Currently, when the repo server stores files like OpenStack's
upper-constraints.txt, the cache settings cause pip to cache this
file. When updating this file or experimenting with different
constraints, this cache can cause unexpected results as pip may
deploy different versions to those currently specified in the file.
This change instructs pip or other clients not to cache responses,
and matches the OpenDev origin's response headers for requirements
files.
Similar issues could apply for wheels and similar if experimental
changes are made without adjusting version numbers.
Change-Id: I7fdb62f79590deb118ecac2aac71984bd32685f1
By overriding the variable `repo_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the repo_server backend.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I5c5d3dd5689ac122781303ad21dacc8a1fa746eb
Nginx adds trailing slashes to the URLs ending with directories.
So by default, when accessing http://172.29.236.101:8181/pools, nginx
will return 301 redirect to http://172.29.236.101:8181/pools/.
It's an absolute redirect which causes a problem when haproxy frontend
listens on HTTPS but its backends listen on HTTP.
In this case, when accessing https://172.29.236.101:8181/pools, nginx
will return 301 redirect to http://172.29.236.101:8181/pools/ (http)
that won't work.
This patch changes behavior by disabling absolute_redirects, so when
accessing https://172.29.236.101:8181/pools, nginx will return a
redirect to relative location '/pools/' without changing protocol.
Change-Id: I9e55508996d9b24437870f2f23dca5db7827fee1
These addresses are given defaults of 0.0.0.0 in the role defaults
but in a deployment we know which address each service should bind to.
The variable repo_server_bind_address should hold the mgmt network IP
address for either containerised or metal deployments and drives the
bind addresses where necessary.
Co-Authored-By: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Change-Id: Iff95282b91a94d22fc8f6cdbadefacb53cae5b79
It is no longer needed because of how we are using python_venv_build
at the moment, so let's remove it.
Depends-On: https://review.openstack.org/648477
Change-Id: I56531388fb49a8c3d098fd762392299742b0e120
Trying to reverse proxy upstream pypi has not turned out to
be very stable, or very useful. We've had many, many reports
of stability issues and the additional complexity for offline
and proxy usage is just not worth it.
Given we already have a mechanism in place to handle using
upstream pypi if the repo server is not there yet, disabling
this should just result in that mechanism kicking in and all
will be well again.
Once the repo is built, the reverse proxy to pypiserver will
then be exclusively used and the upstream pypi proxy is not
necessary anyway.
Depends-On: https://review.openstack.org/584393
Change-Id: Ie407c6a346de6b46c8f4d30caea8664a7f6bd341
devpi serves packages from url starting +f/. The devpi source code
suggets that +e may also be used but is not seen when using devpi
as a caching proxy.
Change-Id: Ib391d17e5038a355a558aa3f041ed58ede7dad4a
When reverse proxying pypi the current implementation uses
https to communicate upstream. This works just fine if the
upstream pypi server is serving data via https, but causes
the handshake to fail if the upstream pypi server is serving
via http instead.
This patch implements a check to validate the upstream pypi
server port set and adapts the reverse proxy configuration
appropriately.
Change-Id: I1a986fef5bf1e069212bc432c3a775be15df11ef
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
This patch implements nginx as a reverse proxy for python
packages. The initial query will be to a local deployment
of pypiserver in order to serve any locally built packages,
but if the package is not available locally it will retry
the query against pypi and cache the response.
Depends-On: Id20a43fed833d53ca0f147f517deafba6587352d
Change-Id: Ic4fd64f4dc82121a65088f3d7f4ae53f373df608
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Changing the paths of nginx logs to not rely on the
user name of repo service. This is because nginx related
configurations, playbooks assume nginx in the directory names.
Change-Id: I458293c687c1857e7d8451a200173bec554d9559
Closes-Bug: #1633739
In I62321a7b62dabca469eb072ddbf4e8f250ce0fb3, git daemon was added to
support hosting git repos from the repo server over the git protocol.
When the integrated build transitions to using it, fastcgi and all
related configuration can be removed.
Depends-On: I09bc504490d4b5114895f7f646fc8254748a7f41
Change-Id: I7ec8277d3883d1f8891de6ae2b0881fe026a34c8
Andrew Bonney