1

[alpine-devel] [PATCH] Add more default options, Add user varnish.

V.Krishn
Details
Message ID
<1366119620-8734-1-git-send-email-vkrishn4@gmail.com>
Sender timestamp
1366119620
DKIM signature
missing
Download raw message
Patch: +55 -13
From: "V.Krishn" <vkrishn4@gmail.com>

Users should read manual pages before runing varnish in production.
---
 main/varnish/APKBUILD            | 17 ++++++++++++-----
 main/varnish/varnish.pre-install |  5 +++++
 main/varnish/varnishd.confd      | 34 ++++++++++++++++++++++++++++++++--
 main/varnish/varnishd.initd      | 12 ++++++------
 4 files changed, 55 insertions(+), 13 deletions(-)
 create mode 100644 main/varnish/varnish.pre-install

diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD
index 6fafe20..e98d95d 100644
--- a/main/varnish/APKBUILD
+++ b/main/varnish/APKBUILD
@@ -1,17 +1,20 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Contributor: V.Krishn <vkrishn4@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=varnish
 pkgver=3.0.3
-pkgrel=1
+pkgrel=2
 pkgdesc="High-performance HTTP accelerator"
 url="http://www.varnish-cache.org/"
 arch="all"
 license="BSD"
-depends="gcc libc-dev"
+depends="gcc uclibc-dev"
 depends_dev=
 makedepends="$depends_dev pcre-dev ncurses-dev"
 install=""
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+pkgusers="varnish"
+pkggroups="varnish"
 source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
 	varnishd.initd
 	varnishd.confd
@@ -50,7 +53,11 @@ package() {
 		|| return 1
 	install -Dm644 "$srcdir"/varnishd.logrotate \
 		"$pkgdir"/etc/logrotate.d/varnishd || return 1
-	mkdir -p "$pkgdir"/var/log/varnish
+        install -d -o varnish -g varnish \
+                "$pkgdir"/var/cache/varnish \
+                "$pkgdir"/var/log/varnish \
+                "$pkgdir"/var/run/varnish \
+                || return 1
 	find "$pkgdir" -name *.la -print | xargs rm
 }
 
@@ -61,7 +68,7 @@ libs() {
 }
 
 md5sums="714310c83fdbd2061d897dacd3f63d8b  varnish-3.0.3.tar.gz
-4f78964bf3eb6f1fd0fd2d533575982e  varnishd.initd
-6dd289ba81464eacc238109143126d6a  varnishd.confd
+d734dd74ab449200fefd954e72845ca7  varnishd.initd
+daac2a8dade3abebb9e36cd1786360b0  varnishd.confd
 a6cb8a43c9465699cf956dc992998225  varnishd.logrotate
 8c5532869bea7f668e2ce5d4585359f8  varnish-3.0.3-pthread-uclibc.patch"
diff --git a/main/varnish/varnish.pre-install b/main/varnish/varnish.pre-install
new file mode 100644
index 0000000..7aa01c1
--- /dev/null
+++ b/main/varnish/varnish.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+addgroup varnish 2>/dev/null
+adduser -S -H -h /var/lib/varnish -s /bin/false -D -G varnish varnish 2>/dev/null
+exit 0
diff --git a/main/varnish/varnishd.confd b/main/varnish/varnishd.confd
index 1b46706..e24e5f1 100644
--- a/main/varnish/varnishd.confd
+++ b/main/varnish/varnishd.confd
@@ -1,12 +1,42 @@
 # /etc/conf.d/varnishd
 
+# Varnish user.
+VARNISH_USER="varnish"
+
+# Varnish group.
+VARNISH_GROUP="varnish"
+
+# Varnish configuration file.
+VARNISH_CONF="/etc/varnish/default.vcl"
+
+VARNISH_SECRET_FILE="/etc/varnish/secret"
+
+# Varnish address.
+VARNISH_LISTEN_ADDRESS=
+VARNISH_PORT=8080
+
+# Varnish work files.
+VARNISH_WORKING_DIR="/var/cache/$VARNISH_USER"
+VARNISH_STORAGE_FILE="/var/cache/$VARNISH_USER/varnish_storage.bin"
+VARNISH_STORAGE_SIZE=50M
+VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
+
+# PID files
+VARNISHD_PID_FILE=/var/run/varnish/varnishd.pid
+VARNISHNCSA_PID_FILE=/var/run/varnish/varnishncsa.pid
+
+# Varnish admin.
 ADMINHOSTPORT="127.0.0.1:65080"
-CFG_FILE="/etc/varnish/default.vcl"
 
 # options passed to varnish on startup
 # please see the varnishd man page for more options
-VARNISHD_OPTS="-a 127.0.0.1:8080 -T $ADMINHOSTPORT -f $CFG_FILE"
+VARNISHD_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_PORT} -f ${VARNISH_CONF} -s ${VARNISH_STORAGE} -P $VARNISHD_PID_FILE -n $VARNISH_WORKING_DIR -T $ADMINHOSTPORT" 
+
+if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then
+    VARNISHD_OPTS="-u varnish $VARNISHD_OPTS"
+fi
 
 # arguments passed to varnishncsa
 # please see the varnishncsa man page for more options
 VARNISHNCSA_ARGS="-c -a -w /var/log/varnish/access.log"
+
diff --git a/main/varnish/varnishd.initd b/main/varnish/varnishd.initd
index b8c5653..8ccb220 100755
--- a/main/varnish/varnishd.initd
+++ b/main/varnish/varnishd.initd
@@ -13,24 +13,24 @@ start() {
 	ebegin "Starting varnish"
 	#allow varnishd to lock logfile to memory
 	ulimit -l 82000
-	start-stop-daemon --quiet --start --pidfile /var/run/varnishd.pid --exec /usr/sbin/varnishd -- -P /var/run/varnishd.pid ${VARNISHD_OPTS} &> /dev/null
+	start-stop-daemon --quiet --start --pidfile ${VARNISHD_PID_FILE} --exec /usr/sbin/varnishd -- -P ${VARNISHD_PID_FILE} ${VARNISHD_OPTS} &> /dev/null
 	eend $?
 
 	if [ "${VARNISHNCSA_ARGS}" != "" ]; then
 		ebegin "Starting varnish logging"
-		start-stop-daemon --quiet --start --pidfile /var/run/varnishncsa.pid --exec /usr/bin/varnishncsa -- -D -P /var/run/varnishncsa.pid ${VARNISHNCSA_ARGS}
+		start-stop-daemon --quiet --start --pidfile ${VARNISHNCSA_PID_FILE} --exec /usr/bin/varnishncsa -- -D -P ${VARNISHNCSA_PID_FILE} ${VARNISHNCSA_ARGS}
 		eend $?
 	fi
 }
 
 stop() {
 	ebegin "Stopping varnish"
-	start-stop-daemon --quiet --stop --pidfile /var/run/varnishd.pid
+	start-stop-daemon --quiet --stop --pidfile ${VARNISHD_PID_FILE}
 	eend $?
 
-	if [ -e /var/run/varnishncsa.pid ]; then
+	if [ -e ${VARNISHNCSA_PID_FILE} ]; then
 		ebegin "Stopping varnish logging"
-		start-stop-daemon --quiet --stop --pidfile /var/run/varnishncsa.pid
+		start-stop-daemon --quiet --stop --pidfile ${VARNISHNCSA_PID_FILE}
 		eend $?
 	fi
 }
@@ -47,7 +47,7 @@ reload() {
 
 	# reload new one
 	NOW=$(date +%Y%m%d-%H%M%S-%s)
-	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $CFG_FILE > /dev/null
+	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $VARNISH_CONF > /dev/null
 	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.use  reload-$NOW > /dev/null
 
 	eend $?
-- 
1.8.0



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20130507155956.2b5e84e9@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1366119620-8734-1-git-send-email-vkrishn4@gmail.com> (view parent)
Sender timestamp
1367935196
DKIM signature
missing
Download raw message
sorry for late reply

On Tue, 16 Apr 2013 13:40:20 +0000
"V.Krishn" <vkrishn4@gmail.com> wrote:

