VCL - the logic and logistics

33 %
67 %
Information about VCL - the logic and logistics

Published on October 14, 2016

Author: Varnish_software

Source: slideshare.net

1. VCL: logic and logistics Guillaume Quintard guillaume@varni.sh Paris Summit - 13/10/16

2. AGENDA What is VCL? Compilation Debugging Coding practices Tests

3. What’s VCL?

4. recv What’s VCL? lookup pass hit miss error fetch deliver

5. What’s VCL? Domain Specific Language Describe a state machine Imperative Not Turing-complete, sorry Very extensible Super fast example: sub vcl_recv { if (req.url ~ “^/admin/”) { return (pass); } }

6. Compilation

7. Compilation sub vcl_recv { if (req.url ~ “^/admin/”) { return (pass); } } transpiles to: int VGC_function_vcl_recv(VRT_CTX) { if (VRT_re_match(ctx, VRT_r_req_url(ctx), VGC_re_1)) { VRT_handling(ctx, VCL_RET_PASS); return (1); } }

8. Varnish child foo.vcl Varnish mgt bar.so

9. Varnish child VCCfoo.vcl Varnish mgt bar.sofoo.c

10. Varnish child VCC CCfoo.cfoo.vcl foo.so Varnish mgt bar.so

11. Varnish child VCC CCfoo.cfoo.vcl foo.so Varnish mgt bar.so

12. Hands on! Try it! varnishd -n /tmp -f /etc/default.vcl -C Check the compilation command: [sudo] varnishadm param.show cc_command Load, then use a vcl [sudo] varnishadm vcl.load foo foo.vcl [sudo] varnishadm vcl.use foo

13. The “no compiler” policy No JDK, LUA, JS nor Python, then? C created by VCC (Varnish Configuration Compiler) is very limited in scope. VCC can run any compiling command, so you can use a C compiler you trust. VCC is ran as a normal user, you can narrow the compiler execution right to that user. And Varnish drops privileges and jails himself to execute the compiled code.

14. Debugging

15. Debugging One of the most often asked questions: Why isn’t this object cached? Let’s check: ● Are the VCL subs returning the right thing? ● Is the builtin VCL being annoying? ● Are we hashing the right stuff? ● Aren’t we being bit by Hit-for-Pass?

16. Coding practices

17. Coding like a champ VCL is code, treat it as such: ● Coding guidelines guidelines: ○ Choose tabs OR spaces. ○ Indent properly. ○ Only one inclusion level. ○ All includes/import at the top of the file. ○ Isolate backends into their own file ● Use a syntax highlighter ● Check it compiles, at the very least ● Version it ● Test it

18. Not everything is a nail, use vmods Regex are super powerful and versatile and deadly. ● Try to avoid them. ● Notably, use vmod-querystring and vmod-cookie. go from: set req.http.Cookie = regsuball(req.http.Cookie, "(^|(?<=; )) *__utma=[^;]+;? *", "1"); to: Use vmod-var, it’s good for you! Use vmod-goto for dynamic backends, or vmod-stendhal to store backends/directors in a dictionary. Visit http://www.varnish-cache.org/vmods/ for more vmods!

19. Not everything is a nail, use vmods Regex are super powerful and versatile and deadly. ● Try to avoid them. ● Notably, use vmod-querystring and vmod-cookie. go from: set req.http.Cookie = regsuball(req.http.Cookie, "(^|(?<=; )) *__utma=[^;]+;? *", "1"); to: cookie.filter_except("__utma"); Use vmod-var, it’s good for you! Use vmod-goto for dynamic backends, or vmod-stendhal to store backends/directors in a dictionary. Visit http://www.varnish-cache.org/vmods/ for more vmods!

20. Use functions, er...subs! Reuse and isolate code for fun and profit: sub myfunction { unset req.http.host; set req.http.this-header = “is super useful” } sub vcl_recv { if (req.url ~ “^/test”) { call myfunction; } }

21. It’s dangerous to label people, VCL however... VCL labels are nice Provide an alias to a potentially changing vcl [sudo] varnishadm vcl.label production foo123 But also funnier stuff!

22. Testing

23. Contact info: Email: guillaume@varni.sh IRC: gquintar on irc.linpro.no

24. Images info: https://flic.kr/p/c7juws https://flic.kr/p/4HfejV https://flic.kr/p/dVbhyq https://flic.kr/p/gh6toq https://flic.kr/p/mQCP6P

Add a comment