Dduvall has uploaded a new change for review.
https://gerrit.wikimedia.org/r/239502
Change subject: Varnish `config` resources
......................................................................
Varnish `config` resources
Implemented `varnish::config` and `varnish::backend` that allow roles
and other modules to declare their own VCL file. An `order` can be given
to determine the order in which the given configuration is applied by
Varnish.
Since Varnish does not support directories or wildcards with include, a
simple conf.d style was achieved using an additional `conf-d.vcl`
include that is initialized, amended, and sorted by Puppet.
Follows-up: Ied4febaa3078b86786d856f1226745df4425a780
Change-Id: I882941713563f437223a3d52233eac406038a4b3
---
R puppet/modules/varnish/files/default-subs.vcl
A puppet/modules/varnish/manifests/backend.pp
A puppet/modules/varnish/manifests/config.pp
M puppet/modules/varnish/manifests/init.pp
A puppet/modules/varnish/templates/backend.vcl.erb
5 files changed, 150 insertions(+), 17 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vagrant
refs/changes/02/239502/1
diff --git a/puppet/modules/varnish/files/default.vcl
b/puppet/modules/varnish/files/default-subs.vcl
similarity index 93%
rename from puppet/modules/varnish/files/default.vcl
rename to puppet/modules/varnish/files/default-subs.vcl
old mode 100755
new mode 100644
index b6f6304..26c5cd8
--- a/puppet/modules/varnish/files/default.vcl
+++ b/puppet/modules/varnish/files/default-subs.vcl
@@ -1,21 +1,9 @@
-# set default backend if no server cluster specified
-backend default {
- .host = "127.0.0.1";
- .port = "8080";
-}
-
-# access control list for "purge": open to only localhost and other local nodes
-acl purge {
- "127.0.0.1";
-}
-
# vcl_recv is called whenever a request is received
sub vcl_recv {
# Serve objects up to 2 minutes past their expiry if the backend
# is slow to respond.
set req.grace = 120s;
set req.http.X-Forwarded-For = client.ip;
- set req.backend = default;
# This uses the ACL action called "purge". Basically if a request to
# PURGE the cache comes from anywhere other than localhost, ignore it.
@@ -144,4 +132,4 @@
if (req.http.Authorization && !beresp.http.Cache-Control ~ "public") {
return(hit_for_pass);
}
-}
\ No newline at end of file
+}
diff --git a/puppet/modules/varnish/manifests/backend.pp
b/puppet/modules/varnish/manifests/backend.pp
new file mode 100644
index 0000000..5a9beb9
--- /dev/null
+++ b/puppet/modules/varnish/manifests/backend.pp
@@ -0,0 +1,33 @@
+# == Define: varnish::backend
+#
+# Sets up a new Varnish backend.
+#
+# === Parameters
+#
+# [*host*]
+# Backend host.
+#
+# [*port*]
+# Backend port.
+#
+# [*onlyif*]
+# VCL condition for routing to the backend.
+#
+# === Examples
+#
+# varnish::backend { 'thumbor':
+# host => '127.0.0.1',
+# port => '8888',
+# onlyif => 'req.url ~ "^/images/thumb/.*\.(jpg|png)"',
+# }
+#
+define varnish::backend(
+ $host,
+ $port,
+ $onlyif = 'req.url ~ "."',
+) {
+ varnish::config { "backend-${title}":
+ content => template('varnish/backend.vcl.erb'),
+ order => 20,
+ }
+}
diff --git a/puppet/modules/varnish/manifests/config.pp
b/puppet/modules/varnish/manifests/config.pp
new file mode 100644
index 0000000..af23436
--- /dev/null
+++ b/puppet/modules/varnish/manifests/config.pp
@@ -0,0 +1,47 @@
+# == Define: varnish::config
+#
+# Sets up a new Varnish config file.
+#
+# === Parameters
+#
+# [*source*]
+# VCL file source.
+#
+# [*content*]
+# VCL file content.
+#
+# [*order*]
+# Order in which Varnish will apply your configuration (0-99).
+# Default: 60 (apply just after default VCL).
+#
+# === Examples
+#
+# varnish::config { 'thumbor':
+# source => 'puppet:///modules/thumbor/varnish.vcl',
+# order => 99,
+# }
+#
+define varnish::config(
+ $source = undef,
+ $content = undef,
+ $order = 60,
+) {
+ include ::varnish
+
+ $i = sprintf('%02d', $order)
+ $path = "${::varnish::confd}/${i}-${title}.vcl"
+
+ file { $path:
+ source => $source,
+ content => $content,
+ mode => '0644',
+ notify => Service['varnish'],
+ }
+
+ file_line { "${::varnish::conf}:${title}":
+ line => "include \"${path}\";",
+ path => $::varnish::conf,
+ require => File[$path],
+ notify => Exec['varnish_sort_confd'],
+ }
+}
diff --git a/puppet/modules/varnish/manifests/init.pp
b/puppet/modules/varnish/manifests/init.pp
index 0541f8d..591fbba 100644
--- a/puppet/modules/varnish/manifests/init.pp
+++ b/puppet/modules/varnish/manifests/init.pp
@@ -1,15 +1,46 @@
-# == Class: Varnish
+# == Class: varnish
#
-# This Puppet class installs and configures a Varnish instance
+# This Puppet class installs and configures a Varnish instance.
+#
+# Additional configuration can be managed using `varnish::config` and will be
+# applied according to the given `order`. Default configuration has an order
+# of 5, so anything of a lesser order will be applied first, greater next.
+# Typical Varnish rules of precedence apply when evaluating multiple
+# configuration and subroutines.
+#
+# See
https://www.varnish-cache.org/docs/3.0/reference/vcl.html#multiple-subroutines
#
class varnish {
package { 'varnish':
ensure => 'present'
}
+ $conf = "/etc/varnish/conf-d.vcl"
+ $confd = '/etc/varnish/conf.d'
+
+ # This level of include indirection is annoying but necessary to escape
+ # endless Puppet file/file_line conflicts.
file { '/etc/varnish/default.vcl':
- source => 'puppet:///modules/varnish/default.vcl',
+ content => "include \"${conf}\";\n",
mode => '0644',
+ owner => 'root',
+ group => 'root',
+ require => Package['varnish'],
+ }
+
+ file { $conf:
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ require => Package['varnish'],
+ }
+
+ file { $confd:
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
require => Package['varnish'],
}
@@ -17,6 +48,30 @@
ensure => running,
provider => init,
require => Package['varnish'],
- subscribe => File['/etc/varnish/default.vcl'],
+ subscribe => File[$conf],
+ }
+
+ # Ensure included config order is respected by sorting default.vcl
+ # (see varnish::config)
+ exec { 'varnish_sort_confd':
+ command => "sort -o '${conf}' '${conf}'",
+ refreshonly => true,
+ notify => Service['varnish'],
+ }
+
+ varnish::backend { 'default':
+ host => '127.0.0.1',
+ port => '8080',
+ }
+
+ # acl for "purge": open to only localhost
+ varnish::config { 'acl-purge':
+ content => 'acl purge { "127.0.0.1"; }',
+ order => 10,
+ }
+
+ varnish::config { 'default-subs':
+ source => 'puppet:///modules/varnish/default-subs.vcl',
+ order => 50,
}
}
diff --git a/puppet/modules/varnish/templates/backend.vcl.erb
b/puppet/modules/varnish/templates/backend.vcl.erb
new file mode 100644
index 0000000..c52c8a8
--- /dev/null
+++ b/puppet/modules/varnish/templates/backend.vcl.erb
@@ -0,0 +1,10 @@
+backend <%= @title %> {
+ .host = "<%= @host %>";
+ .port = "<%= @port %>";
+}
+
+sub vcl_recv {
+ if (<%= @onlyif %>) {
+ set req.backend = <%= @title %>;
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/239502
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I882941713563f437223a3d52233eac406038a4b3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: Dduvall <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
