The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using MPM ITK as a Custom Opt Module

Discussion in 'General Discussion' started by cPanelTristan, Aug 4, 2011.

  1. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    MPM ITK Overview

    PHP handler options such as suPHP or FCGI only show processes running as the user for PHP processes, while other Apache processes such as HTML pages or download links will run as the user nobody. To overcome this issue, MPM ITK is an MPM for Apache that runs user processes as the user and group set in "AssignUserID" field set in the VirtualHost directive, forcing all user requests to run as that user and group. This MPM also allows setting "MaxClientsVHost" within each VirtualHost to restrict a user's processes at the Apache level.

    In order to use MPM ITK until it is in EasyApache itself, there is currently the option to download it from the cPanel documentation site and install it as a Custom Opt Module. Unfortunately, due to the fact that ZTS support is set to on for MPMs other than Prefork, this means that DSO will be disabled during the compile of MPM ITK. Since MPM ITK will only work properly when using mod_php (DSO), this guide will enable using this MPM until it goes into EasyApache.

    Please note that MPM ITK and recompiling PHP are both experimental customizations, which are not supported by cPanel itself. This guide would be used at your own risk. If you run into any issues, simply remove the customizations and revert to your prior EasyApache settings.

    Adding MPM ITK

    Grab the tarfile and install the custom_opt_mods:

    Code:
    cd /root
    wget http://docs.cpanel.net/twiki/pub/EasyApache3/CustomMods/MPMitk.tar.gz
    tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf MPMitk.tar.gz
    At that point, run EasyApache from command line to select the module:

    Code:
    /scripts/easyapache
    Select MPM itk in Exhaustive Options List for Apache Modules.

    Compiling DSO PHP from Source

    Grab a copy of PHP 5.3.6 and extract it:

    Code:
    cd /root
    wget http://www.php.net/get/php-5.3.6.tar.gz/from/ar.php.net/mirror
    tar xzf php-5.3.6*
    cd php-5.3.6
    Configure DSO with the proper flags (you may need to add other flags as I've simply used the default flags after switching to DSO on initial cPanel install):

    Code:
    ./configure \
    --disable-fileinfo \
    --disable-pdo \
    --enable-bcmath \
    --enable-calendar \
    --enable-ftp \
    --enable-libxml \
    --enable-magic-quotes \
    --enable-sockets \
    --prefix=/usr/local \
    --with-apxs2=/usr/local/apache/bin/apxs \
    --with-curl=/opt/curlssl/ \
    --with-gd \
    --with-imap=/opt/php_with_imap_client/ \
    --with-imap-ssl=/usr \
    --with-jpeg-dir=/usr \
    --with-kerberos \
    --with-libdir=lib64 \
    --with-libxml-dir=/opt/xml2/ \
    --with-mysql=/usr \
    --with-mysql-sock=/var/lib/mysql/mysql.sock \
    --with-mysqli=/usr/bin/mysql_config \
    --with-openssl=/usr \
    --with-openssl-dir=/usr \
    --with-pcre-regex=/opt/pcre \
    --with-pic \
    --with-png-dir=/usr \
    --with-xpm-dir=/usr \
    --with-zlib \
    --with-zlib-dir=/usr
    Run make and make install to complete the installation:

    Code:
    make && make install
    Additional Steps for DSO

    Copy the libphp5.so file to /root to save a copy of it, since future /scripts/easyapache recompiles will move the file out of /usr/local/apache/modules folder:

    Code:
    cp /usr/local/apache/modules/libphp5.so /root
    Now, before you run /scripts/easyapache in the future, create this file:

    Code:
    vi /scripts/posteasyapache
    Place the following content into the file:

    Code:
    #!/bin/bash
    
    cp /root/libphp5.so /usr/local/apache/modules/
    /etc/init.d/httpd restart
    /usr/local/cpanel/bin/rebuild_phpconf 5 none dso enabled
    The above code copies libphp5.so back into /usr/local/apache/modules folder at the end of the build, restarts Apache, and re-enables dso for the PHP handler as it will switch to suPHP during the EasyApache build but dso will become available again after the libphp5.so is copied back to /usr/local/apache/modules folder. If you use PHP 4 as well, you may need to revise the last line to put something other than none for the PHP 4 handler.

    After saving the file, ensure it can execute:

    Code:
    chmod +x /scripts/posteasyapache
    Of note, I previously was adding the LoadModule to /usr/local/apache/conf/includes/pre_main_global.conf file, but this isn't necessary due to the fact that it will be added to /usr/local/apache/conf/php.conf file once libphp5.so is moved back to /usr/local/apache/modules folder.

    Adding MPM ITK VirtualHost Directives

    Finally, to enable individual VirtualHost directives for MPM ITK, use the following steps:

    Code:
    mkdir -p /usr/local/apache/conf/userdata/std/2/username
    echo "AssignUserID username username" >> /usr/local/apache/conf/userdata/std/2/username/mpm.conf
    /scripts/ensure_vhost_includes --user=username
    Above, please replace username with the cPanel username for each instance.

    If you would also like to limit the MaxClients for that user, you can do:

    Code:
    echo "MaxClientsVHost #" >> /usr/local/apache/conf/userdata/std/2/username/mpm.conf
    /scripts/ensure_vhost_includes --user=username
    Here replace both username and # where # is the number you wish to limit for the MaxClients for that VirtualHost such as 50 or 25.

    Setting the PHP handler before the next EasyApache recompile

    In WHM > Apache Configuration > PHP and SuExec Configuration area, set the PHP 5 handler to dso.

    Alternatively, run this via command line:

    Code:
    /usr/local/cpanel/bin/rebuild_phpconf 5 none dso enabled
    As noted previously, if you are using PHP 4 as well via another handler, you'll need to change none to whatever handler PHP 4 should have.

    Working Examples

    To see a working example of my html page, PHP page and rails application page running under my username via MPM ITK, here are some process outputs:

    1. HTML page loaded in a browser returns 1 Apache process as the user

    Code:
    tristan 28413 0.0 0.2 111600 5864 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
    2. PHP page loaded in a browser returns 2 Apache processes as the user

    Code:
    tristan 28463 0.0 0.3 112232 7140 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
    tristan 28464 0.0 0.3 111600 6332 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
    3. Rails page loaded in a browser returns 5 Apache processes as the user

    Code:
    tristan 28512 0.0 0.2 111600 6144 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
    tristan 28514 0.0 0.2 111600 5840 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
    tristan 28516 0.0 0.2 111600 5840 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
    tristan 28517 0.0 0.2 111600 5840 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
    tristan 28518 0.0 0.2 111600 5840 ? S 11:52 0:00 /usr/local/apache/bin/httpd -k start -DSSL
     
  2. britsenigma

    britsenigma Well-Known Member

    Joined:
    Dec 14, 2008
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    I'm testing this currently. Can you confirm some WHM settings:

    Default PHP Version (.php files) 5
    PHP 5 Handler dso
    PHP 4 Handler none
    Suexec off
     
  3. britsenigma

    britsenigma Well-Known Member

    Joined:
    Dec 14, 2008
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    I made this script, my bash skills are basic at best.

    Any way to get the mpm.conf added (any hooks) when a new user account is created?

    Also, what php Optcode cache will work best with this setup?

    ##########SCRIPT

    #!/bin/bash

    src="/usr/local/apache/conf/userdata/std/2/"

    for dir in `ls "$src/"`
    do
    if [ -d "$src/$dir" ]; then
    echo $dir
    echo "Removing Old $dir/mpm.conf"
    rm -f /usr/local/apache/conf/userdata/std/2/$dir/mpm.conf
    echo "Adding AssignUserId to $dir/mpm.conf"
    echo "AssignUserID $dir $dir" >> /usr/local/apache/conf/userdata/std/2/$dir/mpm.conf
    # echo "MaxClientsVHost 25" >> /usr/local/apache/conf/userdata/std/2/$dir/mpm.conf
    /scripts/ensure_vhost_includes --user=$dir
    echo "Ensuring Vhost Inlcudes --user=$dir"
    fi
    done
     
    #3 britsenigma, Jan 2, 2012
    Last edited: Jan 2, 2012
  4. britsenigma

    britsenigma Well-Known Member

    Joined:
    Dec 14, 2008
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    I've gone back to the magic bullet config I was using before. This does work, it is faster, but there are compatibility issues I've not worked out yet.
     
  5. Brian

    Brian Well-Known Member

    Joined:
    Dec 1, 2010
    Messages:
    117
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    I would strongly advise against using MPM ITK at this point for any reason.

    Why? Our developers reviewed and considered both MPM ITK and mod_ruid2 for inclusion to the cPanel product a few months back. Both provide similar behavior/changes to Apache.

    Our developers sided with mod_ruid2 and it is now included and available via the latest EasyApache (as of v3.8.2). Although, note that you must be running cPanel 11.31.3.* or higher (Currently in EDGE only as of this posting) for mod_ruid2 to be available in EasyApache as a selection. This is due to product changes that were required to support mod_ruid2.

    Essentially, wait for 11.31.3.* or higher to hit your chosen cPanel tier and then utilize mod_ruid2 if you're looking for MPM ITK type behaviors. In this fashion, you will be using a cPanel sanctioned module vs. a custom opt mod that requires a decent amount of manual work arounds to even get working.

    More information can be found here in the feature request thread: http://forums.cpanel.net/f145/case-52294-support-mod_ruid2-229432.html
     
Loading...

Share This Page