From f72bdcd0a07098fb131a02e09fea83121de01d9a Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 20 Nov 2018 11:36:39 +0000 Subject: [PATCH 1/6] #143: Fixes format/filter typo in tests. --- CHANGELOG.md | 4 ++++ test/shpec/operation_shpec.sh | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 14655aa..39eef45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ Summary of release changes for Version 1. CentOS-6 6.10 x86_64 - Varnish Cache 4.1. +### 1.5.2 - Unreleased + +- Fixes typo in test; using `--format` instead of `--filter`. + ### 1.5.1 - 2018-10-09 - Adds lockfile to ensure varnishd is started before varnishncsa. diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 9ba62ea..7e5292c 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -796,8 +796,8 @@ function test_custom_configuration () sleep ${STARTUP_TIME} docker ps \ - --format "name=varnish.pool-1.1.1" \ - --format "health=healthy" \ + --filter "name=varnish.pool-1.1.1" \ + --filter "health=healthy" \ &> /dev/null \ && docker top \ varnish.pool-1.1.1 \ @@ -833,8 +833,8 @@ function test_custom_configuration () fi docker ps \ - --format "name=varnish.pool-1.1.1" \ - --format "health=healthy" \ + --filter "name=varnish.pool-1.1.1" \ + --filter "health=healthy" \ &> /dev/null \ && docker top \ varnish.pool-1.1.1 \ From 3de6fcff44b5d0a64af48f99a2342e8444ed2ede Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 20 Nov 2018 12:51:45 +0000 Subject: [PATCH 2/6] #146: Updates source image to 1.9.1. --- CHANGELOG.md | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 39eef45..b8105a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ CentOS-6 6.10 x86_64 - Varnish Cache 4.1. ### 1.5.2 - Unreleased - Fixes typo in test; using `--format` instead of `--filter`. +- Updates source image to [1.9.1](https://github.com/jdeathe/centos-ssh/releases/tag/1.9.1). ### 1.5.1 - 2018-10-09 diff --git a/Dockerfile b/Dockerfile index 1040154..16f0fc7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ # CentOS-6, Varnish 4.1 # # ============================================================================= -FROM jdeathe/centos-ssh:1.9.0 +FROM jdeathe/centos-ssh:1.9.1 # ----------------------------------------------------------------------------- # Install Varnish Cache From f9dde6eb7d7fa20e28a02f70cdf08cc7a8baf311 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 20 Nov 2018 21:54:38 +0000 Subject: [PATCH 3/6] #145: Adds required sysctl settings to docker run templates. --- CHANGELOG.md | 1 + README.md | 6 ++++++ default.mk | 9 ++++++--- docker-compose.yml | 10 +++++----- environment.mk | 5 +++++ src/etc/systemd/system/centos-ssh-varnish@.service | 12 +++++++++--- src/opt/scmi/default.sh | 9 ++++++--- src/opt/scmi/environment.sh | 5 +++++ src/opt/scmi/service-unit.sh | 3 +++ 9 files changed, 46 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b8105a9..5af4e8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ CentOS-6 6.10 x86_64 - Varnish Cache 4.1. - Fixes typo in test; using `--format` instead of `--filter`. - Updates source image to [1.9.1](https://github.com/jdeathe/centos-ssh/releases/tag/1.9.1). +- Adds required `--sysctl` settings to docker run templates. ### 1.5.1 - 2018-10-09 diff --git a/README.md b/README.md index 25d32f1..9479934 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ Run up a container named `varnish.pool-1.1.1` from the docker image `jdeathe/cen $ docker run -d -t \ --name varnish.pool-1.1.1 \ -p 80:80 \ + --sysctl "net.core.somaxconn=1024" \ --add-host httpd_1:172.17.8.101 \ jdeathe/centos-ssh-varnish:1.5.1 ``` @@ -71,10 +72,15 @@ $ docker run \ --name varnish.pool-1.1.1 \ --publish 8000:80 \ --publish 8500:8443 \ + --sysctl "net.core.somaxconn=1024" \ + --sysctl "net.ipv4.ip_local_port_range=1024 65535" \ + --sysctl "net.ipv4.route.flush=1" \ --ulimit memlock=82000 \ --ulimit nofile=131072 \ --ulimit nproc=65535 \ --env "VARNISH_STORAGE=malloc,256M" \ + --env "VARNISH_MAX_THREADS=2000" \ + --env "VARNISH_MIN_THREADS=100" \ --add-host httpd_1:172.17.8.101 \ jdeathe/centos-ssh-varnish:1.5.1 ``` diff --git a/default.mk b/default.mk index 2652569..8d9e2a3 100644 --- a/default.mk +++ b/default.mk @@ -4,9 +4,12 @@ define DOCKER_CONTAINER_PARAMETERS --tty \ --name $(DOCKER_NAME) \ --restart $(DOCKER_RESTART_POLICY) \ ---ulimit memlock=$(ULIMIT_MEMLOCK) \ ---ulimit nofile=$(ULIMIT_NOFILE) \ ---ulimit nproc=$(ULIMIT_NPROC) \ +--sysctl "net.core.somaxconn=$(SYSCTL_NET_CORE_SOMAXCONN)" \ +--sysctl "net.ipv4.ip_local_port_range=$(SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE)" \ +--sysctl "net.ipv4.route.flush=$(SYSCTL_NET_IPV4_ROUTE_FLUSH)" \ +--ulimit "memlock=$(ULIMIT_MEMLOCK)" \ +--ulimit "nofile=$(ULIMIT_NOFILE)" \ +--ulimit "nproc=$(ULIMIT_NPROC)" \ --env "VARNISH_AUTOSTART_VARNISHD_WRAPPER=$(VARNISH_AUTOSTART_VARNISHD_WRAPPER)" \ --env "VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=$(VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER)" \ --env "VARNISH_MAX_THREADS=$(VARNISH_MAX_THREADS)" \ diff --git a/docker-compose.yml b/docker-compose.yml index 46102e0..ec4ed23 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,8 +28,8 @@ services: environment: VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER: "true" VARNISH_STORAGE: "malloc,256M" - VARNISH_MAX_THREADS: "2048" - VARNISH_MIN_THREADS: "1024" + VARNISH_MAX_THREADS: "2000" + VARNISH_MIN_THREADS: "100" # Example varnishncsa format string to include cache hit|miss indicator. # VARNISH_VARNISHNCSA_FORMAT: "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" %{Varnish:hitmiss}x" image: "jdeathe/centos-ssh-varnish:latest" @@ -43,7 +43,7 @@ services: - "8443:8443" restart: "always" sysctls: - net.core.somaxconn: "2048" + net.core.somaxconn: "1024" net.ipv4.ip_local_port_range: "1024 65535" net.ipv4.route.flush: "1" tty: true @@ -77,12 +77,12 @@ services: memcached: environment: MEMCACHED_CACHESIZE: "32" - MEMCACHED_MAXCONN: "2048" + MEMCACHED_MAXCONN: "1024" image: "jdeathe/centos-ssh-memcached:1.2.0" networks: - "tier2" restart: "always" sysctls: - net.core.somaxconn: "2048" + net.core.somaxconn: "1024" net.ipv4.ip_local_port_range: "1024 65535" net.ipv4.route.flush: "1" \ No newline at end of file diff --git a/environment.mk b/environment.mk index 4c82fe9..deec47f 100644 --- a/environment.mk +++ b/environment.mk @@ -31,6 +31,11 @@ DIST_PATH ?= ./dist # Number of seconds expected to complete container startup including bootstrap. STARTUP_TIME ?= 2 +# Docker --sysctl settings +SYSCTL_NET_CORE_SOMAXCONN ?= 1024 +SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE ?= 1024 65535 +SYSCTL_NET_IPV4_ROUTE_FLUSH ?= 1 + # Docker --ulimit settings ULIMIT_MEMLOCK ?= 82000 ULIMIT_NOFILE ?