Faidon Liambotis has submitted this change and it was merged.
Change subject: varnish: (temporarily?) disable TBF
......................................................................
varnish: (temporarily?) disable TBF
This reverts 86b0cb47. It has caused T122453 twice now and is
responsible for T122455 as well.
Change-Id: I12ea52165e125aaf4ed779399f34cff16d5cd140
---
M modules/varnish/templates/initscripts/varnish.systemd.erb
M modules/varnish/templates/vcl/wikimedia.vcl.erb
2 files changed, 0 insertions(+), 34 deletions(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/modules/varnish/templates/initscripts/varnish.systemd.erb
b/modules/varnish/templates/initscripts/varnish.systemd.erb
index e8ddc664..7fb8692 100644
--- a/modules/varnish/templates/initscripts/varnish.systemd.erb
+++ b/modules/varnish/templates/initscripts/varnish.systemd.erb
@@ -10,7 +10,6 @@
<% if @vcl_config.fetch("enable_geoiplookup", false) -%>
Environment="CC_COMMAND=exec cc -fpic -shared -Wl,-x -L/usr/local/lib/ -o %%o
%%s -lGeoIP"
<% end -%>
-ExecStartPre=/usr/bin/install -d -o varnish -g varnish -m 755 /run/vmod_tbf
ExecReload=/usr/share/varnish/reload-vcl <%= @extraopts %> -q
ExecStart=/usr/sbin/varnishd \
-P %t/%p.pid \
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 0af1898..366f38f 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -10,9 +10,6 @@
<% if @vcl_config.fetch("layer", "") == "frontend" -%>
# only used in recv_fe_ip_processing on frontends
import netmapper;
-# only used on frontends, for ratelimiter
-import ipcast;
-import tbf;
<% end %>
<%
@@ -168,19 +165,6 @@
<% end #director loop -%>
# Functions
-
-<% if @vcl_config.fetch("layer", "") == "frontend" -%>
-
-sub misspass_limiter {
- if (ipcast.ip(req.http.X-Client-IP, "127.0.0.1") !~ wikimedia_nets) {
- // TBF: "1, 0.02s, 250" == "50/s, burst of 250"
- if (!tbf.rate(req.http.X-Client-IP, 1, 0.02s, 250)) {
- error 429 "Request Rate Exceeded";
- }
- }
-}
-
-<% end -%>
// start frontend-only block for HTTPS
<% if @vcl_config.fetch("layer", "") == "frontend" &&
@vcl_config.fetch("https_redirects", false) -%>
@@ -405,16 +389,6 @@
// args here are map-name (for .map()), data file, and seconds between
mtime checks for reload
netmapper.init("proxies", "/var/netmapper/proxies.json", 89);
netmapper.init("carriers", "/var/netmapper/carriers.json", 89);
- // no sync to disk, tmpfs, truncate data on reload/restart - simpler
- // to reason about, and our ratelimits aren't long-term enough for
- // persistence across daemon restarts to matter much.
- tbf.open("/run/vmod_tbf/tbf.db", "mode=600;dbname=tbf.bdb;trunc");
-<% end %>
-}
-
-sub vcl_fini {
-<% if @vcl_config.fetch("layer", "") == "frontend" -%>
- tbf.close();
<% end %>
}
@@ -534,10 +508,6 @@
error 204 "Cache miss";
}
-<% if @vcl_config.fetch("layer", "") == "frontend" -%>
- call misspass_limiter;
-<% end %>
-
/* Function vcl_miss in <%= @vcl %>.inc.vcl will be appended here */
}
@@ -548,9 +518,6 @@
} else {
set req.http.X-CDIS = "pass";
}
-<% if @vcl_config.fetch("layer", "") == "frontend" -%>
- call misspass_limiter;
-<% end %>
// All cache clusters are dual-tier/layer, and all tier-two backends and all
// frontends have exactly two backends: "backend" and "backend_random". The
--
To view, visit https://gerrit.wikimedia.org/r/261204
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I12ea52165e125aaf4ed779399f34cff16d5cd140
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
