diff --git a/README.md b/README.md index 9b85f35..9d89184 100644 --- a/README.md +++ b/README.md @@ -1,162 +1,163 @@ # puppet-varnish [![Build Status](https://secure.travis-ci.org/claranet/puppet-varnish.png?branch=master)](http://travis-ci.org/claranet/puppet-varnish) [![Puppet Forge](http://img.shields.io/puppetforge/v/claranet/varnish.svg)](https://forge.puppetlabs.com/claranet/varnish) [![Forge Downloads](https://img.shields.io/puppetforge/dt/claranet/varnish.svg)](https://forge.puppetlabs.com/claranet/varnish) #### Table of Contents 1. [Overview - What is the puppet-varnish module?](#overview) 1. [Module Description - What does the module do?](#module-description) 1. [Setup - The basics of getting started with puppet-varnish](#setup) 1. [Usage - Configuration options and additional functionality](#usage) * [Examples](#examples) * [Parameter Reference](#parameter-reference) 1. [Limitations - OS compatibility, etc.](#limitations) 1. [Development - Guide for contributing to the module](#development) ## Overview This module Installs and configures Varnish. ## Puppet 3 Support **Please note that the master branch of this module does not support Puppet 3!** On 31st December 2016, support for Puppet 3.x was withdrawn. As such, this module no longer supports Puppet 3 - if you require Puppet 3 compatibility, please use the latest version [4.x version from the Puppet Forge](https://forge.puppet.com/Claranet/varnish), or the [puppet3](https://github.com/claranet/varnish/tree/puppet3) branch in Git. ## Module Description -This module Supports Varnish versions 3.0, 4.0, 4.1, 5.0, 5.1 and 5.2 across -Ubuntu 14.04/16.04, Debian 7/8 and RedHat derivates 6/7. +This module Supports Varnish versions 3.0, 4.0, 4.1, 5.0, 5.1, 5.2, +6.0, 6.1 across Ubuntu 14.04/16.04, Debian 7/8 and RedHat derivates +6/7. This module will install Varnish, **by default version 4.1** from the official Packagecloud repositories, adding EPEL for RedHat-like systems and working around a SELinux policy bug in RHEL/CentOS 6 for Varnish 4.0 and above. It will also install and configure a Systemd service for certain OS/Varnish combinations. If necessary, you can specify any of the Varnish versions above, although there are imcompatibilities with some versions of Varnish and some OS versions, see [Limitations](#limitations). ## Setup To accept all default parameters - at minimum it is suggested you set a secret (if not explicitly set, one will be created via `/proc/sys/kernel/random/uuid`) and overwrite the packaged `default.vcl`. ```puppet class { '::varnish': secret => '6565bd1c-b6d1-4ba3-99bc-3c7a41ffd94f', } ::varnish::vcl { '/etc/varnish/default.vcl': content => template('data/varnish/default.vcl.erb'), } ``` ### Multiple Listen Interfaces Varnish supports listening on multiple interfaces. The module implements this by exposing a `listen` parameter, which can either be set to a String value for one interface (e.g. `127.0.0.1` or `0.0.0.0`), or an array of values. By default, the module will append `listen_port` to each element of the array - however to set a different port for each interface, just append it using standard notation, for example: `127.0.0.1:8080`. ## Usage ### Examples To use a static file with `varnish::vcl` rather than a template: ```puppet ::varnish::vcl { '/etc/varnish/default.vcl': content => file('data/varnish/default.vcl'), # Equivalent to: source => 'puppet:///modules/data/varnish/default.vcl' } ``` To pin Varnish to a specific version - you may also provide `varnish_version` as long as it matches the major and minor version in `package_ensure`, however the module will automatically calculate `varnish_version` if not set: ```puppet class { '::varnish': package_ensure => '4.0.5-1~xenial', } ``` To configure Varnish to listen on port 8080 on localhost and port 6081 on `172.16.100.10`: ```puppet class { '::varnish': listen => ['127.0.0.1:8080','172.16.100.10:6081'], } ``` To configure Varnish to listen on port 80, specifically on localhost and `192.168.1.195`: ```puppet class { '::varnish': listen => ['127.0.0.1','192.168.1.195'], listen_port => '80', } ``` To use multiple storage backends in varnish for example a primary `4GB memory backend` and a `50GB file backend`: ```puppet class { '::varnish': storage_type => 'malloc', storage_size => '4G', storage_additional => [ 'file,/var/lib/varnish/varnish_additional.bin,50G', ] } ``` ### Parameter Reference |Parameter|Description| |---------|-----------| |addrepo|Whether to add the official Varnish repos| |varnish_version|Major Varnish version| |secret|Secret for admin access| |secret_file|File to store the secret| |vcl_conf|Varnish vcl config file path| |listen|IP to bind to| |listen_port|TCP port to listen on| |admin_listen|Admin IP to bind to| |admin_port|TCP port for admin to listen on| |min_threads|Minimum Varnish worker threads| |max_threads|Maximum Varnish worker threads| |thread_timeout|Terminate threads after this long idle| |storage_type|malloc or file| |storage_file|File to mmap on disk for cache storage| |storage_size|Size of storage file or RAM, eg 10G or 50%| |storage_additional|Hash of additional storage backends, passed plainly to varnishd -s after the normal configured storage backends| |package_ensure|Version of Varnish package to install, eg 3.0.5-1.el6| |runtime_params|hash of run-time parameters to be specified at startup| ## Limitations There are several limitations with various Varnish and OS combinations. The module will attempt to flag known issues, however: * Varnish 3.0 is not supported on Ubuntu 16.04 -* Varnish 5.0 supports **only** Debian 8 and Ubuntu 16.04 +* Varnish 5.x, 6.x, supports **only** Debian 8 and Ubuntu 16.04 ## Development * Copyright (C) 2017 Claranet * Distributed under the terms of the Apache License v2.0 - see LICENSE file for details. diff --git a/manifests/init.pp b/manifests/init.pp index eb9b5bd..478f84b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,113 +1,113 @@ # == Class: varnish # # Configure Varnish proxy cache # # === Parameters # # [*addrepo*] # Whether to add the official Varnish repos # [*secret*] # Varnish secret (used by varnishadm etc). # Optional; will be autogenerated if not specified # [*vcl_conf*] # Location of Varnish config file template # [*listen*] # IP address for HTTP to listen on # [*listen_port*] # Port to listen on for HTTP requests # [*admin_listen*] # IP address for admin requests - defaults to 127.0.0.1 # [*admin_port*] # Port for Varnish admin to listen on # [*min_threads*] # Varnish minimum thread pool size # [*max_threads*] # Varnish maximum thread pool size # [*thread_timeout*] # Thread timeout # [*storage_type*] # Whether to use malloc (RAM only) or file storage for cache # [*storage_size*] # Size of cache # [*storage_additional*] # Hash of additional storage backends containing strings in the varnish format (passed to -s) # [*varnish_version*] # Major Varnish version to use # [*vcl_reload*] # Script to use to load new Varnish config # [*package_ensure*] # Ensure specific package version for Varnish, eg 3.0.5-1.el6 # [*runtime_params*] # Hash of key:value runtime parameters # class varnish ( Hash $runtime_params = {}, Boolean $addrepo = true, String $admin_listen = '127.0.0.1', Integer $admin_port = 6082, Variant[String,Array] $listen = '0.0.0.0', Integer $listen_port = 6081, Optional[String] $secret = undef, Stdlib::AbsolutePath $secret_file = '/etc/varnish/secret', Stdlib::AbsolutePath $vcl_conf = '/etc/varnish/default.vcl', Enum['file','malloc'] $storage_type = 'file', Stdlib::AbsolutePath $storage_file = '/var/lib/varnish/varnish_storage.bin', String $storage_size = '1G', Array $storage_additional = [], Integer $min_threads = 50, Integer $max_threads = 1000, Integer $thread_timeout = 120, - Pattern[/^[3-5]\.[0-9]/] $varnish_version = '4.1', + Pattern[/^[3-6]\.[0-9]/] $varnish_version = '4.1', Optional[String] $instance_name = undef, String $package_ensure = 'present', String $package_name = 'varnish', String $service_name = 'varnish', Optional[String] $vcl_reload_cmd = undef, String $vcl_reload_path = $::path, ) { if $package_ensure == 'present' { $version_major = regsubst($varnish_version, '^(\d+)\.(\d+).*$', '\1') $version_minor = regsubst($varnish_version, '^(\d+)\.(\d+).*$', '\2') $version_full = $varnish_version } else { $version_major = regsubst($package_ensure, '^(\d+)\.(\d+).*$', '\1') $version_minor = regsubst($package_ensure, '^(\d+)\.(\d+).*$', '\2') $version_full = "${version_major}.${version_minor}" if $varnish_version != "${version_major}.${version_minor}" { fail("Version mismatch, varnish_version is ${varnish_version}, but package_ensure is ${version_full}") } } include ::varnish::params if $vcl_reload_cmd == undef { $vcl_reload = $::varnish::params::vcl_reload } else { $vcl_reload = $vcl_reload_cmd } if $addrepo { class { '::varnish::repo': before => Class['::varnish::install'], } } include ::varnish::install class { '::varnish::secret': secret => $secret, require => Class['::varnish::install'], } class { '::varnish::config': require => Class['::varnish::secret'], notify => Class['::varnish::service'], } class { '::varnish::service': require => Class['::varnish::config'], } } diff --git a/manifests/params.pp b/manifests/params.pp index d313b7e..51add4d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,84 +1,86 @@ # == Class varnish::params # # This class is meant to be called from varnish # It sets variables according to platform # class varnish::params { case $::osfamily { 'RedHat': { $sysconfig = '/etc/sysconfig/varnish' case $::operatingsystemmajrelease { '6': { $os_service_provider = 'sysvinit' $vcl_reload = $::varnish::version_major ? { + '6' => '/usr/sbin/varnishreload', '5' => '/usr/sbin/varnish_reload_vcl', '4' => '/usr/sbin/varnish_reload_vcl', '3' => '/usr/bin/varnish_reload_vcl', } } '7': { $os_service_provider = 'systemd' $vcl_reload = $::varnish::version_major ? { + '6' => '/usr/sbin/varnishreload', '5' => '/sbin/varnish_reload_vcl', '4' => '/usr/sbin/varnish_reload_vcl', '3' => '/usr/bin/varnish_reload_vcl', } } default: { $os_service_provider = 'systemd' $vcl_reload = '/usr/sbin/varnish_reload_vcl' } } } 'Debian': { $vcl_reload = '/usr/share/varnish/reload-vcl' $sysconfig = '/etc/default/varnish' case $::operatingsystem { 'Ubuntu': { $systemd_version = '16.04' } 'Debian': { $systemd_version = '8' } default: { fail("Unsupported Debian OS: ${::operatingsystem}") } } if versioncmp($::lsbdistrelease,$systemd_version) >= 0 { $os_service_provider = 'systemd' } else { $os_service_provider = 'sysvinit' } } default: { fail("${::osfamily} not supported") } } # == Service provider depends on Varnish version and OS if $::varnish::version_major == '3' { if $::operatingsystem == 'Debian' { if versioncmp($::lsbdistrelease,'8.0') >= 0 { $service_provider = 'systemd' } else { $service_provider = 'sysvinit' } } else { $service_provider = 'sysvinit' } } else { $service_provider = $os_service_provider } } diff --git a/manifests/repo.pp b/manifests/repo.pp index fc56434..d777d5b 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,99 +1,101 @@ # Add the Varnish repo class varnish::repo { $ver = "${::varnish::version_major}${::varnish::version_minor}" case $::osfamily { 'RedHat': { if $ver == '50' { if $::operatingsystemmajrelease == '6' { fail('Varnish 5.0 from Packagecloud is not supported on RHEL/CentOS 6') } elsif $::operatingsystemmajrelease == '7' { # https://github.com/varnishcache/pkg-varnish-cache/issues/42 fail('Varnish 5.0 on RHEL/CentOS 7 has a known packaging bug in the varnish_reload_vcl script, please use 5.1 instead. If the bug has been fixed, please submit a pull request to remove this message.') } } $package_require = undef # Varnish 4 and above need EPEL for jemalloc if $::varnish::version_major != '3' { include ::epel Yumrepo['varnish-cache','varnish-cache-source'] { require => Yumrepo['epel'], } } yumrepo { 'varnish-cache': descr => "varnishcache_varnish${ver}", baseurl => "https://packagecloud.io/varnishcache/varnish${ver}/el/${::operatingsystemmajrelease}/\$basearch", gpgkey => "https://packagecloud.io/varnishcache/varnish${ver}/gpgkey", metadata_expire => '300', repo_gpgcheck => '1', gpgcheck => '0', sslverify => '1', sslcacert => '/etc/pki/tls/certs/ca-bundle.crt', } yumrepo { 'varnish-cache-source': descr => "varnishcache_varnish${ver}-source", baseurl => "https://packagecloud.io/varnishcache/varnish${ver}/el/${::operatingsystemmajrelease}/SRPMS", gpgkey => "https://packagecloud.io/varnishcache/varnish${ver}/gpgkey", metadata_expire => '300', repo_gpgcheck => '1', gpgcheck => '0', sslverify => '1', sslcacert => '/etc/pki/tls/certs/ca-bundle.crt', } } 'Debian': { if $ver == '30' and $::lsbdistcodename == 'xenial' { fail('Varnish 3 from Packagecloud is not supported on Ubuntu 16.04 (Xenial)') } if $ver == '50' { if $::lsbdistcodename == 'wheezy' { fail('Varnish 5.0 from Packagecloud is not supported on Debian 7 (Wheezy)') } elsif $::lsbdistcodename == 'trusty' { fail('Varnish 5.0 has a known packaging bug in the reload-vcl script, please use 5.1 instead. If the bug has been fixed, please submit a pull request to remove this message.') } } ensure_packages('apt-transport-https') $os_lower = downcase($::operatingsystem) $package_require = Exec['apt_update'] $gpg_key_id = "${::varnish::version_major}.${::varnish::version_minor}" ? { + '6.1' => '4A066C99B76A0F55A40E3E1E387EF1F5742D76CC', + '6.0' => '7C5B46721AF00FD57E68E6E8D2605BF74E8B9DBA', '5.2' => '91CFD5635A1A5FAC0662BEDD2E9BA3FE86BE909D', '5.1' => '54DC32329C37703D8B2819E6414C46826B880524', '5.0' => '1487779B0E6C440214F07945632B6ED0FF6A1C76', '4.1' => '9C96F9CA0DC3F4EA78FF332834BF6E8ECBF5C49E', '4.0' => 'B7B16293AE0CC24216E9A83DD4E49AD8DE3FFEA4', '3.0' => '246BE381150865E2DC8C6B01FC1318ACEE2C594C', } ::apt::source { 'varnish-cache': comment => "Apt source for Varnish ${::varnish::version_major}.${::varnish::version_minor}", location => "https://packagecloud.io/varnishcache/varnish${ver}/${os_lower}/", repos => 'main', require => Package['apt-transport-https'], key => { source => "https://packagecloud.io/varnishcache/varnish${ver}/gpgkey", id => $gpg_key_id, }, include => { 'deb' => true, 'src' => true, }, } } default: { fail("Unsupported repo osfamily: ${::osfamily}") } } } diff --git a/spec/classes/varnish_spec.rb b/spec/classes/varnish_spec.rb index a2e3774..3bbaee8 100644 --- a/spec/classes/varnish_spec.rb +++ b/spec/classes/varnish_spec.rb @@ -1,120 +1,120 @@ require 'spec_helper' describe 'varnish', type: :class do - ['3.0', '4.0', '4.1', '5.0', '5.1', '5.2'].each do |version| + ['3.0', '4.0', '4.1', '5.0', '5.1', '5.2', '6.0', '6.1'].each do |version| on_supported_os.each do |os, facts| context "Varnish #{version} on #{os}" do let(:facts) do facts.merge(path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/snap/bin:/opt/puppetlabs/bin') end let(:params) do { varnish_version: version, } end should_fail = 0 case version when '3.0' if facts[:lsbdistcodename] == 'xenial' it { is_expected.to raise_error(Puppet::Error, %r{Varnish 3 from Packagecloud is not supported on Ubuntu 16.04 \(Xenial\)}) } should_fail = 1 end when '5.0' if facts[:osfamily] == 'RedHat' case facts[:operatingsystemmajrelease] when '6' it { is_expected.to raise_error(Puppet::Error, %r{Varnish 5.0 from Packagecloud is not supported on RHEL\/CentOS 6}) } should_fail = 1 when '7' # rubocop:disable LineLength it { is_expected.to raise_error(Puppet::Error, %r{Varnish 5.0 on RHEL\/CentOS 7 has a known packaging bug in the varnish_reload_vcl script, please use 5.1 instead. If the bug has been fixed, please submit a pull request to remove this message.}) } # rubocop:enable LineLength should_fail = 1 end elsif facts[:osfamily] == 'Debian' case facts[:lsbdistcodename] when 'wheezy' it { is_expected.to raise_error(Puppet::Error, %r{Varnish 5.0 from Packagecloud is not supported on Debian 7 \(Wheezy\)}) } should_fail = 1 when 'trusty' # rubocop:disable LineLength it { is_expected.to raise_error(Puppet::Error, %r{Varnish 5.0 has a known packaging bug in the reload-vcl script, please use 5.1 instead. If the bug has been fixed, please submit a pull request to remove this message.}) } # rubocop:enable LineLength should_fail = 1 end end end if should_fail == 0 it { is_expected.to compile.with_all_deps } if (facts[:osfamily] == 'RedHat' && facts[:operatingsystemmajrelease] == '7' && version != '3.0') || (facts[:osfamily] == 'Debian' && (facts[:lsbdistcodename] == 'jessie' || facts[:lsbdistcodename] == 'xenial')) it { is_expected.to contain_file('/etc/systemd/system/varnish.service') } it { is_expected.to contain_exec('varnish_systemctl_daemon_reload') } end case facts[:osfamily] when 'RedHat' if facts[:operatingsystemmajrelease] == '6' && version != '3.0' it { is_expected.to contain_selinux__module('varnishpol') } end it { is_expected.to contain_file('/etc/sysconfig/varnish') } it { is_expected.to contain_yumrepo('varnish-cache') } it { is_expected.to contain_yumrepo('varnish-cache-source') } when 'Debian' it { is_expected.to contain_file('/etc/default/varnish') } it { is_expected.to contain_package('apt-transport-https') } it { is_expected.to contain_apt__source('varnish-cache') } end end end end end context 'supported operating systems' do let(:facts) do { osfamily: 'RedHat', operatingsystem: 'CentOS', operatingsystemmajrelease: '7', path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/snap/bin:/opt/puppetlabs/bin', lsbdistrelease: nil, } end it { is_expected.to contain_class('varnish::params') } it { is_expected.to contain_class('varnish::repo').that_comes_before('Class[varnish::install]') } it { is_expected.to contain_class('varnish::install').that_comes_before('Class[varnish::secret]') } it { is_expected.to contain_class('varnish::secret').that_comes_before('Class[varnish::config]') } it { is_expected.to contain_class('varnish::config').that_notifies('Class[varnish::service]') } it { is_expected.to contain_class('varnish::config').that_comes_before('Class[varnish::service]') } it { is_expected.to contain_class('varnish::service') } it { is_expected.to contain_file('/etc/varnish/secret') } it { is_expected.to contain_exec('Generate Varnish secret file') } it { is_expected.to contain_package('varnish') } it { is_expected.to contain_service('varnish') } it { is_expected.to contain_exec('vcl_reload') } end context 'unsupported operating systems' do describe 'varnish class fail on unsupported OS' do let(:facts) do { osfamily: 'Darwin', operatingsystem: 'Darwin', path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/snap/bin:/opt/puppetlabs/bin', lsbdistrelease: nil, } end it { is_expected.to raise_error(Puppet::Error, %r{Darwin not supported}) } end end end