Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-varnish', '5.1.0'
Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
Overview
This Puppet module installs and configures Varnish. It also allows to manage Varnish VCL. Tested on Ubuntu, CentOS, RHEL and Oracle Linux.
The Module is based on https://github.com/maxchk/puppet-varnish Since than to release 3.0.0
- Added support for new OS
- Dropped support outdated OS
- Moved VCL Subclasses (acl, acl_member, backend, director, probe, selector)
- Added support for varnish 6
- Added support for varnish-plus / Varnish Enterprise
Detailed Reference to all classparameters can be found in (https://github.com/voxpupuli/puppet-varnish/blob/master/REFERENCE.md)
Important information
Version 2.0.0 drops support for old OS Versions (pre systemd) Also drops support for pre Varnish 4
Install Varnish
installs Varnish allocates for cache 1GB (malloc) starts it on port 80:
class {'varnish':
varnish_listen_port => 80,
varnish_storage_size => '1G',
}
Class varnish
Class varnish
Installs Varnish.
Provides access to all configuration parameters.
Controls Varnish service.
By default mounts shared memory log directory as tmpfs.
All parameters are low case replica of actual parameters passed to
the Varnish conf file, $class_parameter -> VARNISH_PARAMETER
, i.e.
$memlock -> MEMLOCK
$varnish_vcl_conf -> VARNISH_VCL_CONF
$varnish_listen_port -> VARNISH_LISTEN_PORT
Exceptions are:
shmlog_dir
- location for shmlog
shmlog_tempfs
- mounts shmlog directory as tmpfs, (default value: true)
version
- passes to puppet type 'package', attribute 'ensure', (default value: present)
At minimum you may want to change a value for default port:
varnish_listen_port => '80'
For more details on parameters, check class varnish.
Class varnish vcl
Class varnish::vcl
manages Varnish VCL configuration.
Varnish VCL applies following restictions: if you define an acl it must be used if you define a probe it must be used if you define a backend it must be used if you define a director it must be used
Gives access to Varnish acl, probe, backend, director, etc. definitions (see below)
varnish selector
Definition varnish::vcl::selector
allows to configure Varnish selector.
While acl
, probe
, backend
and director
are self-explanatory
WTF is selector
?
You cannot define 2 or more backends/directors and not to use them. This will result in VCL compilation failure.
Parameter selectors
gives access to req.backend inside vcl_recv
.
Code:
varnish::vcl::selector { 'cluster1': condition => 'req.url ~ "^/cluster1"' }
varnish::vcl::selector { 'cluster2': condition => 'true' } # will act as backend set by else statement
Will result in following VCL configuration to be generated:
if (req.url ~ "^/cluster1") {
set req.backend = cluster1;
}
if (true) {
set req.backend = cluster2;
}
For more examples see tests/vcl_backends_probes_directors.pp
Usaging class varnish::vcl
Configure probes, backends, directors and selectors
class { 'varnish::vcl': }
configure probes
varnish::probe { 'health_check1': url => '/health_check_url1' }
varnish::probe { 'health_check2':
window => '8',
timeout => '5s',
threshold => '3',
interval => '5s',
request => [ "GET /healthCheck2 HTTP/1.1", "Host: www.example1.com", "Connection: close" ]
}
configure backends
varnish::vcl::backend { 'srv1': host => '172.16.0.1', port => '80', probe => 'health_check1' }
varnish::vcl::backend { 'srv2': host => '172.16.0.2', port => '80', probe => 'health_check1' }
varnish::vcl::backend { 'srv3': host => '172.16.0.3', port => '80', probe => 'health_check2' }
varnish::vcl::backend { 'srv4': host => '172.16.0.4', port => '80', probe => 'health_check2' }
varnish::vcl::backend { 'srv5': host => '172.16.0.5', port => '80', probe => 'health_check2' }
varnish::vcl::backend { 'srv6': host => '172.16.0.6', port => '80', probe => 'health_check2' }
configure directors
varnish::vcl::director { 'cluster1': backends => [ 'srv1', 'srv2' ] }
varnish::vcl::director { 'cluster2': backends => [ 'srv3', 'srv4', 'srv5', 'srv6' ] }
configure selectors
varnish::vcl::selector { 'cluster1': condition => 'req.url ~ "^/cluster1"' }
varnish::vcl::selector { 'cluster2': condition => 'true' } # will act as backend set by else statement
If modification to Varnish VCL goes further than configuring probes
, backends
and directors
parameter template
can be used to point varnish::vcl
class at a different template.
