Apache MPM events + php5 fpm
* Updated site config to change MPM from fork to event model and to start using php5-fpm (fast cgi) to get a better site performance and a better use or server resources. * Updated mysql php driver to newer one (php5-mysqlnd). * Added missing dependencies : php5-json (json functions) and php5-gmp( big number functions used by jose4php). * Replaced puppet-httpd with puppetlabs-apache. * added www.conf to tweak php5-fpm connection settings * update vhost template to support proxy_fcgi. * updated apache connections settings to improve performance on mpm events. * updated dependency to puppetlabs/apache (1.8.1) Change-Id: I66c6ad413a6b0c31a19cc663058a53edc3bec5cc
This commit is contained in:
parent
638c790997
commit
a1c7cc4ed7
|
@ -1,17 +1,11 @@
|
||||||
# prefork MPM
|
# mpm_event_module
|
||||||
# StartServers: initial number of server processes to start
|
<IfModule mpm_event_module>
|
||||||
# MinSpareServers: minimum number of worker threads which are kept spare
|
ServerLimit 128
|
||||||
# MaxSpareServers: maximum number of worker threads which are kept spare
|
StartServers 3
|
||||||
# MaxClients: maximum number of simultaneous client connections (MaxClients should always be <= ServerLimit)
|
MinSpareThreads 96
|
||||||
# ServerLimit:is only used if you need to set MaxClients higher than 256 (default). Do not set the value of this
|
MaxSpareThreads 192
|
||||||
# directive any higher than what you might want to set MaxClients to.
|
ThreadLimit 64
|
||||||
# MaxRequestsPerChild: maximum number of requests a server process serves
|
ThreadsPerChild 32
|
||||||
# if you are unable to determine this information the standard 1000 should be used.
|
MaxClients 4096
|
||||||
<IfModule mpm_prefork_module>
|
MaxRequestsPerChild 5000
|
||||||
StartServers 3
|
|
||||||
MinSpareServers 96
|
|
||||||
MaxSpareServers 192
|
|
||||||
MaxClients 1024
|
|
||||||
ServerLimit 1024
|
|
||||||
MaxRequestsPerChild 1000
|
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
[www]
|
||||||
|
|
||||||
|
user = www-data
|
||||||
|
group = www-data
|
||||||
|
listen = 127.0.0.1:9000
|
||||||
|
|
||||||
|
listen.owner = www-data
|
||||||
|
listen.group = www-data
|
||||||
|
|
||||||
|
pm = dynamic
|
||||||
|
pm.max_children = 4096
|
||||||
|
pm.start_servers = 128
|
||||||
|
pm.min_spare_servers = 128
|
||||||
|
pm.max_spare_servers = 256
|
||||||
|
pm.max_requests = 5000
|
||||||
|
chdir = /
|
|
@ -61,6 +61,7 @@ class openstackid (
|
||||||
$email_smtp_server_user = '',
|
$email_smtp_server_user = '',
|
||||||
$email_smtp_server_password = '',
|
$email_smtp_server_password = '',
|
||||||
$use_db_seeding = false,
|
$use_db_seeding = false,
|
||||||
|
$docroot = '/srv/openstackid/w/public',
|
||||||
) {
|
) {
|
||||||
|
|
||||||
# php packages needed for openid server
|
# php packages needed for openid server
|
||||||
|
@ -69,13 +70,45 @@ class openstackid (
|
||||||
'php5-curl',
|
'php5-curl',
|
||||||
'php5-cli',
|
'php5-cli',
|
||||||
'php5-mcrypt',
|
'php5-mcrypt',
|
||||||
'php5-mysql',
|
'php5-mysqlnd',
|
||||||
|
'php5-fpm',
|
||||||
|
'php5-json',
|
||||||
|
'php5-gmp',
|
||||||
]
|
]
|
||||||
|
|
||||||
package { $php5_packages:
|
package { $php5_packages:
|
||||||
ensure => present,
|
ensure => present,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# php5-fpm configuration
|
||||||
|
|
||||||
|
exec { 'enable_php5-mbcrypt':
|
||||||
|
command => '/usr/sbin/php5enmod mcrypt',
|
||||||
|
timeout => 0,
|
||||||
|
require => [
|
||||||
|
Package['php5-fpm'],
|
||||||
|
],
|
||||||
|
notify => Service['php5-fpm'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/php5/fpm/pool.d/www.conf':
|
||||||
|
ensure => present,
|
||||||
|
owner => 'root',
|
||||||
|
group => 'www-data',
|
||||||
|
mode => '0640',
|
||||||
|
source => 'puppet:///modules/openstackid/www.conf',
|
||||||
|
require => [
|
||||||
|
Package['php5-fpm'],
|
||||||
|
],
|
||||||
|
notify => Service['php5-fpm'],
|
||||||
|
}
|
||||||
|
|
||||||
|
service { 'php5-fpm':
|
||||||
|
ensure => 'running',
|
||||||
|
enable => true,
|
||||||
|
require => Package['php5-fpm'],
|
||||||
|
}
|
||||||
|
|
||||||
# the deploy scripts use the curl CLI
|
# the deploy scripts use the curl CLI
|
||||||
package { 'curl':
|
package { 'curl':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
@ -191,26 +224,24 @@ class openstackid (
|
||||||
mode => '0755',
|
mode => '0755',
|
||||||
}
|
}
|
||||||
|
|
||||||
include ::httpd
|
class { '::apache':
|
||||||
include ::httpd::ssl
|
default_vhost => false,
|
||||||
include ::httpd::php
|
mpm_module => 'event',
|
||||||
::httpd::vhost { $vhost_name:
|
}
|
||||||
port => 443,
|
|
||||||
docroot => '/srv/openstackid/w/public',
|
::apache::listen { '80': }
|
||||||
|
::apache::listen { '443': }
|
||||||
|
|
||||||
|
::apache::vhost::custom { $vhost_name:
|
||||||
priority => '50',
|
priority => '50',
|
||||||
template => 'openstackid/vhost.erb',
|
content => template('openstackid/vhost.erb'),
|
||||||
ssl => true,
|
|
||||||
require => File[$docroot_dirs],
|
require => File[$docroot_dirs],
|
||||||
}
|
}
|
||||||
httpd_mod { 'rewrite':
|
|
||||||
ensure => present,
|
class { '::apache::mod::ssl': }
|
||||||
}
|
class { '::apache::mod::rewrite': }
|
||||||
httpd_mod { 'proxy':
|
class { '::apache::mod::proxy': }
|
||||||
ensure => present,
|
::apache::mod { 'proxy_fcgi': }
|
||||||
}
|
|
||||||
httpd_mod { 'proxy_http':
|
|
||||||
ensure => present,
|
|
||||||
}
|
|
||||||
|
|
||||||
if $ssl_cert_file_contents != '' {
|
if $ssl_cert_file_contents != '' {
|
||||||
file { $ssl_cert_file:
|
file { $ssl_cert_file:
|
||||||
|
@ -218,8 +249,8 @@ class openstackid (
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => $ssl_cert_file_contents,
|
content => $ssl_cert_file_contents,
|
||||||
notify => Service['httpd'],
|
notify => Class['::apache::service'],
|
||||||
before => Httpd::Vhost[$vhost_name],
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -229,8 +260,8 @@ class openstackid (
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => $ssl_key_file_contents,
|
content => $ssl_key_file_contents,
|
||||||
notify => Service['httpd'],
|
notify => Class['::apache::service'],
|
||||||
before => Httpd::Vhost[$vhost_name],
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -240,8 +271,8 @@ class openstackid (
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => $ssl_chain_file_contents,
|
content => $ssl_chain_file_contents,
|
||||||
notify => Service['httpd'],
|
notify => Class['::apache::service'],
|
||||||
before => Httpd::Vhost[$vhost_name],
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -253,20 +284,14 @@ class openstackid (
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($::lsbdistcodename == 'precise') {
|
if ($::lsbdistcodename == 'precise') {
|
||||||
file { '/etc/apache2/conf.d':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0755',
|
|
||||||
require => File['/etc/apache2'],
|
|
||||||
}
|
|
||||||
file { '/etc/apache2/conf.d/connection-tuning':
|
file { '/etc/apache2/conf.d/connection-tuning':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/openstackid/apache-connection-tuning',
|
source => 'puppet:///modules/openstackid/apache-connection-tuning',
|
||||||
notify => Service['httpd'],
|
notify => Class['::apache::service'],
|
||||||
require => File['/etc/apache2/conf.d'],
|
require => File['/etc/apache2/conf.d'],
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -295,7 +320,7 @@ class openstackid (
|
||||||
file { '/etc/apache2/conf-enabled/connection-tuning':
|
file { '/etc/apache2/conf-enabled/connection-tuning':
|
||||||
ensure => link,
|
ensure => link,
|
||||||
target => '/etc/apache2/conf-available/connection-tuning.conf',
|
target => '/etc/apache2/conf-available/connection-tuning.conf',
|
||||||
notify => Service['httpd'],
|
notify => Class['::apache::service'],
|
||||||
require => [
|
require => [
|
||||||
File['/etc/apache2/conf-enabled'],
|
File['/etc/apache2/conf-enabled'],
|
||||||
File['/etc/apache2/conf-available/connection-tuning'],
|
File['/etc/apache2/conf-available/connection-tuning'],
|
||||||
|
@ -321,7 +346,7 @@ class openstackid (
|
||||||
logoutput => on_failure,
|
logoutput => on_failure,
|
||||||
require => [
|
require => [
|
||||||
File['/opt/deploy/conf.d/openstackid.conf'],
|
File['/opt/deploy/conf.d/openstackid.conf'],
|
||||||
Httpd::Vhost[$vhost_name],
|
Apache::Vhost::Custom[$vhost_name],
|
||||||
File['/etc/openstackid/recaptcha.php'],
|
File['/etc/openstackid/recaptcha.php'],
|
||||||
File['/etc/openstackid/database.php'],
|
File['/etc/openstackid/database.php'],
|
||||||
File['/etc/openstackid/log.php'],
|
File['/etc/openstackid/log.php'],
|
||||||
|
@ -341,7 +366,7 @@ class openstackid (
|
||||||
logoutput => on_failure,
|
logoutput => on_failure,
|
||||||
require => [
|
require => [
|
||||||
File['/opt/deploy/conf.d/openstackid.conf'],
|
File['/opt/deploy/conf.d/openstackid.conf'],
|
||||||
Httpd::Vhost[$vhost_name],
|
Apache::Vhost::Custom[$vhost_name],
|
||||||
File['/etc/openstackid/recaptcha.php'],
|
File['/etc/openstackid/recaptcha.php'],
|
||||||
File['/etc/openstackid/database.php'],
|
File['/etc/openstackid/database.php'],
|
||||||
File['/etc/openstackid/app.php'],
|
File['/etc/openstackid/app.php'],
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
"dependencies": [
|
"dependencies": [
|
||||||
{ "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0" },
|
{ "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0" },
|
||||||
{ "name": "puppetlabs/mysql", "version_requirement": "= 0.6.1" },
|
{ "name": "puppetlabs/mysql", "version_requirement": "= 0.6.1" },
|
||||||
{ "name": "openstackinfra/httpd", "version_requirement": "0.x" },
|
{ "name": "puppetlabs/apache", "version_requirement": "= 1.8.1" },
|
||||||
{ "name": "openstackinfra/redis", "version_requirement": "= 0.0.1" }
|
{ "name": "openstackinfra/redis", "version_requirement": "= 0.0.1" }
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,11 +36,15 @@
|
||||||
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
|
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
|
||||||
RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
|
RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
|
||||||
|
|
||||||
DocumentRoot <%= docroot %>
|
DocumentRoot <%= @docroot %>
|
||||||
<Directory <%= docroot %>/>
|
<Directory <%= @docroot %>/>
|
||||||
Order allow,deny
|
Order allow,deny
|
||||||
Allow from all
|
Allow from all
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
|
<FilesMatch \.php$>
|
||||||
|
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||||
|
</FilesMatch>
|
||||||
|
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
Loading…
Reference in New Issue