Commit 49e2a2ae authored by Rafael Monnerat's avatar Rafael Monnerat :ghost:

apache-frontend: Delay reload apache configuration

  Wait for 60 to reload apache configuration in order to accumulate
  several logrotate runs.

  If the amount of slaves are too high, the number of logs are high,
  so the entries on logrotate are also high. So it is enough to DDoS
  with a huge amount of 'kill -1', so delay is the only way to avoid
  to re-implement logrotate existing features.

  Only reload the apache configuration if the the apache configuration
  or the certificates contains a change, else don't reload it.

  Keep a command on bin folder to force reload of configuration in
  case it is required.
parent 4101882c
......@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
filename = instance-apache-frontend.cfg
md5sum = e2f60121bc1116319b4d20b4c4badc1c
md5sum = 86f9ace5eb5ac28dbc173e1803952f03
filename =
......@@ -27,7 +27,7 @@ md5sum = 9b17c835bcd927269cf510bf612f5985
filename = templates/
md5sum = 5d9ac851493534c90397d453497c21b4
md5sum = 4010f7366262d00c33f9e7f53f63d42e
filename = templates/
......@@ -43,7 +43,7 @@ md5sum = 070658d10546b5a69fe291e0da876e62
filename = templates/
md5sum = 5d9ac851493534c90397d453497c21b4
md5sum = 4010f7366262d00c33f9e7f53f63d42e
filename = templates/notfound.html
......@@ -92,3 +92,11 @@ md5sum = a5186f666acb2f040ede04c91e60408f
filename = templates/
md5sum = 82d74a7f2aceb2b4a7acc6259291b7f2
filename = templates/
md5sum = ebe5d3d19923eb812a40019cb11276d8
filename = templates/
md5sum = 41299cc64200e7b8217fb9dec20bb8b9
......@@ -141,6 +141,14 @@ url = ${:_profile_base_location_}/templates/
output = ${buildout:directory}/
mode = 0644
filename =
filename =
filename =
......@@ -172,8 +172,6 @@ extra-context =
key nginx_configuration_directory apache-directory:nginx-slave-configuration
key apache_cached_configuration_directory apache-directory:slave-with-cache-configuration
key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
key cached_port apache-configuration:cache-through-port
key ssl_cached_port apache-configuration:ssl-cache-through-port
key http_port instance-parameter:configuration.plain_http_port
key https_port instance-parameter:configuration.port
key nginx_http_port instance-parameter:configuration.plain_nginx_port
......@@ -185,7 +183,6 @@ extra-context =
key apache_log_directory apache-directory:slave-log
key local_ipv4 instance-parameter:ipv4-random
key global_ipv6 slap-network-information:global-ipv6
key cache_port apache-configuration:cache-port
key varnginx directory:varnginx
key empty_template software-release-path:template-empty
key template_custom_slave_configuration software-release-path:template-slave-configuration
......@@ -194,6 +191,7 @@ extra-context =
key template_eventsource_slave_configuration software-release-path:template-nginx-eventsource-slave-virtualhost
key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost
raw software_type single-custom-personal
key frontend_lazy_graceful_reload frontend-apache-lazy-graceful:rendered
section logrotate_dict logrotate
section frontend_configuration frontend-configuration
section apache_configuration apache-configuration
......@@ -372,7 +370,7 @@ name = apache
log = $${apache-configuration:error-log} $${apache-configuration:access-log}
frequency = daily
rotatep-num = 30
post = $${apache-configuration:frontend-graceful-command}
post = $${frontend-apache-lazy-graceful:rendered} &
sharedscripts = true
notifempty = true
create = true
......@@ -500,14 +498,35 @@ mode = 700
### End of ATS sections
### Apaches Graceful and promises
< = jinja2-template-base
template = ${template-wrapper:output}
rendered = $${directory:etc-run}/frontend-apache-safe-graceful
rendered = $${directory:bin}/frontend-apache-safe-graceful
mode = 0700
extra-context =
key content apache-configuration:frontend-graceful-command
< = jinja2-template-base
template = ${template-apache-graceful-script:target}
rendered = $${directory:etc-run}/frontend-apache-safe-graceful
mode = 0700
extra-context =
key directory_run directory:run
key directory_etc directory:etc
key apache_graceful_reload_command apache-configuration:frontend-graceful-command
< = jinja2-template-base
template = ${template-apache-lazy-script-call:target}
rendered = $${directory:bin}/frontend-apache-lazy-graceful
mode = 0700
pid-file = $${directory:run}/
extra-context =
key pid_file :pid-file
raw wait_time 60
key lazy_command apache-configuration:frontend-graceful-command
# Promises checking configuration:
< = jinja2-template-base
......@@ -2,6 +2,9 @@
{% set cached_server_dict = {} -%}
{% set part_list = [] -%}
{% set cache_port = apache_configuration.get('cache-port') %}
{% set cached_port = apache_configuration.get('cache-through-port') %}
{% set ssl_cached_port = apache_configuration.get('ssl-cache-through-port') %}
{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) -%}
{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
......@@ -27,7 +30,7 @@ context =
{{ key }} = {{ value }}
{% endfor %}
post = {{ apache_configuration.get('frontend-graceful-command') }}
post = {{ frontend_lazy_graceful_reload }} &
frequency = daily
rotatep-num = 30
sharedscripts = true
RUN_DIR={{ directory_run }}
ETC_DIR={{ directory_etc }}
sha256sum $ETC_DIR/apache*.conf $ETC_DIR/apache-*.d/*.conf $ETC_DIR/apache-*.d/ssl/*.*key $ETC_DIR/apache-*.d/ssl/*.*crt* | sort -k 66 > $NAPACHE_SIGNATURE_FILE
# If no diff, no restart for now
echo "Nothing Changed, so nothing to reload"
exit 0
echo "Reloading apache.."
{{ apache_graceful_reload_command }}
PIDFILE={{ pid_file }}
sleep $((RANDOM % 10))
if [ ! -f $PIDFILE ]; then
echo $PID > $PIDFILE
sleep {{ wait_time }}
{{ lazy_command }}
ps --pid `cat $PIDFILE` &>/dev/null
if [ $? -eq 0 ]; then
echo "Skipped"
echo $PID > $PIDFILE
sleep {{ wait_time }}
{{ lazy_command }}
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment