Commit 3d473964 authored by Alain Takoudjou's avatar Alain Takoudjou

rewrite stack lamp and make it works with php7

Stack LAMP was not used for years so it was completely outdated was not working anymore.
The stack was rewritten to make it works with php7.3
Use mariadb from stack/erp5 because we won't code again all feature done there for mariadb, initialization and backup to have it up-to-date.
Delete old files which are not used anymore
Remove integrated resilience scripts, resilience will works with webrunner which is more stable today.
parent 8815ceb2
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "{{ parameter_dict['pid-file'] }}"
Listen {{ parameter_dict['ip'] }}:{{ parameter_dict['port'] }}
PHPINIDir {{ parameter_dict['php-ini-dir'] }}
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "{{ parameter_dict['error-log'] }}"
LogLevel warn
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog "{{ parameter_dict['access-log'] }}" common
# SSL Configuration
SSLCertificateFile {{ parameter_dict.get('cert-file') }}
SSLCertificateKeyFile {{ parameter_dict.get('key-file') }}
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLEngine On
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
DirectoryIndex index.html index.php
Include {{ parameter_dict['apache-config-dir'] }}/*.conf
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule filter_module modules/mod_filter.so
LoadModule php7_module modules/libphp7.so
# This file is responsible of three things:
# 1/ Act as "Apache exporter"
# 2/ Act as "Mariadb backup infrastructure requester"
# 3/ Act as "Apache" instance
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
extends = {{templateapache}}
{{templatepbsreadyexport}}
parts +=
{{ parts.replicate("mariadb", "3") }}
# Repeating parts from instance-apache-php.
# XXX-Cedric: how to simplify this?
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
{{ replicated.replicate("mariadb", "3", "mariadb-export", "mariadb-import") }}
# Nothing to do for the exporter. This wrapper is intended
# to produce the "dump" files that have to be backed up.
# So, in case of binary DB data, we would back up the ASCII dump
# files, or a similar data format that can be restored on any machine
# (i.e. postgres 'custom')
# In the case of an httpd instance, the src/www directory can be directly
# pulled from the PBS, we don't need to prepare anything.
[exporter]
wrapper = /bin/true
# State that we want to backup srv/www directory, not srv/backup.
# XXX-Cedric: works well, but doesn't work with big data.
[rdiff-backup-server]
path = ${directory:www}
# Add "exporter" parameters to list of published connection parameters
[publish-connection-information]
# XXX-Cedric: Long term goal: could be a recipe that requests an instance and
# bubbles ALL
# parameters of the requested instance. Requirement: aggregated publish.
<= resilient-publish-connection-parameter
# XXX-Cedric: resilient overwrites what's returned from request-mariadb
# XXX-Cedric: change the request method to return everything from
# getConnectionParameterDict()
[request-mariadb]
return = ssh-public-key ssh-url notification-id ip url
[buildout]
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
extends = ${pbsready-import:output}
[directory]
srv = $${buildout:directory}/srv
www = $${:srv}/www/
# Nothing to do for the import. Just dummy part that does nothing.
# For httpd instance, PBS will directly push data to srv/www.
# XXX-Cedric: write a real backup system.
[importer]
wrapper = /bin/true
# State that we want to push to srv/www directory, not srv/backup.
[rdiff-backup-server]
path = $${directory:www}
[buildout]
extends = ${custom-application-deployment:path}
parts =
certificate-authority
ca-stunnel
logrotate
logrotate-entry-apache
logrotate-entry-stunnel
cron
cron-entry-logrotate
promise
frontend-promise
content-promise
publish-connection-information
${custom-application-deployment:part-list}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
scripts = $${rootdirectory:etc}/run
run = $${rootdirectory:var}/run
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
httpd-log = $${basedirectory:log}/apache
php-ini-dir = $${rootdirectory:etc}/php
tmp-php = $${rootdirectory:tmp}/php
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
www = $${rootdirectory:srv}/www/
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests
private = $${directory:ca-dir}/private
certs = $${directory:ca-dir}/certs
newcerts = $${directory:ca-dir}/newcerts
crl = $${directory:ca-dir}/crl
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
client = true
stunnel-binary = ${stunnel:location}/bin/stunnel
remote-host = $${mariadb-urlparse:host}
remote-port = $${mariadb-urlparse:port}
local-host = $${slap-network-information:local-ipv4}
local-port = 3306
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
wrapper = $${rootdirectory:bin}/raw_stunnel
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Request MariaDB instance and parse its URL.
[request-mariadb]
<= slap-connection
recipe = slapos.cookbook:request
name = MariaDB
software-url = $${slap-connection:software-release-url}
software-type = mariadb
return = url
sla-computer_guid = $${slap-connection:computer-id}
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = $${request-mariadb:connection-url}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = $${slap-network-information:global-ipv6}
listening-port = 8080
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php]
recipe = slapos.cookbook:apachephp
source = ${application:location}
template = ${application-template:location}/${application-template:filename}
configuration = ${application-configuration:location}
htdocs = $${directory:www}
pid-file = $${basedirectory:run}/apache.pid
lock-file = $${basedirectory:run}/apache.lock
ip = $${apache-network-configuration:listening-ip}
port = $${apache-network-configuration:listening-port}
url = http://[$${:ip}]:$${:port}/
error-log = $${directory:httpd-log}/error.log
access-log = $${directory:httpd-log}/access.log
php-ini-dir = $${directory:php-ini-dir}
tmp-dir = $${directory:tmp-php}
httpd-conf = $${rootdirectory:etc}/apache.conf
wrapper = $${basedirectory:services}/apache
httpd-binary = ${apache:location}/bin/httpd
mysql-username = $${mariadb-urlparse:username}
mysql-password = $${mariadb-urlparse:password}
mysql-database = $${mariadb-urlparse:path}
mysql-host = $${stunnel:local-host}
mysql-port = $${stunnel:local-port}
[logrotate-entry-apache]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = apache
log = $${apache-php:error-log} $${apache-php:access-log}
frequency = daily
rotate-num = 30
sharedscripts = true
notifempty = true
create = true
#----------------
#--
#-- Request frontend.
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = http://[$${apache-network-configuration:listening-ip}]:$${apache-network-configuration:listening-port}/
return = site_url
config-custom_domain = $${slap-parameter:domain}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = $${apache-php:url}
url = $${request-frontend:connection-site_url}
#----------------
#--
#-- Deploy promises scripts.
[promise]
recipe = slapos.cookbook:check_port_listening
path = $${basedirectory:promises}/apache
hostname = $${apache-php:ip}
port = $${apache-php:port}
[frontend-promise]
recipe = slapos.cookbook:check_url_available
path = $${basedirectory:promises}/frontend
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[content-promise]
recipe = slapos.cookbook:check_page_content
path = $${basedirectory:promises}/content
url = $${request-frontend:connection-site_url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
[slap-parameter]
# Default value if no domain is specified
domain =
# Default value if no ssh parameter is specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
......@@ -5,25 +5,18 @@ ignore-existing = true
parts =
slapos-cookbook
apache-php
php-redis
php-imagick
php-apcu
mariadb
mydumper
python-mysqlclient
rdiff-backup
mroonga-mariadb
dropbear
eggs
instance
instance-apache-php
instance-mariadb
#Contains the importer and exporter recipes for mariadb
instance-mariadb-import
instance-mariadb-export
#Contains the importer and exporter recipes for apache
instance-apache-import
instance-apache-export
template-mariadb
instance-lamp
extends =
../../component/apache-php/buildout.cfg
......@@ -31,25 +24,30 @@ extends =
../../component/curl/buildout.cfg
../../component/dash/buildout.cfg
../../component/dash/buildout.cfg
../../component/dcron/buildout.cfg
../../component/dropbear/buildout.cfg
../../component/git/buildout.cfg
../../component/glib/buildout.cfg
../../component/gzip/buildout.cfg
../../component/logrotate/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/mariadb/buildout.cfg
../../component/mydumper/buildout.cfg
../../component/python-mysqlclient/buildout.cfg
../../component/perl/buildout.cfg
../../component/rdiff-backup/buildout.cfg
../../component/sqlite3/buildout.cfg
../../component/stunnel/buildout.cfg
../../component/zlib/buildout.cfg
../logrotate/buildout.cfg
../resilient/buildout.cfg
../erp5/buildout.cfg
../slapos.cfg
[template-download-base]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/${:filename}
mode = 0644
[mariadb]
# Compile dir is for plugins, there's no plugin in LAMP
keep-compile-dir = false
......@@ -60,84 +58,6 @@ ignore-existing = true
# If the provided tarball does not contain top directory, this option should be changed to false
strip-top-level-dir = true
#----------------
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance.cfg.in
output = ${buildout:directory}/instance.cfg
md5sum = 650cd2527158734fd6ccd9ec374b5e69
mode = 0644
[instance-apache-php]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-php.cfg.in
output = ${buildout:directory}/instance-apache-php.cfg
md5sum = 5800e365e200240e33defea9561c0b23
mode = 0644
[instance-apache-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/apache/instance-apache-import.cfg.in
output = ${buildout:directory}/instance-apache-import.cfg
md5sum = f1dc2a71d362b5d2d36481ffefdd2293
mode = 0644
[instance-apache-export]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/apache/instance-apache-export.cfg.jinja2
rendered = ${buildout:directory}/instance-apache-export.cfg
extensions = jinja2.ext.do
context = key templateapache instance-apache-php:output
key templatepbsreadyexport pbsready-export:output
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = 00068d0f68a9e1eb5a6e89e73a3dc399
mode = 0644
[instance-resilient]
recipe = slapos.recipe.template:jinja2
template = ${:_profile_base_location_}/instance-resilient.cfg.jinja2
rendered = ${buildout:directory}/instance-resilient.cfg
extensions = jinja2.ext.do
context = key buildout buildout:bin-directory
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
import-list = file parts template-parts:destination
file replicated template-replicated:destination
md5sum = f171782b98c1143d44ec2a35d8259254
mode = 0644
[instance-mariadb]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb.cfg.in
output = ${buildout:directory}/instance-mariadb.cfg
md5sum = 1d3022164dd70efe374a179ef319e0eb
mode = 0644
[instance-mariadb-import]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-import.cfg.in
output = ${buildout:directory}/instance-mariadb-import.cfg
md5sum = faf5826f4b27e362f34ad17db54b8c9a
mode = 0644
[instance-mariadb-export]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/mariadb/instance-mariadb-export.cfg.in
output = ${buildout:directory}/instance-mariadb-export.cfg
md5sum = d17228a2708cbb39dc00945a93e0740d
mode = 0644
#----------------
#--
#-- Optional part allowing applications using this stack to run a custom
......@@ -152,57 +72,83 @@ path =
part-list =
#----------------
#-- Dummy parts in case no application configuration file is needed
[application-template]
filename =
location =
[application-configuration]
location =
#-- Instance-level buildout profiles.
[instance]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/instance.cfg
template = ${:_profile_base_location_}/instance.cfg.in
md5sum = 7c47a85e310674e451db778d9e4383a6
mode = 0644
context =
key application_location application:location
key application_deployment_part_list custom-application-deployment:part-list
key apache_location apache:location
key apache_php_location apache-php:location
key bash_location bash:location
key bin_directory buildout:bin-directory
key coreutils_location coreutils:location
key buildout_egg_directory buildout:eggs-directory
key buildout_develop_directory buildout:develop-eggs-directory
key buildout_directory buildout:directory
key dash_location dash:location
key findutils_location findutils:location
key logrotate_location logrotate:location
key logrotate_cfg template-logrotate-base:rendered
key gzip_location gzip:location
key stunnel_location stunnel:location
key template_monitor monitor2-template:rendered
key mariadb_link_binary template-mariadb:link-binary
key mariadb_location mariadb:location
key mariadb_resiliency_after_import_script mariadb-resiliency-after-import-script:target
key mariadb_slow_query_report_script mariadb-slow-query-report-script:target
key mariadb_start_clone_from_backup mariadb-start-clone-from-backup:target
key percona_toolkit_location percona-toolkit:location
key template_php_ini template-php.ini:output
key template_apache_conf template-apache.conf:output
key template_apache_php instance-apache-php:output
key template_lamp instance-lamp:output
key template_mariadb template-mariadb:target
key template_mariadb_initial_setup template-mariadb-initial-setup:target
key template_my_cnf template-my-cnf:target
key unixodbc_location unixodbc:location
key openssl_location openssl:location
key custom_application_template custom-application-deployment:path
[custom-application-deployment]
# Optional part allowing applications using this stack to run a custom
# instance.cfg at the end of Apache/PHP instance deployment.
# To use it in your application, just override those two parameters, like:
# path = /path/to/instance-custom.cfg
# part-list =
# part1
# part2
# See software/tt-rss/software.cfg for an example.
path =
part-list =
[instance-apache-php]
<= template-download-base
filename = instance-apache-php.cfg.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7edcbca22e800f2c90559298c44d5a48
[instance-lamp]
<= template-download-base
filename = instance-lamp.cfg.jinja2.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 2f8b021acc9c7a849641680a249d5a36
[template-apache.conf]
<= template-download-base
filename = apache.conf.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 04080510698732d84122b464fdb08c6a
[template-php.ini]
<= template-download-base
filename = php.ini.in
output = ${buildout:parts-directory}/${:_buildout_section_name_}/${:filename}
md5sum = 7de35e3f8619324119ff296580d2880f
[erp5]
# lamp stack reuses erp5 stack to have mariadb, but we don't need to checkout erp5 here.
recipe =
location = ${buildout:parts-directory}/${:_buildout_section_name_}
[eggs]
recipe = zc.recipe.egg
eggs =
${lxml-python:egg}
slapos.toolbox[lampconfigure]
slapos.toolbox
[versions]
async = 0.6.1
gitdb = 0.5.4
mysqlclient = 1.3.12
pycrypto = 2.6
rdiff-backup = 1.0.5+SlapOSPatched001
slapos.recipe.template = 2.4.2
slapos.toolbox = 0.40.4
smmap = 0.8.2
# Required by:
# slapos.toolbox==0.40.2
GitPython = 2.0.8
# Required by:
# slapos.toolbox==0.40.2
atomize = 0.1.1
# Required by:
# slapos.toolbox==0.40.2
feedparser = 5.1.3
# Required by:
# slapos.toolbox==0.40.2
paramiko = 2.0.1
[buildout]
extends =
{{ template_monitor }}
{{ logrotate_cfg }}
{{ custom_application_template }}
parts =
monitor-base
certificate-authority
logrotate-entry-apache
promise
php.ini-conf
apache-php-service
publish-connection-information
{{ parameter_dict['application-part-list'] }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
var = ${buildout:directory}/var
srv = ${buildout:directory}/srv
bin = ${buildout:directory}/bin
tmp = ${buildout:directory}/tmp
log = ${:var}/log
services = ${:etc}/service
scripts = ${:etc}/run
run = ${:var}/run
backup = ${:srv}/backup
promises = ${:etc}/promise
plugins = ${:etc}/plugin
httpd-log = ${:log}/apache
php-ini-dir = ${:etc}/php
tmp-php = ${:tmp}/php
upload-tmp = ${:tmp}/upload
www = ${:srv}/www/
apache.d = ${:etc}/apache.d
#----------------
#--
#-- Certificate stuff.
[ca-directory]
recipe = slapos.cookbook:mkdirectory
root = ${directory:srv}/ssl
requests = ${:root}/requests
private = ${:root}/private
certs = ${:root}/certs
newcerts = ${:root}/newcerts
crl = ${:root}/crl
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = {{ openssl_location }}/bin/openssl
ca-dir = ${ca-directory:root}
requests-directory = ${ca-directory:requests}
wrapper = ${directory:bin}/certificate_authority
ca-private = ${ca-directory:private}
ca-certs = ${ca-directory:certs}
ca-newcerts = ${ca-directory:newcerts}
ca-crl = ${ca-directory:crl}
[certificate-authority-service]
recipe = slapos.cookbook:wrapper
command-line = ${certificate-authority:wrapper}
wrapper-path = ${directory:services}/certificate_authority
hash-files = ${buildout:directory}/software_release/buildout.cfg
[ca-apache-php]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
key-file = ${apache-php-configuration:key-file}
cert-file = ${apache-php-configuration:cert-file}
executable = ${apache-php-wrapper:wrapper-path}
wrapper = ${directory:bin}/ca-apache-php
[apache-php-service]
recipe = slapos.cookbook:wrapper
command-line = ${ca-apache-php:wrapper}
wrapper-path = ${directory:services}/apache-php
hash-files = ${buildout:directory}/software_release/buildout.cfg
depends =
${copy-application:recipe}
${apache-graceful:recipe}
[copy-application]
recipe = plone.recipe.command
command = if [ -z "$(ls -A ${directory:www})" ]; then
rm -rf ${directory:www};
cp -ax {{ parameter_dict['application-location'] }}/ ${directory:www};
fi
update-command = ${:command}
stop-on-error = true
[mariadb-urlparse]
recipe = slapos.cookbook:urlparse
url = {{ slapparameter_dict['database-list'][0] }}
#----------------
#--
#-- Common network parameters
[apache-network-configuration]
listening-ip = {{ (ipv6 | list)[0] }}
listening-port = 9988
#----------------
#--
#-- Deploy Apache + PHP application.
[apache-php-configuration]
document-root = ${directory:www}
pid-file = ${directory:run}/apache.pid
lock-file = ${directory:run}/apache.lock
ip = ${apache-network-configuration:listening-ip}
port = ${apache-network-configuration:listening-port}
url = https://[${:ip}]:${:port}/
error-log = ${directory:httpd-log}/error.log
access-log = ${directory:httpd-log}/access.log
php-ini-dir = ${directory:php-ini-dir}
cert-file = ${ca-directory:certs}/httpd.crt
key-file = ${ca-directory:certs}/httpd.key
apache-config-dir = ${directory:apache.d}
[apache-php-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-apache-conf'] }}
rendered = ${directory:etc}/apache.conf
context =
section parameter_dict apache-php-configuration
extensions = jinja2.ext.do
mode = 0644
[apache-php-wrapper]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:bin}/apache-wrapper
command-line = "{{ parameter_dict['apache-location'] }}/bin/httpd" -f "${apache-php-conf:rendered}" -DFOREGROUND
wait-for-files =
${ca-directory:certs}/httpd.crt
${ca-directory:certs}/httpd.key
[apache-graceful]
recipe = collective.recipe.template
output = ${directory:bin}/apache-httpd-graceful
mode = 700
input = inline:
#!/bin/sh
kill -USR1 "$(cat '${apache-php-configuration:pid-file}')"
[logrotate-entry-apache]
<= logrotate-entry-base
name = apache
log = ${apache-php-configuration:error-log} ${apache-php-configuration:access-log}
frequency = daily
rotate-num = 30
[php.ini-configuration]
tmp-dir = ${directory:tmp-php}
php-upload-dir = ${directory:upload-tmp}
[php.ini-conf]
recipe = slapos.recipe.template:jinja2
template = {{ parameter_dict['template-php-ini'] }}
rendered = ${directory:php-ini-dir}/php.ini
context =
section parameter_dict php.ini-configuration
section instance_dict instance-parameter
extensions = jinja2.ext.do
mode = 0644
[instance-parameter]
db-user = ${mariadb-urlparse:username}
db-password = ${mariadb-urlparse:password}
db-name = ${mariadb-urlparse:path}
db-host = ${mariadb-urlparse:host}
db-port = ${mariadb-urlparse:port}
document-root = ${apache-php-configuration:document-root}
backend-url = ${apache-php-configuration:url}
php-bin = {{ parameter_dict['apache-php-location'] }}/bin/php
php-ini = ${php.ini-conf:rendered}
#----------------
#--
#-- Publish instance parameters.
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish.serialised
backend-url = ${apache-php-configuration:url}
#----------------
#--
#-- Deploy promises scripts.
