From fc95d09417f757a8048cb772e9b16a454d847d2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Mon, 10 Nov 2025 11:01:00 +0100 Subject: [PATCH 1/5] varnish packages and variables --- vars/debian.yml | 8 ++++++-- vars/redhat.yml | 7 ++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/vars/debian.yml b/vars/debian.yml index 15e0fc0..f46c667 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -7,6 +7,11 @@ cvmfs_squid_conf_file: /etc/squid/squid.conf cvmfs_squid_user: proxy cvmfs_squid_group: proxy +cvmfs_varnish_service_name: varnish +cvmfs_varnish_conf_file: /etc/varnish/default.vcl +cvmfs_varnish_vmod_dynamic_installed_file: /usr/share/varnish/vmod_dynamic.installed +cvmfs_varnish_vmod_dynamic_man_page: /usr/share/man/man3/vmod_dynamic.3 + cvmfs_packages: stratum0: - apache2 @@ -21,7 +26,6 @@ cvmfs_packages: - "{{ 'squid' if cvmfs_stratum1_squid else omit }}" stratum1-s3: - cvmfs-server - localproxy: - - squid + localproxy: "{{ ['varnish', 'libvarnishapi-dev', 'automake', 'make', 'pkg-config', 'libtool', 'python3-docutils'] if cvmfs_localproxy_type == 'varnish' else ['squid'] }}" client: - cvmfs diff --git a/vars/redhat.yml b/vars/redhat.yml index 61889e4..7cd6c64 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -7,6 +7,11 @@ cvmfs_squid_conf_file: /etc/squid/squid.conf cvmfs_squid_user: squid cvmfs_squid_group: squid +cvmfs_varnish_service_name: varnish +cvmfs_varnish_conf_file: /etc/varnish/default.vcl +cvmfs_varnish_vmod_dynamic_installed_file: /usr/share/varnish/vmod_dynamic.installed +cvmfs_varnish_vmod_dynamic_man_page: /usr/share/man/man3/vmod_dynamic.3 + cvmfs_dnf_repos: - name: cernvm description: CernVM packages @@ -64,6 +69,6 @@ cvmfs_packages: stratum1-s3: - cvmfs-server localproxy: - - squid + - "{{ ['varnish', 'varnish-devel', 'automake', 'libtool', python-docutils'] if cvmfs_localproxy_type == 'varnish' else 'squid' }}" client: - cvmfs From a2780c9c4f96d45d2275a3ee9ca5e986d213f511 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Mon, 10 Nov 2025 11:01:28 +0100 Subject: [PATCH 2/5] task for installig varnish as local proxy --- tasks/varnish.yml | 68 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 tasks/varnish.yml diff --git a/tasks/varnish.yml b/tasks/varnish.yml new file mode 100644 index 0000000..9a3bf47 --- /dev/null +++ b/tasks/varnish.yml @@ -0,0 +1,68 @@ +--- +- name: Determine Varnish version + ansible.builtin.shell: "varnishd -V 2>&1 | grep -oP 'varnish-\\d+\\.\\d+' | sed 's|varnish-||'" + changed_when: false + register: varnish_version_command + +- name: Check if vmod-dynamic is already installed + ansible.builtin.stat: + path: "{{ cvmfs_varnish_vmod_dynamic_installed_file }}" + register: vmod_dynamic_installed + +- name: Check for which Varnish version vmod_dynamic was built + ansible.builtin.slurp: + src: "{{ cvmfs_varnish_vmod_dynamic_installed_file }}" + register: vmod_dynamic_installed_file + when: vmod_dynamic_installed.stat.exists + +- name: Set facts for installed Varnish version and the one used for the vmod_dynamic installation + ansible.builtin.set_fact: + varnish_version: "{{ varnish_version_command.stdout }}" + vmod_dynamic_varnish_version: "{{ '0' if not vmod_dynamic_installed.stat.exists else vmod_dynamic_installed_file['content'] | b64decode }}" + +- block: + - name: Download vmod_dynamic sources + ansible.builtin.get_url: + url: "https://github.com/nigoroll/libvmod-dynamic/archive/refs/heads/{{ varnish_version }}.tar.gz" + dest: /tmp/ + mode: '0440' + + - name: Extract vmod_dynamic tarball + ansible.builtin.unarchive: + src: "/tmp/libvmod-dynamic-{{ varnish_version }}.tar.gz" + remote_src: true + dest: /tmp/ + + - name: Run autogen.sh, configure, make, make install for vmod_dynamic + ansible.builtin.shell: + cmd: "./autogen.sh && ./configure && make && make install" + chdir: "/tmp/libvmod-dynamic-{{ varnish_version }}" + creates: "{{ cvmfs_varnish_vmod_dynamic_man_page }}" + + - name: Log the varnish version for which vmod_dynamic was built to a file + ansible.builtin.copy: + content: "{{ varnish_version }}" + dest: "{{ cvmfs_varnish_vmod_dynamic_installed_file }}" + mode: 0644 + owner: root + group: root + + - name: Clean up source files + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "/tmp/libvmod-dynamic-{{ varnish_version }}.tar.gz" + - "/tmp/libvmod-dynamic-{{ varnish_version }}" + + when: not vmod_dynamic_installed.stat.exists or (vmod_dynamic_installed.stat.exists and vmod_dynamic_varnish_version != varnish_version) + +- name: Configure Varnish forward proxy + ansible.builtin.template: + src: "{{ _cvmfs_varnish_conf_src }}" + dest: "{{ cvmfs_varnish_conf_file }}" + backup: true + mode: 0644 + notify: + - Restart varnish +... From a0a58b203e897e7f11b67bd7d0bf992a997f21d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Mon, 10 Nov 2025 11:01:55 +0100 Subject: [PATCH 3/5] include varnish task --- tasks/localproxy.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tasks/localproxy.yml b/tasks/localproxy.yml index ee460fb..9f38daa 100644 --- a/tasks/localproxy.yml +++ b/tasks/localproxy.yml @@ -9,6 +9,13 @@ ansible.builtin.include_tasks: squid.yml vars: _cvmfs_squid_conf_src: "{{ cvmfs_squid_conf_src | default('localproxy_squid.conf.j2') }}" + when: cvmfs_localproxy_type == 'squid' + +- name: Include varnish tasks + ansible.builtin.include_tasks: varnish.yml + vars: + _cvmfs_varnish_conf_src: "{{ cvmfs_varnish_conf_src | default('localproxy_varnish.vcl.j2') }}" + when: cvmfs_localproxy_type == 'varnish' # Need to double check that this actually works (see the hosts_file directive) # - name: Create squid hosts file From cbb830d4444f4c6882ec45986170e893d5ef82bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Mon, 10 Nov 2025 11:02:13 +0100 Subject: [PATCH 4/5] add varnish restart handler --- handlers/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/handlers/main.yml b/handlers/main.yml index 7df81d5..a604bbb 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -11,6 +11,11 @@ name: "{{ cvmfs_squid_service_name }}" state: restarted +- name: Restart varnish + ansible.builtin.service: + name: "{{ cvmfs_varnish_service_name }}" + state: restarted + - name: Restart apache ansible.builtin.service: name: "{{ cvmfs_apache_service_name }}" From fa4dc6790392d5de11a975a1eb7dc3b61ab9e9c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Mon, 10 Nov 2025 11:04:07 +0100 Subject: [PATCH 5/5] add variable for selecting type of localproxy (squid/varnish) --- defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 9f9a4be..bcd945b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,6 +18,9 @@ cvmfs_stratum1_http_ports: cvmfs_localproxy_http_ports: - 3128 +# Type of local forward proxy, can be either squid or varnish +cvmfs_localproxy_type: squid +# use a Squid reverse proxy on the Stratum1 cvmfs_stratum1_squid: false # if a Squid frontend is used on the Stratum 1, Apache needs to listen on an internal port # otherwise we stick to cvmfs_stratum1_http_ports