Page MenuHomeDevCentral
Files F3767394

No OneTemporary
Actions

View Options

diff --git a/pillar/webserver/sites.sls b/pillar/webserver/sites.sls
index ed0775f..6d1c3af 100644
--- a/pillar/webserver/sites.sls
+++ b/pillar/webserver/sites.sls
@@ -1,198 +1,198 @@
# -------------------------------------------------------------
# Salt — Sites to provision on the legacy web server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Domains we deploy
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_domains:
#
# Directly managed by Nasqueron
#
nasqueron:
- nasqueron.org
#
# Nasqueron members
#
nasqueron_members:
- dereckson.be
#
# Projects ICT is managed by Nasqueron
#
espacewin:
- espace-win.org
wolfplex:
- wolfplex.org
# -------------------------------------------------------------
# Static sites
#
# Sites to deploy from the staging repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_static_sites:
dereckson.be:
- assets
nasqueron.org:
- www
- assets
- docker
- ftp
- launch
- packages
- trustspace
wolfplex.org:
- www
- assets
# -------------------------------------------------------------
# PHP sites
#
# Username must be unique and use max 31 characters.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
php_fpm_instances:
# PHP current version, generally installed as package/port
prod:
command: /usr/local/sbin/php-fpm
web_php_sites:
# Nasqueron members
mediawiki.dereckson.be:
domain: dereckson.be
subdomain: mediawiki
user: web-be-dereckson-mw
php-fpm: prod
www.dereckson.be:
domain: dereckson.be
subdomain: www
user: web-be-dereckson-www
source: wwwroot/dereckson.be/www
target: /var/wwwroot/dereckson.be/www
php-fpm: prod
capabilities:
- wordpress
www51.dereckson.be:
domain: dereckson.be
subdomain: www51
user: web-be-dereckson-www51
php-fpm: prod
# Directly managed by Nasqueron
api.nasqueron.org:
domain: nasqueron.org
subdomain: api
user: web-org-nasqueron-api-serverslog
php-fpm: prod
env:
SERVERS_LOG_FILE: /srv/api/data/servers-log-all.json
wikis.nasqueron.org:
domain: nasqueron.org
subdomain: wikis
user: mediawiki
php-fpm: prod
- skipCreateAccount: True
+ skipCreateUser: True
env:
MEDIAWIKI_ENTRY_POINT: /srv/mediawiki/index.php
DB_HOST: localhost
DB_USER: mediawiki-saas
# Espace Win
www.espace-win.org:
domain: espace-win.org
subdomain: www
user: web-org-espacewin-www
source: wwwroot/espace-win.org/www
target: /var/wwwroot/espace-win.org/www
- php-fpm: legacy
+ php-fpm: prod
www51.espace-win.org:
domain: espace-win.org
subdomain: www51
user: web-org-espacewin-www51
php-fpm: prod
# Wolfplex Hackerspace
www.wolfplex.org:
domain: wolfplex.org
subdomain: www
user: web-org-wolfplex-www
php-fpm: prod
env:
DATASTORE: /var/dataroot/wolfplex
CREDENTIAL_PATH_DATASOURCES_SECURITYDATA: /var/dataroot/wolfplex/secrets.json
# -------------------------------------------------------------
# States
#
# Sites with states documenting how to build them
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_content_sls:
#
# Eglide
#
shellserver:
# Directly managed by Eglide project
- .org/eglide
#
# Nasqueron servers
#
mastodon:
- .org/nasqueron/social
webserver-legacy:
# Nasqueron members
- .be/dereckson
# Projects hosted
- .space/hypership
# Directly managed by Nasqueron
- .org/nasqueron/api
- .org/nasqueron/autoconfig
- .org/nasqueron/daeghrefn
- .org/nasqueron/docs
- .org/nasqueron/infra
- .org/nasqueron/labs
- .org/nasqueron/rain
# Wolfplex Hackerspace
- .org/wolfplex/api
- .org/wolfplex/www
# -------------------------------------------------------------
# Sites deployed through Jenkins CD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_content_jenkins_cd:
webserver-legacy:
- api
- assets
- autoconfig
- docker
- docs
- launch
- www
# -------------------------------------------------------------
# Tweaks
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_autochmod:
- /var/wwwroot/dereckson.be/www
diff --git a/roles/webserver-alkane/account/init.sls b/roles/webserver-alkane/account/init.sls
index df078d4..c15545b 100644
--- a/roles/webserver-alkane/account/init.sls
+++ b/roles/webserver-alkane/account/init.sls
@@ -1,31 +1,51 @@
# -------------------------------------------------------------
# Salt — Sites to provision
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# User groups for domains served
