Freeze break request: Use varnish for mirrormanager2 publiclist

[Patrick Uiterwijk]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Any +1s for the below patch?

As noted in the commit message, this is mostly preferred
after a new release is made (or the change in PR#80 is
hotfixed), though it will work perfectly without, just
confuse the user slightly, because whenever they're in
/mirrors, they will always see like being logged out.
This is currently already live in stg.


commit e1a85426b83739e46c1e4f59e3b962738d0cbc24
Author: Patrick Uiterwijk <puiterwijk at redhat.com>
Date:   Tue May 19 16:32:38 2015 +0000

    Use varnish for mirrormanager2 publiclist
    
    This change makes us use varnish for the mm2 publiclist
    and configures varnish to ignore cookies on the /mirrors
    subpath.
    The cookie ignore is only valid after the master-noauth
    Pull Request #80 is merged, as that hides all authed
    information from the publiclist pages.
    
    Signed-off-by: Patrick Uiterwijk <puiterwijk at redhat.com>

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index a55472f..904428a 100644
- --- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -216,15 +216,6 @@
     proxyurl: http://localhost:10009
 
   - role: httpd/reverseproxy
- -    when: env != "staging"
- -    website: admin.fedoraproject.org
- -    destname: mirrormanager
- -    remotepath: /mirrormanager
- -    localpath: /mirrormanager
- -    proxyurl: http://localhost:10008
- -
- -  - role: httpd/reverseproxy
- -    when: env == "staging"
     website: admin.fedoraproject.org
     destname: mirrormanager
     remotepath: /mirrormanager
diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl
index 37ca3da..ed8333b 100644
- --- a/roles/varnish/files/proxy.vcl
+++ b/roles/varnish/files/proxy.vcl
@@ -187,6 +187,10 @@ sub vcl_recv {
             unset req.http.cookie;
             set req.url = regsub(req.url, "\?.*", "");
         }
+        if (req.url ~ "^/mirrormanager/mirrors") {
+            unset req.http.cookie;
+            set req.url = regsub(req.url, "\?.*", "");
+        }
     }
     if (req.url ~ "^/mirrormanager2/") {
         set req.backend_hint = mirrormanager2;
@@ -299,3 +303,13 @@ sub vcl_recv {
 #        unset beresp.http.set-cookie;
 #    }
 #}
+
+
+# Make sure mirrormanager/mirrors doesn't set any cookies
+# (Setting cookies would make varnish store a HIT-FOR-PASS
+#  making it always fetch from backend)
+sub vcl_backend_response {
+    if (bereq.url ~ "^/mirrormanager/mirrors") {
+        unset beresp.http.set-cookie;
+    }
+}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVW2deAAoJEIZXmA2atR5QX58QAIyOKoRCasd7lWxkpHg8vlvr
emasDLQ6+bG8UwERMU0Xbk85njzzAWBsUG6wbQKPkJRE+fHtoA2ZFOxrXD4o/ioF
Uv+w6EwG8peltm3l/s9NOLxgzKOZoS/lULhfGshjxQVYXFcyexkNM5W82TyE7D9i
51wQ6pqcLiXeiWyzJGAA/MIA6zAm32bt+TAu7rq0uQSFcbKShhx9A6IHPlKRuELX
U9ORY6Nh5HYqwE+FEkq5kQKkpiFMrohpffLBea4Q5urAxozb1uE1Nj4W5dP8b41H
ZCPr3pbyFZEENJCC4MJ3wfhY7t4wMKUOEjyoEGte2l+rNT8mwchx/TMajOms803v
/wTwG6Q4gbkaPbbxxEgjX9cNfzrvsahZE3n3oJm5ul55pVpMxBDqO6nBPfK1qqoi
cVAurKTta6R6l7CIQC+t4BKFx3O6sfld/8eD4wiigHG0q7e61e5iZudGJkVaAy7m
bz38ZgCHMwTzhjLAu4va0gNZZqhtJqpMnypR1ymbIrmsMi9/kMFh5QhnyI6CbR7r
OY95yNxbAA2SyM7V+Ee9+L5FNd+6aX0jFG8bBZU06o4rZrZEg3BzdnLbNPApZoJs
Q15RWRh9HWyZ8wMAg6u9PthPG4r3GrryksYSQ3s5SuArSvGWejZg9MX1r8wjbryP
YetR6PlqZsGMs1/j55el
=L8bm
-----END PGP SIGNATURE-----