On Tue, May 19, 2015 at 06:39:58PM +0200, Patrick Uiterwijk wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Any +1s for the below patch? > > As noted in the commit message, this is mostly preferred > after a new release is made (or the change in PR#80 is > hotfixed), though it will work perfectly without, just > confuse the user slightly, because whenever they're in > /mirrors, they will always see like being logged out. > This is currently already live in stg. +1 for me for the changes below. This does not include the fedmsg-based clearing of the cache though, does it? So how long would the cache be stored now? Pierre > commit e1a85426b83739e46c1e4f59e3b962738d0cbc24 > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > Date: Tue May 19 16:32:38 2015 +0000 > > Use varnish for mirrormanager2 publiclist > > This change makes us use varnish for the mm2 publiclist > and configures varnish to ignore cookies on the /mirrors > subpath. > The cookie ignore is only valid after the master-noauth > Pull Request #80 is merged, as that hides all authed > information from the publiclist pages. > > Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > > diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml > index a55472f..904428a 100644 > - --- a/playbooks/include/proxies-reverseproxy.yml > +++ b/playbooks/include/proxies-reverseproxy.yml > @@ -216,15 +216,6 @@ > proxyurl: http://localhost:10009 > > - role: httpd/reverseproxy > - - when: env != "staging" > - - website: admin.fedoraproject.org > - - destname: mirrormanager > - - remotepath: /mirrormanager > - - localpath: /mirrormanager > - - proxyurl: http://localhost:10008 > - - > - - - role: httpd/reverseproxy > - - when: env == "staging" > website: admin.fedoraproject.org > destname: mirrormanager > remotepath: /mirrormanager > diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl > index 37ca3da..ed8333b 100644 > - --- a/roles/varnish/files/proxy.vcl > +++ b/roles/varnish/files/proxy.vcl > @@ -187,6 +187,10 @@ sub vcl_recv { > unset req.http.cookie; > set req.url = regsub(req.url, "\?.*", ""); > } > + if (req.url ~ "^/mirrormanager/mirrors") { > + unset req.http.cookie; > + set req.url = regsub(req.url, "\?.*", ""); > + } > } > if (req.url ~ "^/mirrormanager2/") { > set req.backend_hint = mirrormanager2; > @@ -299,3 +303,13 @@ sub vcl_recv { > # unset beresp.http.set-cookie; > # } > #} > + > + > +# Make sure mirrormanager/mirrors doesn't set any cookies > +# (Setting cookies would make varnish store a HIT-FOR-PASS > +# making it always fetch from backend) > +sub vcl_backend_response { > + if (bereq.url ~ "^/mirrormanager/mirrors") { > + unset beresp.http.set-cookie; > + } > +} > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJVW2deAAoJEIZXmA2atR5QX58QAIyOKoRCasd7lWxkpHg8vlvr > emasDLQ6+bG8UwERMU0Xbk85njzzAWBsUG6wbQKPkJRE+fHtoA2ZFOxrXD4o/ioF > Uv+w6EwG8peltm3l/s9NOLxgzKOZoS/lULhfGshjxQVYXFcyexkNM5W82TyE7D9i > 51wQ6pqcLiXeiWyzJGAA/MIA6zAm32bt+TAu7rq0uQSFcbKShhx9A6IHPlKRuELX > U9ORY6Nh5HYqwE+FEkq5kQKkpiFMrohpffLBea4Q5urAxozb1uE1Nj4W5dP8b41H > ZCPr3pbyFZEENJCC4MJ3wfhY7t4wMKUOEjyoEGte2l+rNT8mwchx/TMajOms803v > /wTwG6Q4gbkaPbbxxEgjX9cNfzrvsahZE3n3oJm5ul55pVpMxBDqO6nBPfK1qqoi > cVAurKTta6R6l7CIQC+t4BKFx3O6sfld/8eD4wiigHG0q7e61e5iZudGJkVaAy7m > bz38ZgCHMwTzhjLAu4va0gNZZqhtJqpMnypR1ymbIrmsMi9/kMFh5QhnyI6CbR7r > OY95yNxbAA2SyM7V+Ee9+L5FNd+6aX0jFG8bBZU06o4rZrZEg3BzdnLbNPApZoJs > Q15RWRh9HWyZ8wMAg6u9PthPG4r3GrryksYSQ3s5SuArSvGWejZg9MX1r8wjbryP > YetR6PlqZsGMs1/j55el > =L8bm > -----END PGP SIGNATURE----- > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Attachment:
pgpNOmc53rwnM.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
