Commit 06a093ce authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

Update Release Candidate

parents 9e27c362 cf8ca3a4
...@@ -16,14 +16,53 @@ extends = ...@@ -16,14 +16,53 @@ extends =
../openldap/buildout.cfg ../openldap/buildout.cfg
../pkgconfig/buildout.cfg ../pkgconfig/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
../libzip/buildout.cfg
../autoconf/buildout.cfg
../automake/buildout.cfg
../imagemagick/buildout.cfg
../icu/buildout.cfg
../openssl/buildout.cfg
[php-redis]
recipe = slapos.recipe.cmmi
url = https://github.com/phpredis/phpredis/archive/5.0.0.tar.gz
md5sum = 4f11e0567a10c29394aae52a4fa8bb40
configure-command =
phpize && ./configure
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[php-imagick]
recipe = slapos.recipe.cmmi
url = https://github.com/Imagick/imagick/archive/3.4.4.tar.gz
md5sum = ef6cbadd834eb306bd91874a8f5dea03
configure-command =
phpize && ./configure
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
PKG_CONFIG_PATH=${imagemagick:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${imagemagick:location}/bin:${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
IM_IMAGEMAGICK_PREFIX=${imagemagick:location}
[php-apcu]
recipe = slapos.recipe.cmmi
url = https://github.com/krakjoe/apcu/archive/v5.1.17.tar.gz
md5sum = f64b6cd5108aea63df2d5cc301c58b2b
configure-command =
phpize && ./configure
configure-options =
--with-php-config=${apache-php:location}/bin/php-config
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[apache-php] [apache-php]
# Note: Shall react on each build of apache and reinstall itself # Note: Shall react on each build of apache and reinstall itself
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = http://fr2.php.net/distributions/php-5.4.12.tar.bz2 url = https://www.php.net/distributions/php-7.3.6.tar.bz2
md5sum = 5c7b614242ae12e9cacca21c8ab84818 md5sum = bde9a912fb311182cd460dad1abbc247
configure-options = configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-apxs2=${apache:location}/bin/apxs --with-apxs2=${apache:location}/bin/apxs
--with-libxml-dir=${libxml2:location} --with-libxml-dir=${libxml2:location}
--with-mysql=${mariadb:location} --with-mysql=${mariadb:location}
...@@ -44,21 +83,30 @@ configure-options = ...@@ -44,21 +83,30 @@ configure-options =
--with-ldap=${openldap:location} --with-ldap=${openldap:location}
--with-imap-ssl --with-imap-ssl
--with-openssl=${openssl:location} --with-openssl=${openssl:location}
--with-libzip=${libzip:location}
--with-icu-dir=${icu:location}
--enable-apcu-bc
--enable-intl
--enable-libxml --enable-libxml
--enable-json
--enable-mbstring --enable-mbstring
--enable-pcntl
--enable-session --enable-session
--enable-exif --enable-exif
--enable-zip
--enable-ftp --enable-ftp
--enable-zip
--disable-zend-test
--disable-static
# Changing TMPDIR is required for PEAR installation. # Changing TMPDIR is required for PEAR installation.
# It will create a pear/temp directory under the SR instead of a shared /tmp/pear/temp. # It will create a pear/temp directory under the SR instead of a shared /tmp/pear/temp.
# XXX we could mkdir tmp there # XXX we could mkdir tmp there
environment = environment =
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${libzip:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s
LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid CPPFLAGS=-I${libzip:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${curl:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid -L${libzip:location}/lib -Wl,-rpath -Wl,${libzip:location}/lib
TMPDIR=${buildout:parts-directory}/${:_buildout_section_name_} TMPDIR=${buildout:parts-directory}/${:_buildout_section_name_}
HOME=${apache:location} HOME=${apache:location}
......
...@@ -103,7 +103,7 @@ LoadModule headers_module modules/mod_headers.so ...@@ -103,7 +103,7 @@ LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so LoadModule filter_module modules/mod_filter.so
AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype application/wasm
PidFile "{{ parameter_dict['pid-file'] }}" PidFile "{{ parameter_dict['pid-file'] }}"
ServerAdmin admin@ ServerAdmin admin@
......
...@@ -14,5 +14,5 @@ ...@@ -14,5 +14,5 @@
# not need these here). # not need these here).
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = c969256e5a9e85a295baf3a695a7c21d md5sum = 416ded1ea16b6aa0e5e2c2261befd91e
...@@ -6,17 +6,8 @@ extends = ...@@ -6,17 +6,8 @@ extends =
../openssl/buildout.cfg ../openssl/buildout.cfg
parts = parts =
cclient-patch
cclient cclient
[cclient-patch]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/imap-2007f.patch
md5sum = 42c77fdd5d7a976fc302b93aadb3da98
filename = imap-2007f.patch
[cclient] [cclient]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
url = ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz url = ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
...@@ -31,10 +22,12 @@ make-options = ...@@ -31,10 +22,12 @@ make-options =
IP=6 IP=6
SSLLIB=${openssl:location}/lib SSLLIB=${openssl:location}/lib
EXTRACFLAGS=-fPIC EXTRACFLAGS=-fPIC
EXTRALDFLAGS="-Wl,-rpath -Wl,${openssl:location}/lib"
CCLIENT=${buildout:parts-directory} CCLIENT=${buildout:parts-directory}
-j1 -j1
patches = patches =
${cclient-patch:location}/${cclient-patch:filename} ${:_profile_base_location_}/imap-2007f.patch#42c77fdd5d7a976fc302b93aadb3da98
${:_profile_base_location_}/imap-2007f-openssl-1.1.patch#c726354e888f2f3b3954e334903cef80
patch-options = -p1 patch-options = -p1
From c3f68d987c00284d91ad6599a013b7111662545b Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 2 Sep 2016 21:33:33 +0000
Subject: [PATCH] uw-imap: compile against openssl 1.1.0
I *think* I replaced access to cert->name with certificate's subject name. I
assume that the re-aranged C-code is doing the same thing. A double check
wouldn't hurt :)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
src/osdep/unix/ssl_unix.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
index 3bfdff3..836e9fa 100644
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -59,7 +59,7 @@ typedef struct ssl_stream {
static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
-static char *ssl_validate_cert (X509 *cert,char *host);
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
long *contd);
@@ -210,6 +210,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
BIO *bio;
X509 *cert;
unsigned long sl,tl;
+ char cert_subj[250];
char *s,*t,*err,tmp[MAILTMPLEN];
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
@@ -266,14 +267,19 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
- if (!(flags & NET_NOVALIDATECERT) &&
- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
- host))) {
- /* application callback */
- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
+ if (!(flags & NET_NOVALIDATECERT)) {
+
+ cert_subj[0] = '\0';
+ cert = SSL_get_peer_certificate(stream->con);
+ if (cert)
+ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
+ err = ssl_validate_cert (cert, host, cert_subj);
+ if (err)
+ /* application callback */
+ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
/* error message to return via mm_log() */
- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
- return ssl_last_error = cpystr (tmp);
+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
+ return ssl_last_error = cpystr (tmp);
}
return NIL;
}
@@ -313,7 +319,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
* Returns: NIL if validated, else string of error message
*/
-static char *ssl_validate_cert (X509 *cert,char *host)
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
{
int i,n;
char *s,*t,*ret;
@@ -322,9 +328,9 @@ static char *ssl_validate_cert (X509 *cert,char *host)
/* make sure have a certificate */
if (!cert) ret = "No certificate from server";
/* and that it has a name */
- else if (!cert->name) ret = "No name in certificate";
+ else if (cert_subj[0] == '\0') ret = "No name in certificate";
/* locate CN */
- else if (s = strstr (cert->name,"/CN=")) {
+ else if (s = strstr (cert_subj,"/CN=")) {
if (t = strchr (s += 4,'/')) *t = '\0';
/* host name matches pattern? */
ret = ssl_compare_hostnames (host,s) ? NIL :
--
2.9.3
[buildout]
parts =
f2c
[libf2c]
recipe = slapos.recipe.cmmi
url = https://www.netlib.org/f2c/libf2c.zip#${:md5sum}
configure-command = true
md5sum = e80fb30fa3717660db71b1bed65b88b7
make-binary = make -f makefile.u
make-targets = install LIBDIR=${:location}
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[f2c]
recipe = slapos.recipe.cmmi
url = http://www.netlib.org/f2c/src.tgz#${:md5sum}
md5sum = 7e97530d10ec5783e9d54c1a61eaeed7
configure-command = true
make-binary = make -f makefile.u
make-targets =
post-install = cp f2c ${:location}
location = ${buildout:parts-directory}/${:_buildout_section_name_}
environment =
CPPFLAGS=-I${libf2c:location}/include
LDFLAGS=-L${libf2c:location}/lib
\ No newline at end of file
[buildout]
extends =
../bzip2/buildout.cfg
../cmake/buildout.cfg
../zlib/buildout.cfg
parts = libzip
[libzip]
recipe = slapos.recipe.cmmi
url = https://libzip.org/download/libzip-1.5.2.tar.xz
md5sum = f9dd38d273bcdec5d3d1498fe6684f42
location = ${buildout:parts-directory}/${:_buildout_section_name_}
configure-command =
mkdir build && cd build && \
${cmake:location}/bin/cmake \
-DCMAKE_INSTALL_PREFIX=${:location} \
-DCMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include \
-DCMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib \
..
make-binary =
cd build && make
environment =
PATH=${cmake:location}/bin:%(PATH)s
CMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include
CMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib
\ No newline at end of file
...@@ -9,8 +9,8 @@ extends = ...@@ -9,8 +9,8 @@ extends =
[openldap] [openldap]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.42.tgz url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.47.tgz
md5sum = 47c8e2f283647a6105b8b0325257e922 md5sum = e508f97bfd778fec7799f286e5c07176
configure-options = configure-options =
--disable-static --disable-static
--disable-slapd --disable-slapd
...@@ -24,6 +24,6 @@ configure-options = ...@@ -24,6 +24,6 @@ configure-options =
--with-tls=openssl --with-tls=openssl
environment = environment =
CPPFLAGS=-I${openssl-1.0:location}/include -I${cyrus-sasl:location}/include CPPFLAGS=-I${openssl:location}/include -I${cyrus-sasl:location}/include
LDFLAGS=-L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
PATH=${groff:location}/bin:%(PATH)s PATH=${groff:location}/bin:%(PATH)s
This diff is collapsed.
This diff is collapsed.
