Commit 70fc9b01 authored by Alain Takoudjou's avatar Alain Takoudjou

Rewrite stack lamp and use it to integrate nextcloud SR

- Upgrade PHP to version 7.3 and add more  required extensions
- Use mariadb from stack/erp5 because we won't code again all feature done there for mariadb, initialization and backup to have it up-to-date.
- Delete old files which are not used anymore
- Remove integrated resilience scripts, resilience will works with webrunner which is more stable today.
- Add Nextcloud software release with some script for auto configuration.

/reviewed-on !602
parents bbbb8e3f d6929f83
......@@ -16,14 +16,53 @@ extends =
../openldap/buildout.cfg
../pkgconfig/buildout.cfg
../zlib/buildout.cfg
../libzip/buildout.cfg
../autoconf/buildout.cfg
../automake/buildout.cfg
../imagemagick/buildout.cfg
../icu/buildout.cfg
../openssl/buildout.cfg
[php-redis]
recipe = slapos.recipe.cmmi
url = https://github.com/phpredis/phpredis/archive/5.0.0.tar.gz
md5sum = 4f11e0567a10c29394aae52a4fa8bb40
configure-command =
phpize && ./configure
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[php-imagick]
recipe = slapos.recipe.cmmi
url = https://github.com/Imagick/imagick/archive/3.4.4.tar.gz
md5sum = ef6cbadd834eb306bd91874a8f5dea03
configure-command =
phpize && ./configure
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
PKG_CONFIG_PATH=${imagemagick:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${imagemagick:location}/bin:${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
IM_IMAGEMAGICK_PREFIX=${imagemagick:location}
[php-apcu]
recipe = slapos.recipe.cmmi
url = https://github.com/krakjoe/apcu/archive/v5.1.17.tar.gz
md5sum = f64b6cd5108aea63df2d5cc301c58b2b
configure-command =
phpize && ./configure
configure-options =
--with-php-config=${apache-php:location}/bin/php-config
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
[apache-php]
# Note: Shall react on each build of apache and reinstall itself
recipe = slapos.recipe.cmmi
url = http://fr2.php.net/distributions/php-5.4.12.tar.bz2
md5sum = 5c7b614242ae12e9cacca21c8ab84818
url = https://www.php.net/distributions/php-7.3.6.tar.bz2
md5sum = bde9a912fb311182cd460dad1abbc247
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--with-apxs2=${apache:location}/bin/apxs
--with-libxml-dir=${libxml2:location}
--with-mysql=${mariadb:location}
......@@ -44,21 +83,30 @@ configure-options =
--with-ldap=${openldap:location}
--with-imap-ssl
--with-openssl=${openssl:location}
--with-libzip=${libzip:location}
--with-icu-dir=${icu:location}
--enable-apcu-bc
--enable-intl
--enable-libxml
--enable-json
--enable-mbstring
--enable-pcntl
--enable-session
--enable-exif
--enable-zip
--enable-ftp
--enable-zip
--disable-zend-test
--disable-static
# Changing TMPDIR is required for PEAR installation.
# It will create a pear/temp directory under the SR instead of a shared /tmp/pear/temp.
# XXX we could mkdir tmp there
environment =
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${libzip:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s
LDFLAGS =-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid
CPPFLAGS=-I${libzip:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${curl:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libmcrypt:location}/lib -Wl,-rpath -Wl,${libmcrypt:location}/libblkid -L${libzip:location}/lib -Wl,-rpath -Wl,${libzip:location}/lib
TMPDIR=${buildout:parts-directory}/${:_buildout_section_name_}
HOME=${apache:location}
......
......@@ -6,17 +6,8 @@ extends =
../openssl/buildout.cfg
parts =
cclient-patch
cclient
[cclient-patch]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/imap-2007f.patch
md5sum = 42c77fdd5d7a976fc302b93aadb3da98
filename = imap-2007f.patch
[cclient]
recipe = slapos.recipe.cmmi
url = ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
......@@ -31,10 +22,12 @@ make-options =
IP=6
SSLLIB=${openssl:location}/lib
EXTRACFLAGS=-fPIC
EXTRALDFLAGS="-Wl,-rpath -Wl,${openssl:location}/lib"
CCLIENT=${buildout:parts-directory}
-j1
patches =
${cclient-patch:location}/${cclient-patch:filename}
${:_profile_base_location_}/imap-2007f.patch#42c77fdd5d7a976fc302b93aadb3da98
${:_profile_base_location_}/imap-2007f-openssl-1.1.patch#c726354e888f2f3b3954e334903cef80
patch-options = -p1
From c3f68d987c00284d91ad6599a013b7111662545b Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 2 Sep 2016 21:33:33 +0000
Subject: [PATCH] uw-imap: compile against openssl 1.1.0
I *think* I replaced access to cert->name with certificate's subject name. I
assume that the re-aranged C-code is doing the same thing. A double check
wouldn't hurt :)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
src/osdep/unix/ssl_unix.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
index 3bfdff3..836e9fa 100644
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -59,7 +59,7 @@ typedef struct ssl_stream {
static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
-static char *ssl_validate_cert (X509 *cert,char *host);
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
long *contd);
@@ -210,6 +210,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
BIO *bio;
X509 *cert;
unsigned long sl,tl;
+ char cert_subj[250];
char *s,*t,*err,tmp[MAILTMPLEN];
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
@@ -266,14 +267,19 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
- if (!(flags & NET_NOVALIDATECERT) &&
- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
- host))) {
- /* application callback */
- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
+ if (!(flags & NET_NOVALIDATECERT)) {
+
+ cert_subj[0] = '\0';
+ cert = SSL_get_peer_certificate(stream->con);
+ if (cert)
+ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
+ err = ssl_validate_cert (cert, host, cert_subj);
+ if (err)
+ /* application callback */
+ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
/* error message to return via mm_log() */
- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
- return ssl_last_error = cpystr (tmp);
+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
+ return ssl_last_error = cpystr (tmp);
}
return NIL;
}
@@ -313,7 +319,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
* Returns: NIL if validated, else string of error message
*/
-static char *ssl_validate_cert (X509 *cert,char *host)
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
{
int i,n;
char *s,*t,*ret;
@@ -322,9 +328,9 @@ static char *ssl_validate_cert (X509 *cert,char *host)
/* make sure have a certificate */
if (!cert) ret = "No certificate from server";
/* and that it has a name */
- else if (!cert->name) ret = "No name in certificate";
+ else if (cert_subj[0] == '\0') ret = "No name in certificate";
/* locate CN */
- else if (s = strstr (cert->name,"/CN=")) {
+ else if (s = strstr (cert_subj,"/CN=")) {
if (t = strchr (s += 4,'/')) *t = '\0';
/* host name matches pattern? */
ret = ssl_compare_hostnames (host,s) ? NIL :
--
2.9.3
[buildout]
extends =
../bzip2/buildout.cfg
../cmake/buildout.cfg
../zlib/buildout.cfg
parts = libzip
[libzip]
recipe = slapos.recipe.cmmi
url = https://libzip.org/download/libzip-1.5.2.tar.xz
md5sum = f9dd38d273bcdec5d3d1498fe6684f42
location = ${buildout:parts-directory}/${:_buildout_section_name_}
configure-command =
mkdir build && cd build && \
${cmake:location}/bin/cmake \
-DCMAKE_INSTALL_PREFIX=${:location} \
-DCMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include \
-DCMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib \
..
