Project

General

Profile

CapsuleCommunication » History » Version 11

Eric Helms, 10/29/2014 08:54 AM

1 1 Eric Helms
h1. Capsule - Server Communication via Proxy
2
3
All inbound and outbound Capsule communication should be routable through a proxy. This is the case where a Capsule cannot directly route it’s traffic to the server nor can the server directly reach the Capsule. If we allow only proxying Capsule content syncing from the Foreman/Katello and a user locks down a Capsule’s HTTP traffic, this could break other functionality of the Capsule  See diagram below.
4
5 2 Eric Helms
h3. Related BZs:
6 1 Eric Helms
https://bugzilla.redhat.com/show_bug.cgi?id=1114083
7
8 11 Eric Helms
!{width: 80%, height: 50%}http://projects.theforeman.org/attachments/download/999/capsule_server_proxy.png!
9 1 Eric Helms
10
11
h3. Capsule to Server
12
13
* Pulp node syncing content from the server
14
* Puppet master reporting
15
* Qpid traffic (if client communication is routed through the Capsule)
16
* Sub-man traffic being routed via reverse-proxy to the Capsule
17
18
h3. Server to Capsule
19
20
* Initial creation and discovery of the Capsule
21
* Feature refresh of the Capsule
22
* Qpid traffic (if client communication is routed through the Capsule)
23
24
h3. Requirements
25
26
# Capsules should support individual proxy configurations server side
27
# Capsule puppet masters should support routing traffic through an HTTP proxy
28
# Qpid should support routing traffic through a proxy on the Server or Capsule
29
# Capsule reverse proxy should support routing through an external HTTP proxy