Architectural heads-up/call for comments

Poul-Henning Kamp phk at phk.freebsd.dk
Thu Jan 7 10:39:40 CET 2010 

In message <op.u55n4olks5ttvb at id-c0805.oslo.osa>, "Cosimo Streppone" writes:
>On 06 january 2010 12:46:07, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:

>> 1.  Kill the magic default VCL.
>
>It's great that you're asking feedback, thanks.
>
>> You will no longer be able to just give Varnish a subset of the VCL
>> instruction, ie. just a vcl_recv{} function
>
>I understand and appreciate the motivation for this.
>However, I must say I find it really easy to just have
>a default behavior built-in.

It will still be, because we are not going to give up on the -b option.

Interestingly, after sending that email, I realized that I would be
the person who got hit hardest by this change, since I have 187 different
VCL programs in the regression test-suite :-/

That is a really bad reason to change, what I think is otherwise a
sound decision, but for reasons if sanity, I need to have some kind
of workaround.

One of the obvious ways to do it, is to offer the default VCL methods
as callable functions.

Ie something like:
		sub vcl_recv {
			if (req.url ~ "[.]exe") {
				error 503;
			}
			call default_recv;
		}

Apart from making the reference to the default code explicit, that is
very very close to what we have today.

>OTOH, it's true that you have to know what you're doing.
>I would suggest to have several presets files, sort of what
>mysql does with my-huge.cnf, etc...

I'm not sure I have seen sufficiently generic VCL programs
to make this make sense.  I fear VooDoo configurations that way.

>> Back in the ancient mists of time, spirits were brave, stakes were
>> high and we thought it would be possible for users to use VCL
>> "libraries" and have a VCL file that looked like:
>> 	include "typo3.vcl";
>> 	include "anti_dos.vcl";
>> 	include "anti_malware.vcl";
>> 	...
>> Obviously, that does not work, because of the ordering necessary
>> of the checks..
>
>Please, can you explain?

Well, they all want to do something "first" in vcl_recv{} and there
is no way to tell who is "more important" than the others.   

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list