Plone.recipe.varnish and purge

Hi! @fredvd

plone.recipe.varnish produce this code:

sub vcl_recv {

    set req.backend_hint = balancer_0.backend();

    if (req.method == "PURGE") {
        # Not from an allowed IP? Then die with an error.
        if (!client.ip ~ list_purge) {
            return (synth(405, "This IP is not allowed to send PURGE requests."));
        return (hash);

shouldn't be return(purge)? with hash, the content isn't purged until 1 minute when I save the page. With purge, is immediately purged and fresh content is served.

That's strange: the jinja template in plone.recipe.varnish lists return(purge); and that line hasn't been touched since 4 years:

I'll check tomorrow, really strange!

this is exactlythe file that is in the egg wheel:

if (req.method == "PURGE") {
    # Not from an allowed IP? Then die with an error.
    if (!client.ip ~ list_purge) {
        return (synth(405, "This IP is not allowed to send PURGE requests."));
    {% if minor_version > 1 %} 
    return (hash);
    {% else %}
    {% endif %}

inflating: plone.recipe.varnish-2.3.0-py3.9-nspkg.pth
inflating: plone/recipe/varnish/templates/varnish6.vcl.jinja2

in 28 Jan 2020 you removed this check. I think I've also hit this problem:

because got 0 as the minor_version (in the buildout there's varnish_version = 6).

I removed the cached wheel and rerun buildout but I still get that template with the minor_version. Here:
there's the py2 version and the tar.gz which have the same old template. Buildout downloaded the .tar.gz (bin/buildout -vvv):

Installing 'plone.recipe.varnish'.
We have no distributions for plone.recipe.varnish that satisfies 'plone.recipe.varnish'.
Getting distribution for 'plone.recipe.varnish'.
Fetching plone.recipe.varnish 2.3.0 from:
".../bin/python3.9" "-c" "import sys; sys.path[0:0] = []; from pip.__main__ import _main; _main()" "install" "--no-deps" "-t" ".../buildout-cache/eggs/tmp1sadhayc" "-v" ".../buildout-cache/downloads/dist/plone.recipe.varnish-2.3.0.tar.gz"

maybe a release is missing? Or is it better to git clone the recipe?

I've just released a 6.0.0b4 with updated default download location for varnish 6.0.9 LTS that was released at the end of november.

If nothing get's reported I'll re-release it as 6.0.9 final at the end of the week. Then at least that version will pop up as a final release and not the by now ancient 2.3.X release.

The reason the 6.0 stayed so long in beta is because a lot of cleanup was done: a lot of switches to support Varnish 4 to 5 to 6 in different templates with all these conditions were getting too complex to maintain. Around that time Varnish also came with the LTS version.

After that they switched to a half yearly release cycle. But so far none of those intermediate versions has been designated as a new LTS by the Varnish organisation. Maybe the 7.0 will be. Then we could take a look at updating the recipe and releasing plone.recipe.varnish 7.0.X

Varnish drops security support after max a year on every non LTS release, it was too much work for the current recipe maintainers to handle those for the short period that Varnish version is actually supported.

Using Varnish releases above 6.0.X with the generated varnish.vcl recipe is 'unsupported' . And with unsupported I mean that it might seem to work fine, until you really test it rigorously by inspecting varnish_log on test requests and then discover that some small things did break and your Varnish doesn't really cache or caches less than expected. Been there, done that :-/ If you do want to to use 6.0.X < varnish <= 7.0, copy the generated varnish to a custom version and tinker away.

If someone in the Plone Community does want to support an intermediate release, one could create a 6.5 branch of the recipe on GitHub and release it under that recipe version (i..e. recipe semver = supported varnish semver). But Varnish 6.5 is not suported anymore with the release of 7.0.X.

1 Like

Plone Foundation Code of Conduct