Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Merge varnish patch to production

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2016-03-31 11:39:41 +00:00
parent bafd415395
commit ee4b5edc64
3 changed files with 53 additions and 436 deletions
Download patch file Download diff file Expand all files Collapse all files

11
roles/varnish/tasks/main.yml
View file

@ -25,20 +25,9 @@
tags:
- varnish
# Merge these two after freeze lifts
- name: install /etc/varnish/default.vcl
template: src=proxy.vcl.j2 dest=/etc/varnish/default.vcl
owner=root group=root
when: env != 'staging'
notify:
- restart varnish
tags:
- varnish
- name: install STAGING /etc/varnish/default.vcl
template: src=proxy.vcl.stg.j2 dest=/etc/varnish/default.vcl
owner=root group=root
when: env == 'staging'
notify:
- restart varnish
tags:

99
roles/varnish/templates/proxy.vcl.j2
View file

@ -223,17 +223,6 @@ sub vcl_recv {
if (req.url ~ "^/freemedia/") {
set req.backend_hint = freemedia;
}
if (req.url ~ "^/packages/") {
set req.backend_hint = packages;
if (req.url ~ "^/packages/_res/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/packages/css/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/tagger/") {
set req.backend_hint = tagger;
if (req.url ~ "^/tagger/ui/static/") {
@ -241,20 +230,6 @@ sub vcl_recv {
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/calendar") {
set req.backend_hint = fedocal;
if (req.url ~ "^/calendar/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/kerneltest") {
set req.backend_hint = kerneltest;
if (req.url ~ "^/kerneltest/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.http.X-Forwarded-Server ~ "^paste.fedoraproject.org") {
set req.backend_hint = paste;
if (req.url ~ "^/skins/") {
@ -273,13 +248,6 @@ sub vcl_recv {
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/koschei") {
set req.backend_hint = koschei;
if (req.url ~ "^/koschei/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.http.X-Forwarded-Server ~ "^qa.fedoraproject.org") {
if (req.url ~ "^/blockerbugs") {
set req.backend_hint = blockerbugs;
@ -289,20 +257,59 @@ sub vcl_recv {
}
}
}
if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org") {
if (req.url ~ "^/nuancier") {
set req.backend_hint = nuancier;
if (req.url ~ "^/nuancier/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/nuancier/cache/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
}
if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org" || req.http.X-Forwarded-Server ~ "^apps.stg.fedoraproject.org") {
if (req.url ~ "^/koschei") {
set req.backend_hint = koschei;
if (req.url ~ "^/koschei/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/kerneltest") {
set req.backend_hint = kerneltest;
if (req.url ~ "^/kerneltest/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/calendar") {
set req.backend_hint = fedocal;
if (req.url ~ "^/calendar/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/nuancier") {
set req.backend_hint = nuancier;
if (req.url ~ "^/nuancier/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/nuancier/cache/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/packages/") {
set req.backend_hint = packages;
if (req.url ~ "^/packages/_res/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/packages/css/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/packages/images/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/packages/js/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
}
# Pass any requests with the "If-None-Match" header directly.
if (req.http.If-None-Match) {

379
roles/varnish/templates/proxy.vcl.stg.j2
View file

@ -1,379 +0,0 @@
vcl 4.0;
import directors;
backend wiki {
.host = "localhost";
.port = "10001";
.first_byte_timeout = 120s;
}
backend mirrorlists {
.host = "localhost";
.port = "10002";
}
backend pkgdb {
.host = "localhost";
.port = "10003";
.first_byte_timeout = 160s;
}
backend fas01 {
.host = "fas01";
.port = "http";
.probe = {
.url = "/accounts/";
.interval = 5s;
.timeout = 5s;
.window = 5;
.threshold = 5;
}
}
backend fas02 {
.host = "fas02";
.port = "http";
.probe = {
.url = "/accounts/";
.interval = 5s;
.timeout = 5s;
.window = 5;
.threshold = 5;
}
}
backend fas03 {
.host = "fas03";
.port = "http";
.probe = {
.url = "/accounts/";
.interval = 5s;
.timeout = 5s;
.window = 5;
.threshold = 5;
}
}
sub vcl_init {
new fas = directors.round_robin();
fas.add_backend(fas01);
fas.add_backend(fas02);
fas.add_backend(fas03);
}
backend nuancier {
.host = "localhost";
.port = "10035";
}
backend voting {
.host = "localhost";
.port = "10007";
.first_byte_timeout = 160s;
}
backend mirrormanager {
.host = "localhost";
.port = "10008";
}
backend bodhi {
.host = "localhost";
.port = "10009";
}
backend freemedia {
.host = "localhost";
.port = "10011";
}
backend packages {
.host = "localhost";
.port = "10016";
}
backend tagger {
.host = "localhost";
.port = "10017";
}
backend askbot {
.host = "localhost";
.port = "10021";
}
backend blockerbugs {
.host = "localhost";
.port = "10022";
}
backend fedocal {
.host = "localhost";
.port = "10023";
}
backend kerneltest {
.host = "localhost";
.port = "10038";
}
backend paste {
.host = "localhost";
.port = "10027";
}
backend koschei {
.host = "localhost";
.port = "10040";
}
acl purge {
"192.168.1.129"; // wiki01.vpn
"192.168.1.130"; // wiki02.vpn
"10.5.126.60"; // wiki01.stg
"10.5.126.63"; // wiki01
"10.5.126.73"; // wiki02
"10.5.126.23"; // lockbox01
"192.168.1.58"; //lockbox01.vpn
}
sub vcl_synth {
set resp.http.Content-Type = "text/html; charset=utf-8";
set resp.http.Retry-After = "5";
synthetic( {"<!DOCTYPE html>
<html>
<head>
<title>"} + resp.status + " " + resp.reason + {"</title>
</head>
<body>
<h1>Error "} + resp.status + " " + resp.reason + {"</h1>
<p>"} + resp.reason + {"</p>
<h3>Guru Meditation:</h3>
<p>XID: "} + req.xid + {"</p>
<hr>
<p>Varnish cache server on {{ inventory_hostname }}</p>
</body>
</html>
"} );
return (deliver);
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
return (synth(405, "Not allowed"));
}
return(purge);
}
if (req.url ~ "^/wiki/") {
set req.backend_hint = wiki;
}
if (req.url ~ "^/w/") {
set req.backend_hint = wiki;
if (req.url ~ "^/w/skins/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/mirrorlist/") {
set req.backend_hint = mirrorlists;
}
if (req.url ~ "^/pkgdb") {
set req.backend_hint = pkgdb;
if (req.url ~ "^/pkgdb/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/accounts/") {
set req.backend_hint = fas.backend();
if (req.url ~ "^/accounts/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/voting/") {
set req.backend_hint = voting;
if (req.url ~ "^/voting/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/mirrormanager") {
set req.backend_hint = mirrormanager;
if (req.url ~ "^/mirrormanager/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/mirrormanager/mirrors") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/updates/") {
set req.backend_hint = bodhi;
if (req.url ~ "^/updates/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/freemedia/") {
set req.backend_hint = freemedia;
}
if (req.url ~ "^/tagger/") {
set req.backend_hint = tagger;
if (req.url ~ "^/tagger/ui/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.http.X-Forwarded-Server ~ "^paste.fedoraproject.org") {
set req.backend_hint = paste;
if (req.url ~ "^/skins/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/addons/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.http.X-Forwarded-Server ~ "^ask.fedoraproject.org") {
set req.backend_hint = askbot;
if (req.url ~ "^/m/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.http.X-Forwarded-Server ~ "^qa.fedoraproject.org") {
if (req.url ~ "^/blockerbugs") {
set req.backend_hint = blockerbugs;
if (req.url ~ "^/blockerbugs/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
}
if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org" || req.http.X-Forwarded-Server ~ "^apps.stg.fedoraproject.org") {
if (req.url ~ "^/koschei") {
set req.backend_hint = koschei;
if (req.url ~ "^/koschei/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/kerneltest") {
set req.backend_hint = kerneltest;
if (req.url ~ "^/kerneltest/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/calendar") {
set req.backend_hint = fedocal;
if (req.url ~ "^/calendar/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/nuancier") {
set req.backend_hint = nuancier;
if (req.url ~ "^/nuancier/static/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/nuancier/cache/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
if (req.url ~ "^/packages/") {
set req.backend_hint = packages;
if (req.url ~ "^/packages/_res/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/packages/css/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/packages/images/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
if (req.url ~ "^/packages/js/") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*", "");
}
}
}
# Pass any requests with the "If-None-Match" header directly.
if (req.http.If-None-Match) {
return (pass);
}
# Force lookup if the request is a no-cache request from the client.
# if (req.http.Cache-Control ~ "no-cache") {
# purge_url(req.url);
# }
# if (req.http.Accept-Encoding) {
# if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# # No point in compressing these
# remove req.http.Accept-Encoding;
# } elsif (req.http.Accept-Encoding ~ "gzip") {
# # This is currently a bug with ipv6, so we need to nuke it.
# remove req.http.Accept-Encoding;
# } elsif (req.http.Accept-Encoding ~ "deflate") {
# set req.http.Accept-Encoding = "deflate";
# } else {
# # unknown algorithm
# remove req.http.Accept-Encoding;
# }
# }
}
# When requesting application icons, don't allow cherrypy to set cookies
#sub vcl_backend_fetch {
# if (req.url ~ "^/pkgdb/appicon/show/") {
# unset beresp.http.set-cookie;
# }
#}
# Make sure mirrormanager/mirrors doesn't set any cookies
# (Setting cookies would make varnish store a HIT-FOR-PASS
# making it always fetch from backend)
sub vcl_backend_response {
if (bereq.url ~ "^/mirrormanager/mirrors") {
unset beresp.http.set-cookie;
set beresp.ttl = 6h;
}
if (bereq.url ~ "^/mirrormanager/static/") {
set beresp.ttl = 6h;
}
}
sub vcl_pipe {
set req.http.connection = "close";
}
sub vcl_hit {
if (req.method == "PURGE") {
ban(req.url);
return (synth(200, "Purged"));
}
if (!obj.ttl > 0s) {
return (pass);
}
}
sub vcl_miss {
if (req.method == "PURGE") {
return (synth(200, "Not in cache"));
}
}