Aller au contenu. | Aller à la navigation

Outils personnels

Navigation

Vous êtes ici : Accueil / Articles / Varnish user, be careful!

Varnish user, be careful!

Par Vincent Fretin publié 24/06/2009 18:29, Dernière modification 27/06/2009 17:28
Update: It seems I made wrong assumption, the problem was not grace options, but default_ttl option set to 120s. If you use the varnish configuration generated by plone.recipe.varnish < 1.0rc11, you are in trouble. Please read on!

Update 2009-06-27: I released a new 1.0rc11 version of plone.recipe.varnish to not look up in the cache for createObject urls. So you don't need to create your own varnish.vcl configuration to fix the problem. You only have to update to the new version of the recipe.

If you use varnish in front of a zope instance, be careful at your varnish configuration!

If you use the varnish configuration generated by plone.recipe.varnish < 1.0rc11, you can have the following terrible story.

User1 requests the following url to create a Document:

http://example.com/createObject?type_name=Document

The server will answer to user1:

302 Moved Temporarily
Location: http://example.com/portal_factory/Document/document.2009-06-24.8057003274

Then user1 fill in the Document add form.

At the same time, less than 2 minutes between the two requests, user2 create a Document in the same folder as user1, so he asks for the same url:

http://example.com/createObject?type_name=Document

And he gets the same answer:

302 Moved Temporarily
Location: http://example.com/portal_factory/Document/document.2009-06-24.8057003274

Yes! It's the same temporary id! Varnish answered directly the cached 302 response and did not forward the request to zope to generate a new temporary id.

User2 fill in the form and send it before user1. The funny thing is the Creator of the document is not user2 but user1, the user who created the document in portal_factory.

Then if user1 send the add form, the document is created normally, creator is user1. It seems it's not important which user click save first, both created documents will belongs to user1.

So what's the problem? The problem is that the createObject request have ttl (time to live) set to 120s because of the default_ttl option (see bin/varnishd/mgt_param.c in the source code of varnish)

To fix that, I did a copy of parts/varnish-instance/varnish.vcl to templates/varnish.vcl.in. Then I added the following rule in vcl_recv before remove req.http.Accept-Encoding;:

if (req.url ~ "createObject") {
        pass;
}

This rule tell varnish to forward the request immediately and to not look up in the cache.

Here is the content of my deployment.cfg file:

[varnish-config]
recipe = collective.recipe.template
input = ${buildout:directory}/templates/varnish.vcl.in
output = ${buildout:directory}/etc/varnish.vcl

[varnish-instance]
recipe = plone.recipe.varnish
daemon = ${buildout:directory}/parts/varnish-build/sbin/varnishd
bind = 127.0.0.1:8000
#backends = 127.0.0.1:${instance:http-address}
config = ${varnish-config:output}
cache-size = 1G
user = varnish