From cfed04388e39d89e39d49107da2c96954142b94f Mon Sep 17 00:00:00 2001 From: Gabriel Guillon Date: Mon, 6 Oct 2014 16:35:41 +0200 Subject: [PATCH 1/4] =?UTF-8?q?Gestion=20de=20mpm-event=20et=20php-fpm,=20?= =?UTF-8?q?avec=20les=20conf=20adequat=20par=20d=C3=A9faut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cookbooks/apache2/attributes/default.rb | 11 +++- .../definitions/apache2_disable_module.rb | 17 ++++++ cookbooks/apache2/recipes/default.rb | 2 +- .../templates/default/apache2.conf.erb | 23 ++++---- cookbooks/php5/recipes/apache2.rb | 52 +++++++++++++++---- cookbooks/php5/recipes/apc.rb | 2 +- 6 files changed, 83 insertions(+), 24 deletions(-) create mode 100644 cookbooks/apache2/definitions/apache2_disable_module.rb diff --git a/cookbooks/apache2/attributes/default.rb b/cookbooks/apache2/attributes/default.rb index 362d433..d33cd83 100644 --- a/cookbooks/apache2/attributes/default.rb +++ b/cookbooks/apache2/attributes/default.rb @@ -18,6 +18,15 @@ :max_clients => 150, :max_requests_per_child => 0, } +default[:apache2][:mpm_config][:event] = { + :start_servers => 2, + :max_clients => 150, + :min_spare_threads => 25, + :max_spare_threads => 75, + :thread_limit => 64, + :thread_per_child => 25, + :max_resquests_per_child => 0 +} default[:apache2][:tuning] = { :server_signature => 'Off', @@ -41,4 +50,4 @@ :enabled => true, } -default[:apache2][:modules] = ["dir", "mime", "authz_host", "alias"] \ No newline at end of file +default[:apache2][:modules] = ["dir", "mime", "authz_host", "alias"] diff --git a/cookbooks/apache2/definitions/apache2_disable_module.rb b/cookbooks/apache2/definitions/apache2_disable_module.rb new file mode 100644 index 0000000..721b0bc --- /dev/null +++ b/cookbooks/apache2/definitions/apache2_disable_module.rb @@ -0,0 +1,17 @@ + +define :apache2_disable_module, { + :install => false, +} do + + apache2_disable_module_params = params + + execute "disable apache2 module #{apache2_disable_module_params[:name]}" do + command "a2dismod #{apache2_disable_module_params[:name]}" + only_if "dpkg-query -W libapache2-mod-#{apache2_disable_module_params[:name]}" + notifies :restart, "service[apache2]" + end + + node.set[:apache2][:modules_disabled] = [] unless node.apache2[:modules_disabled] + node.set[:apache2][:modules_disabled] = node.set[:apache2][:modules_disabled] + [apache2_disable_module_params[:name]] + +end diff --git a/cookbooks/apache2/recipes/default.rb b/cookbooks/apache2/recipes/default.rb index 0a4cf03..5864b61 100644 --- a/cookbooks/apache2/recipes/default.rb +++ b/cookbooks/apache2/recipes/default.rb @@ -118,4 +118,4 @@ %x{apachectl configtest 2>&1 > /dev/null} $?.exitstatus != 0 end -end \ No newline at end of file +end diff --git a/cookbooks/apache2/templates/default/apache2.conf.erb b/cookbooks/apache2/templates/default/apache2.conf.erb index f46d83b..9f0841b 100644 --- a/cookbooks/apache2/templates/default/apache2.conf.erb +++ b/cookbooks/apache2/templates/default/apache2.conf.erb @@ -106,7 +106,7 @@ ListenBacklog <%= @tuning[:listen_backlog] %> # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves - + StartServers <%= @mpm[:prefork][:start] %> MinSpareServers <%= @mpm[:prefork][:min_spare] %> MaxSpareServers <%= @mpm[:prefork][:max_spare] %> @@ -125,7 +125,7 @@ ListenBacklog <%= @tuning[:listen_backlog] %> # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves - + StartServers <%= @mpm[:worker][:start_servers] %> MinSpareThreads <%= @mpm[:worker][:min_spare_threads] %> MaxSpareThreads <%= @mpm[:worker][:max_spare_threads] %> @@ -142,14 +142,15 @@ ListenBacklog <%= @tuning[:listen_backlog] %> # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers 2 - MaxClients 150 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxRequestsPerChild 0 + + StartServers <%= @mpm[:event][:start_servers] %> + ServerLimit <%= @mpm[:event][:server_limit] %> + MaxClients <%= @mpm[:event][:max_clients] %> + MinSpareThreads <%= @mpm[:event][:min_spare_threads] %> + MaxSpareThreads <%= @mpm[:event][:max_spare_threads] %> + ThreadLimit <%= @mpm[:event][:thread_limit] %> + ThreadsPerChild <%= @mpm[:event][:thread_per_child] %> + MaxRequestsPerChild <%= @mpm[:event][:max_resquests_per_child] %> # These need to be set in /etc/apache2/envvars @@ -249,4 +250,4 @@ LogFormat "%{User-agent}i" agent Include conf.d/ # Include the virtual host configurations: -Include sites-enabled/ \ No newline at end of file +Include sites-enabled/ diff --git a/cookbooks/php5/recipes/apache2.rb b/cookbooks/php5/recipes/apache2.rb index fb32648..9d069c2 100644 --- a/cookbooks/php5/recipes/apache2.rb +++ b/cookbooks/php5/recipes/apache2.rb @@ -3,22 +3,54 @@ include_recipe "php5" -package "libapache2-mod-php5" do - notifies :reload, "service[apache2]" +# Ne fait rien ca depend du fpm +service "php5-fpm" do + supports :status => true, :restart => true, :reload => true + action :nothing end -apache2_enable_module "php5" - -template "/etc/php5/apache2/php.ini" do - mode '0644' - cookbook "php5" - source "php5.ini.erb" - variables node.php5.php_ini - notifies :reload, "service[apache2]" +if node.apache2.mpm == "event" + package "libapache2-mod-php5" do + action :remove + end + package "libapache2-mod-fastcgi" do + action :install + notifies :restart, "service[apache2]" + # A l'installation, enable et start + notifies :enable, "service[php5-fpm]" + notifies :start, "service[php5-fpm]" + end + apache2_disable_module "php5" + apache2_enable_module "fastcgi" + # s'assure qu'il est démarré + service "php5-fpm" do + action [ :enable, :restart ] + end + else + package "libapache2-mod-php5" do + action :install + notifies :restart, "service[apache2]" + notifies :disable, "service[php5-fpm]" + end + service "php5-fpm" do + action :stop + end + apache2_disable_module "fastcgi" + apache2_enable_module "php5" + template "/etc/php5/apache2/php.ini" do + mode '0644' + cookbook "php5" + source "php5.ini.erb" + variables node.php5.php_ini + notifies :reload, "service[apache2]" +end end + + apache2_enable_module "setenvif" + apache2_configuration_file "https_php" do content "SetEnvIf X-Forwarded-Proto https HTTPS=on" end diff --git a/cookbooks/php5/recipes/apc.rb b/cookbooks/php5/recipes/apc.rb index 3959d8f..4339011 100644 --- a/cookbooks/php5/recipes/apc.rb +++ b/cookbooks/php5/recipes/apc.rb @@ -30,4 +30,4 @@ owner "www-data" mode '0755' source "apc_clear_cache.php.erb" -end \ No newline at end of file +end From e7cc5d95181f28ad07df2fcf12e537b3f6446e62 Mon Sep 17 00:00:00 2001 From: Gabriel Guillon Date: Mon, 6 Oct 2014 18:05:44 +0200 Subject: [PATCH 2/4] * code cleaning, comments in english --- cookbooks/php5/recipes/apache2.rb | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/cookbooks/php5/recipes/apache2.rb b/cookbooks/php5/recipes/apache2.rb index 9d069c2..28e96a2 100644 --- a/cookbooks/php5/recipes/apache2.rb +++ b/cookbooks/php5/recipes/apache2.rb @@ -3,39 +3,44 @@ include_recipe "php5" -# Ne fait rien ca depend du fpm +# By default, does not do anything, as it depends on the mpm service "php5-fpm" do supports :status => true, :restart => true, :reload => true action :nothing end if node.apache2.mpm == "event" + # Ensure it's uninstalled. In case of switch from prefork, it's cleaner package "libapache2-mod-php5" do action :remove end package "libapache2-mod-fastcgi" do action :install notifies :restart, "service[apache2]" - # A l'installation, enable et start + # At install, ensure it's enabled and started notifies :enable, "service[php5-fpm]" notifies :start, "service[php5-fpm]" end - apache2_disable_module "php5" + #apache2_disable_module "php5" apache2_enable_module "fastcgi" - # s'assure qu'il est démarré - service "php5-fpm" do - action [ :enable, :restart ] + # Ensure it's started +# service "php5-fpm" do +# action [ :enable, :restart ] +# end +else + # Apache shout at start if fastcgi was uninstalled be not disabled + apache2_disable_module "fastcgi" + package "libapache2-mod-fastcgi" do + action :remove end - else package "libapache2-mod-php5" do action :install notifies :restart, "service[apache2]" notifies :disable, "service[php5-fpm]" end - service "php5-fpm" do - action :stop - end - apache2_disable_module "fastcgi" +# service "php5-fpm" do +# action :stop +# end apache2_enable_module "php5" template "/etc/php5/apache2/php.ini" do mode '0644' @@ -46,11 +51,8 @@ end end - - apache2_enable_module "setenvif" - apache2_configuration_file "https_php" do content "SetEnvIf X-Forwarded-Proto https HTTPS=on" end From a32d3a1eca3ca2310b44f0e5c62f997dcd28df64 Mon Sep 17 00:00:00 2001 From: Gabriel Guillon Date: Mon, 6 Oct 2014 18:12:27 +0200 Subject: [PATCH 3/4] * only one service php5-fpm, no more apache2_disable_modules --- .../definitions/apache2_disable_module.rb | 17 ----------------- cookbooks/php5/recipes/apache2.rb | 10 ---------- 2 files changed, 27 deletions(-) delete mode 100644 cookbooks/apache2/definitions/apache2_disable_module.rb diff --git a/cookbooks/apache2/definitions/apache2_disable_module.rb b/cookbooks/apache2/definitions/apache2_disable_module.rb deleted file mode 100644 index 721b0bc..0000000 --- a/cookbooks/apache2/definitions/apache2_disable_module.rb +++ /dev/null @@ -1,17 +0,0 @@ - -define :apache2_disable_module, { - :install => false, -} do - - apache2_disable_module_params = params - - execute "disable apache2 module #{apache2_disable_module_params[:name]}" do - command "a2dismod #{apache2_disable_module_params[:name]}" - only_if "dpkg-query -W libapache2-mod-#{apache2_disable_module_params[:name]}" - notifies :restart, "service[apache2]" - end - - node.set[:apache2][:modules_disabled] = [] unless node.apache2[:modules_disabled] - node.set[:apache2][:modules_disabled] = node.set[:apache2][:modules_disabled] + [apache2_disable_module_params[:name]] - -end diff --git a/cookbooks/php5/recipes/apache2.rb b/cookbooks/php5/recipes/apache2.rb index 28e96a2..412b1b0 100644 --- a/cookbooks/php5/recipes/apache2.rb +++ b/cookbooks/php5/recipes/apache2.rb @@ -21,15 +21,8 @@ notifies :enable, "service[php5-fpm]" notifies :start, "service[php5-fpm]" end - #apache2_disable_module "php5" apache2_enable_module "fastcgi" - # Ensure it's started -# service "php5-fpm" do -# action [ :enable, :restart ] -# end else - # Apache shout at start if fastcgi was uninstalled be not disabled - apache2_disable_module "fastcgi" package "libapache2-mod-fastcgi" do action :remove end @@ -38,9 +31,6 @@ notifies :restart, "service[apache2]" notifies :disable, "service[php5-fpm]" end -# service "php5-fpm" do -# action :stop -# end apache2_enable_module "php5" template "/etc/php5/apache2/php.ini" do mode '0644' From d49e3c963ba47a58f29352b9598e897d30c20a56 Mon Sep 17 00:00:00 2001 From: Gab Date: Thu, 9 Oct 2014 17:58:58 +0200 Subject: [PATCH 4/4] Changing default vhost to handle mpm event, stopping/starting php-fpm when needeed --- .../templates/default/default_vhost.conf.erb | 24 ++++++++++++++++++- cookbooks/php5/recipes/apache2.rb | 14 ++++++----- 2 files changed, 31 insertions(+), 7 deletions(-) diff --git a/cookbooks/apache2/templates/default/default_vhost.conf.erb b/cookbooks/apache2/templates/default/default_vhost.conf.erb index 55738e9..741ed04 100644 --- a/cookbooks/apache2/templates/default/default_vhost.conf.erb +++ b/cookbooks/apache2/templates/default/default_vhost.conf.erb @@ -16,5 +16,27 @@ <% end %> +<% if node.apache2.mpm == 'event' %> + + # all .php files will be pushed to a php5-fcgi handler + AddHandler php5-fcgi .php + #action module will let us run a cgi script based on handler php5-fcgi + Action php5-fcgi /php5.external + # and we add an Alias to the fcgi location + Alias /php5.external /php5.external + # now we catch this cgi script which in fact does not exists on filesystem + # we catch it on the url (Location) + + # here we prevent direct access to this Location url, + # env=REDIRECT_STATUS will let us use this fcgi-bin url + # only after an internal redirect (by Action upper) + Order Deny,Allow + Deny from All + Allow from env=REDIRECT_STATUS + + FastCgiExternalServer /php5.external -host 127.0.0.1:9000 -appConnTimeout 30 -idle-timeout 60 + #FastCgiExternalServer /php5.external -socket /var/run/fpm.socket -appConnTimeout 30 -idle-timeout 60 + +<% end %> - \ No newline at end of file + diff --git a/cookbooks/php5/recipes/apache2.rb b/cookbooks/php5/recipes/apache2.rb index 412b1b0..b184903 100644 --- a/cookbooks/php5/recipes/apache2.rb +++ b/cookbooks/php5/recipes/apache2.rb @@ -3,11 +3,6 @@ include_recipe "php5" -# By default, does not do anything, as it depends on the mpm -service "php5-fpm" do - supports :status => true, :restart => true, :reload => true - action :nothing -end if node.apache2.mpm == "event" # Ensure it's uninstalled. In case of switch from prefork, it's cleaner @@ -22,6 +17,10 @@ notifies :start, "service[php5-fpm]" end apache2_enable_module "fastcgi" + apache2_enable_module "actions" + service "php5-fpm" do + action :start + end else package "libapache2-mod-fastcgi" do action :remove @@ -38,7 +37,10 @@ source "php5.ini.erb" variables node.php5.php_ini notifies :reload, "service[apache2]" -end + end + service "php5-fpm" do + action :stop + end end apache2_enable_module "setenvif"