From: "V.Krishn" <vkrishn4@gmail.com>
Users should read manual pages before runing varnish in production.
---
main/varnish/APKBUILD | 17 ++++++++++++-----
main/varnish/varnish.pre-install | 5 +++++
main/varnish/varnishd.confd | 34 ++++++++++++++++++++++++++++++++--
main/varnish/varnishd.initd | 12 ++++++------
4 files changed, 55 insertions(+), 13 deletions(-)
create mode 100644 main/varnish/varnish.pre-install
diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD
index 6fafe20..e98d95d 100644
--- a/main/varnish/APKBUILD
+++ b/main/varnish/APKBUILD
@@ -1,17 +1,20 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Contributor: V.Krishn <vkrishn4@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=varnish
pkgver=3.0.3
-pkgrel=1
+pkgrel=2
pkgdesc="High-performance HTTP accelerator"
url="http://www.varnish-cache.org/"
arch="all"
license="BSD"
-depends="gcc libc-dev"
+depends="gcc uclibc-dev"
depends_dev=
makedepends="$depends_dev pcre-dev ncurses-dev"
install=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+pkgusers="varnish"
+pkggroups="varnish"
source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
varnishd.initd
varnishd.confd
@@ -50,7 +53,11 @@ package() {
|| return 1
install -Dm644 "$srcdir"/varnishd.logrotate \
"$pkgdir"/etc/logrotate.d/varnishd || return 1
- mkdir -p "$pkgdir"/var/log/varnish
+ install -d -o varnish -g varnish \
+ "$pkgdir"/var/cache/varnish \
+ "$pkgdir"/var/log/varnish \
+ "$pkgdir"/var/run/varnish \
+ || return 1
find "$pkgdir" -name *.la -print | xargs rm
}
@@ -61,7 +68,7 @@ libs() {
}
md5sums="714310c83fdbd2061d897dacd3f63d8b varnish-3.0.3.tar.gz
-4f78964bf3eb6f1fd0fd2d533575982e varnishd.initd
-6dd289ba81464eacc238109143126d6a varnishd.confd
+d734dd74ab449200fefd954e72845ca7 varnishd.initd
+daac2a8dade3abebb9e36cd1786360b0 varnishd.confd
a6cb8a43c9465699cf956dc992998225 varnishd.logrotate
8c5532869bea7f668e2ce5d4585359f8 varnish-3.0.3-pthread-uclibc.patch"
diff --git a/main/varnish/varnish.pre-install b/main/varnish/varnish.pre-install
new file mode 100644
index 0000000..7aa01c1
--- /dev/null
+++ b/main/varnish/varnish.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+addgroup varnish 2>/dev/null
+adduser -S -H -h /var/lib/varnish -s /bin/false -D -G varnish varnish 2>/dev/null
+exit 0
diff --git a/main/varnish/varnishd.confd b/main/varnish/varnishd.confd
index 1b46706..e24e5f1 100644
--- a/main/varnish/varnishd.confd
+++ b/main/varnish/varnishd.confd
@@ -1,12 +1,42 @@
# /etc/conf.d/varnishd
+# Varnish user.
+VARNISH_USER="varnish"
+
+# Varnish group.
+VARNISH_GROUP="varnish"
+
+# Varnish configuration file.
+VARNISH_CONF="/etc/varnish/default.vcl"
+
+VARNISH_SECRET_FILE="/etc/varnish/secret"
+
+# Varnish address.
+VARNISH_LISTEN_ADDRESS=
+VARNISH_PORT=8080
+
+# Varnish work files.
+VARNISH_WORKING_DIR="/var/cache/$VARNISH_USER"
+VARNISH_STORAGE_FILE="/var/cache/$VARNISH_USER/varnish_storage.bin"
+VARNISH_STORAGE_SIZE=50M
+VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
+
+# PID files
+VARNISHD_PID_FILE=/var/run/varnish/varnishd.pid
+VARNISHNCSA_PID_FILE=/var/run/varnish/varnishncsa.pid
+
+# Varnish admin.
