Commit 70fc9b01 authored by Alain Takoudjou's avatar Alain Takoudjou

Rewrite stack lamp and use it to integrate nextcloud SR

- Upgrade PHP to version 7.3 and add more  required extensions
- Use mariadb from stack/erp5 because we won't code again all feature done there for mariadb, initialization and backup to have it up-to-date.
- Delete old files which are not used anymore
- Remove integrated resilience scripts, resilience will works with webrunner which is more stable today.
- Add Nextcloud software release with some script for auto configuration.

/reviewed-on !602
parents bbbb8e3f d6929f83
......@@ -16,14 +16,53 @@ extends =
../openldap/buildout.cfg
../pkgconfig/buildout.cfg
../zlib/buildout.cfg
../libzip/buildout.cfg
../autoconf/buildout.cfg
../automake/buildout.cfg
../imagemagick/buildout.cfg
../icu/buildout.cfg
../openssl/buildout.cfg
[php-redis]
recipe = slapos.recipe.cmmi
url = https://github.com/phpredis/phpredis/archive/5.0.0.tar.gz
md5sum = 4f11e0567a10c29394aae52a4fa8bb40
configure-command =
phpize && ./configure
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[php-imagick]
recipe = slapos.recipe.cmmi
url = https://github.com/Imagick/imagick/archive/3.4.4.tar.gz
md5sum = ef6cbadd834eb306bd91874a8f5dea03
configure-command =
phpize && ./configure
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
PKG_CONFIG_PATH=${imagemagick:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${imagemagick:location}/bin:${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
IM_IMAGEMAGICK_PREFIX=${imagemagick:location}
[php-apcu]
recipe = slapos.recipe.cmmi
url = https://github.com/krakjoe/apcu/archive/v5.1.17.tar.gz
md5sum = f64b6cd5108aea63df2d5cc301c58b2b
configure-command =
phpize && ./configure
configure-options =
--with-php-config=${apache-php:location}/bin/php-config
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[apache-php]
# Note: Shall react on each build of apache and reinstall itself
recipe = slapos.recipe.cmmi
url = http://fr2.php.net/distributions/php-5.4.12.tar.bz2
md5sum = 5c7b614242ae12e9cacca21c8ab84818
url = https://www.php.net/distributions/php-7.3.6.tar.bz2
md5sum = bde9a912fb311182cd460dad1abbc247
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-apxs2=${apache:location}/bin/apxs
--with-libxml-dir=${libxml2:location}
--with-mysql=${mariadb:location}
......@@ -44,21 +83,30 @@ configure-options =
--with-ldap=${openldap:location}
--with-imap-ssl
--with-openssl=${openssl:location}
--with-libzip=${libzip:location}
--with-icu-dir=${icu:location}
--enable-apcu-bc
--enable-intl
--enable-libxml
--enable-json
--enable-mbstring
--enable-pcntl
--enable-session
--enable-exif
--enable-zip
--enable-ftp
--enable-zip
--disable-zend-test
--disable-static
# Changing TMPDIR is required for PEAR installation.
# It will create a pear/temp directory under the SR instead of a shared /tmp/pear/temp.
# XXX we could mkdir tmp there
environment =
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${libzip:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s
LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid
CPPFLAGS=-I${libzip:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${curl:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid -L${libzip:location}/lib -Wl,-rpath -Wl,${libzip:location}/lib
TMPDIR=${buildout:parts-directory}/${:_buildout_section_name_}
HOME=${apache:location}
......
......@@ -6,17 +6,8 @@ extends =
../openssl/buildout.cfg
parts =
cclient-patch
cclient
[cclient-patch]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/imap-2007f.patch
md5sum = 42c77fdd5d7a976fc302b93aadb3da98
filename = imap-2007f.patch
[cclient]
recipe = slapos.recipe.cmmi
url = ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
......@@ -31,10 +22,12 @@ make-options =
IP=6
SSLLIB=${openssl:location}/lib
EXTRACFLAGS=-fPIC
EXTRALDFLAGS="-Wl,-rpath -Wl,${openssl:location}/lib"
CCLIENT=${buildout:parts-directory}
-j1
patches =
${cclient-patch:location}/${cclient-patch:filename}
${:_profile_base_location_}/imap-2007f.patch#42c77fdd5d7a976fc302b93aadb3da98
${:_profile_base_location_}/imap-2007f-openssl-1.1.patch#c726354e888f2f3b3954e334903cef80
patch-options = -p1
From c3f68d987c00284d91ad6599a013b7111662545b Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 2 Sep 2016 21:33:33 +0000
Subject: [PATCH] uw-imap: compile against openssl 1.1.0
I *think* I replaced access to cert->name with certificate's subject name. I
assume that the re-aranged C-code is doing the same thing. A double check
wouldn't hurt :)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
src/osdep/unix/ssl_unix.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
index 3bfdff3..836e9fa 100644
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -59,7 +59,7 @@ typedef struct ssl_stream {
static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
-static char *ssl_validate_cert (X509 *cert,char *host);
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
long *contd);
@@ -210,6 +210,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
BIO *bio;
X509 *cert;
unsigned long sl,tl;
+ char cert_subj[250];
char *s,*t,*err,tmp[MAILTMPLEN];
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
@@ -266,14 +267,19 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
- if (!(flags & NET_NOVALIDATECERT) &&
- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
- host))) {
- /* application callback */
- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
+ if (!(flags & NET_NOVALIDATECERT)) {
+
+ cert_subj[0] = '\0';
+ cert = SSL_get_peer_certificate(stream->con);
+ if (cert)
+ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
+ err = ssl_validate_cert (cert, host, cert_subj);
+ if (err)
+ /* application callback */
+ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
/* error message to return via mm_log() */
- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
- return ssl_last_error = cpystr (tmp);
+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
+ return ssl_last_error = cpystr (tmp);
}
return NIL;
}
@@ -313,7 +319,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
* Returns: NIL if validated, else string of error message
*/
-static char *ssl_validate_cert (X509 *cert,char *host)
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
{
int i,n;
char *s,*t,*ret;
@@ -322,9 +328,9 @@ static char *ssl_validate_cert (X509 *cert,char *host)
/* make sure have a certificate */
if (!cert) ret = "No certificate from server";
/* and that it has a name */
- else if (!cert->name) ret = "No name in certificate";
+ else if (cert_subj[0] == '\0') ret = "No name in certificate";
/* locate CN */
- else if (s = strstr (cert->name,"/CN=")) {
+ else if (s = strstr (cert_subj,"/CN=")) {
if (t = strchr (s += 4,'/')) *t = '\0';
/* host name matches pattern? */
ret = ssl_compare_hostnames (host,s) ? NIL :
--
2.9.3
[buildout]
extends =
../bzip2/buildout.cfg
../cmake/buildout.cfg
../zlib/buildout.cfg
parts = libzip
[libzip]
recipe = slapos.recipe.cmmi
url = https://libzip.org/download/libzip-1.5.2.tar.xz
md5sum = f9dd38d273bcdec5d3d1498fe6684f42
location = ${buildout:parts-directory}/${:_buildout_section_name_}
configure-command =
mkdir build && cd build && \
${cmake:location}/bin/cmake \
-DCMAKE_INSTALL_PREFIX=${:location} \
-DCMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include \
-DCMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib \
..
make-binary =
cd build && make
environment =
PATH=${cmake:location}/bin:%(PATH)s
CMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include
CMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib
\ No newline at end of file
......@@ -9,8 +9,8 @@ extends =
[openldap]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.42.tgz
md5sum = 47c8e2f283647a6105b8b0325257e922
url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.47.tgz
md5sum = e508f97bfd778fec7799f286e5c07176
configure-options =
--disable-static
--disable-slapd
......@@ -24,6 +24,6 @@ configure-options =
--with-tls=openssl
environment =
CPPFLAGS=-I${openssl-1.0:location}/include -I${cyrus-sasl:location}/include
LDFLAGS=-L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
CPPFLAGS=-I${openssl:location}/include -I${cyrus-sasl:location}/include
LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
PATH=${groff:location}/bin:%(PATH)s
<VirtualHost *:{{ parameter_dict['port'] }}>
ServerAdmin admin@example.com
DocumentRoot {{ parameter_dict['document-root'] }}
SetEnvIf Origin "^http(s)?://(.+\.)?(app\.officejs\.com)$" ORIGIN_DOMAIN=$0
Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory {{ parameter_dict['document-root'] }}>
Options +FollowSymlinks
AllowOverride All
Require all granted
SetEnv HOME {{ parameter_dict['document-root'] }}
SetEnv HTTP_HOME {{ parameter_dict['document-root'] }}
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
\ No newline at end of file
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Parameters to instantiate Grafana",
"additionalProperties": false,
"properties": {
"domain": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"monitor-interface-url": {
"title": "Monitor Web Interface URL",
"description": "Give Url of HTML web interface that will be used to render this monitor instance.",
"type": "string",
"format": "uri",
"default": "https://monitor.app.officejs.com"
},
"monitor-cors-domains": {
"title": "Monitor CORS domains",
"description": "List of cors domains separated with space. Needed for ajax query on this monitor instance from a different domain.",
"type": "string",
"default": "monitor.app.officejs.com"
},
"innodb-file-per-table": {
"title": "Enable/disable innodb_file_per_table",
"description": "See MariaDB documentation on innodb_file_per_table",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"apache-computer-guid": {
"title": "Computer ID for Apache Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"mariadb-computer-guid": {
"title": "Computer ID for Mariadb Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"instance.mail-from": {
"title": "Mail from",
"description": "From",
"type": "string"
},
"instance.mail-domain": {
"title": "Mail domain name",
"description": "Domain name",
"type": "string"
},
"instance.mail-smtpauthtype": {
"title": "SMTP Auth type",
"description": "Mail SMTP auth type. Default: LOGIN",
"type": "string",
"default": "LOGIN"
},
"instance.mail-smtpauth": {
"title": "SMTP auth required",
"description": "Verify SSL certificate of SMTP server. Default: Yes",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"instance.mail-smtpport": {
"title": "SMTP port",
"description": "Mail SMTP Port. Default: 587",
"type": "integer",
"default": 587
},
"instance.mail-smtphost": {
"title": "SMTP host",
"description": "Mail SMTP host",
"type": "string"
},
"instance.mail-smtpname": {
"title": "SMTP name",
"description": "Mail SMTP server name.",
"type": "string"
},
"instance.mail-smtppassword": {
"title": "SMTP password",
"description": "Password to connect to SMTP server.",
"type": "string"
},
"instance.collabora-url": {
"title": "Collabora URL",
"description": "Collabora server URL",
"type": "string",
"format": "uri",
"default": "https://collabora.host.vifib.net"
},
"instance.stun-server": {
"title": "Stun server address",
"description": "Hostname of stun server. Default: turn.vifib.com:5349",
"type": "string",
"default": "turn.vifib.com:5349"
},
"instance.turn-server": {
"title": "Turn server address",
"description": "Hostname of turn server.",
"default": "",
"type": "string"
},
"instance.turn-secret": {
"title": "Turn server secret",
"description": "Turn secret to use for authentification.",
"type": "string"
},
"instance.cli-url": {
"title": "Nextcloud cli URL",
"description": "Nextcloud cli URL, the default will be Nextcloud url.",
"type": "string",
"format": "uri"
},
"instance.trusted-domain-1": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"instance.trusted-domain-2": {
"title": "Second authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
}
}
}
\ No newline at end of file
#!/bin/bash
set -e
set -x
php_cmd () {
{{ parameter_dict['php-bin'] }} -c {{ parameter_dict['php-ini'] }} $@
}
status=$(php_cmd {{ parameter_dict['nextcloud'] }}/occ status | grep 'installed: true' || true)
if [ ! -z "$status" ]; then
echo "Nextcloud is installed!"
