Dzahn has uploaded a new change for review. https://gerrit.wikimedia.org/r/293789
Change subject: varnish: git.wm.org to antimony, remove git-related config/tests ...................................................................... varnish: git.wm.org to antimony, remove git-related config/tests This would be in case we decide that we don't want to put the rewrite rules on the cluster anyways and put them on iridium instead. If we do that then the backend needs to be changed here and my DNS change to point it to text cluster can be abandoned (I8a7d3245e320160), and Ide401ee9526995bcc23e8 shoud be amended so that the rules end up on iridium instead of the cluster. This is also removing config that was specifically for gitblit and should not be needed anymore. I am not 100% sure if those tests should be deleted like that though. Bug:T137224 Change-Id: Id8dad592e3f16736bc8eb0d6806be1b53feb94fe --- M modules/role/manifests/cache/misc.pp D modules/varnish/files/tests/misc/01-basic-caching.vtc D modules/varnish/files/tests/misc/02-git.w.o-x-forwarded.vtc M modules/varnish/files/tests/misc/09-chunked-response-add-cl.vtc D modules/varnish/files/tests/misc/10-deliver-synth-x-client-ip.vtc M templates/varnish/misc-frontend.inc.vcl.erb 6 files changed, 2 insertions(+), 133 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/89/293789/1 diff --git a/modules/role/manifests/cache/misc.pp b/modules/role/manifests/cache/misc.pp index 5d1b599..351ff40 100644 --- a/modules/role/manifests/cache/misc.pp +++ b/modules/role/manifests/cache/misc.pp @@ -50,13 +50,6 @@ 'be_opts' => merge($app_def_be_opts, { 'port' => 8888 }), 'req_host' => 'hue.wikimedia.org', }, - 'antimony' => { - 'dynamic' => 'no', - 'type' => 'random', - 'backends' => ['antimony.wikimedia.org'], - 'be_opts' => merge($app_def_be_opts, { 'port' => 8080 }), - 'req_host' => 'git.wikimedia.org', - }, 'bromine' => { # ganeti VM for misc. static HTML sites 'dynamic' => 'no', 'type' => 'random', @@ -128,7 +121,8 @@ 'phabricator.wikimedia.org', 'phab.wmfusercontent.org', 'bugzilla.wikimedia.org', - 'bugs.wikimedia.org' + 'bugs.wikimedia.org', + 'git.wikimedia.org' ], }, 'krypton' => { # ganeti VM for misc. PHP apps diff --git a/modules/varnish/files/tests/misc/01-basic-caching.vtc b/modules/varnish/files/tests/misc/01-basic-caching.vtc deleted file mode 100644 index eae1ec4..0000000 --- a/modules/varnish/files/tests/misc/01-basic-caching.vtc +++ /dev/null @@ -1,62 +0,0 @@ -varnishtest "Basic caching behavior" - -server s1 { - rxreq - txresp -} -start - -varnish v1 -arg "-p vcc_err_unref=false" -vcl+backend { - backend vtc_backend { - .host = "${s1_addr}"; .port = "${s1_port}"; - } - - include "/usr/share/varnish/tests/wikimedia_misc-backend.vcl"; -} -start - -client c1 { - txreq - rxresp - expect resp.status == 404 -} - -client c2 { - txreq -hdr "Host: example.org" - rxresp - expect resp.status == 404 -} - -client c3 { - txreq -hdr "Host: git.wikimedia.org" - rxresp - expect resp.status == 200 -} - -varnish v1 -expect cache_miss == 0 -varnish v1 -expect cache_hit == 0 -varnish v1 -expect n_object == 0 - -# c1 does not send the Host header. We expect to get a 404 "Domain not served -# here" in that case. -client c1 -run -varnish v1 -expect cache_miss == 0 -varnish v1 -expect cache_hit == 0 -varnish v1 -expect n_object == 0 - -# c2 sends a request for a domain not served here (example.org). Again we -# expect to get a 404. -client c2 -run -varnish v1 -expect cache_miss == 0 -varnish v1 -expect cache_hit == 0 -varnish v1 -expect n_object == 0 - -# Cache miss with Host: git.wikimedia.org -client c3 -run -varnish v1 -expect cache_miss == 1 -varnish v1 -expect cache_hit == 0 -varnish v1 -expect n_object == 1 - -# Cache hit with Host: git.wikimedia.org -client c3 -run -varnish v1 -expect cache_miss == 1 -varnish v1 -expect cache_hit == 1 -varnish v1 -expect n_object == 1 diff --git a/modules/varnish/files/tests/misc/02-git.w.o-x-forwarded.vtc b/modules/varnish/files/tests/misc/02-git.w.o-x-forwarded.vtc deleted file mode 100644 index e09f90d..0000000 --- a/modules/varnish/files/tests/misc/02-git.w.o-x-forwarded.vtc +++ /dev/null @@ -1,22 +0,0 @@ -varnishtest "git.wikimedia.org expects X-Forwarded-{Proto,Port}" - -server s1 { - rxreq - expect req.http.X-Forwarded-Proto == "https" - expect req.http.X-Forwarded-Port == "443" - txresp -} -start - -varnish v1 -arg "-p vcc_err_unref=false" -vcl+backend { - backend vtc_backend { - .host = "${s1_addr}"; .port = "${s1_port}"; - } - - include "/usr/share/varnish/tests/wikimedia_misc-frontend.vcl"; -} -start - -client c1 { - txreq -hdr "Host: git.wikimedia.org" -hdr "X-Forwarded-Proto: https" - rxresp - expect resp.status == 200 -} -run diff --git a/modules/varnish/files/tests/misc/09-chunked-response-add-cl.vtc b/modules/varnish/files/tests/misc/09-chunked-response-add-cl.vtc index bb3cca8..584bc6d 100644 --- a/modules/varnish/files/tests/misc/09-chunked-response-add-cl.vtc +++ b/modules/varnish/files/tests/misc/09-chunked-response-add-cl.vtc @@ -16,10 +16,3 @@ include "/usr/share/varnish/tests/wikimedia_misc-backend.vcl"; } -start -client c1 { - txreq -hdr "Host: git.wikimedia.org" -hdr "X-Forwarded-Proto: https" - rxresp - expect resp.status == 200 - # We expect Content-Length to be set to 5 (hello) by varnish - expect resp.http.Content-Length == 5 -} -run diff --git a/modules/varnish/files/tests/misc/10-deliver-synth-x-client-ip.vtc b/modules/varnish/files/tests/misc/10-deliver-synth-x-client-ip.vtc deleted file mode 100644 index 42ed3c2..0000000 --- a/modules/varnish/files/tests/misc/10-deliver-synth-x-client-ip.vtc +++ /dev/null @@ -1,29 +0,0 @@ -varnishtest "X-Client-IP should be set by both _synth and _deliver" - -server s1 { - rxreq - txresp - rxreq - txresp -} -start - -varnish v1 -arg "-p vcc_err_unref=false" -vcl+backend { - backend vtc_backend { - .host = "${s1_addr}"; .port = "${s1_port}"; - } - - include "/usr/share/varnish/tests/wikimedia_misc-frontend.vcl"; -} -start - -client c1 { - txreq -hdr "Host: git.wikimedia.org" -hdr "X-Forwarded-Proto: https" - rxresp - expect resp.status == 200 - expect resp.http.X-Client-IP == "127.0.0.1" - - txreq -hdr "Host: git.wikimedia.org" - rxresp - # http -> https redirect through _synth, we should still get X-Client-IP - expect resp.status == 301 - expect resp.http.X-Client-IP == "127.0.0.1" -} -run diff --git a/templates/varnish/misc-frontend.inc.vcl.erb b/templates/varnish/misc-frontend.inc.vcl.erb index 8a82db3..4d06a60 100644 --- a/templates/varnish/misc-frontend.inc.vcl.erb +++ b/templates/varnish/misc-frontend.inc.vcl.erb @@ -15,11 +15,6 @@ unset req.http.X-WEBAUTH-USER; } - if (req.http.Host == "git.wikimedia.org") { - // gitblit requires this and X-F-P:https - set req.http.X-Forwarded-Port = "443"; - } - // STS-preload checker doesn't like [45]xx responses, but 3xx is OK, so // re-use the TLS-redirector code and send them to the wikimedia site. if (req.http.Host == "wmfusercontent.org") { -- To view, visit https://gerrit.wikimedia.org/r/293789 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id8dad592e3f16736bc8eb0d6806be1b53feb94fe Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <dz...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits