Page MenuHomePhabricator
Create Task
Maniphest T285374

Enable UDS support on varnish
Closed, ResolvedPublic
Actions

Description

Enable incoming traffic on varnish using a Unix Domain Socket (UDS)

Details

SubjectRepoBranchLines +/-
varnish: Handle UDS traffic properlyoperations/puppetproduction+38 -1
varnish: Allow configuring UDS owner/group/permsoperations/puppetproduction+11 -2
varnish: Do not assume that UDS implies PROXY protocoloperations/puppetproduction+20 -3
varnish: Add listen on UDS supportoperations/puppetproduction+101 -0
vcl: Use VCL 4.1 instead of 4.0operations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Vgutierrez created this task.Jun 23 2021, 8:38 AM
gerritbot added a comment.Jun 23 2021, 8:42 AM

Change 701056 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] varnish: Add listen on UDS support

https://gerrit.wikimedia.org/r/701056

gerritbot added a project: Patch-For-Review.Jun 23 2021, 8:42 AM
Vgutierrez triaged this task as Medium priority.Jun 23 2021, 10:32 AM
Vgutierrez moved this task from Backlog to Caching on the Traffic board.

this seemed an innocent change but it effectively forces the update from VCL 4.0 to 4.1:
From varnish documentation:

When UDS listeners are in use, VCL >= 4.1 will be required for all VCL programs loaded by Varnish. If you attempt to load a VCL source with vcl 4.0;, the load will fail with a message that the version is not supported.
gerritbot added a comment.Jun 23 2021, 10:45 AM

Change 701073 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] vcl: Use VCL 4.1 instead of 4.0

https://gerrit.wikimedia.org/r/701073

Vgutierrez added a comment.Jun 23 2021, 12:56 PM

Initial testing in our labs environment shows that curl doesn't play well with PROXY protocol and unix domain sockets:

root@traffic-cache-atsupload-buster:~# curl --haproxy-protocol --unix-socket /run/varnish-frontend.socket -k -v -H "X-Forwarded-Proto: https" http://127.0.0.1:80/
* Expire in 0 ms for 6 (transfer 0x55a23e318fb0)
*   Trying /run/varnish-frontend.socket...
* Expire in 200 ms for 4 (transfer 0x55a23e318fb0)
* Connected to 127.0.0.1 (/run/varnish-frontend.socket) port 80 (#0)
> PROXY TCP4  /run/varnish-frontend.socket 0 0
* Send failure: Broken pipe
* Failed sending HTTP request
* Connection #0 to host 127.0.0.1 left intact
curl: (55) Send failure: Broken pipe

bug reported to upstream on https://github.com/curl/curl/issues/7290

gerritbot added a comment.Jun 29 2021, 9:34 AM

Change 701073 merged by Vgutierrez:

[operations/puppet@production] vcl: Use VCL 4.1 instead of 4.0

https://gerrit.wikimedia.org/r/701073

gerritbot added a comment.Jul 12 2021, 9:16 AM

Change 701056 merged by Vgutierrez:

[operations/puppet@production] varnish: Add listen on UDS support

https://gerrit.wikimedia.org/r/701056

Maintenance_bot removed a project: Patch-For-Review.Jul 12 2021, 10:11 AM
Vgutierrez closed this task as Resolved.Jul 12 2021, 11:24 AM
gerritbot added a comment.Aug 18 2021, 3:05 PM

Change 713482 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] varnish: Handle UDS traffic properly

https://gerrit.wikimedia.org/r/713482

gerritbot added a project: Patch-For-Review.Aug 18 2021, 3:05 PM
gerritbot added a comment.Aug 18 2021, 3:38 PM

Change 713226 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] varnish: Do not assume that UDS implies PROXY protocol

https://gerrit.wikimedia.org/r/713226

gerritbot added a comment.Aug 30 2021, 9:45 AM

Change 715460 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] varnish: Allow configuring UDS owner/group/perms

https://gerrit.wikimedia.org/r/715460

gerritbot added a comment.Aug 30 2021, 1:10 PM

Change 713226 merged by Vgutierrez:

[operations/puppet@production] varnish: Do not assume that UDS implies PROXY protocol

https://gerrit.wikimedia.org/r/713226

gerritbot added a comment.Aug 30 2021, 1:14 PM

Change 715460 merged by Vgutierrez:

[operations/puppet@production] varnish: Allow configuring UDS owner/group/perms

https://gerrit.wikimedia.org/r/715460

gerritbot added a comment.Aug 30 2021, 1:21 PM

Change 713482 merged by Vgutierrez:

[operations/puppet@production] varnish: Handle UDS traffic properly

https://gerrit.wikimedia.org/r/713482

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits