From df1d595507994fccbb42f82be83dcbad5cf870d8 Mon Sep 17 00:00:00 2001 From: Drazen Date: Thu, 6 Mar 2025 10:17:55 +0100 Subject: [PATCH 1/4] Reworking-varnish-role --- roles/debian/varnish_config/defaults/main.yml | 7 ++++ roles/debian/varnish_config/tasks/main.yml | 37 ++++++++++++------- .../templates/varnish.service.j2 | 29 +++++++++++++++ 3 files changed, 59 insertions(+), 14 deletions(-) create mode 100644 roles/debian/varnish_config/templates/varnish.service.j2 diff --git a/roles/debian/varnish_config/defaults/main.yml b/roles/debian/varnish_config/defaults/main.yml index 38f9bd90e..f3947d088 100644 --- a/roles/debian/varnish_config/defaults/main.yml +++ b/roles/debian/varnish_config/defaults/main.yml @@ -17,3 +17,10 @@ varnish_config: upstream_proxies: [] # Provide an alternative filename if you are providing a template. template_filename: default.vcl + # Varnish systemd overrides to make varnish consistent even after upgrades + varnish_pid: /run/varnishd.pid + limit_nofile: 131072 + limit_memlock: 85983232 + limit_core: infinity + tasks_max: infinity + varnish_storage: "malloc,{{ ansible_facts.memtotal_mb // 10 }}M" diff --git a/roles/debian/varnish_config/tasks/main.yml b/roles/debian/varnish_config/tasks/main.yml index ad6d2836e..ace30d274 100644 --- a/roles/debian/varnish_config/tasks/main.yml +++ b/roles/debian/varnish_config/tasks/main.yml @@ -1,15 +1,24 @@ --- -- name: Copy Varnish default VCL. - ansible.builtin.template: - src: "{{ item }}" - dest: "{{ varnish_config_path }}/default.vcl" - owner: root - group: root - mode: 0644 - with_first_found: - - "{{ playbook_dir }}/templates/{{ varnish_config.template_filename }}.j2" - - "{{ _ce_provision_base_dir }}/config/files/templates/{{ varnish_config.template_filename }}.j2" - - "default.vcl.j2" - notify: - - reload systemd # handlers in https://github.com/geerlingguy/ansible-role-varnish/blob/master/handlers/main.yml - - restart varnish +- block: + - name: Copy Varnish default VCL. + ansible.builtin.template: + src: "{{ item }}" + dest: "{{ varnish_config_path }}/default.vcl" + owner: root + group: root + mode: 0644 + with_first_found: + - "{{ playbook_dir }}/templates/{{ varnish_config.template_filename }}.j2" + - "{{ _ce_provision_base_dir }}/config/files/templates/{{ varnish_config.template_filename }}.j2" + - "default.vcl.j2" +# This will keep varnish config as it is even after varnish upgrade + - name: Template varnish systemd service file + ansible.builtin.template: + src: varnish.service.j2 + dest: /etc/systemd/system/varnish.service + mode: '0644' + notify: + - reload systemd + - restart varnish + +# TO DO: add varnish to unattended upgrades diff --git a/roles/debian/varnish_config/templates/varnish.service.j2 b/roles/debian/varnish_config/templates/varnish.service.j2 new file mode 100644 index 000000000..486a949f7 --- /dev/null +++ b/roles/debian/varnish_config/templates/varnish.service.j2 @@ -0,0 +1,29 @@ +[Unit] +Description=Varnish Cache, a high-performance HTTP accelerator +After=network-online.target + +[Service] +Type=forking +KillMode=process + +PIDFile= {{ varnish_config.varnish_pid }} + +# Maximum number of open files (for ulimit -n) +LimitNOFILE= {{ varnish_config.limit_nofile }} + +# Locked shared memory +LimitMEMLOCK= {{ varnish_config.limit_memlock }} + +# Enable this to avoid "fork failed" on reload. +TasksMax= {{ varnish_config.tasks_max }} + +# Maximum size of the corefile. +LimitCORE= {{ varnish_config.limit_core }} + +ExecStart=/usr/sbin/varnishd -a :80 -T 127.0.0.1:6082 -P /run/varnishd.pid -f /etc/varnish/default.vcl -S /etc/varnish/secret -s {{ varnish_config.varnish_storage }} +ExecReload=/usr/sbin/varnishreload + +Restart=on-failure + +[Install] +WantedBy=multi-user.target From c005fc9578f77484f567a914068b22f60b836422 Mon Sep 17 00:00:00 2001 From: Drazen Date: Wed, 26 Mar 2025 11:02:16 +0100 Subject: [PATCH 2/4] Reworking-varnish-role-PR-2.x --- roles/debian/varnish_config/defaults/main.yml | 12 ++++++------ .../varnish_config/templates/varnish.service.j2 | 13 +++++++------ 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/roles/debian/varnish_config/defaults/main.yml b/roles/debian/varnish_config/defaults/main.yml index f3947d088..f3118842a 100644 --- a/roles/debian/varnish_config/defaults/main.yml +++ b/roles/debian/varnish_config/defaults/main.yml @@ -1,6 +1,12 @@ --- # Defaults file for varnish_config, other variables exist from importing geerlingguy.varnish and can be overriden +varnish_pid: /run/varnishd.pid +limit_nofile: 131072 +limit_memlock: 82000 +limit_core: infinity +tasks_max: infinity +varnish_storage: "malloc,{{ ansible_facts.memtotal_mb // 10 }}M" varnish_config: # List of IPs that are allowed to ask for content purge. allowed_purge_IP: [] @@ -18,9 +24,3 @@ varnish_config: # Provide an alternative filename if you are providing a template. template_filename: default.vcl # Varnish systemd overrides to make varnish consistent even after upgrades - varnish_pid: /run/varnishd.pid - limit_nofile: 131072 - limit_memlock: 85983232 - limit_core: infinity - tasks_max: infinity - varnish_storage: "malloc,{{ ansible_facts.memtotal_mb // 10 }}M" diff --git a/roles/debian/varnish_config/templates/varnish.service.j2 b/roles/debian/varnish_config/templates/varnish.service.j2 index 486a949f7..4ad4d585c 100644 --- a/roles/debian/varnish_config/templates/varnish.service.j2 +++ b/roles/debian/varnish_config/templates/varnish.service.j2 @@ -6,21 +6,22 @@ After=network-online.target Type=forking KillMode=process -PIDFile= {{ varnish_config.varnish_pid }} +PIDFile= {{ varnish_pid }} # Maximum number of open files (for ulimit -n) -LimitNOFILE= {{ varnish_config.limit_nofile }} +LimitNOFILE= {{ limit_nofile }} # Locked shared memory -LimitMEMLOCK= {{ varnish_config.limit_memlock }} +LimitMEMLOCK= {{ limit_memlock }} # Enable this to avoid "fork failed" on reload. -TasksMax= {{ varnish_config.tasks_max }} +TasksMax= {{ tasks_max }} # Maximum size of the corefile. -LimitCORE= {{ varnish_config.limit_core }} +LimitCORE= {{ limit_core }} + +ExecStart=/usr/sbin/varnishd -a :80 -T 127.0.0.1:6082 -P /run/varnishd.pid -f /etc/varnish/default.vcl -S /etc/varnish/secret -s {{ varnish_storage }} -ExecStart=/usr/sbin/varnishd -a :80 -T 127.0.0.1:6082 -P /run/varnishd.pid -f /etc/varnish/default.vcl -S /etc/varnish/secret -s {{ varnish_config.varnish_storage }} ExecReload=/usr/sbin/varnishreload Restart=on-failure From 0c43bbd9fbeaebe2d069501581760068ceb43d5f Mon Sep 17 00:00:00 2001 From: Drazen Date: Thu, 27 Mar 2025 06:12:59 +0100 Subject: [PATCH 3/4] Updating-varnish-pid-var --- roles/debian/varnish_config/defaults/main.yml | 2 +- roles/debian/varnish_config/templates/varnish.service.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/debian/varnish_config/defaults/main.yml b/roles/debian/varnish_config/defaults/main.yml index f3118842a..fb1e92ea7 100644 --- a/roles/debian/varnish_config/defaults/main.yml +++ b/roles/debian/varnish_config/defaults/main.yml @@ -1,7 +1,7 @@ --- # Defaults file for varnish_config, other variables exist from importing geerlingguy.varnish and can be overriden -varnish_pid: /run/varnishd.pid +varnish_pidfile: /run/varnishd.pid limit_nofile: 131072 limit_memlock: 82000 limit_core: infinity diff --git a/roles/debian/varnish_config/templates/varnish.service.j2 b/roles/debian/varnish_config/templates/varnish.service.j2 index 4ad4d585c..7a25cd7af 100644 --- a/roles/debian/varnish_config/templates/varnish.service.j2 +++ b/roles/debian/varnish_config/templates/varnish.service.j2 @@ -6,7 +6,7 @@ After=network-online.target Type=forking KillMode=process -PIDFile= {{ varnish_pid }} +PIDFile= {{ varnish_pidfile }} # Maximum number of open files (for ulimit -n) LimitNOFILE= {{ limit_nofile }} From 896de91559a84b758393c761f833ab8088e20849 Mon Sep 17 00:00:00 2001 From: Drazen Date: Tue, 1 Apr 2025 11:59:46 +0200 Subject: [PATCH 4/4] Reworking-varnish-role-config-PR-2.x --- roles/debian/varnish_config/defaults/main.yml | 2 -- roles/debian/varnish_config/templates/varnish.service.j2 | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/debian/varnish_config/defaults/main.yml b/roles/debian/varnish_config/defaults/main.yml index fb1e92ea7..605771e86 100644 --- a/roles/debian/varnish_config/defaults/main.yml +++ b/roles/debian/varnish_config/defaults/main.yml @@ -1,8 +1,6 @@ --- # Defaults file for varnish_config, other variables exist from importing geerlingguy.varnish and can be overriden -varnish_pidfile: /run/varnishd.pid -limit_nofile: 131072 limit_memlock: 82000 limit_core: infinity tasks_max: infinity diff --git a/roles/debian/varnish_config/templates/varnish.service.j2 b/roles/debian/varnish_config/templates/varnish.service.j2 index 7a25cd7af..04712fdcd 100644 --- a/roles/debian/varnish_config/templates/varnish.service.j2 +++ b/roles/debian/varnish_config/templates/varnish.service.j2 @@ -9,7 +9,7 @@ KillMode=process PIDFile= {{ varnish_pidfile }} # Maximum number of open files (for ulimit -n) -LimitNOFILE= {{ limit_nofile }} +LimitNOFILE= {{ varnish_limit_nofile }} # Locked shared memory LimitMEMLOCK= {{ limit_memlock }}