From 1bdb39c6dd8ccaf76d8a4aa2e9486069afd2d476 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 19:01:24 +0200 Subject: impelement itk plus mode itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances. --- manifests/centos/itk_plus.pp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 manifests/centos/itk_plus.pp (limited to 'manifests/centos/itk_plus.pp') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp new file mode 100644 index 0000000..f73be04 --- /dev/null +++ b/manifests/centos/itk_plus.pp @@ -0,0 +1,15 @@ +# http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ +class apache::centos::itk_plus inherits apache::centos::itk { + Line['pidfile_httpd.conf','listen_httpd.conf']{ + ensure => absent, + } + + Apache::Config::Global['00-listen.conf']{ + ensure => present, + content => template("apache/itk_plus/${operatingsystem}/00-listen.conf.erb"), + } + + File['apache_service_config']{ + source => "puppet:///modules/apache/service/CentOS/httpd.itk_plus" + } +} -- cgit v1.2.3 From b3a17cff5315fbbda901a6f1d406c3500cf65a3a Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 21:51:22 +0200 Subject: fix various missing things for itk_plus mode --- manifests/centos/itk_plus.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/centos/itk_plus.pp') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index f73be04..0bdb744 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -5,7 +5,7 @@ class apache::centos::itk_plus inherits apache::centos::itk { } Apache::Config::Global['00-listen.conf']{ - ensure => present, + ensure => 'present', content => template("apache/itk_plus/${operatingsystem}/00-listen.conf.erb"), } -- cgit v1.2.3 From 3b1eaddf445f00162b9f58bf83bd0bff772564df Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Nov 2011 22:42:40 +0100 Subject: we use now file_line --- manifests/centos/itk_plus.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/centos/itk_plus.pp') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index 0bdb744..c034e8b 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -1,6 +1,6 @@ # http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ class apache::centos::itk_plus inherits apache::centos::itk { - Line['pidfile_httpd.conf','listen_httpd.conf']{ + File_line['pidfile_httpd.conf','listen_httpd.conf']{ ensure => absent, } -- cgit v1.2.3 From d186ff759ee7e122a7767ce7e8c50f86cd6a2c9e Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Nov 2011 23:57:55 +0100 Subject: as file_line lacks ensure => absent, we have to do it with a sed --- manifests/centos/itk_plus.pp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'manifests/centos/itk_plus.pp') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index c034e8b..9bcd8ca 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -1,7 +1,12 @@ # http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ class apache::centos::itk_plus inherits apache::centos::itk { - File_line['pidfile_httpd.conf','listen_httpd.conf']{ - ensure => absent, + Exec['adjust_pidfile']{ + command => "sed -i 's/^PidFile \(.*\)/#PidFile \1/g' /etc/httpd/conf/httpd.conf", + unless => "grep -qE '^#PidFile ' /etc/httpd/conf/httpd.conf", + } + Exec['adjust_listen']{ + command => "sed -i 's/^Listen \(.*\)/#Listen \1/g' /etc/httpd/conf/httpd.conf", + unless => "grep -qE '^#Listen ' /etc/httpd/conf/httpd.conf", } Apache::Config::Global['00-listen.conf']{ -- cgit v1.2.3 From 433a3eb900a092fe514bbb60a8cb0d2f49d4a473 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 23 Nov 2011 00:14:30 +0100 Subject: there is another Listen example already commented out --- manifests/centos/itk_plus.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/centos/itk_plus.pp') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index 9bcd8ca..bab2409 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -5,8 +5,8 @@ class apache::centos::itk_plus inherits apache::centos::itk { unless => "grep -qE '^#PidFile ' /etc/httpd/conf/httpd.conf", } Exec['adjust_listen']{ - command => "sed -i 's/^Listen \(.*\)/#Listen \1/g' /etc/httpd/conf/httpd.conf", - unless => "grep -qE '^#Listen ' /etc/httpd/conf/httpd.conf", + command => "sed -i 's/^Listen 80/#Listen 80/g' /etc/httpd/conf/httpd.conf", + unless => "grep -qE '^#Listen 80' /etc/httpd/conf/httpd.conf", } Apache::Config::Global['00-listen.conf']{ -- cgit v1.2.3 From 076909377eaa3aa41936e3acb7e02a9b5b14d493 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 May 2012 11:38:45 +0200 Subject: fix various puppet language things --- manifests/centos/itk_plus.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/centos/itk_plus.pp') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index bab2409..0df92c8 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -1,7 +1,7 @@ # http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ class apache::centos::itk_plus inherits apache::centos::itk { Exec['adjust_pidfile']{ - command => "sed -i 's/^PidFile \(.*\)/#PidFile \1/g' /etc/httpd/conf/httpd.conf", + command => "sed -i 's/^PidFile \\(.*\\)/#PidFile \\1/g' /etc/httpd/conf/httpd.conf", unless => "grep -qE '^#PidFile ' /etc/httpd/conf/httpd.conf", } Exec['adjust_listen']{ @@ -11,7 +11,7 @@ class apache::centos::itk_plus inherits apache::centos::itk { Apache::Config::Global['00-listen.conf']{ ensure => 'present', - content => template("apache/itk_plus/${operatingsystem}/00-listen.conf.erb"), + content => template("apache/itk_plus/${::operatingsystem}/00-listen.conf.erb"), } File['apache_service_config']{ -- cgit v1.2.3