feat: add Elasticache as session save handler (#304)

dvsa · Sep 3, 2024 · 20df1db · 20df1db
1 parent 2791b9c
commit 20df1db
Show file tree

Hide file tree

Showing 8 changed files with 81 additions and 0 deletions.
diff --git a/compose.yaml b/compose.yaml
@@ -52,6 +52,7 @@ services:
     volumes:
       - ./app/selfserve:/var/www/html
     environment:
+      ELASTICACHE_URL: tcp://redis:6379
       AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID-}
       AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY-}
       AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN-}
@@ -68,6 +69,7 @@ services:
     volumes:
       - ./app/internal:/var/www/html
     environment:
+      ELASTICACHE_URL: tcp://redis:6379
       AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID-}
       AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY-}
       AWS_SESSION_TOKEN: ${AWS_SESSION_TOKEN-}

diff --git a/infra/docker/internal/php.ini b/infra/docker/internal/php.ini
@@ -22,6 +22,38 @@ upload_max_filesize=180M
 ; https://php.net/session.serialize-handler
 session.serialize_handler=igbinary
 
+; Argument passed to save_handler.  In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+;     session.save_path = "N;/path"
+;
+; where N is an integer.  Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories.  This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+;         You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+;         use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+;     session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; https://php.net/session.save-path
+session.save_path=${ELASTICACHE_URL}
+
+; Handler used to store/retrieve data.
+; https://php.net/session.save-handler
+session.save_handler=redis
 
 [opcache]
 ; The maximum number of keys (and therefore scripts) in the OPcache hash table

diff --git a/infra/docker/selfserve/php.ini b/infra/docker/selfserve/php.ini
@@ -22,6 +22,39 @@ upload_max_filesize=180M
 ; https://php.net/session.serialize-handler
 session.serialize_handler=igbinary
 
+; Argument passed to save_handler.  In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+;     session.save_path = "N;/path"
+;
+; where N is an integer.  Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories.  This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+;         You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+;         use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+;     session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; https://php.net/session.save-path
+session.save_path=${ELASTICACHE_URL}
+
+; Handler used to store/retrieve data.
+; https://php.net/session.save-handler
+session.save_handler=redis
+
 [opcache]
 ; The maximum number of keys (and therefore scripts) in the OPcache hash table
 ; The Allowed value is between 200 and 100000.

diff --git a/infra/terraform/environments/dev/main.tf b/infra/terraform/environments/dev/main.tf
@@ -147,6 +147,8 @@ module "service" {
 
   vpc_id = data.aws_vpc.this.id
 
+  elasticache_url = "tcp://cache.dev.olcs.dev-dvsacloud.uk:6379"
+
   services = {
     "api" = {
       cpu    = 2048

diff --git a/infra/terraform/environments/int/main.tf b/infra/terraform/environments/int/main.tf
@@ -147,6 +147,8 @@ module "service" {
 
   vpc_id = data.aws_vpc.this.id
 
+  elasticache_url = "tcp://cache.qa.olcs.dev-dvsacloud.uk:6379"
+
   services = {
     "api" = {
       cpu    = 2048

diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
@@ -47,6 +47,7 @@
 | <a name="input_assets_version"></a> [assets\_version](#input\_assets\_version) | The version of the assets | `string` | n/a | yes |
 | <a name="input_batch"></a> [batch](#input\_batch) | Configuration for the batch process | <pre>object({<br>    version    = string<br>    repository = string<br>    subnet_ids = list(string)<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    jobs = list(object({<br>      name     = string<br>      commands = list(string)<br>      cpu      = optional(number, 1)<br>      memory   = optional(number, 2048)<br>      timeout  = optional(number, 300)<br>      schedule = optional(string, "")<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name for the environment | `string` | n/a | yes |
+| <a name="input_elasticache_url"></a> [elasticache\_url](#input\_elasticache\_url) | The URL of the Elasticache cluster | `string` | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to | `string` | n/a | yes |
 | <a name="input_legacy_environment"></a> [legacy\_environment](#input\_legacy\_environment) | The legacy environment to deploy use | `string` | n/a | yes |
 | <a name="input_services"></a> [services](#input\_services) | The services to deploy | <pre>map(object({<br>    version    = string<br>    repository = string<br>    cpu        = number<br>    memory     = number<br>    task_iam_role_statements = list(object({<br>      effect    = string<br>      actions   = list(string)<br>      resources = list(string)<br>    }))<br>    add_cdn_url_to_env = optional(bool, false)<br>    lb_listener_arn    = string<br>    // The reason for this was to enable the parallel running of ECS and EC2 services.<br>    // This boolean will control the flow of traffic. If `true`, traffic will go to ECS. If `false`, traffic will go to EC2.<br>    // Can be removed when EC2 services are removed.<br>    listener_rule_enable      = optional(bool, true)<br>    listener_rule_priority    = optional(number, 10)<br>    listener_rule_host_header = optional(string, "*")<br>    security_group_ids        = list(string)<br>    subnet_ids                = list(string)<br>    vpc_id                    = optional(string, null)<br>  }))</pre> | `{}` | no |

diff --git a/infra/terraform/modules/service/ecs.tf b/infra/terraform/modules/service/ecs.tf
@@ -109,6 +109,10 @@ module "ecs_service" {
             name  = "APP_VERSION"
             value = var.services[each.key].version
           },
+          {
+            name  = "ELASTICACHE_URL"
+            value = var.elasticache_url
+          }
         ],
         each.value.add_cdn_url_to_env ? [
           {

diff --git a/infra/terraform/modules/service/variables.tf b/infra/terraform/modules/service/variables.tf
@@ -23,6 +23,11 @@ variable "vpc_id" {
   description = "The VPC ID"
 }
 
+variable "elasticache_url" {
+  type        = string
+  description = "The URL of the Elasticache cluster"
+}
+
 variable "services" {
   type = map(object({
     version    = string