Project

General

Profile

CapsuleCommunication » History » Revision 8

Revision 7 (Eric Helms, 10/29/2014 08:51 AM) → Revision 8/18 (Eric Helms, 10/29/2014 08:53 AM)

h1. Capsule - Server Communication via Proxy 

 All inbound and outbound Capsule communication should be routable through a proxy. This is the case where a Capsule cannot directly route it’s traffic to the server nor can the server directly reach the Capsule. If we allow only proxying Capsule content syncing from the Foreman/Katello and a user locks down a Capsule’s HTTP traffic, this could break other functionality of the Capsule    See diagram below. 

 h3. Related BZs: 
 https://bugzilla.redhat.com/show_bug.cgi?id=1114083 

 !http://projects.theforeman.org/attachments/download/999/capsule_server_proxy.png! !http://projects.theforeman.org/attachments/download/998/Capsule%20-%20Server%20Proxy%20(1).png! 


 h3. Capsule to Server 

 * Pulp node syncing content from the server 
 * Puppet master reporting 
 * Qpid traffic (if client communication is routed through the Capsule) 
 * Sub-man traffic being routed via reverse-proxy to the Capsule 

 h3. Server to Capsule 

 * Initial creation and discovery of the Capsule 
 * Feature refresh of the Capsule 
 * Qpid traffic (if client communication is routed through the Capsule) 

 h3. Requirements 

 # Capsules should support individual proxy configurations server side 
 # Capsule puppet masters should support routing traffic through an HTTP proxy 
 # Qpid should support routing traffic through a proxy on the Server or Capsule 
 # Capsule reverse proxy should support routing through an external HTTP proxy