make-binary =
cd build && make
environment =
PATH=${cmake:location}/bin:%(PATH)s
CMAKE_INCLUDE_PATH=${zlib:location}/include:${bzip2:location}/include
CMAKE_LIBRARY_PATH=${zlib:location}/lib:${bzip2:location}/lib
\ No newline at end of file
......@@ -9,8 +9,8 @@ extends =
[openldap]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.42.tgz
md5sum = 47c8e2f283647a6105b8b0325257e922
url = http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.47.tgz
md5sum = e508f97bfd778fec7799f286e5c07176
configure-options =
--disable-static
--disable-slapd
......@@ -24,6 +24,6 @@ configure-options =
--with-tls=openssl
environment =
CPPFLAGS=-I${openssl-1.0:location}/include -I${cyrus-sasl:location}/include
LDFLAGS=-L${openssl-1.0:location}/lib -Wl,-rpath=${openssl-1.0:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
CPPFLAGS=-I${openssl:location}/include -I${cyrus-sasl:location}/include
LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${cyrus-sasl:location}/lib -Wl,-rpath=${cyrus-sasl:location}/lib
PATH=${groff:location}/bin:%(PATH)s
<VirtualHost *:{{ parameter_dict['port'] }}>
ServerAdmin admin@example.com
DocumentRoot {{ parameter_dict['document-root'] }}
SetEnvIf Origin "^http(s)?://(.+\.)?(app\.officejs\.com)$" ORIGIN_DOMAIN=$0
Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory {{ parameter_dict['document-root'] }}>
Options +FollowSymlinks
AllowOverride All
Require all granted
SetEnv HOME {{ parameter_dict['document-root'] }}
SetEnv HTTP_HOME {{ parameter_dict['document-root'] }}
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
\ No newline at end of file
{
"$schema": "http://json-schema.org/draft-04/schema#",
"description": "Parameters to instantiate Grafana",
"additionalProperties": false,
"properties": {
"domain": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"monitor-interface-url": {
"title": "Monitor Web Interface URL",
"description": "Give Url of HTML web interface that will be used to render this monitor instance.",
"type": "string",
"format": "uri",
"default": "https://monitor.app.officejs.com"
},
"monitor-cors-domains": {
"title": "Monitor CORS domains",
"description": "List of cors domains separated with space. Needed for ajax query on this monitor instance from a different domain.",
"type": "string",
"default": "monitor.app.officejs.com"
},
"innodb-file-per-table": {
"title": "Enable/disable innodb_file_per_table",
"description": "See MariaDB documentation on innodb_file_per_table",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"apache-computer-guid": {
"title": "Computer ID for Apache Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"mariadb-computer-guid": {
"title": "Computer ID for Mariadb Instance.",
"description": "Unique identifier of the computer, like \"COMP-1234\". By default, let Master choose a computer.",
"type": "string"
},
"instance.mail-from": {
"title": "Mail from",
"description": "From",
"type": "string"
},
"instance.mail-domain": {
"title": "Mail domain name",
"description": "Domain name",
"type": "string"
},
"instance.mail-smtpauthtype": {
"title": "SMTP Auth type",
"description": "Mail SMTP auth type. Default: LOGIN",
"type": "string",
"default": "LOGIN"
},
"instance.mail-smtpauth": {
"title": "SMTP auth required",
"description": "Verify SSL certificate of SMTP server. Default: Yes",
"minimum": 0,
"maximum": 1,
"default": 0,
"type": "integer"
},
"instance.mail-smtpport": {
"title": "SMTP port",
"description": "Mail SMTP Port. Default: 587",
"type": "integer",
"default": 587
},
"instance.mail-smtphost": {
"title": "SMTP host",
"description": "Mail SMTP host",
"type": "string"
},
"instance.mail-smtpname": {
"title": "SMTP name",
"description": "Mail SMTP server name.",
"type": "string"
},
"instance.mail-smtppassword": {
"title": "SMTP password",
"description": "Password to connect to SMTP server.",
"type": "string"
},
"instance.collabora-url": {
"title": "Collabora URL",
"description": "Collabora server URL",
"type": "string",
"format": "uri",
"default": "https://collabora.host.vifib.net"
},
"instance.stun-server": {
"title": "Stun server address",
"description": "Hostname of stun server. Default: turn.vifib.com:5349",
"type": "string",
"default": "turn.vifib.com:5349"
},
"instance.turn-server": {
"title": "Turn server address",
"description": "Hostname of turn server.",
"default": "",
"type": "string"
},
"instance.turn-secret": {
"title": "Turn server secret",
"description": "Turn secret to use for authentification.",
"type": "string"
},
"instance.cli-url": {
"title": "Nextcloud cli URL",
"description": "Nextcloud cli URL, the default will be Nextcloud url.",
"type": "string",
"format": "uri"
},
"instance.trusted-domain-1": {
"title": "Authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
},
"instance.trusted-domain-2": {
"title": "Second authorized domain on nextcloud",
"description": "Trusted domain used to connect to Nextcloud instance.",
"type": "string"
}
}
}
\ No newline at end of file
#!/bin/bash
set -e
set -x
php_cmd () {
{{ parameter_dict['php-bin'] }} -c {{ parameter_dict['php-ini'] }} $@
}
status=$(php_cmd {{ parameter_dict['nextcloud'] }}/occ status | grep 'installed: true' || true)
if [ ! -z "$status" ]; then
echo "Nextcloud is installed!"
exit 1;
fi
if [ ! -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
echo "CAN_INSTALL no exists in config, cannot make a new install, Nextcloud is already installed."
