Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

Currently, pulp-oci-images is building:
*Tag* *Scheme*
latest http
https https

CI is running tests on https images (https image is python38),
if you experience failures when your run tests on your dev environment,
please make sure pulp_webserver_disable_https is false or commented on your
local.dev-config.yml
https://github.com/pulp/pulp_installer/blob/master/example.dev-config.yml#L48-L49

Best regards,
Fabricio Aguiar
Software Engineer, Pulp Project
Red Hat Brazil - Latam 
+55 22 999000595



On Fri, May 14, 2021 at 11:14 AM Matthias Dellweg 
wrote:

> Tags in the container world are cheap. Let's add a "http" tag that points
> to the same image as latest.
> I think, we should additionally provide the released images as an https
> version maybe tagged "x.y-https", but this can/should be postponed. Let's
> first get comfy with ssl in the latest build.
>
> On Fri, May 14, 2021 at 4:06 PM Fabricio Aguiar 
> wrote:
>
>> Bump!
>>
>> Single container PR [1] needs some adjustments, I plan to address them
>> once we decide about the tags.
>> Current PR makes:
>> *Tag* *Scheme*
>> latest http
>> https https
>> x.y http
>>
>> Please share your feedback about the tag/scheme until May 19
>>
>> [1] https://github.com/pulp/pulp-oci-images/pull/73
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Mon, May 10, 2021 at 9:07 AM Ina Panova  wrote:
>>
>>> I would get rid of the latest tag because it is non-deterministic and
>>> would keep http/https tags only.
>>>
>>> 
>>> Regards,
>>>
>>> Ina Panova
>>> Senior Software Engineer| Pulp| Red Hat Inc.
>>>
>>> "Do not go where the path may lead,
>>>  go instead where there is no path and leave a trail."
>>>
>>>
>>> On Fri, May 7, 2021 at 6:08 PM Matthias Dellweg 
>>> wrote:
>>>
 I would tag http and https and then latest as the same as http. Then we
 can write an announcement that we will switch latest from http to https or
 drop latest altogether.
 The question about release tags is a good one. I think, we need both
 there too.

 On Fri, May 7, 2021 at 6:05 PM David Davis 
 wrote:

> I feel like ideally, https would be the default (ie latest). However,
> then we are going to break all the release branches for pulpcore and
> plugins that are pointing to latest but not expecting https.
>
> Hopefully people will weigh in here.
>
> David
>
>
> On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar 
> wrote:
>
>>
>>
>> On Fri, May 7, 2021 at 11:52 AM David Davis 
>> wrote:
>>
>>> To confirm, the "latest" tag will continue to ship with http? I
>>> imagine most users will end up with http then.
>>>
>> I can modify the PR and make https the default
>>
>>>
>>> Also, what (if anything) do we do about y release tags (e.g. the
>>> upcoming 3.13 tag)? Do they continue to ship with http?
>>>
>> I think release tags can be https
>>
>>>
>>> David
>>>
>>>
>>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
>>> wrote:
>>>
 a yis

 On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar <
 fagui...@redhat.com> wrote:

> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship
> both,
> latest as is, and the new tag: https
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse <
> bmbou...@redhat.com> wrote:
>
>> +1 to this observation, we probably need to either ship both or
>> make it configurable somehow. Shipping both is probably easier on 
>> users.
>>
>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg <
>> mdell...@redhat.com> wrote:
>>
>>> This is a great piece of work!
>>> The problem I see is that the SSL free container image may be
>>> used in places we do not control. And having this http based 
>>> container
>>> equipped with an external https reverse proxy is imho a valid use 
>>> case.
>>> Therefore i would prefer, if we could provide both versions of
>>> the image (with and without SSL) as different tags.
>>> This would also give us the opportunity to switch the plugins
>>> one by one to use the new container.
>>> Ideally, the SSL container would be a thin OCI-layer on top of
>>> the http version.
>>>
>>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar <
>>> fagui...@redhat.com> wrote:
>>>
 I finally made pulp_container CI work with https,
 I also did some changes on 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Matthias Dellweg]

Tags in the container world are cheap. Let's add a "http" tag that points
to the same image as latest.
I think, we should additionally provide the released images as an https
version maybe tagged "x.y-https", but this can/should be postponed. Let's
first get comfy with ssl in the latest build.

On Fri, May 14, 2021 at 4:06 PM Fabricio Aguiar  wrote:

> Bump!
>
> Single container PR [1] needs some adjustments, I plan to address them
> once we decide about the tags.
> Current PR makes:
> *Tag* *Scheme*
> latest http
> https https
> x.y http
>
> Please share your feedback about the tag/scheme until May 19
>
> [1] https://github.com/pulp/pulp-oci-images/pull/73
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Mon, May 10, 2021 at 9:07 AM Ina Panova  wrote:
>
>> I would get rid of the latest tag because it is non-deterministic and
>> would keep http/https tags only.
>>
>> 
>> Regards,
>>
>> Ina Panova
>> Senior Software Engineer| Pulp| Red Hat Inc.
>>
>> "Do not go where the path may lead,
>>  go instead where there is no path and leave a trail."
>>
>>
>> On Fri, May 7, 2021 at 6:08 PM Matthias Dellweg 
>> wrote:
>>
>>> I would tag http and https and then latest as the same as http. Then we
>>> can write an announcement that we will switch latest from http to https or
>>> drop latest altogether.
>>> The question about release tags is a good one. I think, we need both
>>> there too.
>>>
>>> On Fri, May 7, 2021 at 6:05 PM David Davis 
>>> wrote:
>>>
 I feel like ideally, https would be the default (ie latest). However,
 then we are going to break all the release branches for pulpcore and
 plugins that are pointing to latest but not expecting https.

 Hopefully people will weigh in here.

 David


 On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar 
 wrote:

>
>
> On Fri, May 7, 2021 at 11:52 AM David Davis 
> wrote:
>
>> To confirm, the "latest" tag will continue to ship with http? I
>> imagine most users will end up with http then.
>>
> I can modify the PR and make https the default
>
>>
>> Also, what (if anything) do we do about y release tags (e.g. the
>> upcoming 3.13 tag)? Do they continue to ship with http?
>>
> I think release tags can be https
>
>>
>> David
>>
>>
>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
>> wrote:
>>
>>> a yis
>>>
>>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
>>> wrote:
>>>
 I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship
 both,
 latest as is, and the new tag: https

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
 wrote:

> +1 to this observation, we probably need to either ship both or
> make it configurable somehow. Shipping both is probably easier on 
> users.
>
> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg <
> mdell...@redhat.com> wrote:
>
>> This is a great piece of work!
>> The problem I see is that the SSL free container image may be
>> used in places we do not control. And having this http based 
>> container
>> equipped with an external https reverse proxy is imho a valid use 
>> case.
>> Therefore i would prefer, if we could provide both versions of
>> the image (with and without SSL) as different tags.
>> This would also give us the opportunity to switch the plugins one
>> by one to use the new container.
>> Ideally, the SSL container would be a thin OCI-layer on top of
>> the http version.
>>
>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar <
>> fagui...@redhat.com> wrote:
>>
>>> I finally made pulp_container CI work with https,
>>> I also did some changes on pulp_installer, I believe these
>>> changes will make it possible to run functional tests on dev 
>>> environment.
>>>
>>> I think now it is a matter of deciding when is the best time to
>>> merge the PR on the single container and if latest tag should be 
>>> https or
>>> not
>>>
>>> PRs:
>>> https://github.com/pulp/pulp-oci-images/pull/73
>>> https://github.com/pulp/pulp_installer/pull/614
>>> https://github.com/pulp/plugin_template/pull/379
>>> https://github.com/pulp/pulpcore/pull/1283
>>> https://github.com/pulp/pulp_container/pull/304
>>> https://github.com/pulp/pulp_rpm/pull/1977
>>> https://github.com/pulp/pulp_ansible/pull/572

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

Bump!

Single container PR [1] needs some adjustments, I plan to address them once
we decide about the tags.
Current PR makes:
*Tag* *Scheme*
latest http
https https
x.y http

Please share your feedback about the tag/scheme until May 19

[1] https://github.com/pulp/pulp-oci-images/pull/73

Best regards,
Fabricio Aguiar
Software Engineer, Pulp Project
Red Hat Brazil - Latam 
+55 22 999000595



On Mon, May 10, 2021 at 9:07 AM Ina Panova  wrote:

> I would get rid of the latest tag because it is non-deterministic and
> would keep http/https tags only.
>
> 
> Regards,
>
> Ina Panova
> Senior Software Engineer| Pulp| Red Hat Inc.
>
> "Do not go where the path may lead,
>  go instead where there is no path and leave a trail."
>
>
> On Fri, May 7, 2021 at 6:08 PM Matthias Dellweg 
> wrote:
>
>> I would tag http and https and then latest as the same as http. Then we
>> can write an announcement that we will switch latest from http to https or
>> drop latest altogether.
>> The question about release tags is a good one. I think, we need both
>> there too.
>>
>> On Fri, May 7, 2021 at 6:05 PM David Davis  wrote:
>>
>>> I feel like ideally, https would be the default (ie latest). However,
>>> then we are going to break all the release branches for pulpcore and
>>> plugins that are pointing to latest but not expecting https.
>>>
>>> Hopefully people will weigh in here.
>>>
>>> David
>>>
>>>
>>> On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar 
>>> wrote:
>>>


 On Fri, May 7, 2021 at 11:52 AM David Davis 
 wrote:

> To confirm, the "latest" tag will continue to ship with http? I
> imagine most users will end up with http then.
>
 I can modify the PR and make https the default

>
> Also, what (if anything) do we do about y release tags (e.g. the
> upcoming 3.13 tag)? Do they continue to ship with http?
>
 I think release tags can be https

>
> David
>
>
> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
> wrote:
>
>> a yis
>>
>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
>> wrote:
>>
>>> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship
>>> both,
>>> latest as is, and the new tag: https
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
>>> wrote:
>>>
 +1 to this observation, we probably need to either ship both or
 make it configurable somehow. Shipping both is probably easier on 
 users.

 On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg <
 mdell...@redhat.com> wrote:

> This is a great piece of work!
> The problem I see is that the SSL free container image may be used
> in places we do not control. And having this http based container 
> equipped
> with an external https reverse proxy is imho a valid use case.
> Therefore i would prefer, if we could provide both versions of the
> image (with and without SSL) as different tags.
> This would also give us the opportunity to switch the plugins one
> by one to use the new container.
> Ideally, the SSL container would be a thin OCI-layer on top of the
> http version.
>
> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar <
> fagui...@redhat.com> wrote:
>
>> I finally made pulp_container CI work with https,
>> I also did some changes on pulp_installer, I believe these
>> changes will make it possible to run functional tests on dev 
>> environment.
>>
>> I think now it is a matter of deciding when is the best time to
>> merge the PR on the single container and if latest tag should be 
>> https or
>> not
>>
>> PRs:
>> https://github.com/pulp/pulp-oci-images/pull/73
>> https://github.com/pulp/pulp_installer/pull/614
>> https://github.com/pulp/plugin_template/pull/379
>> https://github.com/pulp/pulpcore/pull/1283
>> https://github.com/pulp/pulp_container/pull/304
>> https://github.com/pulp/pulp_rpm/pull/1977
>> https://github.com/pulp/pulp_ansible/pull/572
>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar <
>> fagui...@redhat.com> wrote:
>>
>>> I created https branch:
>>> https://github.com/pulp/pulp-oci-images/tree/https
>>> and pushed the 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Ina Panova]

I would get rid of the latest tag because it is non-deterministic and would
keep http/https tags only.


Regards,

Ina Panova
Senior Software Engineer| Pulp| Red Hat Inc.

"Do not go where the path may lead,
 go instead where there is no path and leave a trail."


On Fri, May 7, 2021 at 6:08 PM Matthias Dellweg  wrote:

> I would tag http and https and then latest as the same as http. Then we
> can write an announcement that we will switch latest from http to https or
> drop latest altogether.
> The question about release tags is a good one. I think, we need both there
> too.
>
> On Fri, May 7, 2021 at 6:05 PM David Davis  wrote:
>
>> I feel like ideally, https would be the default (ie latest). However,
>> then we are going to break all the release branches for pulpcore and
>> plugins that are pointing to latest but not expecting https.
>>
>> Hopefully people will weigh in here.
>>
>> David
>>
>>
>> On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar 
>> wrote:
>>
>>>
>>>
>>> On Fri, May 7, 2021 at 11:52 AM David Davis 
>>> wrote:
>>>
 To confirm, the "latest" tag will continue to ship with http? I imagine
 most users will end up with http then.

>>> I can modify the PR and make https the default
>>>

 Also, what (if anything) do we do about y release tags (e.g. the
 upcoming 3.13 tag)? Do they continue to ship with http?

>>> I think release tags can be https
>>>

 David


 On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
 wrote:

> a yis
>
> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
> wrote:
>
>> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship
>> both,
>> latest as is, and the new tag: https
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
>> wrote:
>>
>>> +1 to this observation, we probably need to either ship both or make
>>> it configurable somehow. Shipping both is probably easier on users.
>>>
>>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
>>> wrote:
>>>
 This is a great piece of work!
 The problem I see is that the SSL free container image may be used
 in places we do not control. And having this http based container 
 equipped
 with an external https reverse proxy is imho a valid use case.
 Therefore i would prefer, if we could provide both versions of the
 image (with and without SSL) as different tags.
 This would also give us the opportunity to switch the plugins one
 by one to use the new container.
 Ideally, the SSL container would be a thin OCI-layer on top of the
 http version.

 On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar <
 fagui...@redhat.com> wrote:

> I finally made pulp_container CI work with https,
> I also did some changes on pulp_installer, I believe these changes
> will make it possible to run functional tests on dev environment.
>
> I think now it is a matter of deciding when is the best time to
> merge the PR on the single container and if latest tag should be 
> https or
> not
>
> PRs:
> https://github.com/pulp/pulp-oci-images/pull/73
> https://github.com/pulp/pulp_installer/pull/614
> https://github.com/pulp/plugin_template/pull/379
> https://github.com/pulp/pulpcore/pull/1283
> https://github.com/pulp/pulp_container/pull/304
> https://github.com/pulp/pulp_rpm/pull/1977
> https://github.com/pulp/pulp_ansible/pull/572
> https://github.com/pulp/pulp-2to3-migration/pull/362
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar <
> fagui...@redhat.com> wrote:
>
>> I created https branch:
>> https://github.com/pulp/pulp-oci-images/tree/https
>> and pushed the following images:
>> - pulp/pulp-ci-centos:https
>> - pulp/pulp:https
>>
>> Now we can test on the plugins,
>> I followed your suggestion and did it on pulp_npm:
>> https://github.com/pulp/pulp_npm/pull/89
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Apr 27, 2021 at 9:25 AM David Davis <
>> davidda...@redhat.com> wrote:
>>
>>> This is great. Thank you for working on it.
>>>

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Matthias Dellweg]

I would tag http and https and then latest as the same as http. Then we can
write an announcement that we will switch latest from http to https or drop
latest altogether.
The question about release tags is a good one. I think, we need both there
too.

On Fri, May 7, 2021 at 6:05 PM David Davis  wrote:

> I feel like ideally, https would be the default (ie latest). However, then
> we are going to break all the release branches for pulpcore and plugins
> that are pointing to latest but not expecting https.
>
> Hopefully people will weigh in here.
>
> David
>
>
> On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar 
> wrote:
>
>>
>>
>> On Fri, May 7, 2021 at 11:52 AM David Davis 
>> wrote:
>>
>>> To confirm, the "latest" tag will continue to ship with http? I imagine
>>> most users will end up with http then.
>>>
>> I can modify the PR and make https the default
>>
>>>
>>> Also, what (if anything) do we do about y release tags (e.g. the
>>> upcoming 3.13 tag)? Do they continue to ship with http?
>>>
>> I think release tags can be https
>>
>>>
>>> David
>>>
>>>
>>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
>>> wrote:
>>>
 a yis

 On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
 wrote:

> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship
> both,
> latest as is, and the new tag: https
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
> wrote:
>
>> +1 to this observation, we probably need to either ship both or make
>> it configurable somehow. Shipping both is probably easier on users.
>>
>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
>> wrote:
>>
>>> This is a great piece of work!
>>> The problem I see is that the SSL free container image may be used
>>> in places we do not control. And having this http based container 
>>> equipped
>>> with an external https reverse proxy is imho a valid use case.
>>> Therefore i would prefer, if we could provide both versions of the
>>> image (with and without SSL) as different tags.
>>> This would also give us the opportunity to switch the plugins one by
>>> one to use the new container.
>>> Ideally, the SSL container would be a thin OCI-layer on top of the
>>> http version.
>>>
>>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
>>> wrote:
>>>
 I finally made pulp_container CI work with https,
 I also did some changes on pulp_installer, I believe these changes
 will make it possible to run functional tests on dev environment.

 I think now it is a matter of deciding when is the best time to
 merge the PR on the single container and if latest tag should be https 
 or
 not

 PRs:
 https://github.com/pulp/pulp-oci-images/pull/73
 https://github.com/pulp/pulp_installer/pull/614
 https://github.com/pulp/plugin_template/pull/379
 https://github.com/pulp/pulpcore/pull/1283
 https://github.com/pulp/pulp_container/pull/304
 https://github.com/pulp/pulp_rpm/pull/1977
 https://github.com/pulp/pulp_ansible/pull/572
 https://github.com/pulp/pulp-2to3-migration/pull/362

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar <
 fagui...@redhat.com> wrote:

> I created https branch:
> https://github.com/pulp/pulp-oci-images/tree/https
> and pushed the following images:
> - pulp/pulp-ci-centos:https
> - pulp/pulp:https
>
> Now we can test on the plugins,
> I followed your suggestion and did it on pulp_npm:
> https://github.com/pulp/pulp_npm/pull/89
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Apr 27, 2021 at 9:25 AM David Davis 
> wrote:
>
>> This is great. Thank you for working on it.
>>
>> As a next step, would it make sense to create a branch and then
>> try to deploy a new temporary tag from that branch? Then maybe we 
>> can test
>> a plugin (eg pulp_npm) against this new image and see what breaks.
>>
>> David
>>
>>
>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <
>> fagui...@redhat.com> wrote:
>>
>>> I started this POC:
>>> https://github.com/pulp/pulp-oci-images/pull/73
>>> It 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[David Davis]

I feel like ideally, https would be the default (ie latest). However, then
we are going to break all the release branches for pulpcore and plugins
that are pointing to latest but not expecting https.

Hopefully people will weigh in here.

David


On Fri, May 7, 2021 at 11:55 AM Fabricio Aguiar  wrote:

>
>
> On Fri, May 7, 2021 at 11:52 AM David Davis  wrote:
>
>> To confirm, the "latest" tag will continue to ship with http? I imagine
>> most users will end up with http then.
>>
> I can modify the PR and make https the default
>
>>
>> Also, what (if anything) do we do about y release tags (e.g. the upcoming
>> 3.13 tag)? Do they continue to ship with http?
>>
> I think release tags can be https
>
>>
>> David
>>
>>
>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
>> wrote:
>>
>>> a yis
>>>
>>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
>>> wrote:
>>>
 I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
 latest as is, and the new tag: https

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
 wrote:

> +1 to this observation, we probably need to either ship both or make
> it configurable somehow. Shipping both is probably easier on users.
>
> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
> wrote:
>
>> This is a great piece of work!
>> The problem I see is that the SSL free container image may be used in
>> places we do not control. And having this http based container equipped
>> with an external https reverse proxy is imho a valid use case.
>> Therefore i would prefer, if we could provide both versions of the
>> image (with and without SSL) as different tags.
>> This would also give us the opportunity to switch the plugins one by
>> one to use the new container.
>> Ideally, the SSL container would be a thin OCI-layer on top of the
>> http version.
>>
>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
>> wrote:
>>
>>> I finally made pulp_container CI work with https,
>>> I also did some changes on pulp_installer, I believe these changes
>>> will make it possible to run functional tests on dev environment.
>>>
>>> I think now it is a matter of deciding when is the best time to
>>> merge the PR on the single container and if latest tag should be https 
>>> or
>>> not
>>>
>>> PRs:
>>> https://github.com/pulp/pulp-oci-images/pull/73
>>> https://github.com/pulp/pulp_installer/pull/614
>>> https://github.com/pulp/plugin_template/pull/379
>>> https://github.com/pulp/pulpcore/pull/1283
>>> https://github.com/pulp/pulp_container/pull/304
>>> https://github.com/pulp/pulp_rpm/pull/1977
>>> https://github.com/pulp/pulp_ansible/pull/572
>>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
>>> wrote:
>>>
 I created https branch:
 https://github.com/pulp/pulp-oci-images/tree/https
 and pushed the following images:
 - pulp/pulp-ci-centos:https
 - pulp/pulp:https

 Now we can test on the plugins,
 I followed your suggestion and did it on pulp_npm:
 https://github.com/pulp/pulp_npm/pull/89

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Apr 27, 2021 at 9:25 AM David Davis 
 wrote:

> This is great. Thank you for working on it.
>
> As a next step, would it make sense to create a branch and then
> try to deploy a new temporary tag from that branch? Then maybe we can 
> test
> a plugin (eg pulp_npm) against this new image and see what breaks.
>
> David
>
>
> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <
> fagui...@redhat.com> wrote:
>
>> I started this POC:
>> https://github.com/pulp/pulp-oci-images/pull/73
>> It enables https on the single container, once merged, the CI for
>> every plugin will run the functional tests using https.
>> Probably it would break the majority of the CIs, we need to
>> discuss when is the best moment to merge this PR or discuss 
>> alternatives
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

On Fri, May 7, 2021 at 11:52 AM David Davis  wrote:

> To confirm, the "latest" tag will continue to ship with http? I imagine
> most users will end up with http then.
>
I can modify the PR and make https the default

>
> Also, what (if anything) do we do about y release tags (e.g. the upcoming
> 3.13 tag)? Do they continue to ship with http?
>
I think release tags can be https

>
> David
>
>
> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
> wrote:
>
>> a yis
>>
>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
>> wrote:
>>
>>> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
>>> latest as is, and the new tag: https
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
>>> wrote:
>>>
 +1 to this observation, we probably need to either ship both or make it
 configurable somehow. Shipping both is probably easier on users.

 On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
 wrote:

> This is a great piece of work!
> The problem I see is that the SSL free container image may be used in
> places we do not control. And having this http based container equipped
> with an external https reverse proxy is imho a valid use case.
> Therefore i would prefer, if we could provide both versions of the
> image (with and without SSL) as different tags.
> This would also give us the opportunity to switch the plugins one by
> one to use the new container.
> Ideally, the SSL container would be a thin OCI-layer on top of the
> http version.
>
> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
> wrote:
>
>> I finally made pulp_container CI work with https,
>> I also did some changes on pulp_installer, I believe these changes
>> will make it possible to run functional tests on dev environment.
>>
>> I think now it is a matter of deciding when is the best time to merge
>> the PR on the single container and if latest tag should be https or not
>>
>> PRs:
>> https://github.com/pulp/pulp-oci-images/pull/73
>> https://github.com/pulp/pulp_installer/pull/614
>> https://github.com/pulp/plugin_template/pull/379
>> https://github.com/pulp/pulpcore/pull/1283
>> https://github.com/pulp/pulp_container/pull/304
>> https://github.com/pulp/pulp_rpm/pull/1977
>> https://github.com/pulp/pulp_ansible/pull/572
>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
>> wrote:
>>
>>> I created https branch:
>>> https://github.com/pulp/pulp-oci-images/tree/https
>>> and pushed the following images:
>>> - pulp/pulp-ci-centos:https
>>> - pulp/pulp:https
>>>
>>> Now we can test on the plugins,
>>> I followed your suggestion and did it on pulp_npm:
>>> https://github.com/pulp/pulp_npm/pull/89
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Apr 27, 2021 at 9:25 AM David Davis 
>>> wrote:
>>>
 This is great. Thank you for working on it.

 As a next step, would it make sense to create a branch and then try
 to deploy a new temporary tag from that branch? Then maybe we can test 
 a
 plugin (eg pulp_npm) against this new image and see what breaks.

 David


 On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <
 fagui...@redhat.com> wrote:

> I started this POC:
> https://github.com/pulp/pulp-oci-images/pull/73
> It enables https on the single container, once merged, the CI for
> every plugin will run the functional tests using https.
> Probably it would break the majority of the CIs, we need to
> discuss when is the best moment to merge this PR or discuss 
> alternatives
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar <
> fagui...@redhat.com> wrote:
>
>> Our nginx conf only supports http now:
>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
>> For not breaking all plugins, I believe we can build a new CI
>> image that supports https.
>> Maybe a template_config parameter - test_https: true would switch

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

On Fri, May 7, 2021 at 12:40 PM Brian Bouterse  wrote:

>
>
> On Fri, May 7, 2021 at 11:27 AM Robin Chan  wrote:
>
>> Can someone enlighten me on the main motivation for making this change?
>> I wasn't at the meeting and just curious what other context I'm missing.
>> I definitely understand https > http from a security standpoint but
>> wondering if there were other factors or motivations I'm missing.
>>
> It's a good question. I have two main ones, but none are especially
> timeline driven:
>
> * it's problematic for development today. The installer (which installs
> dev envs also) default to https, but the tests are incompatible with that
> and can only work with http. Even though we work with it everyday we
> regularly have test failures and spend hours only to realize our local
> tests aren't working because we forgot to "unconfigure https" manually.
> This happened to me on Tuesday for example. Non-daily-developers would have
> no way of knowing this.
>
+1 you were faster and explained better than me,
emphasis on non-daily developers, a couple of times people reach to me to
understand why tests were breaking and this was the reason

>
> * user security: When demoing pulp-ansible with the CLI and container
> installs at fosdem for example, the first thing we have to do is instruct
> users to disable security.
>
> Maybe others have other reasons too, but those were my interests.
>
>
>> -rchan
>>
>> On Fri, May 7, 2021 at 10:53 AM David Davis 
>> wrote:
>>
>>> To confirm, the "latest" tag will continue to ship with http? I imagine
>>> most users will end up with http then.
>>>
>>> Also, what (if anything) do we do about y release tags (e.g. the
>>> upcoming 3.13 tag)? Do they continue to ship with http?
>>>
>>> David
>>>
>>>
>>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
>>> wrote:
>>>
 a yis

 On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
 wrote:

> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship
> both,
> latest as is, and the new tag: https
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
> wrote:
>
>> +1 to this observation, we probably need to either ship both or make
>> it configurable somehow. Shipping both is probably easier on users.
>>
>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
>> wrote:
>>
>>> This is a great piece of work!
>>> The problem I see is that the SSL free container image may be used
>>> in places we do not control. And having this http based container 
>>> equipped
>>> with an external https reverse proxy is imho a valid use case.
>>> Therefore i would prefer, if we could provide both versions of the
>>> image (with and without SSL) as different tags.
>>> This would also give us the opportunity to switch the plugins one by
>>> one to use the new container.
>>> Ideally, the SSL container would be a thin OCI-layer on top of the
>>> http version.
>>>
>>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
>>> wrote:
>>>
 I finally made pulp_container CI work with https,
 I also did some changes on pulp_installer, I believe these changes
 will make it possible to run functional tests on dev environment.

 I think now it is a matter of deciding when is the best time to
 merge the PR on the single container and if latest tag should be https 
 or
 not

 PRs:
 https://github.com/pulp/pulp-oci-images/pull/73
 https://github.com/pulp/pulp_installer/pull/614
 https://github.com/pulp/plugin_template/pull/379
 https://github.com/pulp/pulpcore/pull/1283
 https://github.com/pulp/pulp_container/pull/304
 https://github.com/pulp/pulp_rpm/pull/1977
 https://github.com/pulp/pulp_ansible/pull/572
 https://github.com/pulp/pulp-2to3-migration/pull/362

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar <
 fagui...@redhat.com> wrote:

> I created https branch:
> https://github.com/pulp/pulp-oci-images/tree/https
> and pushed the following images:
> - pulp/pulp-ci-centos:https
> - pulp/pulp:https
>
> Now we can test on the plugins,
> I followed your suggestion and did it on pulp_npm:
> https://github.com/pulp/pulp_npm/pull/89
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

On Fri, May 7, 2021 at 12:30 PM Robin Chan  wrote:

> Can someone enlighten me on the main motivation for making this change?
>
Our installer/dev environment by default uses https, but currently, it
breaks our tests, so we manually  disable https on our dev environment by
using:
https://github.com/pulp/pulp_installer/blob/master/example.dev-config.yml#L39-L40
So we end up not really testing our https setup, and we faced some bugs
related to that, e.g. migration plugin sending pulp2 requests to pulp3
server.
So the idea was to have our dev environment and CI closest to what we
expect from a production setup

> I wasn't at the meeting and just curious what other context I'm missing. I
> definitely understand https > http from a security standpoint but wondering
> if there were other factors or motivations I'm missing.
>
> -rchan
>
> On Fri, May 7, 2021 at 10:53 AM David Davis  wrote:
>
>> To confirm, the "latest" tag will continue to ship with http? I imagine
>> most users will end up with http then.
>>
>> Also, what (if anything) do we do about y release tags (e.g. the upcoming
>> 3.13 tag)? Do they continue to ship with http?
>>
>> David
>>
>>
>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
>> wrote:
>>
>>> a yis
>>>
>>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
>>> wrote:
>>>
 I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
 latest as is, and the new tag: https

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
 wrote:

> +1 to this observation, we probably need to either ship both or make
> it configurable somehow. Shipping both is probably easier on users.
>
> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
> wrote:
>
>> This is a great piece of work!
>> The problem I see is that the SSL free container image may be used in
>> places we do not control. And having this http based container equipped
>> with an external https reverse proxy is imho a valid use case.
>> Therefore i would prefer, if we could provide both versions of the
>> image (with and without SSL) as different tags.
>> This would also give us the opportunity to switch the plugins one by
>> one to use the new container.
>> Ideally, the SSL container would be a thin OCI-layer on top of the
>> http version.
>>
>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
>> wrote:
>>
>>> I finally made pulp_container CI work with https,
>>> I also did some changes on pulp_installer, I believe these changes
>>> will make it possible to run functional tests on dev environment.
>>>
>>> I think now it is a matter of deciding when is the best time to
>>> merge the PR on the single container and if latest tag should be https 
>>> or
>>> not
>>>
>>> PRs:
>>> https://github.com/pulp/pulp-oci-images/pull/73
>>> https://github.com/pulp/pulp_installer/pull/614
>>> https://github.com/pulp/plugin_template/pull/379
>>> https://github.com/pulp/pulpcore/pull/1283
>>> https://github.com/pulp/pulp_container/pull/304
>>> https://github.com/pulp/pulp_rpm/pull/1977
>>> https://github.com/pulp/pulp_ansible/pull/572
>>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
>>> wrote:
>>>
 I created https branch:
 https://github.com/pulp/pulp-oci-images/tree/https
 and pushed the following images:
 - pulp/pulp-ci-centos:https
 - pulp/pulp:https

 Now we can test on the plugins,
 I followed your suggestion and did it on pulp_npm:
 https://github.com/pulp/pulp_npm/pull/89

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Apr 27, 2021 at 9:25 AM David Davis 
 wrote:

> This is great. Thank you for working on it.
>
> As a next step, would it make sense to create a branch and then
> try to deploy a new temporary tag from that branch? Then maybe we can 
> test
> a plugin (eg pulp_npm) against this new image and see what breaks.
>
> David
>
>
> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <
> fagui...@redhat.com> wrote:
>
>> I started this POC:
>> https://github.com/pulp/pulp-oci-images/pull/73
>> It enables https on the single container, once merged, the 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Brian Bouterse]

On Fri, May 7, 2021 at 11:27 AM Robin Chan  wrote:

> Can someone enlighten me on the main motivation for making this change?
> I wasn't at the meeting and just curious what other context I'm missing. I
> definitely understand https > http from a security standpoint but wondering
> if there were other factors or motivations I'm missing.
>
It's a good question. I have two main ones, but none are especially
timeline driven:

* it's problematic for development today. The installer (which installs dev
envs also) default to https, but the tests are incompatible with that and
can only work with http. Even though we work with it everyday we regularly
have test failures and spend hours only to realize our local tests aren't
working because we forgot to "unconfigure https" manually. This happened to
me on Tuesday for example. Non-daily-developers would have no way of
knowing this.

* user security: When demoing pulp-ansible with the CLI and container
installs at fosdem for example, the first thing we have to do is instruct
users to disable security.

Maybe others have other reasons too, but those were my interests.


> -rchan
>
> On Fri, May 7, 2021 at 10:53 AM David Davis  wrote:
>
>> To confirm, the "latest" tag will continue to ship with http? I imagine
>> most users will end up with http then.
>>
>> Also, what (if anything) do we do about y release tags (e.g. the upcoming
>> 3.13 tag)? Do they continue to ship with http?
>>
>> David
>>
>>
>> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
>> wrote:
>>
>>> a yis
>>>
>>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
>>> wrote:
>>>
 I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
 latest as is, and the new tag: https

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
 wrote:

> +1 to this observation, we probably need to either ship both or make
> it configurable somehow. Shipping both is probably easier on users.
>
> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
> wrote:
>
>> This is a great piece of work!
>> The problem I see is that the SSL free container image may be used in
>> places we do not control. And having this http based container equipped
>> with an external https reverse proxy is imho a valid use case.
>> Therefore i would prefer, if we could provide both versions of the
>> image (with and without SSL) as different tags.
>> This would also give us the opportunity to switch the plugins one by
>> one to use the new container.
>> Ideally, the SSL container would be a thin OCI-layer on top of the
>> http version.
>>
>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
>> wrote:
>>
>>> I finally made pulp_container CI work with https,
>>> I also did some changes on pulp_installer, I believe these changes
>>> will make it possible to run functional tests on dev environment.
>>>
>>> I think now it is a matter of deciding when is the best time to
>>> merge the PR on the single container and if latest tag should be https 
>>> or
>>> not
>>>
>>> PRs:
>>> https://github.com/pulp/pulp-oci-images/pull/73
>>> https://github.com/pulp/pulp_installer/pull/614
>>> https://github.com/pulp/plugin_template/pull/379
>>> https://github.com/pulp/pulpcore/pull/1283
>>> https://github.com/pulp/pulp_container/pull/304
>>> https://github.com/pulp/pulp_rpm/pull/1977
>>> https://github.com/pulp/pulp_ansible/pull/572
>>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
>>> wrote:
>>>
 I created https branch:
 https://github.com/pulp/pulp-oci-images/tree/https
 and pushed the following images:
 - pulp/pulp-ci-centos:https
 - pulp/pulp:https

 Now we can test on the plugins,
 I followed your suggestion and did it on pulp_npm:
 https://github.com/pulp/pulp_npm/pull/89

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Apr 27, 2021 at 9:25 AM David Davis 
 wrote:

> This is great. Thank you for working on it.
>
> As a next step, would it make sense to create a branch and then
> try to deploy a new temporary tag from that branch? Then maybe we can 
> test
> a plugin (eg pulp_npm) against this new image and see what breaks.
>
> 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Robin Chan]

Can someone enlighten me on the main motivation for making this change?
I wasn't at the meeting and just curious what other context I'm missing. I
definitely understand https > http from a security standpoint but wondering
if there were other factors or motivations I'm missing.

-rchan

On Fri, May 7, 2021 at 10:53 AM David Davis  wrote:

> To confirm, the "latest" tag will continue to ship with http? I imagine
> most users will end up with http then.
>
> Also, what (if anything) do we do about y release tags (e.g. the upcoming
> 3.13 tag)? Do they continue to ship with http?
>
> David
>
>
> On Fri, May 7, 2021 at 10:51 AM Brian Bouterse 
> wrote:
>
>> a yis
>>
>> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
>> wrote:
>>
>>> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
>>> latest as is, and the new tag: https
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
>>> wrote:
>>>
 +1 to this observation, we probably need to either ship both or make it
 configurable somehow. Shipping both is probably easier on users.

 On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
 wrote:

> This is a great piece of work!
> The problem I see is that the SSL free container image may be used in
> places we do not control. And having this http based container equipped
> with an external https reverse proxy is imho a valid use case.
> Therefore i would prefer, if we could provide both versions of the
> image (with and without SSL) as different tags.
> This would also give us the opportunity to switch the plugins one by
> one to use the new container.
> Ideally, the SSL container would be a thin OCI-layer on top of the
> http version.
>
> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
> wrote:
>
>> I finally made pulp_container CI work with https,
>> I also did some changes on pulp_installer, I believe these changes
>> will make it possible to run functional tests on dev environment.
>>
>> I think now it is a matter of deciding when is the best time to merge
>> the PR on the single container and if latest tag should be https or not
>>
>> PRs:
>> https://github.com/pulp/pulp-oci-images/pull/73
>> https://github.com/pulp/pulp_installer/pull/614
>> https://github.com/pulp/plugin_template/pull/379
>> https://github.com/pulp/pulpcore/pull/1283
>> https://github.com/pulp/pulp_container/pull/304
>> https://github.com/pulp/pulp_rpm/pull/1977
>> https://github.com/pulp/pulp_ansible/pull/572
>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
>> wrote:
>>
>>> I created https branch:
>>> https://github.com/pulp/pulp-oci-images/tree/https
>>> and pushed the following images:
>>> - pulp/pulp-ci-centos:https
>>> - pulp/pulp:https
>>>
>>> Now we can test on the plugins,
>>> I followed your suggestion and did it on pulp_npm:
>>> https://github.com/pulp/pulp_npm/pull/89
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Apr 27, 2021 at 9:25 AM David Davis 
>>> wrote:
>>>
 This is great. Thank you for working on it.

 As a next step, would it make sense to create a branch and then try
 to deploy a new temporary tag from that branch? Then maybe we can test 
 a
 plugin (eg pulp_npm) against this new image and see what breaks.

 David


 On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar <
 fagui...@redhat.com> wrote:

> I started this POC:
> https://github.com/pulp/pulp-oci-images/pull/73
> It enables https on the single container, once merged, the CI for
> every plugin will run the functional tests using https.
> Probably it would break the majority of the CIs, we need to
> discuss when is the best moment to merge this PR or discuss 
> alternatives
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar <
> fagui...@redhat.com> wrote:
>
>> Our nginx conf only supports http now:
>> 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[David Davis]

To confirm, the "latest" tag will continue to ship with http? I imagine
most users will end up with http then.

Also, what (if anything) do we do about y release tags (e.g. the upcoming
3.13 tag)? Do they continue to ship with http?

David


On Fri, May 7, 2021 at 10:51 AM Brian Bouterse  wrote:

> a yis
>
> On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar 
> wrote:
>
>> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
>> latest as is, and the new tag: https
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
>> wrote:
>>
>>> +1 to this observation, we probably need to either ship both or make it
>>> configurable somehow. Shipping both is probably easier on users.
>>>
>>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
>>> wrote:
>>>
 This is a great piece of work!
 The problem I see is that the SSL free container image may be used in
 places we do not control. And having this http based container equipped
 with an external https reverse proxy is imho a valid use case.
 Therefore i would prefer, if we could provide both versions of the
 image (with and without SSL) as different tags.
 This would also give us the opportunity to switch the plugins one by
 one to use the new container.
 Ideally, the SSL container would be a thin OCI-layer on top of the http
 version.

 On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
 wrote:

> I finally made pulp_container CI work with https,
> I also did some changes on pulp_installer, I believe these changes
> will make it possible to run functional tests on dev environment.
>
> I think now it is a matter of deciding when is the best time to merge
> the PR on the single container and if latest tag should be https or not
>
> PRs:
> https://github.com/pulp/pulp-oci-images/pull/73
> https://github.com/pulp/pulp_installer/pull/614
> https://github.com/pulp/plugin_template/pull/379
> https://github.com/pulp/pulpcore/pull/1283
> https://github.com/pulp/pulp_container/pull/304
> https://github.com/pulp/pulp_rpm/pull/1977
> https://github.com/pulp/pulp_ansible/pull/572
> https://github.com/pulp/pulp-2to3-migration/pull/362
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
> wrote:
>
>> I created https branch:
>> https://github.com/pulp/pulp-oci-images/tree/https
>> and pushed the following images:
>> - pulp/pulp-ci-centos:https
>> - pulp/pulp:https
>>
>> Now we can test on the plugins,
>> I followed your suggestion and did it on pulp_npm:
>> https://github.com/pulp/pulp_npm/pull/89
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Apr 27, 2021 at 9:25 AM David Davis 
>> wrote:
>>
>>> This is great. Thank you for working on it.
>>>
>>> As a next step, would it make sense to create a branch and then try
>>> to deploy a new temporary tag from that branch? Then maybe we can test a
>>> plugin (eg pulp_npm) against this new image and see what breaks.
>>>
>>> David
>>>
>>>
>>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar 
>>> wrote:
>>>
 I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
 It enables https on the single container, once merged, the CI for
 every plugin will run the functional tests using https.
 Probably it would break the majority of the CIs, we need to discuss
 when is the best moment to merge this PR or discuss alternatives

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar <
 fagui...@redhat.com> wrote:

> Our nginx conf only supports http now:
> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
> For not breaking all plugins, I believe we can build a new CI
> image that supports https.
> Maybe a template_config parameter - test_https: true would switch
> the images
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg <
> mdell...@redhat.com> wrote:

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Brian Bouterse]

a yis

On Fri, May 7, 2021 at 10:46 AM Fabricio Aguiar  wrote:

> I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
> latest as is, and the new tag: https
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Fri, May 7, 2021 at 11:41 AM Brian Bouterse 
> wrote:
>
>> +1 to this observation, we probably need to either ship both or make it
>> configurable somehow. Shipping both is probably easier on users.
>>
>> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
>> wrote:
>>
>>> This is a great piece of work!
>>> The problem I see is that the SSL free container image may be used in
>>> places we do not control. And having this http based container equipped
>>> with an external https reverse proxy is imho a valid use case.
>>> Therefore i would prefer, if we could provide both versions of the image
>>> (with and without SSL) as different tags.
>>> This would also give us the opportunity to switch the plugins one by one
>>> to use the new container.
>>> Ideally, the SSL container would be a thin OCI-layer on top of the http
>>> version.
>>>
>>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
>>> wrote:
>>>
 I finally made pulp_container CI work with https,
 I also did some changes on pulp_installer, I believe these changes will
 make it possible to run functional tests on dev environment.

 I think now it is a matter of deciding when is the best time to merge
 the PR on the single container and if latest tag should be https or not

 PRs:
 https://github.com/pulp/pulp-oci-images/pull/73
 https://github.com/pulp/pulp_installer/pull/614
 https://github.com/pulp/plugin_template/pull/379
 https://github.com/pulp/pulpcore/pull/1283
 https://github.com/pulp/pulp_container/pull/304
 https://github.com/pulp/pulp_rpm/pull/1977
 https://github.com/pulp/pulp_ansible/pull/572
 https://github.com/pulp/pulp-2to3-migration/pull/362

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
 wrote:

> I created https branch:
> https://github.com/pulp/pulp-oci-images/tree/https
> and pushed the following images:
> - pulp/pulp-ci-centos:https
> - pulp/pulp:https
>
> Now we can test on the plugins,
> I followed your suggestion and did it on pulp_npm:
> https://github.com/pulp/pulp_npm/pull/89
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Apr 27, 2021 at 9:25 AM David Davis 
> wrote:
>
>> This is great. Thank you for working on it.
>>
>> As a next step, would it make sense to create a branch and then try
>> to deploy a new temporary tag from that branch? Then maybe we can test a
>> plugin (eg pulp_npm) against this new image and see what breaks.
>>
>> David
>>
>>
>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar 
>> wrote:
>>
>>> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
>>> It enables https on the single container, once merged, the CI for
>>> every plugin will run the functional tests using https.
>>> Probably it would break the majority of the CIs, we need to discuss
>>> when is the best moment to merge this PR or discuss alternatives
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar 
>>> wrote:
>>>
 Our nginx conf only supports http now:
 https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
 For not breaking all plugins, I believe we can build a new CI image
 that supports https.
 Maybe a template_config parameter - test_https: true would switch
 the images

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg <
 mdell...@redhat.com> wrote:

> I believe this is at least solving the problem partially:
>
> https://github.com/pulp/pulp-smash/pull/1251
>
> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
> wrote:
>
>> I believe all of our plugins (and CI) require HTTP and do not
>> work with HTTPS. I'm not well versed in what needs to be done to fix 
>> this,
>> but I think we should fix it.
>>

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

I changed https://github.com/pulp/pulp-oci-images/pull/73 to ship both,
latest as is, and the new tag: https

Best regards,
Fabricio Aguiar
Software Engineer, Pulp Project
Red Hat Brazil - Latam 
+55 22 999000595



On Fri, May 7, 2021 at 11:41 AM Brian Bouterse  wrote:

> +1 to this observation, we probably need to either ship both or make it
> configurable somehow. Shipping both is probably easier on users.
>
> On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg 
> wrote:
>
>> This is a great piece of work!
>> The problem I see is that the SSL free container image may be used in
>> places we do not control. And having this http based container equipped
>> with an external https reverse proxy is imho a valid use case.
>> Therefore i would prefer, if we could provide both versions of the image
>> (with and without SSL) as different tags.
>> This would also give us the opportunity to switch the plugins one by one
>> to use the new container.
>> Ideally, the SSL container would be a thin OCI-layer on top of the http
>> version.
>>
>> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
>> wrote:
>>
>>> I finally made pulp_container CI work with https,
>>> I also did some changes on pulp_installer, I believe these changes will
>>> make it possible to run functional tests on dev environment.
>>>
>>> I think now it is a matter of deciding when is the best time to merge
>>> the PR on the single container and if latest tag should be https or not
>>>
>>> PRs:
>>> https://github.com/pulp/pulp-oci-images/pull/73
>>> https://github.com/pulp/pulp_installer/pull/614
>>> https://github.com/pulp/plugin_template/pull/379
>>> https://github.com/pulp/pulpcore/pull/1283
>>> https://github.com/pulp/pulp_container/pull/304
>>> https://github.com/pulp/pulp_rpm/pull/1977
>>> https://github.com/pulp/pulp_ansible/pull/572
>>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
>>> wrote:
>>>
 I created https branch:
 https://github.com/pulp/pulp-oci-images/tree/https
 and pushed the following images:
 - pulp/pulp-ci-centos:https
 - pulp/pulp:https

 Now we can test on the plugins,
 I followed your suggestion and did it on pulp_npm:
 https://github.com/pulp/pulp_npm/pull/89

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Apr 27, 2021 at 9:25 AM David Davis 
 wrote:

> This is great. Thank you for working on it.
>
> As a next step, would it make sense to create a branch and then try to
> deploy a new temporary tag from that branch? Then maybe we can test a
> plugin (eg pulp_npm) against this new image and see what breaks.
>
> David
>
>
> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar 
> wrote:
>
>> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
>> It enables https on the single container, once merged, the CI for
>> every plugin will run the functional tests using https.
>> Probably it would break the majority of the CIs, we need to discuss
>> when is the best moment to merge this PR or discuss alternatives
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar 
>> wrote:
>>
>>> Our nginx conf only supports http now:
>>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
>>> For not breaking all plugins, I believe we can build a new CI image
>>> that supports https.
>>> Maybe a template_config parameter - test_https: true would switch
>>> the images
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg 
>>> wrote:
>>>
 I believe this is at least solving the problem partially:

 https://github.com/pulp/pulp-smash/pull/1251

 On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
 wrote:

> I believe all of our plugins (and CI) require HTTP and do not work
> with HTTPS. I'm not well versed in what needs to be done to fix this, 
> but I
> think we should fix it.
>
> Can the CI group have a 30 min call to talk over what needs to be
> done? Or maybe share some info here?
>
> The main issue I'm aware of is that the tests are not prepared to
> trust an https certificate 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Brian Bouterse]

+1 to this observation, we probably need to either ship both or make it
configurable somehow. Shipping both is probably easier on users.

On Fri, May 7, 2021 at 5:11 AM Matthias Dellweg  wrote:

> This is a great piece of work!
> The problem I see is that the SSL free container image may be used in
> places we do not control. And having this http based container equipped
> with an external https reverse proxy is imho a valid use case.
> Therefore i would prefer, if we could provide both versions of the image
> (with and without SSL) as different tags.
> This would also give us the opportunity to switch the plugins one by one
> to use the new container.
> Ideally, the SSL container would be a thin OCI-layer on top of the http
> version.
>
> On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar 
> wrote:
>
>> I finally made pulp_container CI work with https,
>> I also did some changes on pulp_installer, I believe these changes will
>> make it possible to run functional tests on dev environment.
>>
>> I think now it is a matter of deciding when is the best time to merge the
>> PR on the single container and if latest tag should be https or not
>>
>> PRs:
>> https://github.com/pulp/pulp-oci-images/pull/73
>> https://github.com/pulp/pulp_installer/pull/614
>> https://github.com/pulp/plugin_template/pull/379
>> https://github.com/pulp/pulpcore/pull/1283
>> https://github.com/pulp/pulp_container/pull/304
>> https://github.com/pulp/pulp_rpm/pull/1977
>> https://github.com/pulp/pulp_ansible/pull/572
>> https://github.com/pulp/pulp-2to3-migration/pull/362
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
>> wrote:
>>
>>> I created https branch:
>>> https://github.com/pulp/pulp-oci-images/tree/https
>>> and pushed the following images:
>>> - pulp/pulp-ci-centos:https
>>> - pulp/pulp:https
>>>
>>> Now we can test on the plugins,
>>> I followed your suggestion and did it on pulp_npm:
>>> https://github.com/pulp/pulp_npm/pull/89
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Apr 27, 2021 at 9:25 AM David Davis 
>>> wrote:
>>>
 This is great. Thank you for working on it.

 As a next step, would it make sense to create a branch and then try to
 deploy a new temporary tag from that branch? Then maybe we can test a
 plugin (eg pulp_npm) against this new image and see what breaks.

 David


 On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar 
 wrote:

> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
> It enables https on the single container, once merged, the CI for
> every plugin will run the functional tests using https.
> Probably it would break the majority of the CIs, we need to discuss
> when is the best moment to merge this PR or discuss alternatives
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar 
> wrote:
>
>> Our nginx conf only supports http now:
>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
>> For not breaking all plugins, I believe we can build a new CI image
>> that supports https.
>> Maybe a template_config parameter - test_https: true would switch the
>> images
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg 
>> wrote:
>>
>>> I believe this is at least solving the problem partially:
>>>
>>> https://github.com/pulp/pulp-smash/pull/1251
>>>
>>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
>>> wrote:
>>>
 I believe all of our plugins (and CI) require HTTP and do not work
 with HTTPS. I'm not well versed in what needs to be done to fix this, 
 but I
 think we should fix it.

 Can the CI group have a 30 min call to talk over what needs to be
 done? Or maybe share some info here?

 The main issue I'm aware of is that the tests are not prepared to
 trust an https certificate that is self-signed. I'm not exactly sure 
 where
 we can change that in one place either.

 Thanks!
 Brian



 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev

>>> ___
>>> Pulp-dev 

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Matthias Dellweg]

This is a great piece of work!
The problem I see is that the SSL free container image may be used in
places we do not control. And having this http based container equipped
with an external https reverse proxy is imho a valid use case.
Therefore i would prefer, if we could provide both versions of the image
(with and without SSL) as different tags.
This would also give us the opportunity to switch the plugins one by one to
use the new container.
Ideally, the SSL container would be a thin OCI-layer on top of the http
version.

On Thu, May 6, 2021 at 10:10 PM Fabricio Aguiar  wrote:

> I finally made pulp_container CI work with https,
> I also did some changes on pulp_installer, I believe these changes will
> make it possible to run functional tests on dev environment.
>
> I think now it is a matter of deciding when is the best time to merge the
> PR on the single container and if latest tag should be https or not
>
> PRs:
> https://github.com/pulp/pulp-oci-images/pull/73
> https://github.com/pulp/pulp_installer/pull/614
> https://github.com/pulp/plugin_template/pull/379
> https://github.com/pulp/pulpcore/pull/1283
> https://github.com/pulp/pulp_container/pull/304
> https://github.com/pulp/pulp_rpm/pull/1977
> https://github.com/pulp/pulp_ansible/pull/572
> https://github.com/pulp/pulp-2to3-migration/pull/362
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar 
> wrote:
>
>> I created https branch:
>> https://github.com/pulp/pulp-oci-images/tree/https
>> and pushed the following images:
>> - pulp/pulp-ci-centos:https
>> - pulp/pulp:https
>>
>> Now we can test on the plugins,
>> I followed your suggestion and did it on pulp_npm:
>> https://github.com/pulp/pulp_npm/pull/89
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Apr 27, 2021 at 9:25 AM David Davis 
>> wrote:
>>
>>> This is great. Thank you for working on it.
>>>
>>> As a next step, would it make sense to create a branch and then try to
>>> deploy a new temporary tag from that branch? Then maybe we can test a
>>> plugin (eg pulp_npm) against this new image and see what breaks.
>>>
>>> David
>>>
>>>
>>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar 
>>> wrote:
>>>
 I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
 It enables https on the single container, once merged, the CI for every
 plugin will run the functional tests using https.
 Probably it would break the majority of the CIs, we need to discuss
 when is the best moment to merge this PR or discuss alternatives

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar 
 wrote:

> Our nginx conf only supports http now:
> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
> For not breaking all plugins, I believe we can build a new CI image
> that supports https.
> Maybe a template_config parameter - test_https: true would switch the
> images
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg 
> wrote:
>
>> I believe this is at least solving the problem partially:
>>
>> https://github.com/pulp/pulp-smash/pull/1251
>>
>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
>> wrote:
>>
>>> I believe all of our plugins (and CI) require HTTP and do not work
>>> with HTTPS. I'm not well versed in what needs to be done to fix this, 
>>> but I
>>> think we should fix it.
>>>
>>> Can the CI group have a 30 min call to talk over what needs to be
>>> done? Or maybe share some info here?
>>>
>>> The main issue I'm aware of is that the tests are not prepared to
>>> trust an https certificate that is self-signed. I'm not exactly sure 
>>> where
>>> we can change that in one place either.
>>>
>>> Thanks!
>>> Brian
>>>
>>>
>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
> ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://listman.redhat.com/mailman/listinfo/pulp-dev

>>>
___
Pulp-dev mailing list

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

I finally made pulp_container CI work with https,
I also did some changes on pulp_installer, I believe these changes will
make it possible to run functional tests on dev environment.

I think now it is a matter of deciding when is the best time to merge the
PR on the single container and if latest tag should be https or not

PRs:
https://github.com/pulp/pulp-oci-images/pull/73
https://github.com/pulp/pulp_installer/pull/614
https://github.com/pulp/plugin_template/pull/379
https://github.com/pulp/pulpcore/pull/1283
https://github.com/pulp/pulp_container/pull/304
https://github.com/pulp/pulp_rpm/pull/1977
https://github.com/pulp/pulp_ansible/pull/572
https://github.com/pulp/pulp-2to3-migration/pull/362

Best regards,
Fabricio Aguiar
Software Engineer, Pulp Project
Red Hat Brazil - Latam 
+55 22 999000595



On Tue, Apr 27, 2021 at 5:35 PM Fabricio Aguiar  wrote:

> I created https branch: https://github.com/pulp/pulp-oci-images/tree/https
> and pushed the following images:
> - pulp/pulp-ci-centos:https
> - pulp/pulp:https
>
> Now we can test on the plugins,
> I followed your suggestion and did it on pulp_npm:
> https://github.com/pulp/pulp_npm/pull/89
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Apr 27, 2021 at 9:25 AM David Davis  wrote:
>
>> This is great. Thank you for working on it.
>>
>> As a next step, would it make sense to create a branch and then try to
>> deploy a new temporary tag from that branch? Then maybe we can test a
>> plugin (eg pulp_npm) against this new image and see what breaks.
>>
>> David
>>
>>
>> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar 
>> wrote:
>>
>>> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
>>> It enables https on the single container, once merged, the CI for every
>>> plugin will run the functional tests using https.
>>> Probably it would break the majority of the CIs, we need to discuss when
>>> is the best moment to merge this PR or discuss alternatives
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar 
>>> wrote:
>>>
 Our nginx conf only supports http now:
 https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
 For not breaking all plugins, I believe we can build a new CI image
 that supports https.
 Maybe a template_config parameter - test_https: true would switch the
 images

 Best regards,
 Fabricio Aguiar
 Software Engineer, Pulp Project
 Red Hat Brazil - Latam 
 +55 22 999000595



 On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg 
 wrote:

> I believe this is at least solving the problem partially:
>
> https://github.com/pulp/pulp-smash/pull/1251
>
> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
> wrote:
>
>> I believe all of our plugins (and CI) require HTTP and do not work
>> with HTTPS. I'm not well versed in what needs to be done to fix this, 
>> but I
>> think we should fix it.
>>
>> Can the CI group have a 30 min call to talk over what needs to be
>> done? Or maybe share some info here?
>>
>> The main issue I'm aware of is that the tests are not prepared to
>> trust an https certificate that is self-signed. I'm not exactly sure 
>> where
>> we can change that in one place either.
>>
>> Thanks!
>> Brian
>>
>>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
 ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://listman.redhat.com/mailman/listinfo/pulp-dev
>>>
>>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://listman.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

I created https branch: https://github.com/pulp/pulp-oci-images/tree/https
and pushed the following images:
- pulp/pulp-ci-centos:https
- pulp/pulp:https

Now we can test on the plugins,
I followed your suggestion and did it on pulp_npm:
https://github.com/pulp/pulp_npm/pull/89

Best regards,
Fabricio Aguiar
Software Engineer, Pulp Project
Red Hat Brazil - Latam 
+55 22 999000595



On Tue, Apr 27, 2021 at 9:25 AM David Davis  wrote:

> This is great. Thank you for working on it.
>
> As a next step, would it make sense to create a branch and then try to
> deploy a new temporary tag from that branch? Then maybe we can test a
> plugin (eg pulp_npm) against this new image and see what breaks.
>
> David
>
>
> On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar 
> wrote:
>
>> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
>> It enables https on the single container, once merged, the CI for every
>> plugin will run the functional tests using https.
>> Probably it would break the majority of the CIs, we need to discuss when
>> is the best moment to merge this PR or discuss alternatives
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar 
>> wrote:
>>
>>> Our nginx conf only supports http now:
>>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
>>> For not breaking all plugins, I believe we can build a new CI image that
>>> supports https.
>>> Maybe a template_config parameter - test_https: true would switch the
>>> images
>>>
>>> Best regards,
>>> Fabricio Aguiar
>>> Software Engineer, Pulp Project
>>> Red Hat Brazil - Latam 
>>> +55 22 999000595
>>>
>>>
>>>
>>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg 
>>> wrote:
>>>
 I believe this is at least solving the problem partially:

 https://github.com/pulp/pulp-smash/pull/1251

 On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
 wrote:

> I believe all of our plugins (and CI) require HTTP and do not work
> with HTTPS. I'm not well versed in what needs to be done to fix this, but 
> I
> think we should fix it.
>
> Can the CI group have a 30 min call to talk over what needs to be
> done? Or maybe share some info here?
>
> The main issue I'm aware of is that the tests are not prepared to
> trust an https certificate that is self-signed. I'm not exactly sure where
> we can change that in one place either.
>
> Thanks!
> Brian
>
>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev

>>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://listman.redhat.com/mailman/listinfo/pulp-dev
>>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://listman.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[David Davis]

This is great. Thank you for working on it.

As a next step, would it make sense to create a branch and then try to
deploy a new temporary tag from that branch? Then maybe we can test a
plugin (eg pulp_npm) against this new image and see what breaks.

David


On Mon, Apr 26, 2021 at 5:01 PM Fabricio Aguiar  wrote:

> I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
> It enables https on the single container, once merged, the CI for every
> plugin will run the functional tests using https.
> Probably it would break the majority of the CIs, we need to discuss when
> is the best moment to merge this PR or discuss alternatives
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar 
> wrote:
>
>> Our nginx conf only supports http now:
>> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
>> For not breaking all plugins, I believe we can build a new CI image that
>> supports https.
>> Maybe a template_config parameter - test_https: true would switch the
>> images
>>
>> Best regards,
>> Fabricio Aguiar
>> Software Engineer, Pulp Project
>> Red Hat Brazil - Latam 
>> +55 22 999000595
>>
>>
>>
>> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg 
>> wrote:
>>
>>> I believe this is at least solving the problem partially:
>>>
>>> https://github.com/pulp/pulp-smash/pull/1251
>>>
>>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
>>> wrote:
>>>
 I believe all of our plugins (and CI) require HTTP and do not work with
 HTTPS. I'm not well versed in what needs to be done to fix this, but I
 think we should fix it.

 Can the CI group have a 30 min call to talk over what needs to be done?
 Or maybe share some info here?

 The main issue I'm aware of is that the tests are not prepared to trust
 an https certificate that is self-signed. I'm not exactly sure where we can
 change that in one place either.

 Thanks!
 Brian



 ___
 Pulp-dev mailing list
 Pulp-dev@redhat.com
 https://www.redhat.com/mailman/listinfo/pulp-dev

>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://listman.redhat.com/mailman/listinfo/pulp-dev
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://listman.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

I started this POC: https://github.com/pulp/pulp-oci-images/pull/73
It enables https on the single container, once merged, the CI for every
plugin will run the functional tests using https.
Probably it would break the majority of the CIs, we need to discuss when is
the best moment to merge this PR or discuss alternatives

Best regards,
Fabricio Aguiar
Software Engineer, Pulp Project
Red Hat Brazil - Latam 
+55 22 999000595



On Tue, Feb 9, 2021 at 10:55 AM Fabricio Aguiar  wrote:

> Our nginx conf only supports http now:
> https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
> For not breaking all plugins, I believe we can build a new CI image that
> supports https.
> Maybe a template_config parameter - test_https: true would switch the
> images
>
> Best regards,
> Fabricio Aguiar
> Software Engineer, Pulp Project
> Red Hat Brazil - Latam 
> +55 22 999000595
>
>
>
> On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg 
> wrote:
>
>> I believe this is at least solving the problem partially:
>>
>> https://github.com/pulp/pulp-smash/pull/1251
>>
>> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse 
>> wrote:
>>
>>> I believe all of our plugins (and CI) require HTTP and do not work with
>>> HTTPS. I'm not well versed in what needs to be done to fix this, but I
>>> think we should fix it.
>>>
>>> Can the CI group have a 30 min call to talk over what needs to be done?
>>> Or maybe share some info here?
>>>
>>> The main issue I'm aware of is that the tests are not prepared to trust
>>> an https certificate that is self-signed. I'm not exactly sure where we can
>>> change that in one place either.
>>>
>>> Thanks!
>>> Brian
>>>
>>>
>>>
>>> ___
>>> Pulp-dev mailing list
>>> Pulp-dev@redhat.com
>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://listman.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Fabricio Aguiar]

Our nginx conf only supports http now:
https://github.com/pulp/pulp-oci-images/blob/latest/assets/nginx.conf#L15
For not breaking all plugins, I believe we can build a new CI image that
supports https.
Maybe a template_config parameter - test_https: true would switch the images

Best regards,
Fabricio Aguiar
Software Engineer, Pulp Project
Red Hat Brazil - Latam 
+55 22 999000595



On Tue, Feb 9, 2021 at 5:16 AM Matthias Dellweg  wrote:

> I believe this is at least solving the problem partially:
>
> https://github.com/pulp/pulp-smash/pull/1251
>
> On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse  wrote:
>
>> I believe all of our plugins (and CI) require HTTP and do not work with
>> HTTPS. I'm not well versed in what needs to be done to fix this, but I
>> think we should fix it.
>>
>> Can the CI group have a 30 min call to talk over what needs to be done?
>> Or maybe share some info here?
>>
>> The main issue I'm aware of is that the tests are not prepared to trust
>> an https certificate that is self-signed. I'm not exactly sure where we can
>> change that in one place either.
>>
>> Thanks!
>> Brian
>>
>>
>>
>> ___
>> Pulp-dev mailing list
>> Pulp-dev@redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

Re: [Pulp-dev] How to enable HTTPS for our tests in pulpcore and all plugins?

[Matthias Dellweg]

I believe this is at least solving the problem partially:

https://github.com/pulp/pulp-smash/pull/1251

On Mon, Feb 8, 2021 at 9:48 PM Brian Bouterse  wrote:

> I believe all of our plugins (and CI) require HTTP and do not work with
> HTTPS. I'm not well versed in what needs to be done to fix this, but I
> think we should fix it.
>
> Can the CI group have a 30 min call to talk over what needs to be done? Or
> maybe share some info here?
>
> The main issue I'm aware of is that the tests are not prepared to trust an
> https certificate that is self-signed. I'm not exactly sure where we can
> change that in one place either.
>
> Thanks!
> Brian
>
>
>
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev