I would get rid of the latest tag because it is non-deterministic and would keep http/https tags only.
-------- Regards, Ina Panova Senior Software Engineer| Pulp| Red Hat Inc. "Do not go where the path may lead, go instead where there is no path and leave a trail." On Fri, May 7, 2021 at 6:08 PM Matthias Dellweg <mdell...@redhat.com> wrote: > I would tag http and https and then latest as the same as http. Then we > can write an announcement that we will switch latest from http to https or > drop latest altogether. > The question about release tags is a good one. I think, we need both there > too. > > On Fri, May 7, 2021 at 6:05 PM David Davis <davidda...@redhat.com> wrote: > >> I feel like ideally, https would be the default (ie latest). However, >> then we are going to break all the release branches for pulpcore and >> plugins that are pointing to latest but not expecting https. >> >> Hopefully people will weigh in here. >> >> David >> >> >> On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar <fagui...@redhat.com> >> wrote: >> >>> >>> >>> On Fri, May 7, 2021 at 11:52 AM David Davis <davidda...@redhat.com> >>> wrote: >>> >>>> To confirm, the "latest" tag will continue to ship with http? I imagine >>>> most users will end up with http then. >>>> >>> I can modify the PR and make https the default >>> >>>> >>>> Also, what (if anything) do we do about y release tags (e.g. the >>>> upcoming 3.13 tag)? Do they continue to ship with http? >>>> >>> I think release tags can be https >>> >>>> >>>> David >>>> >>>> >>>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse <bmbou...@redhat.com> >>>> wrote: >>>> >>>>> awwww yisssss >>>>> >>>>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar <fagui...@redhat.com> >>>>> wrote: >>>>> >>>>>> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship >>>>>> both, >>>>>> latest as is, and the new tag: https >>>>>> >>>>>> Best regards, >>>>>> Fabricio Aguiar >>>>>> Software Engineer, Pulp Project >>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>> +55 22 999000595 >>>>>> >>>>>> >>>>>> >>>>>> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse <bmbou...@redhat.com> >>>>>> wrote: >>>>>> >>>>>>> +1 to this observation, we probably need to either ship both or make >>>>>>> it configurable somehow. Shipping both is probably easier on users. >>>>>>> >>>>>>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg <mdell...@redhat.com> >>>>>>> wrote: >>>>>>> >>>>>>>> This is a great piece of work! >>>>>>>> The problem I see is that the SSL free container image may be used >>>>>>>> in places we do not control. And having this http based container >>>>>>>> equipped >>>>>>>> with an external https reverse proxy is imho a valid use case. >>>>>>>> Therefore i would prefer, if we could provide both versions of the >>>>>>>> image (with and without SSL) as different tags. >>>>>>>> This would also give us the opportunity to switch the plugins one >>>>>>>> by one to use the new container. >>>>>>>> Ideally, the SSL container would be a thin OCI-layer on top of the >>>>>>>> http version. >>>>>>>> >>>>>>>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar < >>>>>>>> fagui...@redhat.com> wrote: >>>>>>>> >>>>>>>>> I finally made pulp_container CI work with https, >>>>>>>>> I also did some changes on pulp_installer, I believe these changes >>>>>>>>> will make it possible to run functional tests on dev environment. >>>>>>>>> >>>>>>>>> I think now it is a matter of deciding when is the best time to >>>>>>>>> merge the PR on the single container and if latest tag should be >>>>>>>>> https or >>>>>>>>> not >>>>>>>>> >>>>>>>>> PRs: >>>>>>>>> https://github.com/pulp/pulp-oci-images/pull/73 >>>>>>>>> https://github.com/pulp/pulp_installer/pull/614 >>>>>>>>> https://github.com/pulp/plugin_template/pull/379 >>>>>>>>> https://github.com/pulp/pulpcore/pull/1283 >>>>>>>>> https://github.com/pulp/pulp_container/pull/304 >>>>>>>>> https://github.com/pulp/pulp_rpm/pull/1977 >>>>>>>>> https://github.com/pulp/pulp_ansible/pull/572 >>>>>>>>> https://github.com/pulp/pulp-2to3-migration/pull/362 >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Fabricio Aguiar >>>>>>>>> Software Engineer, Pulp Project >>>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>>>>> +55 22 999000595 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar < >>>>>>>>> fagui...@redhat.com> wrote: >>>>>>>>> >>>>>>>>>> I created https branch: >>>>>>>>>> https://github.com/pulp/pulp-oci-images/tree/https >>>>>>>>>> and pushed the following images: >>>>>>>>>> - pulp/pulp-ci-centos:https >>>>>>>>>> - pulp/pulp:https >>>>>>>>>> >>>>>>>>>> Now we can test on the plugins, >>>>>>>>>> I followed your suggestion and did it on pulp_npm: >>>>>>>>>> https://github.com/pulp/pulp_npm/pull/89 >>>>>>>>>> >>>>>>>>>> Best regards, >>>>>>>>>> Fabricio Aguiar >>>>>>>>>> Software Engineer, Pulp Project >>>>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>>>>>> +55 22 999000595 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Tue, Apr 27, 2021 at 9:25 AM David Davis < >>>>>>>>>> davidda...@redhat.com> wrote: >>>>>>>>>> >>>>>>>>>>> This is great. Thank you for working on it. >>>>>>>>>>> >>>>>>>>>>> As a next step, would it make sense to create a branch and then >>>>>>>>>>> try to deploy a new temporary tag from that branch? Then maybe we >>>>>>>>>>> can test >>>>>>>>>>> a plugin (eg pulp_npm) against this new image and see what breaks. >>>>>>>>>>> >>>>>>>>>>> David >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar < >>>>>>>>>>> fagui...@redhat.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> I started this POC: >>>>>>>>>>>> https://github.com/pulp/pulp-oci-images/pull/73 >>>>>>>>>>>> It enables https on the single container, once merged, the CI >>>>>>>>>>>> for every plugin will run the functional tests using https. >>>>>>>>>>>> Probably it would break the majority of the CIs, we need to >>>>>>>>>>>> discuss when is the best moment to merge this PR or discuss >>>>>>>>>>>> alternatives >>>>>>>>>>>> >>>>>>>>>>>> Best regards, >>>>>>>>>>>> Fabricio Aguiar >>>>>>>>>>>> Software Engineer, Pulp Project >>>>>>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>>>>>>>> +55 22 999000595 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar < >>>>>>>>>>>> fagui...@redhat.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Our nginx conf only supports http now: >>>>>>>>>>>>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15 >>>>>>>>>>>>> For not breaking all plugins, I believe we can build a new CI >>>>>>>>>>>>> image that supports https. >>>>>>>>>>>>> Maybe a template_config parameter - test_https: true would >>>>>>>>>>>>> switch the images >>>>>>>>>>>>> >>>>>>>>>>>>> Best regards, >>>>>>>>>>>>> Fabricio Aguiar >>>>>>>>>>>>> Software Engineer, Pulp Project >>>>>>>>>>>>> Red Hat Brazil - Latam <https://www.redhat.com/> >>>>>>>>>>>>> +55 22 999000595 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg < >>>>>>>>>>>>> mdell...@redhat.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> I believe this is at least solving the problem partially: >>>>>>>>>>>>>> >>>>>>>>>>>>>> https://github.com/pulp/pulp-smash/pull/1251 >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse < >>>>>>>>>>>>>> bmbou...@redhat.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I believe all of our plugins (and CI) require HTTP and do >>>>>>>>>>>>>>> not work with HTTPS. I'm not well versed in what needs to be >>>>>>>>>>>>>>> done to fix >>>>>>>>>>>>>>> this, but I think we should fix it. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can the CI group have a 30 min call to talk over what needs >>>>>>>>>>>>>>> to be done? Or maybe share some info here? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The main issue I'm aware of is that the tests are not >>>>>>>>>>>>>>> prepared to trust an https certificate that is self-signed. I'm >>>>>>>>>>>>>>> not exactly >>>>>>>>>>>>>>> sure where we can change that in one place either. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks! >>>>>>>>>>>>>>> Brian >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Pulp-dev mailing list >>>>>>>>>>>>>>> Pulp-dev@redhat.com >>>>>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Pulp-dev mailing list >>>>>>>>>>>>>> Pulp-dev@redhat.com >>>>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/pulp-dev >>>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Pulp-dev mailing list >>>>>>>>>>>> Pulp-dev@redhat.com >>>>>>>>>>>> https://listman.redhat.com/mailman/listinfo/pulp-dev >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://listman.redhat.com/mailman/listinfo/pulp-dev >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://listman.redhat.com/mailman/listinfo/pulp-dev