From cd11d35d9ee6e81f7ca22e613c64caa702ce0137 Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Sun, 19 Mar 2017 00:11:59 +0100
Subject: [PATCH] Use php-fpm for mediawiki
---
mediawiki/defaults/main.yml | 2 +
mediawiki/meta/main.yml | 2 +-
mediawiki/tasks/ldap.yml | 11 +++++
mediawiki/tasks/main.yml | 78 +++++++++++++++---------------------
mediawiki/tasks/postgres.yml | 11 ++++-
php-fpm/defaults/main.yml | 8 ++++
php-fpm/tasks/main.yml | 38 ++++++++++++++++++
php-fpm/templates/pool.conf | 14 +++++++
webserver/files/nginx.conf | 2 +-
webserver/handlers/main.yml | 3 ++
webserver/tasks/main.yml | 11 +++++
11 files changed, 131 insertions(+), 49 deletions(-)
create mode 100644 mediawiki/tasks/ldap.yml
create mode 100644 php-fpm/defaults/main.yml
create mode 100644 php-fpm/tasks/main.yml
create mode 100644 php-fpm/templates/pool.conf
diff --git a/mediawiki/defaults/main.yml b/mediawiki/defaults/main.yml
index 1a9db94..9c04cac 100644
--- a/mediawiki/defaults/main.yml
+++ b/mediawiki/defaults/main.yml
@@ -13,3 +13,5 @@ mediawiki_dbhost: localhost
mediawiki_dbname: "{{ mediawiki_name }}"
mediawiki_dbuser: "{{ mediawiki_name }}"
mediawiki_dbpassword:
+
+mediawiki_use_ldap: yes
diff --git a/mediawiki/meta/main.yml b/mediawiki/meta/main.yml
index f206fd0..8c99dfc 100644
--- a/mediawiki/meta/main.yml
+++ b/mediawiki/meta/main.yml
@@ -1,5 +1,5 @@
---
# file: roles/mediawiki/meta/main.yml
dependencies:
- - { role: uwsgi-php }
+ - { role: php-fpm, fpm_pool: "{{mediawiki_name}}", fpm_user: "{{mediawiki_user}}", fpm_group: "{{mediawiki_group}}", fpm_socket_user: "{{mediawiki_user}}", fpm_socket_group: www-data }
- { role: postgres }
diff --git a/mediawiki/tasks/ldap.yml b/mediawiki/tasks/ldap.yml
new file mode 100644
index 0000000..f1998a4
--- /dev/null
+++ b/mediawiki/tasks/ldap.yml
@@ -0,0 +1,11 @@
+---
+# file: roles/mediawiki/tasks/ldap.yml
+
+- name: ensure we have the auth extension
+ git:
+ repo: https://git.fsmpi.rwth-aachen.de/robin/mediawiki-remoteuser.git
+ dest: "/var/lib/mediawiki/extensions/AuthRemoteuser"
+ tags:
+ - git
+ - packages
+ - mediawiki
diff --git a/mediawiki/tasks/main.yml b/mediawiki/tasks/main.yml
index 005b59e..6d4e48b 100644
--- a/mediawiki/tasks/main.yml
+++ b/mediawiki/tasks/main.yml
@@ -1,11 +1,21 @@
---
# file: roles/mediawiki/tasks/main.yml
-- name: ensure packages for mediawiki are installed
+- name: ensure packages for mediawiki are installed on jessie
apt: name={{ item }} state=latest install_recommends=no
with_items:
- mediawiki
- mediawiki-extensions
+ when: debian_version == "jessie"
+ tags:
+ - packages
+ - mediawiki
+
+- name: ensure packages for mediawiki are installed on stretch
+ apt: name={{ item }} state=present
+ with_items:
+ - mediawiki
+ when: debian_version == "stretch"
tags:
- packages
- mediawiki
@@ -69,60 +79,36 @@
src: "/usr/share/mediawiki/{{ item }}"
dest: "{{ mediawiki_web_root }}/{{ mediawiki_name }}/{{ item }}"
force: yes
- with_items: mediawiki_other_files.stdout_lines
+ with_items: "{{mediawiki_other_files.stdout_lines}}"
tags:
- config
- mediawiki
-- name: "ensure the library mediawiki uses for diffs is enabled"
- file:
- state: link
- src: "../../mods-available/wikidiff2.ini"
- dest: "/etc/php5/embed/conf.d/wikidiff2.ini"
- tags:
- - config
- - mediawiki
- - php
-
-- name: "ensure temporary directories for {{ mediawiki_name }} exist"
- lineinfile:
- dest: "/etc/tmpfiles.d/10-mediawiki-{{ mediawiki_name }}.conf"
- line: "d /run/uwsgi/app/mediawiki-{{ mediawiki_name }} 0775 {{ mediawiki_user }} {{mediawiki_group }} - -"
- create: yes
- notify:
- - create tmpfiles
- tags:
- - config
- - mediawiki
+#- name: "ensure the library mediawiki uses for diffs is enabled"
+# file:
+# state: link
+# src: "../../mods-available/wikidiff2.ini"
+# dest: "/etc/php5/embed/conf.d/wikidiff2.ini"
+# tags:
+# - config
+# - mediawiki
+# - php
- include: postgres.yml
when: mediawiki_dbtype == "postgres"
-- name: "ensure the uwsgi.ini for {{ mediawiki_name }} exists"
- template:
- src: mediawiki.ini.j2
- dest: "/etc/uwsgi/apps-available/mediawiki-{{ mediawiki_name }}.ini"
- notify:
- - "restart uwsgi for {{ mediawiki_name }}"
- tags:
- - config
- - mediawiki
-
-- name: "ensure the unit file for {{ mediawiki_name }} exists"
- template:
- src: mediawiki.service.j2
- dest: "/etc/systemd/system/mediawiki-{{ mediawiki_name }}.service"
- notify:
- - reload systemd service files
- - "restart uwsgi for {{ mediawiki_name }}"
- tags:
- - config
- - mediawiki
+- include: ldap.yml
+ when: mediawiki_use_ldap
-- name: "ensure the service for {{ mediawiki_name }} is enabled"
- service:
- name: "mediawiki-{{ mediawiki_name }}"
- enabled: yes
+- name: ensure we are running maintenance regularly
+ cron:
+ name: "mediawiki maintenance"
+ hour: "0"
+ minute: "0"
+ job: "/usr/bin/php {{mediawiki_web_root}}/maintenance/runJobs.php --conf {{mediawiki_web_root}}/LocalSettings.php"
+ become: yes
+ become_user: "{{mediawiki_user}}"
tags:
+ - cron
- config
- mediawiki
diff --git a/mediawiki/tasks/postgres.yml b/mediawiki/tasks/postgres.yml
index 0478adb..af5775e 100644
--- a/mediawiki/tasks/postgres.yml
+++ b/mediawiki/tasks/postgres.yml
@@ -1,8 +1,17 @@
---
# file: roles/mediawiki/tasks/postgres.yml
-- name: "ensure php can talk with postgres"
+- name: "ensure php can talk with postgres on jessie"
apt: name=php5-pgsql state=latest
+ when: debian_version == "jessie"
+ tags:
+ - packages
+ - postgresql
+ - mediawiki
+
+- name: "ensure php can talk with postgres on stretch"
+ apt: name=php-pgsql state=present
+ when: debian_version == "stretch"
tags:
- packages
- postgresql
diff --git a/php-fpm/defaults/main.yml b/php-fpm/defaults/main.yml
new file mode 100644
index 0000000..ad1acff
--- /dev/null
+++ b/php-fpm/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# file: roles/php-fpm/defaults/mail.yml
+
+fpm_pool: www
+fpm_user: www-data
+fpm_group: www-data
+fpm_socket_user: www-data
+fpm_socket_group: www-data
diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml
new file mode 100644
index 0000000..43064fb
--- /dev/null
+++ b/php-fpm/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+# file: roles/php-fpm/tasks/main.yml
+
+- name: ensure php-fpm is installed on stretch
+ apt: name="{{item}}" state=present
+ with_items:
+ - php
+ - php-fpm
+ when: debian_version == "stretch"
+ tags:
+ - packages
+ - php
+ - php-fpm
+
+- name: ensure php-fpm is installed on jessie
+ apt: name="{{item}}" state=present
+ with_items:
+ - php5
+ - php5-fpm
+ when: debian_version == "jessie"
+ tags:
+ - packages
+ - php
+ - php-fpm
+
+- name: ensure we have the pool we want
+ template:
+ src: pool.conf
+ dest: "/etc/php/7.0/fpm/pool.d/{{fpm_pool}}.conf"
+ owner: root
+ group: root
+ mode: 0644
+ when: debian_version == "stretch"
+ tags:
+ - config
+ - php
+ - php-fpm
+
diff --git a/php-fpm/templates/pool.conf b/php-fpm/templates/pool.conf
new file mode 100644
index 0000000..f7f846f
--- /dev/null
+++ b/php-fpm/templates/pool.conf
@@ -0,0 +1,14 @@
+[{{fpm_pool}}]
+user = {{fpm_user}}
+group = {{fpm_group}}
+
+listen = /run/php/{{fpm_pool}}-fpm.sock
+
+listen.owner = {{fpm_socket_user}}
+listen.group = {{fpm_socket_group}}
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
diff --git a/webserver/files/nginx.conf b/webserver/files/nginx.conf
index af1ef1d..225bf72 100644
--- a/webserver/files/nginx.conf
+++ b/webserver/files/nginx.conf
@@ -21,7 +21,7 @@ http {
types_hash_max_size 2048;
# server_tokens off;
- # server_names_hash_bucket_size 64;
+ server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
diff --git a/webserver/handlers/main.yml b/webserver/handlers/main.yml
index 4b82c22..e58a6ac 100644
--- a/webserver/handlers/main.yml
+++ b/webserver/handlers/main.yml
@@ -9,3 +9,6 @@
- name: restart nginx-proxy
service: name=nginx-proxy state=restarted
+
+- name: create tmpfiles
+ command: systemd-tmpfiles --create
diff --git a/webserver/tasks/main.yml b/webserver/tasks/main.yml
index 2ad44d7..67cf479 100644
--- a/webserver/tasks/main.yml
+++ b/webserver/tasks/main.yml
@@ -65,6 +65,17 @@
- config
- nginx
+- name: ensure we have a directory for sockets
+ lineinfile:
+ dest: /etc/tmpfiles.d/10-nginx.conf
+ line: "d /run/nginx 0750 www-data nginx-proxy - -"
+ create: yes
+ notify:
+ - create tmpfiles
+ tags:
+ - config
+ - nginx
+
- name: ensure the default config is not activated
file: path=/etc/nginx/sites-enabled/default state=absent
notify:
--
GitLab