From 33c744d923897ecdacce371ac2ad97f14853f348 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Wed, 13 May 2020 13:46:38 -0700
Subject: [PATCH] Set connection limits on mirror apache workers

We've noticed that our mirrors will semi regularly have problems due to
old stale works. For example using old ssl certs or having connection
problems to round robin backend services. In all cases restarting the
service (killing old workers) seems to fix things. Try to force this to
automatically happen by setting a reasonable connection limit per worker
before we recycle them.

Change-Id: Ic377f48d1a5a3eecbcb183327c9255134c4364ab
---
 .../roles/mirror/files/apache-connection-tuning    | 14 ++++++++++++++
 playbooks/roles/mirror/tasks/main.yaml             |  9 +++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 playbooks/roles/mirror/files/apache-connection-tuning

diff --git a/playbooks/roles/mirror/files/apache-connection-tuning b/playbooks/roles/mirror/files/apache-connection-tuning
new file mode 100644
index 0000000000..8cc4e55431
--- /dev/null
+++ b/playbooks/roles/mirror/files/apache-connection-tuning
@@ -0,0 +1,14 @@
+# worker MPM
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+#
+# We've noticed that our mirrors occasionally have stale workers. This leads
+# to ssl certs not being refreshed properly after reload and we've also seen
+# ssl connections to round robin backend services have trouble. Restarting
+# the workers so that they load up new info seems to fix this. Try and force
+# that to happen regularly with a connections limit per worker.
+<IfModule mpm_worker_module>
+    MaxConnectionsPerChild 8192
+</IfModule>
+<IfModule mpm_event_module>
+    MaxConnectionsPerChild 8192
+</IfModule>
diff --git a/playbooks/roles/mirror/tasks/main.yaml b/playbooks/roles/mirror/tasks/main.yaml
index dfa6d46b54..f700c29dc0 100644
--- a/playbooks/roles/mirror/tasks/main.yaml
+++ b/playbooks/roles/mirror/tasks/main.yaml
@@ -121,6 +121,15 @@
     # becomes mirror.region...)  for the serveralias
     apache_server_alias: '{{ inventory_hostname | regex_replace("^mirror\d\d\.", "mirror.") }}'
 
+- name: Copy apache tuning
+  copy:
+    src: apache-connection-tuning
+    dest: /etc/apache2/conf-enabled/connection-tuning.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart apache2
+
 - name: Create mirror virtual host
   template:
     src: mirror.vhost.j2