+ php & nginx
This commit is contained in:
		
							
								
								
									
										32
									
								
								roles/nginx/tasks/files/20-envsubst-on-templates.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										32
									
								
								roles/nginx/tasks/files/20-envsubst-on-templates.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,32 @@ | ||||
| #!/bin/sh | ||||
|  | ||||
| set -e | ||||
|  | ||||
| ME=$(basename $0) | ||||
|  | ||||
| auto_envsubst() { | ||||
|   local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" | ||||
|   local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" | ||||
|   local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" | ||||
|  | ||||
|   local template defined_envs relative_path output_path subdir | ||||
|   defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) | ||||
|   [ -d "$template_dir" ] || return 0 | ||||
|   if [ ! -w "$output_dir" ]; then | ||||
|     echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" | ||||
|     return 0 | ||||
|   fi | ||||
|   find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do | ||||
|     relative_path="${template#$template_dir/}" | ||||
|     output_path="$output_dir/${relative_path%$suffix}" | ||||
|     subdir=$(dirname "$relative_path") | ||||
|     # create a subdirectory where the template file exists | ||||
|     mkdir -p "$output_dir/$subdir" | ||||
|     echo >&3 "$ME: Running envsubst on $template to $output_path" | ||||
|     envsubst "$defined_envs" < "$template" > "$output_path" | ||||
|   done | ||||
| } | ||||
|  | ||||
| auto_envsubst | ||||
|  | ||||
| exit 0 | ||||
							
								
								
									
										188
									
								
								roles/nginx/tasks/files/30-tune-worker-processes.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										188
									
								
								roles/nginx/tasks/files/30-tune-worker-processes.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,188 @@ | ||||
| #!/bin/sh | ||||
| # vim:sw=2:ts=2:sts=2:et | ||||
|  | ||||
| set -eu | ||||
|  | ||||
| LC_ALL=C | ||||
| ME=$( basename "$0" ) | ||||
| PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | ||||
|  | ||||
| [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 | ||||
|  | ||||
| touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } | ||||
|  | ||||
| ceildiv() { | ||||
|   num=$1 | ||||
|   div=$2 | ||||
|   echo $(( (num + div - 1) / div )) | ||||
| } | ||||
|  | ||||
| get_cpuset() { | ||||
|   cpusetroot=$1 | ||||
|   cpusetfile=$2 | ||||
|   ncpu=0 | ||||
|   [ -f "$cpusetroot/$cpusetfile" ] || return 1 | ||||
|   for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do | ||||
|     case "$token" in | ||||
|       *-*) | ||||
|         count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) | ||||
|         ncpu=$(( ncpu+count )) | ||||
|         ;; | ||||
|       *) | ||||
|         ncpu=$(( ncpu+1 )) | ||||
|         ;; | ||||
|     esac | ||||
|   done | ||||
|   echo "$ncpu" | ||||
| } | ||||
|  | ||||
| get_quota() { | ||||
|   cpuroot=$1 | ||||
|   ncpu=0 | ||||
|   [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 | ||||
|   [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 | ||||
|   cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) | ||||
|   cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) | ||||
|   [ "$cfs_quota" = "-1" ] && return 1 | ||||
|   [ "$cfs_period" = "0" ] && return 1 | ||||
|   ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) | ||||
|   [ "$ncpu" -gt 0 ] || return 1 | ||||
|   echo "$ncpu" | ||||
| } | ||||
|  | ||||
| get_quota_v2() { | ||||
|   cpuroot=$1 | ||||
|   ncpu=0 | ||||
|   [ -f "$cpuroot/cpu.max" ] || return 1 | ||||
|   cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) | ||||
|   cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) | ||||
|   [ "$cfs_quota" = "max" ] && return 1 | ||||
|   [ "$cfs_period" = "0" ] && return 1 | ||||
|   ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) | ||||
|   [ "$ncpu" -gt 0 ] || return 1 | ||||
|   echo "$ncpu" | ||||
| } | ||||
|  | ||||
| get_cgroup_v1_path() { | ||||
|   needle=$1 | ||||
|   found= | ||||
|   foundroot= | ||||
|   mountpoint= | ||||
|  | ||||
|   [ -r "/proc/self/mountinfo" ] || return 1 | ||||
|   [ -r "/proc/self/cgroup" ] || return 1 | ||||
|  | ||||
|   while IFS= read -r line; do | ||||
|     case "$needle" in | ||||
|       "cpuset") | ||||
|         case "$line" in | ||||
|           *cpuset*) | ||||
|             found=$( echo "$line" | cut -d ' ' -f 4,5 ) | ||||
|             break | ||||
|             ;; | ||||
|         esac | ||||
|         ;; | ||||
|       "cpu") | ||||
|         case "$line" in | ||||
|           *cpuset*) | ||||
|             ;; | ||||
|           *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) | ||||
|             found=$( echo "$line" | cut -d ' ' -f 4,5 ) | ||||
|             break | ||||
|             ;; | ||||
|         esac | ||||
|     esac | ||||
|   done << __EOF__ | ||||
| $( grep -F -- '- cgroup ' /proc/self/mountinfo ) | ||||
| __EOF__ | ||||
|  | ||||
|   while IFS= read -r line; do | ||||
|     controller=$( echo "$line" | cut -d: -f 2 ) | ||||
|     case "$needle" in | ||||
|       "cpuset") | ||||
|         case "$controller" in | ||||
|           cpuset) | ||||
|             mountpoint=$( echo "$line" | cut -d: -f 3 ) | ||||
|             break | ||||
|             ;; | ||||
|         esac | ||||
|         ;; | ||||
|       "cpu") | ||||
|         case "$controller" in | ||||
|           cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) | ||||
|             mountpoint=$( echo "$line" | cut -d: -f 3 ) | ||||
|             break | ||||
|             ;; | ||||
|         esac | ||||
|         ;; | ||||
|     esac | ||||
| done << __EOF__ | ||||
| $( grep -F -- 'cpu' /proc/self/cgroup ) | ||||
| __EOF__ | ||||
|  | ||||
|   case "${found%% *}" in | ||||
|     "/") | ||||
|       foundroot="${found##* }$mountpoint" | ||||
|       ;; | ||||
|     "$mountpoint") | ||||
|       foundroot="${found##* }" | ||||
|       ;; | ||||
|   esac | ||||
|   echo "$foundroot" | ||||
| } | ||||
|  | ||||
| get_cgroup_v2_path() { | ||||
|   found= | ||||
|   foundroot= | ||||
|   mountpoint= | ||||
|  | ||||
|   [ -r "/proc/self/mountinfo" ] || return 1 | ||||
|   [ -r "/proc/self/cgroup" ] || return 1 | ||||
|  | ||||
|   while IFS= read -r line; do | ||||
|     found=$( echo "$line" | cut -d ' ' -f 4,5 ) | ||||
|   done << __EOF__ | ||||
| $( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) | ||||
| __EOF__ | ||||
|  | ||||
|   while IFS= read -r line; do | ||||
|     mountpoint=$( echo "$line" | cut -d: -f 3 ) | ||||
| done << __EOF__ | ||||
| $( grep -F -- '0::' /proc/self/cgroup ) | ||||
| __EOF__ | ||||
|  | ||||
|   case "${found%% *}" in | ||||
|     "") | ||||
|       return 1 | ||||
|       ;; | ||||
|     "/") | ||||
|       foundroot="${found##* }$mountpoint" | ||||
|       ;; | ||||
|     "$mountpoint") | ||||
|       foundroot="${found##* }" | ||||
|       ;; | ||||
|   esac | ||||
|   echo "$foundroot" | ||||
| } | ||||
|  | ||||
| ncpu_online=$( getconf _NPROCESSORS_ONLN ) | ||||
| ncpu_cpuset= | ||||
| ncpu_quota= | ||||
| ncpu_cpuset_v2= | ||||
| ncpu_quota_v2= | ||||
|  | ||||
| cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online | ||||
| cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online | ||||
| cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online | ||||
| cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online | ||||
|  | ||||
| ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ | ||||
|                "$ncpu_online" \ | ||||
|                "$ncpu_cpuset" \ | ||||
|                "$ncpu_quota" \ | ||||
|                "$ncpu_cpuset_v2" \ | ||||
|                "$ncpu_quota_v2" \ | ||||
|                | sort -n \ | ||||
|                | head -n 1 ) | ||||
|  | ||||
| sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf | ||||
							
								
								
									
										30
									
								
								roles/nginx/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								roles/nginx/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,30 @@ | ||||
| --- | ||||
| - name: Set ENV vars | ||||
|   lineinfile: | ||||
|     dest: ~/.bashrc | ||||
|     line: "{{item}}" | ||||
|   loop: | ||||
|     - 'export NGINX_VERSION="1.21.3"' | ||||
|     - 'export NJS_VERSION="0.6.2"' | ||||
|     - 'export PKG_RELEASE="1~buster"' | ||||
|  | ||||
| - name: Install gnupg | ||||
|   shell: apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 gnupg2 gnupg ca-certificates | ||||
|  | ||||
| - name: Install nginx | ||||
|   environment: | ||||
|     NGINX_GPGKEY: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 | ||||
|   shell: >- | ||||
|     set -x && addgroup --system --gid 101 nginx && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx && found=''; for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|i386|arm64) echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log | ||||
|  | ||||
| - name: Create dir for additional helper scripts /docker-entrypoint.d | ||||
|   shell: mkdir -p /docker-entrypoint.d | ||||
|  | ||||
| - name: Copy envsubst and tune worker to /docker-entrypoint.d | ||||
|   copy: | ||||
|     src: "{{item}}" | ||||
|     dest: /docker-entrypoint.d | ||||
|     mode: 0744 | ||||
|   loop: | ||||
|     - 20-envsubst-on-templates.sh | ||||
|     - 30-tune-worker-processes.sh | ||||
		Reference in New Issue
	
	Block a user