Actions
Story #3857
closedAs a user, i want Crane to be able to serve Docker registry content directly as well as be alble to use redirects
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
2.18.0
Target Release - Crane:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
Problem¶
Pulp allows to distribute Docker content via rsync to a remote server. There is a possible scenario where a Crane instance is running on this remote server to provide a local Docker registry.
Currently in this scenario Crane would serve 302 redirects to the actual files served by a web server on the same machine.
This creates a problem when trying to restrict access to these files:
- The Docker client is able to handle basic authentication, when accessing a registry. However when the Docker client follows a redirect it seems to forget any authentication data. Thus with Crane it is possible to restrict access to the 302 redirects but not to the actual files.
Solution¶
- Add an option to Crane to either serve Files locally or provide redirects.
- Use "X-Sendfile" support of flask when serving locally.
- Support V1 and V2 Docker API versions
Actions
Implement option to serve local content
Implement option to send Docker files directly from local paths instead of creating a HTTP redirects. The local paths can be created by a Pulp Docker web distributor or by a rsync distributor.
Example crane.conf:
closes #3857 https://pulp.plan.io/issues/3857