For a while the Fedora koji setup has had a machine running squid with apache behind it for packages (kojipkgs01.phx2.fedoraproject.org/kojipkgs.fedoraproject.org). With this config things work fine, however, it presents a single point of failure if that host is down or unavailable.

We recently tried serveral things:

• kojipkgs.fedoraproject.org pointing to proxy01 and proxy10, so requests go to apache on those proxies, then via haproxy to kojipkgs01 or kojipkgs02 (a pair).

• kojipkgs.fedoraproject.org pointing to kojipkgs01 and kojipgks02 in dns so requests go round robin to each of them.

• kojipkgs.fedoraproject.org pointing to just proxy01, then it's apache and haproxy to kojipkgs01/02, or even just kojipkgs01.

All these paths resulted in builds failing to unpack src.rpms, which would show as:

DEBUG util.py:435: error: unpacking of archive failed on file /builddir/build/SOURCES/graphviz-2.40.1.tar.gz;587cd943: cpio: read
DEBUG util.py:435: error: /builddir/build/originals/graphviz-2.40.1-2.fc26.src.rpm cannot be installed

and indeed the src.rpm fetched by openRemoteFile here was incomplete/invalid.

So, I wonder if there's some way to verify the download of the src.rpm, and/or retry if it's not complete that would avoid this issue. We would really love to not have a single kojipkgs as a single point of failure if we can at all do so. I would think the http server would say the size and it could check that, or perhaps there's some way to validate the rpm after download... whatever works.