parent
20471ebaa8
commit
24b0b1eedc
|
@ -9,25 +9,11 @@ define sunetdrive::app_type (
|
|||
$environment = sunetdrive::get_environment()
|
||||
$customer = sunetdrive::get_customer()
|
||||
$nodenumber = sunetdrive::get_node_number()
|
||||
|
||||
# Common settings for multinode and full nodes
|
||||
$nextcloud_ip = $config['app']
|
||||
$s3_bucket = $config['s3_bucket']
|
||||
$s3_host = $config['s3_host']
|
||||
$site_name = $config['site_name']
|
||||
$trusted_domains = $config['trusted_domains']
|
||||
$trusted_proxies = $config['trusted_proxies']
|
||||
|
||||
# These are encrypted values from local.eyaml
|
||||
$gss_jwt_key = safe_hiera('gss_jwt_key')
|
||||
$smtppassword = safe_hiera('smtp_password')
|
||||
|
||||
$is_multinode = (($override_config != undef) and ($override_compose != undef))
|
||||
if $is_multinode {
|
||||
# The config used
|
||||
$config = $override_config
|
||||
# Other settings
|
||||
$redis_host = $config['redis_host']
|
||||
$admin_password = $config[ 'admin_password' ]
|
||||
$dbhost = $config[ 'dbhost' ]
|
||||
$dbname = $config[ 'dbname' ]
|
||||
|
@ -39,24 +25,11 @@ define sunetdrive::app_type (
|
|||
$s3_key = $config[ 's3_key' ]
|
||||
$s3_secret = $config[ 's3_secret' ]
|
||||
$secret = $config[ 'secret' ]
|
||||
$session_save_handler = 'redis'
|
||||
$session_save_path = "tcp://${redis_host}:6379?auth=${redis_host_password}"
|
||||
} else {
|
||||
# The config used
|
||||
$config = hiera_hash($environment)
|
||||
$skeletondirectory = $config['skeletondirectory']
|
||||
# Other settings
|
||||
$redis_seeds = [
|
||||
{'host' => "redis1.${site_name}", 'port' => 6379},
|
||||
{'host' => "redis2.${site_name}", 'port' => 6379},
|
||||
{'host' => "redis3.${site_name}", 'port' => 6379},
|
||||
{'host' => "redis1.${site_name}", 'port' => 6380},
|
||||
{'host' => "redis2.${site_name}", 'port' => 6380},
|
||||
{'host' => "redis3.${site_name}", 'port' => 6380},
|
||||
{'host' => "redis1.${site_name}", 'port' => 6381},
|
||||
{'host' => "redis2.${site_name}", 'port' => 6381},
|
||||
{'host' => "redis3.${site_name}", 'port' => 6381},
|
||||
]
|
||||
$admin_password = safe_hiera('admin_password')
|
||||
$dbhost = 'proxysql_proxysql_1'
|
||||
$dbname = 'nextcloud'
|
||||
|
@ -69,13 +42,30 @@ define sunetdrive::app_type (
|
|||
$s3_key = safe_hiera('s3_key')
|
||||
$s3_secret = safe_hiera('s3_secret')
|
||||
$secret = safe_hiera('secret')
|
||||
$session_save_handler = 'rediscluster'
|
||||
$session_save_path = "seed[]=${redis_seeds[0]['host']}:${redis_seeds[0]['port']}&seed[]=${redis_seeds[1]['host']}:${redis_seeds[1]['port']}&seed[]=${redis_seeds[2]['host']}:${redis_seeds[2]['port']}&seed[]=${redis_seeds[3]['host']}:${redis_seeds[3]['port']}&seed[]=${redis_seeds[4]['host']}:${redis_seeds[4]['port']}&seed[]=${redis_seeds[5]['host']}:${redis_seeds[6]['port']}&seed[]=${redis_seeds[7]['host']}:${redis_seeds[7]['port']}&seed[]=${redis_seeds[8]['host']}:${redis_seeds[8]['port']}&timeout=2&read_timeout=2&failover=error&persistent=1&auth=${redis_cluster_password}&stream[verify_peer]=0"
|
||||
}
|
||||
$twofactor_enforced_groups = hiera_array('twofactor_enforced_groups')
|
||||
$twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups')
|
||||
$nextcloud_version = hiera("nextcloud_version_${environment}")
|
||||
$nextcloud_version_string = split($nextcloud_version, '[-]')[0]
|
||||
# Common settings for multinode and full nodes
|
||||
$nextcloud_ip = $config['app']
|
||||
$redis_host = $config['redis_host']
|
||||
$s3_bucket = $config['s3_bucket']
|
||||
$s3_host = $config['s3_host']
|
||||
$site_name = $config['site_name']
|
||||
$trusted_domains = $config['trusted_domains']
|
||||
$trusted_proxies = $config['trusted_proxies']
|
||||
if $location == 'kau-prod' {
|
||||
$php_memory_limit_mb = 2048
|
||||
} else {
|
||||
$php_memory_limit_mb = 512
|
||||
}
|
||||
|
||||
# These are encrypted values from local.eyaml
|
||||
|
||||
$gss_jwt_key = safe_hiera('gss_jwt_key')
|
||||
$smtppassword = safe_hiera('smtp_password')
|
||||
|
||||
#These are global values from common.yaml
|
||||
$gs_enabled = hiera('gs_enabled')
|
||||
$gs_federation = hiera('gs_federation')
|
||||
|
@ -99,14 +89,6 @@ define sunetdrive::app_type (
|
|||
$lb_servers = hiera_hash($environment)['lb_servers']
|
||||
$document_servers = hiera_hash($environment)['document_servers']
|
||||
|
||||
file { '/opt/nextcloud/nce.ini':
|
||||
ensure => file,
|
||||
force => true,
|
||||
owner => 'www-data',
|
||||
group => 'root',
|
||||
content => template('sunetdrive/application/nce.ini.erb'),
|
||||
mode => '0644',
|
||||
}
|
||||
unless $is_multinode{
|
||||
user { 'www-data': ensure => present, system => true }
|
||||
|
||||
|
@ -150,7 +132,12 @@ define sunetdrive::app_type (
|
|||
group => 'root',
|
||||
}
|
||||
file { '/usr/local/bin/upgrade23-25.sh':
|
||||
ensure => absent,
|
||||
ensure => present,
|
||||
force => true,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('sunetdrive/application/upgrade23-25.erb.sh'),
|
||||
mode => '0744',
|
||||
}
|
||||
file { '/opt/rotate/conf.d/nextcloud.conf':
|
||||
ensure => file,
|
||||
|
@ -215,6 +202,32 @@ define sunetdrive::app_type (
|
|||
content => template('sunetdrive/application/rclone.conf.erb'),
|
||||
mode => '0644',
|
||||
}
|
||||
file { '/opt/nextcloud/apache.php.ini':
|
||||
ensure => file,
|
||||
force => true,
|
||||
owner => 'www-data',
|
||||
group => 'root',
|
||||
content => template('sunetdrive/application/apache.php.ini.erb'),
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
file { '/opt/nextcloud/apcu.ini':
|
||||
ensure => file,
|
||||
force => true,
|
||||
owner => 'www-data',
|
||||
group => 'root',
|
||||
content => template('sunetdrive/application/apcu.ini.erb'),
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
file { '/opt/nextcloud/cli.php.ini':
|
||||
ensure => file,
|
||||
force => true,
|
||||
owner => 'www-data',
|
||||
group => 'root',
|
||||
content => template('sunetdrive/application/cli.php.ini.erb'),
|
||||
mode => '0644',
|
||||
}
|
||||
file { '/usr/local/bin/migrate_external_mounts':
|
||||
ensure => file,
|
||||
force => true,
|
||||
|
|
160
templates/application/apache.php.ini.erb
Normal file
160
templates/application/apache.php.ini.erb
Normal file
|
@ -0,0 +1,160 @@
|
|||
[PHP]
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
auto_append_file =
|
||||
auto_globals_jit = On
|
||||
auto_prepend_file =
|
||||
default_charset = "UTF-8"
|
||||
default_mimetype = "text/html"
|
||||
default_socket_timeout = 60
|
||||
disable_classes =
|
||||
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
doc_root =
|
||||
enable_dl = Off
|
||||
engine = On
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
expose_php = Off
|
||||
file_uploads = On
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
implicit_flush = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
max_execution_time = 86400
|
||||
max_file_uploads = 20
|
||||
max_input_time = 86400
|
||||
memory_limit = <%= @php_memory_limit_mb %>M
|
||||
output_buffering = Off
|
||||
post_max_size = 30G
|
||||
precision = 14
|
||||
register_argc_argv = Off
|
||||
report_memleaks = On
|
||||
request_order = "GP"
|
||||
serialize_precision = -1
|
||||
short_open_tag = Off
|
||||
unserialize_callback_func =
|
||||
upload_max_filesize = 30G
|
||||
user_dir =
|
||||
variables_order = "GPCS"
|
||||
zend.enable_gc = On
|
||||
zend.exception_ignore_args = On
|
||||
zlib.output_compression = Off
|
||||
<% if @customer == "kau" -%>
|
||||
upload_tmp_dir = /opt/tmp/
|
||||
<% end %>
|
||||
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
[Date]
|
||||
; Nothing here
|
||||
[filter]
|
||||
; Nothing here
|
||||
[iconv]
|
||||
; Nothing here
|
||||
[imap]
|
||||
; Nothing here
|
||||
[intl]
|
||||
; Nothing here
|
||||
[sqlite3]
|
||||
; Nothing here
|
||||
[Pcre]
|
||||
; Nothing here
|
||||
[Pdo]
|
||||
; Nothing here
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.default_socket=
|
||||
[Phar]
|
||||
; Nothing here
|
||||
[mail function]
|
||||
SMTP = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = Off
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
[OCI8]
|
||||
; Nothing here
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
[browscap]
|
||||
; Nothing here
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly =
|
||||
session.cookie_samesite =
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
session.sid_length = 26
|
||||
session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
||||
session.sid_bits_per_character = 5
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
[COM]
|
||||
; Nothing here
|
||||
[mbstring]
|
||||
; Nothing here
|
||||
[gd]
|
||||
; Nothing here
|
||||
[exif]
|
||||
; Nothing here
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled=1
|
||||
soap.wsdl_cache_dir="/tmp"
|
||||
soap.wsdl_cache_ttl=86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
[sysvshm]
|
||||
; Nothing here
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
[dba]
|
||||
; Nothing here
|
||||
[opcache]
|
||||
opcache.interned_strings_buffer=32
|
||||
[curl]
|
||||
; Nothing here
|
||||
[openssl]
|
||||
; Nothing here
|
||||
[ffi]
|
||||
; Nothing here
|
2
templates/application/apcu.ini.erb
Normal file
2
templates/application/apcu.ini.erb
Normal file
|
@ -0,0 +1,2 @@
|
|||
extension=apcu.so
|
||||
apc.enable_cli=1
|
158
templates/application/cli.php.ini.erb
Normal file
158
templates/application/cli.php.ini.erb
Normal file
|
@ -0,0 +1,158 @@
|
|||
[PHP]
|
||||
allow_url_fopen = On
|
||||
allow_url_include = Off
|
||||
auto_append_file =
|
||||
auto_globals_jit = On
|
||||
auto_prepend_file =
|
||||
default_charset = "UTF-8"
|
||||
default_mimetype = "text/html"
|
||||
default_socket_timeout = 60
|
||||
disable_classes =
|
||||
disable_functions =
|
||||
display_errors = Off
|
||||
display_startup_errors = Off
|
||||
doc_root =
|
||||
enable_dl = Off
|
||||
engine = On
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
expose_php = On
|
||||
file_uploads = On
|
||||
ignore_repeated_errors = Off
|
||||
ignore_repeated_source = Off
|
||||
implicit_flush = Off
|
||||
log_errors = On
|
||||
log_errors_max_len = 1024
|
||||
max_execution_time = 86400
|
||||
max_file_uploads = 20
|
||||
max_input_time = 86400
|
||||
memory_limit = -1
|
||||
output_buffering = Off
|
||||
post_max_size = 16G
|
||||
precision = 14
|
||||
register_argc_argv = Off
|
||||
report_memleaks = On
|
||||
request_order = "GP"
|
||||
serialize_precision = -1
|
||||
short_open_tag = Off
|
||||
unserialize_callback_func =
|
||||
upload_max_filesize = 16G
|
||||
user_dir =
|
||||
variables_order = "GPCS"
|
||||
zend.enable_gc = On
|
||||
zend.exception_ignore_args = On
|
||||
zlib.output_compression = Off
|
||||
[CLI Server]
|
||||
cli_server.color = On
|
||||
[Date]
|
||||
; Nothing here
|
||||
[filter]
|
||||
; Nothing here
|
||||
[iconv]
|
||||
; Nothing here
|
||||
[imap]
|
||||
; Nothing here
|
||||
[intl]
|
||||
; Nothing here
|
||||
[sqlite3]
|
||||
; Nothing here
|
||||
[Pcre]
|
||||
; Nothing here
|
||||
[Pdo]
|
||||
; Nothing here
|
||||
[Pdo_mysql]
|
||||
pdo_mysql.default_socket=
|
||||
[Phar]
|
||||
; Nothing here
|
||||
[mail function]
|
||||
SMTP = localhost
|
||||
smtp_port = 25
|
||||
mail.add_x_header = Off
|
||||
[ODBC]
|
||||
odbc.allow_persistent = On
|
||||
odbc.check_persistent = On
|
||||
odbc.max_persistent = -1
|
||||
odbc.max_links = -1
|
||||
odbc.defaultlrl = 4096
|
||||
odbc.defaultbinmode = 1
|
||||
[MySQLi]
|
||||
mysqli.max_persistent = -1
|
||||
mysqli.allow_persistent = On
|
||||
mysqli.max_links = -1
|
||||
mysqli.default_port = 3306
|
||||
mysqli.default_socket =
|
||||
mysqli.default_host =
|
||||
mysqli.default_user =
|
||||
mysqli.default_pw =
|
||||
mysqli.reconnect = Off
|
||||
[mysqlnd]
|
||||
mysqlnd.collect_statistics = On
|
||||
mysqlnd.collect_memory_statistics = Off
|
||||
[OCI8]
|
||||
; Nothing here
|
||||
[PostgreSQL]
|
||||
pgsql.allow_persistent = On
|
||||
pgsql.auto_reset_persistent = Off
|
||||
pgsql.max_persistent = -1
|
||||
pgsql.max_links = -1
|
||||
pgsql.ignore_notice = 0
|
||||
pgsql.log_notice = 0
|
||||
[bcmath]
|
||||
bcmath.scale = 0
|
||||
[browscap]
|
||||
; Nothing here
|
||||
[Session]
|
||||
session.save_handler = files
|
||||
session.use_strict_mode = 0
|
||||
session.use_cookies = 1
|
||||
session.use_only_cookies = 1
|
||||
session.name = PHPSESSID
|
||||
session.auto_start = 0
|
||||
session.cookie_lifetime = 0
|
||||
session.cookie_path = /
|
||||
session.cookie_domain =
|
||||
session.cookie_httponly =
|
||||
session.cookie_samesite =
|
||||
session.serialize_handler = php
|
||||
session.gc_probability = 0
|
||||
session.gc_divisor = 1000
|
||||
session.gc_maxlifetime = 1440
|
||||
session.referer_check =
|
||||
session.cache_limiter = nocache
|
||||
session.cache_expire = 180
|
||||
session.use_trans_sid = 0
|
||||
session.sid_length = 26
|
||||
session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
||||
session.sid_bits_per_character = 5
|
||||
[Assertion]
|
||||
zend.assertions = -1
|
||||
[COM]
|
||||
; Nothing here
|
||||
[mbstring]
|
||||
; Nothing here
|
||||
[gd]
|
||||
; Nothing here
|
||||
[exif]
|
||||
; Nothing here
|
||||
[Tidy]
|
||||
tidy.clean_output = Off
|
||||
[soap]
|
||||
soap.wsdl_cache_enabled=1
|
||||
soap.wsdl_cache_dir="/tmp"
|
||||
soap.wsdl_cache_ttl=86400
|
||||
soap.wsdl_cache_limit = 5
|
||||
[sysvshm]
|
||||
; Nothing here
|
||||
[ldap]
|
||||
ldap.max_links = -1
|
||||
[dba]
|
||||
; Nothing here
|
||||
[opcache]
|
||||
opcache.interned_strings_buffer=16
|
||||
opcache.validate_timestamps=0
|
||||
opcache.memory_consumption=128
|
||||
[curl]
|
||||
; Nothing here
|
||||
[openssl]
|
||||
; Nothing here
|
||||
[ffi]
|
||||
; Nothing here
|
|
@ -10,6 +10,7 @@ services:
|
|||
- /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf
|
||||
- /opt/nextcloud/404.html:/var/www/html/404.html
|
||||
- /opt/nextcloud/apache.php.ini:/etc/php/8.0/apache2/php.ini
|
||||
- /opt/nextcloud/apcu.ini:/etc/php/8.0/mods-available/apcu.ini
|
||||
- /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini
|
||||
- /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh
|
||||
- /opt/nextcloud/config.php:/var/www/html/config/config.php
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
memory_limit=2048M
|
||||
max_file_uploads=20
|
||||
upload_max_filesize=30G
|
||||
post_max_size=30G
|
||||
max_execution_time=86400
|
||||
max_input_time=86400
|
||||
session.save_handler = <%= @session_save_handler %>
|
||||
session.save_path = "<%= @session_save_path %>"
|
Loading…
Reference in a new issue