diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b803de..444bb7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,13 @@ Summary of release changes for Version 2. -CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.0. +CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.1. + +### 2.2.0 - 2018-10-09 + +- Updates Varnish to [6.1.0](https://github.com/varnishcache/varnish-cache/blob/varnish-6.1.0/doc/changes.rst) +- Adds lockfile to ensure varnishd is started before running varnishncsa. +- Adds failure messages to healthcheck script. ### 2.1.0 - 2018-10-01 diff --git a/Dockerfile b/Dockerfile index 723c569..2487777 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # ============================================================================= # jdeathe/centos-ssh-varnish # -# CentOS-7, Varnish 6.0 +# CentOS-7, Varnish 6.1 # # ============================================================================= FROM jdeathe/centos-ssh:2.4.0 @@ -10,22 +10,22 @@ FROM jdeathe/centos-ssh:2.4.0 # Install Varnish Cache # ----------------------------------------------------------------------------- RUN { \ - echo '[varnishcache_varnish60]'; \ - echo 'name=varnishcache_varnish60'; \ - echo 'baseurl=https://packagecloud.io/varnishcache/varnish60/el/7/$basearch'; \ + echo '[varnishcache_varnish61]'; \ + echo 'name=varnishcache_varnish61'; \ + echo 'baseurl=https://packagecloud.io/varnishcache/varnish61/el/7/$basearch'; \ echo 'repo_gpgcheck=1'; \ echo 'gpgcheck=0'; \ echo 'enabled=1'; \ - echo 'gpgkey=https://packagecloud.io/varnishcache/varnish60/gpgkey'; \ + echo 'gpgkey=https://packagecloud.io/varnishcache/varnish61/gpgkey'; \ echo 'sslverify=1'; \ echo 'sslcacert=/etc/pki/tls/certs/ca-bundle.crt'; \ echo 'metadata_expire=300'; \ - } > /etc/yum.repos.d/varnishcache_varnish60.repo \ + } > /etc/yum.repos.d/varnishcache_varnish61.repo \ && yum -y install \ --setopt=tsflags=nodocs \ --disableplugin=fastestmirror \ gcc-4.8.5-28.el7_5.1 \ - varnish-6.0.1-1.el7 \ + varnish-6.1.0-1.el7 \ && yum versionlock add \ varnish \ gcc \ @@ -82,7 +82,7 @@ ENV SSH_AUTOSTART_SSHD=false \ # ----------------------------------------------------------------------------- # Set image metadata # ----------------------------------------------------------------------------- -ARG RELEASE_VERSION="2.1.0" +ARG RELEASE_VERSION="2.2.0" LABEL \ maintainer="James Deathe " \ install="docker run \ @@ -109,7 +109,7 @@ jdeathe/centos-ssh-varnish:${RELEASE_VERSION} \ org.deathe.license="MIT" \ org.deathe.vendor="jdeathe" \ org.deathe.url="https://github.com/jdeathe/centos-ssh-varnish" \ - org.deathe.description="CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.0." + org.deathe.description="CentOS-7 7.5.1804 x86_64 - Varnish Cache 6.1." HEALTHCHECK \ --interval=0.5s \ diff --git a/README.md b/README.md index 0a679da..962b0ab 100644 --- a/README.md +++ b/README.md @@ -3,20 +3,20 @@ centos-ssh-varnish Docker Image including: - CentOS-6 6.10 x86_64 and Varnish Cache 4.1. -- CentOS-7 7.5.1804 x86_64 and Varnish Cache 6.0. +- CentOS-7 7.5.1804 x86_64 and Varnish Cache 6.1. ## Overview & links -- `centos-7`, `centos-7-2.1.0`, `2.1.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) -- `centos-6`, `centos-6-1.5.0`, `1.5.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) +- `centos-7`, `centos-7-2.2.0`, `2.2.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-7/Dockerfile) +- `centos-6`, `centos-6-1.5.1`, `1.5.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-varnish/blob/centos-6/Dockerfile) #### centos-6 -The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.5.0`or `1.5.0` for the [1.5.0](https://github.com/jdeathe/centos-ssh-varnish/tree/1.5.0) release tag. +The latest CentOS-6 based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.5.1`or `1.5.1` for the [1.5.1](https://github.com/jdeathe/centos-ssh-varnish/tree/1.5.1) release tag. #### centos-7 -The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.1.0`or `2.1.0` for the [2.1.0](https://github.com/jdeathe/centos-ssh-varnish/tree/2.1.0) release tag. +The latest CentOS-7 based release can be pulled from the `centos-7` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.2.0`or `2.2.0` for the [2.2.0](https://github.com/jdeathe/centos-ssh-varnish/tree/2.2.0) release tag. Included in the build are the [SCL](https://www.softwarecollections.org/), [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include [OpenSSH](http://www.openssh.com/portable.html) secure shell, [vim-minimal](http://www.vim.org/), are installed along with python-setuptools, [supervisor](http://supervisord.org/) and [supervisor-stdout](https://github.com/coderanger/supervisor-stdout). @@ -43,7 +43,7 @@ $ docker run -d -t \ --name varnish.pool-1.1.1 \ -p 80:80 \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:2.1.0 + jdeathe/centos-ssh-varnish:2.2.0 ``` Now you can verify it is initialised and running successfully by inspecting the container's logs. @@ -76,7 +76,7 @@ $ docker run \ --ulimit nproc=65535 \ --env "VARNISH_STORAGE=malloc,256M" \ --add-host httpd_1:172.17.8.101 \ - jdeathe/centos-ssh-varnish:2.1.0 + jdeathe/centos-ssh-varnish:2.2.0 ``` Now you can verify it is initialised and running successfully by inspecting the container's logs: diff --git a/src/etc/systemd/system/centos-ssh-varnish@.service b/src/etc/systemd/system/centos-ssh-varnish@.service index f8d90ca..d4ccb7a 100644 --- a/src/etc/systemd/system/centos-ssh-varnish@.service +++ b/src/etc/systemd/system/centos-ssh-varnish@.service @@ -52,7 +52,7 @@ Environment="DOCKER_USER=jdeathe" Environment="DOCKER_CONTAINER_OPTS=" Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages" Environment="DOCKER_IMAGE_NAME=centos-ssh-varnish" -Environment="DOCKER_IMAGE_TAG=2.1.0" +Environment="DOCKER_IMAGE_TAG=2.2.0" Environment="DOCKER_PORT_MAP_TCP_80=8000" Environment="DOCKER_PORT_MAP_TCP_8443=8500" Environment="ULIMIT_MEMLOCK=82000" diff --git a/src/usr/bin/healthcheck b/src/usr/bin/healthcheck index 91e6a9e..b602886 100755 --- a/src/usr/bin/healthcheck +++ b/src/usr/bin/healthcheck @@ -11,6 +11,8 @@ if [[ ${VARNISH_AUTOSTART_VARNISHD_WRAPPER} == true ]] \ && ! ps axo command \ | grep -qE '^/usr/sbin/varnishd ' then + printf -- \ + "Process varnishd not running." exit 1 fi @@ -19,6 +21,8 @@ if [[ ${VARNISH_AUTOSTART_VARNISHD_WRAPPER} == true ]] \ && ! varnishadm vcl.show -v boot \ &> /dev/null then + printf -- \ + "Varnish not booted." exit 1 fi @@ -27,6 +31,8 @@ if [[ ${VARNISH_AUTOSTART_VARNISHNCSA_WRAPPER} == true ]] \ && ! ps axo command \ | grep -qE '^/usr/bin/varnishncsa ' then + printf -- \ + "Process varnishncsa not running." exit 1 fi diff --git a/src/usr/sbin/varnishd-wrapper b/src/usr/sbin/varnishd-wrapper index bdf7d5f..de157d5 100755 --- a/src/usr/sbin/varnishd-wrapper +++ b/src/usr/sbin/varnishd-wrapper @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# Create lock file +touch /var/lock/subsys/varnishd-wrapper + function set_varnish_vcl_conf () { local -r pattern_base64='^[A-Za-z0-9/+=]*$' @@ -34,7 +37,10 @@ function set_varnish_vcl_conf () set_varnish_vcl_conf "${VARNISH_VCL_CONF}" -readonly DAEMON_OPTS="-j unix,user=varnish,ccgroup=varnish +readonly VARNISH_GROUP="varnish" +readonly VARNISH_SECRET_PATH="/etc/varnish/secret" +readonly VARNISH_USER="varnish" +readonly DAEMON_OPTS="-j unix,user=${VARNISH_USER},ccgroup=${VARNISH_GROUP} -F -P /var/run/varnish.pid -a 0.0.0.0:80 @@ -45,16 +51,42 @@ readonly DAEMON_OPTS="-j unix,user=varnish,ccgroup=varnish -p thread_pool_min=${VARNISH_MIN_THREADS:-50} -p thread_pool_max=${VARNISH_MAX_THREADS:-1000} -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT:-120} - -S /etc/varnish/secret + -S ${VARNISH_SECRET_PATH} -s ${VARNISH_STORAGE:-file,/var/lib/varnish/varnish_storage.bin,1G} " -readonly NICE=/bin/nice -readonly NICENESS=${VARNISH_NICENESS:-10} -readonly VARNISHD=/usr/sbin/varnishd +readonly NICE="/bin/nice" +readonly NICENESS="${VARNISH_NICENESS:-10}" +readonly VARNISHD="/usr/sbin/varnishd" + +# Ensure the secret PSK file is present. +if [[ ! -s ${VARNISH_SECRET_PATH} ]] +then + printf -- \ + "Populating Varnish PSK secret file.\n" \ + sleep 0.1 + + dd \ + if=/dev/urandom \ + of="${VARNISH_SECRET_PATH}" \ + count=1 \ + &> /dev/null + + chown \ + ${VARNISH_USER}:${VARNISH_GROUP} \ + "${VARNISH_SECRET_PATH}" + + chmod \ + 640 \ + "${VARNISH_SECRET_PATH}" +fi printf -- \ "Starting Varnish Cache: \n %s\n" \ "${DAEMON_OPTS}" +sleep 0.1 + +# Release lock file +rm -f /var/lock/subsys/varnishd-wrapper exec ${NICE} \ -n ${NICENESS} \ diff --git a/src/usr/sbin/varnishncsa-wrapper b/src/usr/sbin/varnishncsa-wrapper index 98b36b8..85d1c13 100755 --- a/src/usr/sbin/varnishncsa-wrapper +++ b/src/usr/sbin/varnishncsa-wrapper @@ -10,6 +10,11 @@ readonly NICE=/bin/nice readonly NICENESS=${VARNISHNCSA_NICENESS:-10} readonly VARNISHNCSA=/usr/bin/varnishncsa +while true; do + sleep 0.1 + [[ -e /var/lock/subsys/varnishd-wrapper ]] || break +done + printf -- \ "Starting Varnish Apache/NCSA logging: \n %s -F %s\n\n" \ "${DAEMON_OPTS}" \ diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 21967fb..53b5072 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -889,23 +889,24 @@ function test_custom_configuration () 80/tcp )" - # Make a request to populate the access_log - curl -sI \ - -X GET \ - -H "Host: ${backend_hostname}" \ - http://127.0.0.1:${container_port_80}/ \ - &> /dev/null - # Ensure log file exists before checking it's contents counter=0 until docker exec \ varnish.pool-1.1.1 \ - bash -c "[[ -f /var/log/varnish/access_log ]]" + bash -c "[[ -s /var/log/varnish/access_log ]]" do if (( counter > 6 )) then break fi + + # Make a request to populate the access_log + curl -sI \ + -X GET \ + -H "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/ \ + &> /dev/null + sleep 0.5 (( counter += 1 )) done @@ -962,23 +963,24 @@ function test_custom_configuration () 80/tcp )" - # Make a request to populate the access_log - curl -sI \ - -X GET \ - -H "Host: ${backend_hostname}" \ - http://127.0.0.1:${container_port_80}/ \ - &> /dev/null - # Ensure log file exists before checking it's contents counter=0 until docker exec \ varnish.pool-1.1.1 \ - bash -c "[[ -f /var/log/varnish/access_log ]]" + bash -c "[[ -s /var/log/varnish/access_log ]]" do if (( counter > 6 )) then break fi + + # Make a request to populate the access_log + curl -sI \ + -X GET \ + -H "Host: ${backend_hostname}" \ + http://127.0.0.1:${container_port_80}/ \ + &> /dev/null + sleep 0.5 (( counter += 1 )) done @@ -1018,11 +1020,11 @@ function test_healthcheck () INT TERM EXIT describe "Healthcheck" - describe "Default configuration" - __terminate_container \ - varnish.pool-1.1.1 \ - &> /dev/null + __terminate_container \ + varnish.pool-1.1.1 \ + &> /dev/null + describe "Default configuration" docker run \ --detach \ --name varnish.pool-1.1.1 \ @@ -1091,17 +1093,13 @@ function test_healthcheck () "${health_status}" \ "\"unhealthy\"" end - - __terminate_container \ - varnish.pool-1.1.1 \ - &> /dev/null end - describe "Enable varnishncsa-wrapper" - __terminate_container \ - varnish.pool-1.1.1 \ - &> /dev/null + __terminate_container \ + varnish.pool-1.1.1 \ + &> /dev/null + describe "Enable varnishncsa-wrapper" docker run \ --detach \ --name varnish.pool-1.1.1 \ @@ -1140,17 +1138,13 @@ function test_healthcheck () "${health_status}" \ "\"healthy\"" end - - __terminate_container \ - varnish.pool-1.1.1 \ - &> /dev/null end - describe "Disable all" - __terminate_container \ - varnish.pool-1.1.1 \ - &> /dev/null + __terminate_container \ + varnish.pool-1.1.1 \ + &> /dev/null + describe "Disable all" docker run \ --detach \ --name varnish.pool-1.1.1 \