X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from ncopa-desktop.alpinelinux.org (3.203.202.84.customer.cdi.no [84.202.203.3]) (using SSLv3 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nc@alpinelinux.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id B1C5DDC0138; Tue, 7 May 2013 14:00:00 +0000 (UTC) Date: Tue, 7 May 2013 15:59:56 +0200 From: Natanael Copa To: "V.Krishn" Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] [PATCH] Add more default options, Add user varnish. Message-ID: <20130507155956.2b5e84e9@ncopa-desktop.alpinelinux.org> In-Reply-To: <1366119620-8734-1-git-send-email-vkrishn4@gmail.com> References: <1366119620-8734-1-git-send-email-vkrishn4@gmail.com> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.17; x86_64-unknown-linux-gnu) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit sorry for late reply On Tue, 16 Apr 2013 13:40:20 +0000 "V.Krishn" wrote: > From: "V.Krishn" > > Users should read manual pages before runing varnish in production. > --- > main/varnish/APKBUILD | 17 ++++++++++++----- > main/varnish/varnish.pre-install | 5 +++++ > main/varnish/varnishd.confd | 34 ++++++++++++++++++++++++++++++++-- > main/varnish/varnishd.initd | 12 ++++++------ > 4 files changed, 55 insertions(+), 13 deletions(-) > create mode 100644 main/varnish/varnish.pre-install > > diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD > index 6fafe20..e98d95d 100644 > --- a/main/varnish/APKBUILD > +++ b/main/varnish/APKBUILD > @@ -1,17 +1,20 @@ > # Contributor: Leonardo Arena > +# Contributor: V.Krishn > # Maintainer: Natanael Copa > pkgname=varnish > pkgver=3.0.3 > -pkgrel=1 > +pkgrel=2 > pkgdesc="High-performance HTTP accelerator" > url="http://www.varnish-cache.org/" > arch="all" > license="BSD" > -depends="gcc libc-dev" > +depends="gcc uclibc-dev" I cannot apply this patch due to this change. we did a meta libc-dev package to pull in correcte libec (it can be either uclibc-dev or eglibc-dev depening on the environment) > depends_dev= > makedepends="$depends_dev pcre-dev ncurses-dev" > install="" > subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" > +pkgusers="varnish" > +pkggroups="varnish" > source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz > varnishd.initd > varnishd.confd > @@ -50,7 +53,11 @@ package() { > || return 1 > install -Dm644 "$srcdir"/varnishd.logrotate \ > "$pkgdir"/etc/logrotate.d/varnishd || return 1 > - mkdir -p "$pkgdir"/var/log/varnish > + install -d -o varnish -g varnish \ > + "$pkgdir"/var/cache/varnish \ > + "$pkgdir"/var/log/varnish \ Those are good. > + "$pkgdir"/var/run/varnish \ /var/run is a tmpfs mounted at boot. we chould have a checkpath --directory from init.d script instead of creating the dir in .apk. > + || return 1 > find "$pkgdir" -name *.la -print | xargs rm > } > > @@ -61,7 +68,7 @@ libs() { > } > > md5sums="714310c83fdbd2061d897dacd3f63d8b varnish-3.0.3.tar.gz > -4f78964bf3eb6f1fd0fd2d533575982e varnishd.initd > -6dd289ba81464eacc238109143126d6a varnishd.confd > +d734dd74ab449200fefd954e72845ca7 varnishd.initd > +daac2a8dade3abebb9e36cd1786360b0 varnishd.confd > a6cb8a43c9465699cf956dc992998225 varnishd.logrotate > 8c5532869bea7f668e2ce5d4585359f8 varnish-3.0.3-pthread-uclibc.patch" > diff --git a/main/varnish/varnish.pre-install b/main/varnish/varnish.pre-install > new file mode 100644 > index 0000000..7aa01c1 > --- /dev/null > +++ b/main/varnish/varnish.pre-install > @@ -0,0 +1,5 @@ > +#!/bin/sh > + > +addgroup varnish 2>/dev/null > +adduser -S -H -h /var/lib/varnish -s /bin/false -D -G varnish varnish 2>/dev/null > +exit 0 i think we should use /sbin/nologin instead of /bin/false (we should change all our .pre-install scripts to that) > diff --git a/main/varnish/varnishd.confd b/main/varnish/varnishd.confd > index 1b46706..e24e5f1 100644 > --- a/main/varnish/varnishd.confd > +++ b/main/varnish/varnishd.confd > @@ -1,12 +1,42 @@ > # /etc/conf.d/varnishd > > +# Varnish user. > +VARNISH_USER="varnish" > + > +# Varnish group. > +VARNISH_GROUP="varnish" Are there any situation where we want users be able to run varnish as other user than "varnish"? if not, i think we could remove this, and simply not give them the option to set the user/group. > + > +# Varnish configuration file. > +VARNISH_CONF="/etc/varnish/default.vcl" > + > +VARNISH_SECRET_FILE="/etc/varnish/secret" > + > +# Varnish address. > +VARNISH_LISTEN_ADDRESS= > +VARNISH_PORT=8080 > + > +# Varnish work files. > +VARNISH_WORKING_DIR="/var/cache/$VARNISH_USER" > +VARNISH_STORAGE_FILE="/var/cache/$VARNISH_USER/varnish_storage.bin" > +VARNISH_STORAGE_SIZE=50M > +VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" > + > +# PID files > +VARNISHD_PID_FILE=/var/run/varnish/varnishd.pid > +VARNISHNCSA_PID_FILE=/var/run/varnish/varnishncsa.pid > + > +# Varnish admin. > ADMINHOSTPORT="127.0.0.1:65080" > -CFG_FILE="/etc/varnish/default.vcl" > > # options passed to varnish on startup > # please see the varnishd man page for more options > -VARNISHD_OPTS="-a 127.0.0.1:8080 -T $ADMINHOSTPORT -f $CFG_FILE" > +VARNISHD_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_PORT} -f ${VARNISH_CONF} -s ${VARNISH_STORAGE} -P $VARNISHD_PID_FILE -n $VARNISH_WORKING_DIR -T $ADMINHOSTPORT" > + > +if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then > + VARNISHD_OPTS="-u varnish $VARNISHD_OPTS" > +fi i dont like running sed lines in a config file... > # arguments passed to varnishncsa > # please see the varnishncsa man page for more options > VARNISHNCSA_ARGS="-c -a -w /var/log/varnish/access.log" > + > diff --git a/main/varnish/varnishd.initd b/main/varnish/varnishd.initd > index b8c5653..8ccb220 100755 > --- a/main/varnish/varnishd.initd > +++ b/main/varnish/varnishd.initd > @@ -13,24 +13,24 @@ start() { > ebegin "Starting varnish" > #allow varnishd to lock logfile to memory > ulimit -l 82000 > - start-stop-daemon --quiet --start --pidfile /var/run/varnishd.pid --exec /usr/sbin/varnishd -- -P /var/run/varnishd.pid ${VARNISHD_OPTS} &> /dev/null > + start-stop-daemon --quiet --start --pidfile ${VARNISHD_PID_FILE} --exec /usr/sbin/varnishd -- -P ${VARNISHD_PID_FILE} ${VARNISHD_OPTS} &> /dev/null > eend $? > > if [ "${VARNISHNCSA_ARGS}" != "" ]; then > ebegin "Starting varnish logging" > - start-stop-daemon --quiet --start --pidfile /var/run/varnishncsa.pid --exec /usr/bin/varnishncsa -- -D -P /var/run/varnishncsa.pid ${VARNISHNCSA_ARGS} > + start-stop-daemon --quiet --start --pidfile ${VARNISHNCSA_PID_FILE} --exec /usr/bin/varnishncsa -- -D -P ${VARNISHNCSA_PID_FILE} ${VARNISHNCSA_ARGS} > eend $? > fi > } > > stop() { > ebegin "Stopping varnish" > - start-stop-daemon --quiet --stop --pidfile /var/run/varnishd.pid > + start-stop-daemon --quiet --stop --pidfile ${VARNISHD_PID_FILE} > eend $? > > - if [ -e /var/run/varnishncsa.pid ]; then > + if [ -e ${VARNISHNCSA_PID_FILE} ]; then > ebegin "Stopping varnish logging" > - start-stop-daemon --quiet --stop --pidfile /var/run/varnishncsa.pid > + start-stop-daemon --quiet --stop --pidfile ${VARNISHNCSA_PID_FILE} > eend $? > fi > } > @@ -47,7 +47,7 @@ reload() { > > # reload new one > NOW=$(date +%Y%m%d-%H%M%S-%s) > - /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $CFG_FILE > /dev/null > + /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $VARNISH_CONF > /dev/null I think this will break things for people who upgrades. we should probably fall back to CFG_FILE if VARNISH_CONF is unset, eg ${VARNISH_CONF:-${CFG_FILE}} (or exit with error if its not) > /usr/bin/varnishadm -T $ADMINHOSTPORT vcl.use reload-$NOW > /dev/null > > eend $? --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---