From ec1175af2194dd19d482da18aade3c2ecc39c24e Mon Sep 17 00:00:00 2001 From: Emilien Mantel Date: Thu, 26 Dec 2019 11:38:06 +0100 Subject: [PATCH] [WIP] Improve FPM management - store configuration in local facts - better socket generator - php_admin_value/php_value --- .gitignore | 1 + defaults/main.yml | 4 +- filter_plugins/php.pyc | Bin 791 -> 0 bytes tasks/fpm.yml | 6 +-- tasks/main.yml | 36 +++++++++------- templates/etc/__php__/fpm/pool.d/pool.conf.j2 | 34 +++++++-------- tests/templates/nginx.conf.j2 | 19 ++++++--- tests/test.yml | 40 ++++++++++++------ 8 files changed, 80 insertions(+), 60 deletions(-) delete mode 100644 filter_plugins/php.pyc diff --git a/.gitignore b/.gitignore index 62ff262..26e7b43 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ *.swp *.retry *.log +/filter_plugins/*.pyc diff --git a/defaults/main.yml b/defaults/main.yml index 6cd4fb2..a0c4707 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -90,10 +90,10 @@ php_xdebug_var_display_max_depth: '3' # PHP-FPM php_fpm_poold: - - pool_name: 'www' + - name: 'www' listen: '{{ php_default_fpm_sock }}' pm: 'dynamic' - pm_max_children: 250 + pm_max_children: 100 pm_start_servers: 10 pm_min_spare_servers: 10 pm_max_spare_servers: 20 diff --git a/filter_plugins/php.pyc b/filter_plugins/php.pyc deleted file mode 100644 index 8ebb601d3e434db724af6355b0c7aa0449b90f21..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 791 zcmb_a%TB{E5L_ovXn7n#;#3JC<ZVV51>|dvbJY;y<_`72d(pOdX8x|eEwgtnNx;@=!{iO1`b*hEjiAkqhWykzByqGXY(?wrWNeWbofiFqHA>g7Vs`Prrl$Y z_vJ#(Or}fQ#9ZrKmg7RzJdjO~A)M+$h0}5Q9wurL4sN62V>m8NHpx{7h0-jyY9_0E z{*sjjb-UGvZ6PI>KxJhGvf+><>^|e2i+Rw=JXbN6F+jRzGsg^ywP8sZSqtH$@+qo2 zHAvAO+z;A?%g~My3j5Ot9cF^8Q>wQTD8dN>@YbG%#zy7oX4>B2Y_%W;u0eJZzHnD* zcX=Y6$Wl6mq^vvODdjzkJBG?9ddh)7b>v)?h Q>$<(D`@4kb?g2FYU&iRC7XSbN diff --git a/tasks/fpm.yml b/tasks/fpm.yml index 509dd07..d681c60 100644 --- a/tasks/fpm.yml +++ b/tasks/fpm.yml @@ -24,13 +24,13 @@ - name: TEMPLATE | Deploy pool configuration template: src: etc/__php__/fpm/pool.d/pool.conf.j2 - dest: '{{ php_fpm_pool_dir }}/{{ item.pool_name }}.conf' - loop: "{{ php_fpm_poold }}" + dest: '{{ php_fpm_pool_dir }}/{{ item.name }}.conf' + loop: "{{ ansible_local.hanxhx_php.fpm_pool }}" notify: restart php-fpm - name: FILE | Delete default pool if necessary file: path: "{{ php_fpm_pool_dir }}/www.conf" state: absent - when: '"www" not in (php_fpm_poold | map(attribute="pool_name") | list)' + when: '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list)' notify: restart php-fpm diff --git a/tasks/main.yml b/tasks/main.yml index 844cc1f..67eb72a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -22,13 +22,13 @@ {% for p in php_fpm_poold %} { name: "{{ p.name | default(p.pool_name) }}", - listen: "{{ item.listen | default(php_version | php_socket(p.name | default(p.pool_name))) }}", - user: "{{ item.user | default(php_default_user_group) }}", - group: "{{ item.group | default(php_default_user_group) }}", - listen_owner: "{{ item.listen_owner | default(php_default_user_group) }}", - listen_group: "{{ item.listen_owner | default(php_default_user_group) }}", - {% for k, v in p.items() %} - {% if k not in ['name', 'pool_name', 'listen', 'user', 'group', 'listen_owner'] %} + listen: "{{ p.listen | default(php_version | php_socket(p.name | default(p.pool_name))) }}", + user: "{{ p.user | default(php_default_user_group) }}", + group: "{% if p.user is defined %}{{ p.group | default(p.user) }}{% else %}{{ p.group | default(php_default_user_group) }}{% endif %}", + php_value: {% if p.php_value is defined %}{{ p.php_value | to_nice_json }}{% else %}{}{% endif %}, + php_admin_value: {% if p.php_admin_value is defined %}{{ p.php_admin_value | to_nice_json }}{% else %}{}{% endif %}, + {% for k, v in p.items() | list %} + {% if k not in ['name', 'pool_name', 'listen', 'user', 'group', 'php_value', 'php_admin_value'] %} {{ k }}: "{{ v }}"{% if not loop.last %},{% endif %} {% endif %} {% endfor %} @@ -46,28 +46,32 @@ state: directory recurse: yes -- name: COPY | Manage current repositories +- name: COPY | Manage facts copy: - content: "{ \"php_fpm_full_pool\": {{ php_fpm_full_pool | to_json }} }" - dest: /etc/ansible/facts.d/php_fpm_pool.fact + content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }} }" + dest: /etc/ansible/facts.d/hanxhx_php.fact + register: f -- debug: var=php_fpm_full_pool -- fail: msg='ok' +- name: SETUP | Gathers new facts + setup: + when: f.changed + tags: + - skip_ansible_lint - name: APT | Install PHP packages apt: - pkg: "{{ item }}" + pkg: "{{ pkgs }}" state: present update_cache: yes cache_valid_time: 3600 - loop: "{{ php_packages + php_extra_packages | flatten }}" + vars: + pkgs: "{{ php_packages + php_extra_packages | flatten }}" notify: restart php-fpm when: ansible_os_family == 'Debian' - name: PKGNG | Install PHP packages pkgng: - name: "{{ item }}" - loop: "{{ php_packages + php_extra_packages | flatten }}" + name: "{{ php_packages + php_extra_packages | flatten | join(',') }}" notify: restart php-fpm when: ansible_os_family == 'FreeBSD' diff --git a/templates/etc/__php__/fpm/pool.d/pool.conf.j2 b/templates/etc/__php__/fpm/pool.d/pool.conf.j2 index da77557..77f7f0a 100644 --- a/templates/etc/__php__/fpm/pool.d/pool.conf.j2 +++ b/templates/etc/__php__/fpm/pool.d/pool.conf.j2 @@ -1,7 +1,7 @@ -; Start a new pool named '{{ item.pool_name }}'. +; Start a new pool named '{{ item.name }}'. ; the variable $pool can we used in any directive and will be replaced by the -; pool name ('{{ item.pool_name }}' here) -[{{ item.pool_name }}] +; pool name ('{{ item.name }}' here) +[{{ item.name }}] ; Per pool prefix ; It only applies on the following directives: @@ -20,8 +20,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = {{ item.user | default(php_default_user_group) }} -group = {{ item.group | default(php_default_user_group) }} +user = {{ item.user }} +group = {{ item.group }} ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -95,7 +95,7 @@ listen.group = {{ item.listen_owner | default(php_default_user_group) }} ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. -pm = {{ item.pm }} +pm = {{ item.pm | default('dynamic') }} ; The number of child processes to be created when pm is set to 'static' and the ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. @@ -106,27 +106,27 @@ pm = {{ item.pm }} ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = {{ item.pm_max_children }} +pm.max_children = {{ item.pm_max_children | default('250') }} ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = {{ item.pm_start_servers }} +pm.start_servers = {{ item.pm_start_servers | default('10') }} ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = {{ item.pm_min_spare_servers }} +pm.min_spare_servers = {{ item.pm_min_spare_servers | default('10') }} ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = {{ item.pm_max_spare_servers }} +pm.max_spare_servers = {{ item.pm_max_spare_servers | default('20') }} ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s -;pm.process_idle_timeout = 10s; +pm.process_idle_timeout = {{ item.pm_process_idle_timeout | default('10s') }}; ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For @@ -369,7 +369,7 @@ chdir = / ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -;catch_workers_output = yes +catch_workers_output = {{ item.catch_workers_output | default('no') }} ; Clear environment in FPM workers ; Prevents arbitrary environment variables from reaching FPM worker processes @@ -421,12 +421,10 @@ chdir = / ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M -{% if item.php_flag is defined %} -{% for k, v in item.php_flag.items() %} +{% for k, v in item.php_value.items() | list %} +php_value[{{ k }}] = {{ v }} {% endfor %} -{% endif %} -{% if item.php_admin_flag is defined %} -{% for k, v in item.php_admin_flag.items() %} +{% for k, v in item.php_admin_value.items() | list %} +php_admin_value[{{ k }}] = {{ v }} {% endfor %} -{% endif %} ; vim:filetype=dosini diff --git a/tests/templates/nginx.conf.j2 b/tests/templates/nginx.conf.j2 index 80852ab..e5c83fb 100644 --- a/tests/templates/nginx.conf.j2 +++ b/tests/templates/nginx.conf.j2 @@ -15,22 +15,27 @@ http { root /var/www; -{% if php_fpm_poold.0.status_path is defined %} - location = {{ php_fpm_poold.0.status_path }} { +{% if ansible_local.hanxhx_php.fpm_pool.0.status_path is defined %} + location = {{ ansible_local.hanxhx_php.fpm_pool.0.status_path }} { include fastcgi.conf; - fastcgi_pass unix:{{ php_default_fpm_sock }}; + fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }}; } {% endif %} -{% if php_fpm_poold.0.ping_path is defined %} - location = {{ php_fpm_poold.0.ping_path }} { +{% if ansible_local.hanxhx_php.fpm_pool.0.ping_path is defined %} + location = {{ ansible_local.hanxhx_php.fpm_pool.0.ping_path }} { include fastcgi.conf; - fastcgi_pass unix:{{ php_default_fpm_sock }}; + fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }}; } {% endif %} + location = /ini.php { + include fastcgi.conf; + fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.1.listen }}; + } + location ~ \.php$ { include fastcgi.conf; - fastcgi_pass unix:{{ php_default_fpm_sock }}; + fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }}; } } } diff --git a/tests/test.yml b/tests/test.yml index 78ff0c9..511a3ce 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -12,7 +12,7 @@ error_reporting: 'E_ALL' php_fpm_poold: - pool_name: 'test_ansible' - listen: '{{ php_default_fpm_sock }}' + listen: '/run/php/php-ansible1.sock' pm: 'dynamic' pm_max_children: 250 pm_start_servers: 10 @@ -21,26 +21,25 @@ status_path: '/status' ping_path: '/ping' ping_response: 'ok' - php_flag: + - name: 'test_ansible2' + user: 'foo' + php_value: display_errors: 'Off' - php_admin_flag: - memory_limit: '128M' - - pool_name: 'test_ansible2' - pm: 'dynamic' - pm_max_children: 250 - pm_start_servers: 10 - pm_min_spare_servers: 10 - pm_max_spare_servers: 20 - php_flag: - display_errors: 'On' - php_admin_flag: - memory_limit: '64M' + php_admin_value: + memory_limit: '98M' pre_tasks: - name: INCLUDE_TASKS | Pre tasks related to OS include_tasks: "includes/pre_{{ ansible_os_family }}.yml" + - name: USER | Create PHP user + user: + name: 'foo' + system: yes + create_home: no + shell: '/usr/sbin/nologin' + tasks: - name: TEMPLATE | Nginx site config @@ -122,6 +121,11 @@ dest: /var/www/phpinfo.php content: ' /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/ /dev/null" + args: + warn: false + changed_when: false + register: c + failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout' + - name: URI | Check ping uri: url: "http://localhost{{ php_fpm_poold.0.ping_path }}"