diff --git a/defaults/main.yml b/defaults/main.yml index 9f9a4be..bcd945b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,6 +18,9 @@ cvmfs_stratum1_http_ports: cvmfs_localproxy_http_ports: - 3128 +# Type of local forward proxy, can be either squid or varnish +cvmfs_localproxy_type: squid +# use a Squid reverse proxy on the Stratum1 cvmfs_stratum1_squid: false # if a Squid frontend is used on the Stratum 1, Apache needs to listen on an internal port # otherwise we stick to cvmfs_stratum1_http_ports diff --git a/handlers/main.yml b/handlers/main.yml index 7df81d5..a604bbb 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -11,6 +11,11 @@ name: "{{ cvmfs_squid_service_name }}" state: restarted +- name: Restart varnish + ansible.builtin.service: + name: "{{ cvmfs_varnish_service_name }}" + state: restarted + - name: Restart apache ansible.builtin.service: name: "{{ cvmfs_apache_service_name }}" diff --git a/tasks/localproxy.yml b/tasks/localproxy.yml index ee460fb..9f38daa 100644 --- a/tasks/localproxy.yml +++ b/tasks/localproxy.yml @@ -9,6 +9,13 @@ ansible.builtin.include_tasks: squid.yml vars: _cvmfs_squid_conf_src: "{{ cvmfs_squid_conf_src | default('localproxy_squid.conf.j2') }}" + when: cvmfs_localproxy_type == 'squid' + +- name: Include varnish tasks + ansible.builtin.include_tasks: varnish.yml + vars: + _cvmfs_varnish_conf_src: "{{ cvmfs_varnish_conf_src | default('localproxy_varnish.vcl.j2') }}" + when: cvmfs_localproxy_type == 'varnish' # Need to double check that this actually works (see the hosts_file directive) # - name: Create squid hosts file diff --git a/tasks/varnish.yml b/tasks/varnish.yml new file mode 100644 index 0000000..9a3bf47 --- /dev/null +++ b/tasks/varnish.yml @@ -0,0 +1,68 @@ +--- +- name: Determine Varnish version + ansible.builtin.shell: "varnishd -V 2>&1 | grep -oP 'varnish-\\d+\\.\\d+' | sed 's|varnish-||'" + changed_when: false + register: varnish_version_command + +- name: Check if vmod-dynamic is already installed + ansible.builtin.stat: + path: "{{ cvmfs_varnish_vmod_dynamic_installed_file }}" + register: vmod_dynamic_installed + +- name: Check for which Varnish version vmod_dynamic was built + ansible.builtin.slurp: + src: "{{ cvmfs_varnish_vmod_dynamic_installed_file }}" + register: vmod_dynamic_installed_file + when: vmod_dynamic_installed.stat.exists + +- name: Set facts for installed Varnish version and the one used for the vmod_dynamic installation + ansible.builtin.set_fact: + varnish_version: "{{ varnish_version_command.stdout }}" + vmod_dynamic_varnish_version: "{{ '0' if not vmod_dynamic_installed.stat.exists else vmod_dynamic_installed_file['content'] | b64decode }}" + +- block: + - name: Download vmod_dynamic sources + ansible.builtin.get_url: + url: "https://github.com/nigoroll/libvmod-dynamic/archive/refs/heads/{{ varnish_version }}.tar.gz" + dest: /tmp/ + mode: '0440' + + - name: Extract vmod_dynamic tarball + ansible.builtin.unarchive: + src: "/tmp/libvmod-dynamic-{{ varnish_version }}.tar.gz" + remote_src: true + dest: /tmp/ + + - name: Run autogen.sh, configure, make, make install for vmod_dynamic + ansible.builtin.shell: + cmd: "./autogen.sh && ./configure && make && make install" + chdir: "/tmp/libvmod-dynamic-{{ varnish_version }}" + creates: "{{ cvmfs_varnish_vmod_dynamic_man_page }}" + + - name: Log the varnish version for which vmod_dynamic was built to a file + ansible.builtin.copy: + content: "{{ varnish_version }}" + dest: "{{ cvmfs_varnish_vmod_dynamic_installed_file }}" + mode: 0644 + owner: root + group: root + + - name: Clean up source files + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "/tmp/libvmod-dynamic-{{ varnish_version }}.tar.gz" + - "/tmp/libvmod-dynamic-{{ varnish_version }}" + + when: not vmod_dynamic_installed.stat.exists or (vmod_dynamic_installed.stat.exists and vmod_dynamic_varnish_version != varnish_version) + +- name: Configure Varnish forward proxy + ansible.builtin.template: + src: "{{ _cvmfs_varnish_conf_src }}" + dest: "{{ cvmfs_varnish_conf_file }}" + backup: true + mode: 0644 + notify: + - Restart varnish +... diff --git a/vars/debian.yml b/vars/debian.yml index 15e0fc0..f46c667 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -7,6 +7,11 @@ cvmfs_squid_conf_file: /etc/squid/squid.conf cvmfs_squid_user: proxy cvmfs_squid_group: proxy +cvmfs_varnish_service_name: varnish +cvmfs_varnish_conf_file: /etc/varnish/default.vcl +cvmfs_varnish_vmod_dynamic_installed_file: /usr/share/varnish/vmod_dynamic.installed +cvmfs_varnish_vmod_dynamic_man_page: /usr/share/man/man3/vmod_dynamic.3 + cvmfs_packages: stratum0: - apache2 @@ -21,7 +26,6 @@ cvmfs_packages: - "{{ 'squid' if cvmfs_stratum1_squid else omit }}" stratum1-s3: - cvmfs-server - localproxy: - - squid + localproxy: "{{ ['varnish', 'libvarnishapi-dev', 'automake', 'make', 'pkg-config', 'libtool', 'python3-docutils'] if cvmfs_localproxy_type == 'varnish' else ['squid'] }}" client: - cvmfs diff --git a/vars/redhat.yml b/vars/redhat.yml index 61889e4..7cd6c64 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -7,6 +7,11 @@ cvmfs_squid_conf_file: /etc/squid/squid.conf cvmfs_squid_user: squid cvmfs_squid_group: squid +cvmfs_varnish_service_name: varnish +cvmfs_varnish_conf_file: /etc/varnish/default.vcl +cvmfs_varnish_vmod_dynamic_installed_file: /usr/share/varnish/vmod_dynamic.installed +cvmfs_varnish_vmod_dynamic_man_page: /usr/share/man/man3/vmod_dynamic.3 + cvmfs_dnf_repos: - name: cernvm description: CernVM packages @@ -64,6 +69,6 @@ cvmfs_packages: stratum1-s3: - cvmfs-server localproxy: - - squid + - "{{ ['varnish', 'varnish-devel', 'automake', 'libtool', python-docutils'] if cvmfs_localproxy_type == 'varnish' else 'squid' }}" client: - cvmfs