From 7f39a5c632e4d900bd73bf1ed707431bf845d9b8 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 11 Aug 2019 12:43:13 +0100 Subject: [PATCH 01/13] #190: Updates upstream source image to 1.11.0. --- .env.example | 1 + CHANGELOG.md | 31 +- Dockerfile | 17 +- Makefile | 287 +++++++++++------- README-short.txt | 2 +- README.md | 75 +++-- command-keys.md | 67 ---- default.mk | 5 +- docker-compose.yml | 48 +-- environment.mk | 28 +- ...apper.conf => 50-varnishncsa-wrapper.conf} | 6 +- ...-wrapper.conf => 80-varnishd-wrapper.conf} | 6 +- .../system/centos-ssh-varnish@.service | 10 +- src/etc/varnish/docker-default.vcl | 1 + src/opt/scmi/default.sh | 5 +- src/opt/scmi/environment.sh | 37 +-- src/opt/scmi/service-unit.sh | 5 +- src/usr/bin/healthcheck | 60 +++- src/usr/sbin/varnishd-wrapper | 100 +++--- src/usr/sbin/varnishncsa-wrapper | 86 ++++-- test/shpec/operation_shpec.sh | 14 +- 21 files changed, 494 insertions(+), 397 deletions(-) delete mode 100644 command-keys.md rename src/etc/supervisord.d/{varnishncsa-wrapper.conf => 50-varnishncsa-wrapper.conf} (78%) rename src/etc/supervisord.d/{varnishd-wrapper.conf => 80-varnishd-wrapper.conf} (77%) diff --git a/.env.example b/.env.example index 032014a..8aa5ac9 100644 --- a/.env.example +++ b/.env.example @@ -1,3 +1,4 @@ +SYSTEM_TIMEZONE=UTC VARNISH_MAX_THREADS=1000 VARNISH_MIN_THREADS=50 VARNISH_OPTIONS= diff --git a/CHANGELOG.md b/CHANGELOG.md index e840c25..eb98491 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,31 @@ # Change Log -## centos-6 - -Summary of release changes for Version 1. - -CentOS-6 6.10 x86_64 - Varnish Cache 4.1. +## 1 - centos-6 + +Summary of release changes. + +### 1.7.0 - Unreleased + +- Updates source image to [1.11.0](https://github.com/jdeathe/centos-ssh/releases/tag/1.11.0). +- Updates CHANGELOG.md to simplify maintenance. +- Updates README.md to simplify contents and improve readability. +- Updates README-short.txt to apply to all image variants. +- Updates Dockerfile `org.deathe.description` metadata LABEL for consistency. +- Updates supervisord configuration to send error log output to stderr. +- Updates varnishd supervisord configuration file/priority to `80-varnishd-wrapper.conf`/`80`. +- Updates varnishncsa supervisord configuration file/priority to `50-varnishncsa-wrapper.conf`/`50`. +- Updates docker-compose example with redis session store replacing memcached for the apache-php service. +- Updates wrapper scripts timer to use UTC date timestamps. +- Fixes docker host connection status check in Makefile. +- Fixes error when restarting/reloading varnishd. +- Adds `inspect`, `reload` and `top` Makefile targets. +- Adds improved `clean` Makefile target; includes exited containers and dangling images. +- Adds `SYSTEM_TIMEZONE` handling to Makefile, scmi, systemd unit and docker-compose templates. +- Adds system time zone validation to healthcheck. +- Adds lock/state file to wrapper scripts. +- Removes `VARNISH_AUTOSTART_VARNISHD_WRAPPER`, replaced with `ENABLE_VARNISHD_WRAPPER`. +- Removes `VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER`, replaced with `ENABLE_VARNISHNCSA_WRAPPER`. +- Removes support for long image tags (i.e. centos-6-1.x.x). ### 1.6.0 - 2019-05-06 diff --git a/Dockerfile b/Dockerfile index 57ceaca..b2a2458 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM jdeathe/centos-ssh:1.10.1 +FROM jdeathe/centos-ssh:1.11.0 ARG RELEASE_VERSION="1.6.0" @@ -37,7 +37,6 @@ ADD src / # ------------------------------------------------------------------------------ # Provisioning # - Replace placeholders with values in systemd service unit template -# - Symbolic link varnish access log file to stdout # - Create directory for varnishncsa PID file # - Set permissions # ------------------------------------------------------------------------------ @@ -50,7 +49,7 @@ RUN sed -i \ varnishlog:varnish \ /var/{lib/misc,lock/subsys,run}/varnish \ && chmod 644 \ - /etc/varnish/*.vcl \ + /etc/{supervisord.d/{50-varnishncsa-wrapper,80-varnishd-wrapper}.conf,varnish/docker-default.vcl} \ && chmod 700 \ /usr/{bin/healthcheck,sbin/{varnishd,varnishncsa}-wrapper} \ && chmod 750 \ @@ -63,11 +62,11 @@ EXPOSE 80 8443 # ------------------------------------------------------------------------------ # Set default environment variables # ------------------------------------------------------------------------------ -ENV SSH_AUTOSTART_SSHD="false" \ - SSH_AUTOSTART_SSHD_BOOTSTRAP="false" \ - SSH_AUTOSTART_SUPERVISOR_STDOUT="false" \ - VARNISH_AUTOSTART_VARNISHD_WRAPPER="true" \ - VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER="false" \ +ENV \ + ENABLE_SSHD_BOOTSTRAP="false" \ + ENABLE_SSHD_WRAPPER="false" \ + ENABLE_VARNISHD_WRAPPER="true" \ + ENABLE_VARNISHNCSA_WRAPPER="false" \ VARNISH_MAX_THREADS="1000" \ VARNISH_MIN_THREADS="50" \ VARNISH_OPTIONS="" \ @@ -107,7 +106,7 @@ jdeathe/centos-ssh-varnish:${RELEASE_VERSION} \ org.deathe.license="MIT" \ org.deathe.vendor="jdeathe" \ org.deathe.url="https://github.com/jdeathe/centos-ssh-varnish" \ - org.deathe.description="CentOS-6 6.10 x86_64 - Varnish Cache 4.1." + org.deathe.description="Varnish Cache 4.1 - CentOS-6 6.10 x86_64." HEALTHCHECK \ --interval=1s \ diff --git a/Makefile b/Makefile index 5ebb343..6416f1b 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,7 @@ Targets: distclean Clean up distribution artifacts. exec COMMAND [ARG...] Run command in a the running container. help Show this help. + inspect [-f \"FORMAT\"] Return low-level information on the container. install Terminate running container and run the docker create template. images Show container's image details. @@ -32,14 +33,19 @@ Targets: pull Pull the release image from the registry. Requires the DOCKER_IMAGE_TAG variable. ps Display the details of the container process. + reload Send SIGHUP to the PID 1 container process. restart Restarts the container. rm Force remove the container. + rm-exited Force remove all containers in the exited state. rmi Untag (remove) the image. + rmi-dangling Untag (remove) images not referenced by any + container. run Execute the run container template. start Start the container in the created state. stop Stop the container when in a running state. terminate Unpause, stop and remove the container. test Run all test cases. + top [ps OPTIONS] Display the running processes of the container. unpause Unpause the container when in a paused state. Variables: @@ -60,6 +66,8 @@ Variables: artifacts are placed. - NO_CACHE When true, no cache will be used while running the build target. + - RELOAD_SIGNAL Default signal is SIGHUP. Use to set an alternative + signal value. - STARTUP_TIME Defines the number of seconds expected to complete the startup process, including the bootstrap where applicable. @@ -69,7 +77,7 @@ endef include environment.mk include default.mk -# UI constants +.DEFAULT_GOAL := build COLOUR_NEGATIVE := \033[1;31m COLOUR_POSITIVE := \033[1;32m COLOUR_RESET := \033[0m @@ -106,25 +114,22 @@ PREFIX_SUB_STEP_POSITIVE := $(shell \ "$(PREFIX_SUB_STEP)" \ "$(COLOUR_RESET)"; \ ) - -.DEFAULT_GOAL := build - -# Package prerequisites docker := $(shell \ command -v docker \ ) -xz := $(shell \ - command -v xz \ +docker-status := $(shell \ + if ! docker version > /dev/null; \ + then \ + printf -- 'ERROR'; \ + else \ + printf -- 'OK'; \ + fi \ ) - -# Testing prerequisites shpec := $(shell \ command -v shpec \ ) - -# Used to test docker host is accessible -get-docker-info := $(shell \ - $(docker) info \ +xz := $(shell \ + command -v xz \ ) define get-docker-image-id @@ -166,6 +171,7 @@ endef distclean \ exec \ help \ + inspect \ install \ images \ load \ @@ -174,14 +180,18 @@ endef pause \ pull \ ps \ + reload \ restart \ rm \ + rm-exited \ rmi \ + rmi-dangling \ run \ start \ stop \ terminate \ test \ + top \ unpause _prerequisites: @@ -193,38 +203,34 @@ ifeq ($(xz),) $(error "Please install the xz package.") endif -ifeq ($(get-docker-info),) - $(error "Unable to connect to docker host.") +ifneq ($(docker-status),OK) + $(error "Docker server host error.") endif _require-docker-container: @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ then \ - printf -- '%sThis operation requires the %s container.\n' \ + >&2 printf -- '%sThis operation requires the %s container.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ - "$(DOCKER_NAME)" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(DOCKER_NAME)"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "install" \ - >&2; \ + "install"; \ exit 1; \ fi _require-docker-container-not: @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "be removed or renamed" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "be removed or renamed"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "rm" \ - >&2; \ + "rm"; \ exit 1; \ fi @@ -234,16 +240,14 @@ _require-docker-container-not-status-paused: --filter "status=paused" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be unpaused" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be unpaused"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "unpause" \ - >&2; \ + "unpause"; \ exit 1; \ fi @@ -253,16 +257,14 @@ _require-docker-container-status-created: --filter "status=created" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be created" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be created"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "install" \ - >&2; \ + "install"; \ exit 1; \ fi @@ -272,16 +274,14 @@ _require-docker-container-status-exited: --filter "status=exited" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be exited" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be exited"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "stop" \ - >&2; \ + "stop"; \ exit 1; \ fi @@ -291,16 +291,14 @@ _require-docker-container-status-paused: --filter "status=paused" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be paused" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be paused"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "pause" \ - >&2; \ + "pause"; \ exit 1; \ fi @@ -310,42 +308,37 @@ _require-docker-container-status-running: --filter "status=running" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be running" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be running"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "start" \ - >&2; \ + "start"; \ exit 1; \ fi _require-docker-image-tag: @ if ! [[ "$(DOCKER_IMAGE_TAG)" =~ $(DOCKER_IMAGE_TAG_PATTERN) ]]; \ then \ - printf -- '%sInvalid %s value: %s\n' \ + >&2 printf -- '%sInvalid %s value: %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "DOCKER_IMAGE_TAG" \ - "$(DOCKER_IMAGE_TAG)" \ - >&2; \ + "$(DOCKER_IMAGE_TAG)"; \ exit 1; \ fi _require-docker-release-tag: @ if ! [[ "$(DOCKER_IMAGE_TAG)" =~ $(DOCKER_IMAGE_RELEASE_TAG_PATTERN) ]]; \ then \ - printf -- '%sInvalid %s value: %s\n' \ + >&2 printf -- '%sInvalid %s value: %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "DOCKER_IMAGE_TAG" \ - "$(DOCKER_IMAGE_TAG)" \ - >&2; \ - printf -- '%s%s\n' \ + "$(DOCKER_IMAGE_TAG)"; \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP)" \ - "A release tag is required for this operation." \ - >&2; \ + "A release tag is required for this operation."; \ exit 1; \ fi @@ -359,18 +352,16 @@ _require-package-path: fi; \ if [[ ! $${?} -eq 0 ]]; \ then \ - printf -- '%s%s: %s\n' \ + >&2 printf -- '%s%s: %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "Failed to make package path" \ - "$(DIST_PATH)" \ - >&2; \ + "$(DIST_PATH)"; \ exit 1; \ elif [[ -z $(DIST_PATH) ]]; \ then \ - printf -- '%sUndefined %s\n' \ + >&2 printf -- '%sUndefined %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ - "DIST_PATH" \ - >&2; \ + "DIST_PATH"; \ exit 1; \ fi @@ -415,10 +406,9 @@ build: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Build complete"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Build error" \ - >&2; \ + "Build error"; \ exit 1; \ fi @@ -426,7 +416,9 @@ clean: \ _prerequisites \ | \ terminate \ - rmi + rm-exited \ + rmi \ + rmi-dangling create: \ _prerequisites \ @@ -456,10 +448,9 @@ create: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container created"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container creation failed" \ - >&2; \ + "Container creation failed"; \ exit 1; \ fi @@ -506,10 +497,9 @@ dist: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Package saved"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Package save error" \ - >&2; \ + "Package save error"; \ exit 1; \ fi; \ fi @@ -547,10 +537,9 @@ distclean: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Package cleanup complete"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Package cleanup failed" \ - >&2; \ + "Package cleanup failed"; \ exit 1; \ fi; \ else \ @@ -560,7 +549,9 @@ distclean: \ fi exec: \ - _prerequisites + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running @ $(docker) exec -it $(DOCKER_NAME) $(filter-out $@, $(MAKECMDGOALS)) %:; @: @@ -572,17 +563,29 @@ images: \ help: \ _usage +inspect: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running + @ $(docker) inspect \ + --type=container \ + $(filter-out $@, $(MAKECMDGOALS)) \ + $(DOCKER_NAME) +%:; @: + install: | \ _prerequisites \ terminate \ create logs: \ - _prerequisites + _prerequisites \ + _require-docker-container @ $(docker) logs $(DOCKER_NAME) logs-delayed: \ - _prerequisites + _prerequisites \ + _require-docker-container @ sleep $(STARTUP_TIME) @ $(MAKE) logs @@ -608,15 +611,13 @@ load: \ "$(DOCKER_IMAGE_TAG)"; \ if [[ ! -s $($@_dist_path)/$($@_dist_file) ]]; \ then \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Package not found" \ - >&2; \ - printf -- '%sTry: DOCKER_IMAGE_TAG=%s make %s\n' \ + "Package not found"; \ + >&2 printf -- '%sTry: DOCKER_IMAGE_TAG=%s make %s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ "$(DOCKER_IMAGE_TAG)" \ - "dist" \ - >&2; \ + "dist"; \ exit 1; \ else \ $(xz) -dc \ @@ -632,6 +633,7 @@ load: \ pause: \ _prerequisites \ + _require-docker-container \ _require-docker-container-status-running @ printf -- '%s%s\n' \ "$(PREFIX_STEP)" \ @@ -660,10 +662,9 @@ pull: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Image pulled"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Error pulling image" \ - >&2; \ + "Error pulling image"; \ exit 1; \ fi @@ -673,6 +674,19 @@ ps: \ @ $(docker) ps -as \ --filter "name=$(DOCKER_NAME)" +reload: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Reloading container" + @ $(docker) exec $(DOCKER_NAME) \ + kill -$(RELOAD_SIGNAL) 1 + @ printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container reloaded" + restart: \ _prerequisites \ _require-docker-container \ @@ -710,14 +724,33 @@ rm: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container removed"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container removal failed" \ - >&2; \ + "Container removal failed"; \ exit 1; \ fi; \ fi +rm-exited: \ + _prerequisites + @ if [[ -z $$($(docker) ps -aq \ + --filter "status=exited" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Exited containers removal skipped"; \ + else \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Removing exited containers"; \ + $(docker) rm -f \ + $$($(docker) ps -aq \ + --filter "status=exited" \ + ) \ + 1> /dev/null; \ + fi + rmi: \ _prerequisites \ _require-docker-image-tag \ @@ -742,10 +775,9 @@ rmi: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Image untagged"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Error untagging image" \ - >&2; \ + "Error untagging image"; \ exit 1; \ fi; \ else \ @@ -754,6 +786,26 @@ rmi: \ "Untagging image skipped"; \ fi +rmi-dangling: \ + _prerequisites + @ if [[ -z $$($(docker) images -q \ + --filter "dangling=true" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Untagging dangling images skipped"; \ + else \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Untagging dangling images"; \ + $(docker) rmi \ + $$($(docker) images -q \ + --filter "dangling=true" \ + ) \ + 1> /dev/null; \ + fi + run: \ _prerequisites \ _require-docker-image-tag @@ -783,10 +835,9 @@ run: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container running"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container run failed" \ - >&2; \ + "Container run failed"; \ exit 1; \ fi @@ -816,15 +867,15 @@ start: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container started"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container start failed" \ - >&2; \ + "Container start failed"; \ exit 1; \ fi stop: \ _prerequisites \ + _require-docker-container \ _require-docker-container-not-status-paused \ _require-docker-container-status-running @ printf -- '%s%s\n' \ @@ -847,14 +898,20 @@ stop: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container stopped"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Error stopping container" \ - >&2; \ + "Error stopping container"; \ exit 1; \ fi; \ fi +top: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running + @ $(docker) top $(DOCKER_NAME) $(filter-out $@, $(MAKECMDGOALS)) +%:; @: + terminate: \ _prerequisites @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ @@ -905,10 +962,9 @@ terminate: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container terminated"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container termination failed" \ - >&2; \ + "Container termination failed"; \ exit 1; \ fi; \ fi @@ -926,6 +982,7 @@ test: \ unpause: \ _prerequisites \ + _require-docker-container \ _require-docker-container-status-paused @ printf -- '%s%s\n' \ "$(PREFIX_STEP)" \ diff --git a/README-short.txt b/README-short.txt index ddf6d19..10d1f80 100644 --- a/README-short.txt +++ b/README-short.txt @@ -1 +1 @@ -CentOS-6 6.10 x86_64 - Varnish Cache. \ No newline at end of file +Varnish Cache - CentOS. \ No newline at end of file diff --git a/README.md b/README.md index baad2fe..577f2bf 100644 --- a/README.md +++ b/README.md @@ -1,42 +1,26 @@ -centos-ssh-varnish -================== +### Tags and respective `Dockerfile` links -Docker Image including: -- CentOS-6 6.10 x86_64 and Varnish Cache 4.1. -- CentOS-7 7.5.1804 x86_64 and Varnish Cache 6.2. +- `centos-7`, `2.3.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) +- `centos-6`, `1.6.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) -## Overview & links +## Overview -- `centos-7`, `centos-7-2.3.0`, `2.3.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) -- `centos-6`, `centos-6-1.6.0`, `1.6.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) +Apache PHP web server, loading only a minimal set of Apache modules by default. -#### centos-6 +This build uses the base image [jdeathe/centos-ssh](https://github.com/jdeathe/centos-ssh) so inherits it's features but with `sshd` disabled by default. [Supervisor](http://supervisord.org/) is used to start the varnishd (and optionally the varnishncsa) daemon when a docker container based on this image is run. -The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.6.0`or `1.6.0` for the [1.6.0](https://github.com/jdeathe/centos-ssh-varnish/tree/1.6.0) release tag. +### Image variants -#### centos-7 +- [Varnish Cache 6.2 - CentOS-7](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7) +- [Varnish Cache 4.1 - CentOS-6](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6) -The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.3.0`or `2.3.0` for the [2.3.0](https://github.com/jdeathe/centos-ssh-varnish/tree/2.3.0) release tag. +## Quick start -Included in the build are the [SCL](https://www.softwarecollections.org/), [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include [OpenSSH](http://www.openssh.com/portable.html) secure shell, [vim-minimal](http://www.vim.org/), are installed along with python-setuptools, [supervisor](http://supervisord.org/) and [supervisor-stdout](https://github.com/coderanger/supervisor-stdout). +> For production use, it is recommended to select a specific release tag as shown in the examples. -Supervisor is used to start the varnishd (and optionally the varnishncsa or sshd) daemon when a docker container based on this image is run. +Run up a container named `varnish.1` from the docker image `jdeathe/centos-ssh-varnish` on port 80 of your docker host. 1 backend host is defined mapping the host `httpd_1` to the IP address `172.17.8.101`; this is required to identify the backend host that's defined in the default Varnish VCL file. -If enabling and configuring SSH access, it is by public key authentication and, by default, the [Vagrant](http://www.vagrantup.com/) [insecure private key](https://github.com/mitchellh/vagrant/blob/master/keys/vagrant) is required. - -### SSH Alternatives - -SSH is not required in order to access a terminal for the running container. The simplest method is to use the docker exec command to run bash (or sh) as follows: - -``` -$ docker exec -it {docker-name-or-id} bash -``` - -For cases where access to docker exec is not possible the preferred method is to use Command Keys and the nsenter command. See [command-keys.md](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/command-keys.md) for details on how to set this up. - -## Quick Example - -Run up a container named `varnish.1` from the docker image `jdeathe/centos-ssh-varnish` on port 80 of your docker host. 1 backend host is defined with the IP address 172.17.8.101; this is required to identify the backend hosts from within the Varnish VCL file. +> Change `172.17.8.101` in the example below to an IP address that resolves to a valid web server on your network. ``` $ docker run -d -t \ @@ -44,10 +28,17 @@ $ docker run -d -t \ -p 80:80 \ --sysctl "net.core.somaxconn=1024" \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:1.6.0 + jdeathe/centos-ssh-varnish:2.3.0 +``` + +Verify the named container's process status and health. + +``` +$ docker ps -a \ + -f "name=varnish.1" ``` -Now you can verify it is initialised and running successfully by inspecting the container's logs. +Verify successful initialisation of the named container. ``` $ docker logs varnish.1 @@ -57,7 +48,9 @@ $ docker logs varnish.1 ### Running -To run the a docker container from this image you can use the standard docker commands. Alternatively, if you have a checkout of the [source repository](https://github.com/jdeathe/centos-ssh-varnish), and have make installed the Makefile provides targets to build, install, start, stop etc. where environment variables can be used to configure the container options and set custom docker run parameters. +To run the a docker container from this image you can use the standard docker commands as shown in the example below. Alternatively, there's a [docker-compose](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/docker-compose.yml) example. + +For production use, it is recommended to select a specific release tag as shown in the examples. In the following example the http service is bound to port 8000 and offloaded https on port 8500 of the docker host. Also, the environment variable `VARNISH_STORAGE` has been used to set up a 256M memory based storage instead of the default file based type. @@ -65,8 +58,8 @@ In the following example the http service is bound to port 8000 and offloaded ht ``` $ docker stop varnish.1 && \ - docker rm varnish.1 -$ docker run \ + docker rm varnish.1; \ + docker run \ --detach \ --tty \ --name varnish.1 \ @@ -82,7 +75,7 @@ $ docker run \ --env "VARNISH_MAX_THREADS=2000" \ --env "VARNISH_MIN_THREADS=100" \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:1.6.0 + jdeathe/centos-ssh-varnish:2.3.0 ``` Now you can verify it is initialised and running successfully by inspecting the container's logs: @@ -91,17 +84,17 @@ Now you can verify it is initialised and running successfully by inspecting the $ docker logs varnish.1 ``` -#### Environment Variables +#### Environment variables There are several environmental variables defined at runtime which allows the operator to customise the running container. This may become necessary under special circumstances and the following show those that are most likely to be considered for review, the rest should be left unaltered and for clarification refer to the [varnishd documentation](https://www.varnish-cache.org/docs/4.1/index.html). -##### VARNISH_AUTOSTART_VARNISHD_WRAPPER +##### ENABLE_VARNISHD_WRAPPER -It may be desirable to prevent the startup of the varnishd-wrapper script. For example, when using an image built from this Dockerfile as the source for another Dockerfile you could disable varnishd from startup by setting `VARNISH_AUTOSTART_VARNISHD_WRAPPER` to `false`. +It may be desirable to prevent the startup of the varnishd-wrapper script. For example, when using an image built from this Dockerfile as the source for another Dockerfile you could disable varnishd from startup by setting `ENABLE_VARNISHD_WRAPPER` to `false`. -##### VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER +##### ENABLE_VARNISHNCSA_WRAPPER -Controls the startup of the varnishncsa-wrapper script which is not started by default. With `VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER` set to `true` the `varnishncsa` process is started to output the Varnish in-memory logs to the log file `/var/log/varnish/access_log`. Logs are in Apache / NCSA combined log format unless altered using `VARNISH_VARNISHNCSA_FORMAT`. +Controls the startup of the varnishncsa-wrapper script which is not started by default. With `ENABLE_VARNISHNCSA_WRAPPER` set to `true` the `varnishncsa` process is started to output the Varnish in-memory logs to the log file `/var/log/varnish/access_log`. Logs are in Apache / NCSA combined log format unless altered using `VARNISH_VARNISHNCSA_FORMAT`. ##### VARNISH_MIN_THREADS, VARNISH_MAX_THREADS & VARNISH_THREAD_TIMEOUT @@ -121,7 +114,7 @@ The `VARNISH_TTL` can be used to set a hard minimum time to live for cached docu ##### VARNISH_VARNISHNCSA_FORMAT -When `VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER` is set to `true` then `VARNISH_VARNISHNCSA_FORMAT` can be used to set the output log [format string](https://varnish-cache.org/docs/6.0/reference/varnishncsa.html#format). +When `ENABLE_VARNISHNCSA_WRAPPER` is set to `true` then `VARNISH_VARNISHNCSA_FORMAT` can be used to set the output log [format string](https://varnish-cache.org/docs/6.0/reference/varnishncsa.html#format). ##### VARNISH_VARNISHNCSA_OPTIONS diff --git a/command-keys.md b/command-keys.md deleted file mode 100644 index f3b4e04..0000000 --- a/command-keys.md +++ /dev/null @@ -1,67 +0,0 @@ -# Command Keys - -Using command keys to access containers (without sshd). - -Access docker