ENT-11440: Enable http2 in Mission Portal webserver

cfe_internal/enterprise/mission_portal.cf

@@ -1,9 +1,58 @@
 bundle agent cfe_internal_enterprise_mission_portal
 {
   meta:
-
       "description" string => "Manage mission portal configuration";
 
+classes:
+      "mission_portal_http2_enabled"
+        expression => and(
+                          fileexists("$(sys.workdir)/httpd/php/sbin/php-fpm"),
+                          fileexists("$(sys.workdir)/httpd/modules/mod_http2.so")
+                      ),
+        scope => "namespace", # so it is visible in datastate() used in httpd.conf template rendering in bundle cfe_internal_enterprise_mission_portal_apache
+        comment => "If php-fpm and mod_http2.so are present then http2 is enabled
+                    and we use this class in httpd.conf to configure accordingly.";
+  vars:
+    policy_server.enterprise_edition.mission_portal_http2_enabled::
+      "php_fpm_pid_file" string => "$(sys.workdir)/httpd/php-fpm.pid";
+
+      # Note that the fpm settings below should be synchronized between here and buildscripts/deps-packaging/php/php-fpm.conf
+      "php_fpm_www_pool_max_children" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_max_children"),
+        "$(default:def.php_fpm_www_pool_max_children)",
+        "50");
+      "php_fpm_www_pool_start_servers" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_start_servers"),
+        "$(default:def.php_fpm_www_pool_start_servers)",
+        "40");
+      "php_fpm_www_pool_min_spare_servers" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_min_spare_servers"),
+        "$(default:def.php_fpm_www_pool_min_spare_servers)",
+        "35");
+      "php_fpm_www_pool_max_spare_servers" string => ifelse(
+        isvariable("default:def.php_fpm_www_pool_max_spare_servers"),
+        "$(default:def.php_fpm_www_pool_max_spare_servers)",
+        "45");
+      "php_fpm_state" data => mergedata(
+        '{"vars": { "sys": { "workdir": "${default:sys.workdir}" } } }',
+        '{
+          "max_children":"${php_fpm_www_pool_max_children}",
+          "start_servers":"${php_fpm_www_pool_start_servers}",
+          "min_spare_servers":"${php_fpm_www_pool_min_spare_servers}",
+          "max_spare_servers":"${php_fpm_www_pool_max_spare_servers}"
+         }');
+
+  reports:
+    DEBUG::
+      "Using variable default:def.php_fpm_www_pool_max_children: ${default:def.php_fpm_www_pool_max_children} instead of built-in default"
+        if => isvariable("default:def.php_fpm_www_pool_max_children");
+      "Using variable default:def.php_fpm_www_pool_start_servers: ${default:def.php_fpm_www_pool_start_servers} instead of built-in default"
+        if => isvariable("default:def.php_fpm_www_pool_start_servers");
+      "Using variable default:def.php_fpm_www_pool_min_spare_servers: ${default:def.php_fpm_www_pool_min_spare_servers} instead of built-in default"
+        if => isvariable("default:def.php_fpm_www_pool_min_spare_servers");
+      "Using variable default:def.php_fpm_www_pool_max_spare_servers: ${default:def.php_fpm_www_pool_max_spare_servers} instead of built-in default"
+        if => isvariable("default:def.php_fpm_www_pool_max_spare_servers");
+
   methods:
 
     policy_server::
@@ -15,7 +64,23 @@ bundle agent cfe_internal_enterprise_mission_portal
         handle => "cfe_internal_management_web_server",
         comment => "Manage Apache Web server (on/off)";
 
+    policy_server.mission_portal_http2_enabled::
+      "PHP FastCGI process manager"
+        usebundle => service_config(
+          "cf-php-fpm",
+          "$(this.promise_dirname)/templates/php-fpm.conf.mustache",
+          "$(sys.workdir)/httpd/php/etc/php-fpm.conf",
+          "$(sys.workdir)/httpd/php/sbin/php-fpm -t --fpm-config ",
+          @(php_fpm_state),
+          "$(php_fpm_pid_file)"
+        );
+
+  services:
+    policy_server.mission_portal_http2_enabled::
+      "cf-php-fpm"
+        service_policy => "start";
 }
+
 bundle agent apachectl_patched_for_upgrade
 # @brief Ensure that apacehctl is patched so that it is able to re-start services
 #

cfe_internal/enterprise/templates/httpd.conf.mustache

@@ -110,7 +110,12 @@ DocumentRoot "{{{vars.cfe_internal_hub_vars.public_docroot}}}"
 </FilesMatch>
 
 ErrorLog "logs/error_log"
+{{#data:cfengine_enterprise_mission_portal_debug_php_fpm}}
+LogLevel warn rewrite:trace6 proxy:debug proxy_fcgi:debug dir:debug
+{{/data:cfengine_enterprise_mission_portal_debug_php_fpm}}
+{{^data:cfengine_enterprise_mission_portal_debug_php_fpm}}
 LogLevel warn
+{{/data:cfengine_enterprise_mission_portal_debug_php_fpm}}
 
 <IfModule log_config_module>
     LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
@@ -244,10 +249,26 @@ LogLevel warn
 </IfModule>
 
 
+{{#classes.mission_portal_http2_enabled}}
+# Use mod_http2
+LoadModule http2_module modules/mod_http2.so
+# Prefer http2 protocol
+Protocols h2 h2c http/1.1
+
+# Setup php to be handled by php-fpm. Required for use of mod_http2 due to threading issues in php.
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+# Need to pass auth headers to fpm
+SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+<FilesMatch \.php$>
+SetHandler "proxy:fcgi://127.0.0.1:9000"
+</FilesMatch>
+{{/classes.mission_portal_http2_enabled}}
+{{^classes.mission_portal_http2_enabled}}
 LoadModule php{{{vars.cfe_internal_hub_vars.php_version}}}_module       modules/libphp{{{vars.cfe_internal_hub_vars.php_version}}}.so
 AddHandler php{{{vars.cfe_internal_hub_vars.php_version}}}-script       .php
 AddType    application/x-httpd-php-source php{{{vars.cfe_internal_hub_vars.php_version}}}
-
+{{/classes.mission_portal_http2_enabled}}
 
 <Directory "{{{vars.cfe_internal_hub_vars.public_docroot}}}">