+1 to this observation, we probably need to either ship both or make it configurable somehow. Shipping both is probably easier on users.
On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg <mdell...@redhat.com> wrote: > This is a great piece of work! > The problem I see is that the SSL free container image may be used in > places we do not control. And having this http based container equipped > with an external https reverse proxy is imho a valid use case. > Therefore i would prefer, if we could provide both versions of the image > (with and without SSL) as different tags. > This would also give us the opportunity to switch the plugins one by one > to use the new container. > Ideally, the SSL container would be a thin OCI-layer on top of the http > version. > > On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar <fagui...@redhat.com> > wrote: > >> I finally made pulp_container CI work with https, >> I also did some changes on pulp_installer, I believe these changes will >> make it possible to run functional tests on dev environment. >> >> I think now it is a matter of deciding when is the best time to merge the >> PR on the single container and if latest tag should be https or not >> >> PRs: >> https://github.com/pulp/pulp-oci-images/pull/73 >> https://github.com/pulp/pulp_installer/pull/614 >> https://github.com/pulp/plugin_template/pull/379 >> https://github.com/pulp/pulpcore/pull/1283 >> https://github.com/pulp/pulp_container/pull/304 >> https://github.com/pulp/pulp_rpm/pull/1977 >> https://github.com/pulp/pulp_ansible/pull/572 >> https://github.com/pulp/pulp-2to3-migration/pull/362 >> >> Best regards, >> Fabricio Aguiar >> Software Engineer, Pulp Project >> Red Hat Brazil - Latam <https://www.redhat.com/> >> +55 22 999000595 >> >> >> >> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar <fagui...@redhat.com> >> wrote: >> >>> I created https branch: >>> https://github.com/pulp/pulp-oci-images/tree/https >>> and pushed the following images: >>> - pulp/pulp-ci-centos:https >>> - pulp/pulp:https >>> >>> Now we can test on the plugins, >>> I followed your suggestion and did it on pulp_npm: >>> https://github.com/pulp/pulp_npm/pull/89 >>> >>> Best regards, >>> Fabricio Aguiar >>> Software Engineer, Pulp Project >>> Red Hat Brazil - Latam <https://www.redhat.com/> >>> +55 22 999000595 >>> >>> >>> >>> On Tue, Apr 27, 2021 at 9:25 AM David Davis <davidda...@redhat.com> >>> wrote: >>> >>>> This is great. Thank you for working on it. >>>> >>>> As a next step, would it make sense to create a branch and then try to >>>> deploy a new temporary tag from that branch? Then maybe we can test a >>>> plugin (eg pulp_npm) against this new image and see what breaks. >>>> >>>> David >>>> >>>> >>>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <fagui...@redhat.com> >>>> wrote: >>>> >>>>> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73 >>>>> It enables https on the single container, once merged, the CI for >>>>> every plugin will run the functional tests using https. >>>>> Probably it would break the majority of the CIs, we need to discuss >>>>> when is the best moment to merge this PR or discuss alternatives >>>>> >>>>> Best regards, >>>>> Fabricio Aguiar >>>>> Software Engineer, Pulp Project >>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>> +55 22 999000595 >>>>> >>>>> >>>>> >>>>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar <fagui...@redhat.com> >>>>> wrote: >>>>> >>>>>> Our nginx conf only supports http now: >>>>>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15 >>>>>> For not breaking all plugins, I believe we can build a new CI image >>>>>> that supports https. >>>>>> Maybe a template_config parameter - test_https: true would switch the >>>>>> images >>>>>> >>>>>> Best regards, >>>>>> Fabricio Aguiar >>>>>> Software Engineer, Pulp Project >>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>> +55 22 999000595 >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg <mdell...@redhat.com> >>>>>> wrote: >>>>>> >>>>>>> I believe this is at least solving the problem partially: >>>>>>> >>>>>>> https://github.com/pulp/pulp-smash/pull/1251 >>>>>>> >>>>>>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse <bmbou...@redhat.com> >>>>>>> wrote: >>>>>>> >>>>>>>> I believe all of our plugins (and CI) require HTTP and do not work >>>>>>>> with HTTPS. I'm not well versed in what needs to be done to fix this, >>>>>>>> but I >>>>>>>> think we should fix it. >>>>>>>> >>>>>>>> Can the CI group have a 30 min call to talk over what needs to be >>>>>>>> done? Or maybe share some info here? >>>>>>>> >>>>>>>> The main issue I'm aware of is that the tests are not prepared to >>>>>>>> trust an https certificate that is self-signed. I'm not exactly sure >>>>>>>> where >>>>>>>> we can change that in one place either. >>>>>>>> >>>>>>>> Thanks! >>>>>>>> Brian >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Pulp-dev mailing list >>>>>>>> Pulp-dev@redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Pulp-dev mailing list >>>>>>> Pulp-dev@redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>>> >>>>>> _______________________________________________ >>>>> Pulp-dev mailing list >>>>> Pulp-dev@redhat.com >>>>> https://listman.redhat.com/mailman/listinfo/pulp-dev >>>>> >>>>
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://listman.redhat.com/mailman/listinfo/pulp-dev