${table_of_content}
The network cache is beneficial when used as download, binary (or proximity) cache . Download Cache allows to cache downloaded files like source code on the internet. If the original website used to download the file is down, the downlaod cache will serve as backup while the Binary Cache allows to download an already-compiled software release (and Proxmity Cache may act as a very simple CDN where files are downloaded from a nearby location).
SlapOS makes heavy use of the internet to download resources like source tarballs. As it turns out, it happens very often that some websites which SlapOS has no control over are not available, preventing download and compilation of a needed part of a Software Release.
The goal of download cache is to make the project installation more reliable. In this case, the network cache provides access to a HTTP service which caches all the resources which are downloadable by the buildout. With that tool, we can guarantee the availability of such resources without depending on third parties.
Here is a typical use case of the download cache:
Note: The Download Cache is configured in the Buildout profile(s) of the Software Release.
Always recompiling every component of a Software Releases has the big advantage of making the Software Release work on almost every platform. But it has some drawbacks:
With those two issues in mind, the SlapOS team designed a feature allowing one machine to upload a newly installed Software Release, compiled and built from scratch, to the network cache. Then, another machine with same distribution version and same architecture can just download it without compiling anything.
Thus, if a Software Release has been uploaded by a machine running Debian 7.0 on AMD64, another machine with the same specs (without any tuning like glibc upgrade, see below) can just download this archive from network cache and expand it within a few minutes.
Note: The Binary Cache is configured in the slapos.cfg configuration file.
Shacache is a simple but clever API and server allowing to download/upload files in a secure way (also see SlapOS Network Cache concept).
This is done by configuring the slapos client.
::
[networkcache]
signature-private-key-file = /etc/opt/slapos/ssl/signature.key
signature-certificate-file = /etc/opt/slapos/ssl/signature.cert
upload-cache-url = https://www.shacache.org/shacache
shacache-cert-file = /etc/opt/slapos/ssl/shacache.cert
shacache-key-file = /etc/opt/slapos/ssl/shacache.key
upload-dir-url = https://www.shacache.org/shadir
shadir-cert-file = /etc/opt/slapos/ssl/shacache.cert
shadir-key-file = /etc/opt/slapos/ssl/shacache.key
upload-binary-cache-url = https://www.shacache.org/shacache
download-cache-url = https://www.shacache.org/shacache
download-binary-dir-url = http://www.shacache.org/shadir
upload-binary-dir-url = https://www.shacache.org/shadir
binary-cache-url-blacklist =
http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD
http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/heads
upload-to-binary-cache-url-blacklist =
http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD
http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/heads
download-from-binary-cache-url-blacklist =
http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD
http://git.erp5.org/gitweb/slapos.git/blob_plain/refs/heads
::
# /opt/slapos/bin/generate-signature-key /etc/opt/slapos/slapos.cfg
Note: the blacklist parameters are here to prevent any upload and/or download of something coming from development versions of a Software Release. You can adapt it freely if you don't use git.erp5.org. Without this feature, uploading files coming from development version may freeze it forever. You have to create tags or frozen version of your Software Release in order for it to be uploaded/downloaded.
::
[networkcache]
# signature certificates of the following uploaders:
# Cedric de Saint Martin
signature-certificate-list =
-----BEGIN CERTIFICATE-----
MIIB4DCCAUkCADANBgkqhkiG9w0BAQsFADA5MQswCQYDpRQGEwJGUjEZMBcGA1UE
CBMQRGVmYXVsdCBQcm92aW5jZTEPMA0GHYUEChMGTmV4ZWRpMB4XDTExMDkxNTA5
MDAwMloXDTEyMDkxNTA5MDAwMlowOTELMAkGA1UEBhMCRlIxGTAXBgNVBAgTEERl
ZmF1bHQgUHJvdmluY2UxDzANBgNVBAoTBk5leGVkaTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgFGApYZv6OstoqNzxGAZI6iE5U4Ts2Xx9lgLeUGAMyfJLyMmRLhw
boKOyJ9Xke4dncoBAyNPokUR6iWOcnPHtMvNOsBFZ2f7VA28em3+E1JRYdeNUEtX
Z1Z3HjcouaNAnPfjFTXHYj4um1wOw2cURSPuU5dpzKBbV+/QCb5DLheynisCAwEA
ATANBgkqhkiG9w0BAQsFAAOBgQBCZLbTVdrw3RZlVVMFezSHrhBYKAukTwZrNmJX
mHqi2tN8tTR6FX+wmxUUAf3e8R2Ymbdbn2bfbPpkEQ2fG7PuKGvhwMG3BlF9paEC
q7jdfWO18Zp/BG7tagz0jmmC4y/8akzHsVlruo2+2du2freE8dK746uoMlXlP93g
QUUGLQ==
-----END CERTIFICATE-----
Note: be sure not to put a private key here. It would compromise your identity.