{"host": "registry2004.codfw.wmnet", "state": "core_diff", "description": "Differences to core resources", "diff": {"full": {"total": 2932, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/nginx/sites-available/registry]", "content": "--- /etc/nginx/sites-available/registry.orig\n+++ /etc/nginx/sites-available/registry\n@@ -15,6 +15,16 @@\n '' close;\n }\n \n+\n+# Define a cache for immutable blobs and manifests\n+# inactive time here probably needs to match what is\n+# set in proxy_cache_valid below.\n+proxy_cache_path /var/cache/nginx-docker-registry\n+ levels=1:2\n+ max_size=10g\n+ inactive=7d\n+ keys_zone=cache:10m\n+ use_temp_path=off;\n \n # Define a separate cache for the auth backends to mitigate subrequests for\n # every authentication.\n@@ -740,6 +750,12 @@\n proxy_pass http://registry-restricted;\n include /etc/nginx/registry-nginx-common-proxy-settings.conf;\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/restricted/(.*)/(blobs|manifests)/sha256:(.*) {\n+ proxy_pass http://registry-restricted;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # This block applies to POST/PUT/DELETE/etc. methods to /v2/restricted/\n@@ -777,6 +793,12 @@\n proxy_pass http://registry-ml;\n include /etc/nginx/registry-nginx-common-proxy-settings.conf;\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/ml/(.*)/(blobs|manifests)/sha256:(.*) {\n+ proxy_pass http://registry-ml;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # This block applies to POST/PUT/DELETE/etc. methods to /v2/ml/\n@@ -834,6 +856,23 @@\n deny all;\n }\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/(.*/(?:blobs|manifests)/sha256:.*) {\n+ # Nginx applies only _some_ of the parent location block directives\n+ # to nested locations, but this does _not_ include the `set\n+ # $auth_request_path` above. We must duplicate the directive here so\n+ # as not to lose the original request path during JWT auth (see\n+ # location = /auth/jwt). See T322453\n+ #\n+ # TODO refactor nested locations as server level locations and move\n+ # common directives to includes to make the configuration easier to\n+ # understand\n+ set $auth_request_path $1;\n+\n+ proxy_pass http://registry-swift;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # Below are a number of internal locations used by auth_request to route"}, {"resource": "File[/etc/nginx/registry-nginx-cache.conf]", "parameters": "--- File[/etc/nginx/registry-nginx-cache.conf].orig\n+++ File[/etc/nginx/registry-nginx-cache.conf]\n\n@@\n- ensure => absent\n+ ensure => file\n"}, {"resource": "Class[Profile::Docker_registry]", "parameters": "--- Class[Profile::Docker_registry].orig\n+++ Class[Profile::Docker_registry]\n\n@@\n- nginx_blob_cache => False\n+ nginx_blob_cache => True\n"}, {"resource": "Nginx::Site[registry]"}, {"resource": "File[/var/cache/nginx-docker-registry]", "parameters": "--- File[/var/cache/nginx-docker-registry].orig\n+++ File[/var/cache/nginx-docker-registry]\n\n@@\n- ensure => absent\n+ ensure => directory\n"}, {"resource": "Class[Docker_registry::Web]", "parameters": "--- Class[Docker_registry::Web].orig\n+++ Class[Docker_registry::Web]\n\n@@\n- nginx_blob_cache => False\n+ nginx_blob_cache => True\n"}], "perc_changed": "0.20%"}, "core": {"total": 2932, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/nginx/sites-available/registry]", "content": "--- /etc/nginx/sites-available/registry.orig\n+++ /etc/nginx/sites-available/registry\n@@ -15,6 +15,16 @@\n '' close;\n }\n \n+\n+# Define a cache for immutable blobs and manifests\n+# inactive time here probably needs to match what is\n+# set in proxy_cache_valid below.\n+proxy_cache_path /var/cache/nginx-docker-registry\n+ levels=1:2\n+ max_size=10g\n+ inactive=7d\n+ keys_zone=cache:10m\n+ use_temp_path=off;\n \n # Define a separate cache for the auth backends to mitigate subrequests for\n # every authentication.\n@@ -740,6 +750,12 @@\n proxy_pass http://registry-restricted;\n include /etc/nginx/registry-nginx-common-proxy-settings.conf;\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/restricted/(.*)/(blobs|manifests)/sha256:(.*) {\n+ proxy_pass http://registry-restricted;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # This block applies to POST/PUT/DELETE/etc. methods to /v2/restricted/\n@@ -777,6 +793,12 @@\n proxy_pass http://registry-ml;\n include /etc/nginx/registry-nginx-common-proxy-settings.conf;\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/ml/(.*)/(blobs|manifests)/sha256:(.*) {\n+ proxy_pass http://registry-ml;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # This block applies to POST/PUT/DELETE/etc. methods to /v2/ml/\n@@ -834,6 +856,23 @@\n deny all;\n }\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/(.*/(?:blobs|manifests)/sha256:.*) {\n+ # Nginx applies only _some_ of the parent location block directives\n+ # to nested locations, but this does _not_ include the `set\n+ # $auth_request_path` above. We must duplicate the directive here so\n+ # as not to lose the original request path during JWT auth (see\n+ # location = /auth/jwt). See T322453\n+ #\n+ # TODO refactor nested locations as server level locations and move\n+ # common directives to includes to make the configuration easier to\n+ # understand\n+ set $auth_request_path $1;\n+\n+ proxy_pass http://registry-swift;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # Below are a number of internal locations used by auth_request to route"}, {"resource": "File[/var/cache/nginx-docker-registry]", "parameters": "--- File[/var/cache/nginx-docker-registry].orig\n+++ File[/var/cache/nginx-docker-registry]\n\n@@\n- ensure => absent\n+ ensure => directory\n"}, {"resource": "File[/etc/nginx/registry-nginx-cache.conf]", "parameters": "--- File[/etc/nginx/registry-nginx-cache.conf].orig\n+++ File[/etc/nginx/registry-nginx-cache.conf]\n\n@@\n- ensure => absent\n+ ensure => file\n"}], "perc_changed": "0.10%"}, "main": {"total": 2932, "only_in_self": [], "only_in_other": [], "resource_diffs": [{"resource": "File[/etc/nginx/sites-available/registry]", "content": "--- /etc/nginx/sites-available/registry.orig\n+++ /etc/nginx/sites-available/registry\n@@ -15,6 +15,16 @@\n '' close;\n }\n \n+\n+# Define a cache for immutable blobs and manifests\n+# inactive time here probably needs to match what is\n+# set in proxy_cache_valid below.\n+proxy_cache_path /var/cache/nginx-docker-registry\n+ levels=1:2\n+ max_size=10g\n+ inactive=7d\n+ keys_zone=cache:10m\n+ use_temp_path=off;\n \n # Define a separate cache for the auth backends to mitigate subrequests for\n # every authentication.\n@@ -740,6 +750,12 @@\n proxy_pass http://registry-restricted;\n include /etc/nginx/registry-nginx-common-proxy-settings.conf;\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/restricted/(.*)/(blobs|manifests)/sha256:(.*) {\n+ proxy_pass http://registry-restricted;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # This block applies to POST/PUT/DELETE/etc. methods to /v2/restricted/\n@@ -777,6 +793,12 @@\n proxy_pass http://registry-ml;\n include /etc/nginx/registry-nginx-common-proxy-settings.conf;\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/ml/(.*)/(blobs|manifests)/sha256:(.*) {\n+ proxy_pass http://registry-ml;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # This block applies to POST/PUT/DELETE/etc. methods to /v2/ml/\n@@ -834,6 +856,23 @@\n deny all;\n }\n \n+\n+ # Blobs and manifests by digest are immutable, so we can cache them\n+ location ~ ^/v2/(.*/(?:blobs|manifests)/sha256:.*) {\n+ # Nginx applies only _some_ of the parent location block directives\n+ # to nested locations, but this does _not_ include the `set\n+ # $auth_request_path` above. We must duplicate the directive here so\n+ # as not to lose the original request path during JWT auth (see\n+ # location = /auth/jwt). See T322453\n+ #\n+ # TODO refactor nested locations as server level locations and move\n+ # common directives to includes to make the configuration easier to\n+ # understand\n+ set $auth_request_path $1;\n+\n+ proxy_pass http://registry-swift;\n+ include /etc/nginx/registry-nginx-cache.conf;\n+ }\n }\n \n # Below are a number of internal locations used by auth_request to route"}, {"resource": "Nginx::Site[registry]"}, {"resource": "File[/var/cache/nginx-docker-registry]", "parameters": "--- File[/var/cache/nginx-docker-registry].orig\n+++ File[/var/cache/nginx-docker-registry]\n\n@@\n- ensure => absent\n+ ensure => directory\n"}, {"resource": "File[/etc/nginx/registry-nginx-cache.conf]", "parameters": "--- File[/etc/nginx/registry-nginx-cache.conf].orig\n+++ File[/etc/nginx/registry-nginx-cache.conf]\n\n@@\n- ensure => absent\n+ ensure => file\n"}, {"resource": "Class[Profile::Docker_registry]", "parameters": "--- Class[Profile::Docker_registry].orig\n+++ Class[Profile::Docker_registry]\n\n@@\n- nginx_blob_cache => False\n+ nginx_blob_cache => True\n"}, {"resource": "Class[Docker_registry::Web]", "parameters": "--- Class[Docker_registry::Web].orig\n+++ Class[Docker_registry::Web]\n\n@@\n- nginx_blob_cache => False\n+ nginx_blob_cache => True\n"}], "perc_changed": "0.20%"}}}