#
-# Those account are mostly intended for static content,
+# Those accounts are mostly intended for static content,
# to allow users to access it through group.
#
# The user will often be "deploy" to allow continuous delivery.
# This is provisioned by the core role.
#
# Back-ends runs under their own separate account.
#
# The 9003 group matches "web" group, see webserver-core/nginx
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for domains_group in pillar['web_domains'] %}
{% for domain in pillar['web_domains'][domains_group] %}
webserver_user_{{ domain }}:
user.present:
- name: {{ domain }}
- gid: 9003
- createhome: False
- fullname: Websites account for {{ domain }}
{% endfor %}
{% endfor %}
+
+# -------------------------------------------------------------
+# PHP user accounts
+#
+# Those accounts are intended to serve content through php-fpm.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% for fqdn, site in pillar['web_php_sites'].items() %}
+{% if 'skipCreateUser' not in site or not site['skipCreateUser'] %}
+
+webserver_user_{{ site['user'] }}:
+ user.present:
+ - name: {{ site['user' ] }}
+ - fullname: {{ fqdn }}
+ - gid: 9003
+ - system: True
+ - home: /var/run/web/{{ fqdn }}
+
+{% endif %}
+{% endfor %}
diff --git a/roles/webserver-alkane/alkane/init.sls b/roles/webserver-alkane/alkane/init.sls
index 36d2fc7..312263c 100644
--- a/roles/webserver-alkane/alkane/init.sls
+++ b/roles/webserver-alkane/alkane/init.sls
@@ -1,78 +1,78 @@
# -------------------------------------------------------------
# Salt :: Alkane :: Nasqueron PaaS for static and PHP sites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs, packages, services with context %}
{% set network = salt['node.resolve_network']() %}
# -------------------------------------------------------------
# Software
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
alkane_software:
pkg.installed:
- name: alkane
{{ dirs.etc }}/alkane.conf:
file.managed:
- source: salt://roles/webserver-alkane/alkane/files/alkane.conf
# -------------------------------------------------------------
# Recipes
#
# The _lib/ directoy offers ready-to-use solution for init or update
# You can use them with:
#
# alkane_recipes:
# foo.domain.tld:
# init: git-clone.sh
# update: git-pull.sh
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
recipes_dependencies:
pkg.installed:
- pkgs:
- {{ packages.composer }}
- git
- jq
- yarn
/usr/local/libexec/alkane:
file.recurse:
- source: salt://roles/webserver-alkane/alkane/files/recipes
- dir_mode: 755
- file_mode: 555
{% for site_name, recipes in pillar.get("alkane_recipes", {}).items() %}
-/usr/local/libexec/alkane/{{ site_name }}:
+/usr/local/libexec/alkane/{{ site_name }}:
file.directory
{% for action, recipe in recipes.items() %}
/usr/local/libexec/alkane/{{ site_name }}/{{ action }}:
file.symlink:
- target: /usr/local/libexec/alkane/_lib/{{ recipe }}
{% endfor %}
{% endfor %}
# -------------------------------------------------------------
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if services.manager == "rc" %}
/etc/rc.conf.d/alkane:
file.managed:
- source: salt://roles/webserver-alkane/alkane/files/alkane.rc
- template: jinja
- context:
address: {{ network["private_ipv4_address"] | default("localhost") }}
alkane_service:
service.running:
- name: alkane
{% endif %}
diff --git a/roles/webserver-alkane/init.sls b/roles/webserver-alkane/init.sls
index 4c7a885..8f95169 100644
--- a/roles/webserver-alkane/init.sls
+++ b/roles/webserver-alkane/init.sls
@@ -1,11 +1,12 @@
# -------------------------------------------------------------
# Salt :: Alkane :: Nasqueron PaaS for static and PHP sites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- .account
- .alkane
- .directories
+ - .php
diff --git a/roles/webserver-legacy/php-sites/cleanup.sls b/roles/webserver-alkane/php/cleanup.sls
similarity index 100%
rename from roles/webserver-legacy/php-sites/cleanup.sls
rename to roles/webserver-alkane/php/cleanup.sls
diff --git a/roles/webserver-alkane/php/files/php-fpm-pool.conf b/roles/webserver-alkane/php/files/php-fpm-pool.conf
new file mode 100644
index 0000000..3a8a0ed
--- /dev/null
+++ b/roles/webserver-alkane/php/files/php-fpm-pool.conf
@@ -0,0 +1,49 @@
+; -------------------------------------------------------------
+; php-fpm pool configuration
+; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+; Project: Nasqueron
+; License: Trivial work, not eligible to copyright
+; Source file: roles/webserver-alkane/php/files/php-fpm-pool.conf
+; -------------------------------------------------------------
+;
+; <auto-generated>
+; This file is managed by our rOPS SaltStack repository.
