11:39 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Any +1s for the below patch?
As noted in the commit message, this is mostly preferred
after a new release is made (or the change in PR#80 is
hotfixed), though it will work perfectly without, just
confuse the user slightly, because whenever they're in
/mirrors, they will always see like being logged out.
This is currently already live in stg.
commit e1a85426b83739e46c1e4f59e3b962738d0cbc24
Author: Patrick Uiterwijk <puiterwijk(a)redhat.com>
Date: Tue May 19 16:32:38 2015 +0000
Use varnish for mirrormanager2 publiclist
This change makes us use varnish for the mm2 publiclist
and configures varnish to ignore cookies on the /mirrors
subpath.
The cookie ignore is only valid after the master-noauth
Pull Request #80 is merged, as that hides all authed
information from the publiclist pages.
Signed-off-by: Patrick Uiterwijk <puiterwijk(a)redhat.com>
diff --git a/playbooks/include/proxies-reverseproxy.yml
b/playbooks/include/proxies-reverseproxy.yml
index a55472f..904428a 100644
- --- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -216,15 +216,6 @@
proxyurl: http://localhost:10009
- role: httpd/reverseproxy
- - when: env != "staging"
- - website: admin.fedoraproject.org
- - destname: mirrormanager
- - remotepath: /mirrormanager
- - localpath: /mirrormanager
- - proxyurl: http://localhost:10008
- -
- - - role: httpd/reverseproxy
- - when: env == "staging"
website: admin.fedoraproject.org
destname: mirrormanager
remotepath: /mirrormanager
diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl
index 37ca3da..ed8333b 100644
- --- a/roles/varnish/files/proxy.vcl
+++ b/roles/varnish/files/proxy.vcl
@@ -187,6 +187,10 @@ sub vcl_recv {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
+ if (req.url ~ "^/mirrormanager/mirrors") {
+ unset req.http.cookie;
+ set req.url = regsub(req.url, "\?.*", "");
+ }
}
if (req.url ~ "^/mirrormanager2/") {
set req.backend_hint = mirrormanager2;
@@ -299,3 +303,13 @@ sub vcl_recv {
# unset beresp.http.set-cookie;
# }
#}
+
+
+# Make sure mirrormanager/mirrors doesn't set any cookies
+# (Setting cookies would make varnish store a HIT-FOR-PASS
+# making it always fetch from backend)
+sub vcl_backend_response {
+ if (bereq.url ~ "^/mirrormanager/mirrors") {
+ unset beresp.http.set-cookie;
+ }
+}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVW2deAAoJEIZXmA2atR5QX58QAIyOKoRCasd7lWxkpHg8vlvr
emasDLQ6+bG8UwERMU0Xbk85njzzAWBsUG6wbQKPkJRE+fHtoA2ZFOxrXD4o/ioF
Uv+w6EwG8peltm3l/s9NOLxgzKOZoS/lULhfGshjxQVYXFcyexkNM5W82TyE7D9i
51wQ6pqcLiXeiWyzJGAA/MIA6zAm32bt+TAu7rq0uQSFcbKShhx9A6IHPlKRuELX
U9ORY6Nh5HYqwE+FEkq5kQKkpiFMrohpffLBea4Q5urAxozb1uE1Nj4W5dP8b41H
ZCPr3pbyFZEENJCC4MJ3wfhY7t4wMKUOEjyoEGte2l+rNT8mwchx/TMajOms803v
/wTwG6Q4gbkaPbbxxEgjX9cNfzrvsahZE3n3oJm5ul55pVpMxBDqO6nBPfK1qqoi
cVAurKTta6R6l7CIQC+t4BKFx3O6sfld/8eD4wiigHG0q7e61e5iZudGJkVaAy7m
bz38ZgCHMwTzhjLAu4va0gNZZqhtJqpMnypR1ymbIrmsMi9/kMFh5QhnyI6CbR7r
OY95yNxbAA2SyM7V+Ee9+L5FNd+6aX0jFG8bBZU06o4rZrZEg3BzdnLbNPApZoJs
Q15RWRh9HWyZ8wMAg6u9PthPG4r3GrryksYSQ3s5SuArSvGWejZg9MX1r8wjbryP
YetR6PlqZsGMs1/j55el
=L8bm
-----END PGP SIGNATURE-----
4:26 a.m.
On Tue, May 19, 2015 at 06:39:58PM +0200, Patrick Uiterwijk wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Any +1s for the below patch?
As noted in the commit message, this is mostly preferred
after a new release is made (or the change in PR#80 is
hotfixed), though it will work perfectly without, just
confuse the user slightly, because whenever they're in
/mirrors, they will always see like being logged out.
This is currently already live in stg.
+1 for me for the changes below.
This does not include the fedmsg-based clearing of the cache though, does it?
So how long would the cache be stored now?
Pierre
commit e1a85426b83739e46c1e4f59e3b962738d0cbc24
Author: Patrick Uiterwijk <puiterwijk(a)redhat.com>
Date: Tue May 19 16:32:38 2015 +0000
Use varnish for mirrormanager2 publiclist
This change makes us use varnish for the mm2 publiclist
and configures varnish to ignore cookies on the /mirrors
subpath.
The cookie ignore is only valid after the master-noauth
Pull Request #80 is merged, as that hides all authed
information from the publiclist pages.
Signed-off-by: Patrick Uiterwijk <puiterwijk(a)redhat.com>
diff --git a/playbooks/include/proxies-reverseproxy.yml
b/playbooks/include/proxies-reverseproxy.yml
index a55472f..904428a 100644
- --- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -216,15 +216,6 @@
proxyurl: http://localhost:10009
- role: httpd/reverseproxy
- - when: env != "staging"
- - website: admin.fedoraproject.org
- - destname: mirrormanager
- - remotepath: /mirrormanager
- - localpath: /mirrormanager
- - proxyurl: http://localhost:10008
- -
- - - role: httpd/reverseproxy
- - when: env == "staging"
website: admin.fedoraproject.org
destname: mirrormanager
remotepath: /mirrormanager
diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl
index 37ca3da..ed8333b 100644
- --- a/roles/varnish/files/proxy.vcl
+++ b/roles/varnish/files/proxy.vcl
@@ -187,6 +187,10 @@ sub vcl_recv {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
+ if (req.url ~ "^/mirrormanager/mirrors") {
+ unset req.http.cookie;
+ set req.url = regsub(req.url, "\?.*", "");
+ }
}
if (req.url ~ "^/mirrormanager2/") {
set req.backend_hint = mirrormanager2;
@@ -299,3 +303,13 @@ sub vcl_recv {
# unset beresp.http.set-cookie;
# }
#}
+
+
+# Make sure mirrormanager/mirrors doesn't set any cookies
+# (Setting cookies would make varnish store a HIT-FOR-PASS
+# making it always fetch from backend)
+sub vcl_backend_response {
+ if (bereq.url ~ "^/mirrormanager/mirrors") {
+ unset beresp.http.set-cookie;
+ }
+}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVW2deAAoJEIZXmA2atR5QX58QAIyOKoRCasd7lWxkpHg8vlvr
emasDLQ6+bG8UwERMU0Xbk85njzzAWBsUG6wbQKPkJRE+fHtoA2ZFOxrXD4o/ioF
Uv+w6EwG8peltm3l/s9NOLxgzKOZoS/lULhfGshjxQVYXFcyexkNM5W82TyE7D9i
51wQ6pqcLiXeiWyzJGAA/MIA6zAm32bt+TAu7rq0uQSFcbKShhx9A6IHPlKRuELX
U9ORY6Nh5HYqwE+FEkq5kQKkpiFMrohpffLBea4Q5urAxozb1uE1Nj4W5dP8b41H
ZCPr3pbyFZEENJCC4MJ3wfhY7t4wMKUOEjyoEGte2l+rNT8mwchx/TMajOms803v
/wTwG6Q4gbkaPbbxxEgjX9cNfzrvsahZE3n3oJm5ul55pVpMxBDqO6nBPfK1qqoi
cVAurKTta6R6l7CIQC+t4BKFx3O6sfld/8eD4wiigHG0q7e61e5iZudGJkVaAy7m
bz38ZgCHMwTzhjLAu4va0gNZZqhtJqpMnypR1ymbIrmsMi9/kMFh5QhnyI6CbR7r
OY95yNxbAA2SyM7V+Ee9+L5FNd+6aX0jFG8bBZU06o4rZrZEg3BzdnLbNPApZoJs
Q15RWRh9HWyZ8wMAg6u9PthPG4r3GrryksYSQ3s5SuArSvGWejZg9MX1r8wjbryP
YetR6PlqZsGMs1/j55el
=L8bm
-----END PGP SIGNATURE-----
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
5:10 a.m.
Currently, the cache is stored for up to 120 seconds.
I will submit a patch to add the regen script and bump the cache TTL when I ported the
script.
With kind regards,
Patrick Uiterwijk
Fedora Infra
----- Original Message -----
+1 for me for the changes below.
This does not include the fedmsg-based clearing of the cache though, does it?
So how long would the cache be stored now?
Pierre
3257
days inactive
3258
days old
infrastructure@lists.fedoraproject.org
3 comments
3 participants
participants (3)
-
Kevin Fenzi -
Patrick Uiterwijk -
Pierre-Yves Chibon