bundles/php: introduce

This commit is contained in:
Franzi 2020-10-31 13:00:38 +01:00
parent e2d8923dee
commit f8bc4b2ad9
Signed by: kunsi
GPG key ID: 12E3D2136B818350
8 changed files with 299 additions and 3 deletions

View file

@ -0,0 +1,26 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REDIRECT_STATUS 200;
# This is the only thing that's different to the debian default.
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

View file

@ -63,13 +63,13 @@ server {
% if php: % if php:
location ~ \.php$ { location ~ \.php$ {
include fastcgi_params; include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.3-fpm.sock; fastcgi_pass unix:/run/php/php${php_version}-fpm.sock;
} }
% endif % endif
% if extras: % if extras:
<%include file="extras/${node.name}/${domain}" /> <%include file="extras/${node.name}/${vhost}" />
% endif % endif
} }

View file

@ -15,6 +15,11 @@ files = {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
}, },
}, },
'/etc/nginx/fastcgi.conf': {
'triggers': {
'svc_systemd:nginx:restart',
},
},
'/etc/nginx/sites/stub_status': { '/etc/nginx/sites/stub_status': {
'triggers': { 'triggers': {
'svc_systemd:nginx:restart', 'svc_systemd:nginx:restart',
@ -60,6 +65,7 @@ for vhost, config in node.metadata.get('nginx', {}).get('vhosts', {}).items():
'content_type': 'mako', 'content_type': 'mako',
'context': { 'context': {
'vhost': vhost, 'vhost': vhost,
'php_version': node.metadata.get('php', {}).get('version', ''),
**config, **config,
}, },
'needs': set(), 'needs': set(),

View file

@ -0,0 +1,23 @@
[global]
pid=/run/php/php7.4-fpm.pid
; We're using journal, put logs there
error_log=/var/log/php7.4-fpm.log
daemonize=yes
; The one and only worker pool we have
[www]
user=www-data
group=www-data
listen=/run/php/php7.4-fpm.sock
listen.owner=www-data
listen.group=www-data
listen.mode=0600
; Process Manager Settings
pm=dynamic
pm.max_children=${num_cpus*4}
pm.start_servers=${num_cpus}
pm.max_spare_servers=${num_cpus*2}
pm.min_spare_servers=${num_cpus}
pm.process_idle_timeout=30s
pm.max_requests=1024

View file

@ -0,0 +1,99 @@
[PHP]
; Only needed for libapache2-mod-php?
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
serialize_precision = -1
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals
ignore_user_abort = Off
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 256M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
html_errors = On
error_log = syslog
syslog.ident = php7.4
syslog.filter = ascii
arg_separator.output = "&amp;"
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = ${post_max_size}M
default_mimetype = "text/html"
default_charset = "UTF-8"
enable_dl = Off
file_uploads = On
upload_max_filesize = ${post_max_size}M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 10
[CLI Server]
cli_server.color = On
[mail function]
mail.add_x_header = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 32
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 6
[Assertion]
zend.assertions = -1

53
bundles/php/items.py Normal file
View file

@ -0,0 +1,53 @@
version = node.metadata['php']['version']
files = {
f'/etc/php/{version}/fpm/php-fpm.conf': {
'source': f'{version}/fpm.conf',
'content_type': 'mako',
'context': {
'num_cpus': node.metadata['vm']['cpu'],
},
'needs': {
# "all php packages"
'pkg_apt:'
},
'triggers': {
f'svc_systemd:php{version}-fpm:restart',
},
},
f'/etc/php/{version}/fpm/php.ini': {
'source': f'{version}/php.ini',
'context': {
'num_cpus': node.metadata['vm']['cpu'],
'post_max_size': node.metadata['php'].get('post_max_size', 10),
},
'needs': {
# "all php packages"
'pkg_apt:'
},
'triggers': {
f'svc_systemd:php{version}-fpm:restart',
},
},
f'/etc/php/{version}/cli/php.ini': {
'source': f'{version}/php.ini',
'context': {
'num_cpus': node.metadata['vm']['cpu'],
'post_max_size': node.metadata['php'].get('post_max_size', 10),
},
'needs': {
# "all php packages"
'pkg_apt:'
},
},
}
svc_systemd = {
f'php{version}-fpm': {
'needs': {
'pkg_apt:',
f'file:/etc/php/{version}/fpm/php-fpm.conf',
f'file:/etc/php/{version}/fpm/php.ini',
},
},
}

47
bundles/php/metadata.py Normal file
View file

@ -0,0 +1,47 @@
defaults = {
'apt': {
'repos': {
'php': {
'items': {
'deb https://packages.sury.org/php/ {os_release} main',
},
},
},
},
}
@metadata_reactor
def php_packages_with_features(metadata):
version = metadata.get('php/version')
packages = {
f'php{version}': {
'triggers': {
f'svc_systemd:php{version}-fpm:restart',
}
},
f'php{version}-cli': {
'triggers': {
f'svc_systemd:php{version}-fpm:restart',
}
},
f'php{version}-fpm': {
'triggers': {
f'svc_systemd:php{version}-fpm:restart',
}
},
}
for package in metadata.get('php/packages', set()):
packages[f'php{version}-{package}'] = {
'triggers': {
f'svc_systemd:php{version}-fpm:restart',
}
}
return {
'apt': {
'packages': packages,
},
}

View file

@ -0,0 +1,42 @@
-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking
mQGNBFyPb58BDADTDlJLrGJktWDaUT0tFohjFxy/lL2GcVYp4zB981MWIDC0aIQZ
ERfUZRaq/ov/LG3F0UhkvouCNrnXiFaKRCeNG52pQM0P/p3gmIOoPO4/jF0o3SK1
Aapf/NaKTh3EgeYYCnVKuxdXGqyu1JT4qfztsmUGmODzxVr+/YJLP54jrCUgI3lj
4zEeTBDexQvnlVUF59U1/ipMq4iWqqth8/aMsoZl3Ztfcc87jBFbJIoeQMhZtNZk
Ik7L15aYIZXWY2byBy6LB42HPm9DwM99l2eY4EXGfAq/UQeYbDGonibBqrDURggH
rkLfG7ZfoexF67/9S2s6VYfS4npWVfw2SEPTfSBdibElbGncd+p9Wb6SovqapCPl
crkLgPhBAz/R9M7E/G3zedmiEhsV78pBF3bup+nQVvBVtV/NucN5N6LkAclT4O3F
flGZa1/mJcpgjVapT6duY0POXczfS6ts55x2BE0UfYtXfRnVnHtu2+j8kqYG3N1G
sfVnzRkwtTWBMxMAEQEAAbQxREVCLlNVUlkuT1JHIEF1dG9tYXRpYyBTaWduaW5n
IEtleSA8ZGViQHN1cnkub3JnPokB1AQTAQoAPhYhBBUFhQCgI12X9dEAY7GI4raV
vUdDBQJcj2+fAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELGI
4raVvUdDROUMANJjLVGk6TLYZKyRc8HZXyMRmw55nCQXsy8DHen6H7MuZHaxV9sf
1tF1cQwPnv3HFlg7nZBFszyReW7s3LOcPuNXS90Sk5o7WLqVMkE+t46iNNGuIt3s
WxPdYqY4ueCnUHHEFDKhlwlJnNh3+yVNci4nV+6SlzoasEjy5P82+pviop3viSlA
8lgXdOYERRqZ1wh0Vip5gxcNIdm+TqWINI9+7T/87GfZzn84Zlvd0GnfjT6aN6RC
sIADIOqJUW/TPzvdytwlXc4oZvqk47P0YePS6VFd+TrIRHHsmYxwTVPNjCT7eMz6
AfEtPbTZHWI9oOWU+tiAogeR7k1yORknf+HcLZ1RnfDxyWgEh/p9eWuBeNCgLVSF
tcYCJvRU8OFwRPz8B7rs3/tjrabrkV8iVaEeiCZkqPpaqZF6QaY2Z2YmZEtFsUMb
rVwLbfBj4+3CSY90rlRolZDJjea6oXtjWXPXANSJ5gJZI9qFbX0WBXJ7dilrfUfH
wrsqkH97072OTbkBjQRcj2+fAQwA4McaM/y2XQSHlJBSYR7yqZtHX/kZ8g9pnViq
kCEADz8XKCroEzvY1gaWtR6obtjaq8pF0g4KtAC65/gIOtsHvWg3OclrODPkXN+x
OM1LpXZGV6kwk+LXOrybtPhVZe3FtvDMW0MVZeHYi+soZ4tTQHkKjZUPAXZs3ZoZ
rWfE5ft447sCxzX+jxDwwlckkKqZ9sHYD0TV8Y5av3RsxiWBt+coch8jvw+1mDZ0
zBjMO8ZRD8PuvP9UTKCNOIm0mW9A2cUfpkk/uAwo5hCnw4iljS81/KKGM/scwc5K
x6G3WWoAb8kajt0VFG/wYN2qjfjdhXtdu3ZxYtDdjA2UGGRbgkCsr+gRCnSTiuwv
LzCVZCz9WNzZjUMg6LFP2IrHned4Kdy4KjJo+g/weKJoxfKokZ/9vUYpw5OYx3UE
SUk3yHDN9r/JC4RJJ2tE2qkeggJ892RJGxUK/Lw3/7jIQKalO3Qx2zYUqnCYMC9g
PhQGH+F9kwSpGVwb0DKFT6gR9Pt3ABEBAAGJAbwEGAEKACYWIQQVBYUAoCNdl/XR
AGOxiOK2lb1HQwUCXI9vnwIbDAUJA8JnAAAKCRCxiOK2lb1HQ9pWDACel7BTcpj9
qYJOkEx9eAVH1LmdP5oHAJSe4fYVIc5Tn6X0J1pdju+UJvtUS6WQu7pfcsQ7IkbK
XVygaw/YPqk/tE/vJVUaCGlzAaVHO7y5ZM0cdDquOgmo/RZe2WNVFhVEPILjz+qc
mX1OVeTElCu4iR/5CD0ocWZmdFvMRitKL+Nt5/pS8yXRfQlXaUxerLvx27QhwpHX
HFGNgbI8Tj/yCUCButZvDKUc+5o9WCYHvt/bf6VcNY6P585J0+CF1vAyfWQ9KCyC
F5CplURsNPMKAdkPo7vKRq6qviJpeWjJzXPkADfVnfhW9GMna8bPi86NJo1PkGcb
1IInxGmNRmnCqtqyPFd+AFGk2OFuEqeDw7GvjB5zD5u1vIdH3WE0Q+D0xxLfaxJ7
1qmhuTPRnpWqfmdA2tnuFOZ+Th4HRfbyA4IoJr3U8FuFXJnJdoBjh6+pJacI9UYr
IcNyOoi1I35gHvFoKJ7Ut9deNdKMeN3bAR+1JShVtdROzgGtPj/bMFg=
=74SA
-----END PGP ARMORED FILE-----