apache-frontend: Delay reload apache configuration

  Wait for 60 to reload apache configuration in order to accumulate
  several logrotate runs.

  If the amount of slaves are too high, the number of logs are high,
  so the entries on logrotate are also high. So it is enough to DDoS
  with a huge amount of 'kill -1', so delay is the only way to avoid
  to re-implement logrotate existing features.

  Only reload the apache configuration if the the apache configuration
  or the certificates contains a change, else don't reload it.

  Keep a command on bin folder to force reload of configuration in
  case it is required.

software/apache-frontend/buildout.hash.cfg

@@ -19,7 +19,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
 
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg
-md5sum = e2f60121bc1116319b4d20b4c4badc1c
+md5sum = 86f9ace5eb5ac28dbc173e1803952f03
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -27,7 +27,7 @@ md5sum = 9b17c835bcd927269cf510bf612f5985
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 5d9ac851493534c90397d453497c21b4
+md5sum = 4010f7366262d00c33f9e7f53f63d42e
 
 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -43,7 +43,7 @@ md5sum = 070658d10546b5a69fe291e0da876e62
 
 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 5d9ac851493534c90397d453497c21b4
+md5sum = 4010f7366262d00c33f9e7f53f63d42e
 
 [template-not-found-html]
 filename = templates/notfound.html
@@ -92,3 +92,11 @@ md5sum = a5186f666acb2f040ede04c91e60408f
 [template-nginx-notebook-slave-virtualhost]
 filename = templates/nginx-notebook-slave.conf.in
 md5sum = 82d74a7f2aceb2b4a7acc6259291b7f2
+
+[template-apache-lazy-script-call]
+filename = templates/apache-lazy-script-call.sh.in
+md5sum = ebe5d3d19923eb812a40019cb11276d8
+
+[template-apache-graceful-script]
+filename = templates/apache-graceful-script.sh.in
+md5sum = 41299cc64200e7b8217fb9dec20bb8b9

software/apache-frontend/common.cfg

@@ -141,6 +141,14 @@ url = ${:_profile_base_location_}/templates/nginx.cfg.in
 output = ${buildout:directory}/template-nginx.cfg.in
 mode = 0644
 
+[template-apache-lazy-script-call]
+<=download-template
+filename = apache-lazy-script-call.sh.in
+
+[template-apache-graceful-script]
+<=download-template
+filename = apache-graceful-script.sh.in
+
 [template-nginx-eventsource-slave-virtualhost]
 <=download-template
 filename = nginx-eventsource-slave.conf.in

software/apache-frontend/instance-apache-frontend.cfg

@@ -172,8 +172,6 @@ extra-context =
     key nginx_configuration_directory apache-directory:nginx-slave-configuration
     key apache_cached_configuration_directory apache-directory:slave-with-cache-configuration
     key slave_with_cache_configuration_directory apache-directory:slave-with-cache-configuration
-    key cached_port apache-configuration:cache-through-port
-    key ssl_cached_port apache-configuration:ssl-cache-through-port
     key http_port instance-parameter:configuration.plain_http_port
     key https_port instance-parameter:configuration.port
     key nginx_http_port instance-parameter:configuration.plain_nginx_port
@@ -185,7 +183,6 @@ extra-context =
     key apache_log_directory apache-directory:slave-log
     key local_ipv4 instance-parameter:ipv4-random
     key global_ipv6 slap-network-information:global-ipv6
-    key cache_port apache-configuration:cache-port
     key varnginx directory:varnginx
     key empty_template software-release-path:template-empty
     key template_custom_slave_configuration software-release-path:template-slave-configuration
@@ -194,6 +191,7 @@ extra-context =
     key template_eventsource_slave_configuration software-release-path:template-nginx-eventsource-slave-virtualhost
     key template_notebook_slave_configuration software-release-path:template-nginx-notebook-slave-virtualhost
     raw software_type single-custom-personal
+    key frontend_lazy_graceful_reload frontend-apache-lazy-graceful:rendered
     section logrotate_dict logrotate
     section frontend_configuration frontend-configuration
     section apache_configuration apache-configuration
@@ -372,7 +370,7 @@ name = apache
 log = $${apache-configuration:error-log} $${apache-configuration:access-log}
 frequency = daily
 rotatep-num = 30
-post = $${apache-configuration:frontend-graceful-command}
+post = $${frontend-apache-lazy-graceful:rendered} &
 sharedscripts = true
 notifempty = true
 create = true
@@ -500,14 +498,35 @@ mode = 700
 ### End of ATS sections
 
 ### Apaches Graceful and promises
-[frontend-apache-graceful]
+[frontend-apache-graceful-bin]
 < = jinja2-template-base
 template = ${template-wrapper:output}
-rendered = $${directory:etc-run}/frontend-apache-safe-graceful
+rendered = $${directory:bin}/frontend-apache-safe-graceful
 mode = 0700
 extra-context =
     key content apache-configuration:frontend-graceful-command
 
+[frontend-apache-graceful]
+< = jinja2-template-base
+template = ${template-apache-graceful-script:target}
+rendered = $${directory:etc-run}/frontend-apache-safe-graceful
+mode = 0700
+extra-context =
+    key directory_run directory:run
+    key directory_etc directory:etc
+    key apache_graceful_reload_command apache-configuration:frontend-graceful-command
+
+[frontend-apache-lazy-graceful]
+< = jinja2-template-base
+template = ${template-apache-lazy-script-call:target}
+rendered = $${directory:bin}/frontend-apache-lazy-graceful
+mode = 0700
+pid-file = $${directory:run}/lazy-graceful.pid
+extra-context =
+    key pid_file :pid-file
+    raw wait_time 60
+    key lazy_command apache-configuration:frontend-graceful-command
+
 # Promises checking configuration:
 [promise-frontend-apache-configuration]
 < = jinja2-template-base

software/apache-frontend/templates/apache-custom-slave-list.cfg.in

@@ -2,6 +2,9 @@
 
 {% set cached_server_dict = {} -%}
 {% set part_list = [] -%}
+{% set cache_port = apache_configuration.get('cache-port') %}
+{% set cached_port = apache_configuration.get('cache-through-port') %}
+{% set ssl_cached_port = apache_configuration.get('ssl-cache-through-port') %}
 {% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
 {% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) -%}
 {% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
@@ -27,7 +30,7 @@ context =
 {{ key }} = {{ value }}
 {% endfor %}
 
-post = {{ apache_configuration.get('frontend-graceful-command') }}
+post = {{ frontend_lazy_graceful_reload }} &
 frequency = daily
 rotatep-num = 30
 sharedscripts = true

software/apache-frontend/templates/apache-graceful-script.sh.in

+#!/bin/sh
+
+RUN_DIR={{ directory_run }}
+ETC_DIR={{ directory_etc }}
+
+APACHE_SIGNATURE_FILE=$RUN_DIR/apache_configuration.signature
+NAPACHE_SIGNATURE_FILE=$RUN_DIR/napache_configuration.signature
+
+touch $APACHE_SIGNATURE_FILE
+sha256sum $ETC_DIR/apache*.conf $ETC_DIR/apache-*.d/*.conf $ETC_DIR/apache-*.d/ssl/*.*key $ETC_DIR/apache-*.d/ssl/*.*crt* | sort -k 66 > $NAPACHE_SIGNATURE_FILE 
+
+# If no diff, no restart for now
+if diff "$APACHE_SIGNATURE_FILE" "$NAPACHE_SIGNATURE_FILE"; then
+  echo "Nothing Changed, so nothing to reload"
+  exit 0
+fi
+echo "Reloading apache.."
+
+{{ apache_graceful_reload_command }}
+
+mv "$NAPACHE_SIGNATURE_FILE" "$APACHE_SIGNATURE_FILE" 

software/apache-frontend/templates/apache-lazy-script-call.sh.in

+#!/bin/bash
+
+PID=$$
+PIDFILE={{ pid_file }}
+
+sleep $((RANDOM % 10))
+
+if [ ! -f $PIDFILE ]; then
+  echo $PID > $PIDFILE
+  sleep {{ wait_time }}
+  {{ lazy_command }}
+else
+  ps --pid `cat $PIDFILE` &>/dev/null
+  if [ $? -eq 0 ]; then
+    echo "Skipped"
+  else
+    echo $PID > $PIDFILE
+    sleep {{ wait_time }}
+    {{ lazy_command }}
+  fi
+fi
+