From f4d18014ce077071bf94df4e802183741b41fa34 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 20 Jan 2015 23:35:32 +0000 Subject: [PATCH] Update prod varnish to hacked up version that loads in 4.0 --- roles/varnish/files/proxy.vcl | 219 ++++++++++++++++++---------------- 1 file changed, 119 insertions(+), 100 deletions(-) diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl index 9b0ca842b8..be76aed128 100644 --- a/roles/varnish/files/proxy.vcl +++ b/roles/varnish/files/proxy.vcl @@ -1,14 +1,6 @@ -#This is a basic VCL configuration file for varnish. See the vcl(7) -#man page for details on VCL syntax and semantics. -# -#Default backend definition. Set this to point to your content -#server. -# -sub vcl_error { - if (obj.status == 400 || obj.status == 413) { - return(deliver); - } -} +vcl 4.0; + +import directors; backend wiki { .host = "localhost"; @@ -27,15 +19,53 @@ backend pkgdb { .first_byte_timeout = 160s; } -backend fas { - .host = "localhost"; - .port = "10004"; +backend fas01 { + .host = "fas01"; + .port = "http"; + .probe = { + .url = "/accounts/"; + .interval = 5s; + .timeout = 5s; + .window = 5; + .threshold = 5; + } } +backend fas02 { + .host = "fas02"; + .port = "http"; + .probe = { + .url = "/accounts/"; + .interval = 5s; + .timeout = 5s; + .window = 5; + .threshold = 5; + } +} + +backend fas03 { + .host = "fas03"; + .port = "http"; + .probe = { + .url = "/accounts/"; + .interval = 5s; + .timeout = 5s; + .window = 5; + .threshold = 5; + } +} + +sub vcl_init { + new fas = directors.round_robin(); + fas.add_backend(fas01); + fas.add_backend(fas02); + fas.add_backend(fas03); +} backend voting { .host = "localhost"; .port = "10007"; + .first_byte_timeout = 160s; } backend mirrormanager { @@ -88,94 +118,91 @@ backend paste { .port = "10027"; } -acl purge { - "192.168.1.3"; - "192.168.1.4"; - "192.168.1.5"; - "192.168.1.6"; - "192.168.1.13"; - "192.168.1.24"; - "192.168.1.23"; - "192.168.1.41"; - "10.5.126.31"; - "10.5.126.32"; - "10.5.126.33"; - "10.5.126.34"; - "10.5.126.37"; - "10.5.126.38"; +backend mirrormanager2 { + .host = "localhost"; + .port = "10039"; } + +#acl purge { +# "192.168.1.3"; +# "192.168.1.4"; +# "192.168.1.5"; +# "192.168.1.6"; +# "192.168.1.13"; +# "192.168.1.24"; +# "192.168.1.23"; +# "192.168.1.41"; +# "10.5.126.31"; +# "10.5.126.32"; +# "10.5.126.33"; +# "10.5.126.34"; +# "10.5.126.37"; +# "10.5.126.38"; +#} + sub vcl_recv { - if (req.request == "PURGE") { - if (!client.ip ~ purge) { - error 405 "Not allowed."; - } - if (req.url ~ "^http://") { - set req.url = regsub(req.url, "http://localhost:6081",""); - } - purge_url(req.url); - } +# if (req.request == "PURGE") { +# if (!client.ip ~ purge) { +# error 405 "Not allowed."; +# } +# if (req.url ~ "^http://") { +# set req.url = regsub(req.url, "http://localhost:6081",""); +# } +# purge_url(req.url); +# } if (req.url ~ "^/wiki/") { - set req.backend = wiki; + set req.backend_hint = wiki; } if (req.url ~ "^/w/") { - set req.backend = wiki; - if (req.url ~ "^/w/skins/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } + set req.backend_hint = wiki; + } + if (req.url ~ "^/pkgdb/appicon/show/") { + set req.backend_hint = pkgdb; + unset req.http.cookie; } if (req.url ~ "^/mirrorlist/") { - set req.backend = mirrorlists; + set req.backend_hint = mirrorlists; } if (req.url ~ "^/pkgdb") { - set req.backend = pkgdb; - if ((req.url ~ "^/pkgdb/appicon/show/") || (req.url ~ "^/pkgdb/static/") || (req.url ~ "^/pkgdb/tg_js/")) { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } + set req.backend_hint = pkgdb; } if (req.url ~ "^/accounts/") { - set req.backend = fas; + set req.backend_hint = fas.backend(); } if (req.url ~ "^/voting/") { - set req.backend = voting; + set req.backend_hint = voting; } if (req.url ~ "^/mirrormanager/") { - set req.backend = mirrormanager; + set req.backend_hint = mirrormanager; + } + if (req.url ~ "^/mirrormanager2/") { + set req.backend_hint = mirrormanager2; } if (req.url ~ "^/updates/") { - set req.backend = bodhi; + set req.backend_hint = bodhi; } if (req.url ~ "^/freemedia/") { - set req.backend = freemedia; + set req.backend_hint = freemedia; } if (req.url ~ "^/packages/") { - set req.backend = packages; + set req.backend_hint = packages; } if (req.url ~ "^/tagger/") { - set req.backend = tagger; + set req.backend_hint = tagger; } if (req.url ~ "^/calendar") { - set req.backend = fedocal; - if (req.url ~ "^/calendar/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } + set req.backend_hint = fedocal; } if (req.url ~ "^/kerneltest") { - set req.backend = kerneltest; + set req.backend_hint = kerneltest; } if (req.http.X-Forwarded-Server ~ "^paste.fedoraproject.org") { - set req.backend = paste; - if ((req.url ~ "^/skins/") || (req.url ~ "^/addons/") || (req.url ~ "^/admin/skins/")) { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } + set req.backend_hint = paste; } if (req.http.X-Forwarded-Server ~ "^ask.fedoraproject.org") { - set req.backend = askbot; + set req.backend_hint = askbot; if (req.url ~ "^/m/") { unset req.http.cookie; set req.url = regsub(req.url, "\?.*", ""); @@ -183,12 +210,7 @@ sub vcl_recv { } if (req.http.X-Forwarded-Server ~ "^qa.fedoraproject.org") { if (req.url ~ "^/blockerbugs") { - set req.backend = blockerbugs; - if (req.url ~ "^/blockerbugs/static/") { - unset req.http.cookie; - set req.url = regsub(req.url, "\?.*", ""); - } - + set req.backend_hint = blockerbugs; } } @@ -198,31 +220,28 @@ sub vcl_recv { } # Force lookup if the request is a no-cache request from the client. - if (req.http.Cache-Control ~ "no-cache") { - purge_url(req.url); - } - if (req.http.Accept-Encoding) { - if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { - # No point in compressing these - remove req.http.Accept-Encoding; - } elsif (req.http.Accept-Encoding ~ "gzip") { - # This is currently a bug with ipv6, so we need to nuke it. - remove req.http.Accept-Encoding; - } elsif (req.http.Accept-Encoding ~ "deflate") { - set req.http.Accept-Encoding = "deflate"; - } else { - # unknown algorithm - remove req.http.Accept-Encoding; - } - } +# if (req.http.Cache-Control ~ "no-cache") { +# purge_url(req.url); +# } +# if (req.http.Accept-Encoding) { +# if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { +# # No point in compressing these +# remove req.http.Accept-Encoding; +# } elsif (req.http.Accept-Encoding ~ "gzip") { +# # This is currently a bug with ipv6, so we need to nuke it. +# remove req.http.Accept-Encoding; +# } elsif (req.http.Accept-Encoding ~ "deflate") { +# set req.http.Accept-Encoding = "deflate"; +# } else { +# # unknown algorithm +# remove req.http.Accept-Encoding; +# } +# } } # When requesting application icons, don't allow cherrypy to set cookies -sub vcl_fetch { - if ((req.url ~ "^/pkgdb/appicon/show/") || (req.url ~ "^/pkgdb/static/") || (req.url ~ "^/pkgdb/tg_js/") || (req.url ~ "^/blockerbugs/static/")) { - unset beresp.http.set-cookie; - } - if (beresp.status == 301) { - return (pass); - } -} +#sub vcl_backend_fetch { +# if (req.url ~ "^/pkgdb/appicon/show/") { +# unset beresp.http.set-cookie; +# } +#}