From 0c6f34ec54ca6b4ae390547b7b423e23545511ca Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 28 May 2018 10:37:24 +0200 Subject: [PATCH] sallinen varnish --- modules/roles/manifests/snapshot_web.pp | 22 +++++++++ .../snapshot/snapshot.debian.org.vcl.erb | 27 +++++++++++ modules/varnish/manifests/config.pp | 47 +++++++++++++++++++ 3 files changed, 96 insertions(+) create mode 100644 modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb create mode 100644 modules/varnish/manifests/config.pp diff --git a/modules/roles/manifests/snapshot_web.pp b/modules/roles/manifests/snapshot_web.pp index c3eeddd2b..be3039c01 100644 --- a/modules/roles/manifests/snapshot_web.pp +++ b/modules/roles/manifests/snapshot_web.pp @@ -12,4 +12,26 @@ class roles::snapshot_web { site => 'snapshot.debian.org', content => template('roles/snapshot/snapshot.debian.org.conf.erb') } + + case $::hostname { + 'sallinen': { + varnish::default { 'default': + listen => ':6081,[2001:630:206:4000:1a1a:0:c13e:ca1b]:80', + backend => 'file,/var/lib/varnish/varnish_storage.bin,8G', + content => template('roles/snapshot/snapshot.debian.org.vcl.erb'), + } + + file { '/etc/apache2/ports.conf': + content => @("EOF"), + Listen 0.0.0.0:80 + Listen [2001:630:206:4000:1a1a:0:c13e:ca1a]:80 + | EOF + require => Package['apache2'], + notify => Service['apache2'], + } + } + default: { + fail ( "unknown host $::hostname for snapshot_web." ) + } + } } diff --git a/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb b/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb new file mode 100644 index 000000000..25e6d1275 --- /dev/null +++ b/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb @@ -0,0 +1,27 @@ +#-e This is a basic VCL configuration file for varnish. See the vcl(7) +#man page for details on VCL syntax and semantics. +vcl 4.0; + +backend default { + .host = "127.0.0.1"; + .port = "80"; +} + +# weasel's rule: +sub vcl_recv { + if (req.http.Cache-Control ~ "(?i)no-cache") { + # Ignore requests via proxy caches and badly behaved crawlers + if (! (req.http.Via || req.http.User-Agent ~ "(?i)bot" || req.http.X-Purge)) { + return(purge); # Couple this with restart in vcl_purge and X-Purge header to avoid loops + } + } +} + +sub vcl_purge { + # Only handle actual PURGE HTTP methods, everything else is discarded + if (req.method != "PURGE") { + # restart request + set req.http.X-Purge = "Yes"; + return(restart); + } +} diff --git a/modules/varnish/manifests/config.pp b/modules/varnish/manifests/config.pp new file mode 100644 index 000000000..a46f799a0 --- /dev/null +++ b/modules/varnish/manifests/config.pp @@ -0,0 +1,47 @@ +define varnish::config ( + $listen = ':6081', + $source=undef, + $content=undef, + $ensure = 'present', + $backend = "-s malloc,256m", +) { + if $name != "default" { + fail ( "This module cannot setup non-default varnish instances yet." ) + } + + case $ensure { + present: { + include varnish::base + + if ! ($source or $content) { + fail ( "No configuration found for ${name}" ) + } + + systemd::override { 'varnish': + content => @("EOF"), + [Service] + ExecStart= + ExecStart=/usr/sbin/varnishd -a ${listen} -T localhost:6082 -f /etc/varnish/${name}.vcl -S /etc/varnish/secret -s ${backend} + | EOF + } + + $dest = "/etc/varnish/${name}.vcl" + if $content { + file { "${dest}": + ensure => $ensure, + content => $content, + notify => Service["varnish"], + } + } elsif $source { + file { "${dest}": + ensure => $ensure, + source => $source, + notify => Service["varnish"], + } + } + } + default: { + fail ( "Can only deal with ensure=>present for now" ) + } + } +} -- 2.20.1