On 17/01/17 19:11, Karanbir Singh wrote: > On 17/01/17 15:00, Fabian Arrotin wrote: >> On 13/01/17 22:25, Karanbir Singh wrote: >>> hi, >>> >>> the docker-distribution package can act as a smart proxy for docker >>> registries; and having a local cache inside the ci infra would help >>> speed up a lot of the jobs I am working with at the moment there. >>> >>> Do we have the space to host a cache of this nature ? I'd think a 15 to >>> 20 GB of space is all we need. >>> >>> Could we then have dns inside the ci infra use this cache for the >>> dockerhub urls ? >>> >>> Any objections to getting this in ? >>> >>> regards >>> >> >> I'd say it's oable, and we already "override" some DNS records >> internally to redirect to internal node/mirror in the same network >> (known example : mirrorlist.centos.org) >> >> But the only question I have is about the dockerhub urls : are those >> using tcp/443 and so TLS ? if so, that will not work as we can't >> impersonate such server (and thanks to TLS btw). If they are only using >> plain tcp/80 or tcp/5000 , that should work >> > > I think the docker-proxy actually handles this case, is it possible to > test once ? > We can, but that I meant was that it will not be transparent as it it would get it from dockerhub : if one adds the internal "proxy" as "insecure" registry, itself being the docker-distribution proxy that will fetch from "upstream dockerhub" then it will work (afaik). Let me test this -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/ci-users/attachments/20170117/c6faed37/attachment-0005.sig>