Support https-sourced repositories, but prevent from replicating on stratum 1

Description

Some repositories such as cms.osgstorage.org require https for even the metadata.  They  need to be able to have their whitelists signed on oasis, but they should not be replicated on oasis-replica (or the FNAL or UNL stratum 1s).  Currently add_osg_repository does not support https at all.  Beginning with the September 12 oasis update, add_osg_repository is automatically called on both oasis and oasis-replica based on the url registered in OIM.  An http address might be good enough for adding the repository on oasis because the .cvmfs* files don't need to be protected, but if we stayed with registering that address in OIM we wouldn't have a way to prevent adding it on oasis-replica.  One possible solution is to switch to registering https addresses in OIM, and make add_osg_repository support https on oasis and do nothing on oasis-replica.  Another possibility is to add another field in OIM for this case.

Freshdesk Tickets

None

Activity

Show:
Dave Dykstra
August 31, 2017, 3:57 PM

Currently the workaround for this issue is to temporarily put the http address in OIM until it is added on oasis, then remove it from OIM and also manually remove the repository from oasis-replica (step 5 of the shutdown procedure).

Assignee

Dave Dykstra

Reporter

Dave Dykstra

Labels

None

Planned Start

None

Gantt Options

None

Planned End

None

PercentDone

None

DueTime

None

Priority

Minor
Configure