On Wed, 11 May 2016 08:50:47 -0400 Jeremy Cline <[email protected]> wrote:
> On 05/11/2016 03:56 AM, Lutchy Horace (Mailing List) wrote: > > > > While resolving an entirely different issue regarding pulp, I > > stumbled on https://media.readthedocs.org/pdf/pulp/stable/pulp.pdf > > and > > http://pulp.readthedocs.io/en/latest/user-guide/deferred-download.html. > > Which elaborates a bit more on what each download policy actually > > does. So far, I've installed python-pulp-streamer and varnish on > > the same box, although I am bit confuse as to why I would need an > > additional 'Reverse Proxy' in the stack. That at least fixes the > > 'No more mirrors left to try' problem I was facing on consumers. > > Hi Lutchy, > > I'm glad you found the documentation somewhat enlightening. The reason > for the large number of proxies is that Red Hat content is served over > HTTPS and requires client certificates to access. The Apache proxy and > python-pulp-streamer both act as SSL termination points and pass their > requests to each other through the Varnish or Squid proxy. These > plain- text requests are cache-able. > > Apache's caching module might be usable, which would allow you to drop > the Varnish/Squid proxy, but it needs to support making complete > requests when a client makes a request with a HTTP 'Range' header, or > kickstarting from repositories will fail to function properly. Nobody > (that I know of) has tested this so if you decide to, please let us > know how it works! > > If you have any other questions, please let me know. > Thanks, I plan to move pulp_streamer to my firewall/edge box (that has a bit more resources to handle larger on_demand requests), I also have squid running there already. Now is trying to figure out how to route request to pulp_streamer or instead setup a dedicated varnish 'Reverse Proxy'. In respect to removing the middle man (varnish), I only have 5-7 boxes (LXC) registered to pulp. It seems unnecessary. Right now, the pulp box is connected directly to the Internet (Port 80 and 443 is not filtered for this box) and not configured to work with the Squid proxy on the lan network. For now, I've decided to, as mention above, move pulp_streamer. Regards -- Lutchy Horace Owner/Operator/Administrator [http://www.lhprojects.net] Owner/Operator/Administrator [http://www.bombshellz.net] Owner/Operator/Administrator [http://www.animehouse.club] About Me [http://about.me/lhprojects] USA _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
