Apache MPM events + php5 fpm

* Updated site config to change MPM from fork to event model
  and to start using php5-fpm (fast cgi) to get a better site
  performance and a better use or server resources.
* Updated mysql php driver to newer one (php5-mysqlnd).
* Added missing dependencies : php5-json (json functions) and
  php5-gmp( big number functions used by jose4php).
* Replaced puppet-httpd with puppetlabs-apache.
* added www.conf to tweak php5-fpm connection settings
* update vhost template to support proxy_fcgi.
* updated apache connections settings to improve performance on
  mpm events.
* updated dependency to puppetlabs/apache (1.8.1)
Change-Id: I66c6ad413a6b0c31a19cc663058a53edc3bec5cc

files/apache-connection-tuning

@@ -1,17 +1,11 @@
-# prefork MPM
-# StartServers: initial number of server processes to start
-# MinSpareServers: minimum number of worker threads which are kept spare
-# MaxSpareServers: maximum number of worker threads which are kept spare
-# MaxClients: maximum number of simultaneous client connections (MaxClients should always be <= ServerLimit)
-# ServerLimit:is only used if you need to set MaxClients higher than 256 (default). Do not set the value of this
-# directive any higher than what you might want to set MaxClients to.
-# MaxRequestsPerChild: maximum number of requests a server process serves
-# if you are unable to determine this information the standard 1000 should be used.
-<IfModule mpm_prefork_module>
-   StartServers 3
-   MinSpareServers 96
-   MaxSpareServers 192
-   MaxClients 1024
-   ServerLimit 1024
-   MaxRequestsPerChild 1000
+# mpm_event_module
+<IfModule mpm_event_module>
+    ServerLimit         128
+    StartServers          3
+    MinSpareThreads      96
+    MaxSpareThreads     192
+    ThreadLimit          64
+    ThreadsPerChild      32
+    MaxClients         4096
+    MaxRequestsPerChild  5000
 </IfModule>

files/www.conf

@@ -0,0 +1,16 @@
+[www]
+
+user = www-data
+group = www-data
+listen = 127.0.0.1:9000
+
+listen.owner = www-data
+listen.group = www-data
+
+pm = dynamic
+pm.max_children = 4096
+pm.start_servers = 128
+pm.min_spare_servers = 128
+pm.max_spare_servers = 256
+pm.max_requests = 5000
+chdir = /

manifests/init.pp

@@ -61,6 +61,7 @@ class openstackid (
   $email_smtp_server_user = '',
   $email_smtp_server_password = '',
   $use_db_seeding = false,
+  $docroot = '/srv/openstackid/w/public',
 ) {
 
   # php packages needed for openid server
@@ -69,13 +70,45 @@ class openstackid (
       'php5-curl',
       'php5-cli',
       'php5-mcrypt',
-      'php5-mysql',
+      'php5-mysqlnd',
+      'php5-fpm',
+      'php5-json',
+      'php5-gmp',
     ]
 
   package { $php5_packages:
     ensure => present,
   }
 
+  # php5-fpm configuration
+
+  exec { 'enable_php5-mbcrypt':
+    command => '/usr/sbin/php5enmod mcrypt',
+    timeout => 0,
+    require => [
+      Package['php5-fpm'],
+    ],
+    notify  => Service['php5-fpm'],
+  }
+
+  file { '/etc/php5/fpm/pool.d/www.conf':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'www-data',
+    mode    => '0640',
+    source  => 'puppet:///modules/openstackid/www.conf',
+    require => [
+      Package['php5-fpm'],
+    ],
+    notify  => Service['php5-fpm'],
+  }
+
+  service { 'php5-fpm':
+    ensure  => 'running',
+    enable  => true,
+    require => Package['php5-fpm'],
+  }
+
   # the deploy scripts use the curl CLI
   package { 'curl':
     ensure => present,
@@ -191,26 +224,24 @@ class openstackid (
     mode   => '0755',
   }
 
-  include ::httpd
-  include ::httpd::ssl
-  include ::httpd::php
-  ::httpd::vhost { $vhost_name:
-    port     => 443,
-    docroot  => '/srv/openstackid/w/public',
+  class { '::apache':
+    default_vhost => false,
+    mpm_module    => 'event',
+  }
+
+  ::apache::listen { '80': }
+  ::apache::listen { '443': }
+
+  ::apache::vhost::custom { $vhost_name:
     priority => '50',
-    template => 'openstackid/vhost.erb',
-    ssl      => true,
+    content  => template('openstackid/vhost.erb'),
     require  => File[$docroot_dirs],
   }
-  httpd_mod { 'rewrite':
-    ensure => present,
-  }
-  httpd_mod { 'proxy':
-    ensure => present,
-  }
-  httpd_mod { 'proxy_http':
-    ensure => present,
-  }
+
+  class { '::apache::mod::ssl': }
+  class { '::apache::mod::rewrite': }
+  class { '::apache::mod::proxy': }
+  ::apache::mod { 'proxy_fcgi': }
 
   if $ssl_cert_file_contents != '' {
     file { $ssl_cert_file:
@@ -218,8 +249,8 @@ class openstackid (
       group   => 'root',
       mode    => '0640',
       content => $ssl_cert_file_contents,
-      notify  => Service['httpd'],
-      before  => Httpd::Vhost[$vhost_name],
+      notify  => Class['::apache::service'],
+      before  => Apache::Vhost::Custom[$vhost_name],
     }
   }
 
@@ -229,8 +260,8 @@ class openstackid (
       group   => 'root',
       mode    => '0640',
       content => $ssl_key_file_contents,
-      notify  => Service['httpd'],
-      before  => Httpd::Vhost[$vhost_name],
+      notify  => Class['::apache::service'],
+      before  => Apache::Vhost::Custom[$vhost_name],
     }
   }
 
@@ -240,8 +271,8 @@ class openstackid (
       group   => 'root',
       mode    => '0640',
       content => $ssl_chain_file_contents,
-      notify  => Service['httpd'],
-      before  => Httpd::Vhost[$vhost_name],
+      notify  => Class['::apache::service'],
+      before  => Apache::Vhost::Custom[$vhost_name],
     }
   }
 
@@ -253,20 +284,14 @@ class openstackid (
   }
 
   if ($::lsbdistcodename == 'precise') {
-    file { '/etc/apache2/conf.d':
-      ensure  => directory,
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0755',
-      require => File['/etc/apache2'],
-    }
+
     file { '/etc/apache2/conf.d/connection-tuning':
       ensure  => present,
       owner   => 'root',
       group   => 'root',
       mode    => '0644',
       source  => 'puppet:///modules/openstackid/apache-connection-tuning',
-      notify  => Service['httpd'],
+      notify  => Class['::apache::service'],
       require => File['/etc/apache2/conf.d'],
     }
   } else {
@@ -295,7 +320,7 @@ class openstackid (
     file { '/etc/apache2/conf-enabled/connection-tuning':
       ensure  => link,
       target  => '/etc/apache2/conf-available/connection-tuning.conf',
-      notify  => Service['httpd'],
+      notify  => Class['::apache::service'],
       require => [
         File['/etc/apache2/conf-enabled'],
         File['/etc/apache2/conf-available/connection-tuning'],
@@ -321,7 +346,7 @@ class openstackid (
     logoutput => on_failure,
     require   => [
       File['/opt/deploy/conf.d/openstackid.conf'],
-      Httpd::Vhost[$vhost_name],
+      Apache::Vhost::Custom[$vhost_name],
       File['/etc/openstackid/recaptcha.php'],
       File['/etc/openstackid/database.php'],
       File['/etc/openstackid/log.php'],
@@ -341,7 +366,7 @@ class openstackid (
     logoutput => on_failure,
     require   => [
       File['/opt/deploy/conf.d/openstackid.conf'],
-      Httpd::Vhost[$vhost_name],
+      Apache::Vhost::Custom[$vhost_name],
       File['/etc/openstackid/recaptcha.php'],
       File['/etc/openstackid/database.php'],
       File['/etc/openstackid/app.php'],

metadata.json

@@ -17,7 +17,7 @@
   "dependencies": [
     { "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0" },
     { "name": "puppetlabs/mysql", "version_requirement": "= 0.6.1" },
-    { "name": "openstackinfra/httpd", "version_requirement": "0.x" },
+    { "name": "puppetlabs/apache", "version_requirement": "= 1.8.1" },
     { "name": "openstackinfra/redis", "version_requirement": "= 0.0.1" }
   ]
 }

templates/vhost.erb

@@ -36,11 +36,15 @@
   RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
   RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
 
-  DocumentRoot <%= docroot %>
-  <Directory <%= docroot %>/>
+  DocumentRoot <%= @docroot %>
+  <Directory <%= @docroot %>/>
     Order allow,deny
     Allow from all
   </Directory>
 
+  <FilesMatch \.php$>
+    SetHandler "proxy:fcgi://127.0.0.1:9000"
+  </FilesMatch>
+
 </VirtualHost>
 </IfModule>