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[promise]
# Check any apache port in ipv4, expect other ports and ipv6 to behave consistently
<= promise-base
module = check_port_listening
name = apache-httpd-port-listening.py
config-hostname = ${apache-php-configuration:ip}
config-port = ${apache-php-configuration:port}
[slap-parameter]
{% for key, value in slapparameter_dict.items() -%}
{{ key }} = {{ value }}
{% endfor -%}
\ No newline at end of file
{% set publish_dict = {} -%}
{% set part_list = [] -%}
{% set ipv6 = (ipv6 | list)[0] -%}
{% set monitor_base_url_dict = {} -%}
{% set mariadb_dict = {} -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
plugins = ${:etc}/plugin
[request-common]
recipe = slapos.cookbook:request.serialised
software-url = ${slap-connection:software-release-url}
server-url = ${slap-connection:server-url}
key-file = ${slap-connection:key-file}
cert-file = ${slap-connection:cert-file}
computer-id = ${slap-connection:computer-id}
partition-id = ${slap-connection:partition-id}
[promise-base]
recipe = slapos.cookbook:promise.plugin
eggs =
slapos.toolbox
mode = 644
output = ${directory:plugins}/$${:name}
content =
from slapos.promise.plugin.${:module} import RunPromise
[request-apache]
<= request-common
software-type = apache
name = apache-php
sla-computer_guid = {{ dumps(slapparameter_dict.get('apache-computer-guid', '')) }}
{% for key, value in slapparameter_dict.items() -%}
{% if key.startswith('instance.') -%}
config-{{ key }} = {{ dumps(value) }}
{% endif -%}
{% endfor -%}
config-database-list = ${request-mariadb:connection-database-list}
return =
backend-url
monitor-base-url
{% do part_list.append('request-apache') -%}
{% do publish_dict.__setitem__('backend-url', '${request-apache:connection-backend-url}') -%}
{% do monitor_base_url_dict.__setitem__('apache', '${request-apache:connection-monitor-base-url}') -%}
{% do mariadb_dict.__setitem__('database-list', [{'name': 'nextcloud', 'user': 'nextcloud', 'password': 'insecure'}]) -%}
{% do mariadb_dict.__setitem__('test-database-amount', 0) -%}
{% do mariadb_dict.__setitem__('tcpv4-port', 2099) -%}
{% do mariadb_dict.__setitem__('max-slowqueries-threshold', 1000) -%}
{% do mariadb_dict.__setitem__('slowest-query-threshold', '') -%}
{% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
{% do mariadb_dict.__setitem__('monitor-passwd', '${monitor-htpasswd:passwd}') -%}
{% do mariadb_dict.__setitem__('name', 'Mariadb') -%}
{% do mariadb_dict.__setitem__('innodb-file-per-table', slapparameter_dict.get('innodb-file-per-table', 1)) -%}
[request-mariadb]
<= request-common
software-type = mariadb
name = Mariadb
sla-computer_guid = {{ dumps(slapparameter_dict.get('mariadb-computer-guid', '')) }}
{% for key, value in mariadb_dict.items() -%}
config-{{ key }} = {{ dumps(value) }}
{% endfor -%}
return =
database-list
monitor-base-url
{% do part_list.append('request-mariadb') -%}
{% do publish_dict.__setitem__('mariadb-url-list', '${request-mariadb:connection-database-list}') -%}
{% do monitor_base_url_dict.__setitem__('mariadb', '${request-mariadb:connection-monitor-base-url}') -%}
[request-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Instance Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
slave = true
config-url = ${request-apache:connection-backend-url}
config-https-only = true
return = domain secure_access
[lamp-frontend-promise]
<= monitor-promise-base
module = check_url_available
name = lamp-http-frontend.py
url = ${request-frontend:connection-secure_access}
config-url = ${:url}
config-custom-domain = {{ slapparameter_dict.get('custom-domain', '') }}
config-check-secure = 1
{% do publish_dict.__setitem__('url', '${lamp-frontend-promise:url}') -%}
[publish-early]
recipe = slapos.cookbook:publish-early
-init =
monitor-password monitor-htpasswd:passwd
[monitor-instance-parameter]
monitor-httpd-port = 8060
cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }}
username = admin
password = ${monitor-htpasswd:passwd}
[monitor-base-url-dict]
{% for key, value in monitor_base_url_dict.items() -%}
{{ key }} = {{ value }}
{% endfor %}
[monitor-conf-parameters]
[publish-connection-information]
recipe = slapos.cookbook:publish
{% for name, value in publish_dict.items() -%}
{{ name }} = {{ value }}
{% endfor %}
{% set monitor_interface_url = slapparameter_dict.get('monitor-interface-url', 'https://monitor.app.officejs.com') -%}
monitor-setup-url = {{ monitor_interface_url }}/#page=settings_configurator&url=${monitor-publish-parameters:monitor-url}&username=${monitor-publish-parameters:monitor-user}&password=${monitor-publish-parameters:monitor-password}
monitor-password = ${publish-early:monitor-password}
monitor-user = ${monitor-publish-parameters:monitor-user}
{% do part_list.append('monitor-base') -%}
[buildout]
extends =
{{ template_monitor }}
parts =
publish-connection-information
# Complete parts with sections
{{ part_list | join('\n ') }}
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
\ No newline at end of file
# vim: set ft=cfg:
{% import 'parts' as parts %}
{% import 'replicated' as replicated %}
[buildout]
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
# += because we need to take up parts (like instance-custom, slapmonitor etc) from the profile we extended
parts +=
{{ parts.replicate("apache", "3") }}
publish-connection-information
{{ replicated.replicate("apache", "3", "apache-export", "apache-import") }}
# Bubble up the parameters
[request-apache]
return = url ssh-public-key ssh-url notification-id ip url backend_url
# XXX: hardcoded values
config-mariadb1-computer-guid = ${slap-parameter:mariadb1-computer-guid}
config-pbs-mariadb1-computer-guid = ${slap-parameter:pbs-mariadb1-computer-guid}
config-mariadb2-computer-guid = ${slap-parameter:mariadb2-computer-guid}
config-pbs-mariadb2-computer-guid = ${slap-parameter:pbs-mariadb2-computer-guid}
config-mariadb3-computer-guid = ${slap-parameter:mariadb3-computer-guid}
config-pbs-mariadb3-computer-guid = ${slap-parameter:pbs-mariadb3-computer-guid}
config-domain = ${slap-parameter:domain}
[publish-connection-information]
recipe = slapos.cookbook:publish
backend_url = ${request-apache:connection-backend_url}
url = ${request-apache:connection-url}
[slap-parameter]
# Default parameters for distributed deployment
# I.e state "backup1 of maria should go there, ..."
# XXX-Cedric: Hardcoded number of backups. Should be dynamically generated.
mariadb1-computer-guid =
pbs-mariadb1-computer-guid =
mariadb2-computer-guid =
pbs-mariadb2-computer-guid =
mariadb3-computer-guid =
pbs-mariadb3-computer-guid =
# XXX-Cedric: Hardcoded parameters. Should be dynamically generated.
domain =
......@@ -3,22 +3,101 @@
parts =
switch_softwaretype
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
eggs-directory = {{ buildout_egg_directory }}
develop-eggs-directory = {{ buildout_develop_directory }}
offline = true
[switch_softwaretype]
recipe = slapos.cookbook:softwaretype
default = ${instance-apache-php:output}
resilient = ${instance-resilient:rendered}
mariadb = ${instance-mariadb:output}
mariadb-import = ${instance-mariadb-import:output}
mariadb-export = ${instance-mariadb-export:output}
apache-import = ${instance-apache-import:output}
apache-export = ${instance-apache-export:rendered}
#frozen creates a syntax error, meaning it can keep its data.
#It's dirty as hell, it needs to be replaced.
frozen = ${instance-frozen:output}
pull-backup = ${template-pull-backup:output}
#recipe = slapos.cookbook:softwaretype
recipe = slapos.cookbook:switch-softwaretype
default = dynamic-template-lamp:rendered
RootSoftwareInstance = ${:default}
mariadb = dynamic-template-mariadb:rendered
apache = dynamic-template-apache-php:rendered
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
extensions = jinja2.ext.do
mode = 0644
extra-context =
context =
key develop_eggs_directory buildout:develop-eggs-directory
key eggs_directory buildout:eggs-directory
key ipv4 slap-configuration:ipv4
key ipv6 slap-configuration:ipv6
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
raw template_monitor {{ template_monitor }}
raw openssl_location {{ openssl_location }}
raw logrotate_cfg {{ logrotate_cfg }}
${:extra-context}
[dynamic-template-lamp-parameters]
[dynamic-template-lamp]
<= jinja2-template-base
template = {{ template_lamp }}
filename = template-lamp.cfg
extra-context =
section parameter_dict dynamic-template-lamp-parameters
[dynamic-template-apache-php-parameters]
application-location = {{ application_location }}
application-part-list = {{ application_deployment_part_list }}
template-apache-conf = {{ template_apache_conf }}
apache-location = {{ apache_location }}
apache-php-location = {{ apache_php_location }}
template-php-ini = {{ template_php_ini }}
# XXX no failure if `custom_application_template` is empty
[application-parameters]
custom-application-template = {{ custom_application_template }}
[dynamic-template-apache-php]
<= jinja2-template-base
template = {{ template_apache_php }}
filename = template-apache-php.cfg
extra-context =
key custom_application_template application-parameters:custom-application-template
section parameter_dict dynamic-template-apache-php-parameters
[dynamic-template-mariadb-parameters]
bash = {{ bash_location }}
coreutils-location = {{ coreutils_location }}
dash-location = {{ dash_location }}
findutils-location = {{ findutils_location }}
gzip-location = {{ gzip_location }}
mariadb-location = {{ mariadb_location }}
template-my-cnf = {{ template_my_cnf }}
template-mariadb-initial-setup = {{ template_mariadb_initial_setup }}
link-binary = {{ dumps(mariadb_link_binary) }}
mariadb-resiliency-after-import-script = {{ mariadb_resiliency_after_import_script }}
mariadb-slow-query-report-script = {{ mariadb_slow_query_report_script }}
mariadb-start-clone-from-backup = {{ mariadb_start_clone_from_backup }}
promise-check-slow-queries-digest-result = {{ bin_directory }}/check-slow-queries-digest-result
percona-tools-location = {{ percona_toolkit_location }}
unixodbc-location = {{ unixodbc_location }}
check-computer-memory-binary = {{ bin_directory }}/check-computer-memory
bin-directory = {{ bin_directory }}
[dynamic-template-mariadb]
<= jinja2-template-base
template = {{ template_mariadb }}
filename = instance-mariadb.cfg
extra-context =
key ipv4_set slap-configuration:ipv4
key ipv6_set slap-configuration:ipv6
raw bin_directory {{ bin_directory }}
section parameter_dict dynamic-template-mariadb-parameters
[buildout]