exit 1;
fi
if [ ! -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
echo "CAN_INSTALL no exists in config, cannot make a new install, Nextcloud is already installed."
exit 1
fi
php_cmd {{ parameter_dict['nextcloud'] }}/occ maintenance:install \
--database "mysql" --database-name "{{ parameter_dict['db-name'] }}" --database-user "{{ parameter_dict['db-user'] }}" \
--database-pass "{{ parameter_dict['db-password'] }}" --admin-user "{{ parameter_dict['admin-user'] }}" \
--database-host "{{ parameter_dict['db-host'] }}:{{ parameter_dict['db-port'] }}" \
--admin-pass "{{ parameter_dict['admin-password'] }}" --data-dir "{{ parameter_dict['data-dir'] }}"
{% for trusted_domain in parameter_dict['trusted-domain-list'].split() -%}
{% if trusted_domain.strip() -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set trusted_domains {{ loop.index - 1 }} --value={{ trusted_domain.strip() }}
{% endif -%}
{% endfor -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set overwrite.cli.url --value={{ parameter_dict['cli-url'] }}
php_cmd {{ parameter_dict['nextcloud'] }}/occ background:cron
sed -i 's/^[ ]*//' {{ parameter_dict['nextcloud'] }}/config/config.php
sed -i '/);/d' {{ parameter_dict['nextcloud'] }}/config/config.php
cat <<EOF >> {{ parameter_dict['nextcloud'] }}/config/config.php
'mysql.utf8mb4' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => '{{ parameter_dict["mail.from"] }}',
'mail_domain' => '{{ parameter_dict["mail.domain"] }}',
'mail_smtpauthtype' => '{{ parameter_dict["mail.smtpauthtype"] }}',
'mail_smtpauth' => {{ parameter_dict["mail.smtpauth"] }},
'mail_smtpport' => '{{ parameter_dict["mail.smtpport"] }}',
'mail_smtphost' => '{{ parameter_dict["mail.smtphost"] }}',
'mail_smtpname' => '{{ parameter_dict["mail.smtpname"] }}',
'mail_smtppassword' => '{{ parameter_dict["mail.smtppassword"] }}',
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
),
{% set trusted_proxy_list = parameter_dict['trusted-proxy-list'].strip().split(' ') -%}
{% if len(trusted_proxy_list) > 0 -%}
'trusted_proxies' =>
array (
{% for proxy in trusted_proxy_list -%}
{% if proxy -%}
{{ ' ' ~ (loop.index - 1) }} => '{{ proxy }}',
{% endif -%}
{% endfor -%}
),
{% endif -%}
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'csrf.optout' =>
array (
0 => '/^WebDAVFS/',
1 => '/^Microsoft-WebDAV-MiniRedir/',
2 => '/^\\.jio_documents/',
),
'cron_log' => true,
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'filelocking.enabled' => 'true',
'htaccess.RewriteBase' => '/',
'integrity.check.disabled' => false,
'knowledgebaseenabled' => false,
'logfile' => '{{ parameter_dict["data-dir"] }}/nextcloud.log',
'loglevel' => 2,
'log_rotate_size' => 104857600,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'overwriteprotocol' => 'https',
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'redis' =>
array (
'host' => '{{ parameter_dict["redis-socket"] }}',
'port' => 0,
'timeout' => 0.0,
),
'quota_include_external_storage' => false,
'share_folder' => '/Shares',
'skeletondirectory' => '',
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
);
EOF
# Install some nextcloud app
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install spreed
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install richdocuments
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install calendar
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install rainloop
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install news
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set richdocuments wopi_url --value="{{ parameter_dict.get('collabora-url', '') }}"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed stun_servers --value="[\"{{ parameter_dict['stun-server'] }}\"]"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed turn_servers --value="[{\"server\":\"{{ parameter_dict['turn-server'] }}\",\"secret\":\"{{ parameter_dict['turn-secret'] }}\",\"protocols\":\"udp,tcp\"}]"
sed -i 's#useCronUpdates\s*=.*#useCronUpdates = false#g' {{ parameter_dict['data-dir'] }}/news/config/config.ini
if [ -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
rm {{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL
fi
\ No newline at end of file
#############
# Redis #
#############
[nc-directory]
recipe = slapos.cookbook:mkdirectory
redis = ${directory:srv}/redis
redis-log = ${directory:log}/redis
data = ${directory:srv}/data
backup = ${directory:backup}/nextcloud
[service-redis]
recipe = slapos.cookbook:redis.server
wrapper = ${directory:services}/redis
promise_wrapper = ${directory:promises}/redis
server_dir = ${nc-directory:redis}
config_file = ${directory:etc}/redis.conf
log_file = ${nc-directory:redis-log}/redis.log
pid_file = ${directory:run}/redis.pid
use_passwd = false
unixsocket = ${:server_dir}/redis.socket
# port = 0 means "don't listen on TCP at all" - listen only on unix socket
ipv6 = ::1
port = 0
server_bin = {{ redis_bin }}
depend =
${logrotate-entry-redis:recipe}
[logrotate-entry-redis]
<= logrotate-entry-base
name = redis
log = ${nc-directory:redis-log}/*.log
frequency = daily
rotate-num = 30
[instance-parameter]
nextcloud = ${:document-root}
admin-user = admin
admin-password = admin
trusted-domain-list =
[${apache-php-configuration:ip}]:${apache-php-configuration:port}
${slap-parameter:instance.trusted-domain-1}
${slap-parameter:instance.trusted-domain-2}
trusted-proxy-list = ${slap-parameter:instance.trusted-proxy-list}
cli-url = ${slap-parameter:instance.cli-url}
data-dir = ${nc-directory:data}
redis-socket = ${service-redis:unixsocket}
#php.ini parameters
php.memory_limit = 512M
php.date.timezone = Europe/Paris
php.upload_max_filesize = 10240M
php.post_max_size = 10240M
php.session.cookie_secure = True
php.max_execution_time = 1800
php.max_input_time = 3600
php.output_buffering = 'Off'
php.max_file_uploads = 100
#SMTP settings
mail.from = ${slap-parameter:instance.mail-from}
mail.domain = ${slap-parameter:instance.mail-domain}
mail.smtpauthtype = ${slap-parameter:instance.mail-smtpauthtype}
mail.smtpauth = ${slap-parameter:instance.mail-smtpauth}
mail.smtpport = ${slap-parameter:instance.mail-smtpport}
mail.smtphost = ${slap-parameter:instance.mail-smtphost}
mail.smtpname = ${slap-parameter:instance.mail-smtpname}
mail.smtppassword = ${slap-parameter:instance.mail-smtppassword}
# Instance configuration
collabora-url = ${slap-parameter:instance.collabora-url}
stun-server = ${slap-parameter:instance.stun-server}
turn-server = ${slap-parameter:instance.turn-server}
turn-secret = ${slap-parameter:instance.turn-secret}
[nextcloud-install.sh]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_install_sh }}
rendered = ${directory:scripts}/nextcloud-install
context =
section parameter_dict instance-parameter
mode = 744
depends =
${service-redis:recipe}
${nextcloud-cron:recipe}
${nextcloud-optimize:recipe}
${nextcloud-apache-httpd:recipe}
${nextcloud-backup-cron:recipe}
${nextcloud-news-updater:recipe}
[nextcloud-apache-httpd]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_apache_httpd }}
rendered = ${directory:apache.d}/nextcloud.conf
context =
section parameter_dict apache-php-configuration
mode = 744
[nextcloud-cron]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud
frequency = */5 * * * *
command = ${php-bin:wrapper-path} -f ${instance-parameter:nextcloud}/cron.php
[nextcloud-optimize-bin]
recipe = collective.recipe.template
input = inline:#!/bin/bash
{{ redis_cli }} -s ${instance-parameter:redis-socket} <<EOF
FLUSHALL
quit
EOF
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan --all
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan-app-data
exit 0
output = ${directory:bin}/nextcloud-optimize
mode = 744
[nextcloud-backup]
recipe = collective.recipe.template
input = inline:#!/bin/bash
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ app:list --output json > ${nc-directory:backup}/app-list.json
cp -r ${instance-parameter:nextcloud}/config ${nc-directory:backup}
exit 0
output = ${directory:bin}/nextcloud-backup
mode = 744
[nextcloud-backup-cron]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud-backup
frequency = 0 0 * * * *
command = ${nextcloud-backup:output}
[nextcloud-optimize]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud-optimize
frequency = 5 1 * * *
command = ${nextcloud-optimize-bin:output}
[nextcloud-news-updater]
recipe = collective.recipe.template
input = inline:#!/bin/sh
cd {{ news_updater_location }}
export PATH={{ php_location }}/bin:$PATH
{{ python3_location}}/bin/python3 -m nextcloud_news_updater --phpini ${php.ini-conf:rendered} \
--interval 300 --mode endless --loglevel info ${instance-parameter:nextcloud}
output = ${directory:scripts}/nextcloud-news-updater
mode = 744
[php-bin]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/php
command-line = ${instance-parameter:php-bin} -c ${php.ini-conf:rendered}
[publish-connection-information]
admin-user = ${instance-parameter:admin-user}
admin-password = ${instance-parameter:admin-password}
[slap-parameter]
instance.mail-from = Nextcloud
instance.mail-domain = nextcloud@example.com
instance.mail-smtpauthtype = LOGIN
instance.mail-smtpauth = 1
instance.mail-smtpport = 587
instance.mail-smtphost =
instance.mail-smtpname =
instance.mail-smtppassword =
instance.collabora-url = https://collabora.host.vifib.net/
instance.stun-server = turn.vifib.com:5349
instance.turn-server =
instance.turn-secret =
instance.cli-url = ${apache-php-configuration:url}
instance.trusted-domain-1 =
instance.trusted-domain-2 =
instance.trusted-proxy-list =
\ No newline at end of file
{
"name": "Output Parameters",
"properties": {
"backend-url": {
"title": "Backend URL",
"description": "URL used to connect directly to backend without frontend. Requires IPv6.",
"type": "string",
"format": "uri",
"require": true
},
"url": {
"title": "URL",
"description": "URL used to connect to the service.",
"type": "string",
"format": "uri",
"require": false
}
}
}
[buildout]
extends =
../../component/redis/buildout.cfg
../../component/python3/buildout.cfg
../../stack/lamp/buildout.cfg
[nc-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[application]
url = https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2
md5sum = d81902d2dec5d547779bec6336a438be
[template-nextcloud-install.sh]
<= nc-download-base
filename = nextcloud-install.sh.in
md5sum = a2281f86f6a26a8ff40a57a495505977
[template-apache-httpd]
<= nc-download-base
filename = apache-httpd.conf.in
md5sum = f3bca64bf991526fd8221035a86aacbf
[template-nextcloud-instance]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/nextcloud-instance.cfg.in
rendered = ${buildout:directory}/instance-nextcloud.cfg
extensions = jinja2.ext.do
md5sum = 0dd3eea61be79135810b0c2286c520b5
context =
key gzip_location gzip:location
key python3_location python3.6.6:location
key news_updater_location news-updater:location
key php_location apache-php:location
raw redis_bin ${redis:location}/bin/redis-server
raw redis_cli ${redis:location}/bin/redis-cli
raw nextcloud_install_sh ${template-nextcloud-install.sh:location}/${template-nextcloud-install.sh:filename}
raw nextcloud_apache_httpd ${template-apache-httpd:location}/${template-apache-httpd:filename}
[custom-application-deployment]
path = ${template-nextcloud-instance:rendered}
part-list = nextcloud-install.sh
[news-updater]
recipe = hexagonit.recipe.download
url = https://github.com/nextcloud/news-updater/archive/10.0.1.tar.gz
md5sum = 37387199c0482e08d01e9294cd95eaad
strip-top-level-dir = true
\ No newline at end of file
{
"name": "Nextcloud",
"description": "Nextcloud",
"serialisation": "xml",
"software-type": {
"default": {
"title": "Default",
"description": "Instance Nextcloud",
"request": "nextcloud-input-schema.json",
"response": "nextcloud-output-schema.json",
"index": 0
}
}
}
Tests for Nextcloud Software Release
\ No newline at end of file
##############################################################################
#
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from setuptools import setup, find_packages
import glob
import os
version = '0.0.1.dev0'
name = 'slapos.test.nextcloud'
long_description = open("README.md").read()
setup(name=name,
version=version,
description="Test for Nextcloud Software Release",
long_description=long_description,
long_description_content_type='text/markdown',
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
packages=find_packages(),
install_requires=[
'slapos.core',
'slapos.libnetworkcache',
'erp5.util',
'supervisor',
'psutil',
],
zip_safe=True,
test_suite='test',
)
\ No newline at end of file
##############################################################################
#
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import subprocess
import json
import glob
import re
import utils
# for development: debugging logs and install Ctrl+C handler
if os.environ.get('SLAPOS_TEST_DEBUG'):
import logging
logging.basicConfig(level=logging.DEBUG)
import unittest
unittest.installHandler()
def subprocess_status_output(*args, **kwargs):
prc = subprocess.Popen(
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
*args,
**kwargs)
out, err = prc.communicate()
return prc.returncode, out
class InstanceTestCase(utils.SlapOSInstanceTestCase):
@classmethod
def getSoftwareURLList(cls):
return (os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'software.cfg')), )
def getNextcloudConfig(self, config_dict={}):
self.maxDiff = None
data_dict = dict(
datadirectory=self.partition_dir + "/srv/data",
dbhost="%s:2099" % self.config['ipv4_address'],
dbname="nextcloud",
dbpassword="insecure",
dbport="",
dbuser="nextcloud",
mail_domain="nextcloud@example.com",
mail_from_address="Nextcloud",
mail_smtpauth=1,
mail_smtpauthtype="LOGIN",
mail_smtphost="",
mail_smtpport="587",
mail_smtppassword="",
mail_smtpname="",
cli_url="https://[%s]:9988/" % self.config['ipv6_address'],
partition_dir=self.partition_dir,
trusted_domain_list=json.dumps(["[%s]:9988" % self.config['ipv6_address']]),
trusted_proxy_list=[],
)
data_dict.update(config_dict)
template = """{
"activity_expire_days": 14,
"auth.bruteforce.protection.enabled": true,
"blacklisted_files": [
".htaccess",
"Thumbs.db",
"thumbs.db"
],
"cron_log": true,
"csrf.optout": [
"/^WebDAVFS/",
"/^Microsoft-WebDAV-MiniRedir/",
"/^\\\\.jio_documents/"
],
"datadirectory": "%(datadirectory)s",
"dbhost": "%(dbhost)s",
"dbname": "%(dbname)s",
"dbpassword": "%(dbpassword)s",
"dbport": "",
"dbtableprefix": "oc_",
"dbtype": "mysql",
"dbuser": "%(dbuser)s",
"enable_previews": true,
"enabledPreviewProviders": [
"OC\\\\Preview\\\\PNG",
"OC\\\\Preview\\\\JPEG",
"OC\\\\Preview\\\\GIF",
"OC\\\\Preview\\\\BMP",
"OC\\\\Preview\\\\XBitmap",
"OC\\\\Preview\\\\Movie",
"OC\\\\Preview\\\\PDF",
"OC\\\\Preview\\\\MP3",
"OC\\\\Preview\\\\TXT",
"OC\\\\Preview\\\\MarkDown"
],
"filelocking.enabled": "true",
"filesystem_check_changes": 0,
"forwarded_for_headers": [
"HTTP_X_FORWARDED"
],
"htaccess.RewriteBase": "/",
"installed": true,
"integrity.check.disabled": false,
"knowledgebaseenabled": false,
"log_rotate_size": 104857600,
"logfile": "%(datadirectory)s/nextcloud.log",
"loglevel": 2,
"mail_domain": "%(mail_domain)s",
"mail_from_address": "%(mail_from_address)s",
"mail_sendmailmode": "smtp",
"mail_smtpauth": %(mail_smtpauth)s,
"mail_smtpauthtype": "%(mail_smtpauthtype)s",
"mail_smtphost": "%(mail_smtphost)s",
"mail_smtpmode": "smtp",
"mail_smtpname": "%(mail_smtpname)s",
"mail_smtppassword": "%(mail_smtppassword)s",
"mail_smtpport": "%(mail_smtpport)s",
"mail_smtpsecure": "tls",
"maintenance": false,
"memcache.locking": "\\\\OC\\\\Memcache\\\\Redis",
"memcache.local": "\\\\OC\\\\Memcache\\\\APCu",
"memcache.distributed": "\\\\OC\\\\Memcache\\\\Redis",
"mysql.utf8mb4": true,
"overwrite.cli.url": "%(cli_url)s",
"overwriteprotocol": "https",
"preview_max_scale_factor": 1,
"preview_max_x": 1024,
"preview_max_y": 768,
"quota_include_external_storage": false,
"redis": {
"host": "%(partition_dir)s/srv/redis/redis.socket",
"port": 0,
"timeout": 0
},
"share_folder": "/Shares",
"skeletondirectory": "",
"theme": "",
"trashbin_retention_obligation": "auto, 7",
"trusted_domains": %(trusted_domain_list)s,
"trusted_proxies": %(trusted_proxy_list)s,
"updater.release.channel": "stable"
}"""
return json.loads(template % data_dict)
class ServicesTestCase(InstanceTestCase):
@staticmethod
def generateHash(file_list):
import hashlib
hasher = hashlib.md5()
for path in file_list:
with open(path, 'r') as afile:
buf = afile.read()
hasher.update("%s\n" % len(buf))
hasher.update(buf)
hash = hasher.hexdigest()
return hash
def test_process_list(self):
hash_list = [
'software_release/buildout.cfg',
]
expected_process_names = [
'bootstrap-monitor',
'mariadb',
'mariadb_update',
'apache-php-{hash}-on-watch',
'certificate_authority-{hash}-on-watch',
'crond-{hash}-on-watch',
'monitor-httpd-{hash}-on-watch',
'monitor-httpd-graceful',
'nextcloud-install',
'nextcloud-news-updater',
'redis-on-watch',
]
supervisor = self.getSupervisorRPCServer().supervisor
process_name_list = [process['name']
for process in supervisor.getAllProcessInfo()]
hash_file_list = [os.path.join(self.computer_partition_root_path, path)
for path in hash_list]
for name in expected_process_names:
h = ServicesTestCase.generateHash(hash_file_list)
expected_process_name = name.format(hash=h)
self.assertIn(expected_process_name, process_name_list)
def test_nextcloud_installation(self):
partition_path_list = glob.glob(os.path.join(self.instance_path, '*'))
nextcloud_path = None
for partition_path in partition_path_list:
path = os.path.join(partition_path, 'srv/www')
if os.path.exists(path):
nextcloud_path = path
instance_folder = partition_path
break
can_install_path = os.path.join(nextcloud_path, 'config/CAN_INSTALL')
self.assertTrue(os.path.exists(nextcloud_path))
self.assertFalse(os.path.exists(can_install_path))
self.assertTrue(os.path.exists(os.path.join(nextcloud_path, 'config/config.php')))
php_bin = os.path.join(instance_folder, 'bin/php')
nextcloud_status = subprocess.check_output([
php_bin,
os.path.join(nextcloud_path, 'occ'),
'status',
'--output',
'json'])
json_status = json.loads(nextcloud_status)
self.assertTrue(json_status['installed'], True)
def test_nextcloud_config(self):
partition_path_list = glob.glob(os.path.join(self.instance_path, '*'))
nextcloud_path = None
for partition_path in partition_path_list:
path = os.path.join(partition_path, 'srv/www')
if os.path.exists(path):
nextcloud_path = path
instance_folder = partition_path
break
config_file = os.path.join(nextcloud_path, 'config/config.php')
php_script = os.path.join(instance_folder, 'test.php')
with open(php_script, 'w') as f:
f.write("<?php include('%s'); echo json_encode($CONFIG); ?>" % config_file)
self.partition_dir = instance_folder
php_bin = os.path.join(instance_folder, 'bin/php')
occ = os.path.join(nextcloud_path, 'occ')
config_result = subprocess.check_output([
php_bin,
'-f',
php_script
])
config_dict = json.loads(config_result)
#remove generated values
config_dict.pop('instanceid')
config_dict.pop('passwordsalt')
config_dict.pop('secret')
config_dict.pop('version')
expected_dict = self.getNextcloudConfig()
self.assertEqual(config_dict, expected_dict)
collabora_config = subprocess.check_output([
php_bin,
occ,
"config:app:get",
"richdocuments",
"wopi_url"
])
self.assertEqual(collabora_config.strip(), 'https://collabora.host.vifib.net/')
stun_config = subprocess.check_output([
php_bin,
occ,
"config:app:get",
"spreed",
"stun_servers"
])
self.assertEqual(stun_config.strip(), '["turn.vifib.com:5349"]')
turn_config = subprocess.check_output([
php_bin,
occ,
"config:app:get",
"spreed",
"turn_servers"
])
self.assertEqual(turn_config.strip(), '[{"server":"","secret":"","protocols":"udp,tcp"}]')
news_config_file = os.path.join(instance_folder, 'srv/data/news/config/config.ini')
with open(news_config_file) as f:
config = f.read()
regex = r"(useCronUpdates\s+=\s+false)"
result = re.search(regex, config)
self.assertNotEqual(result, None)
def test_nextcloud_promises(self):
partition_path_list = glob.glob(os.path.join(self.instance_path, '*'))
nextcloud_path = None
for partition_path in partition_path_list:
path = os.path.join(partition_path, 'srv/www')
if os.path.exists(path):
nextcloud_path = path
instance_folder = partition_path
break
promise_path_list = glob.glob(os.path.join(instance_folder, 'etc/plugin/*.py'))
promise_name_list = [x for x in
os.listdir(os.path.join(instance_folder, 'etc/plugin'))
if not x.endswith('.pyc')]
partition_name = os.path.basename(instance_folder.rstrip('/'))
self.assertEqual(sorted(promise_name_list),
sorted([
"__init__.py",
"check-free-disk-space.py",
"monitor-http-frontend.py",
"apache-httpd-port-listening.py",
"buildout-%s-status.py" % partition_name,
"monitor-bootstrap-status.py",
"monitor-httpd-listening-on-tcp.py"
]))
ignored_plugin_list = [
'__init__.py',
'monitor-http-frontend.py',
]
runpromise_bin = os.path.join(
self.software_path, 'bin', 'monitor.runpromise')
monitor_conf = os.path.join(instance_folder, 'etc', 'monitor.conf')
msg = []
status = 0
for plugin_path in promise_path_list:
plugin_name = os.path.basename(plugin_path)
if plugin_name in ignored_plugin_list:
continue
plugin_status, plugin_result = subprocess_status_output([
runpromise_bin,
'-c', monitor_conf,
'--run-only', plugin_name,
'--force',
'--check-anomaly'
])
status += plugin_status
if plugin_status == 1:
msg.append(plugin_result)
# sanity check
if 'Checking promise %s' % plugin_name not in plugin_result:
plugin_status = 1
msg.append(plugin_result)
msg = ''.join(msg).strip()
self.assertEqual(status, 0, msg)
class ParametersTestCase(InstanceTestCase):
@classmethod
def getInstanceParameterDict(cls):
return {
'instance.mail-from': "Nextcloud-Test",
'instance.mail-domain': "test@example.com",
'instance.mail-smtpauthtype': "LOGIN",
'instance.mail-smtpauth': 1,
'instance.mail-smtpport': 4588,
'instance.mail-smtphost': '127.0.0.1',
'instance.mail-smtpname': 'mail.example.net',
'instance.mail-smtppassword': 'dwsofjsd',
'instance.collabora-url': 'https://my-custom.collabora.net',
'instance.stun-server': 'stun.example.net:5439',
'instance.turn-server': 'turn.example.net:5439',
'instance.turn-secret': 'c4f0ead40a49bbbac3c58f7b9b43990f78ebd96900757ae67e10190a3a6b6053',
'instance.cli-url': 'nextcloud.example.com',
'instance.trusted-domain-1': 'nextcloud.example.com',
'instance.trusted-domain-2': 'nextcloud.proxy.com',
'instance.trusted-proxy-list': '2001:67c:1254:e:89::5df3 127.0.0.1 10.23.1.3',
}
def test_nextcloud_config_with_parameters(self):
partition_path_list = glob.glob(os.path.join(self.instance_path, '*'))
nextcloud_path = None
for partition_path in partition_path_list:
path = os.path.join(partition_path, 'srv/www')
if os.path.exists(path):
nextcloud_path = path
instance_folder = partition_path
break
config_file = os.path.join(nextcloud_path, 'config/config.php')
php_script = os.path.join(instance_folder, 'test.php')
with open(php_script, 'w') as f:
f.write("<?php include('%s'); echo json_encode($CONFIG); ?>" % config_file)
self.partition_dir = instance_folder
php_bin = os.path.join(instance_folder, 'bin/php')
occ = os.path.join(nextcloud_path, 'occ')
config_result = subprocess.check_output([
php_bin,
'-f',
php_script
])
config_dict = json.loads(config_result)
#remove generated values
config_dict.pop('instanceid')
config_dict.pop('passwordsalt')
config_dict.pop('secret')
config_dict.pop('version')
instance_parameter_dict = dict(
mail_domain="test@example.com",
mail_from_address="Nextcloud-Test",
mail_smtpauth=1,
mail_smtpauthtype="LOGIN",
mail_smtphost="127.0.0.1",
mail_smtpport="4588",
mail_smtppassword="dwsofjsd",
mail_smtpname="mail.example.net",
cli_url="nextcloud.example.com",
partition_dir=self.partition_dir,
trusted_domain_list=json.dumps([
"[%s]:9988" % self.config['ipv6_address'],
"nextcloud.example.com",
"nextcloud.proxy.com"
]),
trusted_proxy_list=json.dumps([
"2001:67c:1254:e:89::5df3",
"127.0.0.1",
"10.23.1.3"
])
)
expected_dict = self.getNextcloudConfig(instance_parameter_dict)
self.assertEqual(config_dict, expected_dict)
collabora_config = subprocess.check_output([
php_bin,
occ,
"config:app:get",
"richdocuments",
"wopi_url"
])
self.assertEqual(collabora_config.strip(), 'https://my-custom.collabora.net')
stun_config = subprocess.check_output([
php_bin,
occ,
"config:app:get",
"spreed",
"stun_servers"
])
self.assertEqual(stun_config.strip(), '["stun.example.net:5439"]')
turn_config = subprocess.check_output([
php_bin,
occ,
"config:app:get",
"spreed",
"turn_servers"
])
self.assertEqual(turn_config.strip(),
'[{"server":"turn.example.net:5439","secret":"c4f0ead40a49bbbac3c58f7b9b43990f78ebd96900757ae67e10190a3a6b6053","protocols":"udp,tcp"}]')
##############################################################################
#
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import unittest
import os
import socket
from contextlib import closing
import logging
import StringIO
import xmlrpclib
import supervisor.xmlrpc
from erp5.util.testnode.SlapOSControler import SlapOSControler
from erp5.util.testnode.ProcessManager import ProcessManager
# Utility functions
def findFreeTCPPort(ip=''):
"""Find a free TCP port to listen to.
"""
family = socket.AF_INET6 if ':' in ip else socket.AF_INET
with closing(socket.socket(family, socket.SOCK_STREAM)) as s:
s.bind((ip, 0))
return s.getsockname()[1]
# TODO:
# - allow requesting multiple instances ?
class SlapOSInstanceTestCase(unittest.TestCase):
"""Install one slapos instance.
This test case install software(s) and request one instance during `setUpClass`
and destroy the instance during `tearDownClass`.
Software Release URL, Instance Software Type and Instance Parameters can be defined
on the class.
All tests from the test class will run with the same instance.
The following class attributes are available:
* `computer_partition`: the computer partition instance, implementing
`slapos.slap.interface.slap.IComputerPartition`.
* `computer_partition_root_path`: the path of the instance root directory.
"""
# Methods to be defined by subclasses.
@classmethod
def getSoftwareURLList(cls):
"""Return URL of software releases to install.
To be defined by subclasses.
"""
raise NotImplementedError()
@classmethod
def getInstanceParameterDict(cls):
"""Return instance parameters
To be defined by subclasses if they need to request instance with specific
parameters.
"""
return {}
@classmethod
def getInstanceSoftwareType(cls):
"""Return software type for instance, default "default"
To be defined by subclasses if they need to request instance with specific
software type.
"""
return "default"
# Utility methods.
def getSupervisorRPCServer(self):
"""Returns a XML-RPC connection to the supervisor used by slapos node
Refer to http://supervisord.org/api.html for details of available methods.
"""
# xmlrpc over unix socket https://stackoverflow.com/a/11746051/7294664
return xmlrpclib.ServerProxy(
'http://slapos-supervisor',
transport=supervisor.xmlrpc.SupervisorTransport(
None,
None,
# XXX hardcoded socket path
serverurl="unix://{working_directory}/inst/supervisord.socket".format(
**self.config)))
# Unittest methods
@classmethod
def setUpClass(cls):
"""Setup the class, build software and request an instance.
If you have to override this method, do not forget to call this method on
parent class.
"""
try:
cls.setUpWorkingDirectory()
cls.setUpConfig()
cls.setUpSlapOSController()
cls.runSoftwareRelease()
# XXX instead of "runSoftwareRelease", it would be better to be closer to slapos usage:
# cls.supplySoftwares()
# cls.installSoftwares()
cls.runComputerPartition()
# XXX instead of "runComputerPartition", it would be better to be closer to slapos usage:
# cls.requestInstances()
# cls.createInstances()
# cls.requestInstances()
except Exception:
cls.stopSlapOSProcesses()
raise
cls.instance_path = os.path.join(
cls.config['working_directory'],
'inst')
cls.software_path = os.path.realpath(os.path.join(
cls.computer_partition_root_path, 'software_release'))
@classmethod
def tearDownClass(cls):
"""Tear down class, stop the processes and destroy instance.
"""
cls.stopSlapOSProcesses()
# Implementation
@classmethod
def stopSlapOSProcesses(cls):
if hasattr(cls, '_process_manager'):
cls._process_manager.killPreviousRun()
@classmethod
def setUpWorkingDirectory(cls):
"""Initialise the directories"""
cls.working_directory = os.environ.get(
'SLAPOS_TEST_WORKING_DIR',
os.path.join(os.path.dirname(__file__), '.slapos'))
# To prevent error: Cannot open an HTTP server: socket.error reported
# AF_UNIX path too long This `working_directory` should not be too deep.
# Socket path is 108 char max on linux
# https://github.com/torvalds/linux/blob/3848ec5/net/unix/af_unix.c#L234-L238
# Supervisord socket name contains the pid number, which is why we add
# .xxxxxxx in this check.
if len(cls.working_directory + '/inst/supervisord.socket.xxxxxxx') > 108:
raise RuntimeError('working directory ( {} ) is too deep, try setting '
'SLAPOS_TEST_WORKING_DIR'.format(cls.working_directory))
if not os.path.exists(cls.working_directory):
os.mkdir(cls.working_directory)
@classmethod
def setUpConfig(cls):
"""Create slapos configuration"""
cls.config = {
"working_directory": cls.working_directory,
"slapos_directory": cls.working_directory,
"log_directory": cls.working_directory,
"computer_id": 'slapos.test', # XXX
'proxy_database': os.path.join(cls.working_directory, 'proxy.db'),
'partition_reference': cls.__name__,
# "proper" slapos command must be in $PATH
'slapos_binary': 'slapos',
'node_quantity': '3',
}
# Some tests are expecting that local IP is not set to 127.0.0.1
ipv4_address = os.environ.get('SLAPOS_TEST_IPV4', '127.0.1.1')
ipv6_address = os.environ['SLAPOS_TEST_IPV6']
cls.config['proxy_host'] = cls.config['ipv4_address'] = ipv4_address
cls.config['ipv6_address'] = ipv6_address
cls.config['proxy_port'] = findFreeTCPPort(ipv4_address)
cls.config['master_url'] = 'http://{proxy_host}:{proxy_port}'.format(
**cls.config)
@classmethod
def setUpSlapOSController(cls):
"""Create the a "slapos controller" and supply softwares from `getSoftwareURLList`.
This is equivalent to:
slapos proxy start
for sr in getSoftwareURLList; do
slapos supply $SR $COMP
done
"""
cls._process_manager = ProcessManager()
# XXX this code is copied from testnode code
cls.slapos_controler = SlapOSControler(
cls.working_directory,
cls.config
)
slapproxy_log = os.path.join(cls.config['log_directory'], 'slapproxy.log')
logger = logging.getLogger(__name__)
logger.debug('Configured slapproxy log to %r', slapproxy_log)
cls.software_url_list = cls.getSoftwareURLList()
cls.slapos_controler.initializeSlapOSControler(
slapproxy_log=slapproxy_log,
process_manager=cls._process_manager,
reset_software=False,
software_path_list=cls.software_url_list)
# XXX we should check *earlier* if that pidfile exist and if supervisord
# process still running, because if developer started supervisord (or bugs?)
# then another supervisord will start and starting services a second time
# will fail.
cls._process_manager.supervisord_pid_file = os.path.join(
cls.slapos_controler.instance_root, 'var', 'run', 'supervisord.pid')
@classmethod
def runSoftwareRelease(cls):
"""Run all the software releases that were supplied before.
This is the equivalent of `slapos node software`.
The tests will be marked file if software building fail.
"""
logger = logging.getLogger()
logger.level = logging.DEBUG
stream = StringIO.StringIO()
stream_handler = logging.StreamHandler(stream)
logger.addHandler(stream_handler)
try:
cls.software_status_dict = cls.slapos_controler.runSoftwareRelease(
cls.config, environment=os.environ)
stream.seek(0)
stream.flush()
message = ''.join(stream.readlines()[-100:])
assert cls.software_status_dict['status_code'] == 0, message
finally:
logger.removeHandler(stream_handler)
del stream
@classmethod
def runComputerPartition(cls):
"""Instanciate the software.
This is the equivalent of doing:
slapos request --type=getInstanceSoftwareType --parameters=getInstanceParameterDict
slapos node instance
and return the slapos request instance parameters.
This can be called by tests to simulate re-request with different parameters.
"""
logger = logging.getLogger()
logger.level = logging.DEBUG
stream = StringIO.StringIO()
stream_handler = logging.StreamHandler(stream)
logger.addHandler(stream_handler)
if cls.getInstanceSoftwareType() != 'default':
raise NotImplementedError
instance_parameter_dict = cls.getInstanceParameterDict()
try:
cls.instance_status_dict = cls.slapos_controler.runComputerPartition(
cls.config,
cluster_configuration=instance_parameter_dict,
environment=os.environ)
stream.seek(0)
stream.flush()
message = ''.join(stream.readlines()[-100:])
assert cls.instance_status_dict['status_code'] == 0, message
finally:
logger.removeHandler(stream_handler)
del stream
# FIXME: similar to test node, only one (root) partition is really
# supported for now.
computer_partition_list = []
for i in range(len(cls.software_url_list)):
computer_partition_list.append(
cls.slapos_controler.slap.registerOpenOrder().request(
cls.software_url_list[i],
# This is how testnode's SlapOSControler name created partitions
partition_reference='testing partition {i}'.format(
i=i, **cls.config),
partition_parameter_kw=instance_parameter_dict))
# expose some class attributes so that tests can use them:
# the ComputerPartition instances, to getInstanceParameterDict
cls.computer_partition = computer_partition_list[0]
# the path of the instance on the filesystem, for low level inspection
cls.computer_partition_root_path = os.path.join(
cls.config['working_directory'],
'inst',
cls.computer_partition.getId())
......@@ -15,4 +15,4 @@
[template]
filename = instance.cfg
md5sum = 8b3d678de7fd5333793bc3f4c770b53d
md5sum = 6e4bde9074cdc508df513e31653e7def
......@@ -28,7 +28,7 @@ bin = $${buildout:directory}/bin
working-dir = $${buildout:directory}/tmp
[test-list]
path_list = ${slapos.test.caddy-frontend-setup:setup},${slapos.test.erp5-setup:setup},${slapos.test.slapos-master-setup:setup},${slapos.test.kvm-setup:setup},${slapos.test.monitor-setup:setup},${slapos.test.plantuml-setup:setup},${slapos.test.powerdns-setup:setup},${slapos.test.proftpd-setup:setup},${slapos.test.re6stnet-setup:setup},${slapos.test.seleniumserver-setup:setup},${slapos.test.slaprunner-setup:setup},${slapos.test.helloworld-setup:setup},${slapos.test.jupyter-setup:setup}
path_list = ${slapos.test.caddy-frontend-setup:setup},${slapos.test.erp5-setup:setup},${slapos.test.slapos-master-setup:setup},${slapos.test.kvm-setup:setup},${slapos.test.monitor-setup:setup},${slapos.test.plantuml-setup:setup},${slapos.test.powerdns-setup:setup},${slapos.test.proftpd-setup:setup},${slapos.test.re6stnet-setup:setup},${slapos.test.seleniumserver-setup:setup},${slapos.test.slaprunner-setup:setup},${slapos.test.helloworld-setup:setup},${slapos.test.jupyter-setup:setup},${slapos.test.nextcloud-setup:setup}
[slapos-test-runner]
recipe = slapos.cookbook:wrapper
......
......@@ -87,6 +87,11 @@ setup = ${slapos-repository:location}/software/helloworld/test/
egg = slapos.test.jupyter
setup = ${slapos-repository:location}/software/jupyter/test/
[slapos.test.nextcloud-setup]
<= setup-develop-egg
egg = slapos.test.nextcloud
setup = ${slapos-repository:location}/software/nextcloud/test/
[eggs]
recipe = zc.recipe.egg
eggs =
......@@ -109,6 +114,7 @@ eggs =
${slapos.test.seleniumserver-setup:egg}
${slapos.test.slaprunner-setup:egg}
${slapos.test.jupyter-setup:egg}
${slapos.test.nextcloud-setup:egg}
${backports.lzma:egg}
entry-points =
......
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "{{ parameter_dict['pid-file'] }}"
Listen {{ parameter_dict['ip'] }}:{{ parameter_dict['port'] }}
PHPINIDir {{ parameter_dict['php-ini-dir'] }}
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "{{ parameter_dict['error-log'] }}"
LogLevel warn
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog "{{ parameter_dict['access-log'] }}" common
# SSL Configuration
SSLCertificateFile {{ parameter_dict.get('cert-file') }}
SSLCertificateKeyFile {{ parameter_dict.get('key-file') }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLEngine On
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
DirectoryIndex index.html index.php
Include {{ parameter_dict['apache-config-dir'] }}/*.conf
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so
LoadModule php7_module modules/libphp7.so
# This file is responsible of three things:
# 1/ Act as "Apache exporter"
# 2/ Act as "Mariadb backup infrastructure requester"
# 3/ Act as "Apache" instance
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
extends = {{templateapache}}
{{templatepbsreadyexport}}
parts +=
{{ parts.replicate("mariadb", "3") }}
# Repeating parts from instance-apache-php.
# XXX-Cedric: how to simplify this?
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
{{ replicated.replicate("mariadb", "3", "mariadb-export", "mariadb-import") }}
# Nothing to do for the exporter. This wrapper is intended
# to produce the "dump" files that have to be backed up.
# So, in case of binary DB data, we would back up the ASCII dump
# files, or a similar data format that can be restored on any machine
# (i.e. postgres 'custom')
# In the case of an httpd instance, the src/www directory can be directly
# pulled from the PBS, we don't need to prepare anything.
[exporter]
wrapper = /bin/true
# State that we want to backup srv/www directory, not srv/backup.
# XXX-Cedric: works well, but doesn't work with big data.
[rdiff-backup-server]
path = ${directory:www}
# Add "exporter" parameters to list of published connection parameters
[publish-connection-information]
# XXX-Cedric: Long term goal: could be a recipe that requests an instance and
# bubbles ALL
# parameters of the requested instance. Requirement: aggregated publish.
<= resilient-publish-connection-parameter
# XXX-Cedric: resilient overwrites what's returned from request-mariadb
# XXX-Cedric: change the request method to return everything from
# getConnectionParameterDict()
[request-mariadb]
return = ssh-public-key ssh-url notification-id ip url
[buildout]
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
extends = ${pbsready-import:output}
[directory]
srv = $${buildout:directory}/srv
www = $${:srv}/www/
# Nothing to do for the import. Just dummy part that does nothing.
# For httpd instance, PBS will directly push data to srv/www.
# XXX-Cedric: write a real backup system.
[importer]
wrapper = /bin/true
# State that we want to push to srv/www directory, not srv/backup.
[rdiff-backup-server]
path = $${directory:www}
[buildout]
extends = ${custom-application-deployment:path}
parts =
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
${custom-application-deployment:part-list}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
scripts = $${rootdirectory:etc}/run
run = $${rootdirectory:var}/run
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
httpd-log = $${basedirectory:log}/apache
php-ini-dir = $${rootdirectory:etc}/php
tmp-php = $${rootdirectory:tmp}/php
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
www = $${rootdirectory:srv}/www/
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests
private = $${directory:ca-dir}/private
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts
crl = $${directory:ca-dir}/crl
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
client = true
stunnel-binary = ${stunnel:location}/bin/stunnel
remote-host = $${mariadb-urlparse:host}
remote-port = $${mariadb-urlparse:port}
local-host = $${slap-network-information:local-ipv4}
local-port = 3306
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
wrapper = $${rootdirectory:bin}/raw_stunnel
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Request MariaDB instance and parse its URL.
[request-mariadb]
<= slap-connection
recipe = slapos.cookbook:request
name = MariaDB
software-url = $${slap-connection:software-release-url}
software-type = mariadb
return = url
sla-computer_guid = $${slap-connection:computer-id}
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = $${request-mariadb:connection-url}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = $${slap-network-information:global-ipv6}
listening-port = 8080
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php]
recipe = slapos.cookbook:apachephp
source = ${application:location}
template = ${application-template:location}/${application-template:filename}
configuration = ${application-configuration:location}
htdocs = $${directory:www}
pid-file = $${basedirectory:run}/apache.pid
lock-file = $${basedirectory:run}/apache.lock
ip = $${apache-network-configuration:listening-ip}
port = $${apache-network-configuration:listening-port}
url = http://[$${:ip}]:$${:port}/
error-log = $${directory:httpd-log}/error.log
access-log = $${directory:httpd-log}/access.log
php-ini-dir = $${directory:php-ini-dir}
tmp-dir = $${directory:tmp-php}
httpd-conf = $${rootdirectory:etc}/apache.conf
wrapper = $${basedirectory:services}/apache
httpd-binary = ${apache:location}/bin/httpd
mysql-username = $${mariadb-urlparse:username}
mysql-password = $${mariadb-urlparse:password}
mysql-database = $${mariadb-urlparse:path}
mysql-host = $${stunnel:local-host}
mysql-port = $${stunnel:local-port}
[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache-php:error-log} $${apache-php:access-log}
frequency = daily
rotate-num = 30
sharedscripts = true
notifempty = true
create = true
#----------------
#--
#-- Request frontend.
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = http://[$${apache-network-configuration:listening-ip}]:$${apache-network-configuration:listening-port}/
return = site_url
config-custom_domain = $${slap-parameter:domain}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = $${apache-php:url}
url = $${request-frontend:connection-site_url}
#----------------
#--
#-- Deploy promises scripts.
[promise]
recipe = slapos.cookbook:check_port_listening
path = $${basedirectory:promises}/apache
hostname = $${apache-php:ip}
port = $${apache-php:port}
[frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${basedirectory:promises}/frontend
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[content-promise]
recipe = slapos.cookbook:check_page_content
path = $${basedirectory:promises}/content
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[slap-parameter]
# Default value if no domain is specified
domain =
# Default value if no ssh parameter is specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
......@@ -5,25 +5,18 @@ ignore-existing = true
parts =
slapos-cookbook
apache-php
php-redis
php-imagick
php-apcu
mariadb
mydumper
python-mysqlclient
rdiff-backup
mroonga-mariadb
dropbear
eggs
instance
instance-apache-php
instance-mariadb
#Contains the importer and exporter recipes for mariadb
instance-mariadb-import
instance-mariadb-export
#Contains the importer and exporter recipes for apache
instance-apache-import
instance-apache-export
template-mariadb
instance-lamp
extends =
../../component/apache-php/buildout.cfg
......@@ -31,25 +24,30 @@ extends =
../../component/curl/buildout.cfg
../../component/dash/buildout.cfg
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dropbear/buildout.cfg
../../component/git/buildout.cfg
../../component/glib/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/mariadb/buildout.cfg
../../component/mydumper/buildout.cfg
../../component/python-mysqlclient/buildout.cfg
../../component/perl/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/sqlite3/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/zlib/buildout.cfg
../logrotate/buildout.cfg
../resilient/buildout.cfg
../erp5/buildout.cfg
../slapos.cfg
[template-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[mariadb]
# Compile dir is for plugins, there's no plugin in LAMP
keep-compile-dir = false
......@@ -60,84 +58,6 @@ ignore-existing = true
# If the provided tarball does not contain top directory, this option should be changed to false
strip-top-level-dir = true
#----------------
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[instance-apache-php]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-php.cfg.in
output = ${buildout:directory}/instance-apache-php.cfg
md5sum = 5800e365e200240e33defea9561c0b23
mode = 0644
[instance-apache-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-import.cfg.in
output = ${buildout:directory}/instance-apache-import.cfg
md5sum = f1dc2a71d362b5d2d36481ffefdd2293
mode = 0644
[instance-apache-export]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/apache/instance-apache-export.cfg.jinja2
rendered = ${buildout:directory}/instance-apache-export.cfg
extensions = jinja2.ext.do
context = key templateapache instance-apache-php:output
key templatepbsreadyexport pbsready-export:output
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = 00068d0f68a9e1eb5a6e89e73a3dc399
mode = 0644
[instance-resilient]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
rendered = ${buildout:directory}/instance-resilient.cfg
extensions = jinja2.ext.do
context = key buildout buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = f171782b98c1143d44ec2a35d8259254
mode = 0644
[instance-mariadb]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb.cfg.in
output = ${buildout:directory}/instance-mariadb.cfg
md5sum = 1d3022164dd70efe374a179ef319e0eb
mode = 0644
[instance-mariadb-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-import.cfg.in
output = ${buildout:directory}/instance-mariadb-import.cfg
md5sum = faf5826f4b27e362f34ad17db54b8c9a
mode = 0644
[instance-mariadb-export]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-export.cfg.in
output = ${buildout:directory}/instance-mariadb-export.cfg
md5sum = d17228a2708cbb39dc00945a93e0740d
mode = 0644
#----------------
#--
#-- Optional part allowing applications using this stack to run a custom
......@@ -152,57 +72,83 @@ path =
part-list =
#----------------
#-- Dummy parts in case no application configuration file is needed
[application-template]
filename =
location =
[application-configuration]
location =
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/instance.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = 7c47a85e310674e451db778d9e4383a6
mode = 0644
context =
key application_location application:location
key application_deployment_part_list custom-application-deployment:part-list
key apache_location apache:location
key apache_php_location apache-php:location
key bash_location bash:location
key bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key buildout_egg_directory buildout:eggs-directory
key buildout_develop_directory buildout:develop-eggs-directory
key buildout_directory buildout:directory
key dash_location dash:location
key findutils_location findutils:location
key logrotate_location logrotate:location
key logrotate_cfg template-logrotate-base:rendered
key gzip_location gzip:location
key stunnel_location stunnel:location
key template_monitor monitor2-template:rendered
key mariadb_link_binary template-mariadb:link-binary
key mariadb_location mariadb:location
key mariadb_resiliency_after_import_script mariadb-resiliency-after-import-script:target
key mariadb_slow_query_report_script mariadb-slow-query-report-script:target
key mariadb_start_clone_from_backup mariadb-start-clone-from-backup:target
key percona_toolkit_location percona-toolkit:location
key template_php_ini template-php.ini:output
key template_apache_conf template-apache.conf:output
key template_apache_php instance-apache-php:output
key template_lamp instance-lamp:output
key template_mariadb template-mariadb:target
key template_mariadb_initial_setup template-mariadb-initial-setup:target
key template_my_cnf template-my-cnf:target
key unixodbc_location unixodbc:location
key openssl_location openssl:location
key custom_application_template custom-application-deployment:path
[custom-application-deployment]
# Optional part allowing applications using this stack to run a custom
# instance.cfg at the end of Apache/PHP instance deployment.
# To use it in your application, just override those two parameters, like:
# path = /path/to/instance-custom.cfg
# part-list =
# part1
# part2
# See software/tt-rss/software.cfg for an example.
path =
part-list =
[instance-apache-php]
<= template-download-base
filename = instance-apache-php.cfg.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7edcbca22e800f2c90559298c44d5a48
[instance-lamp]
<= template-download-base
filename = instance-lamp.cfg.jinja2.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 2f8b021acc9c7a849641680a249d5a36
[template-apache.conf]
<= template-download-base
filename = apache.conf.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 04080510698732d84122b464fdb08c6a
[template-php.ini]
<= template-download-base
filename = php.ini.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7de35e3f8619324119ff296580d2880f
[erp5]
# lamp stack reuses erp5 stack to have mariadb, but we don't need to checkout erp5 here.
recipe =
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
slapos.toolbox[lampconfigure]
slapos.toolbox
[versions]
async = 0.6.1
gitdb = 0.5.4
mysqlclient = 1.3.12
pycrypto = 2.6
rdiff-backup = 1.0.5+SlapOSPatched001
slapos.recipe.template = 2.4.2
slapos.toolbox = 0.40.4
smmap = 0.8.2
# Required by:
# slapos.toolbox==0.40.2
GitPython = 2.0.8
# Required by:
# slapos.toolbox==0.40.2
atomize = 0.1.1
# Required by:
# slapos.toolbox==0.40.2
feedparser = 5.1.3
# Required by:
# slapos.toolbox==0.40.2
paramiko = 2.0.1
[buildout]
extends =
{{ template_monitor }}
{{ logrotate_cfg }}
{{ custom_application_template }}
parts =
monitor-base
certificate-authority
logrotate-entry-apache
promise
php.ini-conf
apache-php-service
publish-connection-information
{{ parameter_dict['application-part-list'] }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
var = ${buildout:directory}/var
srv = ${buildout:directory}/srv
bin = ${buildout:directory}/bin
tmp = ${buildout:directory}/tmp
log = ${:var}/log
services = ${:etc}/service
scripts = ${:etc}/run
run = ${:var}/run
backup = ${:srv}/backup
promises = ${:etc}/promise
plugins = ${:etc}/plugin
httpd-log = ${:log}/apache
php-ini-dir = ${:etc}/php
tmp-php = ${:tmp}/php
upload-tmp = ${:tmp}/upload
www = ${:srv}/www/
apache.d = ${:etc}/apache.d
#----------------
#--
#-- Certificate stuff.
[ca-directory]
recipe = slapos.cookbook:mkdirectory
root = ${directory:srv}/ssl
requests = ${:root}/requests
private = ${:root}/private
certs = ${:root}/certs
newcerts = ${:root}/newcerts
crl = ${:root}/crl
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests}
wrapper = ${directory:bin}/certificate_authority
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}
[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
hash-files = ${buildout:directory}/software_release/buildout.cfg
[ca-apache-php]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${apache-php-configuration:key-file}
cert-file = ${apache-php-configuration:cert-file}
executable = ${apache-php-wrapper:wrapper-path}
wrapper = ${directory:bin}/ca-apache-php
[apache-php-service]
recipe = slapos.cookbook:wrapper
command-line = ${ca-apache-php:wrapper}
wrapper-path = ${directory:services}/apache-php
hash-files = ${buildout:directory}/software_release/buildout.cfg
depends =
${copy-application:recipe}
${apache-graceful:recipe}
[copy-application]
recipe = plone.recipe.command
command = if [ -z "$(ls -A ${directory:www})" ]; then
rm -rf ${directory:www};
cp -ax {{ parameter_dict['application-location'] }}/ ${directory:www};
fi
update-command = ${:command}
stop-on-error = true
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = {{ slapparameter_dict['database-list'][0] }}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = {{ (ipv6 | list)[0] }}
listening-port = 9988
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php-configuration]
document-root = ${directory:www}
pid-file = ${directory:run}/apache.pid
lock-file = ${directory:run}/apache.lock
ip = ${apache-network-configuration:listening-ip}
port = ${apache-network-configuration:listening-port}
url = https://[${:ip}]:${:port}/
error-log = ${directory:httpd-log}/error.log
access-log = ${directory:httpd-log}/access.log
php-ini-dir = ${directory:php-ini-dir}
cert-file = ${ca-directory:certs}/httpd.crt
key-file = ${ca-directory:certs}/httpd.key
apache-config-dir = ${directory:apache.d}
[apache-php-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:etc}/apache.conf
context =
section parameter_dict apache-php-configuration
extensions = jinja2.ext.do
mode = 0644
[apache-php-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/apache-wrapper
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-php-conf:rendered}" -DFOREGROUND
wait-for-files =
${ca-directory:certs}/httpd.crt
${ca-directory:certs}/httpd.key
[apache-graceful]
recipe = collective.recipe.template
output = ${directory:bin}/apache-httpd-graceful
mode = 700
input = inline:
#!/bin/sh
kill -USR1 "$(cat '${apache-php-configuration:pid-file}')"
[logrotate-entry-apache]
<= logrotate-entry-base
name = apache
log = ${apache-php-configuration:error-log} ${apache-php-configuration:access-log}
frequency = daily
rotate-num = 30
[php.ini-configuration]
tmp-dir = ${directory:tmp-php}
php-upload-dir = ${directory:upload-tmp}
[php.ini-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-php-ini'] }}
rendered = ${directory:php-ini-dir}/php.ini
context =
section parameter_dict php.ini-configuration
section instance_dict instance-parameter
extensions = jinja2.ext.do
mode = 0644
[instance-parameter]
db-user = ${mariadb-urlparse:username}
db-password = ${mariadb-urlparse:password}
db-name = ${mariadb-urlparse:path}
db-host = ${mariadb-urlparse:host}
db-port = ${mariadb-urlparse:port}
document-root = ${apache-php-configuration:document-root}
backend-url = ${apache-php-configuration:url}
php-bin = {{ parameter_dict['apache-php-location'] }}/bin/php
php-ini = ${php.ini-conf:rendered}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish.serialised
backend-url = ${apache-php-configuration:url}
#----------------
#--
#-- Deploy promises scripts.
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
<= promise-base
module = check_port_listening
name = apache-httpd-port-listening.py
config-hostname = ${apache-php-configuration:ip}
config-port = ${apache-php-configuration:port}
[slap-parameter]
{% for key, value in slapparameter_dict.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
\ No newline at end of file
{% set publish_dict = {} -%}
{% set part_list = [] -%}
{% set ipv6 = (ipv6 | list)[0] -%}
{% set monitor_base_url_dict = {} -%}
{% set mariadb_dict = {} -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
plugins = ${:etc}/plugin
[request-common]
recipe = slapos.cookbook:request.serialised
software-url = ${slap-connection:software-release-url}
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/$${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[request-apache]
<= request-common
software-type = apache
name = apache-php
sla-computer_guid = {{ dumps(slapparameter_dict.get('apache-computer-guid', '')) }}
{% for key, value in slapparameter_dict.items() -%}
{% if key.startswith('instance.') -%}
config-{{ key }} = {{ dumps(value) }}
{% endif -%}
{% endfor -%}
config-database-list = ${request-mariadb:connection-database-list}
return =
backend-url
monitor-base-url
{% do part_list.append('request-apache') -%}
{% do publish_dict.__setitem__('backend-url', '${request-apache:connection-backend-url}') -%}
{% do monitor_base_url_dict.__setitem__('apache', '${request-apache:connection-monitor-base-url}') -%}
{% do mariadb_dict.__setitem__('database-list', [{'name': 'nextcloud', 'user': 'nextcloud', 'password': 'insecure'}]) -%}
{% do mariadb_dict.__setitem__('test-database-amount', 0) -%}
{% do mariadb_dict.__setitem__('tcpv4-port', 2099) -%}
{% do mariadb_dict.__setitem__('max-slowqueries-threshold', 1000) -%}
{% do mariadb_dict.__setitem__('slowest-query-threshold', '') -%}
{% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
{% do mariadb_dict.__setitem__('monitor-passwd', '${monitor-htpasswd:passwd}') -%}
{% do mariadb_dict.__setitem__('name', 'Mariadb') -%}
{% do mariadb_dict.__setitem__('innodb-file-per-table', slapparameter_dict.get('innodb-file-per-table', 1)) -%}
[request-mariadb]
<= request-common
software-type = mariadb
name = Mariadb
sla-computer_guid = {{ dumps(slapparameter_dict.get('mariadb-computer-guid', '')) }}
{% for key, value in mariadb_dict.items() -%}
config-{{ key }} = {{ dumps(value) }}
{% endfor -%}
return =
database-list
monitor-base-url
{% do part_list.append('request-mariadb') -%}
{% do publish_dict.__setitem__('mariadb-url-list', '${request-mariadb:connection-database-list}') -%}
{% do monitor_base_url_dict.__setitem__('mariadb', '${request-mariadb:connection-monitor-base-url}') -%}
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Instance Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = ${request-apache:connection-backend-url}
config-https-only = true
return = domain secure_access
[lamp-frontend-promise]
<= monitor-promise-base
module = check_url_available
name = lamp-http-frontend.py
url = ${request-frontend:connection-secure_access}
config-url = ${:url}
config-custom-domain = {{ slapparameter_dict.get('custom-domain', '') }}
config-check-secure = 1
{% do publish_dict.__setitem__('url', '${lamp-frontend-promise:url}') -%}
[publish-early]
recipe = slapos.cookbook:publish-early
-init =
monitor-password monitor-htpasswd:passwd
[monitor-instance-parameter]
monitor-httpd-port = 8060
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
username = admin
password = ${monitor-htpasswd:passwd}
[monitor-base-url-dict]
{% for key, value in monitor_base_url_dict.items() -%}
{{ key }} = {{ value }}
{% endfor %}
[monitor-conf-parameters]
[publish-connection-information]
recipe = slapos.cookbook:publish
{% for name, value in publish_dict.items() -%}
{{ name }} = {{ value }}
{% endfor %}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}
monitor-password = ${publish-early:monitor-password}
monitor-user = ${monitor-publish-parameters:monitor-user}
{% do part_list.append('monitor-base') -%}
[buildout]
extends =
{{ template_monitor }}
parts =
publish-connection-information
# Complete parts with sections
{{ part_list | join('\n ') }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
\ No newline at end of file
# vim: set ft=cfg:
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
# += because we need to take up parts (like instance-custom, slapmonitor etc) from the profile we extended
parts +=
{{ parts.replicate("apache", "3") }}
publish-connection-information
{{ replicated.replicate("apache", "3", "apache-export", "apache-import") }}
# Bubble up the parameters
[request-apache]
return = url ssh-public-key ssh-url notification-id ip url backend_url
# XXX: hardcoded values
config-mariadb1-computer-guid = ${slap-parameter:mariadb1-computer-guid}
config-pbs-mariadb1-computer-guid = ${slap-parameter:pbs-mariadb1-computer-guid}
config-mariadb2-computer-guid = ${slap-parameter:mariadb2-computer-guid}
config-pbs-mariadb2-computer-guid = ${slap-parameter:pbs-mariadb2-computer-guid}
config-mariadb3-computer-guid = ${slap-parameter:mariadb3-computer-guid}
config-pbs-mariadb3-computer-guid = ${slap-parameter:pbs-mariadb3-computer-guid}
config-domain = ${slap-parameter:domain}
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = ${request-apache:connection-backend_url}
url = ${request-apache:connection-url}
[slap-parameter]
# Default parameters for distributed deployment
# I.e state "backup1 of maria should go there, ..."
# XXX-Cedric: Hardcoded number of backups. Should be dynamically generated.
mariadb1-computer-guid =
pbs-mariadb1-computer-guid =
mariadb2-computer-guid =
pbs-mariadb2-computer-guid =
mariadb3-computer-guid =
pbs-mariadb3-computer-guid =
# XXX-Cedric: Hardcoded parameters. Should be dynamically generated.
domain =
......@@ -3,22 +3,101 @@
parts =
switch_softwaretype
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
eggs-directory = {{ buildout_egg_directory }}
develop-eggs-directory = {{ buildout_develop_directory }}
offline = true
[switch_softwaretype]
recipe = slapos.cookbook:softwaretype
default = ${instance-apache-php:output}
resilient = ${instance-resilient:rendered}
mariadb = ${instance-mariadb:output}
mariadb-import = ${instance-mariadb-import:output}
mariadb-export = ${instance-mariadb-export:output}
apache-import = ${instance-apache-import:output}
apache-export = ${instance-apache-export:rendered}
#frozen creates a syntax error, meaning it can keep its data.
#It's dirty as hell, it needs to be replaced.
frozen = ${instance-frozen:output}
pull-backup = ${template-pull-backup:output}
#recipe = slapos.cookbook:softwaretype
recipe = slapos.cookbook:switch-softwaretype
default = dynamic-template-lamp:rendered
RootSoftwareInstance = ${:default}
mariadb = dynamic-template-mariadb:rendered
apache = dynamic-template-apache-php:rendered
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
extensions = jinja2.ext.do
mode = 0644
extra-context =
context =
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key ipv4 slap-configuration:ipv4
key ipv6 slap-configuration:ipv6
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
raw template_monitor {{ template_monitor }}
raw openssl_location {{ openssl_location }}
raw logrotate_cfg {{ logrotate_cfg }}
${:extra-context}
[dynamic-template-lamp-parameters]
[dynamic-template-lamp]
<= jinja2-template-base
template = {{ template_lamp }}
filename = template-lamp.cfg
extra-context =
section parameter_dict dynamic-template-lamp-parameters
[dynamic-template-apache-php-parameters]
application-location = {{ application_location }}
application-part-list = {{ application_deployment_part_list }}
template-apache-conf = {{ template_apache_conf }}
apache-location = {{ apache_location }}
apache-php-location = {{ apache_php_location }}
template-php-ini = {{ template_php_ini }}
# XXX no failure if `custom_application_template` is empty
[application-parameters]
custom-application-template = {{ custom_application_template }}
[dynamic-template-apache-php]
<= jinja2-template-base
template = {{ template_apache_php }}
filename = template-apache-php.cfg
extra-context =
key custom_application_template application-parameters:custom-application-template
section parameter_dict dynamic-template-apache-php-parameters
[dynamic-template-mariadb-parameters]
bash = {{ bash_location }}
coreutils-location = {{ coreutils_location }}
dash-location = {{ dash_location }}
findutils-location = {{ findutils_location }}
gzip-location = {{ gzip_location }}
mariadb-location = {{ mariadb_location }}
template-my-cnf = {{ template_my_cnf }}
template-mariadb-initial-setup = {{ template_mariadb_initial_setup }}
link-binary = {{ dumps(mariadb_link_binary) }}
mariadb-resiliency-after-import-script = {{ mariadb_resiliency_after_import_script }}
mariadb-slow-query-report-script = {{ mariadb_slow_query_report_script }}
mariadb-start-clone-from-backup = {{ mariadb_start_clone_from_backup }}
promise-check-slow-queries-digest-result = {{ bin_directory }}/check-slow-queries-digest-result
percona-tools-location = {{ percona_toolkit_location }}
unixodbc-location = {{ unixodbc_location }}
check-computer-memory-binary = {{ bin_directory }}/check-computer-memory
bin-directory = {{ bin_directory }}
[dynamic-template-mariadb]
<= jinja2-template-base
template = {{ template_mariadb }}
filename = instance-mariadb.cfg
extra-context =
key ipv4_set slap-configuration:ipv4
key ipv6_set slap-configuration:ipv6
raw bin_directory {{ bin_directory }}
section parameter_dict dynamic-template-mariadb-parameters
[buildout]
extends = ${instance-mariadb:output}
${pbsready-export:output}
# Repeating parts from instance-mariadb.
parts +=
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define exporter strategy
[exporter]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/$${slap-parameter:namebase}-exporter
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
mydumper-binary = ${mydumper:location}/bin/mydumper
database = $${mariadb:database}
import = false
# Extends publish section with resilient parameters
[urls]
<= resilient-publish-connection-parameter
[buildout]
extends = ${instance-mariadb:output}
${pbsready-import:output}
[importer]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/myloader
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
myloader-binary = ${mydumper:location}/bin/myloader
database = $${mariadb:database}
import = true
[buildout]
parts =
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
run = $${rootdirectory:var}/run
script = $${rootdirectory:etc}/script
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
mariadb-data = $${rootdirectory:srv}/mariadb
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
[logrotate-entry-mariadb]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = mariadb
log = $${mariadb:error-log}
frequency = daily
rotate-num = 30
post = $${mariadb:logrotate-post}
sharedscripts = true
notifempty = true
create = true
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
[logrotate-entry-cron]
<= logrotate
recipe =slapos.cookbook:logrotate.d
name = crond
log = $${cron-simplelogger:log}
frequency = daily
rotate-num = 30
notifempty = true
create = true
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${rootdirectory:bin}/stunnel
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
local-host = $${mariadb:ip}
local-port = $${mariadb:port}
remote-host = $${slap-network-information:global-ipv6}
remote-port = 6446
client = false
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Creates a MariaDB configuration file, and a database.
[mariadb]
recipe = slapos.cookbook:mysql
# Options
recovering = false
user = user
password = $${mysql-password:passwd}
port = 33060
ip = $${slap-network-information:local-ipv4}
database = db
# Paths
wrapper = $${basedirectory:services}/mariadb
update-wrapper = $${basedirectory:services}/mariadb_update
logrotate-post = $${rootdirectory:bin}/mariadb_post_logrotate
data-directory = $${directory:mariadb-data}
pid-file = $${basedirectory:run}/mariadb.pid
socket = $${basedirectory:run}/mariadb.sock
error-log = $${basedirectory:log}/mariadb_error.log
conf-file = $${rootdirectory:etc}/mariadb.cnf
promise = $${basedirectory:promises}/mysql
# Binary information
mysql-base-directory = ${mariadb:location}
mysql-binary = ${mariadb:location}/bin/mysql
mysql-install-binary = ${mariadb:location}/scripts/mysql_install_db
mysql-upgrade-binary = ${mariadb:location}/bin/mysql_upgrade
mysqld-binary = ${mariadb:location}/bin/mysqld
[mysql-password]
recipe = slapos.cookbook:generate.password
storage-path = $${rootdirectory:etc}/.passwd
bytes = 4
#----------------
#--
#-- Publish instance parameters.
[urls]
recipe = slapos.cookbook:publish
url = mysqls://$${mariadb:user}:$${mariadb:password}@[$${stunnel:remote-host}]:$${stunnel:remote-port}/$${mariadb:database}
ip = $${slap-network-information:global-ipv6}
[slap-parameter]
#Default value if no ssh parameters specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
[PHP]
engine = On
safe_mode = Off
expose_php = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = On
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
session.save_path = "{{ parameter_dict['tmp-dir'] }}"
session.auto_start = 0
date.timezone = {{ instance_dict.get('php.date.timezone', 'Europe/Paris') }}
file_uploads = On
upload_max_filesize = {{ instance_dict.get('php.upload_max_filesize', '8M') }}
post_max_size = {{ instance_dict.get('php.post_max_size', '8M') }}
magic_quotes_gpc=Off
memory_limit = {{ instance_dict.get('php.memory_limit', '128M') }}
session.cookie_secure = True
max_execution_time = {{ instance_dict.get('php.max_execution_time', 60) }}
max_input_time = {{ instance_dict.get('php.max_input_time', 60) }}
output_buffering = {{ instance_dict.get('php.output_buffering', 4096) }}
max_file_uploads = {{ instance_dict.get('php.max_file_uploads', 20) }}
#extension_dir="./"#
sys_temp_dir="{{ parameter_dict['tmp-dir'] }}"
upload_tmp_dir="{{ parameter_dict['php-upload-dir'] }}"
zend_extension=opcache
extension=apcu
extension=redis
extension=imagick
apc.enabled=1
apc.file_update_protection=2
apc.optimization=0
apc.shm_size=256M
apc.include_once_override=0
apc.shm_segments=1
apc.ttl=7200
apc.user_ttl=7200
apc.gc_ttl=3600
apc.num_files_hint=1024
apc.enable_cli=0
apc.max_file_size=5M
apc.cache_by_default=1
apc.use_request_time=1
apc.slam_defense=0
apc.mmap_file_mask="{{ parameter_dict['tmp-dir'] }}/apc.XXXXXX"
apc.stat_ctime=0
apc.canonicalize=1
apc.write_lock=1
apc.report_autofilter=0
apc.rfc1867=0
apc.rfc1867_prefix =upload_
apc.rfc1867_name=APC_UPLOAD_PROGRESS
apc.rfc1867_freq=0
apc.rfc1867_ttl=3600
apc.lazy_classes=0
apc.lazy_functions=0
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment