mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 54537: Support 'Basic' auth docker registry on Unified Containerizer.
Date Thu, 02 Feb 2017 04:40:11 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54537/#review163920
-----------------------------------------------------------




src/uri/fetchers/docker.cpp (line 620)
<https://reviews.apache.org/r/54537/#comment235436>

    Why you need this?



src/uri/fetchers/docker.cpp (line 763)
<https://reviews.apache.org/r/54537/#comment235435>

    s/type/scheme/



src/uri/fetchers/docker.cpp (lines 562 - 569)
<https://reviews.apache.org/r/54537/#comment235452>

    That makes me feel that we should just use `http::Headers` rather than `Option<http::Headers>`.
Also, rename it to authHeaders given the type is http::Headers.



src/uri/fetchers/docker.cpp (line 577)
<https://reviews.apache.org/r/54537/#comment235451>

    Update this? can you do a sweep to fix all the comments?



src/uri/fetchers/docker.cpp (line 580)
<https://reviews.apache.org/r/54537/#comment235453>

    here, check authHeaders.empty()



src/uri/fetchers/docker.cpp (line 738)
<https://reviews.apache.org/r/54537/#comment235455>

    you're capturing 'this'? Instead, can you make getAuthHeaderBearer a static method (or
even a helper static to this file).


- Jie Yu


On Feb. 2, 2017, 1:48 a.m., Gilbert Song wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/54537/
> -----------------------------------------------------------
> 
> (Updated Feb. 2, 2017, 1:48 a.m.)
> 
> 
> Review request for mesos, Avinash sridharan, Artem Harutyunyan, Jie Yu, Shuai Lin, and
Timothy Chen.
> 
> 
> Bugs: MESOS-6758
>     https://issues.apache.org/jira/browse/MESOS-6758
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch implements the support for 'Basic' docker registry
> authorization. It is tested by a local authenticated private
> registry using 'localhost:443/alpine' docker image.
> Please note that the AWS ECS uses Basic authorization but it
> does not work yet due to the redirect issue MESOS-5172.
> 
> 
> Diffs
> -----
> 
>   src/uri/fetchers/docker.cpp 5dd7b91a5302067ce150bd632a05eccaf424a8a8 
> 
> Diff: https://reviews.apache.org/r/54537/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> Tested with local authenticated registry. Please follow the steps below:
> 
> 1. Start a local private registry and push an image to it.
> ```
> docker run -d -p 443:5000 --restart=always --name registry \
>   -v `pwd`/auth:/auth \
>   -e "REGISTRY_AUTH=htpasswd" \
>   -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
>   -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
>   -v `pwd`/certs:/certs \
>   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/localhost.crt \
>   -e REGISTRY_HTTP_TLS_KEY=/certs/localhost.key \
>   registry:2
> ```
> (*Note: need to generate TLS certificate file and key first)
> 
> Then, push an image to the registry.
> ```
> docker push localhost:443/alpine
> ```
> 
> 2. Use `mesos-execute` to test the `localhost:443/alpine` image.
> (*Note: need to configure the curl using the curl's default RC file), e.g., in `~/.curlrc`
file:
> cacert = "/path/to/cacert.pem"
> 
> 
> Thanks,
> 
> Gilbert Song
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message