Support for Multiple Fallback Proxies

[johnwarburton]

Hi @dadav

We create a number of internal puppet modules and serve them up in an internal forge server

We would like our gorge servers to be able to check the internal forge for a module and then go out to a fallback proxy if the internal forge returns a 404. For example:

gorge serve --fallback-proxy https://internal-forge.example.com,https://forge.puppetlabs.com

I have provided a first cut PR for this proposal but I am not sure I am implementing it in the correct location. Experiments show:

• module on internal forge - everything works well, and external forge is not checked

## Internal Forge
[root@sypls059 jwarburt]# ./gorge serve --dev --bind 0.0.0.0 --port 6666 --cachedir /var/tmp/gorge-internal/cache --modulesdir /var/tmp/gorge-internal/modules
2024-06-24T11:44:43.900+1000    INFO    cmd/serve.go:169        Listen on 0.0.0.0:6666
2024-06-24T11:44:43.900+1000    DEBUG   backend/filesystem.go:331       Reading /var/tmp/gorge-internal/modules/atsonkov-grubby/atsonkov-grubby-0.3.2.tar.gz

### Gorge Proxy with internal forge an dpuppet forge as fallback proxies
root@0b9a4634d8af:/usr/src/myapp# go install -buildvcs=false .
root@0b9a4634d8af:/usr/src/myapp# rm -rf /var/tmp/gorge/modules/* /var/tmp/gorge/cache/*; gorge serve --dev --bind 0.0.0.0 --cachedir /var/tmp/gorge/cache --modulesdir /var/tmp/gorge/modules --import-proxied-releases --cache-prefi
xes /v3/files,/v3/modules --fallback-proxy http://sypls059:6666,https://forge.puppetlabs.com
2024-06-24T01:51:25.167Z        INFO    cmd/serve.go:169        Listen on 0.0.0.0:8080

Client

[root@sypls062 puppet-forge]# grep -v '#' /export/home/jwarburt/puppet-forge/r10k.yaml
---
cachedir: '/var/cache/r10k'
pool_size: 30
forge:
  baseurl: 'http://sypls059:7777'
[root@sypls062 puppet-forge]# grep -v '#' /export/home/jwarburt/puppet-forge/Puppetfile
mod 'atsonkov-grubby', '0.3.2'

[root@sypls062 puppet-forge]# /opt/puppetlabs/puppet/bin/r10k --config=/export/home/jwarburt/puppet-forge/r10k.yaml puppetfile install --force --puppetfile /export/home/jwarburt/puppet-forge/Puppetfile --moduledir /export/home/jwarburt/puppet-forge/work-area/$(uuidgen)

[root@sypls062 puppet-forge]# ls -lart work-area/908a4935-0434-42bc-a533-ed669d2c018c/
total 48
drwxr-xr-x 27 jwarburt jwarburt 36864 Jun 24 12:13 ..
drwxr-xr-x 12 root     root      4096 Jun 24 12:13 grubby
drwxr-xr-x  3 root     root      4096 Jun 24 12:13 .

And the server

2024/06/24 02:13:06 "GET http://sypls059:7777/v3/modules/atsonkov-grubby HTTP/1.1" from 10.70.71.28:58104 - 404 63B in 213.663µs
2024-06-24T02:13:06.568Z        INFO    middleware/proxy.go:41  Forwarding request to [http://sypls059:6666 https://forge.puppetlabs.com]

2024-06-24T02:13:06.568Z        DEBUG   middleware/proxy.go:57  loop 0

2024-06-24T02:13:06.569Z        DEBUG   middleware/proxy.go:106 Response of proxied request to http://sypls059:6666 is 200

2024-06-24T02:13:06.569Z        DEBUG   middleware/proxy.go:109 Found module upstream from http://sypls059:6666

When the module is not available on the internal forge, it looks like it is retried correctly from the puppet forge, but returns an error to r10k

All configuration is the same as above.

Client

[root@sypls062 puppet-forge]# grep -v '#' /export/home/jwarburt/puppet-forge/Puppetfile
mod 'puppet-letsencrypt', '8.0.2'
[root@sypls062 puppet-forge]# grep -v '#' /export/home/jwarburt/puppet-forge/r10k.yaml
---
cachedir: '/var/cache/r10k'
pool_size: 30
forge:
  baseurl: 'http://sypls059:7777'
[root@sypls062 puppet-forge]#
[root@sypls062 puppet-forge]# /opt/puppetlabs/puppet/bin/r10k --config=/export/home/jwarburt/puppet-forge/r10k.yaml puppetfile install --force --puppetfile /export/home/jwarburt/puppet-forge/Puppetfile --moduledir /export/home/jwarburt/puppet-forge/work-area/$(uuidgen)
ERROR    -> Module letsencrypt failed to synchronize due to Unable to connect to http://sypls059 (for request /v3/modules/puppet-letsencrypt): end of file reached
ERROR    -> Error during concurrent deploy of a module: Unable to connect to http://sypls059 (for request /v3/modules/puppet-letsencrypt): end of file reached
ERROR    -> Unable to connect to http://sypls059 (for request /v3/modules/puppet-letsencrypt): end of file reached

Server

2024/06/24 02:17:47 "GET http://sypls059:7777/v3/modules/puppet-letsencrypt HTTP/1.1" from 10.70.71.28:61050 - 404 63B in 169.017µs
2024-06-24T02:17:47.667Z        INFO    middleware/proxy.go:41  Forwarding request to [http://sypls059:6666 https://forge.puppetlabs.com]

2024-06-24T02:17:47.667Z        DEBUG   middleware/proxy.go:57  loop 0

2024-06-24T02:17:47.668Z        DEBUG   middleware/proxy.go:106 Response of proxied request to http://sypls059:6666 is 404

2024-06-24T02:17:47.668Z        DEBUG   middleware/proxy.go:57  loop 1

2024-06-24T02:17:47.712Z        DEBUG   middleware/proxy.go:106 Response of proxied request to https://forge.puppetlabs.com is 200

2024-06-24T02:17:47.713Z        DEBUG   middleware/proxy.go:109 Found module upstream from https://forge.puppetlabs.com

Any pointers in the right direction would be appreciated

thanks
John

[dadav]

Hi @johnwarburton ,

nice idea. I'm thinking about if we can just use the Middleware multiple times, so we wouldn't have to change the proxy code.. I'm gonna do some testing.

[johnwarburton]

Thanks @dadav - this works like a charm - internal gorge and external puppet forge!