[buildout]
[python-cachecontrol]
recipe = zc.recipe.egg:custom
egg = cachecontrol
setup-eggs =
pbr
lockfile
...@@ -11,6 +11,7 @@ extends = ...@@ -11,6 +11,7 @@ extends =
../patch/buildout.cfg ../patch/buildout.cfg
../readline/buildout.cfg ../readline/buildout.cfg
../sqlite3/buildout.cfg ../sqlite3/buildout.cfg
../gcc/buildout.cfg
../xz-utils/buildout.cfg ../xz-utils/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
...@@ -37,6 +38,7 @@ configure-options = ...@@ -37,6 +38,7 @@ configure-options =
--with-system-expat --with-system-expat
--with-system-ffi --with-system-ffi
--with-threads --with-threads
--with-openssl=${openssl:location}
# Profiled build: # Profiled build:
--enable-optimizations --enable-optimizations
pre-install = mkdir profile-opt pre-install = mkdir profile-opt
...@@ -58,3 +60,19 @@ md5sum = 57d1f8bfbabf4f2500273fb0706e6f21 ...@@ -58,3 +60,19 @@ md5sum = 57d1f8bfbabf4f2500273fb0706e6f21
package_version = 3.6.6 package_version = 3.6.6
md5sum = c3f30a0aff425dda77d19e02f420d6ba md5sum = c3f30a0aff425dda77d19e02f420d6ba
executable = @@LOCATION@@/bin/python3.6 executable = @@LOCATION@@/bin/python3.6
# Python 3.7 have to use gcc 8(actually, gcc 4+)
# See https://bugs.python.org/issue34112
# I think gcc 5 may meet the requirement, use gcc 8 all in one step
[python3.7]
<= python3-common
package_version = 3.7.2
md5sum = df6ec36011808205beda239c72f947cb
patch-options =
patches =
executable = @@LOCATION@@/bin/python3.7
environment =
PATH=${gcc-8.2:location}/bin::${xz-utils:location}/bin:%(PATH)s
CPPFLAGS=-I${zlib:location}/include -I${xz-utils:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${libffi:location}/include -I${ncurses:location}/include -I${ncurses:location}/include/ncursesw -I${bzip2:location}/include -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
LDFLAGS=-L${zlib:location}/lib -L${xz-utils:location}/lib -L${readline:location}/lib -L${libexpat:location}/lib -L${libffi:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${xz-utils:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${file:location}/lib
LD_LIBRARY_PATH=${libpng:location}/lib:${gcc-8.2:location}/lib:${gcc-8.2:location}/lib64
\ No newline at end of file
...@@ -3,23 +3,13 @@ ...@@ -3,23 +3,13 @@
extends = extends =
../../stack/slapos.cfg ../../stack/slapos.cfg
../bison/buildout.cfg ../bison/buildout.cfg
../bzip2/buildout.cfg
../firewalld/buildout.cfg ../firewalld/buildout.cfg
../gdbm/buildout.cfg
../gettext/buildout.cfg
../glib/buildout.cfg ../glib/buildout.cfg
../libxml2/buildout.cfg
../libxslt/buildout.cfg
../m4/buildout.cfg ../m4/buildout.cfg
../ncurses/buildout.cfg
../openssl/buildout.cfg
../patch/buildout.cfg
../pkgconfig/buildout.cfg ../pkgconfig/buildout.cfg
../python-2.7/buildout.cfg
../readline/buildout.cfg ../readline/buildout.cfg
../sqlite3/buildout.cfg ../sqlite3/buildout.cfg
../swig/buildout.cfg ../swig/buildout.cfg
../zlib/buildout.cfg
../socat/buildout.cfg ../socat/buildout.cfg
parts = parts =
...@@ -87,6 +77,7 @@ eggs = ...@@ -87,6 +77,7 @@ eggs =
${lxml-python:egg} ${lxml-python:egg}
${python-cffi:egg} ${python-cffi:egg}
${python-PyYAML:egg} ${python-PyYAML:egg}
${python-cachecontrol:egg}
${python-cliff:egg} ${python-cliff:egg}
${python-cryptography:egg} ${python-cryptography:egg}
pyOpenSSL pyOpenSSL
......
...@@ -18,7 +18,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e ...@@ -18,7 +18,7 @@ md5sum = f686f765e55d1dce2e55a400f0714b3e
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg filename = instance-apache-frontend.cfg
md5sum = d6398d727eb1e1bc3df1768a9b9a7e0c md5sum = a6b566a29f1b5021d0f1f3c4fa20d749
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -38,7 +38,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e ...@@ -38,7 +38,7 @@ md5sum = 665e83d660c9b779249b2179d7ce4b4e
[template-apache-frontend-configuration] [template-apache-frontend-configuration]
filename = templates/apache.conf.in filename = templates/apache.conf.in
md5sum = 1f483a6e1a8076980e1bbbf495ee21b2 md5sum = 05239181f4d5d0e3fe6bccda587fa9a5
[template-custom-slave-list] [template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
......
...@@ -138,7 +138,7 @@ ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }} ...@@ -138,7 +138,7 @@ ThreadsPerChild {{ slapparameter_dict.get('mpm-thread-per-child', '25') }}
GracefulShutdownTimeout {{ slapparameter_dict.get('mpm-graceful-shutdown-timeout', '5') }} GracefulShutdownTimeout {{ slapparameter_dict.get('mpm-graceful-shutdown-timeout', '5') }}
# Deflate # Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/json application/x-javascript application/javascript AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/json application/x-javascript application/javascript application/wasm
BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
......
...@@ -91,12 +91,24 @@ ...@@ -91,12 +91,24 @@
"minimum": 0, "minimum": 0,
"type": "integer" "type": "integer"
}, },
"innodb-file-per-table": {
"description": "See MariaDB documentation on innodb_file_per_table",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"long-query-time": { "long-query-time": {
"description": "Number of seconds above which long queries are logged", "description": "Number of seconds above which long queries are logged",
"minimum": 0, "minimum": 0,
"default": 1, "default": 1,
"type": "number" "type": "number"
}, },
"max-connection-count": {
"description": "See MariaDB documentation on max_connections. If not provided, a value suitable for the number of request Zope processes is chosen.",
"minimum": 0,
"type": "integer"
},
"relaxed-writes": { "relaxed-writes": {
"description": "When enabled, sets innodb_flush_log_at_trx_commit = 0, innodb_flush_method = nosync, innodb_doublewrite = 0 and sync_frm = 0 - RTFM, those options are dangerous", "description": "When enabled, sets innodb_flush_log_at_trx_commit = 0, innodb_flush_method = nosync, innodb_doublewrite = 0 and sync_frm = 0 - RTFM, those options are dangerous",
"default": false, "default": false,
......
...@@ -19,7 +19,7 @@ md5sum = 028b6a6456d744c11b1bb2c51ecd51b2 ...@@ -19,7 +19,7 @@ md5sum = 028b6a6456d744c11b1bb2c51ecd51b2
[template-kvm] [template-kvm]
filename = instance-kvm.cfg.jinja2 filename = instance-kvm.cfg.jinja2
md5sum = 26a947c75792072a7b526cb18b617b10 md5sum = c79448a49b1b3dc6e757b90f497c7be1
[template-kvm-cluster] [template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in filename = instance-kvm-cluster.cfg.jinja2.in
......
...@@ -474,7 +474,7 @@ ipv4-network-info = ...@@ -474,7 +474,7 @@ ipv4-network-info =
gateway {{ slap_configuration.get('tap-ipv4-gateway') }} gateway {{ slap_configuration.get('tap-ipv4-gateway') }}
{% if enable_http == 'true' %} {% if enable_http == 'true' %}
${helper:blank-line} ${helper:blank-line}
Or run in your VM the command: wget -O- {{ kvm_http }}/netconfig.sh | /bin/sh - Or run in your VM the command: wget -O- {{ kvm_http }}/${network-config-ipv4:filename} | /bin/sh -
{% endif %} {% endif %}
{% endif %} {% endif %}
...@@ -496,7 +496,8 @@ ipv6-network-info = ...@@ -496,7 +496,8 @@ ipv6-network-info =
{% if use_tap == 'true' and slap_configuration.get('tap-ipv4-addr') -%} {% if use_tap == 'true' and slap_configuration.get('tap-ipv4-addr') -%}
[network-config-ipv4] [network-config-ipv4]
recipe = plone.recipe.command recipe = plone.recipe.command
path = ${directory:public}/netconfig.sh filename = netconfig.sh
path = ${directory:public}/${:filename}
ifconfig = ifconfig \$IFACE {{ slap_configuration.get('tap-ipv4-addr') }} netmask {{ slap_configuration.get('tap-ipv4-netmask') }} ifconfig = ifconfig \$IFACE {{ slap_configuration.get('tap-ipv4-addr') }} netmask {{ slap_configuration.get('tap-ipv4-netmask') }}
route-iface = route add {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE route-iface = route add {{ slap_configuration.get('tap-ipv4-gateway') }} dev \$IFACE
route-network = route add -net {{ slap_configuration.get('tap-ipv4-network') }} netmask {{ slap_configuration.get('tap-ipv4-netmask') }} gw {{ slap_configuration.get('tap-ipv4-gateway') }} route-network = route add -net {{ slap_configuration.get('tap-ipv4-network') }} netmask {{ slap_configuration.get('tap-ipv4-netmask') }} gw {{ slap_configuration.get('tap-ipv4-gateway') }}
......
<VirtualHost *:{{ parameter_dict['port'] }}>
ServerAdmin admin@example.com
DocumentRoot {{ parameter_dict['document-root'] }}
SetEnvIf Origin "^http(s)?://(.+\.)?(app\.officejs\.com)$" ORIGIN_DOMAIN=$0
Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory {{ parameter_dict['document-root'] }}>
Options +FollowSymlinks
AllowOverride All
Require all granted
SetEnv HOME {{ parameter_dict['document-root'] }}
SetEnv HTTP_HOME {{ parameter_dict['document-root'] }}
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
\ No newline at end of file
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Parameters to instantiate Grafana",
"additionalProperties": false,
"properties": {
"domain": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"monitor-interface-url": {
"title": "Monitor Web Interface URL",
"description": "Give Url of HTML web interface that will be used to render this monitor instance.",
"type": "string",
"format": "uri",
"default": "https://monitor.app.officejs.com"
},
"monitor-cors-domains": {
"title": "Monitor CORS domains",
"description": "List of cors domains separated with space. Needed for ajax query on this monitor instance from a different domain.",
"type": "string",
"default": "monitor.app.officejs.com"
},
"innodb-file-per-table": {
"title": "Enable/disable innodb_file_per_table",
"description": "See MariaDB documentation on innodb_file_per_table",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"apache-computer-guid": {
"title": "Computer ID for Apache Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"mariadb-computer-guid": {
"title": "Computer ID for Mariadb Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"instance.mail-from": {
"title": "Mail from",
"description": "From",
"type": "string"
},
"instance.mail-domain": {
"title": "Mail domain name",
"description": "Domain name",
"type": "string"
},
"instance.mail-smtpauthtype": {
"title": "SMTP Auth type",
"description": "Mail SMTP auth type. Default: LOGIN",
"type": "string",
"default": "LOGIN"
},
"instance.mail-smtpauth": {
"title": "SMTP auth required",
"description": "Verify SSL certificate of SMTP server. Default: Yes",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"instance.mail-smtpport": {
"title": "SMTP port",
"description": "Mail SMTP Port. Default: 587",
"type": "integer",
"default": 587
},
"instance.mail-smtphost": {
"title": "SMTP host",
"description": "Mail SMTP host",
"type": "string"
},
"instance.mail-smtpname": {
"title": "SMTP name",
"description": "Mail SMTP server name.",
"type": "string"
},
"instance.mail-smtppassword": {
"title": "SMTP password",
"description": "Password to connect to SMTP server.",
"type": "string"
},
"instance.collabora-url": {
"title": "Collabora URL",
"description": "Collabora server URL",
"type": "string",
"format": "uri",
"default": "https://collabora.host.vifib.net"
},
"instance.stun-server": {
"title": "Stun server address",
"description": "Hostname of stun server. Default: turn.vifib.com:5349",
"type": "string",
"default": "turn.vifib.com:5349"
},
"instance.turn-server": {
"title": "Turn server address",
"description": "Hostname of turn server.",
"default": "",
"type": "string"
},
"instance.turn-secret": {
"title": "Turn server secret",
"description": "Turn secret to use for authentification.",
"type": "string"
},
"instance.cli-url": {
"title": "Nextcloud cli URL",
"description": "Nextcloud cli URL, the default will be Nextcloud url.",
"type": "string",
"format": "uri"
},
"instance.trusted-domain-1": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"instance.trusted-domain-2": {
"title": "Second authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
}
}
}
\ No newline at end of file
#!/bin/bash
set -e
set -x
php_cmd () {
{{ parameter_dict['php-bin'] }} -c {{ parameter_dict['php-ini'] }} $@
}
status=$(php_cmd {{ parameter_dict['nextcloud'] }}/occ status | grep 'installed: true' || true)
if [ ! -z "$status" ]; then
echo "Nextcloud is installed!"
