Project

Profile

Help

Task #1190

Story #1150: As a user, I can lazily fetch repositories

Create a httpd config for the lazy streamer

Added by bmbouter about 6 years ago. Updated over 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.8.0
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Part of the lazy component set is an Apache server that acts as an SSL termination point (since squid can't cache encrypted traffic) and enforces content protection. The client is redirected to this Apache server (by way of story #1180) when the content is missing from the Pulp server, but is part of a lazy-loaded repository. When a client connects Apache will need to check the presented client certificate (if any) to ensure they have access to the content. Apache will then keep the connection to the client open while it connects to Squid on localhost:3128 and requests the content on behalf of the client.

To achieve this, a new Apache configuration file needs to be created.

Some inline documentation should be included in the configuration file explaining the purpose of each directive and any other settings the user may want to tweak or look into. A release note should be added for this change.

This new configuration file will be packaged as part of the pulp-streamer and is completely separate from the main Apache configuration for Pulp.


Checklist

History

#1 Updated by bmbouter about 6 years ago

  • Parent task set to #1150

#2 Updated by bmbouter about 6 years ago

  • Checklist item changed from [ ] Ensure the example is present in both config files, [ ] Ensure the config requires SSL, [ ] Ensure the config enforces repo protection, [ ] Ensure the config uses a reverse proxy to connect to localhost:3128 (squid's default port), [ ] Ensure the configs have comment based docs in the config files, [ ] Ensure a release note is present identifying that this new example config is available to [ ] Ensure the example with both Location types (SSL and nonSSL) is present in both config files, [ ] Ensure the config requires SSL, [ ] Ensure the config enforces repo protection, [ ] Ensure the config uses a reverse proxy to connect to localhost:3128 (squid's default port), [ ] Ensure the configs have comment based docs in the config files, [ ] Ensure a release note is present identifying that this new example config is available
  • Subject changed from Add SSL termination Location example to httpd config to Add SSL and non-SSL Location examples to httpd config
  • Description updated (diff)

#3 Updated by jcline@redhat.com about 6 years ago

  • Subject changed from Add SSL and non-SSL Location examples to httpd config to Create a httpd config with SSL and non-SSL Location settings for Lazy Apache
  • Description updated (diff)

#4 Updated by jortel@redhat.com almost 6 years ago

Secured by signed URL instead.

#5 Updated by jcline@redhat.com almost 6 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to jcline@redhat.com

#6 Updated by jcline@redhat.com almost 6 years ago

  • % Done changed from 0 to 50

The required Apache configuration has been documented as part of story #1198, but we have not yet decided how/if to package the configuration.

#7 Updated by jcline@redhat.com almost 6 years ago

  • Checklist item Ensure the config enforces repo protection set to Done
  • Checklist item Ensure the config uses a reverse proxy to connect to localhost:3128 (squid's default port) set to Done
  • Checklist item Ensure the configs have comment based docs in the config files set to Done
  • Status changed from ASSIGNED to POST
  • % Done changed from 50 to 100

The Apache configuration PR against the feature branch: https://github.com/pulp/pulp/pull/2104

Since we use URL signatures, there is a new WSGI application that checks signatures and is turned on as part of the streamer 'Directory' statement.

#8 Updated by jcline@redhat.com almost 6 years ago

  • Checklist item deleted (Ensure the example with both Location types (SSL and nonSSL) is present in both config files)
  • Checklist item deleted (Ensure the config requires SSL)

#9 Updated by jcline@redhat.com almost 6 years ago

  • Subject changed from Create a httpd config with SSL and non-SSL Location settings for Lazy Apache to Create a httpd config for the lazy streamer

#10 Updated by jcline@redhat.com almost 6 years ago

  • Description updated (diff)

#11 Updated by jcline@redhat.com over 5 years ago

  • Status changed from POST to MODIFIED

#12 Updated by rbarlow over 5 years ago

  • Status changed from MODIFIED to ASSIGNED
  • Platform Release set to 2.8.0

Release notes are still needed.

#13 Updated by jcline@redhat.com over 5 years ago

  • Checklist item Ensure a release note is present identifying that this new example config is available set to Done

#14 Updated by jcline@redhat.com over 5 years ago

  • Status changed from ASSIGNED to 5

#15 Updated by dkliban@redhat.com over 5 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE

#16 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF