CloudFront CDN configuration and Varnish refactor#4207
Conversation
aa2cb93 to
16115ac
Compare
dc1cab9 to
dd168e9
Compare
|
Could you link or copy the set up stepsin this pull request into the wiki to make sure they can be found? (If there not finalized, it's fine if this doesn't happen right away.) |
|
I've made the CloudFront rollout steps also available at CDN Setup. The Varnish rollout steps will be integrated into Chef-managed Configuration Changes once they have been tested and are finalized. |
There was a problem hiding this comment.
Could you wrap these lines that don't fit in the github line length?
|
A CircleCI integration-test run including the |
dd168e9 to
32fd3ea
Compare
There was a problem hiding this comment.
Please document the valid path patterns and add unit tests that verify that allowed patterns are correctly translated and that disallowed patterns are rejected with an error. The CloudFront document mentioned earlier in this file allows '*' and '?' anywhere in the path, but this appears to be more restrictive in what it can handle.
|
High level comment: I do like what you are doing to create a cache configuration hash which isn't tied specifically to Varnish and generating the Varnish config from that! |
There was a problem hiding this comment.
I think the link to the Amazon documentation is potentially misleading. It includes example paths which I believe aren't supported here (e.g. /images/*.jpg and /a??.jpg)
|
@philbogle ready for the next review pass. I've refactored the various helper methods to reject invalid path patterns and added several unit tests to shared/test/test_varnish_helpers.rb, among a few other minor tweaks. |
|
Thanks, will take a look. On Thu, Oct 1, 2015 at 5:50 PM, Will Jordan notifications@github.com
|
|
Looking now. |
|
FYI, I've added a |
There was a problem hiding this comment.
How about calling this hoc_cookies or whitelisted_cookies?
all_cookies is confusing when I read it below because it doesn't mean all cookies, it mean's certain whilisted cookies.
There was a problem hiding this comment.
I think RETURN_LANG is incorrect in the case when x is longer than LANG_MAXLEN, because strncpy won't add a terminating null in that case, resulting in a non-null-terminated string.
(I realize this a pre-existing issue but we might want to consider whether it needs to be fixed because it might lead to a varnish crash.)
From http://man7.org/linux/man-pages/man3/strcpy.3.html: "If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated."
There was a problem hiding this comment.
If this code is safe as long as x is not longer than LANG_MAXLEN (8), then it should be safe as long as none of the keys in our list of whitelisted languages exceeds this length (max is currently 5), does that sound right?
There was a problem hiding this comment.
We can't be certain that list won't change or that someone won't use this function in some new way.
It's easy to be safe in all cases by unconditionally adding the null termination ourselves after the strncpy, which is standard practice:
strncpy(lang, x, LANG_MAXLEN);
lang[LANG_MAXLEN - 1] = '\0' \
|
Done with main code review pass, thank you for the added tests! |
|
LGTM after comments and merge conflicts are addressed. |
There was a problem hiding this comment.
I believe this is another potential overflow.
strncat, unlike strncpy, always appends a terminate null character. So the maximum number of characters copies is LANG_MAXLEN +4
|
@philbogle thanks, I'll follow up on the remaining comments and then let you know. Regarding the comments on I think an upstream security-audit of this code would be valuable if we ever find the time for it, but I think it's also a quite separate task from the present work. The code was not substantially modified by this PR (I've merely extracted it into a separate file in order to ensure it will continue to be untouched), and it remains unchanged from the upstream codebase, so I think it's out of scope of this particular code review. |
|
Clearing myself as assignee, please re-add me if you'd like me to take another look at this PR. |
Add HTTP cache configuration shared by Varnish and CloudFront. Varnish refactoring: - Upgrade varnish, libvmod-cookie and libvmod-header to 4.0.3 packages. - Refactor VCL to normalize/remove unused config and upgrade to Varnish 4 syntax. - Use test-kitchen for chef integration testing cdo-varnish cookbook. - Add Chef integration tests for cdo-varnish using WireMock. - Run Chef integration tests on CircleCI. - Bump `cdo-varnish` cookbook version for controlled deployment. Adjust `Rack::SslEnforcer` configuration. - Only Rack::SslEnforcer to redirect to HTTPS in development environment (otherwise, the HTTP-cache layer will handle it). - HSTS header is still added to all HTTPS responses in all environments. Cookie whitelist rack middleware.
d53e344 to
4160802
Compare
|
Fully rebased, will merge once all tests pass. |
|
circleci failures are unrelated to this PR. |
CloudFront CDN configuration and Varnish refactor
cdo-varnishcookbook, to ensure that no regressions have been introduced during the refactoring.Rack::SslEnforcermiddleware will be added to all environments including production, to ensure that the HTTPStrict-Transport-Securityresponse header is set from the application layer rather than from the HTTP-cache layer (this was previously being served by Varnish in non-development environments). HTTPS redirection is still handled by the HTTP-cache layer (CloudFront or Varnish) in non-development environments.Aside from the middleware change, none of these changes affect the web-application code directly. The CloudFront CDN and Varnish cookbook are two separate pieces that are deployed independently of our webapp-deployment process. Steps for each rollout are documented below:
CloudFront (wiki)
Setup steps for CloudFront CDN rollout across environments:
(In the below instructions, replace
ENVwith the environment name, e.g.ENV-studio.code.orgisstaging-studio.code.orgin staging, with the exceptions of code.org and studio.code.org in production.[num]/[abc]/[xyz]are placeholders for arbitrary ID strings.)update_cloudfrontscript withRAILS_ENVand AWS credentials provided in the environment. This will create/update the environment-specific CloudFront distribution based on the latest HTTP cache configuration in the codebase.A ALIASentries for the dashboard/pegasus ELB endpoints, that will serve as the origin domains for the CloudFront distributions:ENV-dashboard.code.organdENV-pegasus.code.orgdirectly.Aentries from the existing ELB endpoints to the corresponding CloudFront ones:Note: When testing, it might be a good idea to set the TTL to a relatively low number of seconds, so that a rollback will be applied without too much delay if necessary.
Aentries back to point directly to the ELB:Varnish (wiki)
For the Varnish update rollout I plan to test out a new versioned-cookbook deployment process:
cookbook_versionsproperty fromknife environment edit [ENV];policy->environmentssection of the Chef management console;knife cookbook upload [cookbook] -E [ENV]with the existing cookbook present.metadata.rb, and make all cookbook changes.