exit 1;
fi
if [ ! -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
echo "CAN_INSTALL no exists in config, cannot make a new install, Nextcloud is already installed."
exit 1
fi
php_cmd {{ parameter_dict['nextcloud'] }}/occ maintenance:install \
--database "mysql" --database-name "{{ parameter_dict['db-name'] }}" --database-user "{{ parameter_dict['db-user'] }}" \
--database-pass "{{ parameter_dict['db-password'] }}" --admin-user "{{ parameter_dict['admin-user'] }}" \
--database-host "{{ parameter_dict['db-host'] }}:{{ parameter_dict['db-port'] }}" \
--admin-pass "{{ parameter_dict['admin-password'] }}" --data-dir "{{ parameter_dict['data-dir'] }}"
{% for trusted_domain in parameter_dict['trusted-domain-list'].split() -%}
{% if trusted_domain.strip() -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set trusted_domains {{ loop.index - 1 }} --value={{ trusted_domain.strip() }}
{% endif -%}
{% endfor -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set overwrite.cli.url --value={{ parameter_dict['cli-url'] }}
php_cmd {{ parameter_dict['nextcloud'] }}/occ background:cron
sed -i 's/^[ ]*//' {{ parameter_dict['nextcloud'] }}/config/config.php
sed -i '/);/d' {{ parameter_dict['nextcloud'] }}/config/config.php
cat <<EOF >> {{ parameter_dict['nextcloud'] }}/config/config.php
'mysql.utf8mb4' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => '{{ parameter_dict["mail.from"] }}',
'mail_domain' => '{{ parameter_dict["mail.domain"] }}',
'mail_smtpauthtype' => '{{ parameter_dict["mail.smtpauthtype"] }}',
'mail_smtpauth' => {{ parameter_dict["mail.smtpauth"] }},
'mail_smtpport' => '{{ parameter_dict["mail.smtpport"] }}',
'mail_smtphost' => '{{ parameter_dict["mail.smtphost"] }}',
'mail_smtpname' => '{{ parameter_dict["mail.smtpname"] }}',
'mail_smtppassword' => '{{ parameter_dict["mail.smtppassword"] }}',
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
),
{% set trusted_proxy_list = parameter_dict['trusted-proxy-list'].strip().split(' ') -%}
{% if len(trusted_proxy_list) > 0 -%}
'trusted_proxies' =>
array (
{% for proxy in trusted_proxy_list -%}
{% if proxy -%}
{{ ' ' ~ (loop.index - 1) }} => '{{ proxy }}',
{% endif -%}
{% endfor -%}
),
{% endif -%}
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'csrf.optout' =>
array (
0 => '/^WebDAVFS/',
1 => '/^Microsoft-WebDAV-MiniRedir/',
2 => '/^\\.jio_documents/',
),
'cron_log' => true,
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'filelocking.enabled' => 'true',
'htaccess.RewriteBase' => '/',
'integrity.check.disabled' => false,
'knowledgebaseenabled' => false,
'logfile' => '{{ parameter_dict["data-dir"] }}/nextcloud.log',
'loglevel' => 2,
'log_rotate_size' => 104857600,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'overwriteprotocol' => 'https',
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'redis' =>
array (
'host' => '{{ parameter_dict["redis-socket"] }}',
'port' => 0,
'timeout' => 0.0,
),
'quota_include_external_storage' => false,
'share_folder' => '/Shares',
'skeletondirectory' => '',
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
);
EOF
# Install some nextcloud app
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install spreed
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install richdocuments
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install calendar
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install rainloop
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install news
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set richdocuments wopi_url --value="{{ parameter_dict.get('collabora-url', '') }}"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed stun_servers --value="[\"{{ parameter_dict['stun-server'] }}\"]"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed turn_servers --value="[{\"server\":\"{{ parameter_dict['turn-server'] }}\",\"secret\":\"{{ parameter_dict['turn-secret'] }}\",\"protocols\":\"udp,tcp\"}]"
sed -i 's#useCronUpdates\s*=.*#useCronUpdates = false#g' {{ parameter_dict['data-dir'] }}/news/config/config.ini
if [ -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
rm {{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL
fi
\ No newline at end of file
#############
# Redis #
#############
[nc-directory]
recipe = slapos.cookbook:mkdirectory
redis = ${directory:srv}/redis
redis-log = ${directory:log}/redis
data = ${directory:srv}/data
backup = ${directory:backup}/nextcloud
[service-redis]
recipe = slapos.cookbook:redis.server
wrapper = ${directory:services}/redis
promise_wrapper = ${directory:promises}/redis
server_dir = ${nc-directory:redis}
config_file = ${directory:etc}/redis.conf
log_file = ${nc-directory:redis-log}/redis.log
pid_file = ${directory:run}/redis.pid
use_passwd = false
unixsocket = ${:server_dir}/redis.socket
# port = 0 means "don't listen on TCP at all" - listen only on unix socket
ipv6 = ::1
port = 0
server_bin = {{ redis_bin }}
depend =
${logrotate-entry-redis:recipe}
[logrotate-entry-redis]
<= logrotate-entry-base
name = redis
log = ${nc-directory:redis-log}/*.log
frequency = daily
rotate-num = 30
[instance-parameter]
nextcloud = ${:document-root}
admin-user = admin
admin-password = admin
trusted-domain-list =
[${apache-php-configuration:ip}]:${apache-php-configuration:port}
${slap-parameter:instance.trusted-domain-1}
${slap-parameter:instance.trusted-domain-2}
trusted-proxy-list = ${slap-parameter:instance.trusted-proxy-list}
cli-url = ${slap-parameter:instance.cli-url}
data-dir = ${nc-directory:data}
redis-socket = ${service-redis:unixsocket}
#php.ini parameters
php.memory_limit = 512M
php.date.timezone = Europe/Paris
php.upload_max_filesize = 10240M
php.post_max_size = 10240M
php.session.cookie_secure = True
php.max_execution_time = 1800
php.max_input_time = 3600
php.output_buffering = 'Off'
php.max_file_uploads = 100
#SMTP settings
mail.from = ${slap-parameter:instance.mail-from}
mail.domain = ${slap-parameter:instance.mail-domain}
mail.smtpauthtype = ${slap-parameter:instance.mail-smtpauthtype}
mail.smtpauth = ${slap-parameter:instance.mail-smtpauth}
mail.smtpport = ${slap-parameter:instance.mail-smtpport}
mail.smtphost = ${slap-parameter:instance.mail-smtphost}
mail.smtpname = ${slap-parameter:instance.mail-smtpname}
mail.smtppassword = ${slap-parameter:instance.mail-smtppassword}
# Instance configuration
collabora-url = ${slap-parameter:instance.collabora-url}
stun-server = ${slap-parameter:instance.stun-server}
turn-server = ${slap-parameter:instance.turn-server}
turn-secret = ${slap-parameter:instance.turn-secret}
[nextcloud-install.sh]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_install_sh }}
rendered = ${directory:scripts}/nextcloud-install
context =
section parameter_dict instance-parameter
mode = 744
depends =
${service-redis:recipe}
${nextcloud-cron:recipe}
${nextcloud-optimize:recipe}
${nextcloud-apache-httpd:recipe}
${nextcloud-backup-cron:recipe}
${nextcloud-news-updater:recipe}
[nextcloud-apache-httpd]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_apache_httpd }}
rendered = ${directory:apache.d}/nextcloud.conf
context =
section parameter_dict apache-php-configuration
mode = 744
[nextcloud-cron]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud
frequency = */5 * * * *
command = ${php-bin:wrapper-path} -f ${instance-parameter:nextcloud}/cron.php
[nextcloud-optimize-bin]
recipe = collective.recipe.template
input = inline:#!/bin/bash
{{ redis_cli }} -s ${instance-parameter:redis-socket} <<EOF
FLUSHALL
quit
EOF
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan --all
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan-app-data
exit 0
output = ${directory:bin}/nextcloud-optimize
mode = 744
[nextcloud-backup]
recipe = collective.recipe.template
input = inline:#!/bin/bash
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ app:list --output json > ${nc-directory:backup}/app-list.json
cp -r ${instance-parameter:nextcloud}/config ${nc-directory:backup}
exit 0
output = ${directory:bin}/nextcloud-backup
mode = 744
[nextcloud-backup-cron]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud-backup
frequency = 0 0 * * * *
command = ${nextcloud-backup:output}
[nextcloud-optimize]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud-optimize
frequency = 5 1 * * *
command = ${nextcloud-optimize-bin:output}
[nextcloud-news-updater]
recipe = collective.recipe.template
input = inline:#!/bin/sh
cd {{ news_updater_location }}
export PATH={{ php_location }}/bin:$PATH
{{ python3_location}}/bin/python3 -m nextcloud_news_updater --phpini ${php.ini-conf:rendered} \
--interval 300 --mode endless --loglevel info ${instance-parameter:nextcloud}
output = ${directory:scripts}/nextcloud-news-updater
mode = 744
[php-bin]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/php
command-line = ${instance-parameter:php-bin} -c ${php.ini-conf:rendered}
[publish-connection-information]
admin-user = ${instance-parameter:admin-user}
admin-password = ${instance-parameter:admin-password}
[slap-parameter]
instance.mail-from = Nextcloud
instance.mail-domain = nextcloud@example.com
instance.mail-smtpauthtype = LOGIN
instance.mail-smtpauth = 1
instance.mail-smtpport = 587
instance.mail-smtphost =
instance.mail-smtpname =
instance.mail-smtppassword =
instance.collabora-url = https://collabora.host.vifib.net/
instance.stun-server = turn.vifib.com:5349
instance.turn-server =
instance.turn-secret =
instance.cli-url = ${apache-php-configuration:url}
instance.trusted-domain-1 =
instance.trusted-domain-2 =
instance.trusted-proxy-list =
\ No newline at end of file
{
"name": "Output Parameters",
"properties": {
"backend-url": {
"title": "Backend URL",
"description": "URL used to connect directly to backend without frontend. Requires IPv6.",
"type": "string",
"format": "uri",
"require": true
},
"url": {
"title": "URL",
"description": "URL used to connect to the service.",
"type": "string",
"format": "uri",
"require": false
}
}
}
[buildout]
extends =
../../component/redis/buildout.cfg
../../component/python3/buildout.cfg
../../stack/lamp/buildout.cfg
[nc-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[application]
url = https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2
md5sum = d81902d2dec5d547779bec6336a438be
[template-nextcloud-install.sh]
<= nc-download-base
filename = nextcloud-install.sh.in
md5sum = a2281f86f6a26a8ff40a57a495505977
[template-apache-httpd]
<= nc-download-base
filename = apache-httpd.conf.in
md5sum = f3bca64bf991526fd8221035a86aacbf
[template-nextcloud-instance]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/nextcloud-instance.cfg.in
rendered = ${buildout:directory}/instance-nextcloud.cfg
extensions = jinja2.ext.do
md5sum = 0dd3eea61be79135810b0c2286c520b5
context =
key gzip_location gzip:location
key python3_location python3.6.6:location
key news_updater_location news-updater:location
key php_location apache-php:location
raw redis_bin ${redis:location}/bin/redis-server
raw redis_cli ${redis:location}/bin/redis-cli
raw nextcloud_install_sh ${template-nextcloud-install.sh:location}/${template-nextcloud-install.sh:filename}
raw nextcloud_apache_httpd ${template-apache-httpd:location}/${template-apache-httpd:filename}
[custom-application-deployment]
path = ${template-nextcloud-instance:rendered}
part-list = nextcloud-install.sh
[news-updater]
recipe = hexagonit.recipe.download
url = https://github.com/nextcloud/news-updater/archive/10.0.1.tar.gz
md5sum = 37387199c0482e08d01e9294cd95eaad
strip-top-level-dir = true
\ No newline at end of file
{
"name": "Nextcloud",
"description": "Nextcloud",
"serialisation": "xml",
"software-type": {
"default": {
"title": "Default",
"description": "Instance Nextcloud",
"request": "nextcloud-input-schema.json",
"response": "nextcloud-output-schema.json",
"index": 0
}
}
}
Tests for Nextcloud Software Release
\ No newline at end of file
##############################################################################
#
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from setuptools import setup, find_packages
import glob
import os
version = '0.0.1.dev0'
name = 'slapos.test.nextcloud'
long_description = open("README.md").read()
setup(name=name,
version=version,
description="Test for Nextcloud Software Release",
long_description=long_description,
long_description_content_type='text/markdown',
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
packages=find_packages(),
install_requires=[
'slapos.core',
'slapos.libnetworkcache',
'erp5.util',
'supervisor',
'psutil',
],
zip_safe=True,
test_suite='test',
)
\ No newline at end of file
This diff is collapsed.
This diff is collapsed.
# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
# The only allowed lines here are (regexes):
# - "^#" comments, copied verbatim
# - "^[" section beginings, copied verbatim
# - lines containing an "=" sign which must fit in the following categorie.
# - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
# Copied verbatim.
# - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
# by the re-generation script.
# Re-generated.
# - other lines are copied verbatim
# Substitution (${...:...}), extension ([buildout] extends = ...) and
# section inheritance (< = ...) are NOT supported (but you should really
# not need these here).
[instance]
filename = instance.cfg.in
md5sum = e4e96f0f08b8de6807a24f43fce34b40
[template-runTestSuite]
filename = runTestSuite.in
md5sum = 28fb6c00c7568a6349e9ff1a9b09fc53
\ No newline at end of file
[buildout]
parts =
runTestSuite-instance
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = false
[directory]
recipe = slapos.cookbook:mkdirectory
bin = $${buildout:directory}/bin
#################################
# Test runner
#################################
[runTestSuite-instance]
recipe = slapos.recipe.template
url = ${template-runTestSuite:output}
output = $${directory:bin}/runTestSuite
buildout-directory = $${buildout:directory}
mode = 0700
\ No newline at end of file
#!${buildout:directory}/bin/${eggs:interpreter}
# BEWARE: This file is operated by slapgrid
# BEWARE: It will be overwritten automatically
"""
Script to run Cython test suite using Nexedi's test node framework.
"""
import argparse, os, re, shutil, subprocess, sys, traceback
from erp5.util import taskdistribution
from time import gmtime, strftime
from subprocess import check_output
import importlib
import datetime
def main():
parser = argparse.ArgumentParser(description='Run a test suite.')
parser.add_argument('--test_suite', help='The test suite name')
parser.add_argument('--test_suite_title', help='The test suite title')
parser.add_argument('--test_node_title', help='The test node title')
parser.add_argument('--project_title', help='The project title')
parser.add_argument('--revision', help='The revision to test',
default='dummy_revision')
parser.add_argument('--node_quantity', help='ignored', type=int)
parser.add_argument('--master_url',
help='The Url of Master controling many suites')
parser.add_argument('--frontend_url',
help='The url of frontend of the test suite')
args = parser.parse_args()
is_browser_running = False
try:
test_suite_title = args.test_suite_title or args.test_suite
test_suite = args.test_suite
revision = args.revision
test_line_dict = {}
date = strftime("%Y/%m/%d %H:%M:%S", gmtime())
##########################
# Run all tests
##########################
path_var = os.pathsep.join([os.environ.get('PATH', os.defpath), '${python3.7:location}/bin', '${geckodriver:location}', '${firefox-wrapper:location}'])
env = dict(os.environ, PATH=path_var)
test_list = ['test_common', ]
failed = 0
result_string = None
duration = 0
test_line_dict = {}
for test_name in test_list:
failed = 0
result_string = None
duration = 0
try:
dir = '${pyodide:location}' + '-script-test'
print(os.path.isdir(dir))
print(os.path.isdir('${pyodide:location}'))
print(os.path.isdir(dir + '/test'))
print(path_var)
print(env)
result_string = check_output(['pytest', '--timeout=5', './test/test_common.py'],
cwd=dir,
env=env) # temporary solution for not block by xfailed tests too long
except OSError, e:
print("We get an OSError here")
result_string = str(e.strerror)
except Exception, e: # except CalledProcessError, e:
print("We get a generic error:")
print(e)
result_string = str(e.output)
print('${pyodide:location}')
print(result_string)
test_result_content = result_string.split('\n')
print('---------------------')
print('---------------------')
print('---------------------')
test_result_statistic_line = test_result_content[-2]
print(test_result_statistic_line)
# use magic code, something like
# === 21 passed, 1 warnings, 42 error in 130.43 seconds ===
test_result_statistic = test_result_statistic_line.split(' ')
print(test_result_statistic)
duration = test_result_statistic[-3]
failed = int(test_result_statistic[5])
stdout = result_string
test_line_dict['%s: %s' % ('Pyodide test', test_name)] = {
'test_count': int(test_result_statistic[1]),
'error_count': 0,
'failure_count': failed,
'skip_count': 0,
'duration': float(duration),
'command': '',
'stdout': stdout,
'stderr': '',
'html_test_result': '',
}
# Send results
tool = taskdistribution.TaskDistributor(portal_url=args.master_url)
test_result = tool.createTestResult(revision = revision,
test_name_list = test_line_dict.keys(),
node_title = args.test_node_title,
test_title = test_suite_title,
project_title = args.project_title)
if test_result is None or not hasattr(args, 'master_url'):
return
# report test results
while 1:
test_result_line = test_result.start()
if not test_result_line:
print 'No test result anymore.'
break
print 'Submitting: "%s"' % test_result_line.name
print test_line_dict
# report status back to Nexedi ERP5
test_result_line.stop(**test_line_dict[test_result_line.name])
except:
# Catch any exception here, to warn user instead of being silent,
# by generating fake error result
print traceback.format_exc()
result = dict(status_code=-1,
command='pytest test_common.py',
stderr=traceback.format_exc(),
stdout='')
# XXX: inform test node master of error
raise EnvironmentError(result)
if __name__ == "__main__":
main()
\ No newline at end of file
[buildout]
extends =
../../stack/slapos.cfg
../../component/git/buildout.cfg
../../component/pyodide/buildout.cfg
../../component/firefox/buildout.cfg
../../component/chromium/buildout.cfg
../../component/chromedriver/buildout.cfg
./buildout.hash.cfg
parts =
slapos-cookbook
git
instance
chromedriver
chromium
pyodide
template-runTestSuite
[eggs]
recipe = zc.recipe.egg
eggs =
erp5.util
interpreter = pythonwitheggs
[macro-template]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[instance]
<= macro-template
output = ${buildout:directory}/instance.cfg
[template-runTestSuite]
<= macro-template
output = ${buildout:directory}/runTestSuite.in
[versions]
slapos.recipe.template = 4.3
\ No newline at end of file
...@@ -103,7 +103,7 @@ LoadModule headers_module modules/mod_headers.so ...@@ -103,7 +103,7 @@ LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so LoadModule filter_module modules/mod_filter.so
AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype AddOutputFilterByType DEFLATE text/cache-manifest text/html text/plain text/css application/hal+json application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf application/font-woff application/font-woff2 application/x-font-opentype application/wasm
PidFile "{{ parameter_dict['pid-file'] }}" PidFile "{{ parameter_dict['pid-file'] }}"
ServerAdmin admin@ ServerAdmin admin@
......
...@@ -22,4 +22,4 @@ md5sum = b7504fcbd8eaecb91709abbcb5bcabe8 ...@@ -22,4 +22,4 @@ md5sum = b7504fcbd8eaecb91709abbcb5bcabe8
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = c16342bd6af60296aa4325677f5827c4 md5sum = aff99c44ccf16eaa2ca25430d76d3bd6
...@@ -15,4 +15,4 @@ ...@@ -15,4 +15,4 @@
[template] [template]
filename = instance.cfg filename = instance.cfg
md5sum = 8b3d678de7fd5333793bc3f4c770b53d md5sum = 6e4bde9074cdc508df513e31653e7def
...@@ -28,7 +28,7 @@ bin = $${buildout:directory}/bin ...@@ -28,7 +28,7 @@ bin = $${buildout:directory}/bin
working-dir = $${buildout:directory}/tmp working-dir = $${buildout:directory}/tmp
[test-list] [test-list]
path_list = ${slapos.test.caddy-frontend-setup:setup},${slapos.test.erp5-setup:setup},${slapos.test.slapos-master-setup:setup},${slapos.test.kvm-setup:setup},${slapos.test.monitor-setup:setup},${slapos.test.plantuml-setup:setup},${slapos.test.powerdns-setup:setup},${slapos.test.proftpd-setup:setup},${slapos.test.re6stnet-setup:setup},${slapos.test.seleniumserver-setup:setup},${slapos.test.slaprunner-setup:setup},${slapos.test.helloworld-setup:setup},${slapos.test.jupyter-setup:setup} path_list = ${slapos.test.caddy-frontend-setup:setup},${slapos.test.erp5-setup:setup},${slapos.test.slapos-master-setup:setup},${slapos.test.kvm-setup:setup},${slapos.test.monitor-setup:setup},${slapos.test.plantuml-setup:setup},${slapos.test.powerdns-setup:setup},${slapos.test.proftpd-setup:setup},${slapos.test.re6stnet-setup:setup},${slapos.test.seleniumserver-setup:setup},${slapos.test.slaprunner-setup:setup},${slapos.test.helloworld-setup:setup},${slapos.test.jupyter-setup:setup},${slapos.test.nextcloud-setup:setup}
[slapos-test-runner] [slapos-test-runner]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
......
...@@ -87,6 +87,11 @@ setup = ${slapos-repository:location}/software/helloworld/test/ ...@@ -87,6 +87,11 @@ setup = ${slapos-repository:location}/software/helloworld/test/
egg = slapos.test.jupyter egg = slapos.test.jupyter
setup = ${slapos-repository:location}/software/jupyter/test/ setup = ${slapos-repository:location}/software/jupyter/test/
[slapos.test.nextcloud-setup]
<= setup-develop-egg
egg = slapos.test.nextcloud
setup = ${slapos-repository:location}/software/nextcloud/test/
[eggs] [eggs]
recipe = zc.recipe.egg recipe = zc.recipe.egg
eggs = eggs =
...@@ -109,6 +114,7 @@ eggs = ...@@ -109,6 +114,7 @@ eggs =
${slapos.test.seleniumserver-setup:egg} ${slapos.test.seleniumserver-setup:egg}
${slapos.test.slaprunner-setup:egg} ${slapos.test.slaprunner-setup:egg}
${slapos.test.jupyter-setup:egg} ${slapos.test.jupyter-setup:egg}
${slapos.test.nextcloud-setup:egg}
${backports.lzma:egg} ${backports.lzma:egg}
entry-points = entry-points =
......
...@@ -343,6 +343,11 @@ link-binary = ...@@ -343,6 +343,11 @@ link-binary =
[template-haproxy-cfg] [template-haproxy-cfg]
<= download-base <= download-base
[erp5-bin]
<= erp5
repository = https://lab.nexedi.com/nexedi/erp5-bin.git
branch = master
[bt5-repository] [bt5-repository]
# Format: # Format:
# <url or path> [...] # <url or path> [...]
...@@ -354,7 +359,7 @@ list = ${local-bt5-repository:list} ...@@ -354,7 +359,7 @@ list = ${local-bt5-repository:list}
[local-bt5-repository] [local-bt5-repository]
# Same as bt5-repository, but only local repository. # Same as bt5-repository, but only local repository.
# Used to generate bt5lists. # Used to generate bt5lists.
list = ${erp5:location}/bt5 ${erp5:location}/product/ERP5/bootstrap list = ${erp5:location}/bt5 ${erp5:location}/product/ERP5/bootstrap ${erp5-bin:location}/bt5
[genbt5list] [genbt5list]
recipe = plone.recipe.command recipe = plone.recipe.command
...@@ -365,7 +370,7 @@ command = ...@@ -365,7 +370,7 @@ command =
update-command = ${:command} update-command = ${:command}
[erp5_repository_list] [erp5_repository_list]
repository_id_list = erp5 repository_id_list = erp5 erp5-bin
# ERP5 defaults, which can be overridden in inheriting recipes (e.g. wendelin) # ERP5 defaults, which can be overridden in inheriting recipes (e.g. wendelin)
[erp5-defaults] [erp5-defaults]
......
...@@ -26,7 +26,7 @@ md5sum = d95e8500bdc72d1f40b97cc414656e7e ...@@ -26,7 +26,7 @@ md5sum = d95e8500bdc72d1f40b97cc414656e7e
[template-mariadb] [template-mariadb]
filename = instance-mariadb.cfg.in filename = instance-mariadb.cfg.in
md5sum = 14ae385a0fc5c0b4e03466eb786a451a md5sum = 9df786692c61bd8d3a6f4e7ed15f272f
[template-kumofs] [template-kumofs]
filename = instance-kumofs.cfg.in filename = instance-kumofs.cfg.in
...@@ -42,7 +42,7 @@ md5sum = d32417746fcf671d4e86a70379815039 ...@@ -42,7 +42,7 @@ md5sum = d32417746fcf671d4e86a70379815039
[template-my-cnf] [template-my-cnf]
filename = my.cnf.in filename = my.cnf.in
md5sum = 7a882ff275f723fdf30869cb7f1b90d3 md5sum = 5a6f337117ba8b72d7fe3b7a9f26f5f6
[template-mariadb-initial-setup] [template-mariadb-initial-setup]
filename = mariadb_initial_setup.sql.in filename = mariadb_initial_setup.sql.in
...@@ -78,7 +78,7 @@ md5sum = d41d8cd98f00b204e9800998ecf8427e ...@@ -78,7 +78,7 @@ md5sum = d41d8cd98f00b204e9800998ecf8427e
[template-erp5] [template-erp5]
filename = instance-erp5.cfg.in filename = instance-erp5.cfg.in
md5sum = fdecf814ba21b519612317061c2bd097 md5sum = 7dd00dedef4cc4320ec6977a7e2dc110
[template-zeo] [template-zeo]
filename = instance-zeo.cfg.in filename = instance-zeo.cfg.in
......
...@@ -22,6 +22,14 @@ ...@@ -22,6 +22,14 @@
{% set monitor_base_url_dict = {} -%} {% set monitor_base_url_dict = {} -%}
{% set monitor_dict = slapparameter_dict.get('monitor', {}) %} {% set monitor_dict = slapparameter_dict.get('monitor', {}) %}
{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%} {% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
{% set partition_thread_count_list = [] -%}
{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
{% for zope_parameter_dict in zope_partition_dict.values() -%}
{# Apply some zope_parameter_dict default values, to avoid duplication. -#}
{% do zope_parameter_dict.setdefault('thread-amount', 4) -%}
{% do zope_parameter_dict.setdefault('instance-count', 1) -%}
{% do partition_thread_count_list.append(zope_parameter_dict['thread-amount'] * zope_parameter_dict['instance-count']) -%}
{% endfor -%}
[request-common] [request-common]
<= request-common-base <= request-common-base
config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }} config-use-ipv6 = {{ dumps(slapparameter_dict.get('use-ipv6', False)) }}
...@@ -94,7 +102,28 @@ backup-caucased = ${:srv}/backup/caucased ...@@ -94,7 +102,28 @@ backup-caucased = ${:srv}/backup/caucased
{{ request('memcached-persistent', 'kumofs', 'kumofs', {'tcpv4-port': 2000}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {{ request('memcached-persistent', 'kumofs', 'kumofs', {'tcpv4-port': 2000}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {{ request('memcached-volatile', 'kumofs', 'memcached', {'tcpv4-port': 2010, 'ram-storage-size': 64}, {'url': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{{ request('mariadb', 'mariadb', 'mariadb', {'tcpv4-port': 2099, 'max-slowqueries-threshold': monitor_dict.get('max-slowqueries-threshold', 1000), 'slowest-query-threshold': monitor_dict.get('slowest-query-threshold', ''), 'test-database-amount': test_runner_total_database_count}, {'database-list': True, 'test-database-list': True, 'monitor-base-url': False}, key_config={'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {# Notes on max-connection-count: On a standard ERP5, each transaction
can have 4 connections to mariadb: activities, catalog, deferred and
transactionless. Count 5 to have some headroom. Multiply by the total
number of zope threads for all processes from all partitions to get the
expected number of connections. Add 50 for have some more zope-independent
headroom (automated probes, replication, ...).
-#}
{{ request('mariadb', 'mariadb', 'mariadb',
{
'tcpv4-port': 2099,
'max-slowqueries-threshold': monitor_dict.get('max-slowqueries-threshold', 1000),
'slowest-query-threshold': monitor_dict.get('slowest-query-threshold', ''),
'test-database-amount': test_runner_total_database_count,
'max-connection-count': sum(partition_thread_count_list) * 5 + 50,
},
{
'database-list': True,
'test-database-list': True,
'monitor-base-url': False,
},
key_config={'monitor-passwd': 'monitor-htpasswd:passwd'},
) }}
{% if has_posftix -%} {% if has_posftix -%}
{{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password', 'monitor-passwd': 'monitor-htpasswd:passwd'}) }} {{ request('smtp', 'postfix', 'smtp', {'tcpv4-port': 2025, 'smtpd-sasl-user': 'erp5@nowhere'}, key_config={'smtpd-sasl-password': 'publish-early:smtpd-sasl-password', 'monitor-passwd': 'monitor-htpasswd:passwd'}) }}
{%- else %} {%- else %}
...@@ -136,7 +165,6 @@ connection-url = smtp://127.0.0.2:0/ ...@@ -136,7 +165,6 @@ connection-url = smtp://127.0.0.2:0/
{% endfor -%} {% endfor -%}
{% set zope_partition_dict = slapparameter_dict.get('zope-partition-dict', {'1': {}}) -%}
{% set zope_address_list_id_dict = {} -%} {% set zope_address_list_id_dict = {} -%}
{% if zope_partition_dict -%} {% if zope_partition_dict -%}
...@@ -218,9 +246,9 @@ name = {{ partition_name }} ...@@ -218,9 +246,9 @@ name = {{ partition_name }}
{% do monitor_base_url_dict.__setitem__(section_name, '${' ~ section_name ~ ':connection-monitor-base-url}') -%} {% do monitor_base_url_dict.__setitem__(section_name, '${' ~ section_name ~ ':connection-monitor-base-url}') -%}
{{ root_common.sla(partition_name) }} {{ root_common.sla(partition_name) }}
config-name = {{ dumps(custom_name) }} config-name = {{ dumps(custom_name) }}
config-instance-count = {{ dumps(zope_parameter_dict.get('instance-count', 1)) }} config-instance-count = {{ dumps(zope_parameter_dict['instance-count']) }}
config-private-dev-shm = {{ zope_parameter_dict.get('private-dev-shm', '') }} config-private-dev-shm = {{ zope_parameter_dict.get('private-dev-shm', '') }}
config-thread-amount = {{ dumps(zope_parameter_dict.get('thread-amount', 4)) }} config-thread-amount = {{ dumps(zope_parameter_dict['thread-amount']) }}
config-timerserver-interval = {{ dumps(zope_parameter_dict.get('timerserver-interval', 5)) }} config-timerserver-interval = {{ dumps(zope_parameter_dict.get('timerserver-interval', 5)) }}
config-longrequest-logger-interval = {{ dumps(zope_parameter_dict.get('longrequest-logger-interval', -1)) }} config-longrequest-logger-interval = {{ dumps(zope_parameter_dict.get('longrequest-logger-interval', -1)) }}
config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longrequest-logger-timeout', 1)) }} config-longrequest-logger-timeout = {{ dumps(zope_parameter_dict.get('longrequest-logger-timeout', 1)) }}
......
...@@ -133,6 +133,7 @@ pid-file = ${directory:run}/mariadb.pid ...@@ -133,6 +133,7 @@ pid-file = ${directory:run}/mariadb.pid
error-log = ${directory:log}/mariadb_error.log error-log = ${directory:log}/mariadb_error.log
slow-query-log = ${directory:log}/mariadb_slowquery.log slow-query-log = ${directory:log}/mariadb_slowquery.log
long-query-time = {{ dumps(slapparameter_dict.get('long-query-time', 1)) }} long-query-time = {{ dumps(slapparameter_dict.get('long-query-time', 1)) }}
max-connection-count = {{ dumps(slapparameter_dict.get('max-connection-count', 1000)) }}
innodb-buffer-pool-size = {{ dumps(slapparameter_dict.get('innodb-buffer-pool-size', 0)) }} innodb-buffer-pool-size = {{ dumps(slapparameter_dict.get('innodb-buffer-pool-size', 0)) }}
innodb-buffer-pool-instances = {{ dumps(slapparameter_dict.get('innodb-buffer-pool-instances', 0)) }} innodb-buffer-pool-instances = {{ dumps(slapparameter_dict.get('innodb-buffer-pool-instances', 0)) }}
innodb-log-file-size = {{ dumps(slapparameter_dict.get('innodb-log-file-size', 0)) }} innodb-log-file-size = {{ dumps(slapparameter_dict.get('innodb-log-file-size', 0)) }}
......
...@@ -31,9 +31,7 @@ innodb_file_per_table = {{ parameter_dict['innodb-file-per-table'] }} ...@@ -31,9 +31,7 @@ innodb_file_per_table = {{ parameter_dict['innodb-file-per-table'] }}
plugin_load = ha_mroonga plugin_load = ha_mroonga
# By default only 100 connections are allowed, when using zeo max_connections = {{ parameter_dict['max-connection-count'] }}
# we may have much more connections
max_connections = 1000
{% set innodb_buffer_pool_size = parameter_dict['innodb-buffer-pool-size'] -%} {% set innodb_buffer_pool_size = parameter_dict['innodb-buffer-pool-size'] -%}
{% if innodb_buffer_pool_size %}innodb_buffer_pool_size = {{ innodb_buffer_pool_size }}{% endif %} {% if innodb_buffer_pool_size %}innodb_buffer_pool_size = {{ innodb_buffer_pool_size }}{% endif %}
......
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "{{ parameter_dict['pid-file'] }}"
Listen {{ parameter_dict['ip'] }}:{{ parameter_dict['port'] }}
PHPINIDir {{ parameter_dict['php-ini-dir'] }}
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "{{ parameter_dict['error-log'] }}"
LogLevel warn
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog "{{ parameter_dict['access-log'] }}" common
# SSL Configuration
SSLCertificateFile {{ parameter_dict.get('cert-file') }}
SSLCertificateKeyFile {{ parameter_dict.get('key-file') }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLEngine On
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
DirectoryIndex index.html index.php
Include {{ parameter_dict['apache-config-dir'] }}/*.conf
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so
LoadModule php7_module modules/libphp7.so
# This file is responsible of three things:
# 1/ Act as "Apache exporter"
# 2/ Act as "Mariadb backup infrastructure requester"
# 3/ Act as "Apache" instance
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
extends = {{templateapache}}
{{templatepbsreadyexport}}
parts +=
{{ parts.replicate("mariadb", "3") }}
# Repeating parts from instance-apache-php.
# XXX-Cedric: how to simplify this?
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
{{ replicated.replicate("mariadb", "3", "mariadb-export", "mariadb-import") }}
# Nothing to do for the exporter. This wrapper is intended
# to produce the "dump" files that have to be backed up.
# So, in case of binary DB data, we would back up the ASCII dump
# files, or a similar data format that can be restored on any machine
# (i.e. postgres 'custom')
# In the case of an httpd instance, the src/www directory can be directly
# pulled from the PBS, we don't need to prepare anything.
[exporter]
wrapper = /bin/true
# State that we want to backup srv/www directory, not srv/backup.
# XXX-Cedric: works well, but doesn't work with big data.
[rdiff-backup-server]
path = ${directory:www}
# Add "exporter" parameters to list of published connection parameters
[publish-connection-information]
# XXX-Cedric: Long term goal: could be a recipe that requests an instance and
# bubbles ALL
# parameters of the requested instance. Requirement: aggregated publish.
<= resilient-publish-connection-parameter
# XXX-Cedric: resilient overwrites what's returned from request-mariadb
# XXX-Cedric: change the request method to return everything from
# getConnectionParameterDict()
[request-mariadb]
return = ssh-public-key ssh-url notification-id ip url
[buildout]
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
extends = ${pbsready-import:output}
[directory]
srv = $${buildout:directory}/srv
www = $${:srv}/www/
# Nothing to do for the import. Just dummy part that does nothing.
# For httpd instance, PBS will directly push data to srv/www.
# XXX-Cedric: write a real backup system.
[importer]
wrapper = /bin/true
# State that we want to push to srv/www directory, not srv/backup.
[rdiff-backup-server]
path = $${directory:www}
[buildout]
extends = ${custom-application-deployment:path}
parts =
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
${custom-application-deployment:part-list}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
scripts = $${rootdirectory:etc}/run
run = $${rootdirectory:var}/run
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
httpd-log = $${basedirectory:log}/apache
php-ini-dir = $${rootdirectory:etc}/php
tmp-php = $${rootdirectory:tmp}/php
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
www = $${rootdirectory:srv}/www/
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests
private = $${directory:ca-dir}/private
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts
crl = $${directory:ca-dir}/crl
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
client = true
stunnel-binary = ${stunnel:location}/bin/stunnel
remote-host = $${mariadb-urlparse:host}
remote-port = $${mariadb-urlparse:port}
local-host = $${slap-network-information:local-ipv4}
local-port = 3306
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
wrapper = $${rootdirectory:bin}/raw_stunnel
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Request MariaDB instance and parse its URL.
[request-mariadb]
<= slap-connection
recipe = slapos.cookbook:request
name = MariaDB
software-url = $${slap-connection:software-release-url}
software-type = mariadb
return = url
sla-computer_guid = $${slap-connection:computer-id}
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = $${request-mariadb:connection-url}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = $${slap-network-information:global-ipv6}
listening-port = 8080
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php]
recipe = slapos.cookbook:apachephp
source = ${application:location}
template = ${application-template:location}/${application-template:filename}
configuration = ${application-configuration:location}
htdocs = $${directory:www}
pid-file = $${basedirectory:run}/apache.pid
lock-file = $${basedirectory:run}/apache.lock
ip = $${apache-network-configuration:listening-ip}
port = $${apache-network-configuration:listening-port}
url = http://[$${:ip}]:$${:port}/
error-log = $${directory:httpd-log}/error.log
access-log = $${directory:httpd-log}/access.log
php-ini-dir = $${directory:php-ini-dir}
tmp-dir = $${directory:tmp-php}
httpd-conf = $${rootdirectory:etc}/apache.conf
wrapper = $${basedirectory:services}/apache
httpd-binary = ${apache:location}/bin/httpd
mysql-username = $${mariadb-urlparse:username}
mysql-password = $${mariadb-urlparse:password}
mysql-database = $${mariadb-urlparse:path}
mysql-host = $${stunnel:local-host}
mysql-port = $${stunnel:local-port}
[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache-php:error-log} $${apache-php:access-log}
frequency = daily
rotate-num = 30
sharedscripts = true
notifempty = true
create = true
#----------------
#--
#-- Request frontend.
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = http://[$${apache-network-configuration:listening-ip}]:$${apache-network-configuration:listening-port}/
return = site_url
config-custom_domain = $${slap-parameter:domain}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = $${apache-php:url}
url = $${request-frontend:connection-site_url}
#----------------
#--
#-- Deploy promises scripts.
[promise]
recipe = slapos.cookbook:check_port_listening
path = $${basedirectory:promises}/apache
hostname = $${apache-php:ip}
port = $${apache-php:port}
[frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${basedirectory:promises}/frontend
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[content-promise]
recipe = slapos.cookbook:check_page_content
path = $${basedirectory:promises}/content
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[slap-parameter]
# Default value if no domain is specified
domain =
# Default value if no ssh parameter is specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
...@@ -5,25 +5,18 @@ ignore-existing = true ...@@ -5,25 +5,18 @@ ignore-existing = true
parts = parts =
slapos-cookbook slapos-cookbook
apache-php apache-php
php-redis
php-imagick
php-apcu
mariadb mariadb
mydumper mroonga-mariadb
python-mysqlclient
rdiff-backup
dropbear dropbear
eggs eggs
instance instance
instance-apache-php instance-apache-php
instance-mariadb template-mariadb
instance-lamp
#Contains the importer and exporter recipes for mariadb
instance-mariadb-import
instance-mariadb-export
#Contains the importer and exporter recipes for apache
instance-apache-import
instance-apache-export
extends = extends =
../../component/apache-php/buildout.cfg ../../component/apache-php/buildout.cfg
...@@ -31,25 +24,30 @@ extends = ...@@ -31,25 +24,30 @@ extends =
../../component/curl/buildout.cfg ../../component/curl/buildout.cfg
../../component/dash/buildout.cfg ../../component/dash/buildout.cfg
../../component/dash/buildout.cfg ../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dropbear/buildout.cfg ../../component/dropbear/buildout.cfg
../../component/git/buildout.cfg ../../component/git/buildout.cfg
../../component/glib/buildout.cfg ../../component/glib/buildout.cfg
../../component/gzip/buildout.cfg ../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/lxml-python/buildout.cfg ../../component/lxml-python/buildout.cfg
../../component/mariadb/buildout.cfg ../../component/mariadb/buildout.cfg
../../component/mydumper/buildout.cfg
../../component/python-mysqlclient/buildout.cfg
../../component/perl/buildout.cfg ../../component/perl/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/sqlite3/buildout.cfg ../../component/sqlite3/buildout.cfg
../../component/stunnel/buildout.cfg ../../component/stunnel/buildout.cfg
../../component/zlib/buildout.cfg ../../component/zlib/buildout.cfg
../logrotate/buildout.cfg
../resilient/buildout.cfg ../resilient/buildout.cfg
../erp5/buildout.cfg
../slapos.cfg ../slapos.cfg
[template-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[mariadb] [mariadb]
# Compile dir is for plugins, there's no plugin in LAMP # Compile dir is for plugins, there's no plugin in LAMP
keep-compile-dir = false keep-compile-dir = false
...@@ -60,84 +58,6 @@ ignore-existing = true ...@@ -60,84 +58,6 @@ ignore-existing = true
# If the provided tarball does not contain top directory, this option should be changed to false # If the provided tarball does not contain top directory, this option should be changed to false
strip-top-level-dir = true strip-top-level-dir = true
#----------------
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[instance-apache-php]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-php.cfg.in
output = ${buildout:directory}/instance-apache-php.cfg
md5sum = 5800e365e200240e33defea9561c0b23
mode = 0644
[instance-apache-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-import.cfg.in
output = ${buildout:directory}/instance-apache-import.cfg
md5sum = f1dc2a71d362b5d2d36481ffefdd2293
mode = 0644
[instance-apache-export]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/apache/instance-apache-export.cfg.jinja2
rendered = ${buildout:directory}/instance-apache-export.cfg
extensions = jinja2.ext.do
context = key templateapache instance-apache-php:output
key templatepbsreadyexport pbsready-export:output
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = 00068d0f68a9e1eb5a6e89e73a3dc399
mode = 0644
[instance-resilient]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
rendered = ${buildout:directory}/instance-resilient.cfg
extensions = jinja2.ext.do
context = key buildout buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = f171782b98c1143d44ec2a35d8259254
mode = 0644
[instance-mariadb]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb.cfg.in
output = ${buildout:directory}/instance-mariadb.cfg
md5sum = 1d3022164dd70efe374a179ef319e0eb
mode = 0644
[instance-mariadb-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-import.cfg.in
output = ${buildout:directory}/instance-mariadb-import.cfg
md5sum = faf5826f4b27e362f34ad17db54b8c9a
mode = 0644
[instance-mariadb-export]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-export.cfg.in
output = ${buildout:directory}/instance-mariadb-export.cfg
md5sum = d17228a2708cbb39dc00945a93e0740d
mode = 0644
#---------------- #----------------
#-- #--
#-- Optional part allowing applications using this stack to run a custom #-- Optional part allowing applications using this stack to run a custom
...@@ -152,57 +72,83 @@ path = ...@@ -152,57 +72,83 @@ path =
part-list = part-list =
#---------------- #----------------
#-- Dummy parts in case no application configuration file is needed #-- Instance-level buildout profiles.