+;
+; Changes to this file may cause incorrect behavior
+; and will be lost if the state is redeployed.
+; </auto-generated>
+
+[{{ user }}]
+listen = /var/run/web/{{ fqdn }}/php-fpm.sock
+listen.owner = {{ user }}
+listen.group = web
+listen.mode = 0660
+
+user = {{ user }}
+group = web
+
+pm = ondemand
+pm.max_children = 8
+pm.process_idle_timeout = 10s
+pm.max_requests = 50
+
+slowlog = /var/log/www/{{ domain }}/{{ subdomain }}-php-slow.log
+request_slowlog_timeout = {{ slow_delay }}
+
+catch_workers_output = yes
+php_admin_value[error_log] = /var/log/www/{{ domain }}/{{ subdomain }}-php.log
+php_flag[display_errors] = {{ display_errors }}
+php_flag[display_startup_errors] = {{ display_errors }}
+php_admin_flag[log_errors] = on
+
+{% if 'wordpress' in capabilities -%}
+; Allow Wordpress to process large images
+php_value[memory_limit] = 1024M
+{%- endif %}
+
+; Don't flood /tmp (T417)
+php_value[session.save_path] = /var/tmp/php/sessions/{{ fqdn }}
+
+{%- for key, value in env.items() %}
+env["{{ key }}"] = {{ value }}
+{%- endfor -%}
diff --git a/roles/webserver-alkane/php/files/php-fpm.conf b/roles/webserver-alkane/php/files/php-fpm.conf
new file mode 100644
index 0000000..3cf5711
--- /dev/null
+++ b/roles/webserver-alkane/php/files/php-fpm.conf
@@ -0,0 +1,33 @@
+; -------------------------------------------------------------
+; php-fpm instance configuration
+; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+; Project: Nasqueron
+; License: Trivial work, not eligible to copyright
+; Source file: roles/webserver-alkane/php/files/php-fpm.conf
+; -------------------------------------------------------------
+;
+; <auto-generated>
+; This file is managed by our rOPS SaltStack repository.
+;
+; Changes to this file may cause incorrect behavior
+; and will be lost if the state is redeployed.
+; </auto-generated>
+
+; -------------------------------------------------------------
+; Global directives
+; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+[global]
+pid = /var/run/php-fpm-{{ instance }}.pid
+error_log = /var/log/php-fpm-{{ instance }}.log
+
+emergency_restart_threshold = 10
+emergency_restart_interval = 1h
+
+process.max = 100
+
+; -------------------------------------------------------------
+; Pool definitions
+; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+include=/usr/local/etc/php-fpm.d/{{ instance }}-pools/*.conf
diff --git a/roles/webserver-alkane/php/files/php.ini b/roles/webserver-alkane/php/files/php.ini
new file mode 100644
index 0000000..b6ef792
--- /dev/null
+++ b/roles/webserver-alkane/php/files/php.ini
@@ -0,0 +1,37 @@
+; -------------------------------------------------------------
+; PHP configuration
+; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+; Project: Nasqueron
+; License: Trivial work, not eligible to copyright
+; Source file: roles/webserver-alkane/php/files/php.ini
+; -------------------------------------------------------------
+;
+; <auto-generated>
+; This file is managed by our rOPS SaltStack repository.
+;
+; Changes to this file may cause incorrect behavior
+; and will be lost if the state is redeployed.
+; </auto-generated>
+
+[Date]
+; Place de la bastille, Paris
+date.default_latitude = 48.853139
+date.default_longitude = 2.369111
+date.timezone = "UTC"
+
+{% if "set_mysql_sockets" in tasks -%}
+[MySQLi]
+mysqli.default_socket = /var/run/mysql/mysqld.sock
+
+[Pdo_mysql]
+pdo_mysql.default_socket = /var/run/mysql/mysqld.sock
+{%- endif %}
+
+{% if "optimize_opcache" in tasks -%}
+[opcache]
+opcache.max_accelerated_files = 20000
+opcache.memory_consumption = 512
+
+opcache.validate_timestamps = 0
+opcache.file_update_protection = 0
+{%- endif %}
diff --git a/roles/webserver-legacy/php-sites/files/rc/instances b/roles/webserver-alkane/php/files/rc/instances
similarity index 88%
rename from roles/webserver-legacy/php-sites/files/rc/instances
rename to roles/webserver-alkane/php/files/rc/instances
index ae905e9..4a2db28 100644
--- a/roles/webserver-legacy/php-sites/files/rc/instances
+++ b/roles/webserver-alkane/php/files/rc/instances
@@ -1,17 +1,17 @@
# -------------------------------------------------------------
# php-fpm
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/webserver-legacy/php-sites/files/rc/instances
+# Source file: roles/webserver-alkane/php/files/rc/instances
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
php_fpm_enable="YES"
php_fpm_instances="{{ instances }}"
diff --git a/roles/webserver-legacy/php-sites/files/rc/per_instance b/roles/webserver-alkane/php/files/rc/per_instance
similarity index 89%
rename from roles/webserver-legacy/php-sites/files/rc/per_instance
rename to roles/webserver-alkane/php/files/rc/per_instance
index 7fc9078..1cb9949 100644
--- a/roles/webserver-legacy/php-sites/files/rc/per_instance
+++ b/roles/webserver-alkane/php/files/rc/per_instance
@@ -1,19 +1,19 @@
# -------------------------------------------------------------
# php-fpm
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/webserver-legacy/php-sites/files/rc/per_instance
+# Source file: roles/webserver-alkane/php/files/rc/per_instance
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
php_fpm_{{ instance }}_enable="YES"
{% if command %}
php_fpm_{{ instance }}_command="{{ command }}"
{% endif %}
diff --git a/roles/webserver-legacy/php-sites/files/rc/php-fpm b/roles/webserver-alkane/php/files/rc/php-fpm
similarity index 83%
rename from roles/webserver-legacy/php-sites/files/rc/php-fpm
rename to roles/webserver-alkane/php/files/rc/php-fpm
index 58a0ed5..645c7db 100644
--- a/roles/webserver-legacy/php-sites/files/rc/php-fpm
+++ b/roles/webserver-alkane/php/files/rc/php-fpm
@@ -1,126 +1,142 @@
#!/bin/sh
# PROVIDE: php-fpm
# REQUIRE: LOGIN
# KEYWORD: shutdown
+# -------------------------------------------------------------
+# php-fpm
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/webserver-alkane/php/files/rc/php-fpm
+# Descrioption: Custom service allowing to manage several pools
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
# Add the following lines to /etc/rc.conf to enable php-fpm:
# php_fpm_(instance_)?enable (bool): Set to "NO" by default.
# Set it to "YES" to enable php-fpm.
# php_fpm_(instance_)?umask (str): Custom PID file path and name.
# Set it to to define umask before process start
# php_fpm_(instance_)?command (str): Command to run
# Default to /usr/local/sbin/php-fpm (port binary)
# php_fpm_instances (str): Set to "" by default.
# If defined, list of instances to enable
. /etc/rc.subr
name="php_fpm"
rcvar=php_fpm_enable
start_precmd="php_fpm_prestart"
restart_precmd="php_fpm_checkconfig"
reload_precmd="php_fpm_checkconfig"
configtest_cmd="php_fpm_checkconfig"
load_rc_config "$name"
: ${php_fpm_enable="NO"}
: ${php_fpm_umask=""}
: ${php_fpm_command="/usr/local/sbin/php-fpm"}
extra_commands="reload configtest logrotate"
sig_stop="QUIT"
sig_reload="USR2"
logrotate_cmd="php_fpm_logrotate"
# Instances logic has been forked from the MySQL port rc service code.
if [ -n "$2" ]; then
instance="$2"
load_rc_config ${name}_${instance}
case "$php_fpm_instances" in
"$2 "*|*" $2 "*|*" $2"|"$2")
eval php_fpm_umask="\${php_fpm_${instance}_umask:-\"${php_fpm_umask}\"}"
eval php_fpm_command="\${php_fpm_${instance}_command:-\"${php_fpm_command}\"}"
php_fpm_pidfile="/var/run/php-fpm-${instance}.pid"
php_fpm_conf="/usr/local/etc/php-fpm.d/${instance}.conf"
php_fpm_name=${instance}
;;
*)
err 1 "$2 not found in php_fpm_instances" ;;
esac
else
if [ -n "${php_fpm_instances}" -a -n "$1" ]; then
for instance in ${php_fpm_instances}; do
eval _enable="\${php_fpm_${instance}_enable}"
case "${_enable:-${php_fpm_enable}}" in
[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
continue
;;
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
;;
*)
if [ -z "$_enable" ]; then
_var=php_fpm_enable
else
_var=php_fpm_${instance}_enable
fi
warn "Bad value" \
"'${_enable:-${php_fpm_enable}}'" \
"for ${_var}. " \
"Instance ${instance} skipped."
continue
;;
esac
echo "===> php-fpm instance: ${instance}"
if /usr/local/etc/rc.d/php-fpm $1 ${instance}; then
success="${instance} ${success}"
else
failed="${instance} (${retcode}) ${failed}"
fi
done
exit 0
else
php_fpm_pidfile=/var/run/php-fpm.pid
php_fpm_conf=/usr/local/etc/php-fpm.conf
fi
fi
command=${php_fpm_command}
command_args="--fpm-config ${php_fpm_conf}"
pidfile="${php_fpm_pidfile}"
required_files="${php_fpm_conf}"
php_fpm_logrotate() {
if [ -z "$rc_pid" ]; then
_run_rc_notrunning
return 1
fi
echo "Rotating logs $name."
kill -USR1 $rc_pid
}
php_fpm_checkconfig()
{
echo "Performing sanity check on php-fpm configuration:"
eval ${command} -t --fpm-config "${php_fpm_conf}"
}
php_fpm_prestart()
{
php_fpm_checkconfig
checkconfig=$?
if [ $checkconfig -ne 0 ]; then
return $checkconfig
fi
if [ ! -z "$php_fpm_umask" ]; then
echo "Setting umask to: ${php_fpm_umask}"
umask $php_fpm_umask
fi
}
run_rc_command "$1"
diff --git a/roles/webserver-legacy/php-sites/init.sls b/roles/webserver-alkane/php/init.sls
similarity index 93%
copy from roles/webserver-legacy/php-sites/init.sls
copy to roles/webserver-alkane/php/init.sls
index d483c42..3ee5c0b 100644
--- a/roles/webserver-legacy/php-sites/init.sls
+++ b/roles/webserver-alkane/php/init.sls
@@ -1,13 +1,12 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .account
- - .files
- .php
- .php-fpm
+ - .service
- .cleanup
diff --git a/roles/webserver-legacy/php-sites/php-fpm.sls b/roles/webserver-alkane/php/php-fpm.sls
similarity index 59%
copy from roles/webserver-legacy/php-sites/php-fpm.sls
copy to roles/webserver-alkane/php/php-fpm.sls
index 158771f..901447a 100644
--- a/roles/webserver-legacy/php-sites/php-fpm.sls
+++ b/roles/webserver-alkane/php/php-fpm.sls
@@ -1,101 +1,85 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites — php-fpm pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Configuration : instances
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for instance, config in pillar['php_fpm_instances'].items() %}
php-fpm_config_{{ instance }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/{{ instance }}.conf
- - source: salt://roles/webserver-legacy/php-sites/files/php-fpm.conf
+ - source: salt://roles/webserver-alkane/php/files/php-fpm.conf
- template: jinja
- context:
instance: {{ instance }}
{{ dirs.etc }}/php-fpm.d/{{ instance }}-pools:
file.directory
{% endfor %}
# -------------------------------------------------------------
# Configuration : pools
#
# Sockets are created in /var/run/web/<site user>/php-fpm.sock
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/run/web:
file.directory:
- group: web
- dir_mode: 711
{% for fqdn, site in pillar['web_php_sites'].items() %}
php-fpm_pool_{{ site['user'] }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/{{ site['php-fpm'] }}-pools/{{ site['user'] }}.conf
- - source: salt://roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
+ - source: salt://roles/webserver-alkane/php/files/php-fpm-pool.conf
- template: jinja
- context:
fqdn: {{ fqdn }}
domain: {{ site['domain'] }}
subdomain: {{ site['subdomain'] }}
user: {{ site['user' ] }}
- display_errors: {{ site['display_errors']|default('off') }}
- slow_delay: {{ site['slow_delay']|default('5s') }}
- env : {{ site['env']|default({}) }}
- capabilities: {{ site['capabilities']|default([]) }}
+ display_errors: {{ site['display_errors'] | default('off') }}
+ slow_delay: {{ site['slow_delay'] | default('5s') }}
+ env : {{ site['env'] | default({}) }}
+ capabilities: {{ site['capabilities'] | default([]) }}
/var/log/www/{{ site['domain' ] }}/{{ site['subdomain' ] }}-php.log:
file.managed:
- replace: False
- user: {{ site['user'] }}
- group: web
- chmod: 600
{% endfor %}
# -------------------------------------------------------------
-# Service
+# Sessions directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
-
-{% set instances = " ".join(pillar['php_fpm_instances'].keys()) %}
-
-# roles/webserver-legacy/php-sites/files/rc/php-fpm
-
-/usr/local/etc/rc.d/php-fpm:
- file.managed:
- - source: salt://roles/webserver-legacy/php-sites/files/rc/php-fpm
- - mode: 755
-
-/etc/rc.conf.d/php_fpm:
- file.directory
+/var/tmp/php:
+ file.directory:
+ - mode: 1770
+ - group: web
-/etc/rc.conf.d/php_fpm/instances:
- file.managed:
- - source: salt://roles/webserver-legacy/php-sites/files/rc/instances
- - template: jinja
- - context:
- instances: {{ instances }}
+/var/tmp/php/sessions:
+ file.directory:
+ - mode: 1770
+ - group: web
-{% for instance, config in pillar['php_fpm_instances'].items() %}
-/etc/rc.conf.d/php_fpm/{{ instance }}:
- file.managed:
- - source: salt://roles/webserver-legacy/php-sites/files/rc/per_instance
- - template: jinja
- - context:
- instance: {{ instance }}
- command: {{ config['command'] | default('') }}
+{% for fqdn, site in pillar['web_php_sites'].items() %}
+/var/tmp/php/sessions/{{ fqdn }}:
+ file.directory:
+ - mode: 700
+ - user: {{ site['user'] }}
{% endfor %}
-
-{% endif %}
diff --git a/roles/webserver-alkane/php/php.sls b/roles/webserver-alkane/php/php.sls
new file mode 100644
index 0000000..c7d4fa3
--- /dev/null
+++ b/roles/webserver-alkane/php/php.sls
@@ -0,0 +1,102 @@
+# -------------------------------------------------------------
+# Salt — Provision PHP websites — php-fpm pools
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs, packages, packages_prefixes with context %}
+
+{% set is_devserver = salt['node.has_role']('devserver') %}
+
+# -------------------------------------------------------------
+# Install PHP through packages
+#
+# The extensions cover a standard PHP installation,
+# and the needs of the known applications we use.
+#
+# If you need Debian compatibility, this list should be
+# replaced by the shellserver one.
+#
+# The devserver role already install PHP through two layers:
+# - roles/shellserver/userland-software/base.sls
+# - roles/devserver/userland-software/dev.sls
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if not is_devserver %}
+
+php_software:
+ pkg.installed:
+ - pkgs:
+ - php82
+
+ # PHP extensions
+ - {{ packages_prefixes.php }}bcmath
+ - {{ packages_prefixes.php }}curl
+ - {{ packages_prefixes.php }}gd
+ - {{ packages_prefixes.php }}intl
+ - {{ packages_prefixes.php }}mbstring
+ - {{ packages_prefixes.php }}soap
+ - {{ packages_prefixes.php }}xml
+ - {{ packages_prefixes.php }}xsl
+
+ - {{ packages_prefixes.php }}calendar
+ - {{ packages_prefixes.php }}ctype
+ - {{ packages_prefixes.php }}dom
+ - {{ packages_prefixes.php }}fileinfo
+ - {{ packages_prefixes.php }}filter
+ - {{ packages_prefixes.php }}iconv
+ - {{ packages_prefixes.php }}mysqli
+ - {{ packages_prefixes.php }}pcntl
+ - {{ packages_prefixes.php }}pdo
+ - {{ packages_prefixes.php }}phar
+ - {{ packages_prefixes.php }}session
+ - {{ packages_prefixes.php }}simplexml
+ - {{ packages_prefixes.php }}sockets
+ - {{ packages_prefixes.php }}tokenizer
+ - {{ packages_prefixes.php }}xmlreader
+ - {{ packages_prefixes.php }}xmlwriter
+ - {{ packages_prefixes.php }}zlib
+
+ - {{ packages_prefixes.php }}pdo_mysql
+ - {{ packages_prefixes.php }}pdo_pgsql
+ - {{ packages_prefixes.php }}pdo_sqlite
+
+ # PECL extensions
+ - {{ packages_prefixes.pecl }}yaml
+
+ # PHP utilities
+ - {{ packages.composer }}
+
+{% endif %}
+
+# -------------------------------------------------------------
+# PHP global configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/php.ini:
+ file.managed:
+ - source: salt://roles/webserver-alkane/php/files/php.ini
+ - template: jinja
+ - context:
+ tasks:
+ {% if is_devserver %}
+ # Since D2655, devserver uses /var/run/mysql
+ # This is not needed on production as MySQL is on another node
+ - set_mysql_sockets
+ {% else %}
+ # Enable Opcache, with aggressive caching
+ # This is not suitable in devserver: it needs a php-fpm restart
+ # when a PHP site is updated to invalidate the cache
+ - optimize_opcache
+ {% endif %}
+
+{% for build in pillar.get('php_custom_builds', {}) %}
+/opt/php/{{ build }}/lib/php.ini:
+ file.managed:
+ - source: {{ dirs.etc }}/php.ini:
+{% endfor %}
+
+# T1728 - xdebug should be disabled by default and invoked when needed
+/usr/local/etc/php/ext-20-xdebug.ini:
+ file.absent
diff --git a/roles/webserver-alkane/php/service.sls b/roles/webserver-alkane/php/service.sls
new file mode 100644
index 0000000..5e130e1
--- /dev/null
+++ b/roles/webserver-alkane/php/service.sls
@@ -0,0 +1,41 @@
+# -------------------------------------------------------------
+# Salt — Provision PHP websites — php-fpm service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains['os'] == 'FreeBSD' %}
+
+{% set instances = " ".join(pillar['php_fpm_instances'].keys()) %}
+
+/usr/local/etc/rc.d/php-fpm:
+ file.managed:
+ - source: salt://roles/webserver-alkane/php/files/rc/php-fpm
+ - mode: 755
+
+/etc/rc.conf.d/php_fpm:
+ file.directory
+
+/etc/rc.conf.d/php_fpm/instances:
+ file.managed:
+ - source: salt://roles/webserver-alkane/php/files/rc/instances
+ - template: jinja
+ - context:
+ instances: {{ instances }}
+
+{% for instance, config in pillar['php_fpm_instances'].items() %}
+/etc/rc.conf.d/php_fpm/{{ instance }}:
+ file.managed:
+ - source: salt://roles/webserver-alkane/php/files/rc/per_instance
+ - template: jinja
+ - context:
+ instance: {{ instance }}
+ command: {{ config['command'] | default('') }}
+{% endfor %}
+
+{% endif %}
diff --git a/roles/webserver-legacy/php-sites/account.sls b/roles/webserver-legacy/php-sites/account.sls
deleted file mode 100644
index 359fe05..0000000
--- a/roles/webserver-legacy/php-sites/account.sls
+++ /dev/null
@@ -1,24 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Provision PHP websites
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# -------------------------------------------------------------
-# Sites user accounts
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{% for fqdn, site in pillar['web_php_sites'].items() %}
-{% if 'skipCreateAccount' not in site or not site['skipCreateAccount'] %}
-
-web_account_{{ site['user'] }}:
- user.present:
- - name: {{ site['user' ] }}
- - fullname: {{ fqdn }}
- - gid: web
- - system: True
- - home: /var/run/web/{{ fqdn }}
-
-{% endif %}
-{% endfor %}
diff --git a/roles/webserver-legacy/php-sites/init.sls b/roles/webserver-legacy/php-sites/init.sls
index d483c42..be77b9e 100644
--- a/roles/webserver-legacy/php-sites/init.sls
+++ b/roles/webserver-legacy/php-sites/init.sls
@@ -1,13 +1,13 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .account
- .files
- .php
- .php-fpm
- - .cleanup
+ - roles/webserver-alkane/php/service
+ - roles/webserver-alkane/php/cleanup
diff --git a/roles/webserver-legacy/php-sites/php-fpm.sls b/roles/webserver-legacy/php-sites/php-fpm.sls
index 158771f..0b68e13 100644
--- a/roles/webserver-legacy/php-sites/php-fpm.sls
+++ b/roles/webserver-legacy/php-sites/php-fpm.sls
@@ -1,101 +1,64 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites — php-fpm pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Configuration : instances
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for instance, config in pillar['php_fpm_instances'].items() %}
php-fpm_config_{{ instance }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/{{ instance }}.conf
- source: salt://roles/webserver-legacy/php-sites/files/php-fpm.conf
- template: jinja
- context:
instance: {{ instance }}
{{ dirs.etc }}/php-fpm.d/{{ instance }}-pools:
file.directory
{% endfor %}
# -------------------------------------------------------------
# Configuration : pools
#
# Sockets are created in /var/run/web/<site user>/php-fpm.sock
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/run/web:
file.directory:
- group: web
- dir_mode: 711
{% for fqdn, site in pillar['web_php_sites'].items() %}
php-fpm_pool_{{ site['user'] }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/{{ site['php-fpm'] }}-pools/{{ site['user'] }}.conf
- source: salt://roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
- template: jinja
- context:
fqdn: {{ fqdn }}
domain: {{ site['domain'] }}
subdomain: {{ site['subdomain'] }}
user: {{ site['user' ] }}
display_errors: {{ site['display_errors']|default('off') }}
slow_delay: {{ site['slow_delay']|default('5s') }}
env : {{ site['env']|default({}) }}
capabilities: {{ site['capabilities']|default([]) }}
/var/log/www/{{ site['domain' ] }}/{{ site['subdomain' ] }}-php.log:
file.managed:
- replace: False
- user: {{ site['user'] }}
- group: web
- chmod: 600
{% endfor %}
-
-# -------------------------------------------------------------
-# Service
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{% if grains['os'] == 'FreeBSD' %}
-
-{% set instances = " ".join(pillar['php_fpm_instances'].keys()) %}
-
-# roles/webserver-legacy/php-sites/files/rc/php-fpm
-
-/usr/local/etc/rc.d/php-fpm:
- file.managed:
- - source: salt://roles/webserver-legacy/php-sites/files/rc/php-fpm
- - mode: 755
-
-/etc/rc.conf.d/php_fpm:
- file.directory
-
-/etc/rc.conf.d/php_fpm/instances:
- file.managed:
- - source: salt://roles/webserver-legacy/php-sites/files/rc/instances
- - template: jinja
- - context:
- instances: {{ instances }}
-
-{% for instance, config in pillar['php_fpm_instances'].items() %}
-/etc/rc.conf.d/php_fpm/{{ instance }}:
- file.managed:
- - source: salt://roles/webserver-legacy/php-sites/files/rc/per_instance
- - template: jinja
- - context:
- instance: {{ instance }}
- command: {{ config['command'] | default('') }}
-{% endfor %}
-
-{% endif %}

File Metadata

Mime Type
text/x-diff
Expires
Sun, Nov 24, 23:53 (13 h, 10 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2259223
Default Alt Text
(36 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator