| Summary: | Problems starting varnishncsa when using the testing package 'varnish-4.0.4-2.el7.x86_64' | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | George Notaras <gnot> |
| Component: | varnish | Assignee: | Ingvar Hagelund <ingvar> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | epel7 | CC: | ingvar |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-01-17 23:29:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
I just checked the spec file of the Varnish 5 SRPM from Fedora Rawhide and noticed the following:
# One varnish user is enough
sed -i 's,User=varnishlog,User=varnish,g;' redhat/varnishncsa.service
I assume that the plan is to run varnishncsa as user 'varnish', so my note above about the missing 'varnishlog' user is incorrect. Moreover, the suggested tmpfiles configuration above is incorrect as well and should be something like:
D /var/run/varnishncsa 0700 varnish varnish -
Also, in the same v5 spec file there are the following:
# Previous versions had varnishlog and varnishncsa running as root
chown varnish:varnish /var/log/varnish/varnishncsa.log || true
%files
...
%attr(0700,varnish,varnish) %dir %{_var}/log/varnish
I guess the v4.0.4 spec file will be updated accordingly. However, I'd like to suggest to also use a 'chown' command in the v4 spec file to change the ownership of the /var/log/varnish directory since this package will most likely upgrade existing installations.
Please consider all the above as quick notes/suggestions. I'll be happy to test the package again once the issues with varnishncsa are fixed.
George
Hello again, George. Thanks for the input. The errors comes from an updated checkout of the pkg-varnish tree, which I didn't test thoroughly enough. Ingvar George, can you test http://koji.fedoraproject.org/koji/taskinfo?taskID=16757090 , please? Ingvar uh, make that http://koji.fedoraproject.org/koji/taskinfo?taskID=16761399 Ingvar Hello Ingvar, I tested this build: http://koji.fedoraproject.org/koji/taskinfo?taskID=16761399 As far as I can tell, it works fine. I'll add karma as soon as the relevant page appears in the Fedora Updates System. BTW, I just realized I had overlooked the 'RuntimeDirectory=varnishncsa' configuration in varnishncsa.service, which creates the '/run/varnishncsa/' directory. Much better solution than the tmpfiles configuration I suggested above (learned something new!). George I pushed this to testing: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c45d07c1ea Ingvar Hi Ingvar, I'd also like to report another small issue I just noticed. The variables $VARNISH_USER and $VARNISH_GROUP, which are set in /etc/varnish.params, are not currently used in the ExecStart directive of varnish.service. So, subprocesses of varnishd are run by the 'nobody' user instead of the expected 'varnish' user. It's not an important problem though, since both users are unprivileged ones. I hadn't noticed it earlier, because I used to override ExecStart in varnish.service in which I manually added '-u $VARNISH_USER -g $VARNISH_GROUP'. Whenever you have the time please consider taking a look at this one as well. I'll add karma to the fedora updates page. As far as I'm concerned this bug about varnishncsa is now resolved. Thanks for your work! George Since I've successfully used 4.0.4-3 in my test system without any problems with varnishncsa, I'm going to close this issue as well. Thank you for looking into it. George |
Hi Ingvar, I tested varnish-4.0.4-2.el7.x86_64 from epel-testing, as suggested in #1401234, but I encountered some issues with varnishncsa. Please, consider taking a look at the following: 1. In varnishncsa.service there is the setting 'User=varnishlog', but the 'varnishlog' user is not created during the installation of the RPM package. 2. Again in varnishncsa.service in the ExecStart line, the PID file is set to '/run/varnishncsa/varnishncsa.pid', but the '/run/varnishncsa/' directory does not exist. A tmpfiles configuration with something like the following will possibly be needed: D /var/run/varnishncsa 0750 varnishlog varnish - 3. The varnishlog user will need write access to the /var/log/varnish directory. The above also affect varnishlog.service. Since I need a working varnishncsa, I think I'll wait for these fixes before trying the package from epel-testing on my main server. As a result, my feedback about the 'varnishlog -d' issue I described in #1401234 will be delayed for a while, because I can only test it on my main server. Thanks in advance for looking into the above. George