[application-template]
filename =
location =
[application-configuration]
location =
[instance]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/instance.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = 7c47a85e310674e451db778d9e4383a6
mode = 0644
context =
key application_location application:location
key application_deployment_part_list custom-application-deployment:part-list
key apache_location apache:location
key apache_php_location apache-php:location
key bash_location bash:location
key bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key buildout_egg_directory buildout:eggs-directory
key buildout_develop_directory buildout:develop-eggs-directory
key buildout_directory buildout:directory
key dash_location dash:location
key findutils_location findutils:location
key logrotate_location logrotate:location
key logrotate_cfg template-logrotate-base:rendered
key gzip_location gzip:location
key stunnel_location stunnel:location
key template_monitor monitor2-template:rendered
key mariadb_link_binary template-mariadb:link-binary
key mariadb_location mariadb:location
key mariadb_resiliency_after_import_script mariadb-resiliency-after-import-script:target
key mariadb_slow_query_report_script mariadb-slow-query-report-script:target
key mariadb_start_clone_from_backup mariadb-start-clone-from-backup:target
key percona_toolkit_location percona-toolkit:location
key template_php_ini template-php.ini:output
key template_apache_conf template-apache.conf:output
key template_apache_php instance-apache-php:output
key template_lamp instance-lamp:output
key template_mariadb template-mariadb:target
key template_mariadb_initial_setup template-mariadb-initial-setup:target
key template_my_cnf template-my-cnf:target
key unixodbc_location unixodbc:location
key openssl_location openssl:location
key custom_application_template custom-application-deployment:path
[custom-application-deployment] [instance-apache-php]
# Optional part allowing applications using this stack to run a custom <= template-download-base
# instance.cfg at the end of Apache/PHP instance deployment. filename = instance-apache-php.cfg.in
# To use it in your application, just override those two parameters, like: output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
# path = /path/to/instance-custom.cfg md5sum = 7edcbca22e800f2c90559298c44d5a48
# part-list =
# part1 [instance-lamp]
# part2 <= template-download-base
# See software/tt-rss/software.cfg for an example. filename = instance-lamp.cfg.jinja2.in
path = output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
part-list = md5sum = 2f8b021acc9c7a849641680a249d5a36
[template-apache.conf]
<= template-download-base
filename = apache.conf.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 04080510698732d84122b464fdb08c6a
[template-php.ini]
<= template-download-base
filename = php.ini.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7de35e3f8619324119ff296580d2880f
[erp5]
# lamp stack reuses erp5 stack to have mariadb, but we don't need to checkout erp5 here.
recipe =
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[eggs] [eggs]
recipe = zc.recipe.egg recipe = zc.recipe.egg
eggs = eggs =
${lxml-python:egg} ${lxml-python:egg}
slapos.toolbox[lampconfigure] slapos.toolbox
[versions] [versions]
async = 0.6.1
gitdb = 0.5.4
mysqlclient = 1.3.12
pycrypto = 2.6
rdiff-backup = 1.0.5+SlapOSPatched001
slapos.recipe.template = 2.4.2
slapos.toolbox = 0.40.4
smmap = 0.8.2
# Required by:
# slapos.toolbox==0.40.2
GitPython = 2.0.8
# Required by:
# slapos.toolbox==0.40.2
atomize = 0.1.1
# Required by:
# slapos.toolbox==0.40.2
feedparser = 5.1.3
# Required by:
# slapos.toolbox==0.40.2
paramiko = 2.0.1
[buildout]
extends =
{{ template_monitor }}
{{ logrotate_cfg }}
{{ custom_application_template }}
parts =
monitor-base
certificate-authority
logrotate-entry-apache
promise
php.ini-conf
apache-php-service
publish-connection-information
{{ parameter_dict['application-part-list'] }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
var = ${buildout:directory}/var
srv = ${buildout:directory}/srv
bin = ${buildout:directory}/bin
tmp = ${buildout:directory}/tmp
log = ${:var}/log
services = ${:etc}/service
scripts = ${:etc}/run
run = ${:var}/run
backup = ${:srv}/backup
promises = ${:etc}/promise
plugins = ${:etc}/plugin
httpd-log = ${:log}/apache
php-ini-dir = ${:etc}/php
tmp-php = ${:tmp}/php
upload-tmp = ${:tmp}/upload
www = ${:srv}/www/
apache.d = ${:etc}/apache.d
#----------------
#--
#-- Certificate stuff.
[ca-directory]
recipe = slapos.cookbook:mkdirectory
root = ${directory:srv}/ssl
requests = ${:root}/requests
private = ${:root}/private
certs = ${:root}/certs
newcerts = ${:root}/newcerts
crl = ${:root}/crl
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests}
wrapper = ${directory:bin}/certificate_authority
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}
[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
hash-files = ${buildout:directory}/software_release/buildout.cfg
[ca-apache-php]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${apache-php-configuration:key-file}
cert-file = ${apache-php-configuration:cert-file}
executable = ${apache-php-wrapper:wrapper-path}
wrapper = ${directory:bin}/ca-apache-php
[apache-php-service]
recipe = slapos.cookbook:wrapper
command-line = ${ca-apache-php:wrapper}
wrapper-path = ${directory:services}/apache-php
hash-files = ${buildout:directory}/software_release/buildout.cfg
depends =
${copy-application:recipe}
${apache-graceful:recipe}
[copy-application]
recipe = plone.recipe.command
command = if [ -z "$(ls -A ${directory:www})" ]; then
rm -rf ${directory:www};
cp -ax {{ parameter_dict['application-location'] }}/ ${directory:www};
fi
update-command = ${:command}
stop-on-error = true
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = {{ slapparameter_dict['database-list'][0] }}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = {{ (ipv6 | list)[0] }}
listening-port = 9988
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php-configuration]
document-root = ${directory:www}
pid-file = ${directory:run}/apache.pid
lock-file = ${directory:run}/apache.lock
ip = ${apache-network-configuration:listening-ip}
port = ${apache-network-configuration:listening-port}
url = https://[${:ip}]:${:port}/
error-log = ${directory:httpd-log}/error.log
access-log = ${directory:httpd-log}/access.log
php-ini-dir = ${directory:php-ini-dir}
cert-file = ${ca-directory:certs}/httpd.crt
key-file = ${ca-directory:certs}/httpd.key
apache-config-dir = ${directory:apache.d}
[apache-php-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:etc}/apache.conf
context =
section parameter_dict apache-php-configuration
extensions = jinja2.ext.do
mode = 0644
[apache-php-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/apache-wrapper
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-php-conf:rendered}" -DFOREGROUND
wait-for-files =
${ca-directory:certs}/httpd.crt
${ca-directory:certs}/httpd.key
[apache-graceful]
recipe = collective.recipe.template
output = ${directory:bin}/apache-httpd-graceful
mode = 700
input = inline:
#!/bin/sh
kill -USR1 "$(cat '${apache-php-configuration:pid-file}')"
[logrotate-entry-apache]
<= logrotate-entry-base
name = apache
log = ${apache-php-configuration:error-log} ${apache-php-configuration:access-log}
frequency = daily
rotate-num = 30
[php.ini-configuration]
tmp-dir = ${directory:tmp-php}
php-upload-dir = ${directory:upload-tmp}
[php.ini-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-php-ini'] }}
rendered = ${directory:php-ini-dir}/php.ini
context =
section parameter_dict php.ini-configuration
section instance_dict instance-parameter
extensions = jinja2.ext.do
mode = 0644
[instance-parameter]
db-user = ${mariadb-urlparse:username}
db-password = ${mariadb-urlparse:password}
db-name = ${mariadb-urlparse:path}
db-host = ${mariadb-urlparse:host}
db-port = ${mariadb-urlparse:port}
document-root = ${apache-php-configuration:document-root}
backend-url = ${apache-php-configuration:url}
php-bin = {{ parameter_dict['apache-php-location'] }}/bin/php
php-ini = ${php.ini-conf:rendered}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish.serialised
backend-url = ${apache-php-configuration:url}
#----------------
#--
#-- Deploy promises scripts.
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
<= promise-base
module = check_port_listening
name = apache-httpd-port-listening.py
config-hostname = ${apache-php-configuration:ip}
config-port = ${apache-php-configuration:port}
[slap-parameter]
{% for key, value in slapparameter_dict.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
\ No newline at end of file
{% set publish_dict = {} -%}
{% set part_list = [] -%}
{% set ipv6 = (ipv6 | list)[0] -%}
{% set monitor_base_url_dict = {} -%}
{% set mariadb_dict = {} -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
plugins = ${:etc}/plugin
[request-common]
recipe = slapos.cookbook:request.serialised
software-url = ${slap-connection:software-release-url}
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/$${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[request-apache]
<= request-common
software-type = apache
name = apache-php
sla-computer_guid = {{ dumps(slapparameter_dict.get('apache-computer-guid', '')) }}
{% for key, value in slapparameter_dict.items() -%}
{% if key.startswith('instance.') -%}
config-{{ key }} = {{ dumps(value) }}
{% endif -%}
{% endfor -%}
config-database-list = ${request-mariadb:connection-database-list}
return =
backend-url
monitor-base-url
{% do part_list.append('request-apache') -%}
{% do publish_dict.__setitem__('backend-url', '${request-apache:connection-backend-url}') -%}
{% do monitor_base_url_dict.__setitem__('apache', '${request-apache:connection-monitor-base-url}') -%}
{% do mariadb_dict.__setitem__('database-list', [{'name': 'nextcloud', 'user': 'nextcloud', 'password': 'insecure'}]) -%}
{% do mariadb_dict.__setitem__('test-database-amount', 0) -%}
{% do mariadb_dict.__setitem__('tcpv4-port', 2099) -%}
{% do mariadb_dict.__setitem__('max-slowqueries-threshold', 1000) -%}
{% do mariadb_dict.__setitem__('slowest-query-threshold', '') -%}
{% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
{% do mariadb_dict.__setitem__('monitor-passwd', '${monitor-htpasswd:passwd}') -%}
{% do mariadb_dict.__setitem__('name', 'Mariadb') -%}
{% do mariadb_dict.__setitem__('innodb-file-per-table', slapparameter_dict.get('innodb-file-per-table', 1)) -%}
[request-mariadb]
<= request-common
software-type = mariadb
name = Mariadb
sla-computer_guid = {{ dumps(slapparameter_dict.get('mariadb-computer-guid', '')) }}
{% for key, value in mariadb_dict.items() -%}
config-{{ key }} = {{ dumps(value) }}
{% endfor -%}
return =
database-list
monitor-base-url
{% do part_list.append('request-mariadb') -%}
{% do publish_dict.__setitem__('mariadb-url-list', '${request-mariadb:connection-database-list}') -%}
{% do monitor_base_url_dict.__setitem__('mariadb', '${request-mariadb:connection-monitor-base-url}') -%}
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Instance Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = ${request-apache:connection-backend-url}
config-https-only = true
return = domain secure_access
[lamp-frontend-promise]
<= monitor-promise-base
module = check_url_available
name = lamp-http-frontend.py
url = ${request-frontend:connection-secure_access}
config-url = ${:url}
config-custom-domain = {{ slapparameter_dict.get('custom-domain', '') }}
config-check-secure = 1
{% do publish_dict.__setitem__('url', '${lamp-frontend-promise:url}') -%}
[publish-early]
recipe = slapos.cookbook:publish-early
-init =
monitor-password monitor-htpasswd:passwd
[monitor-instance-parameter]
monitor-httpd-port = 8060
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
username = admin
password = ${monitor-htpasswd:passwd}
[monitor-base-url-dict]
{% for key, value in monitor_base_url_dict.items() -%}
{{ key }} = {{ value }}
{% endfor %}
[monitor-conf-parameters]
[publish-connection-information]
recipe = slapos.cookbook:publish
{% for name, value in publish_dict.items() -%}
{{ name }} = {{ value }}
{% endfor %}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}
monitor-password = ${publish-early:monitor-password}
monitor-user = ${monitor-publish-parameters:monitor-user}
{% do part_list.append('monitor-base') -%}
[buildout]
extends =
{{ template_monitor }}
parts =
publish-connection-information
# Complete parts with sections
{{ part_list | join('\n ') }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
\ No newline at end of file
# vim: set ft=cfg:
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
# += because we need to take up parts (like instance-custom, slapmonitor etc) from the profile we extended
parts +=
{{ parts.replicate("apache", "3") }}
publish-connection-information
{{ replicated.replicate("apache", "3", "apache-export", "apache-import") }}
# Bubble up the parameters
[request-apache]
return = url ssh-public-key ssh-url notification-id ip url backend_url
# XXX: hardcoded values
config-mariadb1-computer-guid = ${slap-parameter:mariadb1-computer-guid}
config-pbs-mariadb1-computer-guid = ${slap-parameter:pbs-mariadb1-computer-guid}
config-mariadb2-computer-guid = ${slap-parameter:mariadb2-computer-guid}
config-pbs-mariadb2-computer-guid = ${slap-parameter:pbs-mariadb2-computer-guid}
config-mariadb3-computer-guid = ${slap-parameter:mariadb3-computer-guid}
config-pbs-mariadb3-computer-guid = ${slap-parameter:pbs-mariadb3-computer-guid}
config-domain = ${slap-parameter:domain}
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = ${request-apache:connection-backend_url}
url = ${request-apache:connection-url}
[slap-parameter]
# Default parameters for distributed deployment
# I.e state "backup1 of maria should go there, ..."
# XXX-Cedric: Hardcoded number of backups. Should be dynamically generated.
mariadb1-computer-guid =
pbs-mariadb1-computer-guid =
mariadb2-computer-guid =
pbs-mariadb2-computer-guid =
mariadb3-computer-guid =
pbs-mariadb3-computer-guid =
# XXX-Cedric: Hardcoded parameters. Should be dynamically generated.
domain =
...@@ -3,22 +3,101 @@ ...@@ -3,22 +3,101 @@
parts = parts =
switch_softwaretype switch_softwaretype
eggs-directory = ${buildout:eggs-directory} eggs-directory = {{ buildout_egg_directory }}
develop-eggs-directory = ${buildout:develop-eggs-directory} develop-eggs-directory = {{ buildout_develop_directory }}
offline = true offline = true
[switch_softwaretype] [switch_softwaretype]
recipe = slapos.cookbook:softwaretype #recipe = slapos.cookbook:softwaretype
default = ${instance-apache-php:output} recipe = slapos.cookbook:switch-softwaretype
resilient = ${instance-resilient:rendered} default = dynamic-template-lamp:rendered
mariadb = ${instance-mariadb:output} RootSoftwareInstance = ${:default}
mariadb-import = ${instance-mariadb-import:output} mariadb = dynamic-template-mariadb:rendered
mariadb-export = ${instance-mariadb-export:output} apache = dynamic-template-apache-php:rendered
apache-import = ${instance-apache-import:output}
apache-export = ${instance-apache-export:rendered} [slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
#frozen creates a syntax error, meaning it can keep its data. computer = ${slap-connection:computer-id}
#It's dirty as hell, it needs to be replaced. partition = ${slap-connection:partition-id}
frozen = ${instance-frozen:output} url = ${slap-connection:server-url}
pull-backup = ${template-pull-backup:output} key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
extensions = jinja2.ext.do
mode = 0644
extra-context =
context =
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key ipv4 slap-configuration:ipv4
key ipv6 slap-configuration:ipv6
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
raw template_monitor {{ template_monitor }}
raw openssl_location {{ openssl_location }}
raw logrotate_cfg {{ logrotate_cfg }}
${:extra-context}
[dynamic-template-lamp-parameters]
[dynamic-template-lamp]
<= jinja2-template-base
template = {{ template_lamp }}
filename = template-lamp.cfg
extra-context =
section parameter_dict dynamic-template-lamp-parameters
[dynamic-template-apache-php-parameters]
application-location = {{ application_location }}
application-part-list = {{ application_deployment_part_list }}
template-apache-conf = {{ template_apache_conf }}
apache-location = {{ apache_location }}
apache-php-location = {{ apache_php_location }}
template-php-ini = {{ template_php_ini }}
# XXX no failure if `custom_application_template` is empty
[application-parameters]
custom-application-template = {{ custom_application_template }}
[dynamic-template-apache-php]
<= jinja2-template-base
template = {{ template_apache_php }}
filename = template-apache-php.cfg
extra-context =
key custom_application_template application-parameters:custom-application-template
section parameter_dict dynamic-template-apache-php-parameters
[dynamic-template-mariadb-parameters]
bash = {{ bash_location }}
coreutils-location = {{ coreutils_location }}
dash-location = {{ dash_location }}
findutils-location = {{ findutils_location }}
gzip-location = {{ gzip_location }}
mariadb-location = {{ mariadb_location }}
template-my-cnf = {{ template_my_cnf }}
template-mariadb-initial-setup = {{ template_mariadb_initial_setup }}
link-binary = {{ dumps(mariadb_link_binary) }}
mariadb-resiliency-after-import-script = {{ mariadb_resiliency_after_import_script }}
mariadb-slow-query-report-script = {{ mariadb_slow_query_report_script }}
mariadb-start-clone-from-backup = {{ mariadb_start_clone_from_backup }}
promise-check-slow-queries-digest-result = {{ bin_directory }}/check-slow-queries-digest-result
percona-tools-location = {{ percona_toolkit_location }}
unixodbc-location = {{ unixodbc_location }}
check-computer-memory-binary = {{ bin_directory }}/check-computer-memory
bin-directory = {{ bin_directory }}
[dynamic-template-mariadb]
<= jinja2-template-base
template = {{ template_mariadb }}
filename = instance-mariadb.cfg
extra-context =
key ipv4_set slap-configuration:ipv4
key ipv6_set slap-configuration:ipv6
raw bin_directory {{ bin_directory }}
section parameter_dict dynamic-template-mariadb-parameters
[buildout]
extends = ${instance-mariadb:output}
${pbsready-export:output}
# Repeating parts from instance-mariadb.
parts +=
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define exporter strategy
[exporter]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/$${slap-parameter:namebase}-exporter
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
mydumper-binary = ${mydumper:location}/bin/mydumper
database = $${mariadb:database}
import = false
# Extends publish section with resilient parameters
[urls]
<= resilient-publish-connection-parameter
[buildout]
extends = ${instance-mariadb:output}
${pbsready-import:output}
[importer]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/myloader
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
myloader-binary = ${mydumper:location}/bin/myloader
database = $${mariadb:database}
import = true
[buildout]
parts =
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
run = $${rootdirectory:var}/run
script = $${rootdirectory:etc}/script
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
mariadb-data = $${rootdirectory:srv}/mariadb
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
[logrotate-entry-mariadb]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = mariadb
log = $${mariadb:error-log}
frequency = daily
rotate-num = 30
post = $${mariadb:logrotate-post}
sharedscripts = true
notifempty = true
create = true
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
[logrotate-entry-cron]
<= logrotate
recipe =slapos.cookbook:logrotate.d
name = crond
log = $${cron-simplelogger:log}
frequency = daily
rotate-num = 30
notifempty = true
create = true
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${rootdirectory:bin}/stunnel
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
local-host = $${mariadb:ip}
local-port = $${mariadb:port}
remote-host = $${slap-network-information:global-ipv6}
remote-port = 6446
client = false
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Creates a MariaDB configuration file, and a database.
[mariadb]
recipe = slapos.cookbook:mysql
# Options
recovering = false
user = user
password = $${mysql-password:passwd}
port = 33060
ip = $${slap-network-information:local-ipv4}
database = db
# Paths
wrapper = $${basedirectory:services}/mariadb
update-wrapper = $${basedirectory:services}/mariadb_update
logrotate-post = $${rootdirectory:bin}/mariadb_post_logrotate
data-directory = $${directory:mariadb-data}
pid-file = $${basedirectory:run}/mariadb.pid
socket = $${basedirectory:run}/mariadb.sock
error-log = $${basedirectory:log}/mariadb_error.log
conf-file = $${rootdirectory:etc}/mariadb.cnf
promise = $${basedirectory:promises}/mysql
# Binary information
mysql-base-directory = ${mariadb:location}
mysql-binary = ${mariadb:location}/bin/mysql
mysql-install-binary = ${mariadb:location}/scripts/mysql_install_db
mysql-upgrade-binary = ${mariadb:location}/bin/mysql_upgrade
mysqld-binary = ${mariadb:location}/bin/mysqld
[mysql-password]
recipe = slapos.cookbook:generate.password
storage-path = $${rootdirectory:etc}/.passwd
bytes = 4
#----------------
#--
#-- Publish instance parameters.
[urls]
recipe = slapos.cookbook:publish
url = mysqls://$${mariadb:user}:$${mariadb:password}@[$${stunnel:remote-host}]:$${stunnel:remote-port}/$${mariadb:database}
ip = $${slap-network-information:global-ipv6}
[slap-parameter]
#Default value if no ssh parameters specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
[PHP]
engine = On
safe_mode = Off
expose_php = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = On
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
session.save_path = "{{ parameter_dict['tmp-dir'] }}"
session.auto_start = 0
date.timezone = {{ instance_dict.get('php.date.timezone', 'Europe/Paris') }}
file_uploads = On
upload_max_filesize = {{ instance_dict.get('php.upload_max_filesize', '8M') }}
post_max_size = {{ instance_dict.get('php.post_max_size', '8M') }}
magic_quotes_gpc=Off
memory_limit = {{ instance_dict.get('php.memory_limit', '128M') }}
session.cookie_secure = True
max_execution_time = {{ instance_dict.get('php.max_execution_time', 60) }}
max_input_time = {{ instance_dict.get('php.max_input_time', 60) }}
output_buffering = {{ instance_dict.get('php.output_buffering', 4096) }}
max_file_uploads = {{ instance_dict.get('php.max_file_uploads', 20) }}
#extension_dir="./"#
sys_temp_dir="{{ parameter_dict['tmp-dir'] }}"
upload_tmp_dir="{{ parameter_dict['php-upload-dir'] }}"
zend_extension=opcache
extension=apcu
extension=redis
extension=imagick
apc.enabled=1
apc.file_update_protection=2
apc.optimization=0
apc.shm_size=256M
apc.include_once_override=0
apc.shm_segments=1
apc.ttl=7200
apc.user_ttl=7200
apc.gc_ttl=3600
apc.num_files_hint=1024
apc.enable_cli=0
apc.max_file_size=5M
apc.cache_by_default=1
apc.use_request_time=1
apc.slam_defense=0
apc.mmap_file_mask="{{ parameter_dict['tmp-dir'] }}/apc.XXXXXX"
apc.stat_ctime=0
apc.canonicalize=1
apc.write_lock=1
apc.report_autofilter=0
apc.rfc1867=0
apc.rfc1867_prefix =upload_
apc.rfc1867_name=APC_UPLOAD_PROGRESS
apc.rfc1867_freq=0
apc.rfc1867_ttl=3600
apc.lazy_classes=0
apc.lazy_functions=0
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
...@@ -27,6 +27,7 @@ extends = ...@@ -27,6 +27,7 @@ extends =
../component/python-2.7/buildout.cfg ../component/python-2.7/buildout.cfg
../component/python-cffi/buildout.cfg ../component/python-cffi/buildout.cfg
../component/python-cliff/buildout.cfg ../component/python-cliff/buildout.cfg
../component/python-cachecontrol/buildout.cfg
../component/python-cryptography/buildout.cfg ../component/python-cryptography/buildout.cfg
../component/python-PyYAML/buildout.cfg ../component/python-PyYAML/buildout.cfg
...@@ -91,6 +92,7 @@ eggs = ...@@ -91,6 +92,7 @@ eggs =
${lxml-python:egg} ${lxml-python:egg}
${python-cffi:egg} ${python-cffi:egg}
${python-PyYAML:egg} ${python-PyYAML:egg}
${python-cachecontrol:egg}
${python-cliff:egg} ${python-cliff:egg}
${python-cryptography:egg} ${python-cryptography:egg}
pyOpenSSL pyOpenSSL
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment