Browse Source

Apache MPM events + php5 fpm

* Updated site config to change MPM from fork to event model
  and to start using php5-fpm (fast cgi) to get a better site
  performance and a better use or server resources.
* Updated mysql php driver to newer one (php5-mysqlnd).
* Added missing dependencies : php5-json (json functions) and
  php5-gmp( big number functions used by jose4php).
* Replaced puppet-httpd with puppetlabs-apache.
* added www.conf to tweak php5-fpm connection settings
* update vhost template to support proxy_fcgi.
* updated apache connections settings to improve performance on
  mpm events.
* updated dependency to puppetlabs/apache (1.8.1)
Change-Id: I66c6ad413a6b0c31a19cc663058a53edc3bec5cc
Sebastian Marcet 3 years ago
parent
commit
a1c7cc4ed7
5 changed files with 93 additions and 54 deletions
  1. 10
    16
      files/apache-connection-tuning
  2. 16
    0
      files/www.conf
  3. 60
    35
      manifests/init.pp
  4. 1
    1
      metadata.json
  5. 6
    2
      templates/vhost.erb

+ 10
- 16
files/apache-connection-tuning View File

@@ -1,17 +1,11 @@
1
-# prefork MPM
2
-# StartServers: initial number of server processes to start
3
-# MinSpareServers: minimum number of worker threads which are kept spare
4
-# MaxSpareServers: maximum number of worker threads which are kept spare
5
-# MaxClients: maximum number of simultaneous client connections (MaxClients should always be <= ServerLimit)
6
-# ServerLimit:is only used if you need to set MaxClients higher than 256 (default). Do not set the value of this
7
-# directive any higher than what you might want to set MaxClients to.
8
-# MaxRequestsPerChild: maximum number of requests a server process serves
9
-# if you are unable to determine this information the standard 1000 should be used.
10
-<IfModule mpm_prefork_module>
11
-   StartServers 3
12
-   MinSpareServers 96
13
-   MaxSpareServers 192
14
-   MaxClients 1024
15
-   ServerLimit 1024
16
-   MaxRequestsPerChild 1000
1
+# mpm_event_module
2
+<IfModule mpm_event_module>
3
+    ServerLimit         128
4
+    StartServers          3
5
+    MinSpareThreads      96
6
+    MaxSpareThreads     192
7
+    ThreadLimit          64
8
+    ThreadsPerChild      32
9
+    MaxClients         4096
10
+    MaxRequestsPerChild  5000
17 11
 </IfModule>

+ 16
- 0
files/www.conf View File

@@ -0,0 +1,16 @@
1
+[www]
2
+
3
+user = www-data
4
+group = www-data
5
+listen = 127.0.0.1:9000
6
+
7
+listen.owner = www-data
8
+listen.group = www-data
9
+
10
+pm = dynamic
11
+pm.max_children = 4096
12
+pm.start_servers = 128
13
+pm.min_spare_servers = 128
14
+pm.max_spare_servers = 256
15
+pm.max_requests = 5000
16
+chdir = /

+ 60
- 35
manifests/init.pp View File

@@ -61,6 +61,7 @@ class openstackid (
61 61
   $email_smtp_server_user = '',
62 62
   $email_smtp_server_password = '',
63 63
   $use_db_seeding = false,
64
+  $docroot = '/srv/openstackid/w/public',
64 65
 ) {
65 66
 
66 67
   # php packages needed for openid server
@@ -69,13 +70,45 @@ class openstackid (
69 70
       'php5-curl',
70 71
       'php5-cli',
71 72
       'php5-mcrypt',
72
-      'php5-mysql',
73
+      'php5-mysqlnd',
74
+      'php5-fpm',
75
+      'php5-json',
76
+      'php5-gmp',
73 77
     ]
74 78
 
75 79
   package { $php5_packages:
76 80
     ensure => present,
77 81
   }
78 82
 
83
+  # php5-fpm configuration
84
+
85
+  exec { 'enable_php5-mbcrypt':
86
+    command => '/usr/sbin/php5enmod mcrypt',
87
+    timeout => 0,
88
+    require => [
89
+      Package['php5-fpm'],
90
+    ],
91
+    notify  => Service['php5-fpm'],
92
+  }
93
+
94
+  file { '/etc/php5/fpm/pool.d/www.conf':
95
+    ensure  => present,
96
+    owner   => 'root',
97
+    group   => 'www-data',
98
+    mode    => '0640',
99
+    source  => 'puppet:///modules/openstackid/www.conf',
100
+    require => [
101
+      Package['php5-fpm'],
102
+    ],
103
+    notify  => Service['php5-fpm'],
104
+  }
105
+
106
+  service { 'php5-fpm':
107
+    ensure  => 'running',
108
+    enable  => true,
109
+    require => Package['php5-fpm'],
110
+  }
111
+
79 112
   # the deploy scripts use the curl CLI
80 113
   package { 'curl':
81 114
     ensure => present,
@@ -191,26 +224,24 @@ class openstackid (
191 224
     mode   => '0755',
192 225
   }
193 226
 
194
-  include ::httpd
195
-  include ::httpd::ssl
196
-  include ::httpd::php
197
-  ::httpd::vhost { $vhost_name:
198
-    port     => 443,
199
-    docroot  => '/srv/openstackid/w/public',
227
+  class { '::apache':
228
+    default_vhost => false,
229
+    mpm_module    => 'event',
230
+  }
231
+
232
+  ::apache::listen { '80': }
233
+  ::apache::listen { '443': }
234
+
235
+  ::apache::vhost::custom { $vhost_name:
200 236
     priority => '50',
201
-    template => 'openstackid/vhost.erb',
202
-    ssl      => true,
237
+    content  => template('openstackid/vhost.erb'),
203 238
     require  => File[$docroot_dirs],
204 239
   }
205
-  httpd_mod { 'rewrite':
206
-    ensure => present,
207
-  }
208
-  httpd_mod { 'proxy':
209
-    ensure => present,
210
-  }
211
-  httpd_mod { 'proxy_http':
212
-    ensure => present,
213
-  }
240
+
241
+  class { '::apache::mod::ssl': }
242
+  class { '::apache::mod::rewrite': }
243
+  class { '::apache::mod::proxy': }
244
+  ::apache::mod { 'proxy_fcgi': }
214 245
 
215 246
   if $ssl_cert_file_contents != '' {
216 247
     file { $ssl_cert_file:
@@ -218,8 +249,8 @@ class openstackid (
218 249
       group   => 'root',
219 250
       mode    => '0640',
220 251
       content => $ssl_cert_file_contents,
221
-      notify  => Service['httpd'],
222
-      before  => Httpd::Vhost[$vhost_name],
252
+      notify  => Class['::apache::service'],
253
+      before  => Apache::Vhost::Custom[$vhost_name],
223 254
     }
224 255
   }
225 256
 
@@ -229,8 +260,8 @@ class openstackid (
229 260
       group   => 'root',
230 261
       mode    => '0640',
231 262
       content => $ssl_key_file_contents,
232
-      notify  => Service['httpd'],
233
-      before  => Httpd::Vhost[$vhost_name],
263
+      notify  => Class['::apache::service'],
264
+      before  => Apache::Vhost::Custom[$vhost_name],
234 265
     }
235 266
   }
236 267
 
@@ -240,8 +271,8 @@ class openstackid (
240 271
       group   => 'root',
241 272
       mode    => '0640',
242 273
       content => $ssl_chain_file_contents,
243
-      notify  => Service['httpd'],
244
-      before  => Httpd::Vhost[$vhost_name],
274
+      notify  => Class['::apache::service'],
275
+      before  => Apache::Vhost::Custom[$vhost_name],
245 276
     }
246 277
   }
247 278
 
@@ -253,20 +284,14 @@ class openstackid (
253 284
   }
254 285
 
255 286
   if ($::lsbdistcodename == 'precise') {
256
-    file { '/etc/apache2/conf.d':
257
-      ensure  => directory,
258
-      owner   => 'root',
259
-      group   => 'root',
260
-      mode    => '0755',
261
-      require => File['/etc/apache2'],
262
-    }
287
+
263 288
     file { '/etc/apache2/conf.d/connection-tuning':
264 289
       ensure  => present,
265 290
       owner   => 'root',
266 291
       group   => 'root',
267 292
       mode    => '0644',
268 293
       source  => 'puppet:///modules/openstackid/apache-connection-tuning',
269
-      notify  => Service['httpd'],
294
+      notify  => Class['::apache::service'],
270 295
       require => File['/etc/apache2/conf.d'],
271 296
     }
272 297
   } else {
@@ -295,7 +320,7 @@ class openstackid (
295 320
     file { '/etc/apache2/conf-enabled/connection-tuning':
296 321
       ensure  => link,
297 322
       target  => '/etc/apache2/conf-available/connection-tuning.conf',
298
-      notify  => Service['httpd'],
323
+      notify  => Class['::apache::service'],
299 324
       require => [
300 325
         File['/etc/apache2/conf-enabled'],
301 326
         File['/etc/apache2/conf-available/connection-tuning'],
@@ -321,7 +346,7 @@ class openstackid (
321 346
     logoutput => on_failure,
322 347
     require   => [
323 348
       File['/opt/deploy/conf.d/openstackid.conf'],
324
-      Httpd::Vhost[$vhost_name],
349
+      Apache::Vhost::Custom[$vhost_name],
325 350
       File['/etc/openstackid/recaptcha.php'],
326 351
       File['/etc/openstackid/database.php'],
327 352
       File['/etc/openstackid/log.php'],
@@ -341,7 +366,7 @@ class openstackid (
341 366
     logoutput => on_failure,
342 367
     require   => [
343 368
       File['/opt/deploy/conf.d/openstackid.conf'],
344
-      Httpd::Vhost[$vhost_name],
369
+      Apache::Vhost::Custom[$vhost_name],
345 370
       File['/etc/openstackid/recaptcha.php'],
346 371
       File['/etc/openstackid/database.php'],
347 372
       File['/etc/openstackid/app.php'],

+ 1
- 1
metadata.json View File

@@ -17,7 +17,7 @@
17 17
   "dependencies": [
18 18
     { "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0" },
19 19
     { "name": "puppetlabs/mysql", "version_requirement": "= 0.6.1" },
20
-    { "name": "openstackinfra/httpd", "version_requirement": "0.x" },
20
+    { "name": "puppetlabs/apache", "version_requirement": "= 1.8.1" },
21 21
     { "name": "openstackinfra/redis", "version_requirement": "= 0.0.1" }
22 22
   ]
23 23
 }

+ 6
- 2
templates/vhost.erb View File

@@ -36,11 +36,15 @@
36 36
   RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
37 37
   RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
38 38
 
39
-  DocumentRoot <%= docroot %>
40
-  <Directory <%= docroot %>/>
39
+  DocumentRoot <%= @docroot %>
40
+  <Directory <%= @docroot %>/>
41 41
     Order allow,deny
42 42
     Allow from all
43 43
   </Directory>
44 44
 
45
+  <FilesMatch \.php$>
46
+    SetHandler "proxy:fcgi://127.0.0.1:9000"
47
+  </FilesMatch>
48
+
45 49
 </VirtualHost>
46 50
 </IfModule>

Loading…
Cancel
Save