-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfpm.sls
170 lines (143 loc) · 5.39 KB
/
fpm.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
{% if grains['oscodename'] == 'stretch' %}
# apt dependency for debian stretch
# apt-transport-https is obsolete in newer releases of debian
apt_https:
pkg.installed:
- name: 'apt-transport-https'
{% endif %}
gnupg2:
pkg.installed
{% if pillar.php.version is defined %}
{% set php_version=pillar.php.version %}
{% elif grains['oscodename'] == 'bullseye' %}
{% set php_version='7.4' %}
{% elif grains['oscodename'] == 'buster' %}
{% set php_version='7.3' %}
{% elif grains['oscodename'] == 'stretch' %}
{% set php_version='7.0' %}
{% else %}
{% set php_version='5' %}
{% endif %}
# https://packages.sury.org/php/README.txt
php_repository:
pkgrepo.managed:
- humanname: PHP Debian Repository packages.sury.org
- name: deb https://packages.sury.org/php {{ grains['oscodename'] }} main
- dist: {{ grains['oscodename'] }}
- key_url: https://packages.sury.org/php/apt.gpg
- file: /etc/apt/sources.list.d/php.list
- require:
{% if grains['oscodename'] == 'stretch' %}
- pkg: apt_https
{% endif %}
- pkg: gnupg2
php_fpm_packages:
pkg.installed:
- pkgs:
- php{{ php_version }}-cli
- php{{ php_version }}-fpm
- php{{ php_version }}-bz2
- php{{ php_version }}-curl
- php{{ php_version }}-gd
- php{{ php_version }}-intl
{% if php_version != '8.1' %}
- php{{ php_version }}-json
{% endif %}
- php{{ php_version }}-mbstring
- php{{ php_version }}-opcache
- php{{ php_version }}-readline
- php{{ php_version }}-xml
- php{{ php_version }}-zip
{% if pillar.php.extensions is defined %}
{% for phpext in pillar.php.extensions %}
- php{{ php_version }}-{{ phpext }}
{% endfor %}
{% endif %}
- require:
- pkgrepo: php_repository
- watch_in:
- service: php_fpm_service
php_fpm_service:
service.running:
- name: php{{ php_version }}-fpm
- enable: True
- full_restart: True
# TODO fpm config
# TODO log rotate
# TODO lower error reporting for production env
/etc/php/{{ php_version }}/fpm/conf.d/50-custom.ini:
file.managed:
- contents: |
error_reporting=E_ALL & ~E_DEPRECATED
log_errors=On
display_errors=Off
display_startup_errors=Off
error_log=/var/log/php/fpm-errors.log
- watch_in:
- service: php_fpm_service
# TODO make pools configurable
/etc/php/{{ php_version }}/fpm/pool.d/www.conf:
file.managed:
- contents: |
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]
user = www-data
group = www-data
listen = /run/php/php{{ php_version }}-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
; This value sets the limit on the number of simultaneous requests that will be
; served.
pm.max_children = 50
; The number of child processes created on startup.
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
;pm.start_servers = 7
; The desired minimum number of idle server processes.
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
pm.max_spare_servers = 10
; The number of seconds after which an idle process will be killed.
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
- watch_in:
- service: php_fpm_service
/var/log/php:
file.directory:
- mode: 0755
- user: www-data
php_update_alternative:
cmd.run:
- name: update-alternatives --set php /usr/bin/php{{ php_version }}
- unless: update-alternatives --display php | grep 'link currently points to' | grep php{{ php_version }}