1

[PATCH build] Use repo cache in Alpine images

minus
Details
Message ID
<20190416000025.25969-1-minus@mnus.de>
DKIM signature
pass
Download raw message
Patch: +71 -5
Adds the Nginx config necessary to run a caching proxy on the host.
Currently only covers Alpine repos. Also patches all Alpine images to
use repo-cache.local as repository base. repo-cache.local is hardcoded
in /etc/hosts for now.
---
I changed the paths in the locations and upstream locations back
(tested) and also replaced the backup mirror with one in the US.

The X-Cache response header new too, in case any cache issues should
ever appear.

 contrib/repo-cache.nginx.conf | 61 +++++++++++++++++++++++++++++++++++
 images/alpine/genimg          | 15 ++++++---
 2 files changed, 71 insertions(+), 5 deletions(-)
 create mode 100644 contrib/repo-cache.nginx.conf

diff --git a/contrib/repo-cache.nginx.conf b/contrib/repo-cache.nginx.conf
new file mode 100644
index 0000000..4143b62
--- /dev/null
+++ b/contrib/repo-cache.nginx.conf
@@ -0,0 +1,61 @@
+upstream alpine-mirrors {
+	least_conn;
+
+	server unix:/run/nginx/alpine-dl-cdn.sock;
+	server unix:/run/nginx/alpine-dl-2.sock backup;
+
+	keepalive 10;
+}
+
+server {
+	listen unix:/run/nginx/alpine-dl-cdn.sock;
+
+	location / {
+		proxy_pass http://dl-cdn.alpinelinux.org/alpine/;
+	}
+}
+
+server {
+	listen unix:/run/nginx/alpine-dl-2.sock;
+
+	location / {
+		proxy_pass http://dl-2.alpinelinux.org/alpine/;
+	}
+}
+
+proxy_cache_path /var/lib/nginx/proxy-cache/repo-cache
+	levels=2
+	keys_zone=repo-cache:10M
+	inactive=1y
+	max_size=64G
+	use_temp_path=off;
+
+server {
+	listen 80;
+	server_name repo-cache.local;
+
+	proxy_cache_revalidate on;
+	proxy_http_version 1.1;
+	proxy_set_header Connection "";
+	proxy_cache repo-cache;
+	proxy_cache_valid any 1m;
+	proxy_cache_valid 200 1d;
+	add_header X-Served-By $host always;
+	add_header X-Cache $upstream_cache_status always;
+
+	proxy_cache_use_stale error timeout invalid_header http_500 http_502
+		http_503 http_404;
+
+	location / {
+		return 404;
+	}
+
+	location /alpine/ {
+		proxy_pass http://alpine-mirrors/;
+	}
+
+	location ~ ^/alpine/(?<target_uri>.*/APKINDEX\.tar\.gz)$ {
+		proxy_pass http://alpine-mirrors/$target_uri;
+		proxy_cache_valid 200 1m;
+	}
+}
diff --git a/images/alpine/genimg b/images/alpine/genimg
index c98f3ec..66046e7 100755
--- a/images/alpine/genimg
+++ b/images/alpine/genimg
@@ -45,7 +45,7 @@ mount /dev/nbd0p1 /mnt/boot
 swapon /dev/nbd0p2
 
 # TODO: Remove bash
-apk add -U -X http://dl-cdn.alpinelinux.org/alpine/$release/main/ \
+apk add -U -X http://repo-cache.local/alpine/$release/main/ \
 	--allow-untrusted \
 	--arch="$arch" \
 	--root=/mnt \
@@ -83,14 +83,19 @@ run_root setup-timezone -z UTC
 if [ "$release" = "edge" ]
 then
 	cat >/mnt/etc/apk/repositories <<EOF
-http://dl-cdn.alpinelinux.org/alpine/$release/main
-http://dl-cdn.alpinelinux.org/alpine/$release/community
-http://dl-cdn.alpinelinux.org/alpine/$release/testing
+http://repo-cache.local/alpine/$release/main
+http://repo-cache.local/alpine/$release/community
+http://repo-cache.local/alpine/$release/testing
 EOF
 else
-	run_root setup-apkrepos -f
+	cat >/mnt/etc/apk/repositories <<EOF
+http://repo-cache.local/alpine/$release/main
+http://repo-cache.local/alpine/$release/community
+EOF
 fi
 
+echo '172.17.0.1 repo-cache.local' >> /mnt/etc/hosts
+
 extlinux -i /mnt/boot
 
 run_root rc-update add ntpd default
-- 
2.21.0
Details
Message ID
<20190416024251.GA32129@homura.localdomain>
In-Reply-To
<20190416000025.25969-1-minus@mnus.de> (view parent)
DKIM signature
pass
Download raw message
Thanks! I've pushed your changes, along with a couple of minor tweaks.
Let's see how it works out and then roll this out to the rest of the
images. To get a basic idea of the performance improvement I ran a test
build with a bunch of random packages:

Cold cache:

https://builds.sr.ht/~sircmpwn/job/55230 29 seconds

Hot cache:

https://builds.sr.ht/~sircmpwn/job/55231 20 seconds

Pretty good performance boost ^^

One issue we have to solve before rolling this out further is figuring
out how to make this optional. Right now anyone who builds & runs Alpine
Linux images based on this will find them non-operational without
configuring the cache on the host. One way we might address this is by
tweaking genimg to accept a parameter (off by default) for enabling the
repo cache variant of the image, then we can update our image refresh
manifests to pass this flag.