webproxy/varnish: final version of the fix to manage the varnish stat…

…e dir properly a) use the real varnish upstream state directory b) only reload if it's a pure VCL change, restart otherwise For channel upgrades (e.g. when this statedir change is rolled out) this happens in maintenance anyway. We'll provide better public docs about the restart conditions in the near future. PL-132901
flyingcircusio · Sep 12, 2024 · f87c0fc · f87c0fc
1 parent 188bcbe
commit f87c0fc
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 17 deletions.
diff --git a/nixos/roles/webproxy.nix b/nixos/roles/webproxy.nix
@@ -121,13 +121,6 @@ in
  systemd.tmpfiles.rules = [
  "d /etc/local/varnish 2775 varnish service"
  "f /var/log/varnish.log 644 varnish varnish"
- # Link the default dir expected by varnish tools to
- # the actual location of the state dir. This makes the commands
- # usable without specifying the -n option every time.
-
- ### XXX: where do we rely on this symlink? Can be problematic when changing the state dir.
- ### XXX: I think that platform code should explicitly set the work dir to force service restarts after changes.
- "L /run/varnishd - - - - ${cfg.stateDir}"
  ];
 
  users.groups.varnish.members = [

diff --git a/nixos/services/varnish/default.nix b/nixos/services/varnish/default.nix
@@ -103,7 +103,9 @@ in {
  services.varnish = {
  enable = true;
  enableConfigCheck = false;
- extraCommandLine = lib.concatStringsSep " " [ cfg.extraCommandLine "-I ${commandsfile}" ];
+
+ stateDir = "/run/varnishd";
+ extraCommandLine = lib.concatStringsSep " " [ cfg.extraCommandLine "-I /etc/varnish/startup" ];
  inherit (cfg) http_address;
  config = ''
  vcl 4.0;
@@ -120,19 +122,16 @@ in {
  '';
  };
 
+ environment.etc."varnish/startup".source = commandsfile;
+
  systemd.services.varnish = let
  vcfg = config.services.varnish;
  in {
- reloadIfChanged = true;
- restartTriggers = [ cfg.extraCommandLine vcfg.package cfg.http_address ];
+ stopIfChanged = false;
+ reloadTriggers = [ commandsfile ];
  reload = ''
- if [ -d "${vcfg.stateDir}" ]; then
- statedir="${vcfg.stateDir}"
- else
- statedir="/var/spool/varnish/${config.networking.hostName}" #temporary migration
- fi
- vadm="${vcfg.package}/bin/varnishadm -n $statedir"
- cat ${commandsfile} | $vadm
+ vadm="${vcfg.package}/bin/varnishadm -n ${vcfg.stateDir}"
+ cat /etc/varnish/startup | $vadm
 
  coldvcls=$($vadm vcl.list | grep " cold " | ${pkgs.gawk}/bin/awk {'print $5'})