exit 1
fi
php_cmd {{ parameter_dict['nextcloud'] }}/occ maintenance:install \
--database "mysql" --database-name "{{ parameter_dict['db-name'] }}" --database-user "{{ parameter_dict['db-user'] }}" \
--database-pass "{{ parameter_dict['db-password'] }}" --admin-user "{{ parameter_dict['admin-user'] }}" \
--database-host "{{ parameter_dict['db-host'] }}:{{ parameter_dict['db-port'] }}" \
--admin-pass "{{ parameter_dict['admin-password'] }}" --data-dir "{{ parameter_dict['data-dir'] }}"
{% for trusted_domain in parameter_dict['trusted-domain-list'].split() -%}
{% if trusted_domain.strip() -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set trusted_domains {{ loop.index - 1 }} --value={{ trusted_domain.strip() }}
{% endif -%}
{% endfor -%}
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:system:set overwrite.cli.url --value={{ parameter_dict['cli-url'] }}
php_cmd {{ parameter_dict['nextcloud'] }}/occ background:cron
sed -i 's/^[ ]*//' {{ parameter_dict['nextcloud'] }}/config/config.php
sed -i '/);/d' {{ parameter_dict['nextcloud'] }}/config/config.php
cat <<EOF >> {{ parameter_dict['nextcloud'] }}/config/config.php
'mysql.utf8mb4' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => '{{ parameter_dict["mail.from"] }}',
'mail_domain' => '{{ parameter_dict["mail.domain"] }}',
'mail_smtpauthtype' => '{{ parameter_dict["mail.smtpauthtype"] }}',
'mail_smtpauth' => {{ parameter_dict["mail.smtpauth"] }},
'mail_smtpport' => '{{ parameter_dict["mail.smtpport"] }}',
'mail_smtphost' => '{{ parameter_dict["mail.smtphost"] }}',
'mail_smtpname' => '{{ parameter_dict["mail.smtpname"] }}',
'mail_smtppassword' => '{{ parameter_dict["mail.smtppassword"] }}',
'activity_expire_days' => 14,
'auth.bruteforce.protection.enabled' => true,
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
),
{% set trusted_proxy_list = parameter_dict['trusted-proxy-list'].strip().split(' ') -%}
{% if len(trusted_proxy_list) > 0 -%}
'trusted_proxies' =>
array (
{% for proxy in trusted_proxy_list -%}
{% if proxy -%}
{{ ' ' ~ (loop.index - 1) }} => '{{ proxy }}',
{% endif -%}
{% endfor -%}
),
{% endif -%}
'blacklisted_files' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'csrf.optout' =>
array (
0 => '/^WebDAVFS/',
1 => '/^Microsoft-WebDAV-MiniRedir/',
2 => '/^\\.jio_documents/',
),
'cron_log' => true,
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
),
'filesystem_check_changes' => 0,
'filelocking.enabled' => 'true',
'htaccess.RewriteBase' => '/',
'integrity.check.disabled' => false,
'knowledgebaseenabled' => false,
'logfile' => '{{ parameter_dict["data-dir"] }}/nextcloud.log',
'loglevel' => 2,
'log_rotate_size' => 104857600,
'maintenance' => false,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'overwriteprotocol' => 'https',
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
'redis' =>
array (
'host' => '{{ parameter_dict["redis-socket"] }}',
'port' => 0,
'timeout' => 0.0,
),
'quota_include_external_storage' => false,
'share_folder' => '/Shares',
'skeletondirectory' => '',
'theme' => '',
'trashbin_retention_obligation' => 'auto, 7',
'updater.release.channel' => 'stable',
);
EOF
# Install some nextcloud app
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install spreed
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install richdocuments
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install calendar
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install rainloop
php_cmd {{ parameter_dict['nextcloud'] }}/occ app:install news
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set richdocuments wopi_url --value="{{ parameter_dict.get('collabora-url', '') }}"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed stun_servers --value="[\"{{ parameter_dict['stun-server'] }}\"]"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed turn_servers --value="[{\"server\":\"{{ parameter_dict['turn-server'] }}\",\"secret\":\"{{ parameter_dict['turn-secret'] }}\",\"protocols\":\"udp,tcp\"}]"
sed -i 's#useCronUpdates\s*=.*#useCronUpdates = false#g' {{ parameter_dict['data-dir'] }}/news/config/config.ini
if [ -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
rm {{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL
fi
\ No newline at end of file
#############
# Redis #
#############
[nc-directory]
recipe = slapos.cookbook:mkdirectory
redis = ${directory:srv}/redis
redis-log = ${directory:log}/redis
data = ${directory:srv}/data
backup = ${directory:backup}/nextcloud
[service-redis]
recipe = slapos.cookbook:redis.server
wrapper = ${directory:services}/redis
promise_wrapper = ${directory:promises}/redis
server_dir = ${nc-directory:redis}
config_file = ${directory:etc}/redis.conf
log_file = ${nc-directory:redis-log}/redis.log
pid_file = ${directory:run}/redis.pid
use_passwd = false
unixsocket = ${:server_dir}/redis.socket
# port = 0 means "don't listen on TCP at all" - listen only on unix socket
ipv6 = ::1
port = 0
server_bin = {{ redis_bin }}
depend =
${logrotate-entry-redis:recipe}
[logrotate-entry-redis]
<= logrotate-entry-base
name = redis
log = ${nc-directory:redis-log}/*.log
frequency = daily
rotate-num = 30
[instance-parameter]
nextcloud = ${:document-root}
admin-user = admin
admin-password = admin
trusted-domain-list =
[${apache-php-configuration:ip}]:${apache-php-configuration:port}
${slap-parameter:instance.trusted-domain-1}
${slap-parameter:instance.trusted-domain-2}
trusted-proxy-list = ${slap-parameter:instance.trusted-proxy-list}
cli-url = ${slap-parameter:instance.cli-url}
data-dir = ${nc-directory:data}
redis-socket = ${service-redis:unixsocket}
#php.ini parameters
php.memory_limit = 512M
php.date.timezone = Europe/Paris
php.upload_max_filesize = 10240M
php.post_max_size = 10240M
php.session.cookie_secure = True
php.max_execution_time = 1800
php.max_input_time = 3600
php.output_buffering = 'Off'
php.max_file_uploads = 100
#SMTP settings
mail.from = ${slap-parameter:instance.mail-from}
mail.domain = ${slap-parameter:instance.mail-domain}
mail.smtpauthtype = ${slap-parameter:instance.mail-smtpauthtype}
mail.smtpauth = ${slap-parameter:instance.mail-smtpauth}
mail.smtpport = ${slap-parameter:instance.mail-smtpport}
mail.smtphost = ${slap-parameter:instance.mail-smtphost}
mail.smtpname = ${slap-parameter:instance.mail-smtpname}
mail.smtppassword = ${slap-parameter:instance.mail-smtppassword}
# Instance configuration
collabora-url = ${slap-parameter:instance.collabora-url}
stun-server = ${slap-parameter:instance.stun-server}
turn-server = ${slap-parameter:instance.turn-server}
turn-secret = ${slap-parameter:instance.turn-secret}
[nextcloud-install.sh]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_install_sh }}
rendered = ${directory:scripts}/nextcloud-install
context =
section parameter_dict instance-parameter
mode = 744
depends =
${service-redis:recipe}
${nextcloud-cron:recipe}
${nextcloud-optimize:recipe}
${nextcloud-apache-httpd:recipe}
${nextcloud-backup-cron:recipe}
${nextcloud-news-updater:recipe}
[nextcloud-apache-httpd]
recipe = slapos.recipe.template:jinja2
template = {{ nextcloud_apache_httpd }}
rendered = ${directory:apache.d}/nextcloud.conf
context =
section parameter_dict apache-php-configuration
mode = 744
[nextcloud-cron]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud
frequency = */5 * * * *
command = ${php-bin:wrapper-path} -f ${instance-parameter:nextcloud}/cron.php
[nextcloud-optimize-bin]
recipe = collective.recipe.template
input = inline:#!/bin/bash
{{ redis_cli }} -s ${instance-parameter:redis-socket} <<EOF
FLUSHALL
quit
EOF
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan --all
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ files:scan-app-data
exit 0
output = ${directory:bin}/nextcloud-optimize
mode = 744
[nextcloud-backup]
recipe = collective.recipe.template
input = inline:#!/bin/bash
${php-bin:wrapper-path} ${instance-parameter:nextcloud}/occ app:list --output json > ${nc-directory:backup}/app-list.json
cp -r ${instance-parameter:nextcloud}/config ${nc-directory:backup}
exit 0
output = ${directory:bin}/nextcloud-backup
mode = 744
[nextcloud-backup-cron]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud-backup
frequency = 0 0 * * * *
command = ${nextcloud-backup:output}
[nextcloud-optimize]
recipe = slapos.cookbook:cron.d
cron-entries = ${cron:cron-entries}
name = nextcloud-optimize
frequency = 5 1 * * *
command = ${nextcloud-optimize-bin:output}
[nextcloud-news-updater]
recipe = collective.recipe.template
input = inline:#!/bin/sh
cd {{ news_updater_location }}
export PATH={{ php_location }}/bin:$PATH
{{ python3_location}}/bin/python3 -m nextcloud_news_updater --phpini ${php.ini-conf:rendered} \
--interval 300 --mode endless --loglevel info ${instance-parameter:nextcloud}
output = ${directory:scripts}/nextcloud-news-updater
mode = 744
[php-bin]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/php
command-line = ${instance-parameter:php-bin} -c ${php.ini-conf:rendered}
[publish-connection-information]
admin-user = ${instance-parameter:admin-user}
admin-password = ${instance-parameter:admin-password}
[slap-parameter]
instance.mail-from = Nextcloud
instance.mail-domain = nextcloud@example.com
instance.mail-smtpauthtype = LOGIN
instance.mail-smtpauth = 1
instance.mail-smtpport = 587
instance.mail-smtphost =
instance.mail-smtpname =
instance.mail-smtppassword =
instance.collabora-url = https://collabora.host.vifib.net/
instance.stun-server = turn.vifib.com:5349
instance.turn-server =
instance.turn-secret =
instance.cli-url = ${apache-php-configuration:url}
instance.trusted-domain-1 =
instance.trusted-domain-2 =
instance.trusted-proxy-list =
\ No newline at end of file
{
"name": "Output Parameters",
"properties": {
"backend-url": {
"title": "Backend URL",
"description": "URL used to connect directly to backend without frontend. Requires IPv6.",
"type": "string",
"format": "uri",
"require": true
},
"url": {
"title": "URL",
"description": "URL used to connect to the service.",
"type": "string",
"format": "uri",
"require": false
}
}
}
[buildout]
extends =
../../component/redis/buildout.cfg
../../component/python3/buildout.cfg
../../stack/lamp/buildout.cfg
[nc-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[application]
url = https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2
md5sum = d81902d2dec5d547779bec6336a438be
[template-nextcloud-install.sh]
<= nc-download-base
filename = nextcloud-install.sh.in
md5sum = a2281f86f6a26a8ff40a57a495505977
[template-apache-httpd]
<= nc-download-base
filename = apache-httpd.conf.in
md5sum = f3bca64bf991526fd8221035a86aacbf
[template-nextcloud-instance]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/nextcloud-instance.cfg.in
rendered = ${buildout:directory}/instance-nextcloud.cfg
extensions = jinja2.ext.do
md5sum = 0dd3eea61be79135810b0c2286c520b5
context =
key gzip_location gzip:location
key python3_location python3.6.6:location
key news_updater_location news-updater:location
key php_location apache-php:location
raw redis_bin ${redis:location}/bin/redis-server
raw redis_cli ${redis:location}/bin/redis-cli
raw nextcloud_install_sh ${template-nextcloud-install.sh:location}/${template-nextcloud-install.sh:filename}
raw nextcloud_apache_httpd ${template-apache-httpd:location}/${template-apache-httpd:filename}
[custom-application-deployment]
path = ${template-nextcloud-instance:rendered}
part-list = nextcloud-install.sh
[news-updater]
recipe = hexagonit.recipe.download
url = https://github.com/nextcloud/news-updater/archive/10.0.1.tar.gz
md5sum = 37387199c0482e08d01e9294cd95eaad
strip-top-level-dir = true
\ No newline at end of file
{
"name": "Nextcloud",
"description": "Nextcloud",
"serialisation": "xml",
"software-type": {
"default": {
"title": "Default",
"description": "Instance Nextcloud",
"request": "nextcloud-input-schema.json",
"response": "nextcloud-output-schema.json",
"index": 0
}
}
}
Tests for Nextcloud Software Release
\ No newline at end of file
##############################################################################
#
# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from setuptools import setup, find_packages
import glob
import os
version = '0.0.1.dev0'
name = 'slapos.test.nextcloud'
long_description = open("README.md").read()
setup(name=name,
version=version,
description="Test for Nextcloud Software Release",
long_description=long_description,
long_description_content_type='text/markdown',
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
packages=find_packages(),
install_requires=[
'slapos.core',
'slapos.libnetworkcache',
'erp5.util',
'supervisor',
'psutil',
],
zip_safe=True,
test_suite='test',
)
\ No newline at end of file
This diff is collapsed.
This diff is collapsed.
......@@ -15,4 +15,4 @@
[template]
filename = instance.cfg
md5sum = 8b3d678de7fd5333793bc3f4c770b53d
md5sum = 6e4bde9074cdc508df513e31653e7def
......@@ -28,7 +28,7 @@ bin = $${buildout:directory}/bin
working-dir = $${buildout:directory}/tmp
[test-list]
path_list = ${slapos.test.caddy-frontend-setup:setup},${slapos.test.erp5-setup:setup},${slapos.test.slapos-master-setup:setup},${slapos.test.kvm-setup:setup},${slapos.test.monitor-setup:setup},${slapos.test.plantuml-setup:setup},${slapos.test.powerdns-setup:setup},${slapos.test.proftpd-setup:setup},${slapos.test.re6stnet-setup:setup},${slapos.test.seleniumserver-setup:setup},${slapos.test.slaprunner-setup:setup},${slapos.test.helloworld-setup:setup},${slapos.test.jupyter-setup:setup}
path_list = ${slapos.test.caddy-frontend-setup:setup},${slapos.test.erp5-setup:setup},${slapos.test.slapos-master-setup:setup},${slapos.test.kvm-setup:setup},${slapos.test.monitor-setup:setup},${slapos.test.plantuml-setup:setup},${slapos.test.powerdns-setup:setup},${slapos.test.proftpd-setup:setup},${slapos.test.re6stnet-setup:setup},${slapos.test.seleniumserver-setup:setup},${slapos.test.slaprunner-setup:setup},${slapos.test.helloworld-setup:setup},${slapos.test.jupyter-setup:setup},${slapos.test.nextcloud-setup:setup}
[slapos-test-runner]
recipe = slapos.cookbook:wrapper
......
......@@ -87,6 +87,11 @@ setup = ${slapos-repository:location}/software/helloworld/test/
egg = slapos.test.jupyter
setup = ${slapos-repository:location}/software/jupyter/test/
[slapos.test.nextcloud-setup]
<= setup-develop-egg
egg = slapos.test.nextcloud
setup = ${slapos-repository:location}/software/nextcloud/test/
[eggs]
recipe = zc.recipe.egg
eggs =
......@@ -109,6 +114,7 @@ eggs =
${slapos.test.seleniumserver-setup:egg}
${slapos.test.slaprunner-setup:egg}
${slapos.test.jupyter-setup:egg}
${slapos.test.nextcloud-setup:egg}
${backports.lzma:egg}
entry-points =
......
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "{{ parameter_dict['pid-file'] }}"
Listen {{ parameter_dict['ip'] }}:{{ parameter_dict['port'] }}
PHPINIDir {{ parameter_dict['php-ini-dir'] }}
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "{{ parameter_dict['error-log'] }}"
LogLevel warn
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog "{{ parameter_dict['access-log'] }}" common
# SSL Configuration
SSLCertificateFile {{ parameter_dict.get('cert-file') }}
SSLCertificateKeyFile {{ parameter_dict.get('key-file') }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLEngine On
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
DirectoryIndex index.html index.php
Include {{ parameter_dict['apache-config-dir'] }}/*.conf
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so
LoadModule php7_module modules/libphp7.so
# This file is responsible of three things:
# 1/ Act as "Apache exporter"
# 2/ Act as "Mariadb backup infrastructure requester"
# 3/ Act as "Apache" instance
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
extends = {{templateapache}}
{{templatepbsreadyexport}}
parts +=
{{ parts.replicate("mariadb", "3") }}
# Repeating parts from instance-apache-php.
# XXX-Cedric: how to simplify this?
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
{{ replicated.replicate("mariadb", "3", "mariadb-export", "mariadb-import") }}
# Nothing to do for the exporter. This wrapper is intended
# to produce the "dump" files that have to be backed up.
# So, in case of binary DB data, we would back up the ASCII dump
# files, or a similar data format that can be restored on any machine
# (i.e. postgres 'custom')
# In the case of an httpd instance, the src/www directory can be directly
# pulled from the PBS, we don't need to prepare anything.
[exporter]
wrapper = /bin/true
# State that we want to backup srv/www directory, not srv/backup.
# XXX-Cedric: works well, but doesn't work with big data.
[rdiff-backup-server]
path = ${directory:www}
# Add "exporter" parameters to list of published connection parameters
[publish-connection-information]
# XXX-Cedric: Long term goal: could be a recipe that requests an instance and
# bubbles ALL
# parameters of the requested instance. Requirement: aggregated publish.
<= resilient-publish-connection-parameter
# XXX-Cedric: resilient overwrites what's returned from request-mariadb
# XXX-Cedric: change the request method to return everything from
# getConnectionParameterDict()
[request-mariadb]
return = ssh-public-key ssh-url notification-id ip url
[buildout]
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
extends = ${pbsready-import:output}
[directory]
srv = $${buildout:directory}/srv
www = $${:srv}/www/
# Nothing to do for the import. Just dummy part that does nothing.
# For httpd instance, PBS will directly push data to srv/www.
# XXX-Cedric: write a real backup system.
[importer]
wrapper = /bin/true
# State that we want to push to srv/www directory, not srv/backup.
[rdiff-backup-server]
path = $${directory:www}
[buildout]
extends = ${custom-application-deployment:path}
parts =
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
${custom-application-deployment:part-list}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
scripts = $${rootdirectory:etc}/run
run = $${rootdirectory:var}/run
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
httpd-log = $${basedirectory:log}/apache
php-ini-dir = $${rootdirectory:etc}/php
tmp-php = $${rootdirectory:tmp}/php
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
www = $${rootdirectory:srv}/www/
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests
private = $${directory:ca-dir}/private
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts
crl = $${directory:ca-dir}/crl
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
client = true
stunnel-binary = ${stunnel:location}/bin/stunnel
remote-host = $${mariadb-urlparse:host}
remote-port = $${mariadb-urlparse:port}
local-host = $${slap-network-information:local-ipv4}
local-port = 3306
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
wrapper = $${rootdirectory:bin}/raw_stunnel
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Request MariaDB instance and parse its URL.
[request-mariadb]
<= slap-connection
recipe = slapos.cookbook:request
name = MariaDB
software-url = $${slap-connection:software-release-url}
software-type = mariadb
return = url
sla-computer_guid = $${slap-connection:computer-id}
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = $${request-mariadb:connection-url}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = $${slap-network-information:global-ipv6}
listening-port = 8080
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php]
recipe = slapos.cookbook:apachephp
source = ${application:location}
template = ${application-template:location}/${application-template:filename}
configuration = ${application-configuration:location}
htdocs = $${directory:www}
pid-file = $${basedirectory:run}/apache.pid
lock-file = $${basedirectory:run}/apache.lock
ip = $${apache-network-configuration:listening-ip}
port = $${apache-network-configuration:listening-port}
url = http://[$${:ip}]:$${:port}/
error-log = $${directory:httpd-log}/error.log
access-log = $${directory:httpd-log}/access.log
php-ini-dir = $${directory:php-ini-dir}
tmp-dir = $${directory:tmp-php}
httpd-conf = $${rootdirectory:etc}/apache.conf
wrapper = $${basedirectory:services}/apache
httpd-binary = ${apache:location}/bin/httpd
mysql-username = $${mariadb-urlparse:username}
mysql-password = $${mariadb-urlparse:password}
mysql-database = $${mariadb-urlparse:path}
mysql-host = $${stunnel:local-host}
mysql-port = $${stunnel:local-port}
[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache-php:error-log} $${apache-php:access-log}
frequency = daily
rotate-num = 30
sharedscripts = true
notifempty = true
create = true
#----------------
#--
#-- Request frontend.
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = http://[$${apache-network-configuration:listening-ip}]:$${apache-network-configuration:listening-port}/
return = site_url
config-custom_domain = $${slap-parameter:domain}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = $${apache-php:url}
url = $${request-frontend:connection-site_url}
#----------------
#--
#-- Deploy promises scripts.
[promise]
recipe = slapos.cookbook:check_port_listening
path = $${basedirectory:promises}/apache
hostname = $${apache-php:ip}
port = $${apache-php:port}
[frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${basedirectory:promises}/frontend
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[content-promise]
recipe = slapos.cookbook:check_page_content
path = $${basedirectory:promises}/content
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[slap-parameter]
# Default value if no domain is specified
domain =
# Default value if no ssh parameter is specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
......@@ -5,25 +5,18 @@ ignore-existing = true
parts =
slapos-cookbook
apache-php
php-redis
php-imagick
php-apcu
mariadb
mydumper
python-mysqlclient
rdiff-backup
mroonga-mariadb
dropbear
eggs
instance
instance-apache-php
instance-mariadb
#Contains the importer and exporter recipes for mariadb
instance-mariadb-import
instance-mariadb-export
#Contains the importer and exporter recipes for apache
instance-apache-import
instance-apache-export
template-mariadb
instance-lamp
extends =
../../component/apache-php/buildout.cfg
......@@ -31,25 +24,30 @@ extends =
../../component/curl/buildout.cfg
../../component/dash/buildout.cfg
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dropbear/buildout.cfg
../../component/git/buildout.cfg
../../component/glib/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/mariadb/buildout.cfg
../../component/mydumper/buildout.cfg
../../component/python-mysqlclient/buildout.cfg
../../component/perl/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/sqlite3/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/zlib/buildout.cfg
../logrotate/buildout.cfg
../resilient/buildout.cfg
../erp5/buildout.cfg
../slapos.cfg
[template-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[mariadb]
# Compile dir is for plugins, there's no plugin in LAMP
keep-compile-dir = false
......@@ -60,84 +58,6 @@ ignore-existing = true
# If the provided tarball does not contain top directory, this option should be changed to false
strip-top-level-dir = true
#----------------
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[instance-apache-php]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-php.cfg.in
output = ${buildout:directory}/instance-apache-php.cfg
md5sum = 5800e365e200240e33defea9561c0b23
mode = 0644
[instance-apache-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-import.cfg.in
output = ${buildout:directory}/instance-apache-import.cfg
md5sum = f1dc2a71d362b5d2d36481ffefdd2293
mode = 0644
[instance-apache-export]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/apache/instance-apache-export.cfg.jinja2
rendered = ${buildout:directory}/instance-apache-export.cfg
extensions = jinja2.ext.do
context = key templateapache instance-apache-php:output
key templatepbsreadyexport pbsready-export:output
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = 00068d0f68a9e1eb5a6e89e73a3dc399
mode = 0644
[instance-resilient]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
rendered = ${buildout:directory}/instance-resilient.cfg
extensions = jinja2.ext.do
context = key buildout buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = f171782b98c1143d44ec2a35d8259254
mode = 0644
[instance-mariadb]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb.cfg.in
output = ${buildout:directory}/instance-mariadb.cfg
md5sum = 1d3022164dd70efe374a179ef319e0eb
mode = 0644
[instance-mariadb-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-import.cfg.in
output = ${buildout:directory}/instance-mariadb-import.cfg
md5sum = faf5826f4b27e362f34ad17db54b8c9a
mode = 0644
[instance-mariadb-export]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-export.cfg.in
output = ${buildout:directory}/instance-mariadb-export.cfg
md5sum = d17228a2708cbb39dc00945a93e0740d
mode = 0644
#----------------
#--
#-- Optional part allowing applications using this stack to run a custom
......@@ -152,57 +72,83 @@ path =
part-list =
#----------------
#-- Dummy parts in case no application configuration file is needed
[application-template]
filename =
location =
[application-configuration]
location =
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/instance.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = 7c47a85e310674e451db778d9e4383a6
mode = 0644
context =
key application_location application:location
key application_deployment_part_list custom-application-deployment:part-list
key apache_location apache:location
key apache_php_location apache-php:location
key bash_location bash:location
key bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key buildout_egg_directory buildout:eggs-directory
key buildout_develop_directory buildout:develop-eggs-directory
key buildout_directory buildout:directory
key dash_location dash:location
key findutils_location findutils:location
key logrotate_location logrotate:location
key logrotate_cfg template-logrotate-base:rendered
key gzip_location gzip:location
key stunnel_location stunnel:location
key template_monitor monitor2-template:rendered
key mariadb_link_binary template-mariadb:link-binary
key mariadb_location mariadb:location
key mariadb_resiliency_after_import_script mariadb-resiliency-after-import-script:target
key mariadb_slow_query_report_script mariadb-slow-query-report-script:target
key mariadb_start_clone_from_backup mariadb-start-clone-from-backup:target
key percona_toolkit_location percona-toolkit:location
key template_php_ini template-php.ini:output
key template_apache_conf template-apache.conf:output
key template_apache_php instance-apache-php:output
key template_lamp instance-lamp:output
key template_mariadb template-mariadb:target
key template_mariadb_initial_setup template-mariadb-initial-setup:target
key template_my_cnf template-my-cnf:target
key unixodbc_location unixodbc:location
key openssl_location openssl:location
key custom_application_template custom-application-deployment:path
[custom-application-deployment]
# Optional part allowing applications using this stack to run a custom
# instance.cfg at the end of Apache/PHP instance deployment.
# To use it in your application, just override those two parameters, like:
# path = /path/to/instance-custom.cfg
# part-list =
# part1
# part2
# See software/tt-rss/software.cfg for an example.
path =
part-list =
[instance-apache-php]
<= template-download-base
filename = instance-apache-php.cfg.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7edcbca22e800f2c90559298c44d5a48
[instance-lamp]
<= template-download-base
filename = instance-lamp.cfg.jinja2.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 2f8b021acc9c7a849641680a249d5a36
[template-apache.conf]
<= template-download-base
filename = apache.conf.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 04080510698732d84122b464fdb08c6a
[template-php.ini]
<= template-download-base
filename = php.ini.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7de35e3f8619324119ff296580d2880f
[erp5]
# lamp stack reuses erp5 stack to have mariadb, but we don't need to checkout erp5 here.
recipe =
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
slapos.toolbox[lampconfigure]
slapos.toolbox
[versions]
async = 0.6.1
gitdb = 0.5.4
mysqlclient = 1.3.12
pycrypto = 2.6
rdiff-backup = 1.0.5+SlapOSPatched001
slapos.recipe.template = 2.4.2
slapos.toolbox = 0.40.4
smmap = 0.8.2
# Required by:
# slapos.toolbox==0.40.2
GitPython = 2.0.8
# Required by:
# slapos.toolbox==0.40.2
atomize = 0.1.1
# Required by:
# slapos.toolbox==0.40.2
feedparser = 5.1.3
# Required by:
# slapos.toolbox==0.40.2
paramiko = 2.0.1
[buildout]
extends =
{{ template_monitor }}
{{ logrotate_cfg }}
{{ custom_application_template }}
parts =
monitor-base
certificate-authority
logrotate-entry-apache
promise
php.ini-conf
apache-php-service
publish-connection-information
{{ parameter_dict['application-part-list'] }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
var = ${buildout:directory}/var
srv = ${buildout:directory}/srv
bin = ${buildout:directory}/bin
tmp = ${buildout:directory}/tmp
log = ${:var}/log
services = ${:etc}/service
scripts = ${:etc}/run
run = ${:var}/run
backup = ${:srv}/backup
promises = ${:etc}/promise
plugins = ${:etc}/plugin
httpd-log = ${:log}/apache
php-ini-dir = ${:etc}/php
tmp-php = ${:tmp}/php
upload-tmp = ${:tmp}/upload
www = ${:srv}/www/
apache.d = ${:etc}/apache.d
#----------------
#--
#-- Certificate stuff.
[ca-directory]
recipe = slapos.cookbook:mkdirectory
root = ${directory:srv}/ssl
requests = ${:root}/requests
private = ${:root}/private
certs = ${:root}/certs
newcerts = ${:root}/newcerts
crl = ${:root}/crl
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests}
wrapper = ${directory:bin}/certificate_authority
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}
[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
hash-files = ${buildout:directory}/software_release/buildout.cfg
[ca-apache-php]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${apache-php-configuration:key-file}
cert-file = ${apache-php-configuration:cert-file}
executable = ${apache-php-wrapper:wrapper-path}
wrapper = ${directory:bin}/ca-apache-php
[apache-php-service]
recipe = slapos.cookbook:wrapper
command-line = ${ca-apache-php:wrapper}
wrapper-path = ${directory:services}/apache-php
hash-files = ${buildout:directory}/software_release/buildout.cfg
depends =
${copy-application:recipe}
${apache-graceful:recipe}
[copy-application]
recipe = plone.recipe.command
command = if [ -z "$(ls -A ${directory:www})" ]; then
rm -rf ${directory:www};
cp -ax {{ parameter_dict['application-location'] }}/ ${directory:www};
fi
update-command = ${:command}
stop-on-error = true
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = {{ slapparameter_dict['database-list'][0] }}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = {{ (ipv6 | list)[0] }}
listening-port = 9988
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php-configuration]
document-root = ${directory:www}
pid-file = ${directory:run}/apache.pid
lock-file = ${directory:run}/apache.lock
ip = ${apache-network-configuration:listening-ip}
port = ${apache-network-configuration:listening-port}
url = https://[${:ip}]:${:port}/
error-log = ${directory:httpd-log}/error.log
access-log = ${directory:httpd-log}/access.log
php-ini-dir = ${directory:php-ini-dir}
cert-file = ${ca-directory:certs}/httpd.crt
key-file = ${ca-directory:certs}/httpd.key
apache-config-dir = ${directory:apache.d}
[apache-php-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:etc}/apache.conf
context =
section parameter_dict apache-php-configuration
extensions = jinja2.ext.do
mode = 0644
[apache-php-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/apache-wrapper
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-php-conf:rendered}" -DFOREGROUND
wait-for-files =
${ca-directory:certs}/httpd.crt
${ca-directory:certs}/httpd.key
[apache-graceful]
recipe = collective.recipe.template
output = ${directory:bin}/apache-httpd-graceful
mode = 700
input = inline:
#!/bin/sh
kill -USR1 "$(cat '${apache-php-configuration:pid-file}')"
[logrotate-entry-apache]
<= logrotate-entry-base
name = apache
log = ${apache-php-configuration:error-log} ${apache-php-configuration:access-log}
frequency = daily
rotate-num = 30
[php.ini-configuration]
tmp-dir = ${directory:tmp-php}
php-upload-dir = ${directory:upload-tmp}
[php.ini-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-php-ini'] }}
rendered = ${directory:php-ini-dir}/php.ini
context =
section parameter_dict php.ini-configuration
section instance_dict instance-parameter
extensions = jinja2.ext.do
mode = 0644
[instance-parameter]
db-user = ${mariadb-urlparse:username}
db-password = ${mariadb-urlparse:password}
db-name = ${mariadb-urlparse:path}
db-host = ${mariadb-urlparse:host}
db-port = ${mariadb-urlparse:port}
document-root = ${apache-php-configuration:document-root}
backend-url = ${apache-php-configuration:url}
php-bin = {{ parameter_dict['apache-php-location'] }}/bin/php
php-ini = ${php.ini-conf:rendered}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish.serialised
backend-url = ${apache-php-configuration:url}
#----------------
#--
#-- Deploy promises scripts.
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
<= promise-base
module = check_port_listening
name = apache-httpd-port-listening.py
config-hostname = ${apache-php-configuration:ip}
config-port = ${apache-php-configuration:port}
[slap-parameter]
{% for key, value in slapparameter_dict.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
\ No newline at end of file
{% set publish_dict = {} -%}
{% set part_list = [] -%}
{% set ipv6 = (ipv6 | list)[0] -%}
{% set monitor_base_url_dict = {} -%}
{% set mariadb_dict = {} -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
plugins = ${:etc}/plugin
[request-common]
recipe = slapos.cookbook:request.serialised
software-url = ${slap-connection:software-release-url}
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/$${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[request-apache]
<= request-common
software-type = apache
name = apache-php
sla-computer_guid = {{ dumps(slapparameter_dict.get('apache-computer-guid', '')) }}
{% for key, value in slapparameter_dict.items() -%}
{% if key.startswith('instance.') -%}
config-{{ key }} = {{ dumps(value) }}
{% endif -%}
{% endfor -%}
config-database-list = ${request-mariadb:connection-database-list}
return =
backend-url
monitor-base-url
{% do part_list.append('request-apache') -%}
{% do publish_dict.__setitem__('backend-url', '${request-apache:connection-backend-url}') -%}
{% do monitor_base_url_dict.__setitem__('apache', '${request-apache:connection-monitor-base-url}') -%}
{% do mariadb_dict.__setitem__('database-list', [{'name': 'nextcloud', 'user': 'nextcloud', 'password': 'insecure'}]) -%}
{% do mariadb_dict.__setitem__('test-database-amount', 0) -%}
{% do mariadb_dict.__setitem__('tcpv4-port', 2099) -%}
{% do mariadb_dict.__setitem__('max-slowqueries-threshold', 1000) -%}
{% do mariadb_dict.__setitem__('slowest-query-threshold', '') -%}
{% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
{% do mariadb_dict.__setitem__('monitor-passwd', '${monitor-htpasswd:passwd}') -%}
{% do mariadb_dict.__setitem__('name', 'Mariadb') -%}
{% do mariadb_dict.__setitem__('innodb-file-per-table', slapparameter_dict.get('innodb-file-per-table', 1)) -%}
[request-mariadb]
<= request-common
software-type = mariadb
name = Mariadb
sla-computer_guid = {{ dumps(slapparameter_dict.get('mariadb-computer-guid', '')) }}
{% for key, value in mariadb_dict.items() -%}
config-{{ key }} = {{ dumps(value) }}
{% endfor -%}
return =
database-list
monitor-base-url
{% do part_list.append('request-mariadb') -%}
{% do publish_dict.__setitem__('mariadb-url-list', '${request-mariadb:connection-database-list}') -%}
{% do monitor_base_url_dict.__setitem__('mariadb', '${request-mariadb:connection-monitor-base-url}') -%}
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Instance Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = ${request-apache:connection-backend-url}
config-https-only = true
return = domain secure_access
[lamp-frontend-promise]
<= monitor-promise-base
module = check_url_available
name = lamp-http-frontend.py
url = ${request-frontend:connection-secure_access}
config-url = ${:url}
config-custom-domain = {{ slapparameter_dict.get('custom-domain', '') }}
config-check-secure = 1
{% do publish_dict.__setitem__('url', '${lamp-frontend-promise:url}') -%}
[publish-early]
recipe = slapos.cookbook:publish-early
-init =
monitor-password monitor-htpasswd:passwd
[monitor-instance-parameter]
monitor-httpd-port = 8060
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
username = admin
password = ${monitor-htpasswd:passwd}
[monitor-base-url-dict]
{% for key, value in monitor_base_url_dict.items() -%}
{{ key }} = {{ value }}
{% endfor %}
[monitor-conf-parameters]
[publish-connection-information]
recipe = slapos.cookbook:publish
{% for name, value in publish_dict.items() -%}
{{ name }} = {{ value }}
{% endfor %}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}
monitor-password = ${publish-early:monitor-password}
monitor-user = ${monitor-publish-parameters:monitor-user}
{% do part_list.append('monitor-base') -%}
[buildout]
extends =
{{ template_monitor }}
parts =
publish-connection-information
# Complete parts with sections
{{ part_list | join('\n ') }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
\ No newline at end of file
# vim: set ft=cfg:
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
# += because we need to take up parts (like instance-custom, slapmonitor etc) from the profile we extended
parts +=
{{ parts.replicate("apache", "3") }}
publish-connection-information
{{ replicated.replicate("apache", "3", "apache-export", "apache-import") }}
# Bubble up the parameters
[request-apache]
return = url ssh-public-key ssh-url notification-id ip url backend_url
# XXX: hardcoded values
config-mariadb1-computer-guid = ${slap-parameter:mariadb1-computer-guid}
config-pbs-mariadb1-computer-guid = ${slap-parameter:pbs-mariadb1-computer-guid}
config-mariadb2-computer-guid = ${slap-parameter:mariadb2-computer-guid}
config-pbs-mariadb2-computer-guid = ${slap-parameter:pbs-mariadb2-computer-guid}
config-mariadb3-computer-guid = ${slap-parameter:mariadb3-computer-guid}
config-pbs-mariadb3-computer-guid = ${slap-parameter:pbs-mariadb3-computer-guid}
config-domain = ${slap-parameter:domain}
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = ${request-apache:connection-backend_url}
url = ${request-apache:connection-url}
[slap-parameter]
# Default parameters for distributed deployment
# I.e state "backup1 of maria should go there, ..."
# XXX-Cedric: Hardcoded number of backups. Should be dynamically generated.
mariadb1-computer-guid =
pbs-mariadb1-computer-guid =
mariadb2-computer-guid =
pbs-mariadb2-computer-guid =
mariadb3-computer-guid =
pbs-mariadb3-computer-guid =
# XXX-Cedric: Hardcoded parameters. Should be dynamically generated.
domain =
......@@ -3,22 +3,101 @@
parts =
switch_softwaretype
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
eggs-directory = {{ buildout_egg_directory }}
develop-eggs-directory = {{ buildout_develop_directory }}
offline = true
[switch_softwaretype]
recipe = slapos.cookbook:softwaretype
default = ${instance-apache-php:output}
resilient = ${instance-resilient:rendered}
mariadb = ${instance-mariadb:output}
mariadb-import = ${instance-mariadb-import:output}
mariadb-export = ${instance-mariadb-export:output}
apache-import = ${instance-apache-import:output}
apache-export = ${instance-apache-export:rendered}
#frozen creates a syntax error, meaning it can keep its data.
#It's dirty as hell, it needs to be replaced.
frozen = ${instance-frozen:output}
pull-backup = ${template-pull-backup:output}
#recipe = slapos.cookbook:softwaretype
recipe = slapos.cookbook:switch-softwaretype
default = dynamic-template-lamp:rendered
RootSoftwareInstance = ${:default}
mariadb = dynamic-template-mariadb:rendered
apache = dynamic-template-apache-php:rendered
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
extensions = jinja2.ext.do
mode = 0644
extra-context =
context =
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key ipv4 slap-configuration:ipv4
key ipv6 slap-configuration:ipv6
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
raw template_monitor {{ template_monitor }}
raw openssl_location {{ openssl_location }}
raw logrotate_cfg {{ logrotate_cfg }}
${:extra-context}
[dynamic-template-lamp-parameters]
[dynamic-template-lamp]
<= jinja2-template-base
template = {{ template_lamp }}
filename = template-lamp.cfg
extra-context =
section parameter_dict dynamic-template-lamp-parameters
[dynamic-template-apache-php-parameters]
application-location = {{ application_location }}
application-part-list = {{ application_deployment_part_list }}
template-apache-conf = {{ template_apache_conf }}
apache-location = {{ apache_location }}
apache-php-location = {{ apache_php_location }}
template-php-ini = {{ template_php_ini }}
# XXX no failure if `custom_application_template` is empty
[application-parameters]
custom-application-template = {{ custom_application_template }}
[dynamic-template-apache-php]
<= jinja2-template-base
template = {{ template_apache_php }}
filename = template-apache-php.cfg
extra-context =
key custom_application_template application-parameters:custom-application-template
section parameter_dict dynamic-template-apache-php-parameters
[dynamic-template-mariadb-parameters]
bash = {{ bash_location }}
coreutils-location = {{ coreutils_location }}
dash-location = {{ dash_location }}
findutils-location = {{ findutils_location }}
gzip-location = {{ gzip_location }}
mariadb-location = {{ mariadb_location }}
template-my-cnf = {{ template_my_cnf }}
template-mariadb-initial-setup = {{ template_mariadb_initial_setup }}
link-binary = {{ dumps(mariadb_link_binary) }}
mariadb-resiliency-after-import-script = {{ mariadb_resiliency_after_import_script }}
mariadb-slow-query-report-script = {{ mariadb_slow_query_report_script }}
mariadb-start-clone-from-backup = {{ mariadb_start_clone_from_backup }}
promise-check-slow-queries-digest-result = {{ bin_directory }}/check-slow-queries-digest-result
percona-tools-location = {{ percona_toolkit_location }}
unixodbc-location = {{ unixodbc_location }}
check-computer-memory-binary = {{ bin_directory }}/check-computer-memory
bin-directory = {{ bin_directory }}
[dynamic-template-mariadb]
<= jinja2-template-base
template = {{ template_mariadb }}
filename = instance-mariadb.cfg
extra-context =
key ipv4_set slap-configuration:ipv4
key ipv6_set slap-configuration:ipv6
raw bin_directory {{ bin_directory }}
section parameter_dict dynamic-template-mariadb-parameters
[buildout]
extends = ${instance-mariadb:output}
${pbsready-export:output}
# Repeating parts from instance-mariadb.
parts +=
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define exporter strategy
[exporter]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/$${slap-parameter:namebase}-exporter
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
mydumper-binary = ${mydumper:location}/bin/mydumper
database = $${mariadb:database}
import = false
# Extends publish section with resilient parameters
[urls]
<= resilient-publish-connection-parameter
[buildout]
extends = ${instance-mariadb:output}
${pbsready-import:output}
[importer]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/myloader
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
myloader-binary = ${mydumper:location}/bin/myloader
database = $${mariadb:database}
import = true
[buildout]
parts =
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
run = $${rootdirectory:var}/run
script = $${rootdirectory:etc}/script
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
mariadb-data = $${rootdirectory:srv}/mariadb
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
[logrotate-entry-mariadb]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = mariadb
log = $${mariadb:error-log}
frequency = daily
rotate-num = 30
post = $${mariadb:logrotate-post}
sharedscripts = true
notifempty = true
create = true
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
[logrotate-entry-cron]
<= logrotate
recipe =slapos.cookbook:logrotate.d
name = crond
log = $${cron-simplelogger:log}
frequency = daily
rotate-num = 30
notifempty = true
create = true
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${rootdirectory:bin}/stunnel
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
local-host = $${mariadb:ip}
local-port = $${mariadb:port}
remote-host = $${slap-network-information:global-ipv6}
remote-port = 6446
client = false
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Creates a MariaDB configuration file, and a database.
[mariadb]
recipe = slapos.cookbook:mysql
# Options
recovering = false
user = user
password = $${mysql-password:passwd}
port = 33060
ip = $${slap-network-information:local-ipv4}
database = db
# Paths
wrapper = $${basedirectory:services}/mariadb
update-wrapper = $${basedirectory:services}/mariadb_update
logrotate-post = $${rootdirectory:bin}/mariadb_post_logrotate
data-directory = $${directory:mariadb-data}
pid-file = $${basedirectory:run}/mariadb.pid
socket = $${basedirectory:run}/mariadb.sock
error-log = $${basedirectory:log}/mariadb_error.log
conf-file = $${rootdirectory:etc}/mariadb.cnf
promise = $${basedirectory:promises}/mysql
# Binary information
mysql-base-directory = ${mariadb:location}
mysql-binary = ${mariadb:location}/bin/mysql
mysql-install-binary = ${mariadb:location}/scripts/mysql_install_db
mysql-upgrade-binary = ${mariadb:location}/bin/mysql_upgrade
mysqld-binary = ${mariadb:location}/bin/mysqld
[mysql-password]
recipe = slapos.cookbook:generate.password
storage-path = $${rootdirectory:etc}/.passwd
bytes = 4
#----------------
#--
#-- Publish instance parameters.
[urls]
recipe = slapos.cookbook:publish
url = mysqls://$${mariadb:user}:$${mariadb:password}@[$${stunnel:remote-host}]:$${stunnel:remote-port}/$${mariadb:database}
ip = $${slap-network-information:global-ipv6}
[slap-parameter]
#Default value if no ssh parameters specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
[PHP]
engine = On
safe_mode = Off
expose_php = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = On
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
session.save_path = "{{ parameter_dict['tmp-dir'] }}"
session.auto_start = 0
date.timezone = {{ instance_dict.get('php.date.timezone', 'Europe/Paris') }}
file_uploads = On
upload_max_filesize = {{ instance_dict.get('php.upload_max_filesize', '8M') }}
post_max_size = {{ instance_dict.get('php.post_max_size', '8M') }}
magic_quotes_gpc=Off
memory_limit = {{ instance_dict.get('php.memory_limit', '128M') }}
session.cookie_secure = True
max_execution_time = {{ instance_dict.get('php.max_execution_time', 60) }}
max_input_time = {{ instance_dict.get('php.max_input_time', 60) }}
output_buffering = {{ instance_dict.get('php.output_buffering', 4096) }}
max_file_uploads = {{ instance_dict.get('php.max_file_uploads', 20) }}
#extension_dir="./"#
sys_temp_dir="{{ parameter_dict['tmp-dir'] }}"
upload_tmp_dir="{{ parameter_dict['php-upload-dir'] }}"
zend_extension=opcache
extension=apcu
extension=redis
extension=imagick
apc.enabled=1
apc.file_update_protection=2
apc.optimization=0
apc.shm_size=256M
apc.include_once_override=0
apc.shm_segments=1
apc.ttl=7200
apc.user_ttl=7200
apc.gc_ttl=3600
apc.num_files_hint=1024
apc.enable_cli=0
apc.max_file_size=5M
apc.cache_by_default=1
apc.use_request_time=1
apc.slam_defense=0
apc.mmap_file_mask="{{ parameter_dict['tmp-dir'] }}/apc.XXXXXX"
apc.stat_ctime=0
apc.canonicalize=1
apc.write_lock=1
apc.report_autofilter=0
apc.rfc1867=0
apc.rfc1867_prefix =upload_
apc.rfc1867_name=APC_UPLOAD_PROGRESS
apc.rfc1867_freq=0
apc.rfc1867_ttl=3600
apc.lazy_classes=0
apc.lazy_functions=0
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment