Project

General

Profile

Capsule - Server Communication via Proxy

Summary

All inbound and outbound Capsule communication should be routable through a proxy. This is the case where a Capsule cannot directly route it’s traffic to the server nor can the server directly reach the Capsule. If we allow only proxying Capsule content syncing from the Foreman/Katello and a user locks down a Capsule’s HTTP traffic, this could break other functionality of the Capsule See diagram below.

Targeted Release

Foreman 1.7 / Katello 2.1

Targeted Persona

Samuel - System Engineer

Status

Use Cases

Owner - David Caplan
Status - In Progress
Blockers - None

Requirements

Owner - Mike Mccune / David Caplan
Status - In Progress
Blockers - None

Wireframes

Owner - Kyle Baker
Status - Not Started
Blockers - Waiting on User Stories & Requirements
Last updated TBD - --

Development Stories

Owner - Walden Raines
Status - Not Started
Expected Delivery - TBD
Blockers - Waiting on Wireframes

Documentation

Bugs/RFEs

https://bugzilla.redhat.com/show_bug.cgi?id=1114083

Use Cases

Capsule to Server

  • Pulp node syncing content from the server
  • Puppet master reporting
  • Qpid traffic (if client communication is routed through the Capsule)
  • Sub-man traffic being routed via reverse-proxy to the Capsule

Server to Capsule

  • Initial creation and discovery of the Capsule
  • Feature refresh of the Capsule
  • Qpid traffic (if client communication is routed through the Capsule)

Requirements

  1. Capsules should support individual proxy configurations server side
  2. Capsule puppet masters should support routing traffic through an HTTP proxy
  3. Qpid should support routing traffic through a proxy on the Server or Capsule
  4. Capsule reverse proxy should support routing through an external HTTP proxy

Development Stories

--