ADMINHOSTPORT="127.0.0.1:65080"
-CFG_FILE="/etc/varnish/default.vcl"
# options passed to varnish on startup
# please see the varnishd man page for more options
-VARNISHD_OPTS="-a 127.0.0.1:8080 -T $ADMINHOSTPORT -f $CFG_FILE"
+VARNISHD_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_PORT} -f ${VARNISH_CONF} -s ${VARNISH_STORAGE} -P $VARNISHD_PID_FILE -n $VARNISH_WORKING_DIR -T $ADMINHOSTPORT"
+
+if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then
+ VARNISHD_OPTS="-u varnish $VARNISHD_OPTS"
+fi
# arguments passed to varnishncsa
# please see the varnishncsa man page for more options
VARNISHNCSA_ARGS="-c -a -w /var/log/varnish/access.log"
+
diff --git a/main/varnish/varnishd.initd b/main/varnish/varnishd.initd
index b8c5653..8ccb220 100755
--- a/main/varnish/varnishd.initd
+++ b/main/varnish/varnishd.initd
@@ -13,24 +13,24 @@ start() {
ebegin "Starting varnish"
#allow varnishd to lock logfile to memory
ulimit -l 82000
- start-stop-daemon --quiet --start --pidfile /var/run/varnishd.pid --exec /usr/sbin/varnishd -- -P /var/run/varnishd.pid ${VARNISHD_OPTS} &> /dev/null
+ start-stop-daemon --quiet --start --pidfile ${VARNISHD_PID_FILE} --exec /usr/sbin/varnishd -- -P ${VARNISHD_PID_FILE} ${VARNISHD_OPTS} &> /dev/null
eend $?
if [ "${VARNISHNCSA_ARGS}" != "" ]; then
ebegin "Starting varnish logging"
- start-stop-daemon --quiet --start --pidfile /var/run/varnishncsa.pid --exec /usr/bin/varnishncsa -- -D -P /var/run/varnishncsa.pid ${VARNISHNCSA_ARGS}
+ start-stop-daemon --quiet --start --pidfile ${VARNISHNCSA_PID_FILE} --exec /usr/bin/varnishncsa -- -D -P ${VARNISHNCSA_PID_FILE} ${VARNISHNCSA_ARGS}
eend $?
fi
}
stop() {
ebegin "Stopping varnish"
- start-stop-daemon --quiet --stop --pidfile /var/run/varnishd.pid
+ start-stop-daemon --quiet --stop --pidfile ${VARNISHD_PID_FILE}
eend $?
- if [ -e /var/run/varnishncsa.pid ]; then
+ if [ -e ${VARNISHNCSA_PID_FILE} ]; then
ebegin "Stopping varnish logging"
- start-stop-daemon --quiet --stop --pidfile /var/run/varnishncsa.pid
+ start-stop-daemon --quiet --stop --pidfile ${VARNISHNCSA_PID_FILE}
eend $?
fi
}
@@ -47,7 +47,7 @@ reload() {
# reload new one
NOW=$(date +%Y%m%d-%H%M%S-%s)
- /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $CFG_FILE > /dev/null
+ /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $VARNISH_CONF > /dev/null
/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.use reload-$NOW > /dev/null
eend $?
--
1.8.0
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
sorry for late reply
On Tue, 16 Apr 2013 13:40:20 +0000
"V.Krishn" <vkrishn4@gmail.com> wrote:
> From: "V.Krishn" <vkrishn4@gmail.com>
>
> Users should read manual pages before runing varnish in production.
> ---
> main/varnish/APKBUILD | 17 ++++++++++++-----
> main/varnish/varnish.pre-install | 5 +++++
> main/varnish/varnishd.confd | 34 ++++++++++++++++++++++++++++++++--
> main/varnish/varnishd.initd | 12 ++++++------
> 4 files changed, 55 insertions(+), 13 deletions(-)
> create mode 100644 main/varnish/varnish.pre-install
>
> diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD
> index 6fafe20..e98d95d 100644
> --- a/main/varnish/APKBUILD
> +++ b/main/varnish/APKBUILD
> @@ -1,17 +1,20 @@
> # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
> +# Contributor: V.Krishn <vkrishn4@gmail.com>
> # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
> pkgname=varnish
> pkgver=3.0.3
> -pkgrel=1
> +pkgrel=2
> pkgdesc="High-performance HTTP accelerator"
> url="http://www.varnish-cache.org/"
> arch="all"
> license="BSD"
> -depends="gcc libc-dev"
> +depends="gcc uclibc-dev"
I cannot apply this patch due to this change. we did a meta libc-dev package to pull in correcte libec (it can be either uclibc-dev or eglibc-dev depening on the environment)
> depends_dev=
> makedepends="$depends_dev pcre-dev ncurses-dev"
> install=""
> subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
> +pkgusers="varnish"
> +pkggroups="varnish"
> source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
> varnishd.initd
> varnishd.confd
> @@ -50,7 +53,11 @@ package() {
> || return 1
> install -Dm644 "$srcdir"/varnishd.logrotate \
> "$pkgdir"/etc/logrotate.d/varnishd || return 1
> - mkdir -p "$pkgdir"/var/log/varnish
> + install -d -o varnish -g varnish \
> + "$pkgdir"/var/cache/varnish \
> + "$pkgdir"/var/log/varnish \
Those are good.
> + "$pkgdir"/var/run/varnish \
/var/run is a tmpfs mounted at boot. we chould have a checkpath --directory from init.d script instead of creating the dir in .apk.
> + || return 1
> find "$pkgdir" -name *.la -print | xargs rm
> }
>
> @@ -61,7 +68,7 @@ libs() {
> }
>
> md5sums="714310c83fdbd2061d897dacd3f63d8b varnish-3.0.3.tar.gz
> -4f78964bf3eb6f1fd0fd2d533575982e varnishd.initd
> -6dd289ba81464eacc238109143126d6a varnishd.confd
> +d734dd74ab449200fefd954e72845ca7 varnishd.initd
> +daac2a8dade3abebb9e36cd1786360b0 varnishd.confd
> a6cb8a43c9465699cf956dc992998225 varnishd.logrotate
> 8c5532869bea7f668e2ce5d4585359f8 varnish-3.0.3-pthread-uclibc.patch"
> diff --git a/main/varnish/varnish.pre-install b/main/varnish/varnish.pre-install
> new file mode 100644
> index 0000000..7aa01c1
> --- /dev/null
> +++ b/main/varnish/varnish.pre-install
> @@ -0,0 +1,5 @@
> +#!/bin/sh
> +
> +addgroup varnish 2>/dev/null
> +adduser -S -H -h /var/lib/varnish -s /bin/false -D -G varnish varnish 2>/dev/null
> +exit 0
i think we should use /sbin/nologin instead of /bin/false (we should change all our .pre-install scripts to that)
> diff --git a/main/varnish/varnishd.confd b/main/varnish/varnishd.confd
> index 1b46706..e24e5f1 100644
> --- a/main/varnish/varnishd.confd
> +++ b/main/varnish/varnishd.confd
> @@ -1,12 +1,42 @@
> # /etc/conf.d/varnishd
>
> +# Varnish user.
> +VARNISH_USER="varnish"
> +
> +# Varnish group.
> +VARNISH_GROUP="varnish"
Are there any situation where we want users be able to run varnish as other user than "varnish"? if not, i think we could remove this, and simply not give them the option to set the user/group.
> +
> +# Varnish configuration file.
> +VARNISH_CONF="/etc/varnish/default.vcl"
> +
> +VARNISH_SECRET_FILE="/etc/varnish/secret"
> +
> +# Varnish address.
> +VARNISH_LISTEN_ADDRESS=
> +VARNISH_PORT=8080
> +
> +# Varnish work files.
> +VARNISH_WORKING_DIR="/var/cache/$VARNISH_USER"
> +VARNISH_STORAGE_FILE="/var/cache/$VARNISH_USER/varnish_storage.bin"
> +VARNISH_STORAGE_SIZE=50M
> +VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
> +
> +# PID files
> +VARNISHD_PID_FILE=/var/run/varnish/varnishd.pid
> +VARNISHNCSA_PID_FILE=/var/run/varnish/varnishncsa.pid
> +
> +# Varnish admin.
> ADMINHOSTPORT="127.0.0.1:65080"
> -CFG_FILE="/etc/varnish/default.vcl"
>
> # options passed to varnish on startup
> # please see the varnishd man page for more options
> -VARNISHD_OPTS="-a 127.0.0.1:8080 -T $ADMINHOSTPORT -f $CFG_FILE"
> +VARNISHD_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_PORT} -f ${VARNISH_CONF} -s ${VARNISH_STORAGE} -P $VARNISHD_PID_FILE -n $VARNISH_WORKING_DIR -T $ADMINHOSTPORT"
> +
> +if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then
> + VARNISHD_OPTS="-u varnish $VARNISHD_OPTS"
> +fi
i dont like running sed lines in a config file...
> # arguments passed to varnishncsa
> # please see the varnishncsa man page for more options
> VARNISHNCSA_ARGS="-c -a -w /var/log/varnish/access.log"
> +
> diff --git a/main/varnish/varnishd.initd b/main/varnish/varnishd.initd
> index b8c5653..8ccb220 100755
> --- a/main/varnish/varnishd.initd
> +++ b/main/varnish/varnishd.initd
> @@ -13,24 +13,24 @@ start() {
> ebegin "Starting varnish"
> #allow varnishd to lock logfile to memory
> ulimit -l 82000
> - start-stop-daemon --quiet --start --pidfile /var/run/varnishd.pid --exec /usr/sbin/varnishd -- -P /var/run/varnishd.pid ${VARNISHD_OPTS} &> /dev/null
> + start-stop-daemon --quiet --start --pidfile ${VARNISHD_PID_FILE} --exec /usr/sbin/varnishd -- -P ${VARNISHD_PID_FILE} ${VARNISHD_OPTS} &> /dev/null
> eend $?
>
> if [ "${VARNISHNCSA_ARGS}" != "" ]; then
> ebegin "Starting varnish logging"
> - start-stop-daemon --quiet --start --pidfile /var/run/varnishncsa.pid --exec /usr/bin/varnishncsa -- -D -P /var/run/varnishncsa.pid ${VARNISHNCSA_ARGS}
> + start-stop-daemon --quiet --start --pidfile ${VARNISHNCSA_PID_FILE} --exec /usr/bin/varnishncsa -- -D -P ${VARNISHNCSA_PID_FILE} ${VARNISHNCSA_ARGS}
> eend $?
> fi
> }
>
> stop() {
> ebegin "Stopping varnish"
> - start-stop-daemon --quiet --stop --pidfile /var/run/varnishd.pid
> + start-stop-daemon --quiet --stop --pidfile ${VARNISHD_PID_FILE}
> eend $?
>
> - if [ -e /var/run/varnishncsa.pid ]; then
> + if [ -e ${VARNISHNCSA_PID_FILE} ]; then
> ebegin "Stopping varnish logging"
> - start-stop-daemon --quiet --stop --pidfile /var/run/varnishncsa.pid
> + start-stop-daemon --quiet --stop --pidfile ${VARNISHNCSA_PID_FILE}
> eend $?
> fi
> }
> @@ -47,7 +47,7 @@ reload() {
>
> # reload new one
> NOW=$(date +%Y%m%d-%H%M%S-%s)
> - /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $CFG_FILE > /dev/null
> + /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $VARNISH_CONF > /dev/null
I think this will break things for people who upgrades. we should probably fall back to CFG_FILE if VARNISH_CONF is unset, eg ${VARNISH_CONF:-${CFG_FILE}} (or exit with error if its not)
> /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.use reload-$NOW > /dev/null
>
> eend $?
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---