= 131072 diff --git a/src/etc/systemd/system/centos-ssh-varnish@.service b/src/etc/systemd/system/centos-ssh-varnish@.service index 3a33b77..9ad5313 100644 --- a/src/etc/systemd/system/centos-ssh-varnish@.service +++ b/src/etc/systemd/system/centos-ssh-varnish@.service @@ -55,6 +55,9 @@ Environment="DOCKER_IMAGE_NAME=centos-ssh-varnish" Environment="DOCKER_IMAGE_TAG=1.5.1" Environment="DOCKER_PORT_MAP_TCP_80=8000" Environment="DOCKER_PORT_MAP_TCP_8443=8500" +Environment="SYSCTL_NET_CORE_SOMAXCONN=1024" +Environment="SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE=1024 65535" +Environment="SYSCTL_NET_IPV4_ROUTE_FLUSH=1" Environment="ULIMIT_MEMLOCK=82000" Environment="ULIMIT_NOFILE=131072" Environment="ULIMIT_NPROC=9223372036854775807" @@ -97,9 +100,12 @@ ExecStart=/bin/bash -c \ "exec /usr/bin/docker run \ --tty \ --name %p.%i \ - --ulimit memlock=${ULIMIT_MEMLOCK} \ - --ulimit nofile=${ULIMIT_NOFILE} \ - --ulimit nproc=${ULIMIT_NPROC} \ + --sysctl \"net.core.somaxconn=${SYSCTL_NET_CORE_SOMAXCONN}\" \ + --sysctl \"net.ipv4.ip_local_port_range=${SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE}\" \ + --sysctl \"net.ipv4.route.flush=${SYSCTL_NET_IPV4_ROUTE_FLUSH}\" \ + --ulimit \"memlock=${ULIMIT_MEMLOCK}\" \ + --ulimit \"nofile=${ULIMIT_NOFILE}\" \ + --ulimit \"nproc=${ULIMIT_NPROC}\" \ --env \"VARNISH_AUTOSTART_VARNISHD_WRAPPER=${VARNISH_AUTOSTART_VARNISHD_WRAPPER}\" \ --env \"VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER}\" \ --env \"VARNISH_MAX_THREADS=${VARNISH_MAX_THREADS}\" \ diff --git a/src/opt/scmi/default.sh b/src/opt/scmi/default.sh index efc71a1..fd53601 100644 --- a/src/opt/scmi/default.sh +++ b/src/opt/scmi/default.sh @@ -41,9 +41,12 @@ fi DOCKER_CONTAINER_PARAMETERS="--tty \ --name ${DOCKER_NAME} \ --restart ${DOCKER_RESTART_POLICY} \ ---ulimit memlock=${ULIMIT_MEMLOCK} \ ---ulimit nofile=${ULIMIT_NOFILE} \ ---ulimit nproc=${ULIMIT_NPROC} \ +--sysctl \"net.core.somaxconn=${SYSCTL_NET_CORE_SOMAXCONN}\" \ +--sysctl \"net.ipv4.ip_local_port_range=${SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE}\" \ +--sysctl \"net.ipv4.route.flush=${SYSCTL_NET_IPV4_ROUTE_FLUSH}\" \ +--ulimit \"memlock=${ULIMIT_MEMLOCK}\" \ +--ulimit \"nofile=${ULIMIT_NOFILE}\" \ +--ulimit \"nproc=${ULIMIT_NPROC}\" \ --env \"VARNISH_AUTOSTART_VARNISHD_WRAPPER=${VARNISH_AUTOSTART_VARNISHD_WRAPPER}\" \ --env \"VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER}\" \ --env \"VARNISH_MAX_THREADS=${VARNISH_MAX_THREADS}\" \ diff --git a/src/opt/scmi/environment.sh b/src/opt/scmi/environment.sh index 3bdafff..b11e5c6 100644 --- a/src/opt/scmi/environment.sh +++ b/src/opt/scmi/environment.sh @@ -30,6 +30,11 @@ DIST_PATH="${DIST_PATH:-./dist}" # Number of seconds expected to complete container startup including bootstrap. STARTUP_TIME="${STARTUP_TIME:-2}" +# Docker --sysctl settings +SYSCTL_NET_CORE_SOMAXCONN="${SYSCTL_NET_CORE_SOMAXCONN:-1024}" +SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE="${SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE:-1024 65535}" +SYSCTL_NET_IPV4_ROUTE_FLUSH="${SYSCTL_NET_IPV4_ROUTE_FLUSH:-1}" + # Docker --ulimit settings ULIMIT_MEMLOCK="${ULIMIT_MEMLOCK:-82000}" ULIMIT_NOFILE="${ULIMIT_NOFILE:-131072}" diff --git a/src/opt/scmi/service-unit.sh b/src/opt/scmi/service-unit.sh index d391332..50e28b3 100644 --- a/src/opt/scmi/service-unit.sh +++ b/src/opt/scmi/service-unit.sh @@ -7,6 +7,9 @@ readonly SERVICE_UNIT_ENVIRONMENT_KEYS=" DOCKER_IMAGE_TAG DOCKER_PORT_MAP_TCP_80 DOCKER_PORT_MAP_TCP_8443 + SYSCTL_NET_CORE_SOMAXCONN + SYSCTL_NET_IPV4_IP_LOCAL_PORT_RANGE + SYSCTL_NET_IPV4_ROUTE_FLUSH ULIMIT_MEMLOCK ULIMIT_NOFILE ULIMIT_NPROC From 242382e1aa2b0cd81176e774837e5d0b6a84508f Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 22 Nov 2018 00:53:58 +0000 Subject: [PATCH 4/6] #159: Patches back #155 --- CHANGELOG.md | 3 + Dockerfile | 19 ++- .../supervisord.d/varnishncsa-wrapper.conf | 7 +- src/usr/sbin/varnishd-wrapper | 149 ++++++++++++++++-- src/usr/sbin/varnishncsa-wrapper | 27 ++-- test/shpec/operation_shpec.sh | 30 ++-- 6 files changed, 191 insertions(+), 44 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5af4e8c..a529c3a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ CentOS-6 6.10 x86_64 - Varnish Cache 4.1. - Fixes typo in test; using `--format` instead of `--filter`. - Updates source image to [1.9.1](https://github.com/jdeathe/centos-ssh/releases/tag/1.9.1). - Adds required `--sysctl` settings to docker run templates. +- Adds change to ensure varnishncsa is run with a non-root user `varnishlog`. +- Adds varnishncsa access logs to docker log output. +- Adds "Varnish Details" to docker log output. ### 1.5.1 - 2018-10-09 diff --git a/Dockerfile b/Dockerfile index 16f0fc7..dd2aa50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,17 +50,26 @@ RUN ln -sf \ && chmod 644 \ /etc/varnish/*.vcl \ && chmod 700 \ - /usr/{bin/healthcheck,sbin/{varnishd,varnishncsa}-wrapper} + /usr/{bin/healthcheck,sbin/{varnishd,varnishncsa}-wrapper} \ + && chmod 750 \ + /usr/sbin/varnishncsa-wrapper \ + && chgrp varnish \ + /usr/sbin/varnishncsa-wrapper \ + && mkdir -p \ + /var/run/varnish \ + && chown \ + varnishlog:varnish \ + /var/run/varnish EXPOSE 80 8443 # ----------------------------------------------------------------------------- # Set default environment variables # ----------------------------------------------------------------------------- -ENV SSH_AUTOSTART_SSHD=false \ - SSH_AUTOSTART_SSHD_BOOTSTRAP=false \ - VARNISH_AUTOSTART_VARNISHD_WRAPPER=true \ - VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER=false \ +ENV SSH_AUTOSTART_SSHD="false" \ + SSH_AUTOSTART_SSHD_BOOTSTRAP="false" \ + VARNISH_AUTOSTART_VARNISHD_WRAPPER="true" \ + VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER="false" \ VARNISH_MAX_THREADS="1000" \ VARNISH_MIN_THREADS="50" \ VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G" \ diff --git a/src/etc/services-config/supervisor/supervisord.d/varnishncsa-wrapper.conf b/src/etc/services-config/supervisor/supervisord.d/varnishncsa-wrapper.conf index da287d1..9b646c2 100644 --- a/src/etc/services-config/supervisor/supervisord.d/varnishncsa-wrapper.conf +++ b/src/etc/services-config/supervisor/supervisord.d/varnishncsa-wrapper.conf @@ -2,8 +2,9 @@ priority = 150 command = /usr/sbin/varnishncsa-wrapper autostart = %(ENV_VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER)s -startsecs = 0 +startsecs = 1 autorestart = true redirect_stderr = true -stdout_logfile = /var/log/varnish.log -stdout_events_enabled = true \ No newline at end of file +stdout_logfile = /var/log/varnish/access_log +stdout_events_enabled = true +user = varnishlog \ No newline at end of file diff --git a/src/usr/sbin/varnishd-wrapper b/src/usr/sbin/varnishd-wrapper index 2bace1d..63e3f1a 100755 --- a/src/usr/sbin/varnishd-wrapper +++ b/src/usr/sbin/varnishd-wrapper @@ -1,7 +1,76 @@ #!/usr/bin/env bash +set -e + +readonly BIN="/usr/sbin/varnishd" +readonly GROUP="varnish" +readonly LOCK_FILE="/var/lock/subsys/varnishd-wrapper" +readonly NICE="/bin/nice" +readonly NICENESS="10" +readonly TIMER_START="$( + date +%s.%N +)" +readonly USER="varnish" +readonly SECRET_PATH="/etc/varnish/secret" +readonly VARNISHNCSA_GROUP="varnish" +readonly VARNISHNCSA_LOG_FILE="/var/log/varnish/access_log" +readonly VARNISHNCSA_USER="varnishlog" +readonly VARNISHNCSA_WRAPPER="/usr/sbin/varnishncsa-wrapper" + +OPTIONS="" +VARNISHNCSA_FORMAT="" + # Create lock file -touch /var/lock/subsys/varnishd-wrapper +touch \ + "${LOCK_FILE}" + +function populate_psk_secret_file () +{ + local file_path="${1:-/etc/varnish/secret}" + local user="${2:-varnish}" + local group="${3:-varnish}" + + if [[ ! -s ${file_path} ]] + then + printf -- \ + "Populating Varnish PSK secret file.\n" + + dd \ + if=/dev/urandom \ + of="${file_path}" \ + count=1 \ + &> /dev/null + + chown \ + ${user}:${group} \ + "${file_path}" + + chmod \ + 640 \ + "${file_path}" + fi +} + +function set_log_write_user () +{ + local file_path="${1:-}" + local user="${2:-}" + local group="${3:-}" + + if [[ ! -f ${file_path} ]] + then + touch \ + "${file_path}" + fi + + chown \ + "${user}":"${group}" \ + "${file_path}" + + chmod \ + 0660 \ + "${file_path}" +} function set_varnish_vcl_conf () { @@ -35,9 +104,39 @@ function set_varnish_vcl_conf () fi } -set_varnish_vcl_conf "${VARNISH_VCL_CONF}" +function set_wrapper_execute_group () +{ + local file_path="${1:-}" + local group="${2:-}" + + chgrp \ + "${group}" \ + "${file_path}" + + chmod \ + 0750 \ + "${file_path}" +} + +# Ensure the secret PSK file is present. +populate_psk_secret_file \ + "${SECRET_PATH}" \ + "${USER}" \ + "${GROUP}" -readonly DAEMON_OPTS="-j unix,user=varnish,ccgroup=varnish +set_wrapper_execute_group \ + "${VARNISHNCSA_WRAPPER}" \ + "${VARNISHNCSA_GROUP}" + +set_log_write_user \ + "${VARNISHNCSA_LOG_FILE}" \ + "${VARNISHNCSA_USER}" \ + "${VARNISHNCSA_GROUP}" + +set_varnish_vcl_conf \ + "${VARNISH_VCL_CONF}" + +OPTIONS="-j unix,user=${USER},ccgroup=${GROUP} -F -P /var/run/varnish.pid -a 0.0.0.0:80 @@ -48,21 +147,45 @@ readonly DAEMON_OPTS="-j unix,user=varnish,ccgroup=varnish -p thread_pool_min=${VARNISH_MIN_THREADS:-50} -p thread_pool_max=${VARNISH_MAX_THREADS:-1000} -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT:-120} - -S /etc/varnish/secret + -S ${SECRET_PATH} -s ${VARNISH_STORAGE:-file,/var/lib/varnish/varnish_storage.bin,1G} " -readonly NICE="/bin/nice" -readonly NICENESS="${VARNISH_NICENESS:-10}" -readonly VARNISHD="/usr/sbin/varnishd" -printf -- \ - "Starting Varnish Cache: \n %s\n" \ - "${DAEMON_OPTS}" +if [[ ${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER} == true ]] +then + VARNISHNCSA_FORMAT="${VARNISH_VARNISHNCSA_FORMAT:-"%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""}" +fi + +TIMER_TOTAL="$( + echo - | awk "\ + { T1=\"${TIMER_START}\" } \ + { T2=\"$(date +%s.