Add proxy for quay

This change adds a proxy config for quay which should assist us when gating using images provided by the publically available registry. Change-Id: I971705e59724e70bd9d42a6920cf4f883556f673 Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-09-19 16:45:09 -05:00 · 2019-09-19 16:45:09 -05:00 · 8b0877cb68
commit 8b0877cb68
parent f8808d6919
4 changed files with 104 additions and 0 deletions
--- a/modules/openstack_project/templates/mirror.vhost.erb
+++ b/modules/openstack_project/templates/mirror.vhost.erb
@ -469,3 +469,57 @@ LogFormat "%h %l %u %t \"%r\" %>s %b %{cache-status}e \"%{Referer}i\" \"%{User-a
    ProxyPass "/" "https://registry.access.redhat.com/" ttl=120 keepalive=On retry=0
    ProxyPassReverse "/" "https://registry.access.redhat.com/"
 </VirtualHost>
+
+# Quay registry proxy.
+<VirtualHost <%= @vhost_name %>:8084>
+    ServerName <%= @srvname %>:8084
+    <% if @serveraliases.is_a? Array -%>
+      <% @serveraliases.each do |name| -%>
+        <%= "  ServerAlias #{name}:8084\n" %>
+      <% end %>
+    <% elsif @serveraliases != nil -%>
+      <%= "  ServerAlias #{@serveraliases}:8084" -%>
+    <% end %>
+
+    # Disable directory listing by default.
+    <Directory />
+      Order Deny,Allow
+      Deny from all
+      Options None
+      AllowOverride None
+    </Directory>
+
+    ErrorLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8084_error.log
+    LogLevel warn
+    CustomLog /var/log/<%= scope.lookupvar("httpd::params::apache_name") %>/<%= @name %>_8084_access.log combined-cache
+    ServerSignature Off
+
+    # Caching reverse proxy for things that don't make sense in AFS
+    #
+    # General cache rules
+    CacheRoot "/var/cache/apache2/proxy"
+    CacheDirLevels 5
+    CacheDirLength 2
+    # SSL support
+    SSLProxyEngine on
+    # Prevent thundering herds.
+    CacheLock on
+    CacheLockPath "/tmp/mod_cache-lock"
+    CacheLockMaxAge 5
+    # 5GiB
+    CacheMaxFileSize 5368709120
+    # Ignore expire headers as the urls use sha256 hashes.
+    CacheIgnoreQueryString On
+    CacheDefaultExpire 86400
+    CacheStoreExpired On
+
+    # iah50.r.cloudfront.net
+    CacheEnable disk "/iah50.r.cloudfront.net"
+    ProxyPass "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/" ttl=120 keepalive=On retry=0
+    ProxyPassReverse "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/"
+
+    # quay.io
+    CacheEnable disk "/"
+    ProxyPass "/" "https://quay.io/" ttl=120 keepalive=On retry=0
+    ProxyPassReverse "/" "https://quay.io/"
+</VirtualHost>
--- a/playbooks/group_vars/mirror.yaml
+++ b/playbooks/group_vars/mirror.yaml
@ -4,3 +4,4 @@ iptables_extra_public_tcp_ports:
  - 8081
  - 8082
  - 8083
+  - 8084
--- a/playbooks/group_vars/mirror_opendev.yaml
+++ b/playbooks/group_vars/mirror_opendev.yaml
@ -5,3 +5,4 @@ iptables_extra_public_tcp_ports:
  - 8081
  - 8082
  - 8083
+  - 8084
--- a/playbooks/roles/mirror/templates/mirror.vhost.j2
+++ b/playbooks/roles/mirror/templates/mirror.vhost.j2
@ -463,3 +463,51 @@ ErrorLogFormat "[%{cu}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% , \
    ProxyPass "/" "https://registry.access.redhat.com/" ttl=120 keepalive=On retry=0
    ProxyPassReverse "/" "https://registry.access.redhat.com/"
 </VirtualHost>
+
+# Quay registry proxy.
+<VirtualHost *:8084>
+    ServerName {{ apache_server_name }}:8084
+    ServerAlias {{ apache_server_alias }}:8084
+
+    # Disable directory listing by default.
+    <Directory />
+      Order Deny,Allow
+      Deny from all
+      Options None
+      AllowOverride None
+    </Directory>
+
+    ErrorLog /var/log/apache2/proxy_8083_error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/proxy_8083_access.log combined-cache
+    ServerSignature Off
+
+    # Caching reverse proxy for things that don't make sense in AFS
+    #
+    # General cache rules
+    CacheRoot "/var/cache/apache2/proxy"
+    CacheDirLevels 5
+    CacheDirLength 2
+    # SSL support
+    SSLProxyEngine on
+    # Prevent thundering herds.
+    CacheLock on
+    CacheLockPath "/tmp/mod_cache-lock"
+    CacheLockMaxAge 5
+    # 5GiB
+    CacheMaxFileSize 5368709120
+    # Ignore expire headers as the urls use sha256 hashes.
+    CacheIgnoreQueryString On
+    CacheDefaultExpire 86400
+    CacheStoreExpired On
+
+    # iah50.r.cloudfront.net
+    CacheEnable disk "/iah50.r.cloudfront.net"
+    ProxyPass "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/" ttl=120 keepalive=On retry=0
+    ProxyPassReverse "/iah50.r.cloudfront.net/" "https://iah50.r.cloudfront.net/"
+
+    # quay.io
+    CacheEnable disk "/"
+    ProxyPass "/" "https://quay.io/" ttl=120 keepalive=On retry=0
+    ProxyPassReverse "/" "https://quay.io/"
+</VirtualHost>