Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

Currently, pulp-oci-images is building: *Tag* *Scheme* latest http https https CI is running tests on https images (https image is python38), if you experience failures when your run tests on your dev environment, please make sure pulp_webserver_disable_https is false or commented on your

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

Tags in the container world are cheap. Let's add a "http" tag that points to the same image as latest. I think, we should additionally provide the released images as an https version maybe tagged "x.y-https", but this can/should be postponed. Let's first get comfy with ssl in the latest build. On

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

Bump! Single container PR [1] needs some adjustments, I plan to address them once we decide about the tags. Current PR makes: *Tag* *Scheme* latest http https https x.y http Please share your feedback about the tag/scheme until May 19 [1] https://github.com/pulp/pulp-oci-images/pull/73 Best

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I would get rid of the latest tag because it is non-deterministic and would keep http/https tags only. Regards, Ina Panova Senior Software Engineer| Pulp| Red Hat Inc. "Do not go where the path may lead, go instead where there is no path and leave a trail." On Fri, May 7, 2021 at

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I would tag http and https and then latest as the same as http. Then we can write an announcement that we will switch latest from http to https or drop latest altogether. The question about release tags is a good one. I think, we need both there too. On Fri, May 7, 2021 at 6:05 PM David Davis

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I feel like ideally, https would be the default (ie latest). However, then we are going to break all the release branches for pulpcore and plugins that are pointing to latest but not expecting https. Hopefully people will weigh in here. David On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

On Fri, May 7, 2021 at 11:52 AM David Davis wrote: > To confirm, the "latest" tag will continue to ship with http? I imagine > most users will end up with http then. > I can modify the PR and make https the default > > Also, what (if anything) do we do about y release tags (e.g. the upcoming >

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

On Fri, May 7, 2021 at 12:40 PM Brian Bouterse wrote: > > > On Fri, May 7, 2021 at 11:27 AM Robin Chan wrote: > >> Can someone enlighten me on the main motivation for making this change? >> I wasn't at the meeting and just curious what other context I'm missing. >> I definitely understand https

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

On Fri, May 7, 2021 at 12:30 PM Robin Chan wrote: > Can someone enlighten me on the main motivation for making this change? > Our installer/dev environment by default uses https, but currently, it breaks our tests, so we manually disable https on our dev environment by using:

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

On Fri, May 7, 2021 at 11:27 AM Robin Chan wrote: > Can someone enlighten me on the main motivation for making this change? > I wasn't at the meeting and just curious what other context I'm missing. I > definitely understand https > http from a security standpoint but wondering > if there were

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

Can someone enlighten me on the main motivation for making this change? I wasn't at the meeting and just curious what other context I'm missing. I definitely understand https > http from a security standpoint but wondering if there were other factors or motivations I'm missing. -rchan On Fri,

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

To confirm, the "latest" tag will continue to ship with http? I imagine most users will end up with http then. Also, what (if anything) do we do about y release tags (e.g. the upcoming 3.13 tag)? Do they continue to ship with http? David On Fri, May 7, 2021 at 10:51 AM Brian Bouterse wrote:

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

a yis On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar wrote: > I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both, > latest as is, and the new tag: https > > Best regards, > Fabricio Aguiar > Software Engineer, Pulp Project > Red Hat Brazil - Latam

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both, latest as is, and the new tag: https Best regards, Fabricio Aguiar Software Engineer, Pulp Project Red Hat Brazil - Latam +55 22 999000595 On Fri, May 7, 2021 at 11:41 AM Brian Bouterse wrote: >

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

+1 to this observation, we probably need to either ship both or make it configurable somehow. Shipping both is probably easier on users. On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg wrote: > This is a great piece of work! > The problem I see is that the SSL free container image may be used

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

This is a great piece of work! The problem I see is that the SSL free container image may be used in places we do not control. And having this http based container equipped with an external https reverse proxy is imho a valid use case. Therefore i would prefer, if we could provide both versions of

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I finally made pulp_container CI work with https, I also did some changes on pulp_installer, I believe these changes will make it possible to run functional tests on dev environment. I think now it is a matter of deciding when is the best time to merge the PR on the single container and if latest

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I created https branch: https://github.com/pulp/pulp-oci-images/tree/https and pushed the following images: - pulp/pulp-ci-centos:https - pulp/pulp:https Now we can test on the plugins, I followed your suggestion and did it on pulp_npm: https://github.com/pulp/pulp_npm/pull/89 Best regards,

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

This is great. Thank you for working on it. As a next step, would it make sense to create a branch and then try to deploy a new temporary tag from that branch? Then maybe we can test a plugin (eg pulp_npm) against this new image and see what breaks. David On Mon, Apr 26, 2021 at 5:01 PM

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I started this POC: https://github.com/pulp/pulp-oci-images/pull/73 It enables https on the single container, once merged, the CI for every plugin will run the functional tests using https. Probably it would break the majority of the CIs, we need to discuss when is the best moment to merge this PR

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

Our nginx conf only supports http now: https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15 For not breaking all plugins, I believe we can build a new CI image that supports https. Maybe a template_config parameter - test_https: true would switch the images Best regards,

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I believe this is at least solving the problem partially: https://github.com/pulp/pulp-smash/pull/1251 On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse wrote: > I believe all of our plugins (and CI) require HTTP and do not work with > HTTPS. I'm not well versed in what needs to be done to fix

[Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

I believe all of our plugins (and CI) require HTTP and do not work with HTTPS. I'm not well versed in what needs to be done to fix this, but I think we should fix it. Can the CI group have a 30 min call to talk over what needs to be done? Or maybe share some info here? The main issue I'm aware