From: Peter Palfrader Date: Mon, 28 May 2018 08:09:17 +0000 (+0200) Subject: rename varnish to varnish_pkgmirror module X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=05585e883e1de8150cc30ac1d2e474c0b153c128 rename varnish to varnish_pkgmirror module --- diff --git a/manifests/site.pp b/manifests/site.pp index b0bd0f9d6..f4494e6b0 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -105,6 +105,6 @@ node default { } if $::hostname == 'pkgmirror-csail' { - include varnish + include varnish_pkgmirror } } diff --git a/modules/varnish-pkgmirror/files/default.vcl b/modules/varnish-pkgmirror/files/default.vcl new file mode 100644 index 000000000..709801b2c --- /dev/null +++ b/modules/varnish-pkgmirror/files/default.vcl @@ -0,0 +1,39 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## +vcl 4.0; + +backend default { + .host = "127.0.0.1"; + .port = "80"; +} + +sub vcl_backend_response { +/* if (beresp.status != 200 && beresp.status != 403 && beresp.status != 404 && beresp.status != 301 && beresp.status != 302) { + return(restart); + }*/ + + # if I cant connect to the backend, ill set the grace period to be 600 seconds to hold onto content + set beresp.ttl = 600s; + set beresp.grace = 600s; + + if (beresp.status >= 500) { + set beresp.ttl = 0.1s; + } + unset beresp.http.Set-Cookie; +} + + +sub vcl_deliver { + + set resp.http.X-Served-By = server.hostname; + if (obj.hits > 0) { + set resp.http.X-Cache = "HIT"; + set resp.http.X-Cache-Hits = obj.hits; + } else { + set resp.http.X-Cache = "MISS"; + } + + return(deliver); +} diff --git a/modules/varnish-pkgmirror/files/varnish.default b/modules/varnish-pkgmirror/files/varnish.default new file mode 100644 index 000000000..4f4244f5f --- /dev/null +++ b/modules/varnish-pkgmirror/files/varnish.default @@ -0,0 +1,116 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + + +# Configuration file for varnish +# +# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK +# to be set from this shell script fragment. +# +# Note: If systemd is installed, this file is obsolete and ignored. You will +# need to copy /lib/systemd/system/varnish.service to /etc/systemd/system/ and +# edit that file. + +# Should we start varnishd at boot? Set to "no" to disable. +START=yes + +# Maximum number of open files (for ulimit -n) +NFILES=131072 + +# Maximum locked memory size (for ulimit -l) +# Used for locking the shared memory log in memory. If you increase log size, +# you need to increase this number as well +MEMLOCK=82000 + +# Default varnish instance name is the local nodename. Can be overridden with +# the -n switch, to have more instances on a single server. +# INSTANCE=$(uname -n) + +# This file contains 4 alternatives, please use only one. + +## Alternative 1, Minimal configuration, no VCL +# +# Listen on port 6081, administration on localhost:6082, and forward to +# content server on localhost:8080. Use a 1GB fixed-size cache file. +# +# DAEMON_OPTS="-a :6081 \ +# -T localhost:6082 \ +# -b localhost:8080 \ +# -u varnish -g varnish \ +# -S /etc/varnish/secret \ +# -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G" + + +## Alternative 2, Configuration with VCL +# +# Listen on port 6081, administration on localhost:6082, and forward to +# one content server selected by the vcl file, based on the request. Use a 1GB +# fixed-size cache file. +# +DAEMON_OPTS="-a :80 \ + -T localhost:6082 \ + -f /etc/varnish/default.vcl \ + -S /etc/varnish/secret \ + -s malloc,1024m" + + +## Alternative 3, Advanced configuration +# +# See varnishd(1) for more information. +# +# # Main configuration file. You probably want to change it :) +# VARNISH_VCL_CONF=/etc/varnish/default.vcl +# +# # Default address and port to bind to +# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify +# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets. +# VARNISH_LISTEN_ADDRESS= +# VARNISH_LISTEN_PORT=6081 +# +# # Telnet admin interface listen address and port +# VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 +# VARNISH_ADMIN_LISTEN_PORT=6082 +# +# # The minimum number of worker threads to start +# VARNISH_MIN_THREADS=1 +# +# # The Maximum number of worker threads to start +# VARNISH_MAX_THREADS=1000 +# +# # Idle timeout for worker threads +# VARNISH_THREAD_TIMEOUT=120 +# +# # Cache file location +# VARNISH_STORAGE_FILE=/var/lib/varnish/$INSTANCE/varnish_storage.bin +# +# # Cache file size: in bytes, optionally using k / M / G / T suffix, +# # or in percentage of available disk space using the % suffix. +# VARNISH_STORAGE_SIZE=1G +# +# # File containing administration secret +# VARNISH_SECRET_FILE=/etc/varnish/secret +# +# # Backend storage specification +# VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" +# +# # Default TTL used when the backend does not specify one +# VARNISH_TTL=120 +# +# # DAEMON_OPTS is used by the init script. If you add or remove options, make +# # sure you update this section, too. +# DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ +# -f ${VARNISH_VCL_CONF} \ +# -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ +# -t ${VARNISH_TTL} \ +# -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \ +# -S ${VARNISH_SECRET_FILE} \ +# -s ${VARNISH_STORAGE}" +# + + +## Alternative 4, Do It Yourself +# +# DAEMON_OPTS="" + diff --git a/modules/varnish-pkgmirror/files/varnish.logrotate b/modules/varnish-pkgmirror/files/varnish.logrotate new file mode 100644 index 000000000..afa230ddd --- /dev/null +++ b/modules/varnish-pkgmirror/files/varnish.logrotate @@ -0,0 +1,29 @@ +/var/log/varnish/varnish.log { + daily + rotate 7 + missingok + compress + delaycompress + missingok + postrotate + if [ -d /run/systemd/system ]; then + systemctl -q is-active varnishlog.service || exit 0 + fi + /usr/sbin/invoke-rc.d varnishlog reload > /dev/null + endscript +} + +/var/log/varnish/varnishncsa.log { + daily + rotate 7 + missingok + compress + delaycompress + missingok + postrotate + if [ -d /run/systemd/system ]; then + systemctl -q is-active varnishncsa.service || exit 0 + fi + /usr/sbin/invoke-rc.d varnishncsa reload > /dev/null + endscript +} diff --git a/modules/varnish-pkgmirror/manifests/init.pp b/modules/varnish-pkgmirror/manifests/init.pp new file mode 100644 index 000000000..3b747c956 --- /dev/null +++ b/modules/varnish-pkgmirror/manifests/init.pp @@ -0,0 +1,46 @@ +class varnish_pkgmirror { + + package { 'varnish': + ensure => installed, + } + + service { 'varnish': + ensure => running, + } + + include apache2::dynamic + + @ferm::rule { 'dsa-varnish': + domain => '(ip ip6)', + prio => '100', + description => 'Allow http access', + rule => '&SERVICE(tcp, 80)' + } + + file { '/etc/default/varnish': + source => 'puppet:///modules/varnish_pkgmirror/varnish.default', + require => Package['varnish'], + notify => Service['varnish'], + mode => '0444', + } + + file { '/etc/varnish/default.vcl': + source => 'puppet:///modules/varnish_pkgmirror/default.vcl', + require => Package['varnish'], + notify => Service['varnish'], + mode => '0444', + } + file { '/var/lib/varnish/.nobackup': + ensure => present, + content => "", + require => Package['varnish'], + mode => '0444', + } + + file { '/etc/logrotate.d/varnish': + source => 'puppet:///modules/varnish_pkgmirror/varnish.logrotate', + require => Package['varnish'], + mode => '0444', + } +} + diff --git a/modules/varnish/files/default.vcl b/modules/varnish/files/default.vcl deleted file mode 100644 index 709801b2c..000000000 --- a/modules/varnish/files/default.vcl +++ /dev/null @@ -1,39 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## -vcl 4.0; - -backend default { - .host = "127.0.0.1"; - .port = "80"; -} - -sub vcl_backend_response { -/* if (beresp.status != 200 && beresp.status != 403 && beresp.status != 404 && beresp.status != 301 && beresp.status != 302) { - return(restart); - }*/ - - # if I cant connect to the backend, ill set the grace period to be 600 seconds to hold onto content - set beresp.ttl = 600s; - set beresp.grace = 600s; - - if (beresp.status >= 500) { - set beresp.ttl = 0.1s; - } - unset beresp.http.Set-Cookie; -} - - -sub vcl_deliver { - - set resp.http.X-Served-By = server.hostname; - if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; - set resp.http.X-Cache-Hits = obj.hits; - } else { - set resp.http.X-Cache = "MISS"; - } - - return(deliver); -} diff --git a/modules/varnish/files/varnish.default b/modules/varnish/files/varnish.default deleted file mode 100644 index 4f4244f5f..000000000 --- a/modules/varnish/files/varnish.default +++ /dev/null @@ -1,116 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - - -# Configuration file for varnish -# -# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK -# to be set from this shell script fragment. -# -# Note: If systemd is installed, this file is obsolete and ignored. You will -# need to copy /lib/systemd/system/varnish.service to /etc/systemd/system/ and -# edit that file. - -# Should we start varnishd at boot? Set to "no" to disable. -START=yes - -# Maximum number of open files (for ulimit -n) -NFILES=131072 - -# Maximum locked memory size (for ulimit -l) -# Used for locking the shared memory log in memory. If you increase log size, -# you need to increase this number as well -MEMLOCK=82000 - -# Default varnish instance name is the local nodename. Can be overridden with -# the -n switch, to have more instances on a single server. -# INSTANCE=$(uname -n) - -# This file contains 4 alternatives, please use only one. - -## Alternative 1, Minimal configuration, no VCL -# -# Listen on port 6081, administration on localhost:6082, and forward to -# content server on localhost:8080. Use a 1GB fixed-size cache file. -# -# DAEMON_OPTS="-a :6081 \ -# -T localhost:6082 \ -# -b localhost:8080 \ -# -u varnish -g varnish \ -# -S /etc/varnish/secret \ -# -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G" - - -## Alternative 2, Configuration with VCL -# -# Listen on port 6081, administration on localhost:6082, and forward to -# one content server selected by the vcl file, based on the request. Use a 1GB -# fixed-size cache file. -# -DAEMON_OPTS="-a :80 \ - -T localhost:6082 \ - -f /etc/varnish/default.vcl \ - -S /etc/varnish/secret \ - -s malloc,1024m" - - -## Alternative 3, Advanced configuration -# -# See varnishd(1) for more information. -# -# # Main configuration file. You probably want to change it :) -# VARNISH_VCL_CONF=/etc/varnish/default.vcl -# -# # Default address and port to bind to -# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify -# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets. -# VARNISH_LISTEN_ADDRESS= -# VARNISH_LISTEN_PORT=6081 -# -# # Telnet admin interface listen address and port -# VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 -# VARNISH_ADMIN_LISTEN_PORT=6082 -# -# # The minimum number of worker threads to start -# VARNISH_MIN_THREADS=1 -# -# # The Maximum number of worker threads to start -# VARNISH_MAX_THREADS=1000 -# -# # Idle timeout for worker threads -# VARNISH_THREAD_TIMEOUT=120 -# -# # Cache file location -# VARNISH_STORAGE_FILE=/var/lib/varnish/$INSTANCE/varnish_storage.bin -# -# # Cache file size: in bytes, optionally using k / M / G / T suffix, -# # or in percentage of available disk space using the % suffix. -# VARNISH_STORAGE_SIZE=1G -# -# # File containing administration secret -# VARNISH_SECRET_FILE=/etc/varnish/secret -# -# # Backend storage specification -# VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" -# -# # Default TTL used when the backend does not specify one -# VARNISH_TTL=120 -# -# # DAEMON_OPTS is used by the init script. If you add or remove options, make -# # sure you update this section, too. -# DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ -# -f ${VARNISH_VCL_CONF} \ -# -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ -# -t ${VARNISH_TTL} \ -# -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \ -# -S ${VARNISH_SECRET_FILE} \ -# -s ${VARNISH_STORAGE}" -# - - -## Alternative 4, Do It Yourself -# -# DAEMON_OPTS="" - diff --git a/modules/varnish/files/varnish.logrotate b/modules/varnish/files/varnish.logrotate deleted file mode 100644 index afa230ddd..000000000 --- a/modules/varnish/files/varnish.logrotate +++ /dev/null @@ -1,29 +0,0 @@ -/var/log/varnish/varnish.log { - daily - rotate 7 - missingok - compress - delaycompress - missingok - postrotate - if [ -d /run/systemd/system ]; then - systemctl -q is-active varnishlog.service || exit 0 - fi - /usr/sbin/invoke-rc.d varnishlog reload > /dev/null - endscript -} - -/var/log/varnish/varnishncsa.log { - daily - rotate 7 - missingok - compress - delaycompress - missingok - postrotate - if [ -d /run/systemd/system ]; then - systemctl -q is-active varnishncsa.service || exit 0 - fi - /usr/sbin/invoke-rc.d varnishncsa reload > /dev/null - endscript -} diff --git a/modules/varnish/manifests/init.pp b/modules/varnish/manifests/init.pp deleted file mode 100644 index 7561869e6..000000000 --- a/modules/varnish/manifests/init.pp +++ /dev/null @@ -1,46 +0,0 @@ -class varnish { - - package { 'varnish': - ensure => installed, - } - - service { 'varnish': - ensure => running, - } - - include apache2::dynamic - - @ferm::rule { 'dsa-varnish': - domain => '(ip ip6)', - prio => '100', - description => 'Allow http access', - rule => '&SERVICE(tcp, 80)' - } - - file { '/etc/default/varnish': - source => 'puppet:///modules/varnish/varnish.default', - require => Package['varnish'], - notify => Service['varnish'], - mode => '0444', - } - - file { '/etc/varnish/default.vcl': - source => 'puppet:///modules/varnish/default.vcl', - require => Package['varnish'], - notify => Service['varnish'], - mode => '0444', - } - file { '/var/lib/varnish/.nobackup': - ensure => present, - content => "", - require => Package['varnish'], - mode => '0444', - } - - file { '/etc/logrotate.d/varnish': - source => 'puppet:///modules/varnish/varnish.logrotate', - require => Package['varnish'], - mode => '0444', - } -} -