Rogue site control and php-fpm modification

Discussion in 'Developers' Forum' started by ispcomm, Aug 30, 2017.

  1. ispcomm

    ispcomm Member

    Just checking if there's an update on what I wrote for the fpm isolation. @till ??
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Sorry, completely missed your posts. I'll look through the code the next few days.
  3. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    thank you for contributing.
    I just had a (really quick) look at the diff to master and have some notes:
    You seem to have created an update sql file (0085). All development code should go to upd_dev_collection.sql instead so it can be merged prior to release (otherwise we'll get conflicts).
    If I got it right, there are two DB modifications inside the upd_0085 file but only 1 of them in the ispconfig3.sql.
    Regarding the sysctl/systemd system calls I think you have to wait for tills comments :)
  4. ispcomm

    ispcomm Member

    Note taken on the sql files. I'll wait for comments on the rest.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The ISPConfig updater has an option to run a php file for a specific database update. You can find these files in install/patches/ folder. The name must match the sql incremental file. Currently, the name would have be upd_0085.php so that it gets run when with the 0085 sql file (when we create it by moving the code from dev collection to a file with that name. see the existing two files for the file structure, basically it just contains a function that is called before the sql insert and one that is called after insert.

    I would say that we should add the path as an option somewhere under System > server config (web ?). The paths from the distribution specific conf array are written in installer_base.lib.php and update.lib.php. see installer_base.lib.php around line 300+

    One thing that we should consider is to add an option under System > server config to hide the php_fpm_isolated_process option in the website settings completely as not all systems have systemd installed and this options won't work without systemd. That way we can hide it on older systems. But that's something that I can add myself later as well so you don't have to find out how to implement that in the interface :)

Share This Page