mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilbert Song <songzihao1...@gmail.com>
Subject Re: Review Request 54537: Support 'Basic' auth docker registry on Unified Containerizer.
Date Thu, 02 Feb 2017 00:44:20 GMT


> On Feb. 1, 2017, 9:51 a.m., Jie Yu wrote:
> > src/uri/fetchers/docker.cpp, lines 470-514
> > <https://reviews.apache.org/r/54537/diff/3/?file=1619966#file1619966line470>
> >
> >     In fact, a second thought on this. Should we rename `getAuthToken` to `getAuthHeader`
and put all the logic of generating the auth header in that function? In that way, you don't
need to implement the same logic multiple times.

Great idea. It simplify the logic.


> On Feb. 1, 2017, 9:51 a.m., Jie Yu wrote:
> > src/uri/fetchers/docker.cpp, lines 483-493
> > <https://reviews.apache.org/r/54537/diff/3/?file=1619966#file1619966line483>
> >
> >     I saw this several places. Is there a way to factor out this into a helper:
> >     ```
> >     Option<string> getAuthFromConfig(const URI& uri);
> >     ```

Not doing that for now since it only exist in `getAuthHeader()` and we need to do differently
for `Basic` auth and `Bearer` auth.


- Gilbert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54537/#review163759
-----------------------------------------------------------


On Feb. 1, 2017, 4:42 p.m., Gilbert Song wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/54537/
> -----------------------------------------------------------
> 
> (Updated Feb. 1, 2017, 4:42 p.m.)
> 
> 
> Review request for mesos, Avinash sridharan, Artem Harutyunyan, Jie Yu, Shuai Lin, and
Timothy Chen.
> 
> 
> Bugs: MESOS-6758
>     https://issues.apache.org/jira/browse/MESOS-6758
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch implements the support for 'Basic' docker registry
> authorization. It is tested by a local authenticated private
> registry using 'localhost:443/alpine' docker image.
> Please note that the AWS ECS uses Basic authorization but it
> does not work yet due to the redirect issue MESOS-5172.
> 
> 
> Diffs
> -----
> 
>   src/uri/fetchers/docker.cpp 5dd7b91a5302067ce150bd632a05eccaf424a8a8 
> 
> Diff: https://reviews.apache.org/r/54537/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> Tested with local authenticated registry. Please follow the steps below:
> 
> 1. Start a local private registry and push an image to it.
> ```
> docker run -d -p 443:5000 --restart=always --name registry \
>   -v `pwd`/auth:/auth \
>   -e "REGISTRY_AUTH=htpasswd" \
>   -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
>   -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
>   -v `pwd`/certs:/certs \
>   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost.crt \
>   -e REGISTRY_HTTP_TLS_KEY=/certs/localhost.key \
>   registry:2
> ```
> (*Note: need to generate TLS certificate file and key first)
> 
> Then, push an image to the registry.
> ```
> docker push localhost:443/alpine
> ```
> 
> 2. Use `mesos-execute` to test the `localhost:443/alpine` image.
> (*Note: need to configure the curl using the curl's default RC file), e.g., in `~/.curlrc`
file:
> cacert = "/path/to/cacert.pem"
> 
> 
> Thanks,
> 
> Gilbert Song
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message