nixos/rspamd: Support multiple workers

When the workers option for rspamd was originally implemented it was
based on a flawed understanding of how workers are configured in rspamd.
This meant that while rspamd supports configuring multiple workers of
the same type, so that different controller workers could have different
passwords, the NixOS module did not support this because it would write
an invalid configuration file if you tried.

Specifically a configuration like the one below:

```
workers.controller = {};
workers.controller2 = {
  type = "controller";
};
```

Would result in a rspamd configuration of:

```
worker {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller2" {
  type = "controller";
  count = 1;
}
```

While to get multiple controller workers it should instead be:

```
worker "controller" {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller" {
  type = "controller";
  count = 1;
}
```
This commit is contained in:
Brian Olsen 2018-11-06 00:26:55 +01:00
parent 5c63ee6216
commit 3a4459a305
No known key found for this signature in database
GPG Key ID: 029DD8E8B95882E8
2 changed files with 19 additions and 1 deletions

View File

@ -139,7 +139,7 @@ let
}
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
worker ${optionalString (value.name != "normal" && value.name != "controller") "${value.name}"} {
worker "${value.type}" {
type = "${value.type}";
${optionalString (value.enable != null)
"enabled = ${if value.enable != false then "yes" else "no"};"}

View File

@ -28,6 +28,8 @@ let
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
sleep 10;
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd.service"));
$machine->log($machine->succeed("curl http://localhost:11334/auth"));
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
@ -56,6 +58,8 @@ in
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
'';
@ -78,6 +82,15 @@ in
owner = "root";
group = "root";
}];
workers.controller2 = {
type = "controller";
bindSockets = [ "0.0.0.0:11335" ];
extraConfig = ''
static_dir = "''${WWWDIR}";
secure_ip = null;
password = "verysecretpassword";
'';
};
};
};
@ -87,8 +100,13 @@ in
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
$machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/rspamd.conf"));
$machine->waitUntilSucceeds("journalctl -u rspamd | grep -i 'starting controller process' >&2");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
$machine->log($machine->succeed("curl http://localhost:11335/ping"));
'';
};
customLuaRules = makeTest {