You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Chris Shellenbarger <ch...@chenpo.io> on 2017/04/23 04:27:43 UTC
CloudRepo - A Cloud Based Artifact Repository
Hi everyone,
As this is the Maven Users ML, I thought it was appropriate to share a
new, 100% cloud based, Artifact Repository that we've launched at
www.cloudrepo.io . As long time Maven users, we wanted something that was
fully managed and that we wouldn't have to maintain. So, we built
CloudRepo for our own use and then decided to open it up for others to use.
I feel that a Cloud Based Artifact Repository can really make it easier for
Maven users to host their own private repos and further the adoption of
Maven itself, especially in small organizations that are just getting
started and who can't afford the time to operate their own servers.
I'd also like to solicit feedback from any member of this ML, since you are
our target audience. As a thanks, I'd also like to offer any member of
this ML an extended trial of 60 days - that way you can have plenty of time
to kick the tires and see if it works for you (and hopefully let us know
what we need to add). Once you sign up, just email me directly at
chris@cloudrepo.io with your account info and I'll make it happen.
Thanks,
Chris Shellenbarger
Founder - CloudRepo
Re: CloudRepo - A Cloud Based Artifact Repository
Posted by Chris Shellenbarger <ch...@chenpo.io>.
Thank you very much for taking the time to share your thoughts with me,
Sander - I greatly appreciate it.
You’re definitely spot on with the obstacles that lie ahead for us,
especially being the new product on the block. Nexus and Artifactory do
offer support for many different types of Artifacts and so they appeal to a
much broader audience. Our plan is to continue to grow the types of
artifacts we support (I think NPM will be next), but we chose Maven as our
first because it’s something we’re intimately familiar with as we’ve have
to stand up and maintain several different installations of Nexus
throughout our careers.
We also do have the ‘new car smell’, if you will - people are right to be
wary about where they place their artifacts and it’s something we take very
seriously. I think this is why Nexus and Artifactory continue to offer
primarily an on-prem solution (Artifactory’s cloud offering is just managed
VMs and it’s hard unclear what Nexus’ offering is). Thank you for
reiterating this valuable insight to me as it means I need to think more on
how to better address this problem and get that message across through our
website.
So, for the stuff that you’ll like, open source, there is one thing that we
have on the roadmap, assuming we start working with cross geo teams:
Since our service is built on S3, we currently stream traffic through our
servers and back to the Maven clients. This creates load on our servers
but at the same time forces clients to have to pay latency costs to reach
their artifacts (so someone in Asia trying to use CloudRepo which is
currently in California). To solve this, we can leverage S3’s cross-geo
replication features and mirror the repositories in an Asian region.
Ideally, CloudRepo would perform authentication and authorization of
requests and then redirect clients to an S3 endpoint with a temporary,
signed URL that can pull the artifact. Then the client could pull directly
from S3 which will avoid any bottlenecks through our servers.
The current Maven client is able to follow redirects, but the problem (in
our experience) is that it seems to use the same method of Auth for when it
follows. S3 doesn’t like it if you send the Authorization header on a
signed URL and so we’d have to make a Maven Wagon or some sort to handle
this scenario a little better. This is something we’d definitely open
source because it’s on the client side and we’d hope it was useful to
people.
In addition, some other Wagons that might be useful to our customers in
the future:
- A Wagon that encrypts and decrypts artifacts on the client side (to
directly address the ‘crown jewels’ problem).
- Various Auth Providers - If a customer wants to leverage their own
Auth (i.e. LDAP, AAD, OpenId, etc) and ones don’t exist.
Right now I think we’d open source anything that we release to run on the
client side. Hopefully, they’d add benefit for all Maven users and not
just our customers (the encryption one seems like it could have global
utility, the challenge is manage the secrets you encrypt with).
Anyway, thanks again for your feedback. If you do ever decide you need a
private repository for your own needs, please do get in touch with me and
I’ll set you up with a complimentary account to show my appreciation.
Have a great day,
Chris
On Sat, Apr 22, 2017 at 11:58 PM, Sander Verhagen <sander@sanderverhagen.net
> wrote:
> This is exciting, but also scary (for you, I'm sure).
>
> Here's some feedback. I think this is very much a niche, particularly
> compared to Artifactory who aren't limited to just Maven artifacts. (And
> didn't Nexus now support Docker repositories too?) If I were shopping for a
> repository now (having been in that position before) I'd be suspicious for
> someone offering this "from scratch" as you are. I remember the growing
> pains of particularly Artifactory, and they weren't pretty. Why would I
> want to go through that with a new party again? Just for the few bucks a
> month it's saving me?
>
> At this point I'd feel more comfortable buying into a cloud offering of
> Nexus, to compete with the existing cloud offering of Artifactory. My
> employer couldn't agree with the cloud-based Artifactory either, since they
> didn't provide much paperwork on security and compliance. Since a
> cloud-based repository will be handling companies' crown jewels, you might
> want to brace yourself for that, as your website is still a little sparse
> on any of that (understandably).
>
> Will any of your product be open source, because we... well... would
> really like that :)
>
> Still... exciting.
>
>
>
> Sander Verhagen
> [ sander@sanderverhagen.net ]
>
> NOTICE: my e-mail address has changed. Please remove Verhagen@Sander.com
> now and start using Sander@SanderVerhagen.net from now on. Please update
> your address book. Thank you!
>
> -----Original Message-----
> From: Chris Shellenbarger [mailto:chris@chenpo.io]
> Sent: Saturday, April 22, 2017 21:28
> To: users@maven.apache.org
> Subject: CloudRepo - A Cloud Based Artifact Repository
>
> Hi everyone,
>
> As this is the Maven Users ML, I thought it was appropriate to share a
> new, 100% cloud based, Artifact Repository that we've launched at
> www.cloudrepo.io . As long time Maven users, we wanted something that was
> fully managed and that we wouldn't have to maintain. So, we built
> CloudRepo for our own use and then decided to open it up for others to use.
>
> I feel that a Cloud Based Artifact Repository can really make it easier
> for Maven users to host their own private repos and further the adoption of
> Maven itself, especially in small organizations that are just getting
> started and who can't afford the time to operate their own servers.
>
> I'd also like to solicit feedback from any member of this ML, since you
> are our target audience. As a thanks, I'd also like to offer any member of
> this ML an extended trial of 60 days - that way you can have plenty of time
> to kick the tires and see if it works for you (and hopefully let us know
> what we need to add). Once you sign up, just email me directly at
> chris@cloudrepo.io with your account info and I'll make it happen.
>
> Thanks,
> Chris Shellenbarger
> Founder - CloudRepo
>
RE: CloudRepo - A Cloud Based Artifact Repository
Posted by Sander Verhagen <sa...@sanderverhagen.net>.
This is exciting, but also scary (for you, I'm sure).
Here's some feedback. I think this is very much a niche, particularly compared to Artifactory who aren't limited to just Maven artifacts. (And didn't Nexus now support Docker repositories too?) If I were shopping for a repository now (having been in that position before) I'd be suspicious for someone offering this "from scratch" as you are. I remember the growing pains of particularly Artifactory, and they weren't pretty. Why would I want to go through that with a new party again? Just for the few bucks a month it's saving me?
At this point I'd feel more comfortable buying into a cloud offering of Nexus, to compete with the existing cloud offering of Artifactory. My employer couldn't agree with the cloud-based Artifactory either, since they didn't provide much paperwork on security and compliance. Since a cloud-based repository will be handling companies' crown jewels, you might want to brace yourself for that, as your website is still a little sparse on any of that (understandably).
Will any of your product be open source, because we... well... would really like that :)
Still... exciting.
Sander Verhagen
[ sander@sanderverhagen.net ]
NOTICE: my e-mail address has changed. Please remove Verhagen@Sander.com now and start using Sander@SanderVerhagen.net from now on. Please update your address book. Thank you!
-----Original Message-----
From: Chris Shellenbarger [mailto:chris@chenpo.io]
Sent: Saturday, April 22, 2017 21:28
To: users@maven.apache.org
Subject: CloudRepo - A Cloud Based Artifact Repository
Hi everyone,
As this is the Maven Users ML, I thought it was appropriate to share a new, 100% cloud based, Artifact Repository that we've launched at www.cloudrepo.io . As long time Maven users, we wanted something that was fully managed and that we wouldn't have to maintain. So, we built CloudRepo for our own use and then decided to open it up for others to use.
I feel that a Cloud Based Artifact Repository can really make it easier for Maven users to host their own private repos and further the adoption of Maven itself, especially in small organizations that are just getting started and who can't afford the time to operate their own servers.
I'd also like to solicit feedback from any member of this ML, since you are our target audience. As a thanks, I'd also like to offer any member of this ML an extended trial of 60 days - that way you can have plenty of time to kick the tires and see if it works for you (and hopefully let us know what we need to add). Once you sign up, just email me directly at chris@cloudrepo.io with your account info and I'll make it happen.
Thanks,
Chris Shellenbarger
Founder - CloudRepo