NOTE: If you copy existing template and modify it you will still
be able to use probes
, backends
, directors
and selectors
.
Redefine functions in class varnish::vcl
With the module comes the basic Varnish vcl configuration file. If needed one can replace default
functions in the configuration file with own ones and/or define custom functions.
Override or custom functions specified in the array passed to varnish::vcl
class as parameter functions
.
The best way to do it is to use hiera. For example:
varnish::vcl::functions:
vcl_hash: |
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (hash);
pipe_if_local: |
if (client.ip ~ localnetwork) {
return (pipe);
}
There are two special cases for functions vcl_init
and vcl_recv
.
For Varnish version 4 in function vcl_init
include directive for directors is always present.
For function vcl_recv
beside the possibility to override standard function one can also add
peace of code to the begining or to the end of the function with special names vcl_recv_prepend
and vcl_recv_append
For instance:
varnish::vcl::functions:
pipe_if_local: |
if (client.ip ~ localnetwork) {
return (pipe);
}
vcl_recv_prepend: |
call pipe_if_local;
Tests
For more examples check module tests directory. NOTE: make sure you don't run tests on Production server.
Contributing
Please report bugs and feature request using GitHub issue tracker.
For pull requests, it is very much appreciated to check your Puppet manifest with puppet-lint to follow the recommended Puppet style guidelines from the Puppet Labs style guide.
Contributors
- Max Horlanchuk max.horlanchuk@gmail.com
- Fabio Rauber fabiorauber@gmail.com
- Samuel Leathers sam@appliedtrust.com
- Lienhart Woitok lienhart.woitok@netlogix.de
- Adrian Webb adrian.webb@coraltech.net
- Frode Egeland egeland@gmail.com
- Matt Ward matt.ward@envato.com
- Noel Sharpe noels@radnetwork.co.uk
- Rich Kang rich@saekang.co.uk
- browarrek browarrek@gmail.com
- Stanislav Voroniy stas@voroniy.com
- Hannes Schaller hannes.schaller@apa.at
- Lukas Plattner lukas.plattner@apa.at
Reference
Table of Contents
Classes
Public Classes
varnish
: Installs and configures Varnish.varnish::controller::agent
: Installs and manages Varnish Controller Agentvarnish::firewall
: Usespuppetlabs/firewall
module to open varnish listen portvarnish::hitch
: Installs Hitch the SSL Offloading Proxy of Varnish Enterprisevarnish::install
: Installs Varnishvarnish::ncsa
: Allows setup of varnishncsavarnish::repo
: This class installs aditional repos for varnishvarnish::shmlog
: Mounts shmlog as tempfsvarnish::vcl
: Manages the Varnish VCL configuration
Private Classes
varnish::service
: Manages the Varnish service
Defined types
Public Defined types
varnish::vcl::acl
: Defines an ACL Type of Varnish. Defined ACL's must be used in VCLvarnish::vcl::acl_member
varnish::vcl::backend
: Defines a Backend for VCLvarnish::vcl::director
: Defines a backend director in varnish vclvarnish::vcl::probe
: Defines a VCL Probe, that can be used for healthchecks for backendsvarnish::vcl::selector
: Adds a selector to handle multiple backends
Private Defined types
varnish::vcl::includefile
: Used by vcl.pp to create the config files with header sections
Data types
Varnish::Controller::Agent_name
: Type for supported Agent Name of Controller AgentVarnish::Vcl::Ressource
: Type for supported VCL VersionsVarnish::Vclversion
: Type for supported VCL Versions
Classes
varnish
Installs and configures Varnish.
Examples
Installs Varnish
# enables Varnish service
# uses default VCL '/etc/varnish/default.vcl'
include varnish
Installs Varnish with custom options
# sets Varnish to listen on port 80
# storage size is set to 2 GB
# vcl file is '/etc/varnish/my-vcl.vcl'
class { 'varnish':
varnish_listen_port => 80,
varnish_storage_size => '2G',
varnish_vcl_conf => '/etc/varnish/my-vcl.vcl',
}
Parameters
The following parameters are available in the varnish
class:
service_ensure
service_enable
reload_vcl
nfiles
memlock
storage_type
varnish_vcl_conf
varnish_user
varnish_jail_user
varnish_group
varnish_listen_address
varnish_listen_port
varnish_proxy_listen_address
varnish_proxy_listen_port
varnish_proxy_listen_socket
varnish_proxy_listen_socket_mode
varnish_admin_listen_address
varnish_admin_listen_port
varnish_min_threads
varnish_max_threads
varnish_thread_timeout
varnish_storage_size
varnish_secret_file
varnish_storage_file
mse_config
mse_config_file
varnish_ttl
varnish_enterprise
varnish_enterprise_vmods_extra
vcl_dir
shmlog_dir
shmlog_tempfs
version
add_repo
manage_firewall
varnish_conf_template
conf_file_path
additional_parameters
default_version
add_hitch
add_ncsa
service_ensure
Data type: Stdlib::Ensure::Service
Ensure for varnishservice
Default value: 'running'
service_enable
Data type: Boolean
If Service should be enabled
Default value: true
reload_vcl
Data type: Boolean
V4 paramter if Varnish will be reloaded - deprecated Will be removed when support for RHEL7 is dropped
Default value: true
nfiles
Data type: String
passed to varnish conf-file
Default value: '131072'
memlock
Data type: String
passed to varnish conf-file
Default value: '100M'
storage_type
Data type: String
which storage will be used for varnish - default malloc
Default value: 'malloc'
varnish_vcl_conf
Data type: Stdlib::Absolutepath
path to main vcl file
Default value: '/etc/varnish/default.vcl'
varnish_user
Data type: String
passed to varnish-conf
Default value: 'varnish'
varnish_jail_user
Data type: Optional[String]
passed to varnish-conf
Default value: undef
varnish_group
Data type: String
passed to varnish-conf
Default value: 'varnish'
varnish_listen_address
Data type: Optional[String[1]]
Address varnish will bind to - default ''
Default value: undef
varnish_listen_port
Data type: Stdlib::Port
port varnish wil bind to
Default value: 6081
varnish_proxy_listen_address
Data type: String
address varnish binds to in proxy mode
Default value: '127.0.0.1'
varnish_proxy_listen_port
Data type: Optional[Stdlib::Port]
port varnish binds to in proxy mode
Default value: undef
varnish_proxy_listen_socket
Data type: Optional[Stdlib::Absolutepath]
socket varnish binds to in proxy mode
Default value: undef
varnish_proxy_listen_socket_mode
Data type: Stdlib::Filemode
Filemode for socket varnish binds to in proxy mode
Default value: '666'
varnish_admin_listen_address
Data type: String
address varnish binds to in admin mode
Default value: 'localhost'
varnish_admin_listen_port
Data type: Stdlib::Port
port varnish binds to in admin mode
Default value: 6082
varnish_min_threads
Data type: String
minumum no of varnish worker threads
Default value: '5'
varnish_max_threads
Data type: String
maximum no of varnish worker threads
Default value: '500'
varnish_thread_timeout
Data type: String
Default value: '300'
varnish_storage_size
Data type: String
defines the size of storage (depending of storage_type)
Default value: '1G'
varnish_secret_file
Data type: Stdlib::Absolutepath
path to varnish secret file
Default value: '/etc/varnish/secret'
varnish_storage_file
Data type: Stdlib::Absolutepath
defines the filepath of storage (depending of storage_type)
Default value: '/var/lib/varnish-storage/varnish_storage.bin'
mse_config
Data type: Optional[String[1]]
MSE Config, see https://docs.varnish-software.com/varnish-cache-plus/features/mse/
Default value: undef
mse_config_file
Data type: Stdlib::Absolutepath
filepath where mse config file will be stored
Default value: '/etc/varnish/mse.conf'
varnish_ttl
Data type: String
default ttl for items
Default value: '120'
varnish_enterprise
Data type: Boolean
passed to varnish::install
Default value: false
varnish_enterprise_vmods_extra
Data type: Boolean
passed to varnish::install
Default value: false
vcl_dir
Data type: Optional[Stdlib::Absolutepath]
dir where varnish vcl will be stored
Default value: undef
shmlog_dir
Data type: Stdlib::Absolutepath
location for shmlog
Default value: '/var/lib/varnish'
shmlog_tempfs
Data type: Boolean
mounts shmlog directory as tmpfs
Default value: true
version
Data type: String[1]
passed to puppet type 'package', attribute 'ensure'
Default value: present
add_repo
Data type: Boolean
if set to false (defaults to true), the yum/apt repo is not added
Default value: false
manage_firewall
Data type: Boolean
passed to varnish::firewall
Default value: false
varnish_conf_template
Data type: String[1]
Template that will be used for varnish conf
Default value: 'varnish/varnish-conf.erb'
conf_file_path
Data type: Stdlib::Absolutepath
path where varnish conf will be stored
Default value: '/etc/varnish/varnish.params'
additional_parameters
Data type: Hash
additional parameters that will be passed to varnishd with -p
Default value: {}
default_version
Data type: Integer
Default major version of Varnish for that OS release
Default value: 6
add_hitch
Data type: Boolean
Add varnish::hitch class to install hitch
Default value: false
add_ncsa
Data type: Boolean
Add varnish::ncsa class to install varnishncsa Service
Default value: false
varnish::controller::agent
Installs and manages Varnish Controller Agent
Examples
include varnish::controller::agent
Parameters
The following parameters are available in the varnish::controller::agent
class:
base_url
nats_server
nats_server_port
nats_server_user
nats_server_password
agent_name
invalidation_host
package_name
package_ensure
service_ensure
base_url
Data type: Stdlib::HTTPUrl
see https://docs.varnish-software.com/varnish-controller/installation/agents/#base-url
nats_server
Data type: Stdlib::Host
Server for NATS Connection
nats_server_port
Data type: Stdlib::Port
Port for Nats Connection
Default value: 4222
nats_server_user
Data type: Optional[String]
User for Nats Connection
Default value: undef
nats_server_password
Data type: Optional[Variant[Sensitive[String],String]]
Password for Nats Connection
Default value: undef
agent_name
Data type: Varnish::Controller::Agent_name
see https://docs.varnish-software.com/varnish-controller/installation/agents/#setting-the-agent-name
Default value: $facts['networking']['hostname']
invalidation_host
Data type: String[1]
see https://docs.varnish-software.com/varnish-controller/installation/agents/#varnish-interaction
Default value: '127.0.0.1:80'
package_name
Data type: String[1]
Name of the Package used for installation
Default value: 'varnish-controller-agent'
package_ensure
Data type: String[1]
Ensure of the Package
Default value: 'present'
service_ensure
Data type: Stdlib::Ensure::Service
Ensure of Agent Service
Default value: 'running'
varnish::firewall
Uses puppetlabs/firewall
module to open varnish listen port
Parameters
The following parameters are available in the varnish::firewall
class:
manage_firewall
Data type: Boolean
Manage firewall
Default value: false
varnish_listen_port
Data type: Stdlib::Port
Port where varnish listens to
Default value: 6081
varnish::hitch
Installs Hitch the SSL Offloading Proxy of Varnish Enterprise
Examples
include varnish::hitch
Parameters
The following parameters are available in the varnish::hitch
class:
package_name
package_ensure
service_ensure
service_name
config_path
config_template
frontends
backend
pem_files
ssl_engine
tls_protos
ciphers
ciphersuites
workers
backlog
keepalive
chroot
user
group
log_level
syslog
syslog_facility
daemon
write_proxy
sni_nomatch_abort
tcp_fastopen
alpn_protos
additional_parameters
package_name
Data type: String[1]
Define used package name
Default value: 'varnish-plus-addon-ssl'
package_ensure
Data type: String[1]
Ensure package
Default value: 'present'
service_ensure
Data type: Stdlib::Ensure::Service
Ensure Service status
Default value: 'running'
service_name
Data type: String[1]
Service name for hitch (must match installed)
Default value: 'hitch'
config_path
Data type: Stdlib::Absolutepath
Path for hitch config
Default value: '/etc/hitch/hitch.conf'
config_template
Data type: String[1]
Used EPP Config template
Default value: 'varnish/hitch.conf.epp'
frontends
Data type: Array[Struct[{ host => String[1],port => Stdlib::Port }],1]
Define Frontends for hitch
Default value: [{ 'host'=> '*', 'port'=> 443, }]
backend
Data type: String[1]
Define Backend
Default value: '[127.0.0.1]:8443'
pem_files
Data type: Array[Stdlib::Absolutepath,1]
PEM Files that will be loaded
ssl_engine
Data type: Optional[String[1]]
Set the ssl-engine
Default value: undef
tls_protos
Data type: String[1]
allowed TLS Protos
Default value: 'TLSv1.2 TLSv1.3'
ciphers
Data type: String[1]
allowed ciphers
Default value: 'EECDH+AESGCM:EDH+AESGCM'
ciphersuites
Data type: String[1]
allowd cipersuites for TLS1.3+
Default value: 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
workers
Data type: Variant[Enum['auto'],Integer[1,1024]]
number of workers
Default value: 'auto'
backlog
Data type: Integer[1]
Listen backlog size
Default value: 200
keepalive
Data type: Integer[1]
Number of seconds a TCP socket is kept alive
Default value: 3600
chroot
Data type: Optional[Stdlib::Absolutepath]
Chroot directory
Default value: undef
user
Data type: String[1]
User to run as. If Hitch is started as root, it will insist on changing to a user with lower rights after binding to sockets.
