Story #1282
closed
As an EC2 user, I would like to set up a RHUI as an alternate content source
Status:
CLOSED - CURRENTRELEASE
Description
Typically, if I set up a new Pulp instance I can set up a local content source to help populate it quickly. However, if I am using EC2, I can't use my region's local RHUI to help populate my Pulp.
The content source config allows for most of what I need: the CA, client cert and client key. However, RHUI in EC2 requires additional metadata from the cloud-init magic IP in the HTTP header to allow the request through. These settings are specific to an instance, but do not generally change once the instance is created.
If there was a way to specify additional HTTP headers in the content request, it would be let Pulp users set up RHUI as an alternate content source. A very basic way to do this would be to allow setting arbitrary HTTP headers in the conf file.
I can supply an ec2 machine that's already set up and show how to populate the headers.
- Sprint/Milestone set to 38
Can this be removed from the sprint until the functional details are added and it's groomed? Without that the work isn't clear enough to be picked up on a sprint.
As a Pulp user, I would like to use a RHUI which has the Amazon authentication plugin enabled as an alternate content source.
The existing ACS config supports most of the required values, but two additional HTTP headers (X-RHUI-ID and X-RHUI-SIGNATURE) have to be presented in order to obtain content from the RHUI. The values of these two headers are strings that do not change once an instance is created.
- Groomed changed from No to Yes
What is an ACS config? I'm not sure how these two headers will be configured? Also is the user only providing the values and we hardcode the names, or is it a generalized configuration and the user supplies both the config name and its value?
ah, I was just being lazy with my typing :) acs = alternate content source
There are probably a number of ways to solve the problem of getting the content out of a RHUI, but one idea would be to allow setting the two X-RHUI headers via https://docs.pulpproject.org/user-guide/content-sources.html. I believe if two additional settings were exposed to set values for the two headers and then the header values were passed through to nectar, that would work. I think it would operate similarly to how basic auth is set up.
OK that is a good plan. The last bit of detail I'm looking for are the actual names of those two options. Then one of us can write out the deliverables as checklist items. I can help w/ that once the setting names are decided.
Thanks for all the input you've given. This story is really shaping up.
The full names are `X-RHUI-ID` and `X-RHUI-SIGNATURE`.
All of the names of those options are lower case. Do you think upper or lower case would be better?
I added some checklist items. I don't know if the default should be empty string or None. Where are the alternate content source defaults specified?
I think lowercase is better, at least IMO. For the None vs empty string, I'm ok with either as long as the header not sent on requests by default.
I also like the lower case consistency. I rewrote the checklist item to name those as the alternate content source config names. I also added two more docs checklist items.
I don't think that adding RHUI specific options to the alternate content source descriptor is appropriate. These are just HTTP headers and should be supported generically. Instead, let's add support for a headers option. This is a list option (like paths) but has the form of <header>=<value>.
Example:
headers: X-RHUI-ID=1234 \
X-RHUI-SIGNATURE=AF1902B9C8DAF1902B9C8D
+1 to @jortel's idea to call it headers. Similar to paths it will be <str> with an optionl list delimited by space or newline. Thanks @jortel for also updating the checklist. I think this is good to go.
- Status changed from NEW to ASSIGNED
- Assignee set to bizhang
- Status changed from ASSIGNED to POST
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
- Related to Story #2772: As a user, I can sync from a RedHat mirror provided by and hosted in AWS added
- Platform Release set to 2.14.0
- Status changed from MODIFIED to 5
- Status changed from 5 to CLOSED - CURRENTRELEASE
- Sprint/Milestone deleted (
38)
- Assignee deleted (
bizhang)
Removing assignee at their request so downstream automation will stop pinging them.
Also available in: Atom
PDF
.
Add headers as an optional alternate content source descriptor
closes #1282 https://pulp.plan.io/issues/1282