jenkins-bot has submitted this change and it was merged.
Change subject: Varnish role
......................................................................
Varnish role
Reuses code from Icd74a682d999a8d366949dfce41d8b267f2511ae
In this case the role is opt-in and not a default. To access the VM
through varnish, simply hit port 6081 instead of 8080.
Bug: T54302
Change-Id: Ied4febaa3078b86786d856f1226745df4425a780
---
A puppet/modules/role/manifests/varnish.pp
A puppet/modules/role/settings/varnish.yaml
A puppet/modules/varnish/files/default.vcl
A puppet/modules/varnish/manifests/init.pp
4 files changed, 187 insertions(+), 0 deletions(-)
Approvals:
BryanDavis: Looks good to me, but someone else must approve
Dduvall: Looks good to me, approved
jenkins-bot: Verified
diff --git a/puppet/modules/role/manifests/varnish.pp
b/puppet/modules/role/manifests/varnish.pp
new file mode 100644
index 0000000..5c1eb8b
--- /dev/null
+++ b/puppet/modules/role/manifests/varnish.pp
@@ -0,0 +1,15 @@
+# == Class: role::varnish
+#
+# Installs a Varnish instance
+#
+class role::varnish {
+ include ::varnish
+
+ mediawiki::settings { 'varnish':
+ values => {
+ 'wgUseSquid' => true,
+ 'wgSquidServers' => [ '127.0.0.1:6081' ],
+ }
+ }
+}
+
diff --git a/puppet/modules/role/settings/varnish.yaml
b/puppet/modules/role/settings/varnish.yaml
new file mode 100644
index 0000000..5a903cb
--- /dev/null
+++ b/puppet/modules/role/settings/varnish.yaml
@@ -0,0 +1,3 @@
+forward_ports:
+ 6081: 6081
+
diff --git a/puppet/modules/varnish/files/default.vcl
b/puppet/modules/varnish/files/default.vcl
new file mode 100755
index 0000000..b6f6304
--- /dev/null
+++ b/puppet/modules/varnish/files/default.vcl
@@ -0,0 +1,147 @@
+# set default backend if no server cluster specified
+backend default {
+ .host = "127.0.0.1";
+ .port = "8080";
+}
+
+# access control list for "purge": open to only localhost and other local nodes
+acl purge {
+ "127.0.0.1";
+}
+
+# vcl_recv is called whenever a request is received
+sub vcl_recv {
+ # Serve objects up to 2 minutes past their expiry if the backend
+ # is slow to respond.
+ set req.grace = 120s;
+ set req.http.X-Forwarded-For = client.ip;
+ set req.backend = default;
+
+ # This uses the ACL action called "purge". Basically if a request to
+ # PURGE the cache comes from anywhere other than localhost, ignore it.
+ if (req.request == "PURGE") {
+ if (!client.ip ~ purge) {
+ error 405 "Not allowed.";
+ }
+ return(lookup);
+ }
+
+ # Pass any requests that Varnish does not understand straight to the
backend.
+ if (req.request != "GET" && req.request != "HEAD" &&
+ req.request != "PUT" && req.request != "POST" &&
+ req.request != "TRACE" && req.request != "OPTIONS" &&
+ req.request != "DELETE") {
+ return(pipe); /* Non-RFC2616 or CONNECT which is weird. */
+ }
+
+ # Pass anything other than GET and HEAD directly.
+ if (req.request != "GET" && req.request != "HEAD") {
+ return(pass);
+ }
+
+ # Pretend that image requests don't have cookie/auth, so that they get
cached
+ if (req.url ~ "^/images/") {
+ unset req.http.Authorization;
+ unset req.http.Cookie;
+ }
+
+ # Pass requests from logged-in users directly.
+ if (req.http.Authorization || req.http.Cookie ~ "wikiUserID=") {
+ return(pass);
+ }
+
+ # Pass any requests with the "If-None-Match" header directly.
+ if (req.http.If-None-Match) {
+ return(pass);
+ }
+
+ # Force lookup if the request is a no-cache request from the client.
+ if (req.http.Cache-Control ~ "no-cache") {
+ ban_url(req.url);
+ }
+
+ # Pass requests to potential non-plain reads on articles (eg. action=edit)
+ if (req.url ~ "^/w/index\.php" || req.url ~ "^/\?title=") {
+ return(pass);
+ }
+
+ # normalize Accept-Encoding to reduce vary
+ if (req.http.Accept-Encoding) {
+ if (req.http.User-Agent ~ "MSIE 6") {
+ unset req.http.Accept-Encoding;
+ } elsif (req.http.Accept-Encoding ~ "gzip") {
+ set req.http.Accept-Encoding = "gzip";
+ } elsif (req.http.Accept-Encoding ~ "deflate") {
+ set req.http.Accept-Encoding = "deflate";
+ } else {
+ unset req.http.Accept-Encoding;
+ }
+ }
+
+ return(lookup);
+}
+
+sub vcl_pipe {
+ # Note that only the first request to the backend will have
+ # X-Forwarded-For set. If you use X-Forwarded-For and want to
+ # have it set for all requests, make sure to have:
+ # set req.http.connection = "close";
+
+ # This is otherwise not necessary if you do not do any request rewriting.
+
+ set req.http.connection = "close";
+}
+
+# Called if the cache has a copy of the page.
+sub vcl_hit {
+ if (req.request == "PURGE") {
+ ban_url(req.url);
+ error 200 "Purged";
+ }
+
+ if (!obj.ttl > 0s) {
+ return(pass);
+ }
+}
+
+# Called if the cache does not have a copy of the page.
+sub vcl_miss {
+ if (req.request == "PURGE") {
+ error 200 "Not in cache";
+ }
+}
+
+sub vcl_deliver {
+ if (obj.hits > 0) {
+ set resp.http.X-Cache = "hit (" + obj.hits + ")";
+ } else {
+ set resp.http.X-Cache = "miss (0)";
+ }
+}
+
+# Called after a document has been successfully retrieved from the backend.
+sub vcl_fetch {
+
+ # set minimum timeouts to auto-discard stored objects
+# set beresp.prefetch = -30s;
+ set beresp.grace = 120s;
+
+ if (beresp.ttl < 48h) {
+ set beresp.ttl = 48h;
+ }
+
+ if (!beresp.ttl > 0s) {
+ return(hit_for_pass);
+ }
+
+ if (beresp.http.Set-Cookie) {
+ return(hit_for_pass);
+ }
+
+# if (beresp.http.Cache-Control ~ "(private|no-cache|no-store)")
+# {return(hit_for_pass);}
+
+ if (req.http.Authorization && !beresp.http.Cache-Control ~ "public") {
+ return(hit_for_pass);
+ }
+}
\ No newline at end of file
diff --git a/puppet/modules/varnish/manifests/init.pp
b/puppet/modules/varnish/manifests/init.pp
new file mode 100644
index 0000000..0541f8d
--- /dev/null
+++ b/puppet/modules/varnish/manifests/init.pp
@@ -0,0 +1,22 @@
+# == Class: Varnish
+#
+# This Puppet class installs and configures a Varnish instance
+#
+class varnish {
+ package { 'varnish':
+ ensure => 'present'
+ }
+
+ file { '/etc/varnish/default.vcl':
+ source => 'puppet:///modules/varnish/default.vcl',
+ mode => '0644',
+ require => Package['varnish'],
+ }
+
+ service { 'varnish':
+ ensure => running,
+ provider => init,
+ require => Package['varnish'],
+ subscribe => File['/etc/varnish/default.vcl'],
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/237081
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ied4febaa3078b86786d856f1226745df4425a780
Gerrit-PatchSet: 6
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: Gilles <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
Gerrit-Reviewer: Dduvall <[email protected]>
Gerrit-Reviewer: Gilles <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
