Add registry-1.docker.io to reverse proxy cache

To use the mirror, you'd create a /etc/docker/daemon.json file: { "registry-mirrors": [ "http://mirror.dfw.rax.openstack.org:8081/registry-1.docker/" ] } Obviously using your regional mirror. We also use port 8081 because we need to ignore Expires headers, and don't want to affect the rdo proxy. Change-Id: Iba9a7580a11cdecb6a43a4fef703be2ca62d0539 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-05 13:58:58 -04:00 · 2017-04-05 13:58:58 -04:00 · 836cddb2f2
parent 724e83b5ef
commit 836cddb2f2
2 changed files with 52 additions and 3 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -650,7 +650,7 @@ node /^mirror\..*\.openstack\.org$/ {
  $group = "mirror"

  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 80, 8080],
+    iptables_public_tcp_ports => [22, 80, 8080, 8081],
    sysadmins                 => hiera('sysadmins', []),
    afs                       => true,
    afs_cache_size            => 50000000,  # 50GB
--- a/modules/openstack_project/templates/mirror.vhost.erb
+++ b/modules/openstack_project/templates/mirror.vhost.erb
@ -8,6 +8,9 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
 Listen 8080
 NameVirtualHost <%= @vhost_name %>:8080

+Listen 8081
+NameVirtualHost <%= @vhost_name %>:8081
+
 <VirtualHost <%= @vhost_name %>:<%= @port %>>
    ServerName <%= @srvname %>
    <% if @serveraliases.is_a? Array -%>
@ -99,9 +102,9 @@ NameVirtualHost <%= @vhost_name %>:8080
      AllowOverride None
    </Directory>

-    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_error.log
+    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_error.log
    LogLevel warn
-    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_proxy_access.log combined
+    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8080_access.log combined
    ServerSignature Off

    # Caching reverse proxy for things that don't make sense in AFS
@ -125,3 +128,49 @@ NameVirtualHost <%= @vhost_name %>:8080
    ProxyPass "/rdo/" "https://trunk.rdoproject.org/"
    ProxyPassReverse "/rdo/" "https://trunk.rdoproject.org/"
 </VirtualHost>
+
+<VirtualHost <%= @vhost_name %>:8081>
+    ServerName <%= @srvname %>:8081
+
+    # Disable directory listing by default.
+    <Directory />
+      Order Deny,Allow
+      Deny from all
+      Options None
+      AllowOverride None
+    </Directory>
+
+    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_error.log
+    LogLevel warn
+    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8081_access.log combined
+    ServerSignature Off
+
+    # Caching reverse proxy for things that don't make sense in AFS
+    #
+    # General cache rules
+    CacheRoot "/opt/apache_cache"
+    CacheDirLevels 5
+    CacheDirLength 3
+    # SSL support
+    SSLProxyEngine on
+    # Prevent thundering herds.
+    CacheLock on
+    CacheLockPath "/tmp/mod_cache-lock"
+    CacheLockMaxAge 5
+    # 100MB
+    CacheMaxFileSize 104857600
+    # Ignore expire headers as the urls use sha256 hashes.
+    CacheIgnoreQueryString On
+    CacheStoreExpired On
+
+    # registry-1.docker.io
+    CacheEnable disk  "/registry-1.docker"
+    ProxyPass "/registry-1.docker/" "https://registry-1.docker.io/"
+    ProxyPassReverse "/registry-1.docker/" "https://registry-1.docker.io/"
+
+    # dseasb33srnrn.cloudfront.net
+    CacheEnable disk "/cloudfront"
+    ProxyPass "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
+    ProxyPassReverse "/cloudfront/" "https://dseasb33srnrn.cloudfront.net/"
+
+</VirtualHost>