varnish: use a custom tmpdir for config validation

2021-09-16 18:28:52 +02:00 · 2021-09-16 18:28:52 +02:00 · fcda84be4f
parent 27a91e69f5
commit fcda84be4f
2 changed files with 16 additions and 2 deletions
--- a/varnish/defaults/main.yml
+++ b/varnish/defaults/main.yml
@ -1,5 +1,8 @@
 ---

+varnish_user: vcache
+varnish_group: varnish
+
 varnish_addresses:
  - 0.0.0.0:80

@ -13,7 +16,7 @@ varnish_thread_pools: "{{ ansible_processor_cores * ansible_processor_count }}"
 varnish_thread_pool_add_delay: 0
 varnish_thread_pool_min: 500
 varnish_thread_pool_max: 5000
-varnish_jail: "unix,user=vcache"
+varnish_jail: "unix,user={{ varnish_user }}"

 varnish_config_file: /etc/varnish/default.vcl
 varnish_secret_file: /etc/varnish/secret
--- a/varnish/tasks/main.yml
+++ b/varnish/tasks/main.yml
@ -85,6 +85,17 @@
    - varnish
    - logrotate

+- name: Special tmp directory for config validations
+  file:
+    path: /var/tmp-vcache
+    state: directory
+    mode: "0755"
+    owner: "{{ varnish_user }}"
+    group: "{{ varnish_group }}"
+  tags:
+    - varnish
+    - config
+
 - name: Create Varnish config dir
  file:
    path: /etc/varnish/conf.d
@ -117,7 +128,7 @@
    dest: "{{ varnish_config_file }}"
    mode: "0644"
    force: yes
-    validate: "varnishd -Cf %s > /dev/null"
+    validate: "sudo -u {{ varnish_user }} TMPDIR=/var/tmp-vcache varnishd -Cf %s > /dev/null"
  loop: "{{ query('first_found', templates) }}"
  vars:
    templates: