Merge "Tune apache connections for tls proxy"

2016-11-29 22:27:44 +00:00 · 2016-11-29 22:27:44 +00:00 · 3dd0b2b772
commit 3dd0b2b772
parent ba87fe6ff9 cfb9f057ea
2 changed files with 53 additions and 0 deletions
--- a/lib/apache
+++ b/lib/apache
@ -29,15 +29,20 @@ APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}


 # Set up apache name and configuration directory
+# Note that APACHE_CONF_DIR is really more accurately apache's vhost
+# configuration dir but we can't just change this because public interfaces.
 if is_ubuntu; then
    APACHE_NAME=apache2
    APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/sites-available}
+    APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf-enabled}
 elif is_fedora; then
    APACHE_NAME=httpd
    APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}
+    APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
 elif is_suse; then
    APACHE_NAME=apache2
    APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
+    APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
 fi
 APACHE_LOG_DIR="/var/log/${APACHE_NAME}"

--- a/lib/tls
+++ b/lib/tls
@ -442,6 +442,52 @@ function enable_mod_ssl {
 # Proxy Functions
 # ===============

+function tune_apache_connections {
+    local tuning_file=$APACHE_SETTINGS_DIR/connection-tuning.conf
+    if ! [ -f $tuning_file ] ; then
+        sudo bash -c "cat > $tuning_file" << EOF
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+#              graceful restart. ThreadLimit can only be changed by stopping
+#              and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxClients: maximum number of simultaneous client connections
+# MaxRequestsPerChild: maximum number of requests a server process serves
+#
+# The apache defaults are too conservative if we want reliable tempest
+# testing. Bump these values up from ~400 max clients to 1024 max clients.
+<IfModule mpm_worker_module>
+# Note that the next three conf values must be changed together.
+# MaxClients = ServerLimit * ThreadsPerChild
+ServerLimit          32
+ThreadsPerChild      32
+MaxClients         1024
+StartServers          3
+MinSpareThreads      96
+MaxSpareThreads     192
+ThreadLimit          64
+MaxRequestsPerChild   0
+</IfModule>
+<IfModule mpm_event_module>
+# Note that the next three conf values must be changed together.
+# MaxClients = ServerLimit * ThreadsPerChild
+ServerLimit          32
+ThreadsPerChild      32
+MaxClients         1024
+StartServers          3
+MinSpareThreads      96
+MaxSpareThreads     192
+ThreadLimit          64
+MaxRequestsPerChild   0
+</IfModule>
+EOF
+        restart_apache_server
+    fi
+}
+
 # Starts the TLS proxy for the given IP/ports
 # start_tls_proxy front-host front-port back-host back-port
 function start_tls_proxy {
@ -451,6 +497,8 @@ function start_tls_proxy {
    local b_host=$4
    local b_port=$5

+    tune_apache_connections
+
    local config_file
    config_file=$(apache_site_config_for $b_service)
    local listen_string