To confirm, the "latest" tag will continue to ship with http? I imagine most users will end up with http then.
Also, what (if anything) do we do about y release tags (e.g. the upcoming 3.13 tag)? Do they continue to ship with http? David On Fri, May 7, 2021 at 10:51 AM Brian Bouterse <bmbou...@redhat.com> wrote: > awwww yisssss > > On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar <fagui...@redhat.com> > wrote: > >> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both, >> latest as is, and the new tag: https >> >> Best regards, >> Fabricio Aguiar >> Software Engineer, Pulp Project >> Red Hat Brazil - Latam <https://www.redhat.com/> >> +55 22 999000595 >> >> >> >> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse <bmbou...@redhat.com> >> wrote: >> >>> +1 to this observation, we probably need to either ship both or make it >>> configurable somehow. Shipping both is probably easier on users. >>> >>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg <mdell...@redhat.com> >>> wrote: >>> >>>> This is a great piece of work! >>>> The problem I see is that the SSL free container image may be used in >>>> places we do not control. And having this http based container equipped >>>> with an external https reverse proxy is imho a valid use case. >>>> Therefore i would prefer, if we could provide both versions of the >>>> image (with and without SSL) as different tags. >>>> This would also give us the opportunity to switch the plugins one by >>>> one to use the new container. >>>> Ideally, the SSL container would be a thin OCI-layer on top of the http >>>> version. >>>> >>>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar <fagui...@redhat.com> >>>> wrote: >>>> >>>>> I finally made pulp_container CI work with https, >>>>> I also did some changes on pulp_installer, I believe these changes >>>>> will make it possible to run functional tests on dev environment. >>>>> >>>>> I think now it is a matter of deciding when is the best time to merge >>>>> the PR on the single container and if latest tag should be https or not >>>>> >>>>> PRs: >>>>> https://github.com/pulp/pulp-oci-images/pull/73 >>>>> https://github.com/pulp/pulp_installer/pull/614 >>>>> https://github.com/pulp/plugin_template/pull/379 >>>>> https://github.com/pulp/pulpcore/pull/1283 >>>>> https://github.com/pulp/pulp_container/pull/304 >>>>> https://github.com/pulp/pulp_rpm/pull/1977 >>>>> https://github.com/pulp/pulp_ansible/pull/572 >>>>> https://github.com/pulp/pulp-2to3-migration/pull/362 >>>>> >>>>> Best regards, >>>>> Fabricio Aguiar >>>>> Software Engineer, Pulp Project >>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>> +55 22 999000595 >>>>> >>>>> >>>>> >>>>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar <fagui...@redhat.com> >>>>> wrote: >>>>> >>>>>> I created https branch: >>>>>> https://github.com/pulp/pulp-oci-images/tree/https >>>>>> and pushed the following images: >>>>>> - pulp/pulp-ci-centos:https >>>>>> - pulp/pulp:https >>>>>> >>>>>> Now we can test on the plugins, >>>>>> I followed your suggestion and did it on pulp_npm: >>>>>> https://github.com/pulp/pulp_npm/pull/89 >>>>>> >>>>>> Best regards, >>>>>> Fabricio Aguiar >>>>>> Software Engineer, Pulp Project >>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>> +55 22 999000595 >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Apr 27, 2021 at 9:25 AM David Davis <davidda...@redhat.com> >>>>>> wrote: >>>>>> >>>>>>> This is great. Thank you for working on it. >>>>>>> >>>>>>> As a next step, would it make sense to create a branch and then try >>>>>>> to deploy a new temporary tag from that branch? Then maybe we can test a >>>>>>> plugin (eg pulp_npm) against this new image and see what breaks. >>>>>>> >>>>>>> David >>>>>>> >>>>>>> >>>>>>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <fagui...@redhat.com> >>>>>>> wrote: >>>>>>> >>>>>>>> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73 >>>>>>>> It enables https on the single container, once merged, the CI for >>>>>>>> every plugin will run the functional tests using https. >>>>>>>> Probably it would break the majority of the CIs, we need to discuss >>>>>>>> when is the best moment to merge this PR or discuss alternatives >>>>>>>> >>>>>>>> Best regards, >>>>>>>> Fabricio Aguiar >>>>>>>> Software Engineer, Pulp Project >>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>>>> +55 22 999000595 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar < >>>>>>>> fagui...@redhat.com> wrote: >>>>>>>> >>>>>>>>> Our nginx conf only supports http now: >>>>>>>>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15 >>>>>>>>> For not breaking all plugins, I believe we can build a new CI >>>>>>>>> image that supports https. >>>>>>>>> Maybe a template_config parameter - test_https: true would switch >>>>>>>>> the images >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Fabricio Aguiar >>>>>>>>> Software Engineer, Pulp Project >>>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>>>>> +55 22 999000595 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg < >>>>>>>>> mdell...@redhat.com> wrote: >>>>>>>>> >>>>>>>>>> I believe this is at least solving the problem partially: >>>>>>>>>> >>>>>>>>>> https://github.com/pulp/pulp-smash/pull/1251 >>>>>>>>>> >>>>>>>>>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse < >>>>>>>>>> bmbou...@redhat.com> wrote: >>>>>>>>>> >>>>>>>>>>> I believe all of our plugins (and CI) require HTTP and do not >>>>>>>>>>> work with HTTPS. I'm not well versed in what needs to be done to >>>>>>>>>>> fix this, >>>>>>>>>>> but I think we should fix it. >>>>>>>>>>> >>>>>>>>>>> Can the CI group have a 30 min call to talk over what needs to >>>>>>>>>>> be done? Or maybe share some info here? >>>>>>>>>>> >>>>>>>>>>> The main issue I'm aware of is that the tests are not prepared >>>>>>>>>>> to trust an https certificate that is self-signed. I'm not exactly >>>>>>>>>>> sure >>>>>>>>>>> where we can change that in one place either. >>>>>>>>>>> >>>>>>>>>>> Thanks! >>>>>>>>>>> Brian >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Pulp-dev mailing list >>>>>>>>>>> Pulp-dev@redhat.com >>>>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Pulp-dev mailing list >>>>>>>>>> Pulp-dev@redhat.com >>>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>> Pulp-dev mailing list >>>>>>>> Pulp-dev@redhat.com >>>>>>>> https://listman.redhat.com/mailman/listinfo/pulp-dev >>>>>>>> >>>>>>>
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://listman.redhat.com/mailman/listinfo/pulp-dev
