infrastructure/blender-projects-platform
7
1
Issues 48 Projects 1 Activity

Buildbot: Checksum is sometimes out-of-sync from the file #89

New Issue
Closed
opened 2024-07-04 10:59:32 +02:00 by Sergey Sharybin · 8 comments
Sergey Sharybin commented 2024-07-04 10:59:32 +02:00
Owner
Copy Link

The checksums are stored in a separate file (<build_name>.sha256). They are served via CDN, similar to the actual Blender builds.

The issue comes from the fact that sometimes builds do change without change in the file name. For example, LTS tracks keeps being build every night, or a vdev build can be re-triggered with the new libraries.

This leads to situation when CDN cache is in inconsistent state due to build and checksum being cached separately.
Perhaps there is a way to provide proper cache-control from our side, so that CDN can more immediately react to the changes to the content.

The checksums are stored in a separate file (`<build_name>.sha256`). They are served via CDN, similar to the actual Blender builds. The issue comes from the fact that sometimes builds do change without change in the file name. For example, LTS tracks keeps being build every night, or a vdev build can be re-triggered with the new libraries. This leads to situation when CDN cache is in inconsistent state due to build and checksum being cached separately. Perhaps there is a way to provide proper cache-control from our side, so that CDN can more immediately react to the changes to the content.
Sergey Sharybin added the
Service
Buildbot
 label 2024-07-04 10:59:32 +02:00
Bart van der Braak commented 2024-07-15 18:31:03 +02:00
Owner
Copy Link

I have only just gotten CDN77 access, so I will compare caching strategies for these endpoints and the responses our origin provide to make this more consistent:

  1. Cache-Control Headers: For example, set the Cache-Control header to no-cache or max-age=0 for the checksum files. This will force the CDN to check for updates each time the file is requested.

  2. Invalidate Cache: Implement a cache invalidation strategy where we programmatically purge the specific files from the CDN cache whenever a new build is pushed.

  3. Use ETags: Utilize ETags (entity tags) for these resources. The CDN can then use these tags to determine whether the cached version is still valid or if it should fetch a new version.

  4. CDN Configuration: E.g. different cache rules for different file types or paths.

I have only just gotten CDN77 access, so I will compare caching strategies for these endpoints and the responses our origin provide to make this more consistent: 1. **Cache-Control Headers**: For example, set the `Cache-Control` header to `no-cache` or `max-age=0` for the checksum files. This will force the CDN to check for updates each time the file is requested. 2. **Invalidate Cache**: Implement a cache invalidation strategy where we programmatically purge the specific files from the CDN cache whenever a new build is pushed. 3. **Use ETags**: Utilize ETags (entity tags) for these resources. The CDN can then use these tags to determine whether the cached version is still valid or if it should fetch a new version. 4. **CDN Configuration**: E.g. different cache rules for different file types or paths.
Bart van der Braak added this to the DevOps Progress Board project 2024-07-16 12:49:22 +02:00
Bart van der Braak self-assigned this 2024-07-16 13:38:35 +02:00
Bart van der Braak commented 2024-07-17 14:43:15 +02:00
Owner
Copy Link

This issue was prevalent for download.blender.org. I changed the Nginx configuration as follows to make sure that Cloudflare revalidates if anything changes at the origin:

@@ -170,13 +170,9 @@
             add_header Cache-Control "no-cache, no-store, must-revalidate, proxy-revalidate, max-age=60";
         }
 
-        location ~* \.(xz|msi|msix|exe|gz|bz2|dmg)$ {
-            # Make sure that Cloudflare revalidates such that files don't drift from the .md5sum counterpart
-            add_header Cache-Control "public, no-cache, must-revalidate";
-        }
-
-        location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|mov|avi|zip)$ {
+       location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|mov|avi|zip|xz|msi|msix|exe|gz|bz2|dmg)$ {
             # Set the expiration time to 1 month
+            expires 1M;
             add_header Cache-Control "public, max-age=2592000, immutable";
         }

Using the following sources:

