From 24b0b1eedcda33c4271ac4c68a3f6855ec72226d Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 1 Jun 2023 11:47:16 +0200
Subject: [PATCH] Revert "Use nce image"

This reverts commit 20471ebaa8d3cee260c67a4dba0b7ed8a96a65f9.
---
 manifests/app_type.pp                         |  89 +++++-----
 templates/application/apache.php.ini.erb      | 160 ++++++++++++++++++
 templates/application/apcu.ini.erb            |   2 +
 templates/application/cli.php.ini.erb         | 158 +++++++++++++++++
 .../docker-compose_nextcloud.yml.erb          |   1 +
 templates/application/nce.ini.erb             |   8 -
 6 files changed, 372 insertions(+), 46 deletions(-)
 create mode 100644 templates/application/apache.php.ini.erb
 create mode 100644 templates/application/apcu.ini.erb
 create mode 100644 templates/application/cli.php.ini.erb
 delete mode 100644 templates/application/nce.ini.erb

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index a31bf4b..e3ae1ec 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -9,25 +9,11 @@ define sunetdrive::app_type (
   $environment = sunetdrive::get_environment()
   $customer = sunetdrive::get_customer()
   $nodenumber = sunetdrive::get_node_number()
-
-  # Common settings for multinode and full nodes
-  $nextcloud_ip = $config['app']
-  $s3_bucket = $config['s3_bucket']
-  $s3_host = $config['s3_host']
-  $site_name = $config['site_name']
-  $trusted_domains = $config['trusted_domains']
-  $trusted_proxies = $config['trusted_proxies']
-
-  # These are encrypted values from local.eyaml
-  $gss_jwt_key = safe_hiera('gss_jwt_key')
-  $smtppassword = safe_hiera('smtp_password')
-
   $is_multinode = (($override_config != undef) and ($override_compose != undef))
   if $is_multinode {
     # The config used
     $config = $override_config
     # Other settings
-    $redis_host = $config['redis_host']
     $admin_password = $config[ 'admin_password' ]
     $dbhost = $config[ 'dbhost' ]
     $dbname = $config[ 'dbname' ]
@@ -39,24 +25,11 @@ define sunetdrive::app_type (
     $s3_key = $config[ 's3_key' ]
     $s3_secret = $config[ 's3_secret' ]
     $secret = $config[ 'secret' ]
-    $session_save_handler = 'redis'
-    $session_save_path = "tcp://${redis_host}:6379?auth=${redis_host_password}"
   } else {
     # The config used
     $config = hiera_hash($environment)
     $skeletondirectory = $config['skeletondirectory']
     # Other settings
-    $redis_seeds = [
-        {'host' => "redis1.${site_name}", 'port' => 6379},
-        {'host' => "redis2.${site_name}", 'port' => 6379},
-        {'host' => "redis3.${site_name}", 'port' => 6379},
-        {'host' => "redis1.${site_name}", 'port' => 6380},
-        {'host' => "redis2.${site_name}", 'port' => 6380},
-        {'host' => "redis3.${site_name}", 'port' => 6380},
-        {'host' => "redis1.${site_name}", 'port' => 6381},
-        {'host' => "redis2.${site_name}", 'port' => 6381},
-        {'host' => "redis3.${site_name}", 'port' => 6381},
-      ]
     $admin_password = safe_hiera('admin_password')
     $dbhost = 'proxysql_proxysql_1'
     $dbname = 'nextcloud'
@@ -69,13 +42,30 @@ define sunetdrive::app_type (
     $s3_key = safe_hiera('s3_key')
     $s3_secret = safe_hiera('s3_secret')
     $secret = safe_hiera('secret')
-    $session_save_handler = 'rediscluster'
-    $session_save_path = "seed[]=${redis_seeds[0]['host']}:${redis_seeds[0]['port']}&seed[]=${redis_seeds[1]['host']}:${redis_seeds[1]['port']}&seed[]=${redis_seeds[2]['host']}:${redis_seeds[2]['port']}&seed[]=${redis_seeds[3]['host']}:${redis_seeds[3]['port']}&seed[]=${redis_seeds[4]['host']}:${redis_seeds[4]['port']}&seed[]=${redis_seeds[5]['host']}:${redis_seeds[6]['port']}&seed[]=${redis_seeds[7]['host']}:${redis_seeds[7]['port']}&seed[]=${redis_seeds[8]['host']}:${redis_seeds[8]['port']}&timeout=2&read_timeout=2&failover=error&persistent=1&auth=${redis_cluster_password}&stream[verify_peer]=0"
   }
   $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups')
   $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups')
   $nextcloud_version = hiera("nextcloud_version_${environment}")
   $nextcloud_version_string = split($nextcloud_version, '[-]')[0]
+  # Common settings for multinode and full nodes
+  $nextcloud_ip = $config['app']
+  $redis_host = $config['redis_host']
+  $s3_bucket = $config['s3_bucket']
+  $s3_host = $config['s3_host']
+  $site_name = $config['site_name']
+  $trusted_domains = $config['trusted_domains']
+  $trusted_proxies = $config['trusted_proxies']
+  if $location == 'kau-prod' {
+    $php_memory_limit_mb = 2048
+  } else {
+    $php_memory_limit_mb = 512
+  }
+
+  # These are encrypted values from local.eyaml
+
+  $gss_jwt_key = safe_hiera('gss_jwt_key')
+  $smtppassword = safe_hiera('smtp_password')
+
   #These are global values from common.yaml
   $gs_enabled = hiera('gs_enabled')
   $gs_federation = hiera('gs_federation')
@@ -99,14 +89,6 @@ define sunetdrive::app_type (
   $lb_servers = hiera_hash($environment)['lb_servers']
   $document_servers = hiera_hash($environment)['document_servers']
 
-  file { '/opt/nextcloud/nce.ini':
-    ensure  => file,
-    force   => true,
-    owner   => 'www-data',
-    group   => 'root',
-    content => template('sunetdrive/application/nce.ini.erb'),
-    mode    => '0644',
-  }
   unless $is_multinode{
     user { 'www-data': ensure => present, system => true }
 
@@ -150,7 +132,12 @@ define sunetdrive::app_type (
       group   => 'root',
     }
     file { '/usr/local/bin/upgrade23-25.sh':
-      ensure  => absent,
+      ensure  => present,
+      force   => true,
+      owner   => 'root',
+      group   => 'root',
+      content => template('sunetdrive/application/upgrade23-25.erb.sh'),
+      mode    => '0744',
     }
     file { '/opt/rotate/conf.d/nextcloud.conf':
       ensure  => file,
@@ -215,6 +202,32 @@ define sunetdrive::app_type (
       content => template('sunetdrive/application/rclone.conf.erb'),
       mode    => '0644',
     }
+    file { '/opt/nextcloud/apache.php.ini':
+      ensure  => file,
+      force   => true,
+      owner   => 'www-data',
+      group   => 'root',
+      content => template('sunetdrive/application/apache.php.ini.erb'),
+      mode    => '0644',
+    }
+
+    file { '/opt/nextcloud/apcu.ini':
+      ensure  => file,
+      force   => true,
+      owner   => 'www-data',
+      group   => 'root',
+      content => template('sunetdrive/application/apcu.ini.erb'),
+      mode    => '0644',
+    }
+
+    file { '/opt/nextcloud/cli.php.ini':
+      ensure  => file,
+      force   => true,
+      owner   => 'www-data',
+      group   => 'root',
+      content => template('sunetdrive/application/cli.php.ini.erb'),
+      mode    => '0644',
+    }
     file { '/usr/local/bin/migrate_external_mounts':
       ensure  => file,
       force   => true,
diff --git a/templates/application/apache.php.ini.erb b/templates/application/apache.php.ini.erb
new file mode 100644
index 0000000..b7f8d75
--- /dev/null
+++ b/templates/application/apache.php.ini.erb
@@ -0,0 +1,160 @@
+[PHP]
+allow_url_fopen = On
+allow_url_include = Off
+auto_append_file =
+auto_globals_jit = On
+auto_prepend_file =
+default_charset = "UTF-8"
+default_mimetype = "text/html"
+default_socket_timeout = 60
+disable_classes =
+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
+display_errors = Off
+display_startup_errors = Off
+doc_root =
+enable_dl = Off
+engine = On
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+expose_php = Off
+file_uploads = On
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+implicit_flush = Off
+log_errors = On
+log_errors_max_len = 1024
+max_execution_time = 86400
+max_file_uploads = 20
+max_input_time = 86400
+memory_limit = <%= @php_memory_limit_mb %>M
+output_buffering = Off
+post_max_size = 30G
+precision = 14
+register_argc_argv = Off
+report_memleaks = On
+request_order = "GP"
+serialize_precision = -1
+short_open_tag = Off
+unserialize_callback_func =
+upload_max_filesize = 30G
+user_dir =
+variables_order = "GPCS"
+zend.enable_gc = On
+zend.exception_ignore_args = On
+zlib.output_compression = Off
+<% if @customer == "kau" -%>
+upload_tmp_dir = /opt/tmp/
+<% end %>
+
+[CLI Server]
+cli_server.color = On
+[Date]
+; Nothing here
+[filter]
+; Nothing here
+[iconv]
+; Nothing here
+[imap]
+; Nothing here
+[intl]
+; Nothing here
+[sqlite3]
+; Nothing here
+[Pcre]
+; Nothing here
+[Pdo]
+; Nothing here
+[Pdo_mysql]
+pdo_mysql.default_socket=
+[Phar]
+; Nothing here
+[mail function]
+SMTP = localhost
+smtp_port = 25
+mail.add_x_header = Off
+[ODBC]
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+[MySQLi]
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+[OCI8]
+; Nothing here
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+[bcmath]
+bcmath.scale = 0
+[browscap]
+; Nothing here
+[Session]
+session.save_handler = files
+session.use_strict_mode = 0
+session.use_cookies = 1
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.cookie_samesite =
+session.serialize_handler = php
+session.gc_probability = 0
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.sid_length = 26
+session.trans_sid_tags = "a=href,area=href,frame=src,form="
+session.sid_bits_per_character = 5
+[Assertion]
+zend.assertions = -1
+[COM]
+; Nothing here
+[mbstring]
+; Nothing here
+[gd]
+; Nothing here
+[exif]
+; Nothing here
+[Tidy]
+tidy.clean_output = Off
+[soap]
+soap.wsdl_cache_enabled=1
+soap.wsdl_cache_dir="/tmp"
+soap.wsdl_cache_ttl=86400
+soap.wsdl_cache_limit = 5
+[sysvshm]
+; Nothing here
+[ldap]
+ldap.max_links = -1
+[dba]
+; Nothing here
+[opcache]
+opcache.interned_strings_buffer=32
+[curl]
+; Nothing here
+[openssl]
+; Nothing here
+[ffi]
+; Nothing here
diff --git a/templates/application/apcu.ini.erb b/templates/application/apcu.ini.erb
new file mode 100644
index 0000000..b005655
--- /dev/null
+++ b/templates/application/apcu.ini.erb
@@ -0,0 +1,2 @@
+extension=apcu.so
+apc.enable_cli=1
diff --git a/templates/application/cli.php.ini.erb b/templates/application/cli.php.ini.erb
new file mode 100644
index 0000000..20f5346
--- /dev/null
+++ b/templates/application/cli.php.ini.erb
@@ -0,0 +1,158 @@
+[PHP]
+allow_url_fopen = On
+allow_url_include = Off
+auto_append_file =
+auto_globals_jit = On
+auto_prepend_file =
+default_charset = "UTF-8"
+default_mimetype = "text/html"
+default_socket_timeout = 60
+disable_classes =
+disable_functions =
+display_errors = Off
+display_startup_errors = Off
+doc_root =
+enable_dl = Off
+engine = On
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+expose_php = On
+file_uploads = On
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+implicit_flush = Off
+log_errors = On
+log_errors_max_len = 1024
+max_execution_time = 86400
+max_file_uploads = 20
+max_input_time = 86400
+memory_limit = -1
+output_buffering = Off
+post_max_size = 16G
+precision = 14
+register_argc_argv = Off
+report_memleaks = On
+request_order = "GP"
+serialize_precision = -1
+short_open_tag = Off
+unserialize_callback_func =
+upload_max_filesize = 16G
+user_dir =
+variables_order = "GPCS"
+zend.enable_gc = On
+zend.exception_ignore_args = On
+zlib.output_compression = Off
+[CLI Server]
+cli_server.color = On
+[Date]
+; Nothing here
+[filter]
+; Nothing here
+[iconv]
+; Nothing here
+[imap]
+; Nothing here
+[intl]
+; Nothing here
+[sqlite3]
+; Nothing here
+[Pcre]
+; Nothing here
+[Pdo]
+; Nothing here
+[Pdo_mysql]
+pdo_mysql.default_socket=
+[Phar]
+; Nothing here
+[mail function]
+SMTP = localhost
+smtp_port = 25
+mail.add_x_header = Off
+[ODBC]
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+[MySQLi]
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+[OCI8]
+; Nothing here
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+[bcmath]
+bcmath.scale = 0
+[browscap]
+; Nothing here
+[Session]
+session.save_handler = files
+session.use_strict_mode = 0
+session.use_cookies = 1
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.cookie_samesite =
+session.serialize_handler = php
+session.gc_probability = 0
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.sid_length = 26
+session.trans_sid_tags = "a=href,area=href,frame=src,form="
+session.sid_bits_per_character = 5
+[Assertion]
+zend.assertions = -1
+[COM]
+; Nothing here
+[mbstring]
+; Nothing here
+[gd]
+; Nothing here
+[exif]
+; Nothing here
+[Tidy]
+tidy.clean_output = Off
+[soap]
+soap.wsdl_cache_enabled=1
+soap.wsdl_cache_dir="/tmp"
+soap.wsdl_cache_ttl=86400
+soap.wsdl_cache_limit = 5
+[sysvshm]
+; Nothing here
+[ldap]
+ldap.max_links = -1
+[dba]
+; Nothing here
+[opcache]
+opcache.interned_strings_buffer=16
+opcache.validate_timestamps=0
+opcache.memory_consumption=128
+[curl]
+; Nothing here
+[openssl]
+; Nothing here
+[ffi]
+; Nothing here
diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb
index 6d7fb56..4773587 100644
--- a/templates/application/docker-compose_nextcloud.yml.erb
+++ b/templates/application/docker-compose_nextcloud.yml.erb
@@ -10,6 +10,7 @@ services:
       - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf
       - /opt/nextcloud/404.html:/var/www/html/404.html
       - /opt/nextcloud/apache.php.ini:/etc/php/8.0/apache2/php.ini
+      - /opt/nextcloud/apcu.ini:/etc/php/8.0/mods-available/apcu.ini
       - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini
       - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh
       - /opt/nextcloud/config.php:/var/www/html/config/config.php
diff --git a/templates/application/nce.ini.erb b/templates/application/nce.ini.erb
deleted file mode 100644
index 3250d56..0000000
--- a/templates/application/nce.ini.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-  memory_limit=2048M
-  max_file_uploads=20
-  upload_max_filesize=30G
-  post_max_size=30G
-  max_execution_time=86400
-  max_input_time=86400
-  session.save_handler = <%= @session_save_handler %>
-  session.save_path = "<%= @session_save_path %>"