> From: "V.Krishn" <vkrishn4@gmail.com>
> 
> Users should read manual pages before runing varnish in production.
> ---
>  main/varnish/APKBUILD            | 17 ++++++++++++-----
>  main/varnish/varnish.pre-install |  5 +++++
>  main/varnish/varnishd.confd      | 34 ++++++++++++++++++++++++++++++++--
>  main/varnish/varnishd.initd      | 12 ++++++------
>  4 files changed, 55 insertions(+), 13 deletions(-)
>  create mode 100644 main/varnish/varnish.pre-install
> 
> diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD
> index 6fafe20..e98d95d 100644
> --- a/main/varnish/APKBUILD
> +++ b/main/varnish/APKBUILD
> @@ -1,17 +1,20 @@
>  # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
> +# Contributor: V.Krishn <vkrishn4@gmail.com>
>  # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
>  pkgname=varnish
>  pkgver=3.0.3
> -pkgrel=1
> +pkgrel=2
>  pkgdesc="High-performance HTTP accelerator"
>  url="http://www.varnish-cache.org/"
>  arch="all"
>  license="BSD"
> -depends="gcc libc-dev"
> +depends="gcc uclibc-dev"

I cannot apply this patch due to this change. we did a meta libc-dev package to pull in correcte libec (it can be either uclibc-dev or eglibc-dev depening on the environment)

>  depends_dev=
>  makedepends="$depends_dev pcre-dev ncurses-dev"
>  install=""
>  subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
> +pkgusers="varnish"
> +pkggroups="varnish"
>  source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
>  	varnishd.initd
>  	varnishd.confd
> @@ -50,7 +53,11 @@ package() {
>  		|| return 1
>  	install -Dm644 "$srcdir"/varnishd.logrotate \
>  		"$pkgdir"/etc/logrotate.d/varnishd || return 1
> -	mkdir -p "$pkgdir"/var/log/varnish
> +        install -d -o varnish -g varnish \
> +                "$pkgdir"/var/cache/varnish \
> +                "$pkgdir"/var/log/varnish \

Those are good.

> +                "$pkgdir"/var/run/varnish \

/var/run is a tmpfs mounted at boot. we chould have a checkpath --directory from init.d script instead of creating the dir in .apk.


> +                || return 1
>  	find "$pkgdir" -name *.la -print | xargs rm
>  }
>  
> @@ -61,7 +68,7 @@ libs() {
>  }
>  
>  md5sums="714310c83fdbd2061d897dacd3f63d8b  varnish-3.0.3.tar.gz
> -4f78964bf3eb6f1fd0fd2d533575982e  varnishd.initd
> -6dd289ba81464eacc238109143126d6a  varnishd.confd
> +d734dd74ab449200fefd954e72845ca7  varnishd.initd
> +daac2a8dade3abebb9e36cd1786360b0  varnishd.confd
>  a6cb8a43c9465699cf956dc992998225  varnishd.logrotate
>  8c5532869bea7f668e2ce5d4585359f8  varnish-3.0.3-pthread-uclibc.patch"
> diff --git a/main/varnish/varnish.pre-install b/main/varnish/varnish.pre-install
> new file mode 100644
> index 0000000..7aa01c1
> --- /dev/null
> +++ b/main/varnish/varnish.pre-install
> @@ -0,0 +1,5 @@
> +#!/bin/sh
> +
> +addgroup varnish 2>/dev/null
> +adduser -S -H -h /var/lib/varnish -s /bin/false -D -G varnish varnish 2>/dev/null
> +exit 0

i think we should use /sbin/nologin instead of /bin/false (we should change all our .pre-install scripts to that)


> diff --git a/main/varnish/varnishd.confd b/main/varnish/varnishd.confd
> index 1b46706..e24e5f1 100644
> --- a/main/varnish/varnishd.confd
> +++ b/main/varnish/varnishd.confd
> @@ -1,12 +1,42 @@
>  # /etc/conf.d/varnishd
>  
> +# Varnish user.
> +VARNISH_USER="varnish"
> +
> +# Varnish group.
> +VARNISH_GROUP="varnish"

Are there any situation where we want users be able to run varnish as other user than "varnish"? if not, i think we could remove this, and simply not give them the option to set the user/group.

> +
> +# Varnish configuration file.
> +VARNISH_CONF="/etc/varnish/default.vcl"
> +
> +VARNISH_SECRET_FILE="/etc/varnish/secret"
> +
> +# Varnish address.
> +VARNISH_LISTEN_ADDRESS=
> +VARNISH_PORT=8080
> +
> +# Varnish work files.
> +VARNISH_WORKING_DIR="/var/cache/$VARNISH_USER"
> +VARNISH_STORAGE_FILE="/var/cache/$VARNISH_USER/varnish_storage.bin"
> +VARNISH_STORAGE_SIZE=50M
> +VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
> +
> +# PID files
> +VARNISHD_PID_FILE=/var/run/varnish/varnishd.pid
> +VARNISHNCSA_PID_FILE=/var/run/varnish/varnishncsa.pid
> +
> +# Varnish admin.
>  ADMINHOSTPORT="127.0.0.1:65080"
> -CFG_FILE="/etc/varnish/default.vcl"
>  
>  # options passed to varnish on startup
>  # please see the varnishd man page for more options
> -VARNISHD_OPTS="-a 127.0.0.1:8080 -T $ADMINHOSTPORT -f $CFG_FILE"
> +VARNISHD_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_PORT} -f ${VARNISH_CONF} -s ${VARNISH_STORAGE} -P $VARNISHD_PID_FILE -n $VARNISH_WORKING_DIR -T $ADMINHOSTPORT" 
> +
> +if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then
> +    VARNISHD_OPTS="-u varnish $VARNISHD_OPTS"
> +fi

i dont like running sed lines in a config file...

>  # arguments passed to varnishncsa
>  # please see the varnishncsa man page for more options
>  VARNISHNCSA_ARGS="-c -a -w /var/log/varnish/access.log"
> +
> diff --git a/main/varnish/varnishd.initd b/main/varnish/varnishd.initd
> index b8c5653..8ccb220 100755
> --- a/main/varnish/varnishd.initd
> +++ b/main/varnish/varnishd.initd
> @@ -13,24 +13,24 @@ start() {
>  	ebegin "Starting varnish"
>  	#allow varnishd to lock logfile to memory
>  	ulimit -l 82000
> -	start-stop-daemon --quiet --start --pidfile /var/run/varnishd.pid --exec /usr/sbin/varnishd -- -P /var/run/varnishd.pid ${VARNISHD_OPTS} &> /dev/null
> +	start-stop-daemon --quiet --start --pidfile ${VARNISHD_PID_FILE} --exec /usr/sbin/varnishd -- -P ${VARNISHD_PID_FILE} ${VARNISHD_OPTS} &> /dev/null
>  	eend $?
>  
>  	if [ "${VARNISHNCSA_ARGS}" != "" ]; then
>  		ebegin "Starting varnish logging"
> -		start-stop-daemon --quiet --start --pidfile /var/run/varnishncsa.pid --exec /usr/bin/varnishncsa -- -D -P /var/run/varnishncsa.pid ${VARNISHNCSA_ARGS}
> +		start-stop-daemon --quiet --start --pidfile ${VARNISHNCSA_PID_FILE} --exec /usr/bin/varnishncsa -- -D -P ${VARNISHNCSA_PID_FILE} ${VARNISHNCSA_ARGS}
>  		eend $?
>  	fi
>  }
>  
>  stop() {
>  	ebegin "Stopping varnish"
> -	start-stop-daemon --quiet --stop --pidfile /var/run/varnishd.pid
> +	start-stop-daemon --quiet --stop --pidfile ${VARNISHD_PID_FILE}
>  	eend $?
>  
> -	if [ -e /var/run/varnishncsa.pid ]; then
> +	if [ -e ${VARNISHNCSA_PID_FILE} ]; then
>  		ebegin "Stopping varnish logging"
> -		start-stop-daemon --quiet --stop --pidfile /var/run/varnishncsa.pid
> +		start-stop-daemon --quiet --stop --pidfile ${VARNISHNCSA_PID_FILE}
>  		eend $?
>  	fi
>  }
> @@ -47,7 +47,7 @@ reload() {
>  
>  	# reload new one
>  	NOW=$(date +%Y%m%d-%H%M%S-%s)
> -	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $CFG_FILE > /dev/null
> +	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $VARNISH_CONF > /dev/null

I think this will break things for people who upgrades. we should probably fall back to CFG_FILE if VARNISH_CONF is unset, eg ${VARNISH_CONF:-${CFG_FILE}} (or exit with error if its not)

>  	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.use  reload-$NOW > /dev/null
>  
>  	eend $?



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---