work in progress on php-fpm systemd service unit

cfengine · Sep 6, 2024 · 5eb7dfa · 5eb7dfa
1 parent 13d6895
commit 5eb7dfa
Show file tree

Hide file tree

Showing 8 changed files with 90 additions and 4 deletions.
diff --git a/cfe_internal/enterprise/CFE_hub_specific.cf b/cfe_internal/enterprise/CFE_hub_specific.cf
@@ -82,6 +82,11 @@ bundle common cfe_internal_hub_vars
                           fileexists( "$(sys.workdir)/httpd/modules/libphp5.so" ), "5",
                           "UNKNOWN" );
 
+      "php_fpm_pid_file" string => "$(sys.workdir)/httpd/php-fpm.pid";
+      "php_fpm_error_log" string => "$(sys.workdir)/httpd/logs/php_fpm_error_log";
+      # alert, error, warning, notice, debug (notice is default)
+      "php_fpm_log_level" string => "debug"; # make an augment that hinges on master-level debugs for many things and this specifically
+
   reports:
 
     policy_server::

diff --git a/cfe_internal/enterprise/mission_portal.cf b/cfe_internal/enterprise/mission_portal.cf
@@ -15,6 +15,19 @@ bundle agent cfe_internal_enterprise_mission_portal
         handle => "cfe_internal_management_web_server",
         comment => "Manage Apache Web server (on/off)";
 
+    "PHP FastCGI process manager"
+      usebundle => service_config(
+"cf-php-fpm",
+"$(this.promise_dirname)/templates/php-fpm.conf.mustache",
+"$(sys.workdir)/httpd/php/etc/php-fpm.ini",
+"$(sys.workdir)/httpd/php/sbin/php-fpm -t --fpm-config ");
+
+    "PHP FastCGI www pool config"
+      usebundle => service_config(
+"cf-php-fpm",
+"$(this.promise_dirname)/templates/php-fpm-pool-www.conf.mustache",
+"$(sys.workdir)/httpd/php/etc/php-fpm.d/www.conf",
+"$(sys.workdir)/httpd/php/sbin/php-fpm -t --fpm-config ");
 }
 bundle agent apachectl_patched_for_upgrade
 # @brief Ensure that apacehctl is patched so that it is able to re-start services

diff --git a/...al/enterprise/templates/www.conf.mustache → .../templates/php-fpm-pool-www.conf.mustache b/...al/enterprise/templates/www.conf.mustache → .../templates/php-fpm-pool-www.conf.mustache
diff --git a/cfe_internal/enterprise/templates/php-fpm.conf.mustache b/cfe_internal/enterprise/templates/php-fpm.conf.mustache
@@ -14,14 +14,14 @@
 ; Pid file
 ; Note: the default prefix is /var/cfengine/httpd/php/var
 ; Default Value: none
-;pid = run/php-fpm.pid
+pid = {{{vars.cfe_internal_hub_vars.php_fpm_pid_file}}}
 
 ; Error log file
 ; If it's set to "syslog", log is sent to syslogd instead of being written
 ; into a local file.
 ; Note: the default prefix is /var/cfengine/httpd/php/var
 ; Default Value: log/php-fpm.log
-error_log = /var/cfengine/httpd/logs/php-fpm.log
+error_log = {{{vars.cfe_internal_hub_vars.php_fpm_error_log}}}
 
 ; syslog_facility is used to specify what type of program is logging the
 ; message. This lets syslogd specify that messages from different facilities
@@ -40,7 +40,7 @@ error_log = /var/cfengine/httpd/logs/php-fpm.log
 ; Possible Values: alert, error, warning, notice, debug
 ; Default Value: notice
 ;log_level = notice
-log_level = debug
+log_level = {{{vars.cfe_internal_hub_vars.php_fpm_log_level}}}
 
 ; Log limit on number of characters in the single line (log entry). If the
 ; line is over the limit, it is wrapped on multiple lines. The limit is for
@@ -141,4 +141,4 @@ log_level = debug
 ; Relative path can also be used. They will be prefixed by:
 ;  - the global prefix if it's been set (-p argument)
 ;  - /var/cfengine/httpd/php otherwise
-include=/var/cfengine/httpd/php/etc/php-fpm.d/*.conf
+include = {{{vars.sys.workdir}}}/httpd/php/etc/php-fpm.d/*.conf
diff --git a/cfe_internal/update/update_processes.cf b/cfe_internal/update/update_processes.cf
@@ -99,6 +99,7 @@ bundle agent cfe_internal_update_processes
 
       "agent[cf_postgres]" string => "cf-postgres";
       "agent[cf_apache]"   string => "cf-apache";
+      "agent[cf_php_fpm]"  string => "cf-php-fpm";
 
     any::
       # We get a consolidated list of all agents for the executing host.

diff --git a/lib/service_config.cf b/lib/service_config.cf
@@ -0,0 +1,51 @@
+# todo, maybe chmod, user, group for config_final_path
+# check pid file for service stop/start?
+bundle agent service_config(service_name,
+                            config_template_path,
+                            config_final_path,
+                            validate_config_command)
+{
+  vars:
+    "staged_config" string => "$(config_final_path).staged";
+    "data" data => datastate();
+  methods:
+    "staged config rendered" usebundle => file_make_mustache( $(staged_config), $(config_template_path), @(data) );
+    "final config and restart" usebundle => validate_config_and_restart_service(
+        $(staged_config),
+        $(validate_config_command),
+        $(config_final_path),
+        $(service_name)
+    );
+
+
+}
+bundle agent validate_config_and_restart_service( staged_config, validate_config_command, config_final_path, service_name )
+{
+  files:
+    "$(config_final_path)"
+      copy_from => local_dcp( $(staged_config) ),
+      if => and(
+                isnewerthan( $(config_final_path), $(staged_config) ),
+                returnszero("$(validate_config_command) $(staged_config)", "useshell")
+               ),
+               classes => results("bundle", "$(service_name)_config");
+
+  services:
+    "$(service_name)"
+      service_policy => "stop",
+      if => and(
+                isnewerthan( $(config_final_path), $(staged_config) ),
+                returnszero("$(validate_config_command) $(staged_config)", "useshell")
+               ),
+     classes => results("bundle", "$(service_name)_stopped_after_validated_config");
+
+    "$(service_name)"
+      service_policy => "start",
+      if => and( "$(service_name)_config_repaired",
+                 "$(service_name)_stopped_after_validated_config_repaired");
+
+    "$(service_name)"
+      service_policy => "restart",
+      if => and( "$(service_name)_config_repaired",
+                 not( "$(service_name)_stoppoed_after_validated_config_repaired") );
+}
diff --git a/lib/stdlib.cf b/lib/stdlib.cf
@@ -39,6 +39,7 @@ bundle common stdlib_common
       "input[files]"                      string => "$(this.promise_dirname)/files.cf";
       "input[edit_xml]"                   string => "$(this.promise_dirname)/edit_xml.cf";
       "input[services]"                   string => "$(this.promise_dirname)/services.cf";
+      "input[service_config]"             string => "$(this.promise_dirname)/service_config.cf";
       "input[processes]"                  string => "$(this.promise_dirname)/processes.cf";
       "input[storage]"                    string => "$(this.promise_dirname)/storage.cf";
       "input[databases]"                  string => "$(this.promise_dirname)/databases.cf";

diff --git a/templates/cf-php-fpm.mustache b/templates/cf-php-fpm.mustache
@@ -0,0 +1,15 @@
+[Unit]
+Description=CFEngine Enterprise PHP FastCGI process manager
+After=syslog.target
+After=network.target
+ConditionPathExists={{{vars.sys.workdir}}}/httpd/php/sbin/php-fpm
+PartOf=cfengine3.service
+
+[Service]
+ExecStart={{{vars.sys.workdir}}}/httpd/php/sbin/php-fpm --nodaemonize
+ExecReload=/bin/kill -USR2 $MAINPID
+PIDFile={{{vars.sys.workdir}}}/httpd/php-fpm.pid
+Type=simple
+
+[Install]
+WantedBy=multi-user.target