Yuvipanda has uploaded a new change for review.
https://gerrit.wikimedia.org/r/212997
Change subject: dynamicproxy: Add redundanturl dynamicproxy
......................................................................
dynamicproxy: Add redundanturl dynamicproxy
Similar to url proxy except it random distributes to multiple
backends based on smembers.
Change-Id: I57b3c1e7b2e2ea34acdd685fab80c32d96435926
---
M manifests/role/labsmesos.pp
A modules/dynamicproxy/files/redundanturlproxy.lua
A modules/dynamicproxy/templates/redundanturlproxy
3 files changed, 141 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/97/212997/1
diff --git a/manifests/role/labsmesos.pp b/manifests/role/labsmesos.pp
index f0dcc8c..f80109e 100644
--- a/manifests/role/labsmesos.pp
+++ b/manifests/role/labsmesos.pp
@@ -20,3 +20,9 @@
zookeeper_url => $zookeeper_url,
}
}
+
+class role::labs::mesos::proxy {
+ class { '::dynamicproxy':
+ luahandler => 'redundanturlproxy',
+ }
+}
diff --git a/modules/dynamicproxy/files/redundanturlproxy.lua
b/modules/dynamicproxy/files/redundanturlproxy.lua
new file mode 100644
index 0000000..66f8895
--- /dev/null
+++ b/modules/dynamicproxy/files/redundanturlproxy.lua
@@ -0,0 +1,42 @@
+-- Copyright 2013 Yuvi Panda <[email protected]>
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+-- Lua file run by nginx that does appropriate routing
+-- Different from urlproxy in that it expects prefix:<path> to contain
+-- sets that it routes via random-get.
+
+local redis = require 'resty.redis'
+local red = redis:new()
+red:set_timeout(1000)
+
+red:connect('127.0.0.1', 6379)
+
+local captures = ngx.re.match(ngx.var.uri, "^/([^/]*)(/.*)?$")
+
+local prefix = captures[1]
+local route = nil
+
+route = red:srandmember('prefix:' .. prefix)
+
+-- Use a connection pool of 256 connections with a 32s idle timeout
+-- This also closes the current redis connection.
+red:set_keepalive(1000 * 32, 256)
+
+if route then
+ ngx.var.backend = route
+ ngx.exit(ngx.OK)
+else
+ ngx.exit(404)
+end
+
diff --git a/modules/dynamicproxy/templates/redundanturlproxy
b/modules/dynamicproxy/templates/redundanturlproxy
new file mode 100644
index 0000000..2de42dd
--- /dev/null
+++ b/modules/dynamicproxy/templates/redundanturlproxy
@@ -0,0 +1,93 @@
+#Copyright 2015 Yuvi Panda <[email protected]>
+#
+#Licensed under the Apache License, Version 2.0 (the "License");
+#you may not use this file except in compliance with the License.
+#You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+#Unless required by applicable law or agreed to in writing, software
+#distributed under the License is distributed on an "AS IS" BASIS,
+#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#See the License for the specific language governing permissions and
+#limitations under the License.
+
+lua_package_path "/etc/nginx/lua/?.lua;;";
+
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
+server {
+ resolver <%= @resolver %>;
+
+ listen 80;
+
+ <%- if @ssl_certificate_name != false -%>
+ # Serve both HTTP and HTTPS
+ listen 443 default_server ssl spdy;
+
+ ssl_certificate /etc/ssl/localcerts/<%= @ssl_certificate_name
%>.chained.crt;
+ ssl_certificate_key /etc/ssl/private/<%= @ssl_certificate_name %>.key;
+
+ # Copied from templates/nginx/nginx.conf.erb. Eugh
+ # Enable a shared cache, since it is defined at this level
+ # it will be used for all virtual hosts. 1m = 4000 active sessions,
+ # so we are allowing 200,000 active sessions.
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_timeout 5m;
+
+ <%= @ssl_settings.join("\n") %>
+
+ <%- end -%>
+
+ # Some projects have tools that take data in and process them
+ # for a long time. While ideally they should be made async, this
+ # is an interim solution that works for now.
+ proxy_read_timeout 600s;
+
+ # People upload large files, and that is okay.
+ # We can make this larger if need be.
+ client_max_body_size 128m;
+
+ # Block requests with no UA string
+ if ($http_user_agent = "") {
+ return 403 "Requests must have a user agent";
+ }
+
+ include uwsgi_params;
+ include fastcgi_params;
+
+ # See http://www.gnuterrypratchett.com/
+ add_header X-Clacks-Overhead "GNU Terry Pratchett";
+
+ location / {
+ set $backend '';
+
+ access_by_lua_file /etc/nginx/lua/redundanturlproxy.lua;
+
+ proxy_pass $backend;
+
+ proxy_http_version 1.1;
+ proxy_intercept_errors on;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Original-URI $request_uri;
+
+ # For upstream servers, all requests appear to come over http,
+ # thus emitting redirects to that as well. So we need to
+ # rewrite redirects with the /actual/ scheme the request came
+ # in over. There may be fringe cases where upstream servers
+ # want https requests to redirect to non-Tools servers over
+ # http, so we limit the rewriting to tools.wmflabs.org.
+ proxy_redirect http://tools.wmflabs.org/ $scheme://tools.wmflabs.org/;
+ }
+
+ # GZIP ALL THE THINGS!
+ gzip on;
+ gzip_proxied any;
+ gzip_types text/plain text/css text/xml application/json
application/javascript application/x-javascript text/javascript;
+}
+
--
To view, visit https://gerrit.wikimedia.org/r/212997
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I57b3c1e7b2e2ea34acdd685fab80c32d96435926
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
