BBlack has submitted this change and it was merged.
Change subject: Support optional keepalives and websockets for v4 only
......................................................................
Support optional keepalives and websockets for v4 only
The websockets part requires the request buffering disable in the
earlier commit, I think.
Bug: T134870
Change-Id: Id31596760ee24b14ba93289b489f4529ad1853fa
---
M modules/tlsproxy/manifests/instance.pp
M modules/tlsproxy/manifests/localssl.pp
M modules/tlsproxy/templates/localssl.erb
M modules/tlsproxy/templates/nginx.conf.erb
M modules/varnish/manifests/instance.pp
M modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
M modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
M modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
8 files changed, 56 insertions(+), 6 deletions(-)
Approvals:
BBlack: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/tlsproxy/manifests/instance.pp
b/modules/tlsproxy/manifests/instance.pp
index 93ab8cc..bc689c0 100644
--- a/modules/tlsproxy/manifests/instance.pp
+++ b/modules/tlsproxy/manifests/instance.pp
@@ -3,6 +3,8 @@
# Tune kernel settings
include base::mysterious_sysctl
+ $keepalives_per_worker =
hiera('tlsproxy::localssl::keepalives_per_worker', 0)
+ $websocket_support = hiera('cache::websocket_support', false)
$nginx_worker_connections = '32768'
$nginx_ssl_conf = ssl_ciphersuite('nginx', 'compat')
$nginx_tune_for_media = hiera('cache::tune_for_media', false)
diff --git a/modules/tlsproxy/manifests/localssl.pp
b/modules/tlsproxy/manifests/localssl.pp
index e01e6b3..9781bae 100644
--- a/modules/tlsproxy/manifests/localssl.pp
+++ b/modules/tlsproxy/manifests/localssl.pp
@@ -41,6 +41,7 @@
$varnish_version4 = hiera('varnish_version4', false)
$keepalives_per_worker =
hiera('tlsproxy::localssl::keepalives_per_worker', 0)
+ $websocket_support = hiera('cache::websocket_support', false)
# Ensure that exactly one definition exists with default_server = true
# if multiple defines have default_server set to true, this
diff --git a/modules/tlsproxy/templates/localssl.erb
b/modules/tlsproxy/templates/localssl.erb
index 32ccdc8..ef775dc 100644
--- a/modules/tlsproxy/templates/localssl.erb
+++ b/modules/tlsproxy/templates/localssl.erb
@@ -2,7 +2,7 @@
# This file is managed by Puppet!
upstream local_fe_<%= @basename %> {
server <%= @ipaddress %>:<%= @upstream_port %> max_fails=0;
-<% if @keepalives_per_worker.to_i > 0 -%>
+<% if @varnish_version4 and @keepalives_per_worker.to_i > 0 -%>
keepalive <%= @keepalives_per_worker %>; # Note: commonly up to 48 workers!
<% end -%>
}
@@ -32,13 +32,13 @@
proxy_pass http://local_fe_<%= @basename %>;
<% if @varnish_version4 -%>
proxy_http_version 1.1;
-<% end -%>
-<% if @keepalives_per_worker.to_i > 0 -%>
-<% if not @varnish_version4 -%>
- proxy_http_version 1.1;
-<% end -%>
+<% if @websocket_support -%>
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+<% elsif @keepalives_per_worker.to_i > 0 -%>
proxy_set_header Connection "";
<% end -%>
+<% end -%>
# this should be in sync with Varnish's first_byte_timeout
# and PHP's max_execution_time
diff --git a/modules/tlsproxy/templates/nginx.conf.erb
b/modules/tlsproxy/templates/nginx.conf.erb
index be5146c..3c5a8b1 100644
--- a/modules/tlsproxy/templates/nginx.conf.erb
+++ b/modules/tlsproxy/templates/nginx.conf.erb
@@ -120,6 +120,17 @@
'.' '0';
}
+<% if @varnish_version4 and @websocket_support -%>
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+<% if @keepalives_per_worker.to_i > 0 -%>
+ '' '';
+<% else -%>
+ '' close;
+<% end -%>
+ }
+<% end -%>
+
<%= @nginx_ssl_conf.join("\n") %>
include /etc/nginx/conf.d/*.conf;
diff --git a/modules/varnish/manifests/instance.pp
b/modules/varnish/manifests/instance.pp
index 18593b0..a0612f1 100644
--- a/modules/varnish/manifests/instance.pp
+++ b/modules/varnish/manifests/instance.pp
@@ -24,6 +24,8 @@
$extraopts = "-n ${name}"
}
+ $websocket_support = hiera('cache::websocket_support', false)
+
# $varnish_version4 is used to distinguish between v4 and v3 versions of
# VCL code, as well as to pass the right parameters to varnishd. See
# varnish.systemd.erb
diff --git a/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
b/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
index 1faded1..51509e4 100644
--- a/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
@@ -36,6 +36,10 @@
<% end -%>
<% end -%>
+<% if @varnish_version4 and @websocket_support -%>
+ call wm_common_websocket_recv;
+<% end -%>
+
call wm_common_recv_grace;
call cluster_be_recv_pre_purge;
@@ -89,6 +93,12 @@
return (<%= @fetch_pass %>); // no default VCL (which is just "return
(<%= @fetch_pass %>)" anyways)
}
+<% if @varnish_version4 and @websocket_support -%>
+sub vcl_pipe {
+ call wm_common_websocket_pipe;
+}
+<% end -%>
+
<% if @varnish_version4 -%>
sub vcl_backend_response {
<% else -%>
diff --git a/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
b/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
index b1dfd63..b0fe971 100644
--- a/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
@@ -401,3 +401,17 @@
}
}
<% end -%>
+
+<% if @varnish_version4 and @websocket_support -%>
+sub wm_common_websocket_recv {
+ if (req.http.upgrade ~ "(?i)websocket") {
+ return (pipe);
+ }
+}
+
+sub wm_common_websocket_pipe {
+ if (req.http.upgrade) {
+ set bereq.http.upgrade = req.http.upgrade;
+ }
+}
+<% end -%>
diff --git a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
index f3588c3..5fb0c62 100644
--- a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
@@ -256,6 +256,10 @@
set req.backend = cache_local;
<% end -%>
+<% if @varnish_version4 and @websocket_support -%>
+ call wm_common_websocket_recv;
+<% end -%>
+
call wm_common_recv_grace;
if (<%= @req_method %> != "PURGE") {
@@ -324,6 +328,12 @@
return (<%= @fetch_pass %>); // no default VCL (which is just "return
(<%= @fetch_pass %>)" anyways)
}
+<% if @varnish_version4 and @websocket_support -%>
+sub vcl_pipe {
+ call wm_common_websocket_pipe;
+}
+<% end -%>
+
<% if @varnish_version4 -%>
sub vcl_backend_response {
<% else -%>
--
To view, visit https://gerrit.wikimedia.org/r/287941
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id31596760ee24b14ba93289b489f4529ad1853fa
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: Ema <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
