8 files changed, 173 insertions, 56 deletions

diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index fbd42d1..562af85 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -3,4 +3,4 @@
   tags:
   - git-all
   - git-gondul
-  git: repo=https://github.com/tech-server/gondul.git dest=/opt/gondul update=no accept_hostkey=yes
+  git: repo={{ git_repo }} dest=/opt/gondul update=no accept_hostkey=yes version={{ git_branch }}
diff --git a/ansible/roles/influx/tasks/main.yml b/ansible/roles/influx/tasks/main.yml
index 196924f..236c2a9 100644
--- a/ansible/roles/influx/tasks/main.yml
+++ b/ansible/roles/influx/tasks/main.yml
@@ -1,3 +1,10 @@
+- name: Install apt-packages
+  apt:
+      name: "{{ item }}"
+      state: present
+  with_items:
+    apt-transport-https
+
 - name: Import InfluxDB GPG signing key
   apt_key: url=https://repos.influxdata.com/influxdb.key state=present
 
@@ -10,5 +17,9 @@
 - name: Start the InfluxDB service
   service: name=influxdb state=started
 
+- name: Wait a few seconds for InfluxDB to start
+  pause:
+    seconds: 5
+
 - name: Create database
   command: /usr/bin/influx -execute 'CREATE DATABASE gondul'
diff --git a/ansible/roles/web/files/apache-virtualhost.conf b/ansible/roles/web/files/apache-virtualhost.conf
new file mode 100644
index 0000000..d9fadbe
--- /dev/null
+++ b/ansible/roles/web/files/apache-virtualhost.conf
@@ -0,0 +1,40 @@
+<VirtualHost *:8080>
+  ServerAdmin lol@example.com
+  ServerName gondul.gathering.org
+  ServerAlias gondul.gathering.org
+
+  DocumentRoot /opt/gondul/web
+  ScriptAlias /api/write/ /opt/gondul/web/api/write/
+  ScriptAlias /api/read/ /opt/gondul/web/api/read/
+  ScriptAlias /api/public/ /opt/gondul/web/api/public/
+  <Directory "/opt/gondul/web/api/write/">
+    AllowOverride None
+    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+  </Directory>
+  <Directory "/opt/gondul/web/api/read/">
+    AllowOverride None
+    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+  </Directory>
+  <Directory "/opt/gondul/web/api/public/">
+    AllowOverride None
+    Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch
+    Require all granted
+  </Directory>
+  <Directory "/opt/gondul/web">
+    AllowOverride None
+    Options Indexes FollowSymLinks MultiViews
+    AddDefaultCharset UTF-8
+    Require all granted
+  </Directory>
+
+
+  ErrorLog /var/log/apache2/error-nms.example.com.log
+
+  # Possible values include: debug, info, notice, warn, error, crit,
+  # alert, emerg.
+  LogLevel warn
+
+  CustomLog /var/log/apache2/access-nms.example.com.log combined
+  ServerSignature On
+
+</VirtualHost>
diff --git a/ansible/roles/web/files/gondul.conf b/ansible/roles/web/files/gondul.conf
deleted file mode 100644
index 3c6de86..0000000
--- a/ansible/roles/web/files/gondul.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-<VirtualHost *:80>
-        ServerAdmin lol@example.com
-        ServerName gondul.gathering.org
-        ServerAlias gondul.gathering.org
-
-        DocumentRoot /opt/gondul/web
-	ScriptAlias /api/write/ /opt/gondul/web/api/write/
-	ScriptAlias /api/read/ /opt/gondul/web/api/read/
-	ScriptAlias /api/public/ /opt/gondul/web/api/public/
-	<Directory "/opt/gondul/web/api/write/">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-	</Directory>
-	<Directory "/opt/gondul/web/api/read/">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-	</Directory>
-	<Directory "/opt/gondul/web/api/public/">
-		AllowOverride None
-		Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch
-		Require all granted
-	</Directory>
-        <Directory "/opt/gondul/web">
-                AllowOverride None
-                Options Indexes FollowSymLinks MultiViews
-                AddDefaultCharset UTF-8
-		Require all granted
-        </Directory>
-
-        ProxyPass "/query" "http://localhost:8086/query"
-        ProxyPassReverse "/query" "http://localhost:8086/query"
-        
-        ErrorLog /var/log/apache2/error-nms.example.com.log
-
-        # Possible values include: debug, info, notice, warn, error, crit,
-        # alert, emerg.
-        LogLevel warn
-
-        CustomLog /var/log/apache2/access-nms.example.com.log combined
-        ServerSignature On
-
-</VirtualHost>
diff --git a/ansible/roles/web/files/varnish.service b/ansible/roles/web/files/varnish.service
new file mode 100644
index 0000000..82b012f
--- /dev/null
+++ b/ansible/roles/web/files/varnish.service
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
diff --git a/ansible/roles/web/files/varnish.vcl b/ansible/roles/web/files/varnish.vcl
new file mode 100644
index 0000000..b082971
--- /dev/null
+++ b/ansible/roles/web/files/varnish.vcl
@@ -0,0 +1,76 @@
+# vim: ts=8:expandtab:sw=4:softtabstop=4
+
+vcl 4.0;
+
+backend default {
+    .host = "localhost";
+    .port = "8080";
+}
+
+backend influx {
+    .host = "localhost";
+    .port = "8086";
+}
+
+sub vcl_recv {
+    if (req.url ~ "^/where" || req.url ~ "^/location") {
+        set req.url = "/api/public/location";
+    }
+    if (req.method != "GET" &&
+        req.method != "HEAD" &&
+        req.method != "PUT" &&
+        req.method != "POST" &&
+        req.method != "TRACE" &&
+        req.method != "OPTIONS" &&
+        req.method != "DELETE") {
+        # Vi hater alt som er gøy.
+        return (synth(418,"LOLOLOL"));
+    }
+
+    if (req.url ~ "^/query") {
+        set req.backend_hint = influx;
+    }
+
+    if (req.method != "GET" && req.method != "HEAD") {
+        /* We only deal with GET and HEAD by default */
+        return (pass);
+    }
+
+    # Brukes ikke. Cookies er for nubs.
+    unset req.http.Cookie;
+
+    # Tvinges gjennom for å cache med authorization-skrot.
+    return (hash);
+}
+
+
+# Rosa magi
+sub vcl_hash {
+    # Wheee. Legg til authorization-headeren i hashen.
+    hash_data(req.http.authorization);
+}
+
+# Mauve magi. Hva nå enn det er.
+# Dette er WIP - Skal flyttes til backend
+sub vcl_backend_response {
+    set beresp.http.x-url = bereq.url;
+    if (beresp.http.x-ban) {
+        ban("obj.http.x-url ~ " + beresp.http.x-ban);
+    }
+    if (bereq.url ~ "/query") {
+        # Let's blindly cache influx requests for 5+10s
+        set beresp.http.Cache-Control = "max-age=5";
+        unset beresp.http.Pragma;
+        set beresp.uncacheable = false;
+        set beresp.grace = 10s;
+        set beresp.ttl = 5s;
+    }
+    if (beresp.status != 200) {
+        set beresp.uncacheable = false;
+        set beresp.ttl = 5s;
+    }
+    if (bereq.url ~ "\.(html|css|js)") {
+        # Mainly for ease of development
+        set beresp.ttl = 10s;
+    }
+}
diff --git a/ansible/roles/web/handlers/main.yml b/ansible/roles/web/handlers/main.yml
index 407739b..3f71f4c 100644
--- a/ansible/roles/web/handlers/main.yml
+++ b/ansible/roles/web/handlers/main.yml
@@ -1,3 +1,7 @@
 ---
 - name: restart apache
   service: name=apache2 state=restarted
+- name: restart varnish
+  service: name=varnish state=restarted
+- name: reload systemd
+  command: systemctl daemon-reload
diff --git a/ansible/roles/web/tasks/main.yml b/ansible/roles/web/tasks/main.yml
index 3eb4279..d05c6db 100644
--- a/ansible/roles/web/tasks/main.yml
+++ b/ansible/roles/web/tasks/main.yml
@@ -36,30 +36,55 @@
         - cpanminus
         - apt-transport-https
 
-- apache2_module:
+- name: Add packagecloud.io Varnish apt key.
+  apt_key:
+    url: https://packagecloud.io/varnishcache/varnish5/gpgkey
     state: present
-    name: cgid
-  notify: restart apache
-- apache2_module:
+
+- name: Add packagecloud.io Varnish apt repository.
+  apt_repository:
+    repo: "deb https://packagecloud.io/varnishcache/varnish5/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} main"
     state: present
-    name: proxy
+
+- name: Ensure Varnish is installed.
+  apt:
+    name: "varnish"
+    state: present
+
+- name: Ensure folder varnish.service.d exists
+  file: path=/etc/systemd/system/varnish.service.d/ state=directory mode=0755
+
+- name: Change varnish service.d
+  copy:
+      dest: /etc/systemd/system/varnish.service.d/customexec.conf
+      src: varnish.service
+  notify:
+    - reload systemd
+
+- name: Copy varnish config
+  copy:
+      dest: /etc/varnish/default.vcl
+      src: varnish.vcl
+  notify: restart varnish
+
+- name: Make apache listen on port 8080
+  lineinfile: dest=/etc/apache2/ports.conf regexp="^Listen 80" line="Listen 8080" state=present
   notify: restart apache
+
 - apache2_module:
     state: present
-    name: proxy_http
+    name: cgid
   notify: restart apache
+
 - name: Enable gondul-config
   copy:
-      dest: /etc/apache2/sites-enabled/
-      src: gondul.conf
+      dest: /etc/apache2/sites-enabled/gondul.conf
+      src: apache-virtualhost.conf
   notify: restart apache
+
 - command: a2dissite 000-default
   ignore_errors: true
   notify: restart apache
-- name: Enable gondul-config
-  copy:
-      dest: /etc/apache2/sites-enabled/
-      src: gondul.conf
-  notify: restart apache
+
 - cpanm:
     name: AnyEvent::InfluxDB