Freeze break request: Fixing varnish purge requests

Ricky Elrod codeblock at elrod.me
Wed Mar 4 22:03:21 UTC 2015 

+1 here as well.


-re

On 03/04/2015 04:54 PM, Stephen John Smoogen wrote:
> 
> It looks extremely easy to back out and looks correct. +1
> 
> On 4 March 2015 at 14:35, Patrick Uiterwijk <puiterwijk at redhat.com
> <mailto:puiterwijk at redhat.com>> wrote:
> 
>     Hi,
> 
>     This should fix tickets like
>     https://fedorahosted.org/fedora-infrastructure/ticket/4679 from
>     happening,
>     since wiki can (and will) send a PURGE request whenever someone
>     updates a page.
>     I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg
>     and their VPN IPs.
> 
>     Any +1s?
> 
> 
>     commit 621c373b1714f76b933b5b41253941586ea9136d
>     Author: Patrick Uiterwijk <puiterwijk at redhat.com
>     <mailto:puiterwijk at redhat.com>>
>     Date:   Wed Mar 4 21:31:18 2015 +0000
> 
>         Fix varnish PURGE requests
> 
>         These are used by the wiki to purge updated pages
> 
>         Signed-off-by: Patrick Uiterwijk <puiterwijk at redhat.com
>     <mailto:puiterwijk at redhat.com>>
> 
>     diff --git a/roles/varnish/files/proxy.vcl
>     b/roles/varnish/files/proxy.vcl
>     index 549d0a1..14e8846 100644
>     --- a/roles/varnish/files/proxy.vcl
>     +++ b/roles/varnish/files/proxy.vcl
>     @@ -124,33 +124,23 @@ backend mirrormanager2 {
>      }
> 
> 
>     -#acl purge {
>     -#    "192.168.1.3";
>     -#    "192.168.1.4";
>     -#    "192.168.1.5";
>     -#    "192.168.1.6";
>     -#    "192.168.1.13";
>     -#    "192.168.1.24";
>     -#    "192.168.1.23";
>     -#    "192.168.1.41";
>     -#    "10.5.126.31";
>     -#    "10.5.126.32";
>     -#    "10.5.126.33";
>     -#    "10.5.126.34";
>     -#    "10.5.126.37";
>     -#    "10.5.126.38";
>     -#}
>     +acl purge {
>     +    "10.5.126.60"; // wiki01.stg
>     +    "10.5.126.63"; // wiki01
>     +    "10.5.126.73"; // wiki02
>     +    "10.5.126.23"; // lockbox01
>     +    "192.168.1.129"; // wiki01.vpn
>     +    "192.168.1.130"; // wiki02.vpn
>     +    "192.168.1.58"; //lockbox01.vpn
>     +}
> 
>      sub vcl_recv {
>     -#    if (req.request == "PURGE") {
>     -#        if (!client.ip ~ purge) {
>     -#            error 405 "Not allowed.";
>     -#        }
>     -#        if (req.url ~ "^http://") {
>     -#            set req.url = regsub(req.url, "http://localhost:6081","");
>     -#        }
>     -#        purge_url(req.url);
>     -#    }
>     +    if (req.method == "PURGE") {
>     +        if (!client.ip ~ purge) {
>     +            return (synth(405, "Not allowed"));
>     +        }
>     +        return(purge);
>     +    }
> 
>          if (req.url ~ "^/wiki/") {
>              set req.backend_hint = wiki;
>     _______________________________________________
>     infrastructure mailing list
>     infrastructure at lists.fedoraproject.org
>     <mailto:infrastructure at lists.fedoraproject.org>
>     https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> 
> 
> 
> 
> -- 
> Stephen J Smoogen.
> 
> 
> 
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20150304/09382904/attachment.sig>

More information about the infrastructure mailing list