Merge pull request #141 from jdeathe/centos-7-develop

Release changes for 2.2.0

CHANGELOG.md

@@ -4,7 +4,13 @@
 
 Summary of release changes for Version 2.
 
-CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.0.
+CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.1.
+
+### 2.2.0 - 2018-10-09
+
+- Updates Varnish to [6.1.0](https://github.com/varnishcache/varnish-cache/blob/varnish-6.1.0/doc/changes.rst)
+- Adds lockfile to ensure varnishd is started before running varnishncsa.
+- Adds failure messages to healthcheck script.
 
 ### 2.1.0 - 2018-10-01
 

Dockerfile

@@ -1,7 +1,7 @@
 # =============================================================================
 # jdeathe/centos-ssh-varnish
 #
-# CentOS-7, Varnish 6.0
+# CentOS-7, Varnish 6.1
 #
 # =============================================================================
 FROM jdeathe/centos-ssh:2.4.0
@@ -10,22 +10,22 @@ FROM jdeathe/centos-ssh:2.4.0
 # Install Varnish Cache
 # -----------------------------------------------------------------------------
 RUN { \
-		echo '[varnishcache_varnish60]'; \
-		echo 'name=varnishcache_varnish60'; \
-		echo 'baseurl=https://packagecloud.io/varnishcache/varnish60/el/7/$basearch'; \
+		echo '[varnishcache_varnish61]'; \
+		echo 'name=varnishcache_varnish61'; \
+		echo 'baseurl=https://packagecloud.io/varnishcache/varnish61/el/7/$basearch'; \
 		echo 'repo_gpgcheck=1'; \
 		echo 'gpgcheck=0'; \
 		echo 'enabled=1'; \
-		echo 'gpgkey=https://packagecloud.io/varnishcache/varnish60/gpgkey'; \
+		echo 'gpgkey=https://packagecloud.io/varnishcache/varnish61/gpgkey'; \
 		echo 'sslverify=1'; \
 		echo 'sslcacert=/etc/pki/tls/certs/ca-bundle.crt'; \
 		echo 'metadata_expire=300'; \
-	} > /etc/yum.repos.d/varnishcache_varnish60.repo \
+	} > /etc/yum.repos.d/varnishcache_varnish61.repo \
 	&& yum -y install \
 		--setopt=tsflags=nodocs \
 		--disableplugin=fastestmirror \
 		gcc-4.8.5-28.el7_5.1 \
-		varnish-6.0.1-1.el7 \
+		varnish-6.1.0-1.el7 \
 	&& yum versionlock add \
 		varnish \
 		gcc \
@@ -82,7 +82,7 @@ ENV SSH_AUTOSTART_SSHD=false \
 # -----------------------------------------------------------------------------
 # Set image metadata
 # -----------------------------------------------------------------------------
-ARG RELEASE_VERSION="2.1.0"
+ARG RELEASE_VERSION="2.2.0"
 LABEL \
 	maintainer="James Deathe <[email protected]>" \
 	install="docker run \
@@ -109,7 +109,7 @@ jdeathe/centos-ssh-varnish:${RELEASE_VERSION} \
 	org.deathe.license="MIT" \
 	org.deathe.vendor="jdeathe" \
 	org.deathe.url="https://github.com/jdeathe/centos-ssh-varnish" \
-	org.deathe.description="CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.0."
+	org.deathe.description="CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.1."
 
 HEALTHCHECK \
 	--interval=0.5s \

README.md

@@ -3,20 +3,20 @@ centos-ssh-varnish
 
 Docker Image including:
 - CentOS-6 6.10 x86_64 and Varnish Cache 4.1.
-- CentOS-7 7.5.1804 x86_64 and Varnish Cache 6.0.
+- CentOS-7 7.5.1804 x86_64 and Varnish Cache 6.1.
 
 ## Overview & links
 
-- `centos-7`, `centos-7-2.1.0`, `2.1.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile)
-- `centos-6`, `centos-6-1.5.0`, `1.5.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile)
+- `centos-7`, `centos-7-2.2.0`, `2.2.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile)
+- `centos-6`, `centos-6-1.5.1`, `1.5.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile)
 
 #### centos-6
 
-The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.5.0`or `1.5.0` for the [1.5.0](https://github.com/jdeathe/centos-ssh-varnish/tree/1.5.0) release tag.
+The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.5.1`or `1.5.1` for the [1.5.1](https://github.com/jdeathe/centos-ssh-varnish/tree/1.5.1) release tag.
 
 #### centos-7
 
-The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.1.0`or `2.1.0` for the [2.1.0](https://github.com/jdeathe/centos-ssh-varnish/tree/2.1.0) release tag.
+The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.2.0`or `2.2.0` for the [2.2.0](https://github.com/jdeathe/centos-ssh-varnish/tree/2.2.0) release tag.
 
 Included in the build are the [SCL](https://www.softwarecollections.org/), [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include [OpenSSH](http://www.openssh.com/portable.html) secure shell, [vim-minimal](http://www.vim.org/), are installed along with python-setuptools, [supervisor](http://supervisord.org/) and [supervisor-stdout](https://github.com/coderanger/supervisor-stdout).
 
@@ -43,7 +43,7 @@ $ docker run -d -t \
   --name varnish.pool-1.1.1 \
   -p 80:80 \
   --add-host httpd_1:172.17.8.101 \
-  jdeathe/centos-ssh-varnish:2.1.0
+  jdeathe/centos-ssh-varnish:2.2.0
 ```
 
 Now you can verify it is initialised and running successfully by inspecting the container's logs.
@@ -76,7 +76,7 @@ $ docker run \
   --ulimit nproc=65535 \
   --env "VARNISH_STORAGE=malloc,256M" \
   --add-host httpd_1:172.17.8.101 \
-  jdeathe/centos-ssh-varnish:2.1.0
+  jdeathe/centos-ssh-varnish:2.2.0
 ```
 
 Now you can verify it is initialised and running successfully by inspecting the container's logs:

src/etc/systemd/system/centos-ssh-varnish@.service

@@ -52,7 +52,7 @@ Environment="DOCKER_USER=jdeathe"
 Environment="DOCKER_CONTAINER_OPTS="
 Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages"
 Environment="DOCKER_IMAGE_NAME=centos-ssh-varnish"
-Environment="DOCKER_IMAGE_TAG=2.1.0"
+Environment="DOCKER_IMAGE_TAG=2.2.0"
 Environment="DOCKER_PORT_MAP_TCP_80=8000"
 Environment="DOCKER_PORT_MAP_TCP_8443=8500"
 Environment="ULIMIT_MEMLOCK=82000"

src/usr/bin/healthcheck

@@ -11,6 +11,8 @@ if [[ ${VARNISH_AUTOSTART_VARNISHD_WRAPPER} == true ]] \
 	&& ! ps axo command \
 	| grep -qE '^/usr/sbin/varnishd '
 then
+	printf -- \
+		"Process varnishd not running."
 	exit 1
 fi
 
@@ -19,6 +21,8 @@ if [[ ${VARNISH_AUTOSTART_VARNISHD_WRAPPER} == true ]] \
 	&& ! varnishadm vcl.show -v boot \
 	&> /dev/null
 then
+	printf -- \
+		"Varnish not booted."
 	exit 1
 fi
 
@@ -27,6 +31,8 @@ if [[ ${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER} == true ]] \
 	&& ! ps axo command \
 	| grep -qE '^/usr/bin/varnishncsa '
 then
+	printf -- \
+		"Process varnishncsa not running."
 	exit 1
 fi
 

src/usr/sbin/varnishd-wrapper

@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+# Create lock file
+touch /var/lock/subsys/varnishd-wrapper
+
 function set_varnish_vcl_conf ()
 {
 	local -r pattern_base64='^[A-Za-z0-9/+=]*$'
@@ -34,7 +37,10 @@ function set_varnish_vcl_conf ()
 
 set_varnish_vcl_conf "${VARNISH_VCL_CONF}"
 
-readonly DAEMON_OPTS="-j unix,user=varnish,ccgroup=varnish
+readonly VARNISH_GROUP="varnish"
+readonly VARNISH_SECRET_PATH="/etc/varnish/secret"
+readonly VARNISH_USER="varnish"
+readonly DAEMON_OPTS="-j unix,user=${VARNISH_USER},ccgroup=${VARNISH_GROUP}
  -F
  -P /var/run/varnish.pid
  -a 0.0.0.0:80
@@ -45,16 +51,42 @@ readonly DAEMON_OPTS="-j unix,user=varnish,ccgroup=varnish
  -p thread_pool_min=${VARNISH_MIN_THREADS:-50}
  -p thread_pool_max=${VARNISH_MAX_THREADS:-1000}
  -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT:-120}
- -S /etc/varnish/secret
+ -S ${VARNISH_SECRET_PATH}
  -s ${VARNISH_STORAGE:-file,/var/lib/varnish/varnish_storage.bin,1G}
 "
-readonly NICE=/bin/nice
-readonly NICENESS=${VARNISH_NICENESS:-10}
-readonly VARNISHD=/usr/sbin/varnishd
+readonly NICE="/bin/nice"
+readonly NICENESS="${VARNISH_NICENESS:-10}"
+readonly VARNISHD="/usr/sbin/varnishd"
+
+# Ensure the secret PSK file is present.
+if [[ ! -s ${VARNISH_SECRET_PATH} ]]
+then
+	printf -- \
+		"Populating Varnish PSK secret file.\n" \
+	sleep 0.1
+
+	dd \
+		if=/dev/urandom \
+		of="${VARNISH_SECRET_PATH}" \
+		count=1 \
+	&> /dev/null
+
+	chown \
+		${VARNISH_USER}:${VARNISH_GROUP} \
+		"${VARNISH_SECRET_PATH}"
+
+	chmod \
+		640 \
+		"${VARNISH_SECRET_PATH}"
+fi
 
 printf -- \
 	"Starting Varnish Cache: \n %s\n" \
 	"${DAEMON_OPTS}"
+sleep 0.1
+
+# Release lock file
+rm -f /var/lock/subsys/varnishd-wrapper
 
 exec ${NICE} \
 	-n ${NICENESS} \

src/usr/sbin/varnishncsa-wrapper

@@ -10,6 +10,11 @@ readonly NICE=/bin/nice
 readonly NICENESS=${VARNISHNCSA_NICENESS:-10}
 readonly VARNISHNCSA=/usr/bin/varnishncsa
 
+while true; do
+	sleep 0.1
+	[[ -e /var/lock/subsys/varnishd-wrapper ]] || break
+done
+
 printf -- \
 	"Starting Varnish Apache/NCSA logging: \n %s -F %s\n\n" \
 	"${DAEMON_OPTS}" \

test/shpec/operation_shpec.sh

@@ -889,23 +889,24 @@ function test_custom_configuration ()
 					80/tcp
 			)"
 
-			# Make a request to populate the access_log
-			curl -sI \
-				-X GET \
-				-H "Host: ${backend_hostname}" \
-				http://127.0.0.1:${container_port_80}/ \
-			&> /dev/null
-
 			# Ensure log file exists before checking it's contents
 			counter=0
 			until docker exec \
 				varnish.pool-1.1.1 \
-				bash -c "[[ -f /var/log/varnish/access_log ]]"
+				bash -c "[[ -s /var/log/varnish/access_log ]]"
 			do
 				if (( counter > 6 ))
 				then
 					break
 				fi
+
+				# Make a request to populate the access_log
+				curl -sI \
+					-X GET \
+					-H "Host: ${backend_hostname}" \
+					http://127.0.0.1:${container_port_80}/ \
+				&> /dev/null
+
 				sleep 0.5
 				(( counter += 1 ))
 			done
@@ -962,23 +963,24 @@ function test_custom_configuration ()
 					80/tcp
 			)"
 
-			# Make a request to populate the access_log
-			curl -sI \
-				-X GET \
-				-H "Host: ${backend_hostname}" \
-				http://127.0.0.1:${container_port_80}/ \
-			&> /dev/null
-
 			# Ensure log file exists before checking it's contents
 			counter=0
 			until docker exec \
 				varnish.pool-1.1.1 \
-				bash -c "[[ -f /var/log/varnish/access_log ]]"
+				bash -c "[[ -s /var/log/varnish/access_log ]]"
 			do
 				if (( counter > 6 ))
 				then
 					break
 				fi
+
+				# Make a request to populate the access_log
+				curl -sI \
+					-X GET \
+					-H "Host: ${backend_hostname}" \
+					http://127.0.0.1:${container_port_80}/ \
+				&> /dev/null
+
 				sleep 0.5
 				(( counter += 1 ))
 			done
@@ -1018,11 +1020,11 @@ function test_healthcheck ()
 		INT TERM EXIT
 
 	describe "Healthcheck"
-		describe "Default configuration"
-			__terminate_container \
-				varnish.pool-1.1.1 \
-			&> /dev/null
+		__terminate_container \
+			varnish.pool-1.1.1 \
+		&> /dev/null
 
+		describe "Default configuration"
 			docker run \
 				--detach \
 				--name varnish.pool-1.1.1 \
@@ -1091,17 +1093,13 @@ function test_healthcheck ()
 					"${health_status}" \
 					"\"unhealthy\""
 			end
-
-			__terminate_container \
-				varnish.pool-1.1.1 \
-			&> /dev/null
 		end
 
-		describe "Enable varnishncsa-wrapper"
-			__terminate_container \
-				varnish.pool-1.1.1 \
-			&> /dev/null
+		__terminate_container \
+			varnish.pool-1.1.1 \
+		&> /dev/null
 
+		describe "Enable varnishncsa-wrapper"
 			docker run \
 				--detach \
 				--name varnish.pool-1.1.1 \
@@ -1140,17 +1138,13 @@ function test_healthcheck ()
 					"${health_status}" \
 					"\"healthy\""
 			end
-
-			__terminate_container \
-				varnish.pool-1.1.1 \
-			&> /dev/null
 		end
 
-		describe "Disable all"
-			__terminate_container \
-				varnish.pool-1.1.1 \
-			&> /dev/null
+		__terminate_container \
+			varnish.pool-1.1.1 \
+		&> /dev/null
 
+		describe "Disable all"
 			docker run \
 				--detach \
 				--name varnish.pool-1.1.1 \