.sync.yml

@@ -4,6 +4,9 @@
     - docker/centos-7
     - docker/centos-6
     - docker/debian-8
+  env:
+    global:
+      - PARALLEL_TEST_PROCESSORS=8
 Rakefile:
   param_docs_pattern:
     - manifests/init.pp

.travis.yml

@@ -9,6 +9,8 @@ rvm:
 env:
   matrix:
     - PUPPET_VERSION=4.9
+  global:
+    - PARALLEL_TEST_PROCESSORS=8
 matrix:
   fast_finish: true
   include:

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## [8.2.0](https://github.com/theforeman/puppet-puppet/tree/8.2.0) (2018-01-25)
+[Full Changelog](https://github.com/theforeman/puppet-puppet/compare/8.1.0...8.2.0)
+
+**Implemented enhancements:**
+
+- Make max-queued-requests and max-retry-delay configurable [\#569](https://github.com/theforeman/puppet-puppet/issues/569)
+- add compile\_mode parameter to puppetserver.conf [\#574](https://github.com/theforeman/puppet-puppet/pull/574) ([miksercz](https://github.com/miksercz))
+- Make performance tuning defaults more safe [\#572](https://github.com/theforeman/puppet-puppet/pull/572) ([kasimon](https://github.com/kasimon))
+- Add `server_max_queued_requests` and `server_max_retry_delay` parameters [\#570](https://github.com/theforeman/puppet-puppet/pull/570) ([baurmatt](https://github.com/baurmatt))
+
 ## 8.1.0
 
 * Set the codedir in puppet.conf

Gemfile

@@ -7,6 +7,7 @@ gem 'puppet', ENV.key?('PUPPET_VERSION') ? "~> #{ENV['PUPPET_VERSION']}" : '>= 4
 
 gem 'rake'
 gem 'rspec', '~> 3.0'
+gem 'rdoc', '~> 5.1.0', {"platforms"=>["ruby_21"]}
 gem 'rspec-puppet', '~> 2.3'
 gem 'rspec-puppet-facts', '>= 1.7'
 gem 'puppetlabs_spec_helper', '>= 2.1.1'

manifests/init.pp

@@ -446,6 +446,14 @@
 #
 # $server_max_requests_per_instance::       Max number of requests a jruby instances will handle. Defaults to 0 (disabled)
 #
+# $server_max_queued_requests::             The maximum number of requests that may be queued waiting to borrow a
+#                                           JRuby from the pool. (Puppetserver 5.x only)
+#                                           Defaults to 0 (disabled) for Puppetserver >= 5.0
+#
+# $server_max_retry_delay::                 Sets the upper limit for the random sleep set as a Retry-After header on 
+#                                           503 responses returned when max-queued-requests is enabled. (Puppetserver 5.x only)
+#                                           Defaults to 1800 for Puppetserver >= 5.0
+#
 # $server_idle_timeout::                    How long the server will wait for a response on an existing connection
 #
 # $server_connect_timeout::                 How long the server will wait for a response to a connection attempt
@@ -519,6 +527,8 @@
 # $server_puppetserver_trusted_agents::     Certificate names of puppet agents that are allowed to fetch *all* catalogs
 #                                           Defaults to [] and all agents are only allowed to fetch their own catalogs.
 #
+# $server_compile_mode::                    Used to control JRuby's "CompileMode", which may improve performance.
+#                                           Defaults to undef (off).
 # === Usage:
 #
 # * Simple usage:
@@ -699,6 +709,8 @@
   Optional[Stdlib::Absolutepath] $server_jruby_gem_home = $puppet::params::server_jruby_gem_home,
   Integer[1] $server_max_active_instances = $puppet::params::server_max_active_instances,
   Integer[0] $server_max_requests_per_instance = $puppet::params::server_max_requests_per_instance,
+  Integer[0] $server_max_queued_requests = $puppet::params::server_max_queued_requests,
+  Integer[0] $server_max_retry_delay = $puppet::params::server_max_retry_delay,
   Boolean $server_use_legacy_auth_conf = $puppet::params::server_use_legacy_auth_conf,
   Boolean $server_check_for_updates = $puppet::params::server_check_for_updates,
   Boolean $server_environment_class_cache_enabled = $puppet::params::server_environment_class_cache_enabled,
@@ -715,6 +727,7 @@
   Optional[Array] $server_metrics_allowed = $::puppet::params::server_metrics_allowed,
   Boolean $server_puppetserver_experimental = $puppet::params::server_puppetserver_experimental,
   Array[String] $server_puppetserver_trusted_agents = $puppet::params::server_puppetserver_trusted_agents,
+  Optional[Enum['off', 'jit', 'force']] $server_compile_mode = $puppet::params::server_compile_mode,
 ) inherits puppet::params {
   include ::puppet::config
   Class['puppet::config'] -> Class['puppet']

manifests/params.pp

@@ -31,6 +31,7 @@
   $server_crl_enable   = undef
   $prerun_command      = undef
   $postrun_command     = undef
+  $server_compile_mode = undef
   $dns_alt_names       = []
   $use_srv_records     = false
 
@@ -408,10 +409,10 @@
   } else {
     $mem_in_mb = 0 + $::memorysize_mb
   }
-  if $mem_in_mb >= 2048 {
+  if $mem_in_mb >= 3072 {
     $server_jvm_min_heap_size = '2G'
     $server_jvm_max_heap_size = '2G'
-    $server_max_active_instances = abs($::processorcount)
+    $server_max_active_instances = min(abs($::processorcount), 4)
   } elsif $mem_in_mb >= 1024 {
     $server_max_active_instances = 1
     $server_jvm_min_heap_size = '1G'
@@ -429,6 +430,8 @@
   $server_default_manifest_path           = '/etc/puppet/manifests/default_manifest.pp'
   $server_default_manifest_content        = '' # lint:ignore:empty_string_assignment
   $server_max_requests_per_instance       = 0
+  $server_max_queued_requests             = 0
+  $server_max_retry_delay                 = 1800
   $server_idle_timeout                    = 1200000
   $server_web_idle_timeout                = 30000
   $server_connect_timeout                 = 120000

manifests/server.pp

@@ -432,6 +432,8 @@
   Optional[Stdlib::Absolutepath] $jruby_gem_home = $::puppet::server_jruby_gem_home,
   Integer[1] $max_active_instances = $::puppet::server_max_active_instances,
   Integer[0] $max_requests_per_instance = $::puppet::server_max_requests_per_instance,
+  Integer[0] $max_queued_requests = $puppet::server_max_queued_requests,
+  Integer[0] $max_retry_delay = $puppet::server_max_retry_delay,
   Boolean $use_legacy_auth_conf = $::puppet::server_use_legacy_auth_conf,
   Boolean $check_for_updates = $::puppet::server_check_for_updates,
   Boolean $environment_class_cache_enabled = $::puppet::server_environment_class_cache_enabled,
@@ -447,6 +449,7 @@
   Variant[Undef, Array] $metrics_allowed = $::puppet::server_metrics_allowed,
   Boolean $puppetserver_experimental = $::puppet::server_puppetserver_experimental,
   Array[String] $puppetserver_trusted_agents = $::puppet::server_puppetserver_trusted_agents,
+  Optional[Enum['off', 'jit', 'force']] $compile_mode = $::puppet::server_compile_mode,
 ) {
   if $implementation == 'master' and $ip != $puppet::params::ip {
     notify {

manifests/server/puppetserver.pp

@@ -48,6 +48,14 @@
 # * `server_max_requests_per_instance`
 # Puppetserver number of max requests per jruby instance
 #
+# * `server_max_queued_requests`
+# The maximum number of requests that may be queued waiting
+# to borrow a JRuby from the pool.
+#
+# * `server_max_retry_delay`
+# Sets the upper limit for the random sleep set as a Retry-After
+# header on 503 responses returned when max-queued-requests is enabled.
+#
 # === Example
 #
 # @example
@@ -75,6 +83,8 @@
   $server_cipher_suites                   = $::puppet::server::cipher_suites,
   $server_max_active_instances            = $::puppet::server::max_active_instances,
   $server_max_requests_per_instance       = $::puppet::server::max_requests_per_instance,
+  $server_max_queued_requests             = $::puppet::server::max_queued_requests,
+  $server_max_retry_delay                 = $::puppet::server::max_retry_delay,
   $server_ssl_protocols                   = $::puppet::server::ssl_protocols,
   $server_ssl_ca_crl                      = $::puppet::server::ssl_ca_crl,
   $server_ssl_ca_cert                     = $::puppet::server::ssl_ca_cert,
@@ -112,6 +122,7 @@
   $server_experimental                    = $::puppet::server::puppetserver_experimental,
   $server_trusted_agents                  = $::puppet::server::puppetserver_trusted_agents,
   $allow_header_cert_info                 = $::puppet::server::allow_header_cert_info,
+  $compile_mode                           = $::puppet::server::compile_mode,
 ) {
   include ::puppet::server
 

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "theforeman-puppet",
-  "version": "8.1.0",
+  "version": "8.2.0",
   "author": "theforeman",
   "summary": "Puppet agent and server configuration",
   "license": "GPL-3.0+",

spec/classes/puppet_server_puppetserver_spec.rb

@@ -31,6 +31,8 @@
                                                      'TLS_RSA_WITH_AES_128_CBC_SHA', ],
         :server_max_active_instances            => 2,
         :server_max_requests_per_instance       => 0,
+        :server_max_queued_requests             => 0,
+        :server_max_retry_delay                 => 1800,
         :server_http                            => false,
         :server_http_allow                      => [],
         :server_ca                              => true,
@@ -69,6 +71,7 @@
         :server_crl_enable                      => true,
         :server_trusted_agents                  => [],
         :allow_header_cert_info                 => false,
+        :compile_mode                           => 'off', # In reality defaults to undef
       } end
 
       describe 'with default parameters' do
@@ -270,6 +273,86 @@
         end
       end
 
+      describe 'server_max_queued_requests' do
+        context 'when server_puppetserver_version >= 5.0 with default parameters' do
+          let(:params) do
+            default_params.merge(
+              :server_puppetserver_dir     => '/etc/custom/puppetserver',
+              :server_puppetserver_version => '5.0.0',
+            )
+          end
+          it 'should have max-queued-requests: 0' do
+            should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf').
+              with_content(%r{^    max-queued-requests: 0\n})
+          end
+        end
+        context 'when server_puppetserver_version >= 5.0 with custom server_max_queued_requests' do
+          let(:params) do
+            default_params.merge(
+              :server_puppetserver_dir     => '/etc/custom/puppetserver',
+              :server_puppetserver_version => '5.0.0',
+              :server_max_queued_requests  => 100,
+            )
+          end
+          it 'should have custom max-queued-requests: 100' do
+            should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf').
+              with_content(%r{^    max-queued-requests: 100\n})
+          end
+        end
+        context 'when server_puppetserver_version < 5.0 with default parameters' do
+          let(:params) do
+            default_params.merge(
+              :server_puppetserver_dir     => '/etc/custom/puppetserver',
+              :server_puppetserver_version => '2.7.0',
+            )
+          end
+          it 'should not have max-queued-requests' do
+            should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf').
+              without_content(%r{^    max-queued-requests: (.*)$})
+          end
+        end
+      end
+
+      describe 'server_max_retry_delay' do
+        context 'when server_puppetserver_version >= 5.0 with default parameters' do
+          let(:params) do
+            default_params.merge(
+              :server_puppetserver_dir     => '/etc/custom/puppetserver',
+              :server_puppetserver_version => '5.0.0',
+            )
+          end
+          it 'should have max-retry-delay: 1800' do
+            should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf').
+              with_content(%r{^    max-retry-delay: 1800\n})
+          end
+        end
+        context 'when server_puppetserver_version >= 5.0 custom server_max_retry_delay' do
+          let(:params) do
+            default_params.merge(
+              :server_puppetserver_dir     => '/etc/custom/puppetserver',
+              :server_puppetserver_version => '5.0.0',
+              :server_max_retry_delay      => 100
+            )
+          end
+          it 'should have custom max-retry-delay: 100' do
+            should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf').
+              with_content(%r{^    max-retry-delay: 100\n})
+          end
+        end
+        context 'when server_puppetserver_version < 5.0 with default parameters' do
+          let(:params) do
+            default_params.merge(
+              :server_puppetserver_dir     => '/etc/custom/puppetserver',
+              :server_puppetserver_version => '2.7.0',
+            )
+          end
+          it 'should not have max-retry-delay' do
+            should contain_file('/etc/custom/puppetserver/conf.d/puppetserver.conf').
+              without_content(%r{^    max-retry-delay: (.*)$})
+          end
+        end
+      end
+
       describe 'versioned-code-service' do
         context 'when server_puppetserver_version >= 2.5' do
           let(:params) do

templates/server/puppetserver/conf.d/puppetserver.conf.erb

@@ -56,6 +56,13 @@ jruby-puppet: {
     # (optional) the number of HTTP requests a given JRuby instance will handle in its lifetime.
     max-requests-per-instance: <%= @server_max_requests_per_instance %>
 
+<%- if scope.function_versioncmp([@server_puppetserver_version, '5.0']) >= 0 -%>
+    # (optional) The maximum number of requests that may be queued waiting to borrow a JRuby from the pool.
+    max-queued-requests: <%= @server_max_queued_requests %>
+
+    # (optional) Sets the upper limit for the random sleep set as a Retry-After header on 503 responses returned when max-queued-requests is enabled.
+    max-retry-delay: <%= @server_max_retry_delay %>
+<%- end -%>
     # (optional) Authorize access to Puppet master endpoints via rules
     # specified in the legacy Puppet auth.conf file (if true) or via rules
     # specified in the Puppet Server HOCON-formatted auth.conf (if false or not
@@ -66,6 +73,9 @@ jruby-puppet: {
     # (optional) enable or disable environment class cache
     environment-class-cache-enabled: <%= @server_environment_class_cache_enabled %>
 <%- end -%>
+<%- if @compile_mode %>
+    compile-mode: <%= @compile_mode %>
+<%- end -%>
 }
 
 # settings related to HTTP client requests made by Puppet Server