From 9169d999936d310f4eeeac541b45c878afffa922 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Tue, 24 Sep 2019 12:39:24 +0200
Subject: [PATCH] archwiki: use memcached for caching
Switch from apcu caching to memcached with 512 MiB so that we have a
sustained cached instead of a php-fpm worker based cache which has a
shorter lifetime of 2000 requests before the worker get's killed and
respawned.
---
playbooks/apollo.yml | 2 +-
roles/archweb/tasks/main.yml | 2 +-
roles/archwiki/defaults/main.yml | 1 +
roles/archwiki/files/20-apcu.ini | 1 -
roles/archwiki/tasks/main.yml | 10 ++++++---
roles/archwiki/templates/LocalSettings.php.j2 | 6 ++++++
.../templates/archwiki-memcached.service.j2 | 21 +++++++++++++++++++
7 files changed, 37 insertions(+), 6 deletions(-)
delete mode 100644 roles/archwiki/files/20-apcu.ini
create mode 100644 roles/archwiki/templates/archwiki-memcached.service.j2
diff --git a/playbooks/apollo.yml b/playbooks/apollo.yml
index 78da26092..132fea00b 100644
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -41,7 +41,7 @@
mariadb_innodb_file_per_table: True, tags: ["mariadb"] }
- { role: sudo, tags: ['sudo'] }
- { role: uwsgi, tags: ['uwsgi'] }
- - { role: php-fpm, php_extensions: ['apcu', 'bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'pdo_pgsql', 'pgsql', 'sockets', 'zip'], zend_extensions: ['opcache'], tags: ["php-fpm"] }
+ - { role: php-fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'pdo_pgsql', 'pgsql', 'sockets', 'zip'], zend_extensions: ['opcache'], tags: ["php-fpm"] }
- { role: memcached, tags: ['memcached'] }
- { role: archweb, tags: ["archweb"] }
- { role: security_tracker, security_tracker_domain: "security.archlinux.org", security_tracker_dir: "/srv/http/security-tracker", tags: ["security_tracker"] }
diff --git a/roles/archweb/tasks/main.yml b/roles/archweb/tasks/main.yml
index d6a0d150d..32c97e48c 100644
--- a/roles/archweb/tasks/main.yml
+++ b/roles/archweb/tasks/main.yml
@@ -168,7 +168,7 @@
when: archweb_services or archweb_pgp_import
- name: install archweb memcached service
- template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
+ template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archwiki-memcached.service" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_site|bool
diff --git a/roles/archwiki/defaults/main.yml b/roles/archwiki/defaults/main.yml
index 3cb118d1a..64ce712e2 100644
--- a/roles/archwiki/defaults/main.yml
+++ b/roles/archwiki/defaults/main.yml
@@ -7,6 +7,7 @@ archwiki_version: 'b8e35046ae4bb5e7a7bddf7f0f0f2f79f327f162'
archwiki_question_answer_file: '/srv/http/archwiki/registration-question-answer.txt'
archwiki_socket: '/run/php-fpm/archwiki.socket'
+archwiki_memcached_socket: '/run/memcached/archwiki.sock'
archwiki_db: 'archwiki'
archwiki_db_host: 'localhost'
diff --git a/roles/archwiki/files/20-apcu.ini b/roles/archwiki/files/20-apcu.ini
deleted file mode 100644
index aebbd51d0..000000000
--- a/roles/archwiki/files/20-apcu.ini
+++ /dev/null
@@ -1 +0,0 @@
-apc.shm_size = 512M
diff --git a/roles/archwiki/tasks/main.yml b/roles/archwiki/tasks/main.yml
index 47e361cc7..c5fe82715 100644
--- a/roles/archwiki/tasks/main.yml
+++ b/roles/archwiki/tasks/main.yml
@@ -5,7 +5,7 @@
when: 'archwiki_domain is defined'
- name: install packages
- pacman: name=git,php-intl,php-apcu state=present
+ pacman: name=git,php-intl state=present
- name: make archwiki user
user: name="{{ archwiki_user }}" shell=/bin/false home="{{ archwiki_dir }}" createhome=no
@@ -70,8 +70,8 @@
notify:
- restart php-fpm@{{ archwiki_user }}
-- name: set php-apcu value
- copy: src=20-apcu.ini dest=/etc/php/conf.d/20-apcu.ini
+- name: install archwiki memcached service
+ template: src="archwiki-memcached.service.j2" dest="/etc/systemd/system/archwiki-memcached.service" owner=root group=root mode=0644
- name: start and enable systemd socket
service: name=php-fpm@{{ archwiki_user }}.socket state=started enabled=true
@@ -87,6 +87,7 @@
- archwiki-prune-cache.service
- archwiki-prune-cache.timer
- archwiki-question-updater.service
+ - archwiki-memcached.service
- name: start and enable archwiki runjobs timer
service: name="archwiki-runjobs.timer" enabled=yes state=started
@@ -100,5 +101,8 @@
- name: create question answer file
service: name=archwiki-question-updater.service state=started
+- name: start and enable archwiki memcached
+ service: name=archwiki-memcached.service state=started
+
- name: ensure question answer file exists and set permissions
file: state=file path="{{archwiki_question_answer_file}}" owner=root group=root mode=0644
diff --git a/roles/archwiki/templates/LocalSettings.php.j2 b/roles/archwiki/templates/LocalSettings.php.j2
index 4ccb1d611..c7080e87f 100644
--- a/roles/archwiki/templates/LocalSettings.php.j2
+++ b/roles/archwiki/templates/LocalSettings.php.j2
@@ -51,3 +51,9 @@ $wgDebugLogFile = "/dev/null";
$wgDebugLogGroups = array(
'BounceHandler' => '/var/log/archwiki/bouncehandler.log',
);
+
+# memcached settings
+$wgMainCacheType = CACHE_MEMCACHED;
+$wgParserCacheType = CACHE_MEMCACHED;
+$wgMessageCacheType = CACHE_MEMCACHED;
+$wgMemCachedServers = [ "unix://{{ archwiki_memcached_socket }}:0" ];
diff --git a/roles/archwiki/templates/archwiki-memcached.service.j2 b/roles/archwiki/templates/archwiki-memcached.service.j2
new file mode 100644
index 000000000..975825612
--- /dev/null
+++ b/roles/archwiki/templates/archwiki-memcached.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+Description=Archwiki Memcached Daemon
+After=network.target
+
+[Service]
+User={{ archwiki_user }}
+Group=memcached
+ExecStart=/usr/bin/memcached -s {{ archwiki_memcached_socket }} -m 512 -o modern
+Restart=always
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectHome=true
+PrivateDevices=yes
+ProtectSystem=full
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+MemoryDenyWriteExecute=yes
+
+[Install]
+WantedBy=multi-user.target
--
GitLab