This issue was prevalent for `download.blender.org`. I changed the Nginx configuration as follows to make sure that Cloudflare revalidates if anything changes at the origin: ``` @@ -170,13 +170,9 @@ add_header Cache-Control "no-cache, no-store, must-revalidate, proxy-revalidate, max-age=60"; } - location ~* \.(xz|msi|msix|exe|gz|bz2|dmg)$ { - # Make sure that Cloudflare revalidates such that files don't drift from the .md5sum counterpart - add_header Cache-Control "public, no-cache, must-revalidate"; - } - - location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|mov|avi|zip)$ { + location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|otf|mov|avi|zip|xz|msi|msix|exe|gz|bz2|dmg)$ { # Set the expiration time to 1 month + expires 1M; add_header Cache-Control "public, max-age=2592000, immutable"; } ``` Using the following sources: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control - https://developers.cloudflare.com/cache/concepts/cache-control/ - https://blog.cloudflare.com/introducing-smart-edge-revalidation/
Bart van der Braak commented 2024-07-24 12:57:05 +02:00
Owner
Copy Link

Fixing this issue with revalidation for cdn.builder.blender.org by using:

@@ -27,6 +27,13 @@
                 SetHandler application/x-httpd-php
         </FilesMatch>
 
+        <IfModule mod_headers.c>
+               # Make sure that CDN77 revalidates every 60 sec to prevent cache drift between builds and their shasum counterpart
+                <FilesMatch "\.(xz|msi|msix|exe|gz|bz2|dmg|sha256)$">
+                        Header set Cache-Control "public, max-age=60, must-revalidate"
+                </FilesMatch>
+        </IfModule>
+
Fixing this issue with revalidation for `cdn.builder.blender.org` by using: ``` @@ -27,6 +27,13 @@ SetHandler application/x-httpd-php </FilesMatch> + <IfModule mod_headers.c> + # Make sure that CDN77 revalidates every 60 sec to prevent cache drift between builds and their shasum counterpart + <FilesMatch "\.(xz|msi|msix|exe|gz|bz2|dmg|sha256)$"> + Header set Cache-Control "public, max-age=60, must-revalidate" + </FilesMatch> + </IfModule> + ```
👍 1
Bart van der Braak commented 2024-07-25 17:36:52 +02:00
Owner
Copy Link

Change has been deployed to UATEST and Production.

Change has been deployed to UATEST and Production.
Oleg-Komarov commented 2024-07-29 18:22:51 +02:00
Owner
Copy Link

should .pdf be also included in this rule?

should `.pdf` be also included in this rule?
Oleg-Komarov commented 2024-07-29 19:02:30 +02:00
Owner
Copy Link

use case: https://download.blender.org/institute/blender-annual-report-2023-v1.4-web.pdf

use case: https://download.blender.org/institute/blender-annual-report-2023-v1.4-web.pdf
Sergey Sharybin commented 2024-07-30 00:29:12 +02:00
Author
Owner
Copy Link

@Oleg-Komarov This task is about builds served from builder.b.o, which uses CDN77, which is quite different from download.b.o. Also, some rules on download.b.o has been already tweaked during 4.2 release.
If there are still issues with the download.b.o please submit a new report.

@Oleg-Komarov This task is about builds served from builder.b.o, which uses CDN77, which is quite different from download.b.o. Also, some rules on download.b.o has been already tweaked during 4.2 release. If there are still issues with the download.b.o please submit a new report.
Bart van der Braak commented 2024-07-30 01:28:40 +02:00
Owner
Copy Link

Created #112

Created #112
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
Service
Buildbot
builder.blender.org

  
Service
Chat
chat.blender.org

  
Service
Gitea
projects.blender.org

  
Service
Translate
translate.blender.org

  
Type
Bug
Errors or incorrect behaviour

  
Type
Config
Configuration change

  
Type
Deployment
Version deployment or rollback

  
Type
Feature
New functionality or enhancement

  
Type
Setup
New service setup and deployment

No Label
Service
Buildbot
Service
Chat
Service
Gitea
Service
Translate
Type
Bug
Type
Config
Type
Deployment
Type
Feature
Type
Setup
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
DevOps Progress Board
Assignees
Clear assignees
No Assignees
Bart van der Braak
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/blender-projects-platform#89
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?