%N)\" } \ + { print T2 - T1; }" +)" + +cat \ + <<-EOT + + ================================================================================ + Varnish Details + -------------------------------------------------------------------------------- + vcl : ${VARNISH_VCL_CONF:-/etc/varnish/docker-default.vcl} + storage : ${VARNISH_STORAGE:-file,/var/lib/varnish/varnish_storage.bin,1G} + ttl : ${VARNISH_TTL:-120} + thread_pool_min : ${VARNISH_MIN_THREADS:-50} + thread_pool_max : ${VARNISH_MAX_THREADS:-1000} + thread_pool_timeout: ${VARNISH_THREAD_TIMEOUT:-120} + varnishncsa format : ${VARNISHNCSA_FORMAT:-N/A} + -------------------------------------------------------------------------------- + ${TIMER_TOTAL} + +EOT # Release lock file -rm -f /var/lock/subsys/varnishd-wrapper +rm -f \ + "${LOCK_FILE}" exec ${NICE} \ -n ${NICENESS} \ - ${VARNISHD} \ - ${DAEMON_OPTS} + ${BIN} \ + ${OPTIONS} diff --git a/src/usr/sbin/varnishncsa-wrapper b/src/usr/sbin/varnishncsa-wrapper index 98b36b8..b28d097 100644 --- a/src/usr/sbin/varnishncsa-wrapper +++ b/src/usr/sbin/varnishncsa-wrapper @@ -1,22 +1,23 @@ #!/usr/bin/env bash -readonly DAEMON_OPTS="-a +readonly BIN="/usr/bin/varnishncsa" +readonly FORMAT="${VARNISH_VARNISHNCSA_FORMAT:-"%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""}" +readonly LOCK_FILE="/var/lock/subsys/varnishd-wrapper" +readonly NICE="/bin/nice" +readonly NICENESS="10" +readonly OPTIONS="-a -c - -P /var/run/varnishncsa.pid - -w /var/log/varnish/access_log + -P /var/run/varnish/varnishncsa.pid " -readonly FORMAT="${VARNISH_VARNISHNCSA_FORMAT:-"%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""}" -readonly NICE=/bin/nice -readonly NICENESS=${VARNISHNCSA_NICENESS:-10} -readonly VARNISHNCSA=/usr/bin/varnishncsa -printf -- \ - "Starting Varnish Apache/NCSA logging: \n %s -F %s\n\n" \ - "${DAEMON_OPTS}" \ - "${FORMAT}" +while true +do + sleep 0.1 + [[ -e ${LOCK_FILE} ]] || break +done exec ${NICE} \ -n ${NICENESS} \ - ${VARNISHNCSA} \ - ${DAEMON_OPTS} \ + ${BIN} \ + ${OPTIONS} \ -F "${FORMAT}" diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 7e5292c..3bd5747 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -281,14 +281,14 @@ function test_basic_operations () it "Sets a 1G file storage." assert __shpec_matcher_egrep \ "${varnish_logs}" \ - "[ ]+-s file,\/var\/lib\/varnish\/varnish_storage\.bin,1G" + "^storage : file,\/var\/lib\/varnish\/varnish_storage\.bin,1G" end describe "VCL file" it "Sets path to docker-default.vcl." assert __shpec_matcher_egrep \ "${varnish_logs}" \ - "[ ]+-f \/etc\/varnish\/docker-default\.vcl" + "^vcl : \/etc\/varnish\/docker-default\.vcl" end it "Is unaltered." @@ -732,14 +732,14 @@ function test_custom_configuration () it "Sets a 256M malloc storage." assert __shpec_matcher_egrep \ "${varnish_logs}" \ - "[ ]+-s malloc,256M" + "^storage : malloc,256M" end describe "VCL file" it "Sets path to docker-default.vcl." assert __shpec_matcher_egrep \ "${varnish_logs}" \ - "[ ]+-f \/etc\/varnish\/docker-default\.vcl" + "^vcl : \/etc\/varnish\/docker-default\.vcl" end it "Is unaltered." @@ -891,9 +891,7 @@ function test_custom_configuration () # Ensure log file exists before checking it's contents counter=0 - until docker exec \ - varnish.pool-1.1.1 \ - bash -c "[[ -s /var/log/varnish/access_log ]]" + while true do if (( counter > 6 )) then @@ -907,6 +905,13 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80}/ \ &> /dev/null + if docker exec \ + varnish.pool-1.1.1 \ + bash -c "[[ -s /var/log/varnish/access_log ]]" + then + break + fi + sleep 0.5 (( counter += 1 )) done @@ -965,9 +970,7 @@ function test_custom_configuration () # Ensure log file exists before checking it's contents counter=0 - until docker exec \ - varnish.pool-1.1.1 \ - bash -c "[[ -s /var/log/varnish/access_log ]]" + while true do if (( counter > 6 )) then @@ -981,6 +984,13 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80}/ \ &> /dev/null + if docker exec \ + varnish.pool-1.1.1 \ + bash -c "[[ -s /var/log/varnish/access_log ]]" + then + break + fi + sleep 0.5 (( counter += 1 )) done From 3dd2eb486f31a644c575f693d1cf0130c0338f65 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 10 Dec 2018 17:15:11 +0000 Subject: [PATCH 5/6] #158: Updates image versions in docker-compose examples and tests. --- CHANGELOG.md | 1 + docker-compose.yml | 4 ++-- test/shpec/operation_shpec.sh | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a529c3a..d96d7df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ CentOS-6 6.10 x86_64 - Varnish Cache 4.1. - Fixes typo in test; using `--format` instead of `--filter`. - Updates source image to [1.9.1](https://github.com/jdeathe/centos-ssh/releases/tag/1.9.1). +- Updates image versions in docker-compose example and tests. - Adds required `--sysctl` settings to docker run templates. - Adds change to ensure varnishncsa is run with a non-root user `varnishlog`. - Adds varnishncsa access logs to docker log output. diff --git a/docker-compose.yml b/docker-compose.yml index ec4ed23..3cec71e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -63,7 +63,7 @@ services: APACHE_SERVER_NAME: "www.app.local" PHP_OPTIONS_SESSION_SAVE_HANDLER: "memcached" PHP_OPTIONS_SESSION_SAVE_PATH: "memcached:11211" - image: "jdeathe/centos-ssh-apache-php:2.3.0" + image: "jdeathe/centos-ssh-apache-php:2.3.1" networks: tier2: aliases: @@ -78,7 +78,7 @@ services: environment: MEMCACHED_CACHESIZE: "32" MEMCACHED_MAXCONN: "1024" - image: "jdeathe/centos-ssh-memcached:1.2.0" + image: "jdeathe/centos-ssh-memcached:1.2.1" networks: - "tier2" restart: "always" diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 3bd5747..2d2d73f 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -86,7 +86,7 @@ function __setup () local -r backend_alias="httpd_1" local -r backend_name="apache-php.pool-1.1.1" local -r backend_network="bridge_t1" - local -r backend_release="2.3.0" + local -r backend_release="2.3.1" # Create the bridge network if [[ -z $(docker network ls -q -f name="${backend_network}") ]]; then From d8ac024b540328199c3051fc6d40931987b2cd71 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 10 Dec 2018 20:19:37 +0000 Subject: [PATCH 6/6] Release changes for 1.5.2 and 2.2.1. --- CHANGELOG.md | 2 +- Dockerfile | 2 +- README.md | 14 +++++++------- src/etc/systemd/system/centos-ssh-varnish@.service | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d96d7df..bc8c203 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ Summary of release changes for Version 1. CentOS-6 6.10 x86_64 - Varnish Cache 4.1. -### 1.5.2 - Unreleased +### 1.5.2 - 2018-12-10 - Fixes typo in test; using `--format` instead of `--filter`. - Updates source image to [1.9.1](https://github.com/jdeathe/centos-ssh/releases/tag/1.9.1). diff --git a/Dockerfile b/Dockerfile index dd2aa50..ac2968e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -81,7 +81,7 @@ ENV SSH_AUTOSTART_SSHD="false" \ # ----------------------------------------------------------------------------- # Set image metadata # ----------------------------------------------------------------------------- -ARG RELEASE_VERSION="1.5.1" +ARG RELEASE_VERSION="1.5.2" LABEL \ maintainer="James Deathe " \ install="docker run \ diff --git a/README.md b/README.md index 9479934..261261c 100644 --- a/README.md +++ b/README.md @@ -3,20 +3,20 @@ centos-ssh-varnish Docker Image including: - CentOS-6 6.10 x86_64 and Varnish Cache 4.1. -- CentOS-7 7.5.1804 x86_64 and Varnish Cache 6.0. +- CentOS-7 7.5.1804 x86_64 and Varnish Cache 6.1. ## Overview & links -- `centos-7`, `centos-7-2.2.0`, `2.2.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) -- `centos-6`, `centos-6-1.5.1`, `1.5.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) +- `centos-7`, `centos-7-2.2.1`, `2.2.1` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) +- `centos-6`, `centos-6-1.5.2`, `1.5.2` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) #### centos-6 -The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.5.1`or `1.5.1` for the [1.5.1](https://github.com/jdeathe/centos-ssh-varnish/tree/1.5.1) release tag. +The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.5.2`or `1.5.2` for the [1.5.2](https://github.com/jdeathe/centos-ssh-varnish/tree/1.5.2) release tag. #### centos-7 -The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.2.0`or `2.2.0` for the [2.2.0](https://github.com/jdeathe/centos-ssh-varnish/tree/2.2.0) release tag. +The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.2.1`or `2.2.1` for the [2.2.1](https://github.com/jdeathe/centos-ssh-varnish/tree/2.2.1) release tag. Included in the build are the [SCL](https://www.softwarecollections.org/), [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include [OpenSSH](http://www.openssh.com/portable.html) secure shell, [vim-minimal](http://www.vim.org/), are installed along with python-setuptools, [supervisor](http://supervisord.org/) and [supervisor-stdout](https://github.com/coderanger/supervisor-stdout). @@ -44,7 +44,7 @@ $ docker run -d -t \ -p 80:80 \ --sysctl "net.core.somaxconn=1024" \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:1.5.1 + jdeathe/centos-ssh-varnish:1.5.2 ``` Now you can verify it is initialised and running successfully by inspecting the container's logs. @@ -82,7 +82,7 @@ $ docker run \ --env "VARNISH_MAX_THREADS=2000" \ --env "VARNISH_MIN_THREADS=100" \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:1.5.1 + jdeathe/centos-ssh-varnish:1.5.2 ``` Now you can verify it is initialised and running successfully by inspecting the container's logs: diff --git a/src/etc/systemd/system/centos-ssh-varnish@.service b/src/etc/systemd/system/centos-ssh-varnish@.service index 9ad5313..33c4516 100644 --- a/src/etc/systemd/system/centos-ssh-varnish@.service +++ b/src/etc/systemd/system/centos-ssh-varnish@.service @@ -52,7 +52,7 @@ Environment="DOCKER_USER=jdeathe" Environment="DOCKER_CONTAINER_OPTS=" Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages" Environment="DOCKER_IMAGE_NAME=centos-ssh-varnish" -Environment="DOCKER_IMAGE_TAG=1.5.1" +Environment="DOCKER_IMAGE_TAG=1.5.2" Environment="DOCKER_PORT_MAP_TCP_80=8000" Environment="DOCKER_PORT_MAP_TCP_8443=8500" Environment="SYSCTL_NET_CORE_SOMAXCONN=1024"