[Pulp-list] Pulp 2: Docker rsync distributors & Crane

[Simon Baatz]

We looked into Pulp's Docker support recently and ran into surprising
problems.

Our setup is probably not the usual Pulp & Crane setup: We have
detached content servers to which Pulp pushes yum and iso repositories
using rsync distributors. The content servers are static web servers
that make the repos available to clients.

We planned to run Crane directly on the content servers using the new
URL rewriting feature (we would like to avoid using a full blown Pulp
installation on those servers). However, this does not seem to work
out of the box:

- For rpm and iso repos, the rsync publisher uses the output of the
  web publisher (pre-distributor). In contrast, the docker rsync
  distributor has the web distributor as post-distributor. The
  generated tree on the rsync destination can not be used by Crane as
  the redirect files are missing.

  I understand that it makes sense to have a web post-distributor if
  Crane runs on the Pulp node (or a node with a shared file
  system). But is there a reason why the docker rsync distributor
  does not distribute the redirect files?

- The documentation [0] describes authentication for Crane, but this
  authenticates only the redirects delivered by Crane. When adding
  basic authentication to the actual content, the Docker daemon will
  fail. Apparently, it does not add the credentials when following the
  redirections.

  Is there a way to enable protection for both the redirections and
  content? (I know that crane 3.2.0 supports Akamai CDN tokens, but
  that does not help with a local server.)


[0] https://docs.pulpproject.org/plugins/crane/index.html#user-authentication