Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-31870

Investigate design approaches for access restrictions on capsules for flatpak content

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • 6.18.0
    • None
    • Repositories
    • None
    • False
    • Sprint 147
    • None
    • None
    • None
    • None

      This is an investigation story to understand the problem statement better and design solutions that can then be implemented. 

      Findings:

      1. Enabling cert auth seems to be a viable option to solve multiple problems.
      2. POC on main server with server-ca and consumer certs is able to send these to katello server.
        sajha@localhost:/etc/containers/certs.d$ ls -la centos9-katello-devel2.sajha.example.com/
        total 232
        drwxr-xr-x. 2 root root     64 Mar 26 10:37 .
        drwxr-xr-x. 3 root root     54 Mar 26 10:46 ..
        rw-rr-. 1 root root 229062 Mar 26 10:37 ca-bundle.crt
        rw-rr-. 1 root root   2289 Mar 26 10:31 client.cert
        rw-rr-. 1 root root   3272 Mar 26 10:31 client.key
      3. We'll need updates to katello_registry_proxy to authenticate the client and serve repos available to it.
      4. On the proxy, we'll likely need to start storing hosts and repositories_hosts to identify available repositories.
      5. Cert auth will also allow easier integration with provisioning although that is still in the works and will likely need some work in anaconda. 

              rhn-engineering-sajha Samir Jha
              rhn-engineering-sajha Samir Jha
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: