Commit 3d473964 authored by Alain Takoudjou's avatar Alain Takoudjou

rewrite stack lamp and make it works with php7

Stack LAMP was not used for years so it was completely outdated was not working anymore.
The stack was rewritten to make it works with php7.3
Use mariadb from stack/erp5 because we won't code again all feature done there for mariadb, initialization and backup to have it up-to-date.
Delete old files which are not used anymore
Remove integrated resilience scripts, resilience will works with webrunner which is more stable today.
parent 8815ceb2
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "{{ parameter_dict['pid-file'] }}"
Listen {{ parameter_dict['ip'] }}:{{ parameter_dict['port'] }}
PHPINIDir {{ parameter_dict['php-ini-dir'] }}
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "{{ parameter_dict['error-log'] }}"
LogLevel warn
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog "{{ parameter_dict['access-log'] }}" common
# SSL Configuration
SSLCertificateFile {{ parameter_dict.get('cert-file') }}
SSLCertificateKeyFile {{ parameter_dict.get('key-file') }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLEngine On
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
DirectoryIndex index.html index.php
Include {{ parameter_dict['apache-config-dir'] }}/*.conf
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so
LoadModule php7_module modules/libphp7.so
# This file is responsible of three things:
# 1/ Act as "Apache exporter"
# 2/ Act as "Mariadb backup infrastructure requester"
# 3/ Act as "Apache" instance
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
extends = {{templateapache}}
{{templatepbsreadyexport}}
parts +=
{{ parts.replicate("mariadb", "3") }}
# Repeating parts from instance-apache-php.
# XXX-Cedric: how to simplify this?
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
{{ replicated.replicate("mariadb", "3", "mariadb-export", "mariadb-import") }}
# Nothing to do for the exporter. This wrapper is intended
# to produce the "dump" files that have to be backed up.
# So, in case of binary DB data, we would back up the ASCII dump
# files, or a similar data format that can be restored on any machine
# (i.e. postgres 'custom')
# In the case of an httpd instance, the src/www directory can be directly
# pulled from the PBS, we don't need to prepare anything.
[exporter]
wrapper = /bin/true
# State that we want to backup srv/www directory, not srv/backup.
# XXX-Cedric: works well, but doesn't work with big data.
[rdiff-backup-server]
path = ${directory:www}
# Add "exporter" parameters to list of published connection parameters
[publish-connection-information]
# XXX-Cedric: Long term goal: could be a recipe that requests an instance and
# bubbles ALL
# parameters of the requested instance. Requirement: aggregated publish.
<= resilient-publish-connection-parameter
# XXX-Cedric: resilient overwrites what's returned from request-mariadb
# XXX-Cedric: change the request method to return everything from
# getConnectionParameterDict()
[request-mariadb]
return = ssh-public-key ssh-url notification-id ip url
[buildout]
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
extends = ${pbsready-import:output}
[directory]
srv = $${buildout:directory}/srv
www = $${:srv}/www/
# Nothing to do for the import. Just dummy part that does nothing.
# For httpd instance, PBS will directly push data to srv/www.
# XXX-Cedric: write a real backup system.
[importer]
wrapper = /bin/true
# State that we want to push to srv/www directory, not srv/backup.
[rdiff-backup-server]
path = $${directory:www}
[buildout]
extends = ${custom-application-deployment:path}
parts =
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
${custom-application-deployment:part-list}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
scripts = $${rootdirectory:etc}/run
run = $${rootdirectory:var}/run
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
httpd-log = $${basedirectory:log}/apache
php-ini-dir = $${rootdirectory:etc}/php
tmp-php = $${rootdirectory:tmp}/php
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
www = $${rootdirectory:srv}/www/
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests
private = $${directory:ca-dir}/private
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts
crl = $${directory:ca-dir}/crl
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
client = true
stunnel-binary = ${stunnel:location}/bin/stunnel
remote-host = $${mariadb-urlparse:host}
remote-port = $${mariadb-urlparse:port}
local-host = $${slap-network-information:local-ipv4}
local-port = 3306
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
wrapper = $${rootdirectory:bin}/raw_stunnel
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Request MariaDB instance and parse its URL.
[request-mariadb]
<= slap-connection
recipe = slapos.cookbook:request
name = MariaDB
software-url = $${slap-connection:software-release-url}
software-type = mariadb
return = url
sla-computer_guid = $${slap-connection:computer-id}
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = $${request-mariadb:connection-url}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = $${slap-network-information:global-ipv6}
listening-port = 8080
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php]
recipe = slapos.cookbook:apachephp
source = ${application:location}
template = ${application-template:location}/${application-template:filename}
configuration = ${application-configuration:location}
htdocs = $${directory:www}
pid-file = $${basedirectory:run}/apache.pid
lock-file = $${basedirectory:run}/apache.lock
ip = $${apache-network-configuration:listening-ip}
port = $${apache-network-configuration:listening-port}
url = http://[$${:ip}]:$${:port}/
error-log = $${directory:httpd-log}/error.log
access-log = $${directory:httpd-log}/access.log
php-ini-dir = $${directory:php-ini-dir}
tmp-dir = $${directory:tmp-php}
httpd-conf = $${rootdirectory:etc}/apache.conf
wrapper = $${basedirectory:services}/apache
httpd-binary = ${apache:location}/bin/httpd
mysql-username = $${mariadb-urlparse:username}
mysql-password = $${mariadb-urlparse:password}
mysql-database = $${mariadb-urlparse:path}
mysql-host = $${stunnel:local-host}
mysql-port = $${stunnel:local-port}
[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache-php:error-log} $${apache-php:access-log}
frequency = daily
rotate-num = 30
sharedscripts = true
notifempty = true
create = true
#----------------
#--
#-- Request frontend.
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = http://[$${apache-network-configuration:listening-ip}]:$${apache-network-configuration:listening-port}/
return = site_url
config-custom_domain = $${slap-parameter:domain}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = $${apache-php:url}
url = $${request-frontend:connection-site_url}
#----------------
#--
#-- Deploy promises scripts.
[promise]
recipe = slapos.cookbook:check_port_listening
path = $${basedirectory:promises}/apache
hostname = $${apache-php:ip}
port = $${apache-php:port}
[frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${basedirectory:promises}/frontend
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[content-promise]
recipe = slapos.cookbook:check_page_content
path = $${basedirectory:promises}/content
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[slap-parameter]
# Default value if no domain is specified
domain =
# Default value if no ssh parameter is specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
......@@ -5,25 +5,18 @@ ignore-existing = true
parts =
slapos-cookbook
apache-php
php-redis
php-imagick
php-apcu
mariadb
mydumper
python-mysqlclient
rdiff-backup
mroonga-mariadb
dropbear
eggs
instance
instance-apache-php
instance-mariadb
#Contains the importer and exporter recipes for mariadb
instance-mariadb-import
instance-mariadb-export
#Contains the importer and exporter recipes for apache
instance-apache-import
instance-apache-export
template-mariadb
instance-lamp
extends =
../../component/apache-php/buildout.cfg
......@@ -31,25 +24,30 @@ extends =
../../component/curl/buildout.cfg
../../component/dash/buildout.cfg
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dropbear/buildout.cfg
../../component/git/buildout.cfg
../../component/glib/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/mariadb/buildout.cfg
../../component/mydumper/buildout.cfg
../../component/python-mysqlclient/buildout.cfg
../../component/perl/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/sqlite3/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/zlib/buildout.cfg
../logrotate/buildout.cfg
../resilient/buildout.cfg
../erp5/buildout.cfg
../slapos.cfg
[template-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[mariadb]
# Compile dir is for plugins, there's no plugin in LAMP
keep-compile-dir = false
......@@ -60,84 +58,6 @@ ignore-existing = true
# If the provided tarball does not contain top directory, this option should be changed to false
strip-top-level-dir = true
#----------------
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[instance-apache-php]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-php.cfg.in
output = ${buildout:directory}/instance-apache-php.cfg
md5sum = 5800e365e200240e33defea9561c0b23
mode = 0644
[instance-apache-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-import.cfg.in
output = ${buildout:directory}/instance-apache-import.cfg
md5sum = f1dc2a71d362b5d2d36481ffefdd2293
mode = 0644
[instance-apache-export]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/apache/instance-apache-export.cfg.jinja2
rendered = ${buildout:directory}/instance-apache-export.cfg
extensions = jinja2.ext.do
context = key templateapache instance-apache-php:output
key templatepbsreadyexport pbsready-export:output
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = 00068d0f68a9e1eb5a6e89e73a3dc399
mode = 0644
[instance-resilient]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
rendered = ${buildout:directory}/instance-resilient.cfg
extensions = jinja2.ext.do
context = key buildout buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = f171782b98c1143d44ec2a35d8259254
mode = 0644
[instance-mariadb]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb.cfg.in
output = ${buildout:directory}/instance-mariadb.cfg
md5sum = 1d3022164dd70efe374a179ef319e0eb
mode = 0644
[instance-mariadb-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-import.cfg.in
output = ${buildout:directory}/instance-mariadb-import.cfg
md5sum = faf5826f4b27e362f34ad17db54b8c9a
mode = 0644
[instance-mariadb-export]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-export.cfg.in
output = ${buildout:directory}/instance-mariadb-export.cfg
md5sum = d17228a2708cbb39dc00945a93e0740d
mode = 0644
#----------------
#--
#-- Optional part allowing applications using this stack to run a custom
......@@ -152,57 +72,83 @@ path =
part-list =
#----------------
#-- Dummy parts in case no application configuration file is needed
[application-template]
filename =
location =
[application-configuration]
location =
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/instance.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = 7c47a85e310674e451db778d9e4383a6
mode = 0644
context =
key application_location application:location
key application_deployment_part_list custom-application-deployment:part-list
key apache_location apache:location
key apache_php_location apache-php:location
key bash_location bash:location
key bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key buildout_egg_directory buildout:eggs-directory
key buildout_develop_directory buildout:develop-eggs-directory
key buildout_directory buildout:directory
key dash_location dash:location
key findutils_location findutils:location
key logrotate_location logrotate:location
key logrotate_cfg template-logrotate-base:rendered
key gzip_location gzip:location
key stunnel_location stunnel:location
key template_monitor monitor2-template:rendered
key mariadb_link_binary template-mariadb:link-binary
key mariadb_location mariadb:location
key mariadb_resiliency_after_import_script mariadb-resiliency-after-import-script:target
key mariadb_slow_query_report_script mariadb-slow-query-report-script:target
key mariadb_start_clone_from_backup mariadb-start-clone-from-backup:target
key percona_toolkit_location percona-toolkit:location
key template_php_ini template-php.ini:output
key template_apache_conf template-apache.conf:output
key template_apache_php instance-apache-php:output
key template_lamp instance-lamp:output
key template_mariadb template-mariadb:target
key template_mariadb_initial_setup template-mariadb-initial-setup:target
key template_my_cnf template-my-cnf:target
key unixodbc_location unixodbc:location
key openssl_location openssl:location
key custom_application_template custom-application-deployment:path
[custom-application-deployment]
# Optional part allowing applications using this stack to run a custom
# instance.cfg at the end of Apache/PHP instance deployment.
# To use it in your application, just override those two parameters, like:
# path = /path/to/instance-custom.cfg
# part-list =
# part1
# part2
# See software/tt-rss/software.cfg for an example.
path =
part-list =
[instance-apache-php]
<= template-download-base
filename = instance-apache-php.cfg.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7edcbca22e800f2c90559298c44d5a48
[instance-lamp]
<= template-download-base
filename = instance-lamp.cfg.jinja2.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 2f8b021acc9c7a849641680a249d5a36
[template-apache.conf]
<= template-download-base
filename = apache.conf.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 04080510698732d84122b464fdb08c6a
[template-php.ini]
<= template-download-base
filename = php.ini.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7de35e3f8619324119ff296580d2880f
[erp5]
# lamp stack reuses erp5 stack to have mariadb, but we don't need to checkout erp5 here.
recipe =
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
slapos.toolbox[lampconfigure]
slapos.toolbox
[versions]
async = 0.6.1
gitdb = 0.5.4
mysqlclient = 1.3.12
pycrypto = 2.6
rdiff-backup = 1.0.5+SlapOSPatched001
slapos.recipe.template = 2.4.2
slapos.toolbox = 0.40.4
smmap = 0.8.2
# Required by:
# slapos.toolbox==0.40.2
GitPython = 2.0.8
# Required by:
# slapos.toolbox==0.40.2
atomize = 0.1.1
# Required by:
# slapos.toolbox==0.40.2
feedparser = 5.1.3
# Required by:
# slapos.toolbox==0.40.2
paramiko = 2.0.1
[buildout]
extends =
{{ template_monitor }}
{{ logrotate_cfg }}
{{ custom_application_template }}
parts =
monitor-base
certificate-authority
logrotate-entry-apache
promise
php.ini-conf
apache-php-service
publish-connection-information
{{ parameter_dict['application-part-list'] }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true