Compilation results for registry1004.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources modified

• File[/etc/nginx/sites-available/registry]

  Content differences:

  --- /etc/nginx/sites-available/registry.orig
  +++ /etc/nginx/sites-available/registry
  @@ -15,6 +15,16 @@
       '' close;
   }
   
  +
  +# Define a cache for immutable blobs and manifests
  +# inactive time here probably needs to match what is
  +# set in proxy_cache_valid below.
  +proxy_cache_path /var/cache/nginx-docker-registry
  +                  levels=1:2
  +                  max_size=10g
  +                  inactive=7d
  +                  keys_zone=cache:10m
  +                  use_temp_path=off;
   
   # Define a separate cache for the auth backends to mitigate subrequests for
   # every authentication.
  @@ -740,6 +750,12 @@
         proxy_pass http://registry-restricted;
         include /etc/nginx/registry-nginx-common-proxy-settings.conf;
   
  +
  +      # Blobs and manifests by digest are immutable, so we can cache them
  +      location ~ ^/v2/restricted/(.*)/(blobs|manifests)/sha256:(.*) {
  +        proxy_pass http://registry-restricted;
  +        include /etc/nginx/registry-nginx-cache.conf;
  +      }
       }
   
       # This block applies to POST/PUT/DELETE/etc. methods to /v2/restricted/
  @@ -778,6 +794,12 @@
         proxy_pass http://registry-ml;
         include /etc/nginx/registry-nginx-common-proxy-settings.conf;
   
  +
  +      # Blobs and manifests by digest are immutable, so we can cache them
  +      location ~ ^/v2/ml/(.*)/(blobs|manifests)/sha256:(.*) {
  +        proxy_pass http://registry-ml;
  +        include /etc/nginx/registry-nginx-cache.conf;
  +      }
       }
   
       # This block applies to POST/PUT/DELETE/etc. methods to /v2/ml/
  @@ -840,6 +862,23 @@
           deny all;
         }
   
  +
  +      # Blobs and manifests by digest are immutable, so we can cache them
  +      location ~ ^/v2/(.*/(?:blobs|manifests)/sha256:.*) {
  +        # Nginx applies only _some_ of the parent location block directives
  +        # to nested locations, but this does _not_ include the `set
  +        # $auth_request_path` above. We must duplicate the directive here so
  +        # as not to lose the original request path during JWT auth (see
  +        # location = /auth/jwt). See T322453
  +        #
  +        # TODO refactor nested locations as server level locations and move
  +        # common directives to includes to make the configuration easier to
  +        # understand
  +        set $auth_request_path $1;
  +
  +        proxy_pass http://registry-swift;
  +        include /etc/nginx/registry-nginx-cache.conf;
  +      }
       }
   
       # Below are a number of internal locations used by auth_request to route

• Nginx::Site[registry]

• File[/var/cache/nginx-docker-registry]

  Parameters differences:

  --- File[/var/cache/nginx-docker-registry].orig
  +++ File[/var/cache/nginx-docker-registry]
  
  @@
  -    ensure => absent
  +    ensure => directory
  

• File[/etc/nginx/registry-nginx-cache.conf]

  Parameters differences:

  --- File[/etc/nginx/registry-nginx-cache.conf].orig
  +++ File[/etc/nginx/registry-nginx-cache.conf]
  
  @@
  -    ensure => absent
  +    ensure => file
  

• Class[Profile::Docker_registry]

  Parameters differences:

  --- Class[Profile::Docker_registry].orig
  +++ Class[Profile::Docker_registry]
  
  @@
  -    nginx_blob_cache => False
  +    nginx_blob_cache => True
  

• Class[Docker_registry::Web]

  Parameters differences:

  --- Class[Docker_registry::Web].orig
  +++ Class[Docker_registry::Web]
  
  @@
  -    nginx_blob_cache => False
  +    nginx_blob_cache => True
  

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Full Diff