Add more default options, Add user varnish.

[alpine-devel] [PATCH] Add more default options, Add user varnish. Export this patch

V.Krishn <vkrishn4@gmail.com>

From: "V.Krishn" <vkrishn4@gmail.com>

Users should read manual pages before runing varnish in production.
---
 main/varnish/APKBUILD            | 17 ++++++++++++-----
 main/varnish/varnish.pre-install |  5 +++++
 main/varnish/varnishd.confd      | 34 ++++++++++++++++++++++++++++++++--
 main/varnish/varnishd.initd      | 12 ++++++------
 4 files changed, 55 insertions(+), 13 deletions(-)
 create mode 100644 main/varnish/varnish.pre-install

diff --git a/main/varnish/APKBUILD b/main/varnish/APKBUILD
index 6fafe20..e98d95d 100644
--- a/main/varnish/APKBUILD
+++ b/main/varnish/APKBUILD
@@ -1,17 +1,20 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Contributor: V.Krishn <vkrishn4@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=varnish
 pkgver=3.0.3
-pkgrel=1
+pkgrel=2
 pkgdesc="High-performance HTTP accelerator"
 url="http://www.varnish-cache.org/"
 arch="all"
 license="BSD"
-depends="gcc libc-dev"
+depends="gcc uclibc-dev"

Natanael Copa <ncopa@alpinelinux.org>

11 years ago

I cannot apply this patch due to this change. we did a meta libc-dev package to pull in correcte libec (it can be either uclibc-dev or eglibc-dev depening on the environment)

 depends_dev=
 makedepends="$depends_dev pcre-dev ncurses-dev"
 install=""
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+pkgusers="varnish"
+pkggroups="varnish"
 source="http://repo.varnish-cache.org/source/varnish-$pkgver.tar.gz
 	varnishd.initd
 	varnishd.confd
@@ -50,7 +53,11 @@ package() {
 		|| return 1
 	install -Dm644 "$srcdir"/varnishd.logrotate \
 		"$pkgdir"/etc/logrotate.d/varnishd || return 1
-	mkdir -p "$pkgdir"/var/log/varnish
+        install -d -o varnish -g varnish \
+                "$pkgdir"/var/cache/varnish \
+                "$pkgdir"/var/log/varnish \

Natanael Copa <ncopa@alpinelinux.org>

11 years ago
Those are good.
Next

+                "$pkgdir"/var/run/varnish \

Natanael Copa <ncopa@alpinelinux.org>

11 years ago

/var/run is a tmpfs mounted at boot. we chould have a checkpath --directory from init.d script instead of creating the dir in .apk.

+                || return 1
 	find "$pkgdir" -name *.la -print | xargs rm
 }
 
@@ -61,7 +68,7 @@ libs() {
 }
 
 md5sums="714310c83fdbd2061d897dacd3f63d8b  varnish-3.0.3.tar.gz
-4f78964bf3eb6f1fd0fd2d533575982e  varnishd.initd
-6dd289ba81464eacc238109143126d6a  varnishd.confd
+d734dd74ab449200fefd954e72845ca7  varnishd.initd
+daac2a8dade3abebb9e36cd1786360b0  varnishd.confd
 a6cb8a43c9465699cf956dc992998225  varnishd.logrotate
 8c5532869bea7f668e2ce5d4585359f8  varnish-3.0.3-pthread-uclibc.patch"
diff --git a/main/varnish/varnish.pre-install b/main/varnish/varnish.pre-install
new file mode 100644
index 0000000..7aa01c1
--- /dev/null
+++ b/main/varnish/varnish.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+addgroup varnish 2>/dev/null
+adduser -S -H -h /var/lib/varnish -s /bin/false -D -G varnish varnish 2>/dev/null
+exit 0

Natanael Copa <ncopa@alpinelinux.org>

11 years ago
i think we should use /sbin/nologin instead of /bin/false (we should change all our .pre-install scripts to that)
Next

diff --git a/main/varnish/varnishd.confd b/main/varnish/varnishd.confd
index 1b46706..e24e5f1 100644
--- a/main/varnish/varnishd.confd
+++ b/main/varnish/varnishd.confd
@@ -1,12 +1,42 @@
 # /etc/conf.d/varnishd
 
+# Varnish user.
+VARNISH_USER="varnish"
+
+# Varnish group.
+VARNISH_GROUP="varnish"

Natanael Copa <ncopa@alpinelinux.org>

11 years ago

Are there any situation where we want users be able to run varnish as other user than "varnish"? if not, i think we could remove this, and simply not give them the option to set the user/group.

+
+# Varnish configuration file.
+VARNISH_CONF="/etc/varnish/default.vcl"
+
+VARNISH_SECRET_FILE="/etc/varnish/secret"
+
+# Varnish address.
+VARNISH_LISTEN_ADDRESS=
+VARNISH_PORT=8080
+
+# Varnish work files.
+VARNISH_WORKING_DIR="/var/cache/$VARNISH_USER"
+VARNISH_STORAGE_FILE="/var/cache/$VARNISH_USER/varnish_storage.bin"
+VARNISH_STORAGE_SIZE=50M
+VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
+
+# PID files
+VARNISHD_PID_FILE=/var/run/varnish/varnishd.pid
+VARNISHNCSA_PID_FILE=/var/run/varnish/varnishncsa.pid
+
+# Varnish admin.
 ADMINHOSTPORT="127.0.0.1:65080"
-CFG_FILE="/etc/varnish/default.vcl"
 
 # options passed to varnish on startup
 # please see the varnishd man page for more options
-VARNISHD_OPTS="-a 127.0.0.1:8080 -T $ADMINHOSTPORT -f $CFG_FILE"
+VARNISHD_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_PORT} -f ${VARNISH_CONF} -s ${VARNISH_STORAGE} -P $VARNISHD_PID_FILE -n $VARNISH_WORKING_DIR -T $ADMINHOSTPORT" 
+
+if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then
+    VARNISHD_OPTS="-u varnish $VARNISHD_OPTS"
+fi

Natanael Copa <ncopa@alpinelinux.org>

11 years ago
i dont like running sed lines in a config file...
Next

 
 # arguments passed to varnishncsa
 # please see the varnishncsa man page for more options
 VARNISHNCSA_ARGS="-c -a -w /var/log/varnish/access.log"
+
diff --git a/main/varnish/varnishd.initd b/main/varnish/varnishd.initd
index b8c5653..8ccb220 100755
--- a/main/varnish/varnishd.initd
+++ b/main/varnish/varnishd.initd
@@ -13,24 +13,24 @@ start() {
 	ebegin "Starting varnish"
 	#allow varnishd to lock logfile to memory
 	ulimit -l 82000
-	start-stop-daemon --quiet --start --pidfile /var/run/varnishd.pid --exec /usr/sbin/varnishd -- -P /var/run/varnishd.pid ${VARNISHD_OPTS} &> /dev/null
+	start-stop-daemon --quiet --start --pidfile ${VARNISHD_PID_FILE} --exec /usr/sbin/varnishd -- -P ${VARNISHD_PID_FILE} ${VARNISHD_OPTS} &> /dev/null
 	eend $?
 
 	if [ "${VARNISHNCSA_ARGS}" != "" ]; then
 		ebegin "Starting varnish logging"
-		start-stop-daemon --quiet --start --pidfile /var/run/varnishncsa.pid --exec /usr/bin/varnishncsa -- -D -P /var/run/varnishncsa.pid ${VARNISHNCSA_ARGS}
+		start-stop-daemon --quiet --start --pidfile ${VARNISHNCSA_PID_FILE} --exec /usr/bin/varnishncsa -- -D -P ${VARNISHNCSA_PID_FILE} ${VARNISHNCSA_ARGS}
 		eend $?
 	fi
 }
 
 stop() {
 	ebegin "Stopping varnish"
-	start-stop-daemon --quiet --stop --pidfile /var/run/varnishd.pid
+	start-stop-daemon --quiet --stop --pidfile ${VARNISHD_PID_FILE}
 	eend $?
 
-	if [ -e /var/run/varnishncsa.pid ]; then
+	if [ -e ${VARNISHNCSA_PID_FILE} ]; then
 		ebegin "Stopping varnish logging"
-		start-stop-daemon --quiet --stop --pidfile /var/run/varnishncsa.pid
+		start-stop-daemon --quiet --stop --pidfile ${VARNISHNCSA_PID_FILE}
 		eend $?
 	fi
 }
@@ -47,7 +47,7 @@ reload() {
 
 	# reload new one
 	NOW=$(date +%Y%m%d-%H%M%S-%s)
-	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $CFG_FILE > /dev/null
+	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.load reload-$NOW $VARNISH_CONF > /dev/null

Natanael Copa <ncopa@alpinelinux.org>

11 years ago

I think this will break things for people who upgrades. we should probably fall back to CFG_FILE if VARNISH_CONF is unset, eg ${VARNISH_CONF:-${CFG_FILE}} (or exit with error if its not)

 	/usr/bin/varnishadm -T $ADMINHOSTPORT vcl.use  reload-$NOW > /dev/null
 
 	eend $?

Natanael Copa <ncopa@alpinelinux.org>

11 years ago

---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

-- 
1.8.0



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Natanael Copa <ncopa@alpinelinux.org>

11 years ago
sorry for late reply

On Tue, 16 Apr 2013 13:40:20 +0000
"V.Krishn" <vkrishn4@gmail.com> wrote:

~alpine/devel

Add more default options, Add user varnish. v1 PROPOSED

[alpine-devel] [PATCH] Add more default options, Add user varnish. Export this patch