opendev/system-config
Code Issues Proposed changes

Add registry-1.docker.io to reverse proxy cache

Browse Source 
To use the mirror, you'd create a /etc/docker/daemon.json file:

{
  "registry-mirrors": [
    "http://mirror.dfw.rax.openstack.org:8081/registry-1.docker/"
  ]
}

Obviously using your regional mirror.

We also use port 8081 because we need to ignore Expires headers, and
don't want to affect the rdo proxy.

Change-Id: Iba9a7580a11cdecb6a43a4fef703be2ca62d0539
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2017-04-05 13:58:58 -04:00
parent 724e83b5ef
commit 836cddb2f2
2 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/site.pp
View File

@ -650,7 +650,7 @@ node /^mirror\..*\.openstack\.org$/ {
$group = "mirror" $group = "mirror"
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 8080], iptables_public_tcp_ports => [22, 80, 8080, 8081],
sysadmins => hiera('sysadmins', []), sysadmins => hiera('sysadmins', []),
afs => true, afs => true,
afs_cache_size => 50000000, # 50GB afs_cache_size => 50000000, # 50GB

53
modules/openstack_project/templates/mirror.vhost.erb
View File

@ -8,6 +8,9 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
Listen 8080 Listen 8080
NameVirtualHost <%= @vhost_name %>:8080 NameVirtualHost <%= @vhost_name %>:8080
Listen 8081
NameVirtualHost <%= @vhost_name %>:8081
<VirtualHost <%= @vhost_name %>:<%= @port %>> <VirtualHost <%= @vhost_name %>:<%= @port %>>
ServerName <%= @srvname %> ServerName <%= @srvname %>
<% if @serveraliases.is_a? Array -%> <% if @serveraliases.is_a? Array -%>
@ -99,9 +102,9 @@ NameVirtualHost <%= @vhost_name %>:8080
AllowOverride None AllowOverride None
</Directory> </Directory>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_error.log ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_error.log
LogLevel warn LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_access.log combined CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_access.log combined
ServerSignature Off ServerSignature Off
# Caching reverse proxy for things that don't make sense in AFS # Caching reverse proxy for things that don't make sense in AFS
@ -125,3 +128,49 @@ NameVirtualHost <%= @vhost_name %>:8080
ProxyPass "/rdo/" "https://trunk.rdoproject.org/" ProxyPass "/rdo/" "https://trunk.rdoproject.org/"
ProxyPassReverse "/rdo/" "https://trunk.rdoproject.org/" ProxyPassReverse "/rdo/" "https://trunk.rdoproject.org/"
</VirtualHost> </VirtualHost>
<VirtualHost <%= @vhost_name %>:8081>
ServerName <%= @srvname %>:8081
# Disable directory listing by default.
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_access.log combined
ServerSignature Off
# Caching reverse proxy for things that don't make sense in AFS
#
# General cache rules
CacheRoot "/opt/apache_cache"
CacheDirLevels 5
CacheDirLength 3
# SSL support
SSLProxyEngine on
# Prevent thundering herds.
CacheLock on
CacheLockPath "/tmp/mod_cache-lock"
CacheLockMaxAge 5
# 100MB
CacheMaxFileSize 104857600
# Ignore expire headers as the urls use sha256 hashes.
CacheIgnoreQueryString On
CacheStoreExpired On
# registry-1.docker.io
CacheEnable disk "/registry-1.docker"
ProxyPass "/registry-1.docker/" "https://registry-1.docker.io/"
ProxyPassReverse "/registry-1.docker/" "https://registry-1.docker.io/"
# dseasb33srnrn.cloudfront.net
CacheEnable disk "/cloudfront"
ProxyPass "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
ProxyPassReverse "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
</VirtualHost>