Default value: 'hitch'
group
Data type: String[1]
If given, Hitch will change to this group after binding to listen sockets.
Default value: 'hitch'
log_level
Data type: Integer[0,2]
Log chattiness. 0=silence, 1=errors, 2=info/debug. This setting can also be changed at run-time by editing the configuration file followed by a reload (SIGHUP).
Default value: 1
syslog
Data type: Boolean
Send messages to syslog.
Default value: true
syslog_facility
Data type: Stdlib::Syslogfacility
Set the syslog facility.
Default value: 'daemon'
daemon
Data type: Boolean
Run as daemon
Default value: true
write_proxy
Data type: Enum['ip','v1','v2','proxy']
Which Proxy mode is used
Default value: 'v2'
sni_nomatch_abort
Data type: Boolean
Abort handshake when the client submits an unrecognized SNI server name.
Default value: false
tcp_fastopen
Data type: Boolean
Enable TCP Fast Open.
Default value: false
alpn_protos
Data type: String[1]
Comma separated list of protocols supported by the backend
Default value: 'h2,http/1.1'
additional_parameters
Data type: Hash[String[1],Variant[String[1],Integer[1]]]
Add parameters additional as needed
Default value: {}
varnish::install
Installs Varnish
Examples
Install Varnish
include 'varnish::install'
Make sure latest version is always installed
class { 'varnish::install':
version => latest,
}
Parameters
The following parameters are available in the varnish::install
class:
add_repo
manage_firewall
varnish_listen_port
package_name
varnish_enterprise
varnish_enterprise_vmods_extra
version
add_repo
Data type: Boolean
if repo should be added
Default value: true
manage_firewall
Data type: Boolean
if firewall should be managed
Default value: false
varnish_listen_port
Data type: Stdlib::Port
port that varnish should listen to
Default value: 6081
package_name
Data type: Optional[String]
manually define package name for installation
Default value: undef
varnish_enterprise
Data type: Boolean
If varnish enterprise packages should be installed
Default value: false
varnish_enterprise_vmods_extra
Data type: Boolean
if varnish enterprise extra vmods should also be installed
Default value: false
version
Data type: String
passed to puppet type 'package', attribute 'ensure'
Default value: 'present'
varnish::ncsa
Allows setup of varnishncsa
Parameters
The following parameters are available in the varnish::ncsa
class:
enable
Data type: Boolean
enable service
Default value: true
service_ensure
Data type: Stdlib::Ensure::Service
ensure serice
Default value: 'running'
varnishncsa_daemon_opts
Data type: String
Options handed to varnishncsa
Default value: '-a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa/varnishncsa.pid'
varnish::repo
This class installs aditional repos for varnish
Parameters
The following parameters are available in the varnish::repo
class:
version
Data type: Optional[String]
Version of varnish for repo
Default value: undef
enable
Data type: Boolean
If repo will be managed
Default value: false
varnish::shmlog
Mounts shmlog as tempfs
Examples
Disable config for mounting shmlog as tmpfs
class { 'varnish::shmlog':
tempfs => false,
}
Parameters
The following parameters are available in the varnish::shmlog
class:
shmlog_dir
Data type: Stdlib::Absolutepath
directory where Varnish logs
Default value: '/var/lib/varnish'
tempfs
Data type: Boolean
mount or not shmlog as tmpfs, boolean
Default value: true
size
Data type: String
size definition of shmlog tmpfs
Default value: '170M'
varnish::vcl
To change name/location of vcl file, use $varnish_vcl_conf in the main varnish class
NOTE: though you can pass config for backends, directors, acls, probes and selectors as parameters to this class, it is recommended to use existing definitions instead: varnish::backend varnish::director varnish::probe varnish::acl varnish::selector See README for details on how to use those
- Note VCL applies following restictions:
- if you define an acl it must be used
- if you define a probe it must be used
- if you define a backend it must be used
- if you define a director it must be used You cannot define 2 or more backends/directors and not to have selectors Not following above rules will result in VCL compilation failure
Parameters
The following parameters are available in the varnish::vcl
class:
functions
probes
backends
directors
selectors
acls
blockedips
blockedbots
enable_waf
pipe_uploads
wafexceptions
purgeips
includedir
manage_includes
cookiekeeps
defaultgrace
min_cache_time
static_cache_time
gziptypes
template
logrealip
honor_backend_ttl
cond_requests
x_forwarded_proto
https_redirect
drop_stat_cookies
cond_unset_cookies
unset_headers
unset_headers_debugips
vcl_version
functions
Data type: Hash
Hash of additional function definitions
Default value: {}
probes
Data type: Hash
Hash of probes, defined as varnish::vcl::probe
Default value: {}
backends
Data type: Hash
Hash of backends, defined as varnish::vcl::backend
Default value: { 'default' => { host => '127.0.0.1', port => 8080 } }
directors
Data type: Hash
Hash of directors, defined as varnish::vcl::director
Default value: {}
selectors
Data type: Hash
Hash of selectors, defined as varnish::vcl::selector
Default value: {}
acls
Data type: Hash
Hash of acls, defined as varnish::vcl::acl
Default value: {}
blockedips
Data type: Array
Array of IP's that will be blocked with default VCL
Default value: []
blockedbots
Data type: Array
Array of UserAgent Bots that will be blocked
Default value: []
enable_waf
Data type: Boolean
controls VCL WAF component, can be true or false
Default value: false
pipe_uploads
Data type: Boolean
If the request is a post/put upload (chunked or multipart), pipe the request to the backend.
Default value: false
wafexceptions
Data type: Array[String]
Exclude those rules
Default value: ['57' , '56' , '34']
purgeips
Data type: Array[Stdlib::IP::Address]
source ips which are allowed to send purge requests
Default value: []
includedir
Data type: Stdlib::Absolutepath
Dir for includefiles
Default value: '/etc/varnish/includes'
manage_includes
Data type: Boolean
If Includes (and Subtypes like directors, probes,.. ) should be created
Default value: true
cookiekeeps
Data type: Array[String]
Cookies that should be kept for backend
Default value: ['__ac', '_ZopeId', 'captchasessionid', 'statusmessages', '__cp', 'MoodleSession']
defaultgrace
Data type: Optional[String]
Default Grace time for Iptems
Default value: undef
min_cache_time
Data type: String
Default Cache time
Default value: '60s'
static_cache_time
Data type: String
Cache Time for static Elements like images,..
Default value: '5m'
gziptypes
Data type: Array[String]
Content Types that will be gziped
Default value: ['text/', 'application/xml', 'application/rss', 'application/xhtml', 'application/javascript', 'application/x-javascript']
template
Data type: Optional[String]
Overwrite Template for VCL
Default value: undef
logrealip
Data type: Boolean
Create std.log entry with Real IP of client
Default value: false
honor_backend_ttl
Data type: Boolean
if Backend TTL will be honored
Default value: false
cond_requests
Data type: Boolean
if condtional requests are allowed
Default value: false
x_forwarded_proto
Data type: Boolean
If Header x-forwared-proto should be added to hash
Default value: false
https_redirect
Data type: Boolean
deprecated
Default value: false
drop_stat_cookies
Data type: Boolean
depretaced
Default value: true
cond_unset_cookies
Data type: Optional[String]
If condtion to unset all coockies
Default value: undef
unset_headers
Data type: Array[String]
Unset the named http headers
Default value: ['Via','X-Powered-By','X-Varnish','Server','Age','X-Cache']
unset_headers_debugips
Data type: Array[Stdlib::IP::Address]
Do not unset the named headers for the following IP's
Default value: ['172.0.0.1']
vcl_version
Data type: Varnish::Vclversion
Which version von VCL should be used
Default value: '4'
Defined types
varnish::vcl::acl
Defines an ACL Type of Varnish. Defined ACL's must be used in VCL
Parameters
The following parameters are available in the varnish::vcl::acl
defined type:
acl_name
Data type: Varnish::VCL::Ressource
Name of ACL
Default value: $title
hosts
Data type: Array[Stdlib::IP::Address]
Array of defined Hosts
varnish::vcl::acl_member
The varnish::vcl::acl_member class.
Parameters
The following parameters are available in the varnish::vcl::acl_member
defined type:
varnish_fqdn
Data type: String[1]
Tag name of the varnish host that is collected
acl
Data type: Varnish::VCL::Ressource
Name of the ACL that should be created
host
Data type: Stdlib::IP::Address
Host ip that will be inserted
varnish::vcl::backend
Defines a Backend for VCL
Parameters
The following parameters are available in the varnish::vcl::backend
defined type:
host
port
backend_name
probe
connect_timeout
first_byte_timeout
between_bytes_timeout
max_connections
ssl
ssl_sni
ssl_verify_peer
ssl_verify_host
host_header
certificate
host
Data type: Stdlib::Host
Host that will be defined as backend
port
Data type: Stdlib::Port
Port of the backend host
backend_name
Data type: Varnish::VCL::Ressource
The actual backend name
Default value: $title
probe
Data type: Optional[String]
Name of probe that will be used for healthcheck
Default value: undef
connect_timeout
Data type: Optional[Variant[String[1],Integer]]
define varnish connect connect_timeout
Default value: undef
first_byte_timeout
Data type: Optional[Variant[String[1],Integer]]
define varnish first_byte_timeout
Default value: undef
between_bytes_timeout
Data type: Optional[Variant[String[1],Integer]]
define varnish between_bytes_timeout
Default value: undef
max_connections
Data type: Optional[Integer]
define varnish maximum number of connections to the backend
Default value: undef
ssl
Data type: Optional[Integer[0,1]]
varnish-plus: Set this true (1) to enable SSL/TLS for this backend.
Default value: undef
ssl_sni
Data type: Optional[Integer[0,1]]
varnish-plus: Set this to false (0) to disable the use of the Server Name Indication (SNI) extension for backend TLS connections
Default value: undef
ssl_verify_peer
Data type: Optional[Integer[0,1]]
varnish-plus: Set this to false (0) to disable verification of the peer’s certificate chain.
Default value: undef
ssl_verify_host
Data type: Optional[Integer[0,1]]
varnish-plus: Set this to true (1) to enable verification of the peer’s certificate identity
Default value: undef
host_header
Data type: Optional[String[1]]
varnish-plus: A host header to add to probes and regular backend requests if they have no such header
Default value: undef
certificate
Data type: Optional[String[1]]
varnish-plus: Specifies a client certificate to be used
Default value: undef
varnish::vcl::director
Defines a backend director in varnish vcl
Parameters
The following parameters are available in the varnish::vcl::director
defined type:
director_name
Data type: Varnish::VCL::Ressource
Name of the director
Default value: $title
type
Data type: String
Type of varnish backend director
Default value: 'round-robin'
backends
Data type: Array[String]
Array of backends for the director, backends need to be defined as varnish::vcl:backend
Default value: []
vcl_version
Data type: Varnish::Vclversion
Version of vcl Language
Default value: $varnish::vcl::vcl_version
varnish::vcl::probe
Defined probes must be used
Parameters
The following parameters are available in the varnish::vcl::probe
defined type:
probe_name
Data type: Varnish::VCL::Ressource
Name of the probe
Default value: $title
interval
Data type: String
Paramter as defined from varnish
Default value: '5s'
timeout
Data type: String
Paramter as defined from varnish
Default value: '5s'
threshold
Data type: String
Paramter as defined from varnish
Default value: '3'
window
Data type: String
Paramter as defined from varnish
Default value: '8'
expected_response
Data type: String
The expected HTTP status, defaults to '200'
Default value: '200'
includedir
Data type: String
Directory where includefiles will be created
Default value: $varnish::vcl::includedir
url
Data type: Optional[String]
Paramter as defined from varnish
Default value: undef
request
Data type: Optional[Variant[String,Array[String]]]
Paramter as defined from varnish
Default value: undef
varnish::vcl::selector
Depending on the condition, requests will be sent to the correct backend
Parameters
The following parameters are available in the varnish::vcl::selector
defined type:
condition
Data type: String
Condtion under that varnish will redirect to the defined backend Must be valid VCL if conditon
director
Data type: String
Director that will be used for the requests
Default value: $name
rewrite
Data type: Optional[String]
Rewrite Header X-Host to this value
Default value: undef
newurl
Data type: Optional[String]
rewrite URL to this URL
Default value: undef
movedto
Data type: Optional[String]
Instead of backend, sent redirect to this Baseurl
Default value: undef
order
Data type: Variant[String, Integer]
Order value for selector statements
Default value: '03'
includedir
Data type: Stdlib::Absolutepath
Directory for include files
Default value: $varnish::vcl::includedir
vcl_version
Data type: Varnish::Vclversion
Version of VCL Language
Default value: $varnish::vcl::vcl_version
Data types
Varnish::Controller::Agent_name
Type for supported Agent Name of Controller Agent
Alias of Pattern[/\A(?i:([-a-z0-9]+))\z/]
Varnish::Vcl::Ressource
Type for supported VCL Versions
Alias of Pattern[/^[A-Za-z0-9_]+$/]
Varnish::Vclversion
Type for supported VCL Versions
Alias of Pattern[/\A(?i:(4))\z/]
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v5.1.0 (2023-12-04)
Implemented enhancements:
- Add Support for Sockets in Varnish Proxy Listening #42 (voxel01)
- Added max_connections option to a backend #41 (wimsymons)
- add expected_response parameter for probes #33 (jhunt-steds)
- Fix varnish ncsa support #27 (voxel01)
Merged pull requests:
- Replace legacy stdlib::merge() with native puppet code #45 (bastelfreak)
- Remove legacy top-scope syntax #40 (smortex)
v5.0.0 (2023-11-08)
Breaking changes:
- 🐛 Fix firewall usage to match the new module, switch to puppetlabs/firewall 7 #36 (JGodin-C2C)
- Drop debian 9 support #26 (voxel01)
Implemented enhancements:
- Add Puppet 8 support #30 (bastelfreak)
- puppetlabs/stdlib: Allow 9.x #29 (bastelfreak)
- Add varnish-plus Backend parameters to use with ssl #28 (voxel01)
- Add acceptance tests #24 (voxel01)
Fixed bugs:
v4.0.0 (2023-05-13)
Breaking changes:
- Drop Puppet 6 support #20 (bastelfreak)
Implemented enhancements:
- Define ressource type to validate instead of validate_re #23 (voxel01)
- Add support for hitch #15 (voxel01)
- Add support of custom MSE config #14 (voxel01)
- add support for Varnish Controller Agent #13 (voxel01)
Fixed bugs:
- Fix VCL syntax #19 (zipkid)
- Fix datatype for vcl::backend timeouts #17 (voxel01)
- Fix Headline of README.md #16 (voxel01)
v3.0.0 (2023-03-05)
The Module is based on https://forge.puppet.com/modules/maxchk/varnish/readme. Compared to the last 1.0.0 in that namespace, we did:
- Add support for new OS
- Drop support for outdated OS
- Move VCL Subclasses (acl, acl_member, backend, director, probe, selector)
- Add support for varnish 6
- Addsupport for varnish-plus / Varnish Enterprise
Merged pull requests:
- Fix up puppet-strings and generate REFERENCE.md #12 (alexjfisher)
- Remove old Modulefile #11 (voxel01)
- Update README.md #10 (voxel01)
- puppet-lint: Validate puppet-strings & datatypes #9 (bastelfreak)
- .fixtures.yml: Migrate from forge releases to git #8 (bastelfreak)
- fix typo in documentation, enhance README.md #4 (voxel01)
- Update module author after migration to Vox Pupuli #2 (voxel01)
- Update metadata to Vox Pupuli #1 (voxel01)
1.0.0 (2016-07-27)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 3.2.0 < 10.0.0)
- puppetlabs/concat (>= 9.0.0 < 10.0.0)
- puppetlabs/apt (>= 1.1.0 < 10.0.0)
- puppetlabs/firewall (>= 7.0.0 < 8.0.0)
- puppet/systemd (>= 3.2.0 < 7.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.