containers using docker host SSH public key authentication and nsenter command to start up a bash terminal inside a container. In the following example the container name is "varnish.1" - -## Create a unique public/private key pair for each container - -``` -$ cd ~/.ssh/ && ssh-keygen -q -t rsa -f id-rsa.varnish.1 -``` - -## Prefix the public key with the nsenter command - -``` -$ sed -i '' \ - '1s#^#command="sudo nsenter -m -u -i -n -p -t $(docker inspect --format \\\"{{ .State.Pid }}\\\" varnish.1) /bin/bash" #' \ - ~/.ssh/id-rsa.varnish.1.pub -``` - -## Upload the public key to the docker host VM - -The host in this example is core-01.local that has SSH public key authentication enabled using the Vagrant insecure private key. - -### Generic Linux Host Example - -``` -$ cat ~/.ssh/id-rsa.varnish.1.pub | ssh -i ~/.vagrant.d/insecure_private_key \ - core@core-01.local \ - "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" -``` - -### CoreOS Host Example - -``` -$ cat ~/.ssh/id-rsa.varnish.1.pub | ssh -i ~/.vagrant.d/insecure_private_key \ - core@core-01.local \ - update-ssh-keys -a core@varnish.1 -``` - -### Usage - -``` -$ ssh -i ~/.ssh/id-rsa.varnish.1 \ - core@core-01.local \ - -o StrictHostKeyChecking=no -``` - -#### SSH Config - -To simplify the command required to access the running container we can add an entry to the SSH configuration file ```~/.ssh/config``` as follows: - -``` -Host core-01.varnish.1 - HostName core-01.local - Port 22 - User core - StrictHostKeyChecking no - IdentitiesOnly yes - IdentityFile ~/.ssh/id-rsa.varnish.1 -``` - -With the above entry in place we can now run the following to access the running container: - -``` -$ ssh core-01.varnish.1 -``` diff --git a/default.mk b/default.mk index cd40d45..c2df3b1 100644 --- a/default.mk +++ b/default.mk @@ -82,8 +82,9 @@ define DOCKER_CONTAINER_PARAMETERS --ulimit "memlock=$(ULIMIT_MEMLOCK)" \ --ulimit "nofile=$(ULIMIT_NOFILE)" \ --ulimit "nproc=$(ULIMIT_NPROC)" \ ---env "VARNISH_AUTOSTART_VARNISHD_WRAPPER=$(VARNISH_AUTOSTART_VARNISHD_WRAPPER)" \ ---env "VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=$(VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER)" \ +--env "ENABLE_VARNISHD_WRAPPER=$(ENABLE_VARNISHD_WRAPPER)" \ +--env "ENABLE_VARNISHNCSA_WRAPPER=$(ENABLE_VARNISHNCSA_WRAPPER)" \ +--env "SYSTEM_TIMEZONE=$(SYSTEM_TIMEZONE)" \ --env "VARNISH_MAX_THREADS=$(VARNISH_MAX_THREADS)" \ --env "VARNISH_MIN_THREADS=$(VARNISH_MIN_THREADS)" \ --env "VARNISH_OPTIONS=$(VARNISH_OPTIONS)" \ diff --git a/docker-compose.yml b/docker-compose.yml index c7e44f5..f895c49 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,7 +34,8 @@ services: depends_on: - "apache-php" environment: - VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER: "true" + ENABLE_VARNISHNCSA_WRAPPER: "true" + SYSTEM_TIMEZONE: "${SYSTEM_TIMEZONE}" VARNISH_MAX_THREADS: "${VARNISH_MAX_THREADS}" VARNISH_MIN_THREADS: "${VARNISH_MIN_THREADS}" VARNISH_OPTIONS: "${VARNISH_OPTIONS}" @@ -67,18 +68,20 @@ services: nproc: 65535 apache-php: depends_on: - - "memcached" + - "redis" environment: APACHE_CUSTOM_LOG_LOCATION: "/dev/null" APACHE_ERROR_LOG_LOCATION: "/dev/stderr" APACHE_LOAD_MODULES: "rewrite_module" APACHE_MOD_SSL_ENABLED: "false" - APACHE_MPM: "event" + APACHE_MPM: "worker" APACHE_SERVER_ALIAS: "app.local" APACHE_SERVER_NAME: "www.app.local" - PHP_OPTIONS_SESSION_SAVE_HANDLER: "memcached" - PHP_OPTIONS_SESSION_SAVE_PATH: "memcached:11211" - image: "jdeathe/centos-ssh-apache-php:2.4.0" + PHP_OPTIONS_DATE_TIMEZONE: "${SYSTEM_TIMEZONE}" + PHP_OPTIONS_SESSION_SAVE_HANDLER: "redis" + PHP_OPTIONS_SESSION_SAVE_PATH: "redis:6379" + SYSTEM_TIMEZONE: "${SYSTEM_TIMEZONE}" + image: "jdeathe/centos-ssh-apache-php-fcgi:1.13.2" networks: tier2: aliases: @@ -88,15 +91,24 @@ services: net.core.somaxconn: "1024" net.ipv4.ip_local_port_range: "1024 65535" net.ipv4.route.flush: "1" - memcached: - environment: - MEMCACHED_CACHESIZE: "32" - MEMCACHED_MAXCONN: "1024" - image: "jdeathe/centos-ssh-memcached:1.3.1" - networks: - - "tier2" - restart: "always" - sysctls: - net.core.somaxconn: "1024" - net.ipv4.ip_local_port_range: "1024 65535" - net.ipv4.route.flush: "1" + redis: + environment: + REDIS_MAXMEMORY: "32mb" + REDIS_TCP_BACKLOG: "1024" + SYSTEM_TIMEZONE: "${SYSTEM_TIMEZONE}" + image: "jdeathe/centos-ssh-redis:1.2.0" + networks: + - "tier2" + ports: + - "6379:6379" + restart: "always" + sysctls: + net.core.somaxconn: "1024" + net.ipv4.ip_local_port_range: "1024 65535" + net.ipv4.route.flush: "1" + ulimits: + memlock: 82000 + nofile: + soft: 524288 + hard: 1048576 + nproc: 65535 diff --git a/environment.mk b/environment.mk index 9d4da67..150bf92 100644 --- a/environment.mk +++ b/environment.mk @@ -1,41 +1,28 @@ # ------------------------------------------------------------------------------ # Constants # ------------------------------------------------------------------------------ -DOCKER_USER := jdeathe DOCKER_IMAGE_NAME := centos-ssh-varnish +DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^[1-2]\.[0-9]+\.[0-9]+$ +DOCKER_IMAGE_TAG_PATTERN := ^(latest|[1-2]\.[0-9]+\.[0-9]+)$ +DOCKER_USER := jdeathe SHPEC_ROOT := test/shpec -# Tag validation patterns -DOCKER_IMAGE_TAG_PATTERN := ^(latest|centos-6|((1|centos-6-1)\.[0-9]+\.[0-9]+))$ -DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^(1|centos-6-1)\.[0-9]+\.[0-9]+$ - # ------------------------------------------------------------------------------ # Variables # ------------------------------------------------------------------------------ - -# Docker image/container settings +DIST_PATH ?= ./dist DOCKER_CONTAINER_OPTS ?= DOCKER_IMAGE_TAG ?= latest DOCKER_NAME ?= varnish.1 DOCKER_PORT_MAP_TCP_80 ?= 8000 DOCKER_PORT_MAP_TCP_8443 ?= 8500 DOCKER_RESTART_POLICY ?= always - -# Docker build --no-cache parameter NO_CACHE ?= false - -# Directory path for release packages -DIST_PATH ?= ./dist - -# Number of seconds expected to complete container startup including bootstrap. +RELOAD_SIGNAL ?= HUP STARTUP_TIME ?= 4 - -# Docker --sysctl settings SYSCTL_NET_CORE_SOMAXCONN ?= 1024 SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE ?= 1024 65535 SYSCTL_NET_IPV4_ROUTE_FLUSH ?= 1 - -# Docker --ulimit settings ULIMIT_MEMLOCK ?= 82000 ULIMIT_NOFILE ?= 131072 ULIMIT_NPROC ?= 9223372036854775807 @@ -43,8 +30,9 @@ ULIMIT_NPROC ?= 9223372036854775807 # ------------------------------------------------------------------------------ # Application container configuration # ------------------------------------------------------------------------------ -VARNISH_AUTOSTART_VARNISHD_WRAPPER ?= true -VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER ?= false +ENABLE_VARNISHD_WRAPPER ?= true +ENABLE_VARNISHNCSA_WRAPPER ?= false +SYSTEM_TIMEZONE ?= UTC VARNISH_MAX_THREADS ?= 1000 VARNISH_MIN_THREADS ?= 50 VARNISH_OPTIONS ?= diff --git a/src/etc/supervisord.d/varnishncsa-wrapper.conf b/src/etc/supervisord.d/50-varnishncsa-wrapper.conf similarity index 78% rename from src/etc/supervisord.d/varnishncsa-wrapper.conf rename to src/etc/supervisord.d/50-varnishncsa-wrapper.conf index 8bb1199..b89eb68 100644 --- a/src/etc/supervisord.d/varnishncsa-wrapper.conf +++ b/src/etc/supervisord.d/50-varnishncsa-wrapper.conf @@ -1,10 +1,10 @@ [program:varnishncsa-wrapper] autorestart = true -autostart = %(ENV_VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER)s +autostart = %(ENV_ENABLE_VARNISHNCSA_WRAPPER)s command = /usr/sbin/varnishncsa-wrapper --verbose -priority = 150 -startsecs = 1 +priority = 50 startretries = 0 +startsecs = 1 stderr_logfile = /dev/stderr stderr_logfile_maxbytes = 0 stdout_logfile = /dev/stdout diff --git a/src/etc/supervisord.d/varnishd-wrapper.conf b/src/etc/supervisord.d/80-varnishd-wrapper.conf similarity index 77% rename from src/etc/supervisord.d/varnishd-wrapper.conf rename to src/etc/supervisord.d/80-varnishd-wrapper.conf index 592d7cc..681704b 100644 --- a/src/etc/supervisord.d/varnishd-wrapper.conf +++ b/src/etc/supervisord.d/80-varnishd-wrapper.conf @@ -1,10 +1,10 @@ [program:varnishd-wrapper] autorestart = true -autostart = %(ENV_VARNISH_AUTOSTART_VARNISHD_WRAPPER)s +autostart = %(ENV_ENABLE_VARNISHD_WRAPPER)s command = /usr/sbin/varnishd-wrapper --verbose -priority = 100 -startsecs = 1 +priority = 80 startretries = 0 +startsecs = 1 stderr_logfile = /dev/stderr stderr_logfile_maxbytes = 0 stdout_logfile = /dev/stdout diff --git a/src/etc/systemd/system/centos-ssh-varnish@.service b/src/etc/systemd/system/centos-ssh-varnish@.service index 61007c2..1556631 100644 --- a/src/etc/systemd/system/centos-ssh-varnish@.service +++ b/src/etc/systemd/system/centos-ssh-varnish@.service @@ -57,14 +57,15 @@ Environment="DOCKER_IMAGE_TAG={{RELEASE_VERSION}}" Environment="DOCKER_PORT_MAP_TCP_80=8000" Environment="DOCKER_PORT_MAP_TCP_8443=8500" Environment="DOCKER_USER=jdeathe" +Environment="ENABLE_VARNISHD_WRAPPER=true" +Environment="ENABLE_VARNISHNCSA_WRAPPER=false" Environment="SYSCTL_NET_CORE_SOMAXCONN=1024" Environment="SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE=1024 65535" Environment="SYSCTL_NET_IPV4_ROUTE_FLUSH=1" +Environment="SYSTEM_TIMEZONE=UTC" Environment="ULIMIT_MEMLOCK=82000" Environment="ULIMIT_NOFILE=131072" Environment="ULIMIT_NPROC=9223372036854775807" -Environment="VARNISH_AUTOSTART_VARNISHD_WRAPPER=true" -Environment="VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=false" Environment="VARNISH_MAX_THREADS=1000" Environment="VARNISH_MIN_THREADS=50" Environment="VARNISH_OPTIONS=" @@ -137,8 +138,9 @@ ExecStart=/bin/bash -c \ --ulimit \"memlock=${ULIMIT_MEMLOCK}\" \ --ulimit \"nofile=${ULIMIT_NOFILE}\" \ --ulimit \"nproc=${ULIMIT_NPROC}\" \ - --env \"VARNISH_AUTOSTART_VARNISHD_WRAPPER=${VARNISH_AUTOSTART_VARNISHD_WRAPPER}\" \ - --env \"VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER}\" \ + --env \"ENABLE_VARNISHD_WRAPPER=${ENABLE_VARNISHD_WRAPPER}\" \ + --env \"ENABLE_VARNISHNCSA_WRAPPER=${ENABLE_VARNISHNCSA_WRAPPER}\" \ + --env \"SYSTEM_TIMEZONE=${SYSTEM_TIMEZONE}\" \ --env \"VARNISH_MAX_THREADS=${VARNISH_MAX_THREADS}\" \ --env \"VARNISH_MIN_THREADS=${VARNISH_MIN_THREADS}\" \ --env \"VARNISH_OPTIONS=${VARNISH_OPTIONS}\" \ diff --git a/src/etc/varnish/docker-default.vcl b/src/etc/varnish/docker-default.vcl index 645c9c0..d42c016 100644 --- a/src/etc/varnish/docker-default.vcl +++ b/src/etc/varnish/docker-default.vcl @@ -72,6 +72,7 @@ sub vcl_recv { std.port(local.ip) == 80) { # Port 80 set req.http.X-Forwarded-Port = "80"; + set req.http.X-Forwarded-Proto = "http"; set req.backend_hint = director_http.backend(); } else { # Reject unexpected ports diff --git a/src/opt/scmi/default.sh b/src/opt/scmi/default.sh index 3dbf3f3..9856a1a 100644 --- a/src/opt/scmi/default.sh +++ b/src/opt/scmi/default.sh @@ -95,8 +95,9 @@ DOCKER_CONTAINER_PARAMETERS="--tty \ --ulimit \"memlock=${ULIMIT_MEMLOCK}\" \ --ulimit \"nofile=${ULIMIT_NOFILE}\" \ --ulimit \"nproc=${ULIMIT_NPROC}\" \ ---env \"VARNISH_AUTOSTART_VARNISHD_WRAPPER=${VARNISH_AUTOSTART_VARNISHD_WRAPPER}\" \ ---env \"VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER}\" \ +--env \"ENABLE_VARNISHD_WRAPPER=${ENABLE_VARNISHD_WRAPPER}\" \ +--env \"ENABLE_VARNISHNCSA_WRAPPER=${ENABLE_VARNISHNCSA_WRAPPER}\" \ +--env \"SYSTEM_TIMEZONE=${SYSTEM_TIMEZONE}\" \ --env \"VARNISH_MAX_THREADS=${VARNISH_MAX_THREADS}\" \ --env \"VARNISH_MIN_THREADS=${VARNISH_MIN_THREADS}\" \ --env \"VARNISH_OPTIONS=${VARNISH_OPTIONS}\" \ diff --git a/src/opt/scmi/environment.sh b/src/opt/scmi/environment.sh index 9e4a1cc..517f07a 100644 --- a/src/opt/scmi/environment.sh +++ b/src/opt/scmi/environment.sh @@ -1,54 +1,39 @@ # ------------------------------------------------------------------------------ # Constants # ------------------------------------------------------------------------------ -readonly DOCKER_USER=jdeathe readonly DOCKER_IMAGE_NAME=centos-ssh-varnish - -# Tag validation patterns -readonly DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-6|((1|centos-6-1)\.[0-9]+\.[0-9]+))$' -readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|centos-6-1)\.[0-9]+\.[0-9]+$' +readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^[1-2]\.[0-9]+\.[0-9]+$' +readonly DOCKER_IMAGE_TAG_PATTERN='^(latest|[1-2]\.[0-9]+\.[0-9]+)$' +readonly DOCKER_USER=jdeathe # ------------------------------------------------------------------------------ # Variables # ------------------------------------------------------------------------------ - -# Docker image/container settings +DIST_PATH="${DIST_PATH:-./dist}" DOCKER_CONTAINER_OPTS="${DOCKER_CONTAINER_OPTS:-}" DOCKER_IMAGE_TAG="${DOCKER_IMAGE_TAG:-latest}" DOCKER_NAME="${DOCKER_NAME:-varnish.1}" DOCKER_PORT_MAP_TCP_80="${DOCKER_PORT_MAP_TCP_80:-8000}" DOCKER_PORT_MAP_TCP_8443="${DOCKER_PORT_MAP_TCP_8443:-8500}" DOCKER_RESTART_POLICY="${DOCKER_RESTART_POLICY:-always}" - -# Docker build --no-cache parameter NO_CACHE="${NO_CACHE:-false}" - -# Directory path for release packages -DIST_PATH="${DIST_PATH:-./dist}" - -# Number of seconds expected to complete container startup including bootstrap. +REGISTER_ETCD_PARAMETERS="${REGISTER_ETCD_PARAMETERS:-}" +REGISTER_TTL="${REGISTER_TTL:-60}" +REGISTER_UPDATE_INTERVAL="${REGISTER_UPDATE_INTERVAL:-55}" STARTUP_TIME="${STARTUP_TIME:-4}" - -# Docker --sysctl settings SYSCTL_NET_CORE_SOMAXCONN="${SYSCTL_NET_CORE_SOMAXCONN:-1024}" -SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE="${SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE:-1024 65535}" +SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE="${SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE:-"1024 65535"}" SYSCTL_NET_IPV4_ROUTE_FLUSH="${SYSCTL_NET_IPV4_ROUTE_FLUSH:-1}" - -# Docker --ulimit settings ULIMIT_MEMLOCK="${ULIMIT_MEMLOCK:-82000}" ULIMIT_NOFILE="${ULIMIT_NOFILE:-131072}" ULIMIT_NPROC="${ULIMIT_NPROC:-9223372036854775807}" -# ETCD register service settings -REGISTER_ETCD_PARAMETERS="${REGISTER_ETCD_PARAMETERS:-}" -REGISTER_TTL="${REGISTER_TTL:-60}" -REGISTER_UPDATE_INTERVAL="${REGISTER_UPDATE_INTERVAL:-55}" - # ------------------------------------------------------------------------------ # Application container configuration # ------------------------------------------------------------------------------ -VARNISH_AUTOSTART_VARNISHD_WRAPPER="${VARNISH_AUTOSTART_VARNISHD_WRAPPER:-true}" -VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER="${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER:-false}" +ENABLE_VARNISHD_WRAPPER="${ENABLE_VARNISHD_WRAPPER:-true}" +ENABLE_VARNISHNCSA_WRAPPER="${ENABLE_VARNISHNCSA_WRAPPER:-false}" +SYSTEM_TIMEZONE="${SYSTEM_TIMEZONE:-UTC}" VARNISH_MAX_THREADS="${VARNISH_MAX_THREADS:-1000}" VARNISH_MIN_THREADS="${VARNISH_MIN_THREADS:-50}" VARNISH_OPTIONS="" diff --git a/src/opt/scmi/service-unit.sh b/src/opt/scmi/service-unit.sh index 2d5eed0..86549ab 100644 --- a/src/opt/scmi/service-unit.sh +++ b/src/opt/scmi/service-unit.sh @@ -7,14 +7,15 @@ readonly SERVICE_UNIT_ENVIRONMENT_KEYS=" DOCKER_IMAGE_TAG DOCKER_PORT_MAP_TCP_80 DOCKER_PORT_MAP_TCP_8443 + ENABLE_VARNISHD_WRAPPER + ENABLE_VARNISHNCSA_WRAPPER SYSCTL_NET_CORE_SOMAXCONN SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE SYSCTL_NET_IPV4_ROUTE_FLUSH + SYSTEM_TIMEZONE ULIMIT_MEMLOCK ULIMIT_NOFILE ULIMIT_NPROC - VARNISH_AUTOSTART_VARNISHD_WRAPPER - VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER VARNISH_MAX_THREADS VARNISH_MIN_THREADS VARNISH_OPTIONS diff --git a/src/usr/bin/healthcheck b/src/usr/bin/healthcheck index 30f0bb4..a699512 100755 --- a/src/usr/bin/healthcheck +++ b/src/usr/bin/healthcheck @@ -2,8 +2,47 @@ set -e +function __get_system_timezone () +{ + local -r default_value="${1:-UTC}" + + local value="${SYSTEM_TIMEZONE}" + + if ! __is_valid_system_timezone "${value}" + then + value="${default_value}" + fi + + printf -- '%s' "${value}" +} + +function __is_valid_system_timezone () +{ + __is_valid_zone "${@}" +} + +function __is_valid_zone () +{ + local zone="${1}" + + if [[ -n ${zone} ]] \ + && [[ -f /usr/share/zoneinfo/${zone} ]] + then + return 0 + fi + + return 1 +} + function main () { + local -r system_timezone="$( + __get_system_timezone + )" + local -r zone="$( + system-timezone -qq + )" + if ! ps axo command \ | grep -qE '^/usr/bin/python /usr/bin/supervisord' then @@ -13,14 +52,21 @@ function main () exit 1 fi - if [[ ${VARNISH_AUTOSTART_VARNISHD_WRAPPER} == false ]] \ - && [[ ${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER} == false ]] + if [[ ${system_timezone} != "${zone}" ]] + then + >&2 printf -- \ + '%s\n' \ + "system-timezone zone mismatch." + exit 1 + fi + + if [[ ${ENABLE_VARNISHD_WRAPPER} == false ]] \ + && [[ ${ENABLE_VARNISHNCSA_WRAPPER} == false ]] then exit 0 fi - # varnishd-wrapper - if [[ ${VARNISH_AUTOSTART_VARNISHD_WRAPPER} == true ]] \ + if [[ ${ENABLE_VARNISHD_WRAPPER} == true ]] \ && ! ps axo command \ | grep -qE '^/usr/sbin/varnishd ' then @@ -30,8 +76,7 @@ function main () exit 1 fi - # ready status - if [[ ${VARNISH_AUTOSTART_VARNISHD_WRAPPER} == true ]] \ + if [[ ${ENABLE_VARNISHD_WRAPPER} == true ]] \ && ! varnishadm vcl.show -v boot \ &> /dev/null then @@ -41,8 +86,7 @@ function main () exit 1 fi - # varnishncsa-wrapper - if [[ ${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER} == true ]] \ + if [[ ${ENABLE_VARNISHNCSA_WRAPPER} == true ]] \ && ! ps axo command \ | grep -qE '^/usr/bin/varnishncsa ' then diff --git a/src/usr/sbin/varnishd-wrapper b/src/usr/sbin/varnishd-wrapper index 40cc11d..95318a4 100755 --- a/src/usr/sbin/varnishd-wrapper +++ b/src/usr/sbin/varnishd-wrapper @@ -4,10 +4,7 @@ set -e function __cleanup () { - if [[ -e ${lock_file} ]] - then - rm -f "${lock_file}" - fi + __delete_lock } function __create_lock () @@ -26,6 +23,14 @@ function __create_state () fi } +function __delete_lock () +{ + if [[ -f ${lock_file} ]] + then + rm -f "${lock_file}" + fi +} + function __get_options () { local -r max_threads="${5:-"$( @@ -38,7 +43,7 @@ function __get_options () __get_varnish_options )"}" local -r storage="${2:-"$( - __get_varnish_options + __get_varnish_storage )"}" local -r thread_timeout="${6:-"$( __get_varnish_thread_timeout @@ -67,10 +72,18 @@ function __get_options () "${options}" } +function __get_proxy () +{ + printf -- \ + '%s -n %s' \ + "${nice}" \ + "${niceness}" +} + function __get_timer_total () { local -r timer_end="$( - date +%s.%N + date -u +%s.%N )" local -r timer_start="${1}" @@ -197,6 +210,26 @@ function __get_varnish_vcl_conf_path () printf -- '%s' "${value}" } +function __get_varnishd_version () +{ + local semantic_version + + if ! command -v varnishd &> /dev/null + then + >&2 printf -- \ + 'ERROR: varnishd binary not installed\n' + return 1 + fi + + semantic_version="$( + 2>&1 varnishd -V \ + | grep -E -o 'varnish-\/[0-9]+\.[0-9]+\.[0-9]+' \ + | awk -F'-' '{ print $NF; }' + )" + + printf -- '%s' "${semantic_version}" +} + function __is_valid_positive_integer () { local -r positive_integer='^[0-9]+$' @@ -268,26 +301,6 @@ function __is_valid_varnish_ttl () __is_valid_positive_integer "${@}" } -function __get_varnishd_version () -{ - local semantic_version - - if ! command -v varnishd &> /dev/null - then - >&2 printf -- \ - 'ERROR: varnishd binary not installed\n' - return 1 - fi - - semantic_version="$( - 2>&1 varnishd -V \ - | grep -E -o 'varnish-\/[0-9]+\.[0-9]+\.[0-9]+' \ - | awk -F'-' '{ print $NF; }' - )" - - printf -- '%s' "${semantic_version}" -} - function __populate_psk_secret_file () { local -r file_path="${1:-/etc/varnish/secret}" @@ -301,7 +314,8 @@ function __populate_psk_secret_file () if [[ ${verbose} == true ]] then printf -- \ - 'INFO: Populating Varnish PSK secret file\n' + 'INFO: %s populating PSK secret file\n' \ + "${0##*/}" fi dd \ @@ -344,7 +358,8 @@ function __set_varnish_vcl_conf () if [[ ! ${value} =~ ${pattern_plain_text} ]] then >&2 printf -- \ - 'ERROR: Invalid VCL\n' + 'ERROR: %s invalid VCL\n' \ + "${0##*/}" exit 1 fi @@ -373,7 +388,8 @@ function __test_varnish_vcl_conf () set -e >&2 printf -- \ - 'ERROR: Invalid VCL\n' + 'ERROR: %s invalid VCL\n' \ + "${0##*/}" exit 1 fi } @@ -386,10 +402,11 @@ function main () local -r niceness="10" local -r state_file="/var/lib/misc/varnishd-wrapper" local -r timer_start="$( - date +%s.%N + date -u +%s.%N )" local options + local proxy local timer_total local varnish_max_threads local varnish_min_threads @@ -400,7 +417,6 @@ function main () local varnish_vcl_conf local verbose="false" - # Parse options while [[ "${#}" -gt 0 ]] do case "${1}" in @@ -411,7 +427,7 @@ function main () esac done - if [[ -e ${lock_file} ]] + if [[ -f ${lock_file} ]] then >&2 printf -- \ 'ERROR: %s lock detected - aborting\n' \ @@ -423,8 +439,12 @@ function main () INT TERM EXIT __create_lock + proxy="$( + __get_proxy + )" + if [[ ${verbose} == true ]] \ - && [[ ! -e ${state_file} ]] + && [[ ! -f ${state_file} ]] then varnish_max_threads="$( __get_varnish_max_threads @@ -492,11 +512,6 @@ function main () )" fi - __create_state - __cleanup - trap - \ - INT TERM EXIT - if [[ ${verbose} == true ]] then printf -- \ @@ -505,8 +520,13 @@ function main () "${bin##*/}" fi - exec ${nice} \ - -n ${niceness} \ + __create_state + __cleanup + trap - \ + INT TERM EXIT + + exec \ + ${proxy} \ ${bin} \ ${options} } diff --git a/src/usr/sbin/varnishncsa-wrapper b/src/usr/sbin/varnishncsa-wrapper index 07eb293..4912855 100644 --- a/src/usr/sbin/varnishncsa-wrapper +++ b/src/usr/sbin/varnishncsa-wrapper @@ -4,10 +4,7 @@ set -e function __cleanup () { - if [[ -e ${lock_file} ]] - then - rm -f "${lock_file}" - fi + __delete_lock } function __create_lock () @@ -26,6 +23,14 @@ function __create_state () fi } +function __delete_lock () +{ + if [[ -f ${lock_file} ]] + then + rm -f "${lock_file}" + fi +} + function __get_options () { local -r format="${1:-"$( @@ -43,10 +48,18 @@ function __get_options () "${options}" } +function __get_proxy () +{ + printf -- \ + '%s -n %s' \ + "${nice}" \ + "${niceness}" +} + function __get_timer_total () { local -r timer_end="$( - date +%s.%N + date -u +%s.%N )" local -r timer_start="${1}" @@ -54,7 +67,8 @@ function __get_timer_total () || [[ ${timer_start//.} -gt ${timer_end//.} ]] then >&2 printf -- \ - 'ERROR: invalid timer start: %s\n' \ + 'ERROR: %s invalid timer start: %s\n' \ + "${0##*/}" \ "${timer_start}" printf -- \ '0.000000' @@ -93,31 +107,20 @@ function main () local -r lock_file="/var/lock/subsys/varnish/varnishncsa-wrapper" local -r nice="/bin/nice" local -r niceness="10" - local -r prerequisite_autostart="${VARNISH_AUTOSTART_VARNISHD_WRAPPER:-true}" local -r prerequisite_state_file="/var/lib/misc/varnishd-wrapper" + local -r prerequisite_timeout="4" local -r state_file="/var/lib/misc/varnish/varnishncsa-wrapper" local -r timer_start="$( - date +%s.%N + date -u +%s.%N )" local options + local proxy local timer_total local varnish_varnishncsa_format local varnish_varnishncsa_options local verbose="false" - if [[ ${prerequisite_autostart} == false ]] - then - # block. - sleep infinity - fi - - until [[ -e ${prerequisite_state_file} ]] - do - sleep 0.1 - done - - # Parse options while [[ "${#}" -gt 0 ]] do case "${1}" in @@ -128,10 +131,41 @@ function main () esac done - if [[ -e ${lock_file} ]] + if [[ ${verbose} == true ]] \ + && [[ ! -f ${prerequisite_state_file} ]] + then + printf -- \ + 'INFO: %s waiting on %s\n' \ + "${0##*/}" \ + "${prerequisite_state_file##*/}" + fi + + set +e + until [[ -f ${prerequisite_state_file} ]] + do + if ! inotifywait -qq \ + -e "create" \ + -t "${prerequisite_timeout}" \ + "${prerequisite_state_file%/*}" + then + break + fi + done + set -e + + if ! [[ -f ${prerequisite_state_file} ]] then >&2 printf -- \ - 'ERROR: %s lock detected - aborting.\n' \ + 'ERROR: %s timed out waiting on %s\n' \ + "${0##*/}" \ + "${prerequisite_state_file##*/}" + exit 1 + fi + + if [[ -f ${lock_file} ]] + then + >&2 printf -- \ + 'ERROR: %s lock detected - aborting\n' \ "${0##*/}" exit 1 fi @@ -140,6 +174,10 @@ function main () INT TERM EXIT __create_lock + proxy="$( + __get_proxy + )" + if [[ ${verbose} == true ]] \ && [[ ! -e ${state_file} ]] then @@ -192,8 +230,8 @@ function main () "${bin##*/}" fi - eval "exec ${nice} \ - -n ${niceness} \ + eval "exec \ + ${proxy} \ ${bin} \ ${options}" } diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index bb48909..4e9b0f4 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -810,7 +810,7 @@ function test_custom_configuration () docker run \ --detach \ --name varnish.1 \ - --env VARNISH_AUTOSTART_VARNISHD_WRAPPER=false \ + --env ENABLE_VARNISHD_WRAPPER=false \ --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ @@ -840,7 +840,7 @@ function test_custom_configuration () docker run \ --detach \ --name varnish.1 \ - --env VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=true \ + --env ENABLE_VARNISHNCSA_WRAPPER=true \ --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ @@ -883,7 +883,7 @@ function test_custom_configuration () docker run \ --detach \ --name varnish.1 \ - --env VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=true \ + --env ENABLE_VARNISHNCSA_WRAPPER=true \ --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ @@ -942,7 +942,7 @@ function test_custom_configuration () docker run \ --detach \ --name varnish.1 \ - --env VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=true \ + --env ENABLE_VARNISHNCSA_WRAPPER=true \ --env VARNISH_VARNISHNCSA_FORMAT="%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" %{Varnish:hitmiss}x" \ --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ @@ -1123,7 +1123,7 @@ function test_healthcheck () docker run \ --detach \ --name varnish.1 \ - --env VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=true \ + --env ENABLE_VARNISHNCSA_WRAPPER=true \ --network ${backend_network} \ jdeathe/centos-ssh-varnish:latest \ &> /dev/null @@ -1182,8 +1182,8 @@ function test_healthcheck () docker run \ --detach \ --name varnish.1 \ - --env VARNISH_AUTOSTART_VARNISHD_WRAPPER=false \ - --env VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=false \ + --env ENABLE_VARNISHD_WRAPPER=false \ + --env ENABLE_VARNISHNCSA_WRAPPER=false \ --network ${backend_network} \ jdeathe/centos-ssh-varnish:latest \ &> /dev/null From 258beef15308ebe4eaf8176c145d854036ba803c Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 11 Aug 2019 12:52:00 +0100 Subject: [PATCH 02/13] #190: Removes Apache info from README. --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 577f2bf..29b681c 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,6 @@ ## Overview -Apache PHP web server, loading only a minimal set of Apache modules by default. - This build uses the base image [jdeathe/centos-ssh](https://github.com/jdeathe/centos-ssh) so inherits it's features but with `sshd` disabled by default. [Supervisor](http://supervisord.org/) is used to start the varnishd (and optionally the varnishncsa) daemon when a docker container based on this image is run. ### Image variants From b8e29295f6b48c6fbbaeb133a739c9466aa43fae Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 11 Aug 2019 13:01:37 +0100 Subject: [PATCH 03/13] #190: Fixes syntax errors in docker-compose example. --- docker-compose.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f895c49..4a642d8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -92,20 +92,20 @@ services: net.ipv4.ip_local_port_range: "1024 65535" net.ipv4.route.flush: "1" redis: - environment: + environment: REDIS_MAXMEMORY: "32mb" REDIS_TCP_BACKLOG: "1024" SYSTEM_TIMEZONE: "${SYSTEM_TIMEZONE}" image: "jdeathe/centos-ssh-redis:1.2.0" - networks: - - "tier2" + networks: + - "tier2" ports: - "6379:6379" - restart: "always" - sysctls: - net.core.somaxconn: "1024" - net.ipv4.ip_local_port_range: "1024 65535" - net.ipv4.route.flush: "1" + restart: "always" + sysctls: + net.core.somaxconn: "1024" + net.ipv4.ip_local_port_range: "1024 65535" + net.ipv4.route.flush: "1" ulimits: memlock: 82000 nofile: From 9fd936b1ead2dc7db05aa237d49032bbaafecfdc Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 13 Aug 2019 13:05:42 +0100 Subject: [PATCH 04/13] #188: Adds URIs for handling status monitoring requests. --- CHANGELOG.md | 1 + src/etc/supervisord.d/50-varnishncsa-wrapper.conf | 2 +- src/etc/varnish/docker-default.vcl | 10 +++++++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eb98491..1efa58a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ Summary of release changes. - Adds `SYSTEM_TIMEZONE` handling to Makefile, scmi, systemd unit and docker-compose templates. - Adds system time zone validation to healthcheck. - Adds lock/state file to wrapper scripts. +- Adds VCL to handle `/status` and `/varnish-status` for monitoring the backend and varnish respectively. - Removes `VARNISH_AUTOSTART_VARNISHD_WRAPPER`, replaced with `ENABLE_VARNISHD_WRAPPER`. - Removes `VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER`, replaced with `ENABLE_VARNISHNCSA_WRAPPER`. - Removes support for long image tags (i.e. centos-6-1.x.x). diff --git a/src/etc/supervisord.d/50-varnishncsa-wrapper.conf b/src/etc/supervisord.d/50-varnishncsa-wrapper.conf index b89eb68..734af56 100644 --- a/src/etc/supervisord.d/50-varnishncsa-wrapper.conf +++ b/src/etc/supervisord.d/50-varnishncsa-wrapper.conf @@ -4,7 +4,7 @@ autostart = %(ENV_ENABLE_VARNISHNCSA_WRAPPER)s command = /usr/sbin/varnishncsa-wrapper --verbose priority = 50 startretries = 0 -startsecs = 1 +startsecs = 4 stderr_logfile = /dev/stderr stderr_logfile_maxbytes = 0 stdout_logfile = /dev/stdout diff --git a/src/etc/varnish/docker-default.vcl b/src/etc/varnish/docker-default.vcl index d42c016..c87c31a 100644 --- a/src/etc/varnish/docker-default.vcl +++ b/src/etc/varnish/docker-default.vcl @@ -78,6 +78,14 @@ sub vcl_recv { # Reject unexpected ports return (synth(403)); } + + # Handle monitoring status endpoints /status and /varnish-status + if (req.url ~ "(?i)^/status(\?.*)?$" && + !std.healthy(req.backend_hint)) { + return (synth(503, "Service Unavailable")); + } else if (req.url ~ "(?i)^/(varnish-)?status(\?.*)?$") { + return (synth(200, "OK")); + } } sub vcl_hash { @@ -131,7 +139,7 @@ sub vcl_synth { # Respond with simple text error for static assets. set resp.http.Content-Type = "text/plain; charset=utf-8"; synthetic(resp.status + " " + resp.reason); - } else if (req.url ~ "(?i)^/status\.php(\?.*)?$") { + } else if (req.url ~ "(?i)^/(varnish-)?status(\.php)?(\?.*)?$") { # Respond with simple text error for status uri. set resp.http.Cache-Control = "no-store"; set resp.http.Content-Type = "text/plain; charset=utf-8"; From 9c88b80d23deef7de06f8137ce77dca9d44fdad7 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 15 Aug 2019 20:14:09 +0100 Subject: [PATCH 05/13] #198: Adds test cases for monitoring URIs. --- .../varnish/etc/varnish/docker-default.vcl | 13 +- test/shpec/operation_shpec.sh | 142 ++++++++++++++++-- 2 files changed, 143 insertions(+), 12 deletions(-) diff --git a/test/fixture/varnish/etc/varnish/docker-default.vcl b/test/fixture/varnish/etc/varnish/docker-default.vcl index 07828af..7723896 100644 --- a/test/fixture/varnish/etc/varnish/docker-default.vcl +++ b/test/fixture/varnish/etc/varnish/docker-default.vcl @@ -72,11 +72,20 @@ sub vcl_recv { std.port(local.ip) == 80) { # Port 80 set req.http.X-Forwarded-Port = "80"; + set req.http.X-Forwarded-Proto = "http"; set req.backend_hint = director_http.backend(); } else { # Reject unexpected ports return (synth(403)); } + + # Handle monitoring status endpoints /status and /varnish-status + if (req.url ~ "(?i)^/status(\?.*)?$" && + !std.healthy(req.backend_hint)) { + return (synth(503, "Service Unavailable")); + } else if (req.url ~ "(?i)^/(varnish-)?status(\?.*)?$") { + return (synth(200, "OK")); + } } sub vcl_hash { @@ -134,7 +143,7 @@ sub vcl_synth { # Respond with simple text error for static assets. set resp.http.Content-Type = "text/plain; charset=utf-8"; synthetic(resp.status + " " + resp.reason); - } else if (req.url ~ "(?i)^/status\.php(\?.*)?$") { + } else if (req.url ~ "(?i)^/(varnish-)?status(\.php)?(\?.*)?$") { # Respond with simple text error for status uri. set resp.http.Cache-Control = "no-store"; set resp.http.Content-Type = "text/plain; charset=utf-8"; @@ -211,7 +220,7 @@ sub vcl_backend_error { # Respond with simple text error for static assets. set beresp.http.Content-Type = "text/plain; charset=utf-8"; synthetic(beresp.status + " " + beresp.reason); - } else if (bereq.url ~ "(?i)^/status\.php(\?.*)?$") { + } else if (bereq.url ~ "(?i)^/(varnish-)?status(\.php)?(\?.*)?$") { # Respond with simple text error for status uri. set beresp.http.Cache-Control = "no-store"; set beresp.http.Content-Type = "text/plain; charset=utf-8"; diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 4e9b0f4..c754d11 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -88,7 +88,7 @@ function __setup () local -r backend_alias="httpd_1" local -r backend_name="apache-php.1" local -r backend_network="bridge_t1" - local -r backend_release="2.4.0" + local -r backend_release="1.13.2" # Create the bridge network if [[ -z $(docker network ls -q -f name="${backend_network}") ]]; then @@ -109,7 +109,7 @@ function __setup () --network ${backend_network} \ --network-alias ${backend_alias} \ --volume ${PWD}/test/fixture/apache/var/www/public_html:/opt/app/public_html:ro \ - jdeathe/centos-ssh-apache-php:${backend_release} \ + jdeathe/centos-ssh-apache-php-fcgi:${backend_release} \ &> /dev/null } @@ -162,6 +162,7 @@ function test_basic_operations () local -r backend_network="bridge_t1" local container_port_80="" local container_port_8443="" + local curl_response_code="" local header_x_varnish="" local phpsessid="" local request_headers="" @@ -431,6 +432,64 @@ function test_basic_operations () 0 end end + + describe "Status URI" + it "Returns OK." + curl -s \ + -H "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/status \ + | grep -q 'OK' + + request_response="${?}" + + assert equal \ + "${request_response}" \ + 0 + end + + it "Returns a 200 status code." + curl_response_code="$( + curl -s \ + -o /dev/null \ + -w "%{http_code}" \ + --header "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/status + )" + + assert equal \ + "${curl_response_code}" \ + "200" + end + end + + describe "Varnish status URI" + it "Returns OK." + curl -s \ + -H "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/varnish-status \ + | grep -q 'OK' + + request_response="${?}" + + assert equal \ + "${request_response}" \ + 0 + end + + it "Returns a 200 status code." + curl_response_code="$( + curl -s \ + -o /dev/null \ + -w "%{http_code}" \ + --header "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/varnish-status + )" + + assert equal \ + "${curl_response_code}" \ + "200" + end + end end describe "Response to PROXY protocol requests" @@ -590,12 +649,12 @@ function test_basic_operations () end describe "Backend offline" + docker pause \ + ${backend_name} \ + &> /dev/null + describe "HTTP request" it "Has a cache hit." - docker stop \ - ${backend_name} \ - &> /dev/null - curl -s \ -H "Host: ${backend_hostname}" \ http://127.0.0.1:${container_port_80}/ \ @@ -622,15 +681,76 @@ function test_basic_operations () request_response="${?}" - docker start \ - ${backend_name} \ - &> /dev/null + assert equal \ + "${request_response}" \ + 0 + end + end + + # Wait for probe to register backend as down. + sleep 20 + + describe "Status URI" + it "Returns Service Unavailable." + curl -s \ + -H "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/status \ + | grep -q 'Service Unavailable' + + request_response="${?}" + + assert equal \ + "${request_response}" \ + 0 + end + + it "Returns a 503 status code." + curl_response_code="$( + curl -s \ + -o /dev/null \ + -w "%{http_code}" \ + --header "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/status + )" + + assert equal \ + "${curl_response_code}" \ + "503" + end + end + + describe "Varnish status URI" + it "Returns OK." + curl -s \ + -H "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/varnish-status \ + | grep -q 'OK' + + request_response="${?}" assert equal \ "${request_response}" \ 0 end + + it "Returns a 200 status code." + curl_response_code="$( + curl -s \ + -o /dev/null \ + -w "%{http_code}" \ + --header "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/varnish-status + )" + + assert equal \ + "${curl_response_code}" \ + "200" + end end + + docker unpause \ + ${backend_name} \ + &> /dev/null end __terminate_container \ @@ -673,7 +793,7 @@ function test_custom_configuration () --env "VARNISH_THREAD_TIMEOUT=300" \ --env "VARNISH_STORAGE=malloc,256M" \ --env "VARNISH_TTL=600" \ - --env "VARNISH_VCL_CONF=dmNsIDQuMDsKCmltcG9ydCBkaXJlY3RvcnM7CmltcG9ydCBzdGQ7CgojIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIEhlYWx0aGNoZWNrIHByb2JlIChiYXNpYykKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KcHJvYmUgaGVhbHRoY2hlY2sgewoJLmludGVydmFsID0gNXM7CgkudGltZW91dCA9IDJzOwoJLndpbmRvdyA9IDU7CgkudGhyZXNob2xkID0gMzsKCS5pbml0aWFsID0gMjsKCS5leHBlY3RlZF9yZXNwb25zZSA9IDIwMDsKCS5yZXF1ZXN0ID0KCQkiR0VUIC8gSFRUUC8xLjEiCgkJIkhvc3Q6IGxvY2FsaG9zdC5sb2NhbGRvbWFpbiIKCQkiQ29ubmVjdGlvbjogY2xvc2UiCgkJIlVzZXItQWdlbnQ6IFZhcm5pc2giCgkJIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSI7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQmFja2VuZHMKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KYmFja2VuZCBodHRwXzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4MCI7CgkuZmlyc3RfYnl0ZV90aW1lb3V0ID0gMzAwczsKCS5wcm9iZSA9IGhlYWx0aGNoZWNrOwp9CgpiYWNrZW5kIHByb3h5XzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4NDQzIjsKCS5maXJzdF9ieXRlX3RpbWVvdXQgPSAzMDBzOwoJLnByb2JlID0gaGVhbHRoY2hlY2s7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgRGlyZWN0b3JzCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiB2Y2xfaW5pdCB7CgluZXcgZGlyZWN0b3JfaHR0cCA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfaHR0cC5hZGRfYmFja2VuZChodHRwXzEpOwoKCW5ldyBkaXJlY3Rvcl9wcm94eSA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfcHJveHkuYWRkX2JhY2tlbmQocHJveHlfMSk7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQ2xpZW50IHNpZGUKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIHZjbF9yZWN2IHsKCWlmIChyZXEuaHR0cC5Db29raWUgIT0gIiIpIHsKCQlzZXQgcmVxLmh0dHAuWC1Db29raWUgPSByZXEuaHR0cC5Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5Db29raWU7Cgl1bnNldCByZXEuaHR0cC5Gb3J3YXJkZWQ7Cgl1bnNldCByZXEuaHR0cC5Qcm94eTsKCXVuc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVBvcnQ7Cgl1bnNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qcm90bzsKCglpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4NDQzIHx8CgkJc3RkLnBvcnQobG9jYWwuaXApID09IDg0NDMpIHsKCQkjIFBvcnQgODQ0MwoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjQ0MyI7CgkJc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvID0gImh0dHBzIjsKCQlzZXQgcmVxLmJhY2tlbmRfaGludCA9IGRpcmVjdG9yX3Byb3h5LmJhY2tlbmQoKTsKCX0gZWxzZSBpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4MCB8fAoJCXN0ZC5wb3J0KGxvY2FsLmlwKSA9PSA4MCkgewoJCSMgUG9ydCA4MAoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjgwIjsKCQlzZXQgcmVxLmJhY2tlbmRfaGludCA9IGRpcmVjdG9yX2h0dHAuYmFja2VuZCgpOwoJfSBlbHNlIHsKCQkjIFJlamVjdCB1bmV4cGVjdGVkIHBvcnRzCgkJcmV0dXJuIChzeW50aCg0MDMpKTsKCX0KfQoKc3ViIHZjbF9oYXNoIHsKCWhhc2hfZGF0YShyZXEudXJsKTsKCglpZiAocmVxLmh0dHAuSG9zdCkgewoJCWhhc2hfZGF0YShyZXEuaHR0cC5Ib3N0KTsKCX0gZWxzZSB7CgkJaGFzaF9kYXRhKHNlcnZlci5pcCk7Cgl9CgoJaWYgKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKSB7CgkJaGFzaF9kYXRhKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKTsKCX0KCglpZiAocmVxLmh0dHAuWC1Db29raWUpIHsKCQlzZXQgcmVxLmh0dHAuQ29va2llID0gcmVxLmh0dHAuWC1Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5YLUNvb2tpZTsKCglyZXR1cm4gKGxvb2t1cCk7Cn0KCnN1YiB2Y2xfaGl0IHsKCWlmIChvYmoudHRsID49IDBzKSB7CgkJcmV0dXJuIChkZWxpdmVyKTsKCX0KCglpZiAoc3RkLmhlYWx0aHkocmVxLmJhY2tlbmRfaGludCkgJiYKCQlvYmoudHRsICsgMTVzID4gMHMpIHsKCQkjIENhcCBncmFjZSBwZXJpb2QgZm9yIGhlYWx0aHkgYmFja2VuZHMKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfSBlbHNlIGlmIChvYmoudHRsICsgb2JqLmdyYWNlID4gMHMpIHsKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfQoKCXJldHVybiAobWlzcyk7Cn0KCnN1YiB2Y2xfZGVsaXZlciB7Cgl1bnNldCByZXNwLmh0dHAuVmlhOwoKCWlmIChyZXNwLnN0YXR1cyA+PSA0MDApIHsKCQlyZXR1cm4gKHN5bnRoKHJlc3Auc3RhdHVzKSk7Cgl9Cn0KCnN1YiB2Y2xfc3ludGggewoJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IjsKCXNldCByZXNwLmh0dHAuUmV0cnktQWZ0ZXIgPSAiNSI7CglzZXQgcmVzcC5odHRwLlgtRnJhbWUtT3B0aW9ucyA9ICJERU5ZIjsKCXNldCByZXNwLmh0dHAuWC1YU1MtUHJvdGVjdGlvbiA9ICIxOyBtb2RlPWJsb2NrIjsKCglpZiAocmVxLnVybCB+ICIoP2kpXC4oY3NzfGVvdHxnaWZ8aWNvfGpwZT9nfGpzfHBuZ3xzdmd8dHRmfHR4dHx3b2ZmMj8pKFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXRpYyBhc3NldHMuCgkJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOCI7CgkJc3ludGhldGljKHJlc3Auc3RhdHVzICsgIiAiICsgcmVzcC5yZWFzb24pOwoJfSBlbHNlIGlmIChyZXEudXJsIH4gIig/aSleL3N0YXR1c1wucGhwKFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXR1cyB1cmkuCgkJc2V0IHJlc3AuaHR0cC5DYWNoZS1Db250cm9sID0gIm5vLXN0b3JlIjsKCQlzZXQgcmVzcC5odHRwLkNvbnRlbnQtVHlwZSA9ICJ0ZXh0L3BsYWluOyBjaGFyc2V0PXV0Zi04IjsKCQlzeW50aGV0aWMocmVzcC5yZWFzb24pOwoJfSBlbHNlIGlmIChyZXNwLnN0YXR1cyA8IDUwMCkgewoJCXN5bnRoZXRpYyh7IjwhRE9DVFlQRSBodG1sPgo8aHRtbD4KCTxoZWFkPgoJCTx0aXRsZT4ifSArIHJlc3AucmVhc29uICsgeyI8L3RpdGxlPgoJCTxzdHlsZT4KCQkJYm9keXtjb2xvcjojNjY2O2JhY2tncm91bmQtY29sb3I6I2YxZjFmMTtmb250LWZhbWlseTpzYW5zLXNlcmlmO21hcmdpbjoxMiU7bWF4LXdpZHRoOjUwJTt9CgkJCWgxLGgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjRyZW07Zm9udC13ZWlnaHQ6NDAwO3RleHQtdHJhbnNmb3JtOnVwcGVyY2FzZTt9CgkJCWgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjJyZW07fQoJCQlwe2ZvbnQtc2l6ZToxLjVyZW07fQoJCTwvc3R5bGU+Cgk8L2hlYWQ+Cgk8Ym9keT4KCQk8aDE+In0gKyByZXNwLnN0YXR1cyArIHsiPC9oMT4KCQk8aDI+In0gKyByZXNwLnJlYXNvbiArIHsiPC9oMj4KCTwvYm9keT4KPC9odG1sPiJ9KTsKCX0gZWxzZSB7CgkJc3ludGhldGljKHsiPCFET0NUWVBFIGh0bWw+CjxodG1sPgoJPGhlYWQ+CgkJPHRpdGxlPiJ9ICsgcmVzcC5yZWFzb24gKyB7IjwvdGl0bGU+CgkJPHN0eWxlPgoJCQlib2R5e2NvbG9yOiM2NjY7YmFja2dyb3VuZC1jb2xvcjojZjFmMWYxO2ZvbnQtZmFtaWx5OnNhbnMtc2VyaWY7bWFyZ2luOjEyJTttYXgtd2lkdGg6NTAlO30KCQkJaDEsaDJ7Y29sb3I6IzMzMztmb250LXNpemU6NHJlbTtmb250LXdlaWdodDo0MDA7dGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlO30KCQkJaDJ7Y29sb3I6IzMzMztmb250LXNpemU6MnJlbTt9CgkJCXB7Zm9udC1zaXplOjEuNXJlbTt9CgkJPC9zdHlsZT4KCTwvaGVhZD4KCTxib2R5PgoJCTxoMT4ifSArIHJlc3Auc3RhdHVzICsgeyI8L2gxPgoJCTxoMj4ifSArIHJlc3AucmVhc29uICsgeyI8L2gyPgoJCTxwPlhJRDogIn0gKyByZXEueGlkICsgeyI8L3A+Cgk8L2JvZHk+CjwvaHRtbD4ifSk7Cgl9CgoJcmV0dXJuIChkZWxpdmVyKTsKfQoKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBCYWNrZW5kCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiB2Y2xfYmFja2VuZF9yZXNwb25zZSB7CglzZXQgYmVyZXNwLmdyYWNlID0gMjRoOwoKCWlmIChiZXJlcS51bmNhY2hlYWJsZSkgewoJCXJldHVybiAoZGVsaXZlcik7Cgl9IGVsc2UgaWYgKGJlcmVzcC50dGwgPD0gMHMgfHwKCQliZXJlc3AuaHR0cC5TZXQtQ29va2llIHx8CgkJYmVyZXNwLmh0dHAuU3Vycm9nYXRlLUNvbnRyb2wgfiAiKD9pKV5uby1zdG9yZSQiIHx8CgkJKCAhIGJlcmVzcC5odHRwLlN1cnJvZ2F0ZS1Db250cm9sICYmCgkJCWJlcmVzcC5odHRwLkNhY2hlLUNvbnRyb2wgfiAiKD9pKV4ocHJpdmF0ZXxuby1jYWNoZXxuby1zdG9yZSkkIikgfHwKCQliZXJlc3AuaHR0cC5WYXJ5ID09ICIqIikgewoJCSMgTWFyayBhcyAiaGl0LWZvci1taXNzIiBmb3IgMiBtaW51dGVzCgkJc2V0IGJlcmVzcC50dGwgPSAxMjBzOwoJCXNldCBiZXJlc3AudW5jYWNoZWFibGUgPSB0cnVlOwoJfQoKCXJldHVybiAoZGVsaXZlcik7Cn0KCnN1YiB2Y2xfYmFja2VuZF9lcnJvciB7CglzZXQgYmVyZXNwLmh0dHAuQ29udGVudC1UeXBlID0gInRleHQvaHRtbDsgY2hhcnNldD11dGYtOCI7CglzZXQgYmVyZXNwLmh0dHAuUmV0cnktQWZ0ZXIgPSAiNSI7CglzZXQgYmVyZXNwLmh0dHAuWC1GcmFtZS1PcHRpb25zID0gIkRFTlkiOwoJc2V0IGJlcmVzcC5odHRwLlgtWFNTLVByb3RlY3Rpb24gPSAiMTsgbW9kZT1ibG9jayI7CgoJaWYgKGJlcmVxLnVybCB+ICIoP2kpXC4oY3NzfGVvdHxnaWZ8aWNvfGpwZT9nfGpzfHBuZ3xzdmd8dHRmfHR4dHx3b2ZmMj8pKFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXRpYyBhc3NldHMuCgkJc2V0IGJlcmVzcC5odHRwLkNvbnRlbnQtVHlwZSA9ICJ0ZXh0L3BsYWluOyBjaGFyc2V0PXV0Zi04IjsKCQlzeW50aGV0aWMoYmVyZXNwLnN0YXR1cyArICIgIiArIGJlcmVzcC5yZWFzb24pOwoJfSBlbHNlIGlmIChiZXJlcS51cmwgfiAiKD9pKV4vc3RhdHVzXC5waHAoXD8uKik/JCIpIHsKCQkjIFJlc3BvbmQgd2l0aCBzaW1wbGUgdGV4dCBlcnJvciBmb3Igc3RhdHVzIHVyaS4KCQlzZXQgYmVyZXNwLmh0dHAuQ2FjaGUtQ29udHJvbCA9ICJuby1zdG9yZSI7CgkJc2V0IGJlcmVzcC5odHRwLkNvbnRlbnQtVHlwZSA9ICJ0ZXh0L3BsYWluOyBjaGFyc2V0PXV0Zi04IjsKCQlzeW50aGV0aWMoYmVyZXNwLnJlYXNvbik7Cgl9IGVsc2UgewoJCXN5bnRoZXRpYyh7IjwhRE9DVFlQRSBodG1sPgo8aHRtbD4KCTxoZWFkPgoJCTx0aXRsZT4ifSArIGJlcmVzcC5yZWFzb24gKyB7IjwvdGl0bGU+CgkJPHN0eWxlPgoJCQlib2R5e2NvbG9yOiM2NjY7YmFja2dyb3VuZC1jb2xvcjojZjFmMWYxO2ZvbnQtZmFtaWx5OnNhbnMtc2VyaWY7bWFyZ2luOjEyJTttYXgtd2lkdGg6NTAlO30KCQkJaDEsaDJ7Y29sb3I6IzMzMztmb250LXNpemU6NHJlbTtmb250LXdlaWdodDo0MDA7dGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlO30KCQkJaDJ7Y29sb3I6IzMzMztmb250LXNpemU6MnJlbTt9CgkJCXB7Zm9udC1zaXplOjEuNXJlbTt9CgkJPC9zdHlsZT4KCTwvaGVhZD4KCTxib2R5PgoJCTxoMT4ifSArIGJlcmVzcC5zdGF0dXMgKyB7IjwvaDE+CgkJPGgyPiJ9ICsgYmVyZXNwLnJlYXNvbiArIHsiPC9oMj4KCQk8cD5YSUQ6ICJ9ICsgYmVyZXEueGlkICsgeyI8L3A+Cgk8L2JvZHk+CjwvaHRtbD4ifSk7Cgl9CgoJcmV0dXJuIChkZWxpdmVyKTsKfQo=" \ + --env "VARNISH_VCL_CONF=dmNsIDQuMDsKCmltcG9ydCBkaXJlY3RvcnM7CmltcG9ydCBzdGQ7CgojIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIEhlYWx0aGNoZWNrIHByb2JlIChiYXNpYykKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KcHJvYmUgaGVhbHRoY2hlY2sgewoJLmludGVydmFsID0gNXM7CgkudGltZW91dCA9IDJzOwoJLndpbmRvdyA9IDU7CgkudGhyZXNob2xkID0gMzsKCS5pbml0aWFsID0gMjsKCS5leHBlY3RlZF9yZXNwb25zZSA9IDIwMDsKCS5yZXF1ZXN0ID0KCQkiR0VUIC8gSFRUUC8xLjEiCgkJIkhvc3Q6IGxvY2FsaG9zdC5sb2NhbGRvbWFpbiIKCQkiQ29ubmVjdGlvbjogY2xvc2UiCgkJIlVzZXItQWdlbnQ6IFZhcm5pc2giCgkJIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSI7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQmFja2VuZHMKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KYmFja2VuZCBodHRwXzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4MCI7CgkuZmlyc3RfYnl0ZV90aW1lb3V0ID0gMzAwczsKCS5wcm9iZSA9IGhlYWx0aGNoZWNrOwp9CgpiYWNrZW5kIHByb3h5XzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4NDQzIjsKCS5maXJzdF9ieXRlX3RpbWVvdXQgPSAzMDBzOwoJLnByb2JlID0gaGVhbHRoY2hlY2s7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgRGlyZWN0b3JzCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiB2Y2xfaW5pdCB7CgluZXcgZGlyZWN0b3JfaHR0cCA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfaHR0cC5hZGRfYmFja2VuZChodHRwXzEpOwoKCW5ldyBkaXJlY3Rvcl9wcm94eSA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfcHJveHkuYWRkX2JhY2tlbmQocHJveHlfMSk7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQ2xpZW50IHNpZGUKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIHZjbF9yZWN2IHsKCWlmIChyZXEuaHR0cC5Db29raWUgIT0gIiIpIHsKCQlzZXQgcmVxLmh0dHAuWC1Db29raWUgPSByZXEuaHR0cC5Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5Db29raWU7Cgl1bnNldCByZXEuaHR0cC5Gb3J3YXJkZWQ7Cgl1bnNldCByZXEuaHR0cC5Qcm94eTsKCXVuc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVBvcnQ7Cgl1bnNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qcm90bzsKCglpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4NDQzIHx8CgkJc3RkLnBvcnQobG9jYWwuaXApID09IDg0NDMpIHsKCQkjIFBvcnQgODQ0MwoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjQ0MyI7CgkJc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvID0gImh0dHBzIjsKCQlzZXQgcmVxLmJhY2tlbmRfaGludCA9IGRpcmVjdG9yX3Byb3h5LmJhY2tlbmQoKTsKCX0gZWxzZSBpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4MCB8fAoJCXN0ZC5wb3J0KGxvY2FsLmlwKSA9PSA4MCkgewoJCSMgUG9ydCA4MAoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjgwIjsKCQlzZXQgcmVxLmh0dHAuWC1Gb3J3YXJkZWQtUHJvdG8gPSAiaHR0cCI7CgkJc2V0IHJlcS5iYWNrZW5kX2hpbnQgPSBkaXJlY3Rvcl9odHRwLmJhY2tlbmQoKTsKCX0gZWxzZSB7CgkJIyBSZWplY3QgdW5leHBlY3RlZCBwb3J0cwoJCXJldHVybiAoc3ludGgoNDAzKSk7Cgl9CgoJIyBIYW5kbGUgbW9uaXRvcmluZyBzdGF0dXMgZW5kcG9pbnRzIC9zdGF0dXMgYW5kIC92YXJuaXNoLXN0YXR1cwoJaWYgKHJlcS51cmwgfiAiKD9pKV4vc3RhdHVzKFw/LiopPyQiICYmCgkJIXN0ZC5oZWFsdGh5KHJlcS5iYWNrZW5kX2hpbnQpKSB7CgkJcmV0dXJuIChzeW50aCg1MDMsICJTZXJ2aWNlIFVuYXZhaWxhYmxlIikpOwoJfSBlbHNlIGlmIChyZXEudXJsIH4gIig/aSleLyh2YXJuaXNoLSk/c3RhdHVzKFw/LiopPyQiKSB7CgkJcmV0dXJuIChzeW50aCgyMDAsICJPSyIpKTsKCX0KfQoKc3ViIHZjbF9oYXNoIHsKCWhhc2hfZGF0YShyZXEudXJsKTsKCglpZiAocmVxLmh0dHAuSG9zdCkgewoJCWhhc2hfZGF0YShyZXEuaHR0cC5Ib3N0KTsKCX0gZWxzZSB7CgkJaGFzaF9kYXRhKHNlcnZlci5pcCk7Cgl9CgoJaWYgKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKSB7CgkJaGFzaF9kYXRhKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKTsKCX0KCglpZiAocmVxLmh0dHAuWC1Db29raWUpIHsKCQlzZXQgcmVxLmh0dHAuQ29va2llID0gcmVxLmh0dHAuWC1Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5YLUNvb2tpZTsKCglyZXR1cm4gKGxvb2t1cCk7Cn0KCnN1YiB2Y2xfaGl0IHsKCWlmIChvYmoudHRsID49IDBzKSB7CgkJcmV0dXJuIChkZWxpdmVyKTsKCX0KCglpZiAoc3RkLmhlYWx0aHkocmVxLmJhY2tlbmRfaGludCkgJiYKCQlvYmoudHRsICsgMTVzID4gMHMpIHsKCQkjIENhcCBncmFjZSBwZXJpb2QgZm9yIGhlYWx0aHkgYmFja2VuZHMKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfSBlbHNlIGlmIChvYmoudHRsICsgb2JqLmdyYWNlID4gMHMpIHsKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfQoKCXJldHVybiAobWlzcyk7Cn0KCnN1YiB2Y2xfZGVsaXZlciB7Cgl1bnNldCByZXNwLmh0dHAuVmlhOwoKCWlmIChyZXNwLnN0YXR1cyA+PSA0MDApIHsKCQlyZXR1cm4gKHN5bnRoKHJlc3Auc3RhdHVzKSk7Cgl9Cn0KCnN1YiB2Y2xfc3ludGggewoJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IjsKCXNldCByZXNwLmh0dHAuUmV0cnktQWZ0ZXIgPSAiNSI7CglzZXQgcmVzcC5odHRwLlgtRnJhbWUtT3B0aW9ucyA9ICJERU5ZIjsKCXNldCByZXNwLmh0dHAuWC1YU1MtUHJvdGVjdGlvbiA9ICIxOyBtb2RlPWJsb2NrIjsKCglpZiAocmVxLnVybCB+ICIoP2kpXC4oY3NzfGVvdHxnaWZ8aWNvfGpwZT9nfGpzfHBuZ3xzdmd8dHRmfHR4dHx3b2ZmMj8pKFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXRpYyBhc3NldHMuCgkJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOCI7CgkJc3ludGhldGljKHJlc3Auc3RhdHVzICsgIiAiICsgcmVzcC5yZWFzb24pOwoJfSBlbHNlIGlmIChyZXEudXJsIH4gIig/aSleLyh2YXJuaXNoLSk/c3RhdHVzKFwucGhwKT8oXD8uKik/JCIpIHsKCQkjIFJlc3BvbmQgd2l0aCBzaW1wbGUgdGV4dCBlcnJvciBmb3Igc3RhdHVzIHVyaS4KCQlzZXQgcmVzcC5odHRwLkNhY2hlLUNvbnRyb2wgPSAibm8tc3RvcmUiOwoJCXNldCByZXNwLmh0dHAuQ29udGVudC1UeXBlID0gInRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgiOwoJCXN5bnRoZXRpYyhyZXNwLnJlYXNvbik7Cgl9IGVsc2UgaWYgKHJlc3Auc3RhdHVzIDwgNTAwKSB7CgkJc3ludGhldGljKHsiPCFET0NUWVBFIGh0bWw+CjxodG1sPgoJPGhlYWQ+CgkJPHRpdGxlPiJ9ICsgcmVzcC5yZWFzb24gKyB7IjwvdGl0bGU+CgkJPHN0eWxlPgoJCQlib2R5e2NvbG9yOiM2NjY7YmFja2dyb3VuZC1jb2xvcjojZjFmMWYxO2ZvbnQtZmFtaWx5OnNhbnMtc2VyaWY7bWFyZ2luOjEyJTttYXgtd2lkdGg6NTAlO30KCQkJaDEsaDJ7Y29sb3I6IzMzMztmb250LXNpemU6NHJlbTtmb250LXdlaWdodDo0MDA7dGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlO30KCQkJaDJ7Y29sb3I6IzMzMztmb250LXNpemU6MnJlbTt9CgkJCXB7Zm9udC1zaXplOjEuNXJlbTt9CgkJPC9zdHlsZT4KCTwvaGVhZD4KCTxib2R5PgoJCTxoMT4ifSArIHJlc3Auc3RhdHVzICsgeyI8L2gxPgoJCTxoMj4ifSArIHJlc3AucmVhc29uICsgeyI8L2gyPgoJPC9ib2R5Pgo8L2h0bWw+In0pOwoJfSBlbHNlIHsKCQlzeW50aGV0aWMoeyI8IURPQ1RZUEUgaHRtbD4KPGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+In0gKyByZXNwLnJlYXNvbiArIHsiPC90aXRsZT4KCQk8c3R5bGU+CgkJCWJvZHl7Y29sb3I6IzY2NjtiYWNrZ3JvdW5kLWNvbG9yOiNmMWYxZjE7Zm9udC1mYW1pbHk6c2Fucy1zZXJpZjttYXJnaW46MTIlO21heC13aWR0aDo1MCU7fQoJCQloMSxoMntjb2xvcjojMzMzO2ZvbnQtc2l6ZTo0cmVtO2ZvbnQtd2VpZ2h0OjQwMDt0ZXh0LXRyYW5zZm9ybTp1cHBlcmNhc2U7fQoJCQloMntjb2xvcjojMzMzO2ZvbnQtc2l6ZToycmVtO30KCQkJcHtmb250LXNpemU6MS41cmVtO30KCQk8L3N0eWxlPgoJPC9oZWFkPgoJPGJvZHk+CgkJPGgxPiJ9ICsgcmVzcC5zdGF0dXMgKyB7IjwvaDE+CgkJPGgyPiJ9ICsgcmVzcC5yZWFzb24gKyB7IjwvaDI+CgkJPHA+WElEOiAifSArIHJlcS54aWQgKyB7IjwvcD4KCTwvYm9keT4KPC9odG1sPiJ9KTsKCX0KCglyZXR1cm4gKGRlbGl2ZXIpOwp9CgojIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIEJhY2tlbmQKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIHZjbF9iYWNrZW5kX3Jlc3BvbnNlIHsKCXNldCBiZXJlc3AuZ3JhY2UgPSAyNGg7CgoJaWYgKGJlcmVxLnVuY2FjaGVhYmxlKSB7CgkJcmV0dXJuIChkZWxpdmVyKTsKCX0gZWxzZSBpZiAoYmVyZXNwLnR0bCA8PSAwcyB8fAoJCWJlcmVzcC5odHRwLlNldC1Db29raWUgfHwKCQliZXJlc3AuaHR0cC5TdXJyb2dhdGUtQ29udHJvbCB+ICIoP2kpXm5vLXN0b3JlJCIgfHwKCQkoICEgYmVyZXNwLmh0dHAuU3Vycm9nYXRlLUNvbnRyb2wgJiYKCQkJYmVyZXNwLmh0dHAuQ2FjaGUtQ29udHJvbCB+ICIoP2kpXihwcml2YXRlfG5vLWNhY2hlfG5vLXN0b3JlKSQiKSB8fAoJCWJlcmVzcC5odHRwLlZhcnkgPT0gIioiKSB7CgkJIyBNYXJrIGFzICJoaXQtZm9yLW1pc3MiIGZvciAyIG1pbnV0ZXMKCQlzZXQgYmVyZXNwLnR0bCA9IDEyMHM7CgkJc2V0IGJlcmVzcC51bmNhY2hlYWJsZSA9IHRydWU7Cgl9CgoJcmV0dXJuIChkZWxpdmVyKTsKfQoKc3ViIHZjbF9iYWNrZW5kX2Vycm9yIHsKCXNldCBiZXJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IjsKCXNldCBiZXJlc3AuaHR0cC5SZXRyeS1BZnRlciA9ICI1IjsKCXNldCBiZXJlc3AuaHR0cC5YLUZyYW1lLU9wdGlvbnMgPSAiREVOWSI7CglzZXQgYmVyZXNwLmh0dHAuWC1YU1MtUHJvdGVjdGlvbiA9ICIxOyBtb2RlPWJsb2NrIjsKCglpZiAoYmVyZXEudXJsIH4gIig/aSlcLihjc3N8ZW90fGdpZnxpY298anBlP2d8anN8cG5nfHN2Z3x0dGZ8dHh0fHdvZmYyPykoXD8uKik/JCIpIHsKCQkjIFJlc3BvbmQgd2l0aCBzaW1wbGUgdGV4dCBlcnJvciBmb3Igc3RhdGljIGFzc2V0cy4KCQlzZXQgYmVyZXNwLmh0dHAuQ29udGVudC1UeXBlID0gInRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgiOwoJCXN5bnRoZXRpYyhiZXJlc3Auc3RhdHVzICsgIiAiICsgYmVyZXNwLnJlYXNvbik7Cgl9IGVsc2UgaWYgKGJlcmVxLnVybCB+ICIoP2kpXi8odmFybmlzaC0pP3N0YXR1cyhcLnBocCk/KFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXR1cyB1cmkuCgkJc2V0IGJlcmVzcC5odHRwLkNhY2hlLUNvbnRyb2wgPSAibm8tc3RvcmUiOwoJCXNldCBiZXJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOCI7CgkJc3ludGhldGljKGJlcmVzcC5yZWFzb24pOwoJfSBlbHNlIHsKCQlzeW50aGV0aWMoeyI8IURPQ1RZUEUgaHRtbD4KPGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+In0gKyBiZXJlc3AucmVhc29uICsgeyI8L3RpdGxlPgoJCTxzdHlsZT4KCQkJYm9keXtjb2xvcjojNjY2O2JhY2tncm91bmQtY29sb3I6I2YxZjFmMTtmb250LWZhbWlseTpzYW5zLXNlcmlmO21hcmdpbjoxMiU7bWF4LXdpZHRoOjUwJTt9CgkJCWgxLGgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjRyZW07Zm9udC13ZWlnaHQ6NDAwO3RleHQtdHJhbnNmb3JtOnVwcGVyY2FzZTt9CgkJCWgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjJyZW07fQoJCQlwe2ZvbnQtc2l6ZToxLjVyZW07fQoJCTwvc3R5bGU+Cgk8L2hlYWQ+Cgk8Ym9keT4KCQk8aDE+In0gKyBiZXJlc3Auc3RhdHVzICsgeyI8L2gxPgoJCTxoMj4ifSArIGJlcmVzcC5yZWFzb24gKyB7IjwvaDI+CgkJPHA+WElEOiAifSArIGJlcmVxLnhpZCArIHsiPC9wPgoJPC9ib2R5Pgo8L2h0bWw+In0pOwoJfQoKCXJldHVybiAoZGVsaXZlcik7Cn0K" \ --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ @@ -925,6 +1045,7 @@ function test_custom_configuration () docker logs \ --tail 1 \ varnish.1 \ + 2> /dev/null \ | grep -qE \ "^.+ .+ .+ \[.+\] \"GET (http:\/\/${backend_hostname})?/ HTTP/1\.1\" 200 .+ \".+\" \".*\"\$" \ &> /dev/null @@ -985,6 +1106,7 @@ function test_custom_configuration () docker logs \ --tail 1 \ varnish.1 \ + 2> /dev/null \ | grep -qE \ "^.+ .+ .+ \[.+\] \"GET (http:\/\/${backend_hostname})?/ HTTP/1\.1\" 200 .+ \".+\" \".*\" (hit|miss)+\$" \ &> /dev/null From a55ee2771b56e881596262fa086651648ef1bb5f Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 15 Aug 2019 20:27:23 +0100 Subject: [PATCH 06/13] #198: Adds extra 10 seconds due to CI test failures. --- test/shpec/operation_shpec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index c754d11..103ed7f 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -688,7 +688,7 @@ function test_basic_operations () end # Wait for probe to register backend as down. - sleep 20 + sleep 30 describe "Status URI" it "Returns Service Unavailable." From fa1ab35c478d338997f14aa5b08fe56143a64ab5 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 15 Aug 2019 23:18:53 +0100 Subject: [PATCH 07/13] #198: Switch back to mod_php image for backend in test setup. --- test/shpec/operation_shpec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 103ed7f..ad7a2df 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -109,7 +109,7 @@ function __setup () --network ${backend_network} \ --network-alias ${backend_alias} \ --volume ${PWD}/test/fixture/apache/var/www/public_html:/opt/app/public_html:ro \ - jdeathe/centos-ssh-apache-php-fcgi:${backend_release} \ + jdeathe/centos-ssh-apache-php:${backend_release} \ &> /dev/null } From 41b8cc5696f768a77d5511a6b6e94214c80886da Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 16 Aug 2019 11:50:38 +0100 Subject: [PATCH 08/13] #199: Updates healthcheck probe window to 3. --- CHANGELOG.md | 1 + src/etc/varnish/docker-default.vcl | 2 +- test/fixture/varnish/etc/varnish/docker-default.vcl | 2 +- test/shpec/operation_shpec.sh | 4 ++-- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1efa58a..36fd0ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ Summary of release changes. - Updates varnishncsa supervisord configuration file/priority to `50-varnishncsa-wrapper.conf`/`50`. - Updates docker-compose example with redis session store replacing memcached for the apache-php service. - Updates wrapper scripts timer to use UTC date timestamps. +- Updates backend probe window from 5 to 3 to reduce time to register an offline backend. - Fixes docker host connection status check in Makefile. - Fixes error when restarting/reloading varnishd. - Adds `inspect`, `reload` and `top` Makefile targets. diff --git a/src/etc/varnish/docker-default.vcl b/src/etc/varnish/docker-default.vcl index c87c31a..db27873 100644 --- a/src/etc/varnish/docker-default.vcl +++ b/src/etc/varnish/docker-default.vcl @@ -9,7 +9,7 @@ import std; probe healthcheck { .interval = 5s; .timeout = 2s; - .window = 5; + .window = 3; .threshold = 3; .initial = 2; .expected_response = 200; diff --git a/test/fixture/varnish/etc/varnish/docker-default.vcl b/test/fixture/varnish/etc/varnish/docker-default.vcl index 7723896..8a5f65b 100644 --- a/test/fixture/varnish/etc/varnish/docker-default.vcl +++ b/test/fixture/varnish/etc/varnish/docker-default.vcl @@ -9,7 +9,7 @@ import std; probe healthcheck { .interval = 5s; .timeout = 2s; - .window = 5; + .window = 3; .threshold = 3; .initial = 2; .expected_response = 200; diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index ad7a2df..620c85f 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -688,7 +688,7 @@ function test_basic_operations () end # Wait for probe to register backend as down. - sleep 30 + sleep 20 describe "Status URI" it "Returns Service Unavailable." @@ -793,7 +793,7 @@ function test_custom_configuration () --env "VARNISH_THREAD_TIMEOUT=300" \ --env "VARNISH_STORAGE=malloc,256M" \ --env "VARNISH_TTL=600" \ - --env "VARNISH_VCL_CONF=dmNsIDQuMDsKCmltcG9ydCBkaXJlY3RvcnM7CmltcG9ydCBzdGQ7CgojIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIEhlYWx0aGNoZWNrIHByb2JlIChiYXNpYykKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KcHJvYmUgaGVhbHRoY2hlY2sgewoJLmludGVydmFsID0gNXM7CgkudGltZW91dCA9IDJzOwoJLndpbmRvdyA9IDU7CgkudGhyZXNob2xkID0gMzsKCS5pbml0aWFsID0gMjsKCS5leHBlY3RlZF9yZXNwb25zZSA9IDIwMDsKCS5yZXF1ZXN0ID0KCQkiR0VUIC8gSFRUUC8xLjEiCgkJIkhvc3Q6IGxvY2FsaG9zdC5sb2NhbGRvbWFpbiIKCQkiQ29ubmVjdGlvbjogY2xvc2UiCgkJIlVzZXItQWdlbnQ6IFZhcm5pc2giCgkJIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSI7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQmFja2VuZHMKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KYmFja2VuZCBodHRwXzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4MCI7CgkuZmlyc3RfYnl0ZV90aW1lb3V0ID0gMzAwczsKCS5wcm9iZSA9IGhlYWx0aGNoZWNrOwp9CgpiYWNrZW5kIHByb3h5XzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4NDQzIjsKCS5maXJzdF9ieXRlX3RpbWVvdXQgPSAzMDBzOwoJLnByb2JlID0gaGVhbHRoY2hlY2s7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgRGlyZWN0b3JzCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiB2Y2xfaW5pdCB7CgluZXcgZGlyZWN0b3JfaHR0cCA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfaHR0cC5hZGRfYmFja2VuZChodHRwXzEpOwoKCW5ldyBkaXJlY3Rvcl9wcm94eSA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfcHJveHkuYWRkX2JhY2tlbmQocHJveHlfMSk7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQ2xpZW50IHNpZGUKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIHZjbF9yZWN2IHsKCWlmIChyZXEuaHR0cC5Db29raWUgIT0gIiIpIHsKCQlzZXQgcmVxLmh0dHAuWC1Db29raWUgPSByZXEuaHR0cC5Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5Db29raWU7Cgl1bnNldCByZXEuaHR0cC5Gb3J3YXJkZWQ7Cgl1bnNldCByZXEuaHR0cC5Qcm94eTsKCXVuc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVBvcnQ7Cgl1bnNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qcm90bzsKCglpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4NDQzIHx8CgkJc3RkLnBvcnQobG9jYWwuaXApID09IDg0NDMpIHsKCQkjIFBvcnQgODQ0MwoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjQ0MyI7CgkJc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvID0gImh0dHBzIjsKCQlzZXQgcmVxLmJhY2tlbmRfaGludCA9IGRpcmVjdG9yX3Byb3h5LmJhY2tlbmQoKTsKCX0gZWxzZSBpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4MCB8fAoJCXN0ZC5wb3J0KGxvY2FsLmlwKSA9PSA4MCkgewoJCSMgUG9ydCA4MAoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjgwIjsKCQlzZXQgcmVxLmh0dHAuWC1Gb3J3YXJkZWQtUHJvdG8gPSAiaHR0cCI7CgkJc2V0IHJlcS5iYWNrZW5kX2hpbnQgPSBkaXJlY3Rvcl9odHRwLmJhY2tlbmQoKTsKCX0gZWxzZSB7CgkJIyBSZWplY3QgdW5leHBlY3RlZCBwb3J0cwoJCXJldHVybiAoc3ludGgoNDAzKSk7Cgl9CgoJIyBIYW5kbGUgbW9uaXRvcmluZyBzdGF0dXMgZW5kcG9pbnRzIC9zdGF0dXMgYW5kIC92YXJuaXNoLXN0YXR1cwoJaWYgKHJlcS51cmwgfiAiKD9pKV4vc3RhdHVzKFw/LiopPyQiICYmCgkJIXN0ZC5oZWFsdGh5KHJlcS5iYWNrZW5kX2hpbnQpKSB7CgkJcmV0dXJuIChzeW50aCg1MDMsICJTZXJ2aWNlIFVuYXZhaWxhYmxlIikpOwoJfSBlbHNlIGlmIChyZXEudXJsIH4gIig/aSleLyh2YXJuaXNoLSk/c3RhdHVzKFw/LiopPyQiKSB7CgkJcmV0dXJuIChzeW50aCgyMDAsICJPSyIpKTsKCX0KfQoKc3ViIHZjbF9oYXNoIHsKCWhhc2hfZGF0YShyZXEudXJsKTsKCglpZiAocmVxLmh0dHAuSG9zdCkgewoJCWhhc2hfZGF0YShyZXEuaHR0cC5Ib3N0KTsKCX0gZWxzZSB7CgkJaGFzaF9kYXRhKHNlcnZlci5pcCk7Cgl9CgoJaWYgKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKSB7CgkJaGFzaF9kYXRhKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKTsKCX0KCglpZiAocmVxLmh0dHAuWC1Db29raWUpIHsKCQlzZXQgcmVxLmh0dHAuQ29va2llID0gcmVxLmh0dHAuWC1Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5YLUNvb2tpZTsKCglyZXR1cm4gKGxvb2t1cCk7Cn0KCnN1YiB2Y2xfaGl0IHsKCWlmIChvYmoudHRsID49IDBzKSB7CgkJcmV0dXJuIChkZWxpdmVyKTsKCX0KCglpZiAoc3RkLmhlYWx0aHkocmVxLmJhY2tlbmRfaGludCkgJiYKCQlvYmoudHRsICsgMTVzID4gMHMpIHsKCQkjIENhcCBncmFjZSBwZXJpb2QgZm9yIGhlYWx0aHkgYmFja2VuZHMKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfSBlbHNlIGlmIChvYmoudHRsICsgb2JqLmdyYWNlID4gMHMpIHsKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfQoKCXJldHVybiAobWlzcyk7Cn0KCnN1YiB2Y2xfZGVsaXZlciB7Cgl1bnNldCByZXNwLmh0dHAuVmlhOwoKCWlmIChyZXNwLnN0YXR1cyA+PSA0MDApIHsKCQlyZXR1cm4gKHN5bnRoKHJlc3Auc3RhdHVzKSk7Cgl9Cn0KCnN1YiB2Y2xfc3ludGggewoJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IjsKCXNldCByZXNwLmh0dHAuUmV0cnktQWZ0ZXIgPSAiNSI7CglzZXQgcmVzcC5odHRwLlgtRnJhbWUtT3B0aW9ucyA9ICJERU5ZIjsKCXNldCByZXNwLmh0dHAuWC1YU1MtUHJvdGVjdGlvbiA9ICIxOyBtb2RlPWJsb2NrIjsKCglpZiAocmVxLnVybCB+ICIoP2kpXC4oY3NzfGVvdHxnaWZ8aWNvfGpwZT9nfGpzfHBuZ3xzdmd8dHRmfHR4dHx3b2ZmMj8pKFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXRpYyBhc3NldHMuCgkJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOCI7CgkJc3ludGhldGljKHJlc3Auc3RhdHVzICsgIiAiICsgcmVzcC5yZWFzb24pOwoJfSBlbHNlIGlmIChyZXEudXJsIH4gIig/aSleLyh2YXJuaXNoLSk/c3RhdHVzKFwucGhwKT8oXD8uKik/JCIpIHsKCQkjIFJlc3BvbmQgd2l0aCBzaW1wbGUgdGV4dCBlcnJvciBmb3Igc3RhdHVzIHVyaS4KCQlzZXQgcmVzcC5odHRwLkNhY2hlLUNvbnRyb2wgPSAibm8tc3RvcmUiOwoJCXNldCByZXNwLmh0dHAuQ29udGVudC1UeXBlID0gInRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgiOwoJCXN5bnRoZXRpYyhyZXNwLnJlYXNvbik7Cgl9IGVsc2UgaWYgKHJlc3Auc3RhdHVzIDwgNTAwKSB7CgkJc3ludGhldGljKHsiPCFET0NUWVBFIGh0bWw+CjxodG1sPgoJPGhlYWQ+CgkJPHRpdGxlPiJ9ICsgcmVzcC5yZWFzb24gKyB7IjwvdGl0bGU+CgkJPHN0eWxlPgoJCQlib2R5e2NvbG9yOiM2NjY7YmFja2dyb3VuZC1jb2xvcjojZjFmMWYxO2ZvbnQtZmFtaWx5OnNhbnMtc2VyaWY7bWFyZ2luOjEyJTttYXgtd2lkdGg6NTAlO30KCQkJaDEsaDJ7Y29sb3I6IzMzMztmb250LXNpemU6NHJlbTtmb250LXdlaWdodDo0MDA7dGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlO30KCQkJaDJ7Y29sb3I6IzMzMztmb250LXNpemU6MnJlbTt9CgkJCXB7Zm9udC1zaXplOjEuNXJlbTt9CgkJPC9zdHlsZT4KCTwvaGVhZD4KCTxib2R5PgoJCTxoMT4ifSArIHJlc3Auc3RhdHVzICsgeyI8L2gxPgoJCTxoMj4ifSArIHJlc3AucmVhc29uICsgeyI8L2gyPgoJPC9ib2R5Pgo8L2h0bWw+In0pOwoJfSBlbHNlIHsKCQlzeW50aGV0aWMoeyI8IURPQ1RZUEUgaHRtbD4KPGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+In0gKyByZXNwLnJlYXNvbiArIHsiPC90aXRsZT4KCQk8c3R5bGU+CgkJCWJvZHl7Y29sb3I6IzY2NjtiYWNrZ3JvdW5kLWNvbG9yOiNmMWYxZjE7Zm9udC1mYW1pbHk6c2Fucy1zZXJpZjttYXJnaW46MTIlO21heC13aWR0aDo1MCU7fQoJCQloMSxoMntjb2xvcjojMzMzO2ZvbnQtc2l6ZTo0cmVtO2ZvbnQtd2VpZ2h0OjQwMDt0ZXh0LXRyYW5zZm9ybTp1cHBlcmNhc2U7fQoJCQloMntjb2xvcjojMzMzO2ZvbnQtc2l6ZToycmVtO30KCQkJcHtmb250LXNpemU6MS41cmVtO30KCQk8L3N0eWxlPgoJPC9oZWFkPgoJPGJvZHk+CgkJPGgxPiJ9ICsgcmVzcC5zdGF0dXMgKyB7IjwvaDE+CgkJPGgyPiJ9ICsgcmVzcC5yZWFzb24gKyB7IjwvaDI+CgkJPHA+WElEOiAifSArIHJlcS54aWQgKyB7IjwvcD4KCTwvYm9keT4KPC9odG1sPiJ9KTsKCX0KCglyZXR1cm4gKGRlbGl2ZXIpOwp9CgojIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIEJhY2tlbmQKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIHZjbF9iYWNrZW5kX3Jlc3BvbnNlIHsKCXNldCBiZXJlc3AuZ3JhY2UgPSAyNGg7CgoJaWYgKGJlcmVxLnVuY2FjaGVhYmxlKSB7CgkJcmV0dXJuIChkZWxpdmVyKTsKCX0gZWxzZSBpZiAoYmVyZXNwLnR0bCA8PSAwcyB8fAoJCWJlcmVzcC5odHRwLlNldC1Db29raWUgfHwKCQliZXJlc3AuaHR0cC5TdXJyb2dhdGUtQ29udHJvbCB+ICIoP2kpXm5vLXN0b3JlJCIgfHwKCQkoICEgYmVyZXNwLmh0dHAuU3Vycm9nYXRlLUNvbnRyb2wgJiYKCQkJYmVyZXNwLmh0dHAuQ2FjaGUtQ29udHJvbCB+ICIoP2kpXihwcml2YXRlfG5vLWNhY2hlfG5vLXN0b3JlKSQiKSB8fAoJCWJlcmVzcC5odHRwLlZhcnkgPT0gIioiKSB7CgkJIyBNYXJrIGFzICJoaXQtZm9yLW1pc3MiIGZvciAyIG1pbnV0ZXMKCQlzZXQgYmVyZXNwLnR0bCA9IDEyMHM7CgkJc2V0IGJlcmVzcC51bmNhY2hlYWJsZSA9IHRydWU7Cgl9CgoJcmV0dXJuIChkZWxpdmVyKTsKfQoKc3ViIHZjbF9iYWNrZW5kX2Vycm9yIHsKCXNldCBiZXJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IjsKCXNldCBiZXJlc3AuaHR0cC5SZXRyeS1BZnRlciA9ICI1IjsKCXNldCBiZXJlc3AuaHR0cC5YLUZyYW1lLU9wdGlvbnMgPSAiREVOWSI7CglzZXQgYmVyZXNwLmh0dHAuWC1YU1MtUHJvdGVjdGlvbiA9ICIxOyBtb2RlPWJsb2NrIjsKCglpZiAoYmVyZXEudXJsIH4gIig/aSlcLihjc3N8ZW90fGdpZnxpY298anBlP2d8anN8cG5nfHN2Z3x0dGZ8dHh0fHdvZmYyPykoXD8uKik/JCIpIHsKCQkjIFJlc3BvbmQgd2l0aCBzaW1wbGUgdGV4dCBlcnJvciBmb3Igc3RhdGljIGFzc2V0cy4KCQlzZXQgYmVyZXNwLmh0dHAuQ29udGVudC1UeXBlID0gInRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgiOwoJCXN5bnRoZXRpYyhiZXJlc3Auc3RhdHVzICsgIiAiICsgYmVyZXNwLnJlYXNvbik7Cgl9IGVsc2UgaWYgKGJlcmVxLnVybCB+ICIoP2kpXi8odmFybmlzaC0pP3N0YXR1cyhcLnBocCk/KFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXR1cyB1cmkuCgkJc2V0IGJlcmVzcC5odHRwLkNhY2hlLUNvbnRyb2wgPSAibm8tc3RvcmUiOwoJCXNldCBiZXJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOCI7CgkJc3ludGhldGljKGJlcmVzcC5yZWFzb24pOwoJfSBlbHNlIHsKCQlzeW50aGV0aWMoeyI8IURPQ1RZUEUgaHRtbD4KPGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+In0gKyBiZXJlc3AucmVhc29uICsgeyI8L3RpdGxlPgoJCTxzdHlsZT4KCQkJYm9keXtjb2xvcjojNjY2O2JhY2tncm91bmQtY29sb3I6I2YxZjFmMTtmb250LWZhbWlseTpzYW5zLXNlcmlmO21hcmdpbjoxMiU7bWF4LXdpZHRoOjUwJTt9CgkJCWgxLGgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjRyZW07Zm9udC13ZWlnaHQ6NDAwO3RleHQtdHJhbnNmb3JtOnVwcGVyY2FzZTt9CgkJCWgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjJyZW07fQoJCQlwe2ZvbnQtc2l6ZToxLjVyZW07fQoJCTwvc3R5bGU+Cgk8L2hlYWQ+Cgk8Ym9keT4KCQk8aDE+In0gKyBiZXJlc3Auc3RhdHVzICsgeyI8L2gxPgoJCTxoMj4ifSArIGJlcmVzcC5yZWFzb24gKyB7IjwvaDI+CgkJPHA+WElEOiAifSArIGJlcmVxLnhpZCArIHsiPC9wPgoJPC9ib2R5Pgo8L2h0bWw+In0pOwoJfQoKCXJldHVybiAoZGVsaXZlcik7Cn0K" \ + --env "VARNISH_VCL_CONF=dmNsIDQuMDsKCmltcG9ydCBkaXJlY3RvcnM7CmltcG9ydCBzdGQ7CgojIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIEhlYWx0aGNoZWNrIHByb2JlIChiYXNpYykKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KcHJvYmUgaGVhbHRoY2hlY2sgewoJLmludGVydmFsID0gNXM7CgkudGltZW91dCA9IDJzOwoJLndpbmRvdyA9IDM7CgkudGhyZXNob2xkID0gMzsKCS5pbml0aWFsID0gMjsKCS5leHBlY3RlZF9yZXNwb25zZSA9IDIwMDsKCS5yZXF1ZXN0ID0KCQkiR0VUIC8gSFRUUC8xLjEiCgkJIkhvc3Q6IGxvY2FsaG9zdC5sb2NhbGRvbWFpbiIKCQkiQ29ubmVjdGlvbjogY2xvc2UiCgkJIlVzZXItQWdlbnQ6IFZhcm5pc2giCgkJIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSI7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQmFja2VuZHMKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KYmFja2VuZCBodHRwXzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4MCI7CgkuZmlyc3RfYnl0ZV90aW1lb3V0ID0gMzAwczsKCS5wcm9iZSA9IGhlYWx0aGNoZWNrOwp9CgpiYWNrZW5kIHByb3h5XzEgewoJLmhvc3QgPSAiaHR0cGRfMSI7CgkucG9ydCA9ICI4NDQzIjsKCS5maXJzdF9ieXRlX3RpbWVvdXQgPSAzMDBzOwoJLnByb2JlID0gaGVhbHRoY2hlY2s7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgRGlyZWN0b3JzCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiB2Y2xfaW5pdCB7CgluZXcgZGlyZWN0b3JfaHR0cCA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfaHR0cC5hZGRfYmFja2VuZChodHRwXzEpOwoKCW5ldyBkaXJlY3Rvcl9wcm94eSA9IGRpcmVjdG9ycy5yb3VuZF9yb2JpbigpOwoJZGlyZWN0b3JfcHJveHkuYWRkX2JhY2tlbmQocHJveHlfMSk7Cn0KCiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgQ2xpZW50IHNpZGUKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIHZjbF9yZWN2IHsKCWlmIChyZXEuaHR0cC5Db29raWUgIT0gIiIpIHsKCQlzZXQgcmVxLmh0dHAuWC1Db29raWUgPSByZXEuaHR0cC5Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5Db29raWU7Cgl1bnNldCByZXEuaHR0cC5Gb3J3YXJkZWQ7Cgl1bnNldCByZXEuaHR0cC5Qcm94eTsKCXVuc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVBvcnQ7Cgl1bnNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qcm90bzsKCglpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4NDQzIHx8CgkJc3RkLnBvcnQobG9jYWwuaXApID09IDg0NDMpIHsKCQkjIFBvcnQgODQ0MwoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjQ0MyI7CgkJc2V0IHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvID0gImh0dHBzIjsKCQlzZXQgcmVxLmJhY2tlbmRfaGludCA9IGRpcmVjdG9yX3Byb3h5LmJhY2tlbmQoKTsKCX0gZWxzZSBpZiAoc3RkLnBvcnQoc2VydmVyLmlwKSA9PSA4MCB8fAoJCXN0ZC5wb3J0KGxvY2FsLmlwKSA9PSA4MCkgewoJCSMgUG9ydCA4MAoJCXNldCByZXEuaHR0cC5YLUZvcndhcmRlZC1Qb3J0ID0gIjgwIjsKCQlzZXQgcmVxLmh0dHAuWC1Gb3J3YXJkZWQtUHJvdG8gPSAiaHR0cCI7CgkJc2V0IHJlcS5iYWNrZW5kX2hpbnQgPSBkaXJlY3Rvcl9odHRwLmJhY2tlbmQoKTsKCX0gZWxzZSB7CgkJIyBSZWplY3QgdW5leHBlY3RlZCBwb3J0cwoJCXJldHVybiAoc3ludGgoNDAzKSk7Cgl9CgoJIyBIYW5kbGUgbW9uaXRvcmluZyBzdGF0dXMgZW5kcG9pbnRzIC9zdGF0dXMgYW5kIC92YXJuaXNoLXN0YXR1cwoJaWYgKHJlcS51cmwgfiAiKD9pKV4vc3RhdHVzKFw/LiopPyQiICYmCgkJIXN0ZC5oZWFsdGh5KHJlcS5iYWNrZW5kX2hpbnQpKSB7CgkJcmV0dXJuIChzeW50aCg1MDMsICJTZXJ2aWNlIFVuYXZhaWxhYmxlIikpOwoJfSBlbHNlIGlmIChyZXEudXJsIH4gIig/aSleLyh2YXJuaXNoLSk/c3RhdHVzKFw/LiopPyQiKSB7CgkJcmV0dXJuIChzeW50aCgyMDAsICJPSyIpKTsKCX0KfQoKc3ViIHZjbF9oYXNoIHsKCWhhc2hfZGF0YShyZXEudXJsKTsKCglpZiAocmVxLmh0dHAuSG9zdCkgewoJCWhhc2hfZGF0YShyZXEuaHR0cC5Ib3N0KTsKCX0gZWxzZSB7CgkJaGFzaF9kYXRhKHNlcnZlci5pcCk7Cgl9CgoJaWYgKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKSB7CgkJaGFzaF9kYXRhKHJlcS5odHRwLlgtRm9yd2FyZGVkLVByb3RvKTsKCX0KCglpZiAocmVxLmh0dHAuWC1Db29raWUpIHsKCQlzZXQgcmVxLmh0dHAuQ29va2llID0gcmVxLmh0dHAuWC1Db29raWU7Cgl9Cgl1bnNldCByZXEuaHR0cC5YLUNvb2tpZTsKCglyZXR1cm4gKGxvb2t1cCk7Cn0KCnN1YiB2Y2xfaGl0IHsKCWlmIChvYmoudHRsID49IDBzKSB7CgkJcmV0dXJuIChkZWxpdmVyKTsKCX0KCglpZiAoc3RkLmhlYWx0aHkocmVxLmJhY2tlbmRfaGludCkgJiYKCQlvYmoudHRsICsgMTVzID4gMHMpIHsKCQkjIENhcCBncmFjZSBwZXJpb2QgZm9yIGhlYWx0aHkgYmFja2VuZHMKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfSBlbHNlIGlmIChvYmoudHRsICsgb2JqLmdyYWNlID4gMHMpIHsKCQlyZXR1cm4gKGRlbGl2ZXIpOwoJfQoKCXJldHVybiAobWlzcyk7Cn0KCnN1YiB2Y2xfZGVsaXZlciB7Cgl1bnNldCByZXNwLmh0dHAuVmlhOwoKCWlmIChyZXNwLnN0YXR1cyA+PSA0MDApIHsKCQlyZXR1cm4gKHN5bnRoKHJlc3Auc3RhdHVzKSk7Cgl9Cn0KCnN1YiB2Y2xfc3ludGggewoJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IjsKCXNldCByZXNwLmh0dHAuUmV0cnktQWZ0ZXIgPSAiNSI7CglzZXQgcmVzcC5odHRwLlgtRnJhbWUtT3B0aW9ucyA9ICJERU5ZIjsKCXNldCByZXNwLmh0dHAuWC1YU1MtUHJvdGVjdGlvbiA9ICIxOyBtb2RlPWJsb2NrIjsKCglpZiAocmVxLnVybCB+ICIoP2kpXC4oY3NzfGVvdHxnaWZ8aWNvfGpwZT9nfGpzfHBuZ3xzdmd8dHRmfHR4dHx3b2ZmMj8pKFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXRpYyBhc3NldHMuCgkJc2V0IHJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOCI7CgkJc3ludGhldGljKHJlc3Auc3RhdHVzICsgIiAiICsgcmVzcC5yZWFzb24pOwoJfSBlbHNlIGlmIChyZXEudXJsIH4gIig/aSleLyh2YXJuaXNoLSk/c3RhdHVzKFwucGhwKT8oXD8uKik/JCIpIHsKCQkjIFJlc3BvbmQgd2l0aCBzaW1wbGUgdGV4dCBlcnJvciBmb3Igc3RhdHVzIHVyaS4KCQlzZXQgcmVzcC5odHRwLkNhY2hlLUNvbnRyb2wgPSAibm8tc3RvcmUiOwoJCXNldCByZXNwLmh0dHAuQ29udGVudC1UeXBlID0gInRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgiOwoJCXN5bnRoZXRpYyhyZXNwLnJlYXNvbik7Cgl9IGVsc2UgaWYgKHJlc3Auc3RhdHVzIDwgNTAwKSB7CgkJc3ludGhldGljKHsiPCFET0NUWVBFIGh0bWw+CjxodG1sPgoJPGhlYWQ+CgkJPHRpdGxlPiJ9ICsgcmVzcC5yZWFzb24gKyB7IjwvdGl0bGU+CgkJPHN0eWxlPgoJCQlib2R5e2NvbG9yOiM2NjY7YmFja2dyb3VuZC1jb2xvcjojZjFmMWYxO2ZvbnQtZmFtaWx5OnNhbnMtc2VyaWY7bWFyZ2luOjEyJTttYXgtd2lkdGg6NTAlO30KCQkJaDEsaDJ7Y29sb3I6IzMzMztmb250LXNpemU6NHJlbTtmb250LXdlaWdodDo0MDA7dGV4dC10cmFuc2Zvcm06dXBwZXJjYXNlO30KCQkJaDJ7Y29sb3I6IzMzMztmb250LXNpemU6MnJlbTt9CgkJCXB7Zm9udC1zaXplOjEuNXJlbTt9CgkJPC9zdHlsZT4KCTwvaGVhZD4KCTxib2R5PgoJCTxoMT4ifSArIHJlc3Auc3RhdHVzICsgeyI8L2gxPgoJCTxoMj4ifSArIHJlc3AucmVhc29uICsgeyI8L2gyPgoJPC9ib2R5Pgo8L2h0bWw+In0pOwoJfSBlbHNlIHsKCQlzeW50aGV0aWMoeyI8IURPQ1RZUEUgaHRtbD4KPGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+In0gKyByZXNwLnJlYXNvbiArIHsiPC90aXRsZT4KCQk8c3R5bGU+CgkJCWJvZHl7Y29sb3I6IzY2NjtiYWNrZ3JvdW5kLWNvbG9yOiNmMWYxZjE7Zm9udC1mYW1pbHk6c2Fucy1zZXJpZjttYXJnaW46MTIlO21heC13aWR0aDo1MCU7fQoJCQloMSxoMntjb2xvcjojMzMzO2ZvbnQtc2l6ZTo0cmVtO2ZvbnQtd2VpZ2h0OjQwMDt0ZXh0LXRyYW5zZm9ybTp1cHBlcmNhc2U7fQoJCQloMntjb2xvcjojMzMzO2ZvbnQtc2l6ZToycmVtO30KCQkJcHtmb250LXNpemU6MS41cmVtO30KCQk8L3N0eWxlPgoJPC9oZWFkPgoJPGJvZHk+CgkJPGgxPiJ9ICsgcmVzcC5zdGF0dXMgKyB7IjwvaDE+CgkJPGgyPiJ9ICsgcmVzcC5yZWFzb24gKyB7IjwvaDI+CgkJPHA+WElEOiAifSArIHJlcS54aWQgKyB7IjwvcD4KCTwvYm9keT4KPC9odG1sPiJ9KTsKCX0KCglyZXR1cm4gKGRlbGl2ZXIpOwp9CgojIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIEJhY2tlbmQKIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIHZjbF9iYWNrZW5kX3Jlc3BvbnNlIHsKCXNldCBiZXJlc3AuZ3JhY2UgPSAyNGg7CgoJaWYgKGJlcmVxLnVuY2FjaGVhYmxlKSB7CgkJcmV0dXJuIChkZWxpdmVyKTsKCX0gZWxzZSBpZiAoYmVyZXNwLnR0bCA8PSAwcyB8fAoJCWJlcmVzcC5odHRwLlNldC1Db29raWUgfHwKCQliZXJlc3AuaHR0cC5TdXJyb2dhdGUtQ29udHJvbCB+ICIoP2kpXm5vLXN0b3JlJCIgfHwKCQkoICEgYmVyZXNwLmh0dHAuU3Vycm9nYXRlLUNvbnRyb2wgJiYKCQkJYmVyZXNwLmh0dHAuQ2FjaGUtQ29udHJvbCB+ICIoP2kpXihwcml2YXRlfG5vLWNhY2hlfG5vLXN0b3JlKSQiKSB8fAoJCWJlcmVzcC5odHRwLlZhcnkgPT0gIioiKSB7CgkJIyBNYXJrIGFzICJoaXQtZm9yLW1pc3MiIGZvciAyIG1pbnV0ZXMKCQlzZXQgYmVyZXNwLnR0bCA9IDEyMHM7CgkJc2V0IGJlcmVzcC51bmNhY2hlYWJsZSA9IHRydWU7Cgl9CgoJcmV0dXJuIChkZWxpdmVyKTsKfQoKc3ViIHZjbF9iYWNrZW5kX2Vycm9yIHsKCXNldCBiZXJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IjsKCXNldCBiZXJlc3AuaHR0cC5SZXRyeS1BZnRlciA9ICI1IjsKCXNldCBiZXJlc3AuaHR0cC5YLUZyYW1lLU9wdGlvbnMgPSAiREVOWSI7CglzZXQgYmVyZXNwLmh0dHAuWC1YU1MtUHJvdGVjdGlvbiA9ICIxOyBtb2RlPWJsb2NrIjsKCglpZiAoYmVyZXEudXJsIH4gIig/aSlcLihjc3N8ZW90fGdpZnxpY298anBlP2d8anN8cG5nfHN2Z3x0dGZ8dHh0fHdvZmYyPykoXD8uKik/JCIpIHsKCQkjIFJlc3BvbmQgd2l0aCBzaW1wbGUgdGV4dCBlcnJvciBmb3Igc3RhdGljIGFzc2V0cy4KCQlzZXQgYmVyZXNwLmh0dHAuQ29udGVudC1UeXBlID0gInRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgiOwoJCXN5bnRoZXRpYyhiZXJlc3Auc3RhdHVzICsgIiAiICsgYmVyZXNwLnJlYXNvbik7Cgl9IGVsc2UgaWYgKGJlcmVxLnVybCB+ICIoP2kpXi8odmFybmlzaC0pP3N0YXR1cyhcLnBocCk/KFw/LiopPyQiKSB7CgkJIyBSZXNwb25kIHdpdGggc2ltcGxlIHRleHQgZXJyb3IgZm9yIHN0YXR1cyB1cmkuCgkJc2V0IGJlcmVzcC5odHRwLkNhY2hlLUNvbnRyb2wgPSAibm8tc3RvcmUiOwoJCXNldCBiZXJlc3AuaHR0cC5Db250ZW50LVR5cGUgPSAidGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOCI7CgkJc3ludGhldGljKGJlcmVzcC5yZWFzb24pOwoJfSBlbHNlIHsKCQlzeW50aGV0aWMoeyI8IURPQ1RZUEUgaHRtbD4KPGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+In0gKyBiZXJlc3AucmVhc29uICsgeyI8L3RpdGxlPgoJCTxzdHlsZT4KCQkJYm9keXtjb2xvcjojNjY2O2JhY2tncm91bmQtY29sb3I6I2YxZjFmMTtmb250LWZhbWlseTpzYW5zLXNlcmlmO21hcmdpbjoxMiU7bWF4LXdpZHRoOjUwJTt9CgkJCWgxLGgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjRyZW07Zm9udC13ZWlnaHQ6NDAwO3RleHQtdHJhbnNmb3JtOnVwcGVyY2FzZTt9CgkJCWgye2NvbG9yOiMzMzM7Zm9udC1zaXplOjJyZW07fQoJCQlwe2ZvbnQtc2l6ZToxLjVyZW07fQoJCTwvc3R5bGU+Cgk8L2hlYWQ+Cgk8Ym9keT4KCQk8aDE+In0gKyBiZXJlc3Auc3RhdHVzICsgeyI8L2gxPgoJCTxoMj4ifSArIGJlcmVzcC5yZWFzb24gKyB7IjwvaDI+CgkJPHA+WElEOiAifSArIGJlcmVxLnhpZCArIHsiPC9wPgoJPC9ib2R5Pgo8L2h0bWw+In0pOwoJfQoKCXJldHVybiAoZGVsaXZlcik7Cn0K" \ --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ From 7cf07002f396edcca385786716a4379ff30a80a8 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 16 Aug 2019 19:34:13 +0100 Subject: [PATCH 09/13] Release changes for 1.7.0 and 2.4.0. --- CHANGELOG.md | 2 +- Dockerfile | 2 +- README.md | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 36fd0ed..da9a3fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Summary of release changes. -### 1.7.0 - Unreleased +### 1.7.0 - 2019-08-16 - Updates source image to [1.11.0](https://github.com/jdeathe/centos-ssh/releases/tag/1.11.0). - Updates CHANGELOG.md to simplify maintenance. diff --git a/Dockerfile b/Dockerfile index b2a2458..e2fb138 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM jdeathe/centos-ssh:1.11.0 -ARG RELEASE_VERSION="1.6.0" +ARG RELEASE_VERSION="1.7.0" # ------------------------------------------------------------------------------ # Base install of required packages diff --git a/README.md b/README.md index 29b681c..d81e38a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ### Tags and respective `Dockerfile` links -- `centos-7`, `2.3.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) -- `centos-6`, `1.6.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) +- `centos-7`, `2.4.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) +- `centos-6`, `1.7.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) ## Overview @@ -26,7 +26,7 @@ $ docker run -d -t \ -p 80:80 \ --sysctl "net.core.somaxconn=1024" \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:2.3.0 + jdeathe/centos-ssh-varnish:2.4.0 ``` Verify the named container's process status and health. @@ -73,7 +73,7 @@ $ docker stop varnish.1 && \ --env "VARNISH_MAX_THREADS=2000" \ --env "VARNISH_MIN_THREADS=100" \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:2.3.0 + jdeathe/centos-ssh-varnish:2.4.0 ``` Now you can verify it is initialised and running successfully by inspecting the container's logs: From 6396a1d87fe17262f770f0dd2119ad4d5cfdf45d Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 16 Aug 2019 23:24:47 +0100 Subject: [PATCH 10/13] Add extra time for tests that intermittently fail on CI. --- test/shpec/operation_shpec.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 620c85f..318e2fe 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -1040,7 +1040,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80}/ \ &> /dev/null - sleep 2 + sleep 4 docker logs \ --tail 1 \ @@ -1101,7 +1101,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80}/ \ &> /dev/null - sleep 2 + sleep 4 docker logs \ --tail 1 \ From e46fb9a96d027003eccb5a3a6757e464533bac60 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 16 Aug 2019 23:37:57 +0100 Subject: [PATCH 11/13] Adds increased healthcheck interval for tests that intermittently fail on CI. --- test/shpec/operation_shpec.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 318e2fe..27c63ce 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -1007,6 +1007,7 @@ function test_custom_configuration () --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ + --health-interval 30 \ jdeathe/centos-ssh-varnish:latest \ &> /dev/null @@ -1040,7 +1041,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80}/ \ &> /dev/null - sleep 4 + sleep 2 docker logs \ --tail 1 \ @@ -1068,6 +1069,7 @@ function test_custom_configuration () --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ + --health-interval 30 \ jdeathe/centos-ssh-varnish:latest \ &> /dev/null @@ -1101,7 +1103,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80}/ \ &> /dev/null - sleep 4 + sleep 2 docker logs \ --tail 1 \ From 2041739d85f9027b9b92f6d5e74d2e646f1fa5b1 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 16 Aug 2019 23:41:13 +0100 Subject: [PATCH 12/13] Push back release date due to intermittent failures on CI. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index da9a3fe..b027f12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Summary of release changes. -### 1.7.0 - 2019-08-16 +### 1.7.0 - 2019-08-17 - Updates source image to [1.11.0](https://github.com/jdeathe/centos-ssh/releases/tag/1.11.0). - Updates CHANGELOG.md to simplify maintenance. From 1b12b684b43e55dfceca831a9d0272af4faf874e Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 16 Aug 2019 23:44:04 +0100 Subject: [PATCH 13/13] Fixes time value for --health-interval in tests. --- test/shpec/operation_shpec.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 27c63ce..71cf084 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -1007,7 +1007,7 @@ function test_custom_configuration () --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ - --health-interval 30 \ + --health-interval 30s \ jdeathe/centos-ssh-varnish:latest \ &> /dev/null @@ -1069,7 +1069,7 @@ function test_custom_configuration () --network ${backend_network} \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --publish ${DOCKER_PORT_MAP_TCP_8443}:8443 \ - --health-interval 30 \ + --health-interval 30s \ jdeathe/centos-ssh-varnish:latest \ &> /dev/null