From 77668348c043c2ea66e5c1b9b5c95a6eec10584c Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 19 May 2015 16:32:38 +0000
Subject: [PATCH] Use varnish for mirrormanager2 publiclist

This change makes us use varnish for the mm2 publiclist
and configures varnish to ignore cookies on the /mirrors
subpath.
The cookie ignore is only valid after the master-noauth
Pull Request #80 is merged, as that hides all authed
information from the publiclist pages.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 playbooks/include/proxies-reverseproxy.yml |  9 ---------
 roles/varnish/files/proxy.vcl              | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index a55472fd71..904428a116 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -216,15 +216,6 @@
     proxyurl: http://localhost:10009
 
   - role: httpd/reverseproxy
-    when: env != "staging"
-    website: admin.fedoraproject.org
-    destname: mirrormanager
-    remotepath: /mirrormanager
-    localpath: /mirrormanager
-    proxyurl: http://localhost:10008
-
-  - role: httpd/reverseproxy
-    when: env == "staging"
     website: admin.fedoraproject.org
     destname: mirrormanager
     remotepath: /mirrormanager
diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl
index 37ca3da7ca..ed8333b672 100644
--- a/roles/varnish/files/proxy.vcl
+++ b/roles/varnish/files/proxy.vcl
@@ -187,6 +187,10 @@ sub vcl_recv {
             unset req.http.cookie;
             set req.url = regsub(req.url, "\?.*", "");
         }
+        if (req.url ~ "^/mirrormanager/mirrors") {
+            unset req.http.cookie;
+            set req.url = regsub(req.url, "\?.*", "");
+        }
     }
     if (req.url ~ "^/mirrormanager2/") {
         set req.backend_hint = mirrormanager2;
@@ -299,3 +303,13 @@ sub vcl_recv {
 #        unset beresp.http.set-cookie;
 #    }
 #}
+
+
+# Make sure mirrormanager/mirrors doesn't set any cookies
+# (Setting cookies would make varnish store a HIT-FOR-PASS
+#  making it always fetch from backend)
+sub vcl_backend_response {
+    if (bereq.url ~ "^/mirrormanager/mirrors") {
+        unset beresp.http.set-cookie;
+    }
+}