Add loadbalancer support #46
Conversation
ehelms
force-pushed
the
add-loadbalancer-support
branch
from
90e290b to
68e9286
Compare
Signed-off-by: Eric D. Helms <[email protected]>
ehelms
force-pushed
the
add-loadbalancer-support
branch
from
68e9286 to
1b02464
Compare
|
I'm trying to capture our offline discussion here. Essentially the problem is that we have a control plane (Foreman <-> Foreman Proxy/Pulp) and a user facing endpoint (User -> Pulp). It was designed that there was just a single URL, which is a false assumption. I'd like to have a more generic naming: load balancer implies a certain implementation, but the specific implementation actually wasn't behind a load balancer. Instead it was in an Amazon VPC so it was closer to multi homing. There was also a thought to reuse settings from smart_proxy_pulp but that currently doesn't have the split either so it wouldn't help. |
| @@ -41,7 +41,7 @@ class Plugin < ::Proxy::Plugin | |||
| container_instance.singleton_dependency :container_gateway_main_impl, (lambda do | |||
| Proxy::ContainerGateway::ContainerGatewayMain.new( | |||
| database: container_instance.get_dependency(:database_impl), | |||
| **settings.slice(:pulp_endpoint, :pulp_client_ssl_ca, :pulp_client_ssl_cert, :pulp_client_ssl_key) | |||
| **settings.slice(:pulp_endpoint, :pulp_client_ssl_ca, :pulp_client_ssl_cert, :pulp_client_ssl_key, :loadbalancer) | |||
There was a problem hiding this comment.
Since the config option naming came up:
| **settings.slice(:pulp_endpoint, :pulp_client_ssl_ca, :pulp_client_ssl_cert, :pulp_client_ssl_key, :loadbalancer) | |
| **settings.slice(:pulp_endpoint, :pulp_client_ssl_ca, :pulp_client_ssl_cert, :pulp_client_ssl_key, :client_content_endpoint) |
This configurable option determines where we redirect the client to to get their requested content. So, I propose that the generic name be client_content_endpoint.
There was a problem hiding this comment.
If that's too generic we could do something like container_content_endpoint. Or maybe container_delivery_endpoint?
@ekohl this makes it sound like the current approach is generally accepted with some small modifications. If that's the case, I was thinking of creating a community post soon with the plan here for visibility and comments. |
The pattern exists in multiple places. In the Smart Proxy we have the templates URL, but also the registration URL. There it exists for similar reasons (control plane + client facing URL). It would be nice if we could somehow standardize it so there's less configuration required but until then ... |
|
From some outside chats, it sounds like I'm going to take this PR over from here. |
Are you thinking a core smart_proxy settings value that represent the client facing URL that plugins can then use? |
|
I would be tempted to. This particular case feels a bit more tricky because it's the Pulp URL, not Smart Proxy |
|
The current state of the art is that we define a client_facing_servername built from the (registration_url)[https://github.com/theforeman/puppet-foreman_proxy/blob/48fc520f2cd5a4e14908293d9e72a8154c79a9cd/manifests/module/registration.pp#L15] So we are saying currently, if you want to set a loadbalancer, or a VPC, set the registration URL and then everything else will inherit this indirectly to configure client facing settings to the loadbalancer. That could be good enough reason to define a smart_proxy setting that is |
Is it safe to say then that this new If the new setting is something generic like If that is the case, then we could:
Hopefully it's okay to assume that users have |
|
@ekohl Based on these latest comments, what is your opinion on where the setting should live? |
|
@ianballou let's just go with a local setting for now, we can re-think it in the future if a core setting that is useful comes along |
When deploying the container gateway behind a load-balancer, the client is given a redirect to the location of the container image as reported by Pulp. This location known by Pulp contains the URL of the smart-proxy and has no knowledge of the load-balancer to send a proper redirect.
This changes introduces a new setting to specification of a loadbalancer when one is in use. If this is provided then the redirect will use that value to calculate the right URL to send back to the client for it to fetch manifests and blobs.
Could we have just used the existing
pulp_endpointsetting? No. That setting is used by the container gateway itself to make requests to Pulp and if we set it to the load-balancer than all "internal" requests would route all the way out to and back through the load-balancer unnecessarily.There is some duplicated code between the manifest endpoint and blob handling I intend to look at re-factoring.
The puppet class handling the container gateway, https://github.com/theforeman/puppet-foreman_proxy/blob/master/manifests/plugin/container_gateway.pp, would need to set this using the
foreman_proxy::registration_urlthat we currently have users set when using a loadbalancer.