extends = ${instance-mariadb:output}
${pbsready-export:output}
# Repeating parts from instance-mariadb.
parts +=
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define exporter strategy
[exporter]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/$${slap-parameter:namebase}-exporter
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
mydumper-binary = ${mydumper:location}/bin/mydumper
database = $${mariadb:database}
import = false
# Extends publish section with resilient parameters
[urls]
<= resilient-publish-connection-parameter
[buildout]
extends = ${instance-mariadb:output}
${pbsready-import:output}
[importer]
recipe = slapos.cookbook:mydumper
wrapper = $${rootdirectory:bin}/myloader
backup-directory = $${directory:backup}
socket = $${mariadb:socket}
user = root
myloader-binary = ${mydumper:location}/bin/myloader
database = $${mariadb:database}
import = true
[buildout]
parts =
urls
mariadb
stunnel
certificate-authority
ca-stunnel
logrotate
logrotate-entry-mariadb
logrotate-entry-stunnel
logrotate-entry-cron
cron
cron-entry-logrotate
# Define egg directories to be the one from Software Release
# (/opt/slapgrid/...)
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
#----------------
#--
#-- Creation of all needed directories.
[rootdirectory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
var = $${buildout:directory}/var
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
[basedirectory]
recipe = slapos.cookbook:mkdirectory
log = $${rootdirectory:var}/log
services = $${rootdirectory:etc}/service
run = $${rootdirectory:var}/run
script = $${rootdirectory:etc}/script
backup = $${rootdirectory:srv}/backup
promises = $${rootdirectory:etc}/promise
[directory]
recipe = slapos.cookbook:mkdirectory
cron-entries = $${rootdirectory:etc}/cron.d
crontabs = $${rootdirectory:etc}/crontabs
cronstamps = $${rootdirectory:etc}/cronstamps
ca-dir = $${rootdirectory:srv}/ssl
mariadb-data = $${rootdirectory:srv}/mariadb
logrotate-entries = $${rootdirectory:etc}/logrotate.d
logrotate-backup = $${basedirectory:backup}/logrotate
report = $${rootdirectory:etc}/report
stunnel-conf = $${rootdirectory:etc}/stunnel
xml-report = $${rootdirectory:var}/xml_report
#----------------
#--
#-- Deploy cron.
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron:location}/sbin/crond
cron-entries = $${directory:cron-entries}
crontabs = $${directory:crontabs}
cronstamps = $${directory:cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${basedirectory:services}/crond
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${rootdirectory:bin}/cron_simplelogger
log = $${basedirectory:log}/crond.log
#----------------
#--
#-- Deploy logrotate.
[cron-entry-logrotate]
<= cron
recipe = slapos.cookbook:cron.d
name = logrotate
frequency = 0 0 * * *
command = $${logrotate:wrapper}
[logrotate]
recipe = slapos.cookbook:logrotate
# Binaries
logrotate-binary = ${logrotate:location}/usr/sbin/logrotate
gzip-binary = ${gzip:location}/bin/gzip
gunzip-binary = ${gzip:location}/bin/gunzip
# Directories
wrapper = $${rootdirectory:bin}/logrotate
conf = $${rootdirectory:etc}/logrotate.conf
logrotate-entries = $${directory:logrotate-entries}
backup = $${directory:logrotate-backup}
state-file = $${rootdirectory:srv}/logrotate.status
[logrotate-entry-mariadb]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = mariadb
log = $${mariadb:error-log}
frequency = daily
rotate-num = 30
post = $${mariadb:logrotate-post}
sharedscripts = true
notifempty = true
create = true
[logrotate-entry-stunnel]
<= logrotate
recipe = slapos.cookbook:logrotate.d
name = stunnel
log = $${stunnel:log-file}
frequency = daily
rotate-num = 30
notifempty = true
create = true
post = $${stunnel:post-rotate-script}
[logrotate-entry-cron]
<= logrotate
recipe =slapos.cookbook:logrotate.d
name = crond
log = $${cron-simplelogger:log}
frequency = daily
rotate-num = 30
notifempty = true
create = true
#----------------
#--
#-- Deploy stunnel.
[stunnel]
recipe = slapos.cookbook:stunnel
stunnel-binary = ${stunnel:location}/bin/stunnel
wrapper = $${rootdirectory:bin}/stunnel
log-file = $${basedirectory:log}/stunnel.log
config-file = $${directory:stunnel-conf}/stunnel.conf
key-file = $${directory:stunnel-conf}/stunnel.key
cert-file = $${directory:stunnel-conf}/stunnel.crt
pid-file = $${basedirectory:run}/stunnel.pid
local-host = $${mariadb:ip}
local-port = $${mariadb:port}
remote-host = $${slap-network-information:global-ipv6}
remote-port = 6446
client = false
post-rotate-script = $${rootdirectory:bin}/stunnel_post_rotate
#----------------
#--
#-- Certificate stuff.
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
openssl-binary = ${openssl:location}/bin/openssl
ca-dir = $${directory:ca-dir}
requests-directory = $${cadirectory:requests}
wrapper = $${basedirectory:services}/ca
ca-private = $${cadirectory:private}
ca-certs = $${cadirectory:certs}
ca-newcerts = $${cadirectory:newcerts}
ca-crl = $${cadirectory:crl}
[cadirectory]
recipe = slapos.cookbook:mkdirectory
requests = $${directory:ca-dir}/requests/
private = $${directory:ca-dir}/private/
certs = $${directory:ca-dir}/certs/
newcerts = $${directory:ca-dir}/newcerts/
crl = $${directory:ca-dir}/crl/
[ca-stunnel]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${stunnel:wrapper}
wrapper = $${basedirectory:services}/stunnel
key-file = $${stunnel:key-file}
cert-file = $${stunnel:cert-file}
#----------------
#--
#-- Creates a MariaDB configuration file, and a database.
[mariadb]
recipe = slapos.cookbook:mysql
# Options
recovering = false
user = user
password = $${mysql-password:passwd}
port = 33060
ip = $${slap-network-information:local-ipv4}
database = db
# Paths
wrapper = $${basedirectory:services}/mariadb
update-wrapper = $${basedirectory:services}/mariadb_update
logrotate-post = $${rootdirectory:bin}/mariadb_post_logrotate
data-directory = $${directory:mariadb-data}
pid-file = $${basedirectory:run}/mariadb.pid
socket = $${basedirectory:run}/mariadb.sock
error-log = $${basedirectory:log}/mariadb_error.log
conf-file = $${rootdirectory:etc}/mariadb.cnf
promise = $${basedirectory:promises}/mysql
# Binary information
mysql-base-directory = ${mariadb:location}
mysql-binary = ${mariadb:location}/bin/mysql
mysql-install-binary = ${mariadb:location}/scripts/mysql_install_db
mysql-upgrade-binary = ${mariadb:location}/bin/mysql_upgrade
mysqld-binary = ${mariadb:location}/bin/mysqld
[mysql-password]
recipe = slapos.cookbook:generate.password
storage-path = $${rootdirectory:etc}/.passwd
bytes = 4
#----------------
#--
#-- Publish instance parameters.
[urls]
recipe = slapos.cookbook:publish
url = mysqls://$${mariadb:user}:$${mariadb:password}@[$${stunnel:remote-host}]:$${stunnel:remote-port}/$${mariadb:database}
ip = $${slap-network-information:global-ipv6}
[slap-parameter]
#Default value if no ssh parameters specified
logbox-ip =
logbox-port =
logbox-user =
logbox-passwd =
[PHP]
engine = On
safe_mode = Off
expose_php = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = On
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
session.save_path = "{{ parameter_dict['tmp-dir'] }}"
session.auto_start = 0
date.timezone = {{ instance_dict.get('php.date.timezone', 'Europe/Paris') }}
file_uploads = On
upload_max_filesize = {{ instance_dict.get('php.upload_max_filesize', '8M') }}
post_max_size = {{ instance_dict.get('php.post_max_size', '8M') }}
magic_quotes_gpc=Off
memory_limit = {{ instance_dict.get('php.memory_limit', '128M') }}
session.cookie_secure = True
max_execution_time = {{ instance_dict.get('php.max_execution_time', 60) }}
max_input_time = {{ instance_dict.get('php.max_input_time', 60) }}
output_buffering = {{ instance_dict.get('php.output_buffering', 4096) }}
max_file_uploads = {{ instance_dict.get('php.max_file_uploads', 20) }}
#extension_dir="./"#
sys_temp_dir="{{ parameter_dict['tmp-dir'] }}"
upload_tmp_dir="{{ parameter_dict['php-upload-dir'] }}"
zend_extension=opcache
extension=apcu
extension=redis
extension=imagick
apc.enabled=1
apc.file_update_protection=2
apc.optimization=0
apc.shm_size=256M
apc.include_once_override=0
apc.shm_segments=1
apc.ttl=7200
apc.user_ttl=7200
apc.gc_ttl=3600
apc.num_files_hint=1024
apc.enable_cli=0
apc.max_file_size=5M
apc.cache_by_default=1
apc.use_request_time=1
apc.slam_defense=0
apc.mmap_file_mask="{{ parameter_dict['tmp-dir'] }}/apc.XXXXXX"
apc.stat_ctime=0
apc.canonicalize=1
apc.write_lock=1
apc.report_autofilter=0
apc.rfc1867=0
apc.rfc1867_prefix =upload_
apc.rfc1867_name=APC_UPLOAD_PROGRESS
apc.rfc1867_freq=0
apc.rfc1867_ttl=3600
apc.lazy_classes=0
apc.lazy_functions=0
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment