --restart=always --name registry \ > -v `pwd`/auth:/auth \ > -e "REGISTRY_AUTH=htpasswd" \ > -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ > -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ > -v `pwd`/certs:/certs \ > -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost.crt \ > -e REGISTRY_HTTP_TLS_KEY=/certs/localhost.key \ > registry:2 > ``` > (*Note: need to generate TLS certificate file and key first) > > Then, push an image to the registry. > ``` > docker push localhost:443/alpine > ``` > > 2. Use `mesos-execute` to test the `localhost:443/alpine` image. > (*Note: need to configure the curl using the curl's default RC file), e.g., > in `~/.curlrc` file: > cacert = "/path/to/cacert.pem" > > > Thanks, > > Gilbert Song > >
