Conary:Conary Proxy
From rPath Wiki
|
Conary can use a Conary proxy to cache changesets between a client and a repository. One or more clients can use the same Conary proxy to improve the efficiency of changeset operations between those clients and the repositories they access.
Set Up a Conary Proxy
To set up a Conary proxy, install the conary-proxy package on the system on which the proxy should reside, and configure one or more clients to use that proxy.
The conary-proxy package provides the necessary software for Conary to cache changesets locally. If no modifications are required from the default Conary proxy installation, install conary-proxy from the conary-proxy project currently maintained at rBuilder Online (rBO):
#> conary update conary-proxy=/conary-proxy.rpath.org@proxy:1/0.1-2
No additional configuration should be required for this proxy after it is installed. The Conary proxy naturally uses Apache as installed on the same system. When the default installation is not sufficient, a modification of the conary-proxy package is required. To make these modifications, first shadow or clone the package's source component (as described in Conary:Shadows and Conary:Clones). Then, after checking out and modifying the package, commit those changes, and install the package from that repository instead of from the conary-proxy project in rBO.
 | The conary-proxy is not part of Conary or rPath Linux maintenance and not part of supported packages from rPath. Be aware of these limitations when using this package or when shadowing and modifying it for custom use. |
Detailed Contents of the Example Package
The conary-proxy package is provided by rPath as an example only. To set up a Conary proxy in a production appliance, copy it to the same label as the appliance and modify it as necessary.
The package consists of mostly configuration files. The main configuration file is placed in /srv/conary-proxy/config/conary-proxy.cnr and it contains the following text:
changesetCacheDir /srv/conary-proxy/cscache proxyContentsDir /srv/conary-proxy/contents tmpDir /srv/conary-proxy/tmp
The configuration in this file directs the Conary proxy to cache its changesets in the /srv/conary-proxy/cscache directory. Conary contents files are placed in /srv/conary-proxy/contents, and /srv/conary-proxy/tmp is used for temporary files.
Additionally, the package contains the following:
- /etc/httpd/conf.d/conary-proxy.conf -- This configures Apache (httpd) as a front-end to forward requests to the Conary proxy.
- /etc/cron.daily/conary-proxy -- This is a cron configuration file to clear the cache and contents directories periodically in the interest of disk space.
- The directories for the contents, cache, and temporary files used by the Conary proxy
Configuration Directives for the Conary Proxy
Add lines to the configuration file in /srv/conary-proxy/config/conary-proxy.cnr to override some default Conary proxy configurations. The following list indicates what directives you can add plus the purpose and expected data for each directive. Imitate the syntax as shown in the previous example (directive, space, and value):
- changesetCacheDir -- (directory path) Provide an absolute path in which to store the cached changesets
- closed -- (string) Disable the proxy from normal operation (optional)
- entitlement -- (entitlement value) Include an entitlement key used to interact with Conary repositories (optional)
- logFile -- (directory path) Provide an absolute path in which to keep a call log for all activity (optional)
- proxy -- (DNS identity) Specify an HTTP proxy used to access remote networks (optional)
- conaryProxy -- (DNS identity) Set this to the next link in the chain when chaining Conary proxies (optional)
- proxyContentsDir -- (directory path) Provide an absolute path in which to store internal working data
- tmpDir -- (directory path) Provide an absolute path to serve as temporary storage
- traceLog -- (directory path) Provide an absolute path in which to dump a text debugging log (optional)
- user -- (credentials) Supply user credentials to use when interacting with Conary repositories (optional)
Configure Clients to use a Conary Proxy
By default, clients will not use a Conary proxy. This means the conaryProxy directive in the client's system-wide Conary configuration is set to None, and Conary is exchanging changesets directly with all network-accessible repositories instead of using a Conary proxy to cache those changesets. As with most configuration directives on a Conary system, use the conaryProxy directive in a custom conaryrc (such as ~/.conaryrc in the user's home directory) to override these defaults.
To configure Conary to use a Conary proxy, use the following Conary configuration lines in the current user's ~/.conaryrc, replacing <hostname> with the IP or hostname of the system on which the Conary proxy was installed:
conaryProxy http http://<proxyhost>/conary/ conaryProxy https https://<proxyhost>/conary/
Place these line at the top of the ~/.conaryrc file along with other directives that should apply to all directories with which that user interacts (considered its "global" section). To apply the Conary proxy only to one or more particular context, the directives could be placed inside those context definitions (after each context name in brackets).
Verify the Conary proxy configuration on a client using conary config such as in the following command which uses grep to find the conaryProxy directive:
$> conary config | grep conaryProxy conaryProxy http http://proxyhost/conary/ conaryProxy https https://proxyhost/conary/
 | rMake honors these settings. Thus, the cvc and rmake commands should be the same with respect to repository access. |
| | A Conary proxy may not be used in conjunction with user authentication (such as user:pass@localhost/conary/). Conary does not pass on authentication information to a Conary proxy. Access to a Conary proxy can be limited through the use of iptables rules set up by your local firewall. |
Remove the custom conaryProxy lines from ~/.conaryrc file to go back to direct changeset interaction with the Conary repositories. After removing the entry, use the conary config as previously stated to verify the conaryProxy entry is not displayed:
#> conary config | grep conaryProxy #>
Limitations
When configuring a Conary client, HTTP/HTTP proxies cannot be used in conjunction with Conary proxies. If both an HTTP proxy and a Conary proxy is set in Conary configuration, the Conary proxy will take precedence over the HTTP proxy.