summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJesse Pretorius <jesse.pretorius@rackspace.co.uk>2018-07-20 15:04:01 +0100
committerJesse Pretorius (odyssey4me) <jesse.pretorius@rackspace.co.uk>2018-07-20 14:25:19 +0000
commitdab934bdb9f06a4c194469afa34a0998b76721b6 (patch)
treef727707d1255643ebe6e740b3cf6ae4c60e203bc
parent7c8e10977d5f440b948b2dba6d6c1864a306da34 (diff)
Remove the upstream pypi reverse proxy
Trying to reverse proxy upstream pypi has not turned out to be very stable, or very useful. We've had many, many reports of stability issues and the additional complexity for offline and proxy usage is just not worth it. Given we already have a mechanism in place to handle using upstream pypi if the repo server is not there yet, disabling this should just result in that mechanism kicking in and all will be well again. Once the repo is built, the reverse proxy to pypiserver will then be exclusively used and the upstream pypi proxy is not necessary anyway. Depends-On: https://review.openstack.org/584393 Change-Id: Ie407c6a346de6b46c8f4d30caea8664a7f6bd341
Notes
Notes (review): Code-Review+2: Jean-Philippe Evrard <jean-philippe@evrard.me> Code-Review+1: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk> Code-Review+2: Markos Chandras (hwoarang) <mchandras@suse.de> Workflow+1: Markos Chandras (hwoarang) <mchandras@suse.de> Workflow+1: Jesse Pretorius (odyssey4me) <jesse.pretorius@rackspace.co.uk> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 23 Jul 2018 16:28:26 +0000 Reviewed-on: https://review.openstack.org/584385 Project: openstack/openstack-ansible-repo_server Branch: refs/heads/master
-rw-r--r--defaults/main.yml9
-rw-r--r--releasenotes/notes/pypi-cache-removed-c03a9a0658c9d89f.yaml10
-rw-r--r--templates/nginx-pypi.conf.j27
-rw-r--r--templates/openstack-slushee.vhost.j244
4 files changed, 16 insertions, 54 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index 41c66ec..78bf49e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -99,12 +99,3 @@ repo_pypiserver_start_options: >-
99# config override var for systemd init file 99# config override var for systemd init file
100repo_pypiserver_init_overrides: {} 100repo_pypiserver_init_overrides: {}
101 101
102# nginx host:port for pypi reverse proxy
103repo_nginx_pypi_upstream: "pypi.python.org:443"
104
105# Set the options for the nginx proxy_cache_path directive.
106# The proxy cache is used for data downloaded from pypi.
107# The default is set to cache up to 1G worth of packages
108# for up to 1 month
109repo_nginx_proxy_cache_path: >-
110 /var/lib/nginx/pypi levels=1:2 keys_zone=pypi:16m inactive=1M max_size=1G
diff --git a/releasenotes/notes/pypi-cache-removed-c03a9a0658c9d89f.yaml b/releasenotes/notes/pypi-cache-removed-c03a9a0658c9d89f.yaml
new file mode 100644
index 0000000..8ccbcf4
--- /dev/null
+++ b/releasenotes/notes/pypi-cache-removed-c03a9a0658c9d89f.yaml
@@ -0,0 +1,10 @@
1---
2deprecations:
3 - |
4 The repo server's reverse proxy for pypi has now been removed,
5 leaving only the pypiserver to serve packages already on the
6 repo server. The attempt to reverse proxy upstream pypi turned
7 out to be very unstable with increased complexity for deployers
8 using proxies or offline installs. With this, the variables
9 ``repo_nginx_pypi_upstream`` and ``repo_nginx_proxy_cache_path``
10 have also been removed.
diff --git a/templates/nginx-pypi.conf.j2 b/templates/nginx-pypi.conf.j2
index 9e1e2b7..9beac67 100644
--- a/templates/nginx-pypi.conf.j2
+++ b/templates/nginx-pypi.conf.j2
@@ -1,12 +1,5 @@
1# {{ ansible_managed }} 1# {{ ansible_managed }}
2 2
3proxy_cache_path {{ repo_nginx_proxy_cache_path }};
4
5upstream pypiserver { 3upstream pypiserver {
6 server localhost:{{ repo_pypiserver_port }}; 4 server localhost:{{ repo_pypiserver_port }};
7} 5}
8
9upstream pypi {
10 server {{ repo_nginx_pypi_upstream }};
11 keepalive 16;
12}
diff --git a/templates/openstack-slushee.vhost.j2 b/templates/openstack-slushee.vhost.j2
index b990be5..775ce6d 100644
--- a/templates/openstack-slushee.vhost.j2
+++ b/templates/openstack-slushee.vhost.j2
@@ -6,50 +6,18 @@ server {
6 access_log /var/log/nginx/{{ repo_server_name }}.access.log gzip buffer=32k; 6 access_log /var/log/nginx/{{ repo_server_name }}.access.log gzip buffer=32k;
7 error_log /var/log/nginx/{{ repo_server_name }}.error.log notice; 7 error_log /var/log/nginx/{{ repo_server_name }}.error.log notice;
8 8
9 # Allow cached content to be used even when the upstream source is not available.
10 proxy_cache pypi;
11 proxy_cache_key $uri;
12 proxy_cache_lock on;
13 proxy_cache_revalidate on;
14 proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
15
16 proxy_http_version 1.1;
17 proxy_set_header Host $host:$server_port;
18 proxy_set_header Connection "";
19 proxy_set_header Accept-Encoding "";
20
21 # Rewrite any http redirects to use relative to proxy
22 proxy_redirect ~https?://pypi.python.org(.*) $1;
23
24 # Fallback mechanism from:
25 # http://linuxplayer.org/2013/06/nginx-try-files-on-multiple-named-location-or-server
26 location @pypi {
27 proxy_set_header Host pypi.python.org;
28 {% if repo_nginx_pypi_upstream | match('.*:443$') %}
29 proxy_pass https://pypi;
30 {% else %}
31 proxy_pass http://pypi;
32 {% endif %}
33 }
34
35 location /simple { 9 location /simple {
36 proxy_intercept_errors on; 10 proxy_set_header Host $host:$server_port;
11 proxy_set_header X-Forwarded-Proto $scheme;
12 proxy_set_header X-Real-IP $remote_addr;
37 proxy_pass http://pypiserver; 13 proxy_pass http://pypiserver;
38 error_page 404 = @pypi;
39 } 14 }
40 15
41 location /packages { 16 location /packages {
42 proxy_intercept_errors on; 17 proxy_set_header Host $host:$server_port;
18 proxy_set_header X-Forwarded-Proto $scheme;
19 proxy_set_header X-Real-IP $remote_addr;
43 proxy_pass http://pypiserver; 20 proxy_pass http://pypiserver;
44 error_page 404 = @pypi;
45 }
46
47 location /+f {
48 {% if repo_nginx_pypi_upstream | match('.*:443$') %}
49 proxy_pass https://pypi;
50 {% else %}
51 proxy_pass http://pypi;
52 {% endif %}
53 } 21 }
54 22
55 location / { 23 location / {