Hashar has uploaded a new change for review. https://gerrit.wikimedia.org/r/70818
Change subject: beta: adapt role::cache::varnish::upload ...................................................................... beta: adapt role::cache::varnish::upload * pass the top and upload domains down to varnish VCL via the cluster_options. * points swift backend to the upload instance created by Ariel Change-Id: I2b4231281bd224b4892c8767f98f772666397668 --- M manifests/lvs.pp M manifests/role/cache.pp M templates/varnish/upload-backend.inc.vcl.erb M templates/varnish/upload-frontend.inc.vcl.erb 4 files changed, 31 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/18/70818/1 diff --git a/manifests/lvs.pp b/manifests/lvs.pp index ab94e23..0f0edc9 100644 --- a/manifests/lvs.pp +++ b/manifests/lvs.pp @@ -413,7 +413,9 @@ 'search_pool5' => {}, 'search_poolbeta' => {}, 'search_prefix' => {}, - 'swift' => {}, + 'swift' => { + 'pmtpa' => '10.4.1.103', # deployment-upload.pmtpa.wmflabs + }, 'payments' => {}, 'upload' => { 'pmtpa' => { diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index 85d40b2..d69d306 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -681,6 +681,21 @@ class { "varnish::htcppurger": varnish_instances => [ "127.0.0.1:80", "127.0.0.1:3128" ] } + case $::realm { + 'production': { + $cluster_options = { + 'upload_domain' => 'upload.wikimedia.org', + 'top_domain' => 'org', + } + } + 'labs': { + $cluster_options = { + 'upload_domain' => 'upload.beta.wmflabs.org', + 'top_domain' => 'beta.wmflabs.org', + } + } + } + varnish::instance { "upload-backend": name => "", vcl => "upload-backend", @@ -731,6 +746,7 @@ 'max_connections' => 1000, 'weight' => $backend_weight, }], + cluster_options => $cluster_options, wikimedia_networks => $wikimedia_networks, xff_sources => $network::constants::all_networks } @@ -772,6 +788,7 @@ 'probe' => "varnish", 'weight' => $backend_weight, }], + cluster_options => $cluster_options, xff_sources => $network::constants::all_networks, } diff --git a/templates/varnish/upload-backend.inc.vcl.erb b/templates/varnish/upload-backend.inc.vcl.erb index 31d8722..0b62383 100644 --- a/templates/varnish/upload-backend.inc.vcl.erb +++ b/templates/varnish/upload-backend.inc.vcl.erb @@ -1,3 +1,7 @@ +<% +top_domain = cluster_options.fetch( 'top_domain', 'org' ) +upload_domain = cluster_options.fetch( 'upload_domain', 'upload.wikimedia.org' ) +-%> # Varnish VCL include file for upload backends sub pick_main_stevedore { @@ -62,7 +66,7 @@ else { if (req.backend == rendering && req.url ~ "^/[^-/]+/[^/]+/thumb/(.+)$") { set bereq.url = regsub(req.url, "^/[^-/]+/[^/]+/thumb/(.+)$", "/w/thumb_handler.php/\1"); - set bereq.http.host = regsub(req.url, "^/([^-/]+)/([^/]+)/thumb/.+$", "\2.\1.org"); + set bereq.http.host = regsub(req.url, "^/([^-/]+)/([^/]+)/thumb/.+$", "\2.\1.<%= Regexp.escape(top_domain) %>"); set bereq.http.X-Original-URI = req.url; # Exceptions @@ -85,7 +89,7 @@ call vcl_recv_purge; call restrict_access; - if ( req.http.host != "upload.wikimedia.org") { + if ( req.http.host != "<%= upload_domain %>") { error 403 "Requested target domain not allowed."; } diff --git a/templates/varnish/upload-frontend.inc.vcl.erb b/templates/varnish/upload-frontend.inc.vcl.erb index 8bc6d24..beb0e1b 100644 --- a/templates/varnish/upload-frontend.inc.vcl.erb +++ b/templates/varnish/upload-frontend.inc.vcl.erb @@ -1,3 +1,7 @@ +<% +top_domain = cluster_options.fetch( 'top_domain', 'org' ) +upload_domain = cluster_options.fetch( 'upload_domain', 'upload.wikimedia.org' ) +-%> # Varnish VCL include file for upload frontends sub vcl_recv { @@ -8,7 +12,7 @@ error 403 "HTTP method not allowed."; } - if ( req.http.host == "upload.wikimedia.org") { + if ( req.http.host == "<%= upload_domain %>") { # Replace double slashes set req.url = regsuball(req.url, "/{2,}", "/"); return (lookup); -- To view, visit https://gerrit.wikimedia.org/r/70818 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2b4231281bd224b4892c8767f98f772666397668 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Hashar <has...@free.fr> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits