/etc/default/varnish is ignored (fixed values in systemd service)

Bug #1573561 reported by Claudio Kuenzler
48
This bug affects 9 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
Confirmed
Medium
Unassigned
varnish (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

This is on a new installation of Ubuntu 16.04 xenial with Varnish 4.1.1-1.

Any modification of /etc/default/varnish is being ignored by the daemon. Turns out that all the values are fixed in the systemd service of varnish (/lib/systemd/system/varnish.service):

--------------------------------------------
[Unit]
Description=Varnish HTTP accelerator
Documentation=https://www.varnish-cache.org/docs/4.1/ man:varnishd

[Service]
Type=simple
LimitNOFILE=131072
LimitMEMLOCK=82000
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
ExecReload=/usr/share/varnish/reload-vcl
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
PrivateDevices=true

[Install]
WantedBy=multi-user.target
--------------------------------------------

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: varnish 4.1.1-1
ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
Uname: Linux 4.4.0-21-generic x86_64
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
Date: Fri Apr 22 14:07:10 2016
InstallationDate: Installed on 2016-04-18 (4 days ago)
InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Beta amd64 (20160325)
ProcEnviron:
 LANGUAGE=en_US:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: varnish
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.default.varnish: 2016-04-22T14:01:03.786366

Revision history for this message
Claudio Kuenzler (napsty) wrote :
summary: - /etc/default/varnish is ignored (fixed in systemd service)
+ /etc/default/varnish is ignored (fixed values in systemd service)
Revision history for this message
Knut Ingvald Dietzel (kid) wrote :

Hi,

Use a systemd drop-in config snippet. This will override only the relevant lines.

Ref. https://github.com/varnish/Varnish-Cache/pull/92#

--
Best regards,
Knut

Revision history for this message
Claudio Kuenzler (napsty) wrote :

Thats a good hint, Knut. However on Ubuntu's side, the /etc/default/varnish file should disappear as it only creates confusion.

Revision history for this message
Knut Ingvald Dietzel (kid) wrote :

Yes, /etc/default/varnish is obsolete and should be discarded.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in varnish (Ubuntu):
status: New → Confirmed
Changed in varnish (Ubuntu):
importance: Undecided → Medium
Changed in hundredpapercuts:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Pete Travis (l-me-e) wrote :

I disagree with this approach. A given daemon will have command line options that are imperative for proper operation as a daemon, and it will have command line options for behavior of the service once daemonized. If you have to invoke the daemon with ie `--daemonize` then it makes sense to have that "hardcoded" in ExecStart. If the options affect runtime behavior but can be changed without breaking the way the service is instantiated, they should be declared in an environment file. The cited github issue is going in the wrong direction, this kind of thing is what EnvironmentFile is for. I am very skeptical that upstream systemd discourages the use of EnvironmentFile in this way...

Please take a look at https://src.fedoraproject.org/rpms/varnish/blob/master/f/varnish.service and https://src.fedoraproject.org/rpms/varnish/blob/master/f/varnish.params for some guidance on using EnvironmentFile for this use case. I really do not like the idea of overriding packaged configuration files to ie change the listening or allocate more memory ( read: routine administration of the software ).

Revision history for this message
Stig Sandbeck Mathisen (ssm) wrote :

I strongly recommend you to use a way to configure your service in a way as to keep the entire commandline in one place, instead of keeping it in several files.

Environmentfiles are good for giving a running service environment variables for it to use after startup. I do not recommend using it for creating commandlines when there are other options available. With sysvinit it was the least-worst option.

If you _do_ want to split the options into another file, and you use systemd, please consider adding a /etc/systemd/system/varnish.service.d/read-options-from-environment.conf with:

[Service]
# at least one of...
EnvironmentFile=-/etc/sysconfig/varnish
EnvironmentFile=-/etc/default/varnish
EnvironmentFile=-/etc/varnish/environment
# Reset and set commandline
ExecStart=
ExecStart=/usr/sbin/varnishd $OPTIONS

Also, look at man:systemd.service(5) for how systemd parses whitespace inside variables for constructing command line arguments. You may need to add several option variables if some arguments contain whitespace.

Also, I do not think you should blame systemd for this. As the package maintainer, _I_ discourage the use of EnviromentFile= for command line arguments. Systemd does not, and documents it rather well.

You are free to use both ways to configure your service, and you can add a service configuration fragment to do so if you like.

Revision history for this message
Pete Travis (l-me-e) wrote :

So, as noted, I disagree with Stig's assertions. I think it's better for the distribution to provide the service in a way that includes discoverable ways to adjust common commandline parameters. Varnish doesn't really give us a file like /etc/varnish.conf for things like listen port parameters so the sysconfig EnvironmentFile method gives us the next best thing. Your approach requires a deliberate override of the packaged service unit which could have potentially undesirable effects in the future. As a qualified and experienced RPM maintainer I do not understand your aversion to using EnvironmentFile for it's intended purpose, or your desire for a more troublesome user experience inherent to the alternative. We shouldn't need such dramatic and [subjectively] non-intuitive workarounds to effect routine configuration of your package.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.