Project

General

Profile

Bug #28696

Updated by Justin Sherrill 9 months ago

The following configuration needs to occur Currently the pulp3_content_url set in order for katello /etc/foreman-proxy/settings.d/pulp3.yml points to properly connect https://HOSTNAME/pulp/contnet/

but the intent was
to point to the content app serving a docker registry:

<pre>
<Location /pulpcore_registry/v2/>
SSLRequire %{SSL_CLIENT_S_DN_CN} eq "admin"
</Location>

ProxyPass /pulpcore_registry/v2/ http://127.0.0.1:24816/v2/
ProxyPassReverse /pulpcore_registry/v2 http://127.0.0.1:24816/v2
</pre>

Note,
hostname/port that this requires this PR to actually work in its available at internally. This allows katello https://github.com/Katello/katello/pull/8499

The idea behind this change is that katello will use its own pulp client certs
to authenticate with the /pulpcore_registry/ endpoint which will require a signed cert with a CN of 'admin'. It will then proxy the request through registry requests to the pulp content app app.

So for example, we currently expect it to point to http://localhost:24816/

Back