From 8593d0bb001d46c3bcf7dde0afc94f0ccc7ff37d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 9 May 2023 10:56:25 +0200 Subject: [PATCH 01/10] Fix regex in mappingfile-test --- .../application/mappingfile-test.json.erb | 108 +++++++++--------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/templates/application/mappingfile-test.json.erb b/templates/application/mappingfile-test.json.erb index 06b3d0d..f4429db 100644 --- a/templates/application/mappingfile-test.json.erb +++ b/templates/application/mappingfile-test.json.erb @@ -1,57 +1,57 @@ { - "/antagning.se$/": "antagning.drive.test.sunet.se", - "/bth.se$/": "bth.drive.test.sunet.se", - "/chalmers.se$/": "chalmers.drive.test.sunet.se", - "/du.se$/": "du.drive.test.sunet.se", - "/eduid.se$/": "extern.drive.test.sunet.se", - "/esh.se$/": "esh.drive.test.sunet.se", - "/fhs.se$/": "fhs.drive.test.sunet.se", - "/gih.se$/": "gih.drive.test.sunet.se", - "/gu.se$/": "gu.drive.test.sunet.se", - "/hb.se$/": "hb.drive.test.sunet.se", - "/shh.se$/": "shh.drive.test.sunet.se", - "/hh.se$/": "hh.drive.test.sunet.se", - "/hhs.se$/": "hhs.drive.test.sunet.se", - "/hig.se$/": "hig.drive.test.sunet.se", - "/his.se$/": "his.drive.test.sunet.se", - "/hj.se$/": "hj.drive.test.sunet.se", - "/hkr.se$/": "hkr.drive.test.sunet.se", - "/hv.se$/": "hv.drive.test.sunet.se", - "/irf.se$/": "irf.drive.test.sunet.se", - "/kb.se$/": "kb.drive.test.sunet.se", - "/ki.se$/": "ki.drive.test.sunet.se", - "/kkh.se$/": "kkh.drive.test.sunet.se", - "/kmh.se$/": "kmh.drive.test.sunet.se", - "/konstfack.se$/": "konstfack.drive.test.sunet.se", - "/kth.se$/": "kth.drive.test.sunet.se", - "/kva.se$/": "kva.drive.test.sunet.se", - "/liu.se$/": "liu.drive.test.sunet.se", - "/lnu.se$/": "lnu.drive.test.sunet.se", - "/ltu.se$/": "ltu.drive.test.sunet.se", - "/lu.se$/": "lu.drive.test.sunet.se", - "/mah.se$/": "mau.drive.test.sunet.se", - "/mau.se$/": "mau.drive.test.sunet.se", - "/mdh.se$/": "mdu.drive.test.sunet.se", - "/mdu.se$/": "mdu.drive.test.sunet.se", - "/miun.se$/": "miun.drive.test.sunet.se", - "/nordunet.se$/": "nordunet.drive.test.sunet.se", - "/nrm.se$/": "nrm.drive.test.sunet.se", - "/oru.se$/": "oru.drive.test.sunet.se", - "/rkh.se$/": "rkh.drive.test.sunet.se", - "/sics.se$/": "sics.drive.test.sunet.se", - "/slu.se$/": "slu.drive.test.sunet.se", - "/smhi.se$/": "smhi.drive.test.sunet.se", - "/sp.se$/": "sp.drive.test.sunet.se", - "/su.se$/": "su.drive.test.sunet.se", - "/sunet.se$/": "sunet.drive.test.sunet.se", - "/suni.se$/": "suni.drive.test.sunet.se", - "/swamid.se$/": "swamid.drive.test.sunet.se", - "/ths.se$/": "ths.drive.test.sunet.se", - "/uhr.se$/": "uhr.drive.test.sunet.se", - "/umu.se$/": "umu.drive.test.sunet.se", - "/uniarts.se$/": "uniarts.drive.test.sunet.se", - "/uu.se$/": "uu.drive.test.sunet.se", - "/vinnova.se$/": "vinnova.drive.test.sunet.se", - "/vr.se$/": "vr.drive.test.sunet.se", + "/antagning\.se$/": "antagning.drive.test.sunet.se", + "/bth\.se$/": "bth.drive.test.sunet.se", + "/chalmers\.se$/": "chalmers.drive.test.sunet.se", + "/du\.se$/": "du.drive.test.sunet.se", + "/eduid\.se$/": "extern.drive.test.sunet.se", + "/esh\.se$/": "esh.drive.test.sunet.se", + "/fhs\.se$/": "fhs.drive.test.sunet.se", + "/gih\.se$/": "gih.drive.test.sunet.se", + "/gu\.se$/": "gu.drive.test.sunet.se", + "/hb\.se$/": "hb.drive.test.sunet.se", + "/@shh\.se$/": "shh.drive.test.sunet.se", + "/hh\.se$/": "hh.drive.test.sunet.se", + "/hhs\.se$/": "hhs.drive.test.sunet.se", + "/hig\.se$/": "hig.drive.test.sunet.se", + "/his\.se$/": "his.drive.test.sunet.se", + "/hj\.se$/": "hj.drive.test.sunet.se", + "/hkr\.se$/": "hkr.drive.test.sunet.se", + "/hv\.se$/": "hv.drive.test.sunet.se", + "/irf\.se$/": "irf.drive.test.sunet.se", + "/kb\.se$/": "kb.drive.test.sunet.se", + "/ki\.se$/": "ki.drive.test.sunet.se", + "/kkh\.se$/": "kkh.drive.test.sunet.se", + "/kmh\.se$/": "kmh.drive.test.sunet.se", + "/konstfack\.se$/": "konstfack.drive.test.sunet.se", + "/kth\.se$/": "kth.drive.test.sunet.se", + "/kva\.se$/": "kva.drive.test.sunet.se", + "/liu\.se$/": "liu.drive.test.sunet.se", + "/lnu\.se$/": "lnu.drive.test.sunet.se", + "/ltu\.se$/": "ltu.drive.test.sunet.se", + "/lu\.se$/": "lu.drive.test.sunet.se", + "/mah\.se$/": "mau.drive.test.sunet.se", + "/mau\.se$/": "mau.drive.test.sunet.se", + "/mdh\.se$/": "mdu.drive.test.sunet.se", + "/mdu\.se$/": "mdu.drive.test.sunet.se", + "/miun\.se$/": "miun.drive.test.sunet.se", + "/nordunet\.se$/": "nordunet.drive.test.sunet.se", + "/nrm\.se$/": "nrm.drive.test.sunet.se", + "/oru\.se$/": "oru.drive.test.sunet.se", + "/rkh\.se$/": "rkh.drive.test.sunet.se", + "/sics\.se$/": "sics.drive.test.sunet.se", + "/slu\.se$/": "slu.drive.test.sunet.se", + "/smhi\.se$/": "smhi.drive.test.sunet.se", + "/sp\.se$/": "sp.drive.test.sunet.se", + "/su\.se$/": "su.drive.test.sunet.se", + "/sunet\.se$/": "sunet.drive.test.sunet.se", + "/suni\.se$/": "suni.drive.test.sunet.se", + "/swamid\.se$/": "swamid.drive.test.sunet.se", + "/ths\.se$/": "ths.drive.test.sunet.se", + "/uhr\.se$/": "uhr.drive.test.sunet.se", + "/umu\.se$/": "umu.drive.test.sunet.se", + "/uniarts\.se$/": "uniarts.drive.test.sunet.se", + "/uu\.se$/": "uu.drive.test.sunet.se", + "/vinnova\.se$/": "vinnova.drive.test.sunet.se", + "/vr\.se$/": "vr.drive.test.sunet.se", "/$/": "extern.drive.test.sunet.se" } From 402b6e1c4bd46fec06240b6848f3d53fe33e7bca Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 12 May 2023 16:23:22 +0200 Subject: [PATCH 02/10] Add dns --- manifests/satosa.pp | 1 + .../application/mappingfile-prod.json.erb | 108 +++++++++--------- 2 files changed, 55 insertions(+), 54 deletions(-) diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 9729dd1..10f6c1f 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -32,6 +32,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', sunet::docker_run {'satosa': image => $image, imagetag => $tag, + dns => ['89.32.32.32'], volumes => ['/etc/satosa:/etc/satosa','/etc/dehydrated:/etc/dehydrated'], ports => ['443:8000'], env => ['METADATA_DIR=/etc/satosa/metadata', 'WORKER_TIMEOUT=120'] diff --git a/templates/application/mappingfile-prod.json.erb b/templates/application/mappingfile-prod.json.erb index 2b0b4f4..4f71ad4 100644 --- a/templates/application/mappingfile-prod.json.erb +++ b/templates/application/mappingfile-prod.json.erb @@ -1,57 +1,57 @@ { - "/antagning.se$/": "antagning.drive.sunet.se", - "/bth.se$/": "bth.drive.sunet.se", - "/chalmers.se$/": "chalmers.drive.sunet.se", - "/du.se$/": "du.drive.sunet.se", - "/eduid.se$/": "extern.drive.sunet.se", - "/esh.se$/": "esh.drive.sunet.se", - "/fhs.se$/": "fhs.drive.sunet.se", - "/gih.se$/": "gih.drive.sunet.se", - "/gu.se$/": "gu.drive.sunet.se", - "/hb.se$/": "hb.drive.sunet.se", - "/shh.se$/": "shh.drive.sunet.se", - "/hh.se$/": "hh.drive.sunet.se", - "/hhs.se$/": "hhs.drive.sunet.se", - "/hig.se$/": "hig.drive.sunet.se", - "/his.se$/": "his.drive.sunet.se", - "/hj.se$/": "hj.drive.sunet.se", - "/hkr.se$/": "hkr.drive.sunet.se", - "/hv.se$/": "hv.drive.sunet.se", - "/irf.se$/": "irf.drive.sunet.se", - "/kb.se$/": "kb.drive.sunet.se", - "/ki.se$/": "ki.drive.sunet.se", - "/kkh.se$/": "kkh.drive.sunet.se", - "/kmh.se$/": "kmh.drive.sunet.se", - "/konstfack.se$/": "konstfack.drive.sunet.se", - "/kth.se$/": "kth.drive.sunet.se", - "/kva.se$/": "kva.drive.sunet.se", - "/liu.se$/": "liu.drive.sunet.se", - "/lnu.se$/": "lnu.drive.sunet.se", - "/ltu.se$/": "ltu.drive.sunet.se", - "/lu.se$/": "lu.drive.sunet.se", - "/mah.se$/": "mau.drive.sunet.se", - "/mau.se$/": "mau.drive.sunet.se", - "/mdh.se$/": "mdu.drive.sunet.se", - "/mdu.se$/": "mdu.drive.sunet.se", - "/miun.se$/": "miun.drive.sunet.se", - "/nordunet.se$/": "nordunet.drive.sunet.se", - "/nrm.se$/": "nrm.drive.sunet.se", - "/oru.se$/": "oru.drive.sunet.se", - "/rkh.se$/": "rkh.drive.sunet.se", - "/sics.se$/": "sics.drive.sunet.se", - "/slu.se$/": "slu.drive.sunet.se", - "/smhi.se$/": "smhi.drive.sunet.se", - "/sp.se$/": "sp.drive.sunet.se", - "/su.se$/": "su.drive.sunet.se", - "/sunet.se$/": "sunet.drive.sunet.se", - "/suni.se$/": "suni.drive.sunet.se", - "/swamid.se$/": "swamid.drive.sunet.se", - "/ths.se$/": "ths.drive.sunet.se", - "/uhr.se$/": "uhr.drive.sunet.se", - "/umu.se$/": "umu.drive.sunet.se", - "/uniarts.se$/": "uniarts.drive.sunet.se", - "/uu.se$/": "uu.drive.sunet.se", - "/vinnova.se$/": "vinnova.drive.sunet.se", - "/vr.se$/": "vr.drive.sunet.se", + "/@antagning\.se$/": "antagning.drive.sunet.se", + "/bth\.se$/": "bth.drive.sunet.se", + "/chalmers\.se$/": "chalmers.drive.sunet.se", + "/du\.se$/": "du.drive.sunet.se", + "/eduid\.se$/": "extern.drive.sunet.se", + "/esh\.se$/": "esh.drive.sunet.se", + "/fhs\.se$/": "fhs.drive.sunet.se", + "/gih\.se$/": "gih.drive.sunet.se", + "/gu\.se$/": "gu.drive.sunet.se", + "/hb\.se$/": "hb.drive.sunet.se", + "/@shh\.se$/": "shh.drive.sunet.se", + "/hh\.se$/": "hh.drive.sunet.se", + "/hhs\.se$/": "hhs.drive.sunet.se", + "/hig\.se$/": "hig.drive.sunet.se", + "/his\.se$/": "his.drive.sunet.se", + "/hj\.se$/": "hj.drive.sunet.se", + "/hkr\.se$/": "hkr.drive.sunet.se", + "/hv\.se$/": "hv.drive.sunet.se", + "/irf\.se$/": "irf.drive.sunet.se", + "/kb\.se$/": "kb.drive.sunet.se", + "/ki\.se$/": "ki.drive.sunet.se", + "/kkh\.se$/": "kkh.drive.sunet.se", + "/kmh\.se$/": "kmh.drive.sunet.se", + "/konstfack\.se$/": "konstfack.drive.sunet.se", + "/kth\.se$/": "kth.drive.sunet.se", + "/kva\.se$/": "kva.drive.sunet.se", + "/liu\.se$/": "liu.drive.sunet.se", + "/lnu\.se$/": "lnu.drive.sunet.se", + "/ltu\.se$/": "ltu.drive.sunet.se", + "/lu\.se$/": "lu.drive.sunet.se", + "/mah\.se$/": "mau.drive.sunet.se", + "/mau\.se$/": "mau.drive.sunet.se", + "/mdh\.se$/": "mdu.drive.sunet.se", + "/mdu\.se$/": "mdu.drive.sunet.se", + "/miun\.se$/": "miun.drive.sunet.se", + "/nordunet\.se$/": "nordunet.drive.sunet.se", + "/nrm\.se$/": "nrm.drive.sunet.se", + "/oru\.se$/": "oru.drive.sunet.se", + "/rkh\.se$/": "rkh.drive.sunet.se", + "/sics\.se$/": "sics.drive.sunet.se", + "/slu\.se$/": "slu.drive.sunet.se", + "/smhi\.se$/": "smhi.drive.sunet.se", + "/sp\.se$/": "sp.drive.sunet.se", + "/su\.se$/": "su.drive.sunet.se", + "/sunet\.se$/": "sunet.drive.sunet.se", + "/suni\.se$/": "suni.drive.sunet.se", + "/swamid\.se$/": "swamid.drive.sunet.se", + "/ths\.se$/": "ths.drive.sunet.se", + "/uhr\.se$/": "uhr.drive.sunet.se", + "/umu\.se$/": "umu.drive.sunet.se", + "/uniarts\.se$/": "uniarts.drive.sunet.se", + "/uu\.se$/": "uu.drive.sunet.se", + "/vinnova\.se$/": "vinnova.drive.sunet.se", + "/vr\.se$/": "vr.drive.sunet.se", "/$/": "extern.drive.sunet.se" } From 20471ebaa8d3cee260c67a4dba0b7ed8a96a65f9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 1 Jun 2023 11:44:50 +0200 Subject: [PATCH 03/10] Use nce image --- manifests/app_type.pp | 89 +++++----- templates/application/apache.php.ini.erb | 160 ------------------ templates/application/apcu.ini.erb | 2 - templates/application/cli.php.ini.erb | 158 ----------------- .../docker-compose_nextcloud.yml.erb | 1 - templates/application/nce.ini.erb | 8 + 6 files changed, 46 insertions(+), 372 deletions(-) delete mode 100644 templates/application/apache.php.ini.erb delete mode 100644 templates/application/apcu.ini.erb delete mode 100644 templates/application/cli.php.ini.erb create mode 100644 templates/application/nce.ini.erb diff --git a/manifests/app_type.pp b/manifests/app_type.pp index e3ae1ec..a31bf4b 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -9,11 +9,25 @@ define sunetdrive::app_type ( $environment = sunetdrive::get_environment() $customer = sunetdrive::get_customer() $nodenumber = sunetdrive::get_node_number() + + # Common settings for multinode and full nodes + $nextcloud_ip = $config['app'] + $s3_bucket = $config['s3_bucket'] + $s3_host = $config['s3_host'] + $site_name = $config['site_name'] + $trusted_domains = $config['trusted_domains'] + $trusted_proxies = $config['trusted_proxies'] + + # These are encrypted values from local.eyaml + $gss_jwt_key = safe_hiera('gss_jwt_key') + $smtppassword = safe_hiera('smtp_password') + $is_multinode = (($override_config != undef) and ($override_compose != undef)) if $is_multinode { # The config used $config = $override_config # Other settings + $redis_host = $config['redis_host'] $admin_password = $config[ 'admin_password' ] $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] @@ -25,11 +39,24 @@ define sunetdrive::app_type ( $s3_key = $config[ 's3_key' ] $s3_secret = $config[ 's3_secret' ] $secret = $config[ 'secret' ] + $session_save_handler = 'redis' + $session_save_path = "tcp://${redis_host}:6379?auth=${redis_host_password}" } else { # The config used $config = hiera_hash($environment) $skeletondirectory = $config['skeletondirectory'] # Other settings + $redis_seeds = [ + {'host' => "redis1.${site_name}", 'port' => 6379}, + {'host' => "redis2.${site_name}", 'port' => 6379}, + {'host' => "redis3.${site_name}", 'port' => 6379}, + {'host' => "redis1.${site_name}", 'port' => 6380}, + {'host' => "redis2.${site_name}", 'port' => 6380}, + {'host' => "redis3.${site_name}", 'port' => 6380}, + {'host' => "redis1.${site_name}", 'port' => 6381}, + {'host' => "redis2.${site_name}", 'port' => 6381}, + {'host' => "redis3.${site_name}", 'port' => 6381}, + ] $admin_password = safe_hiera('admin_password') $dbhost = 'proxysql_proxysql_1' $dbname = 'nextcloud' @@ -42,30 +69,13 @@ define sunetdrive::app_type ( $s3_key = safe_hiera('s3_key') $s3_secret = safe_hiera('s3_secret') $secret = safe_hiera('secret') + $session_save_handler = 'rediscluster' + $session_save_path = "seed[]=${redis_seeds[0]['host']}:${redis_seeds[0]['port']}&seed[]=${redis_seeds[1]['host']}:${redis_seeds[1]['port']}&seed[]=${redis_seeds[2]['host']}:${redis_seeds[2]['port']}&seed[]=${redis_seeds[3]['host']}:${redis_seeds[3]['port']}&seed[]=${redis_seeds[4]['host']}:${redis_seeds[4]['port']}&seed[]=${redis_seeds[5]['host']}:${redis_seeds[6]['port']}&seed[]=${redis_seeds[7]['host']}:${redis_seeds[7]['port']}&seed[]=${redis_seeds[8]['host']}:${redis_seeds[8]['port']}&timeout=2&read_timeout=2&failover=error&persistent=1&auth=${redis_cluster_password}&stream[verify_peer]=0" } $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups') $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups') $nextcloud_version = hiera("nextcloud_version_${environment}") $nextcloud_version_string = split($nextcloud_version, '[-]')[0] - # Common settings for multinode and full nodes - $nextcloud_ip = $config['app'] - $redis_host = $config['redis_host'] - $s3_bucket = $config['s3_bucket'] - $s3_host = $config['s3_host'] - $site_name = $config['site_name'] - $trusted_domains = $config['trusted_domains'] - $trusted_proxies = $config['trusted_proxies'] - if $location == 'kau-prod' { - $php_memory_limit_mb = 2048 - } else { - $php_memory_limit_mb = 512 - } - - # These are encrypted values from local.eyaml - - $gss_jwt_key = safe_hiera('gss_jwt_key') - $smtppassword = safe_hiera('smtp_password') - #These are global values from common.yaml $gs_enabled = hiera('gs_enabled') $gs_federation = hiera('gs_federation') @@ -89,6 +99,14 @@ define sunetdrive::app_type ( $lb_servers = hiera_hash($environment)['lb_servers'] $document_servers = hiera_hash($environment)['document_servers'] + file { '/opt/nextcloud/nce.ini': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + content => template('sunetdrive/application/nce.ini.erb'), + mode => '0644', + } unless $is_multinode{ user { 'www-data': ensure => present, system => true } @@ -132,12 +150,7 @@ define sunetdrive::app_type ( group => 'root', } file { '/usr/local/bin/upgrade23-25.sh': - ensure => present, - force => true, - owner => 'root', - group => 'root', - content => template('sunetdrive/application/upgrade23-25.erb.sh'), - mode => '0744', + ensure => absent, } file { '/opt/rotate/conf.d/nextcloud.conf': ensure => file, @@ -202,32 +215,6 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/rclone.conf.erb'), mode => '0644', } - file { '/opt/nextcloud/apache.php.ini': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - content => template('sunetdrive/application/apache.php.ini.erb'), - mode => '0644', - } - - file { '/opt/nextcloud/apcu.ini': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - content => template('sunetdrive/application/apcu.ini.erb'), - mode => '0644', - } - - file { '/opt/nextcloud/cli.php.ini': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - content => template('sunetdrive/application/cli.php.ini.erb'), - mode => '0644', - } file { '/usr/local/bin/migrate_external_mounts': ensure => file, force => true, diff --git a/templates/application/apache.php.ini.erb b/templates/application/apache.php.ini.erb deleted file mode 100644 index b7f8d75..0000000 --- a/templates/application/apache.php.ini.erb +++ /dev/null @@ -1,160 +0,0 @@ -[PHP] -allow_url_fopen = On -allow_url_include = Off -auto_append_file = -auto_globals_jit = On -auto_prepend_file = -default_charset = "UTF-8" -default_mimetype = "text/html" -default_socket_timeout = 60 -disable_classes = -disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, -display_errors = Off -display_startup_errors = Off -doc_root = -enable_dl = Off -engine = On -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT -expose_php = Off -file_uploads = On -ignore_repeated_errors = Off -ignore_repeated_source = Off -implicit_flush = Off -log_errors = On -log_errors_max_len = 1024 -max_execution_time = 86400 -max_file_uploads = 20 -max_input_time = 86400 -memory_limit = <%= @php_memory_limit_mb %>M -output_buffering = Off -post_max_size = 30G -precision = 14 -register_argc_argv = Off -report_memleaks = On -request_order = "GP" -serialize_precision = -1 -short_open_tag = Off -unserialize_callback_func = -upload_max_filesize = 30G -user_dir = -variables_order = "GPCS" -zend.enable_gc = On -zend.exception_ignore_args = On -zlib.output_compression = Off -<% if @customer == "kau" -%> -upload_tmp_dir = /opt/tmp/ -<% end %> - -[CLI Server] -cli_server.color = On -[Date] -; Nothing here -[filter] -; Nothing here -[iconv] -; Nothing here -[imap] -; Nothing here -[intl] -; Nothing here -[sqlite3] -; Nothing here -[Pcre] -; Nothing here -[Pdo] -; Nothing here -[Pdo_mysql] -pdo_mysql.default_socket= -[Phar] -; Nothing here -[mail function] -SMTP = localhost -smtp_port = 25 -mail.add_x_header = Off -[ODBC] -odbc.allow_persistent = On -odbc.check_persistent = On -odbc.max_persistent = -1 -odbc.max_links = -1 -odbc.defaultlrl = 4096 -odbc.defaultbinmode = 1 -[MySQLi] -mysqli.max_persistent = -1 -mysqli.allow_persistent = On -mysqli.max_links = -1 -mysqli.default_port = 3306 -mysqli.default_socket = -mysqli.default_host = -mysqli.default_user = -mysqli.default_pw = -mysqli.reconnect = Off -[mysqlnd] -mysqlnd.collect_statistics = On -mysqlnd.collect_memory_statistics = Off -[OCI8] -; Nothing here -[PostgreSQL] -pgsql.allow_persistent = On -pgsql.auto_reset_persistent = Off -pgsql.max_persistent = -1 -pgsql.max_links = -1 -pgsql.ignore_notice = 0 -pgsql.log_notice = 0 -[bcmath] -bcmath.scale = 0 -[browscap] -; Nothing here -[Session] -session.save_handler = files -session.use_strict_mode = 0 -session.use_cookies = 1 -session.use_only_cookies = 1 -session.name = PHPSESSID -session.auto_start = 0 -session.cookie_lifetime = 0 -session.cookie_path = / -session.cookie_domain = -session.cookie_httponly = -session.cookie_samesite = -session.serialize_handler = php -session.gc_probability = 0 -session.gc_divisor = 1000 -session.gc_maxlifetime = 1440 -session.referer_check = -session.cache_limiter = nocache -session.cache_expire = 180 -session.use_trans_sid = 0 -session.sid_length = 26 -session.trans_sid_tags = "a=href,area=href,frame=src,form=" -session.sid_bits_per_character = 5 -[Assertion] -zend.assertions = -1 -[COM] -; Nothing here -[mbstring] -; Nothing here -[gd] -; Nothing here -[exif] -; Nothing here -[Tidy] -tidy.clean_output = Off -[soap] -soap.wsdl_cache_enabled=1 -soap.wsdl_cache_dir="/tmp" -soap.wsdl_cache_ttl=86400 -soap.wsdl_cache_limit = 5 -[sysvshm] -; Nothing here -[ldap] -ldap.max_links = -1 -[dba] -; Nothing here -[opcache] -opcache.interned_strings_buffer=32 -[curl] -; Nothing here -[openssl] -; Nothing here -[ffi] -; Nothing here diff --git a/templates/application/apcu.ini.erb b/templates/application/apcu.ini.erb deleted file mode 100644 index b005655..0000000 --- a/templates/application/apcu.ini.erb +++ /dev/null @@ -1,2 +0,0 @@ -extension=apcu.so -apc.enable_cli=1 diff --git a/templates/application/cli.php.ini.erb b/templates/application/cli.php.ini.erb deleted file mode 100644 index 20f5346..0000000 --- a/templates/application/cli.php.ini.erb +++ /dev/null @@ -1,158 +0,0 @@ -[PHP] -allow_url_fopen = On -allow_url_include = Off -auto_append_file = -auto_globals_jit = On -auto_prepend_file = -default_charset = "UTF-8" -default_mimetype = "text/html" -default_socket_timeout = 60 -disable_classes = -disable_functions = -display_errors = Off -display_startup_errors = Off -doc_root = -enable_dl = Off -engine = On -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT -expose_php = On -file_uploads = On -ignore_repeated_errors = Off -ignore_repeated_source = Off -implicit_flush = Off -log_errors = On -log_errors_max_len = 1024 -max_execution_time = 86400 -max_file_uploads = 20 -max_input_time = 86400 -memory_limit = -1 -output_buffering = Off -post_max_size = 16G -precision = 14 -register_argc_argv = Off -report_memleaks = On -request_order = "GP" -serialize_precision = -1 -short_open_tag = Off -unserialize_callback_func = -upload_max_filesize = 16G -user_dir = -variables_order = "GPCS" -zend.enable_gc = On -zend.exception_ignore_args = On -zlib.output_compression = Off -[CLI Server] -cli_server.color = On -[Date] -; Nothing here -[filter] -; Nothing here -[iconv] -; Nothing here -[imap] -; Nothing here -[intl] -; Nothing here -[sqlite3] -; Nothing here -[Pcre] -; Nothing here -[Pdo] -; Nothing here -[Pdo_mysql] -pdo_mysql.default_socket= -[Phar] -; Nothing here -[mail function] -SMTP = localhost -smtp_port = 25 -mail.add_x_header = Off -[ODBC] -odbc.allow_persistent = On -odbc.check_persistent = On -odbc.max_persistent = -1 -odbc.max_links = -1 -odbc.defaultlrl = 4096 -odbc.defaultbinmode = 1 -[MySQLi] -mysqli.max_persistent = -1 -mysqli.allow_persistent = On -mysqli.max_links = -1 -mysqli.default_port = 3306 -mysqli.default_socket = -mysqli.default_host = -mysqli.default_user = -mysqli.default_pw = -mysqli.reconnect = Off -[mysqlnd] -mysqlnd.collect_statistics = On -mysqlnd.collect_memory_statistics = Off -[OCI8] -; Nothing here -[PostgreSQL] -pgsql.allow_persistent = On -pgsql.auto_reset_persistent = Off -pgsql.max_persistent = -1 -pgsql.max_links = -1 -pgsql.ignore_notice = 0 -pgsql.log_notice = 0 -[bcmath] -bcmath.scale = 0 -[browscap] -; Nothing here -[Session] -session.save_handler = files -session.use_strict_mode = 0 -session.use_cookies = 1 -session.use_only_cookies = 1 -session.name = PHPSESSID -session.auto_start = 0 -session.cookie_lifetime = 0 -session.cookie_path = / -session.cookie_domain = -session.cookie_httponly = -session.cookie_samesite = -session.serialize_handler = php -session.gc_probability = 0 -session.gc_divisor = 1000 -session.gc_maxlifetime = 1440 -session.referer_check = -session.cache_limiter = nocache -session.cache_expire = 180 -session.use_trans_sid = 0 -session.sid_length = 26 -session.trans_sid_tags = "a=href,area=href,frame=src,form=" -session.sid_bits_per_character = 5 -[Assertion] -zend.assertions = -1 -[COM] -; Nothing here -[mbstring] -; Nothing here -[gd] -; Nothing here -[exif] -; Nothing here -[Tidy] -tidy.clean_output = Off -[soap] -soap.wsdl_cache_enabled=1 -soap.wsdl_cache_dir="/tmp" -soap.wsdl_cache_ttl=86400 -soap.wsdl_cache_limit = 5 -[sysvshm] -; Nothing here -[ldap] -ldap.max_links = -1 -[dba] -; Nothing here -[opcache] -opcache.interned_strings_buffer=16 -opcache.validate_timestamps=0 -opcache.memory_consumption=128 -[curl] -; Nothing here -[openssl] -; Nothing here -[ffi] -; Nothing here diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 4773587..6d7fb56 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -10,7 +10,6 @@ services: - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf - /opt/nextcloud/404.html:/var/www/html/404.html - /opt/nextcloud/apache.php.ini:/etc/php/8.0/apache2/php.ini - - /opt/nextcloud/apcu.ini:/etc/php/8.0/mods-available/apcu.ini - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh - /opt/nextcloud/config.php:/var/www/html/config/config.php diff --git a/templates/application/nce.ini.erb b/templates/application/nce.ini.erb new file mode 100644 index 0000000..3250d56 --- /dev/null +++ b/templates/application/nce.ini.erb @@ -0,0 +1,8 @@ + memory_limit=2048M + max_file_uploads=20 + upload_max_filesize=30G + post_max_size=30G + max_execution_time=86400 + max_input_time=86400 + session.save_handler = <%= @session_save_handler %> + session.save_path = "<%= @session_save_path %>" From 24b0b1eedcda33c4271ac4c68a3f6855ec72226d Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 1 Jun 2023 11:47:16 +0200 Subject: [PATCH 04/10] Revert "Use nce image" This reverts commit 20471ebaa8d3cee260c67a4dba0b7ed8a96a65f9. --- manifests/app_type.pp | 89 +++++----- templates/application/apache.php.ini.erb | 160 ++++++++++++++++++ templates/application/apcu.ini.erb | 2 + templates/application/cli.php.ini.erb | 158 +++++++++++++++++ .../docker-compose_nextcloud.yml.erb | 1 + templates/application/nce.ini.erb | 8 - 6 files changed, 372 insertions(+), 46 deletions(-) create mode 100644 templates/application/apache.php.ini.erb create mode 100644 templates/application/apcu.ini.erb create mode 100644 templates/application/cli.php.ini.erb delete mode 100644 templates/application/nce.ini.erb diff --git a/manifests/app_type.pp b/manifests/app_type.pp index a31bf4b..e3ae1ec 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -9,25 +9,11 @@ define sunetdrive::app_type ( $environment = sunetdrive::get_environment() $customer = sunetdrive::get_customer() $nodenumber = sunetdrive::get_node_number() - - # Common settings for multinode and full nodes - $nextcloud_ip = $config['app'] - $s3_bucket = $config['s3_bucket'] - $s3_host = $config['s3_host'] - $site_name = $config['site_name'] - $trusted_domains = $config['trusted_domains'] - $trusted_proxies = $config['trusted_proxies'] - - # These are encrypted values from local.eyaml - $gss_jwt_key = safe_hiera('gss_jwt_key') - $smtppassword = safe_hiera('smtp_password') - $is_multinode = (($override_config != undef) and ($override_compose != undef)) if $is_multinode { # The config used $config = $override_config # Other settings - $redis_host = $config['redis_host'] $admin_password = $config[ 'admin_password' ] $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] @@ -39,24 +25,11 @@ define sunetdrive::app_type ( $s3_key = $config[ 's3_key' ] $s3_secret = $config[ 's3_secret' ] $secret = $config[ 'secret' ] - $session_save_handler = 'redis' - $session_save_path = "tcp://${redis_host}:6379?auth=${redis_host_password}" } else { # The config used $config = hiera_hash($environment) $skeletondirectory = $config['skeletondirectory'] # Other settings - $redis_seeds = [ - {'host' => "redis1.${site_name}", 'port' => 6379}, - {'host' => "redis2.${site_name}", 'port' => 6379}, - {'host' => "redis3.${site_name}", 'port' => 6379}, - {'host' => "redis1.${site_name}", 'port' => 6380}, - {'host' => "redis2.${site_name}", 'port' => 6380}, - {'host' => "redis3.${site_name}", 'port' => 6380}, - {'host' => "redis1.${site_name}", 'port' => 6381}, - {'host' => "redis2.${site_name}", 'port' => 6381}, - {'host' => "redis3.${site_name}", 'port' => 6381}, - ] $admin_password = safe_hiera('admin_password') $dbhost = 'proxysql_proxysql_1' $dbname = 'nextcloud' @@ -69,13 +42,30 @@ define sunetdrive::app_type ( $s3_key = safe_hiera('s3_key') $s3_secret = safe_hiera('s3_secret') $secret = safe_hiera('secret') - $session_save_handler = 'rediscluster' - $session_save_path = "seed[]=${redis_seeds[0]['host']}:${redis_seeds[0]['port']}&seed[]=${redis_seeds[1]['host']}:${redis_seeds[1]['port']}&seed[]=${redis_seeds[2]['host']}:${redis_seeds[2]['port']}&seed[]=${redis_seeds[3]['host']}:${redis_seeds[3]['port']}&seed[]=${redis_seeds[4]['host']}:${redis_seeds[4]['port']}&seed[]=${redis_seeds[5]['host']}:${redis_seeds[6]['port']}&seed[]=${redis_seeds[7]['host']}:${redis_seeds[7]['port']}&seed[]=${redis_seeds[8]['host']}:${redis_seeds[8]['port']}&timeout=2&read_timeout=2&failover=error&persistent=1&auth=${redis_cluster_password}&stream[verify_peer]=0" } $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups') $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups') $nextcloud_version = hiera("nextcloud_version_${environment}") $nextcloud_version_string = split($nextcloud_version, '[-]')[0] + # Common settings for multinode and full nodes + $nextcloud_ip = $config['app'] + $redis_host = $config['redis_host'] + $s3_bucket = $config['s3_bucket'] + $s3_host = $config['s3_host'] + $site_name = $config['site_name'] + $trusted_domains = $config['trusted_domains'] + $trusted_proxies = $config['trusted_proxies'] + if $location == 'kau-prod' { + $php_memory_limit_mb = 2048 + } else { + $php_memory_limit_mb = 512 + } + + # These are encrypted values from local.eyaml + + $gss_jwt_key = safe_hiera('gss_jwt_key') + $smtppassword = safe_hiera('smtp_password') + #These are global values from common.yaml $gs_enabled = hiera('gs_enabled') $gs_federation = hiera('gs_federation') @@ -99,14 +89,6 @@ define sunetdrive::app_type ( $lb_servers = hiera_hash($environment)['lb_servers'] $document_servers = hiera_hash($environment)['document_servers'] - file { '/opt/nextcloud/nce.ini': - ensure => file, - force => true, - owner => 'www-data', - group => 'root', - content => template('sunetdrive/application/nce.ini.erb'), - mode => '0644', - } unless $is_multinode{ user { 'www-data': ensure => present, system => true } @@ -150,7 +132,12 @@ define sunetdrive::app_type ( group => 'root', } file { '/usr/local/bin/upgrade23-25.sh': - ensure => absent, + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/upgrade23-25.erb.sh'), + mode => '0744', } file { '/opt/rotate/conf.d/nextcloud.conf': ensure => file, @@ -215,6 +202,32 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/rclone.conf.erb'), mode => '0644', } + file { '/opt/nextcloud/apache.php.ini': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + content => template('sunetdrive/application/apache.php.ini.erb'), + mode => '0644', + } + + file { '/opt/nextcloud/apcu.ini': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + content => template('sunetdrive/application/apcu.ini.erb'), + mode => '0644', + } + + file { '/opt/nextcloud/cli.php.ini': + ensure => file, + force => true, + owner => 'www-data', + group => 'root', + content => template('sunetdrive/application/cli.php.ini.erb'), + mode => '0644', + } file { '/usr/local/bin/migrate_external_mounts': ensure => file, force => true, diff --git a/templates/application/apache.php.ini.erb b/templates/application/apache.php.ini.erb new file mode 100644 index 0000000..b7f8d75 --- /dev/null +++ b/templates/application/apache.php.ini.erb @@ -0,0 +1,160 @@ +[PHP] +allow_url_fopen = On +allow_url_include = Off +auto_append_file = +auto_globals_jit = On +auto_prepend_file = +default_charset = "UTF-8" +default_mimetype = "text/html" +default_socket_timeout = 60 +disable_classes = +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, +display_errors = Off +display_startup_errors = Off +doc_root = +enable_dl = Off +engine = On +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +expose_php = Off +file_uploads = On +ignore_repeated_errors = Off +ignore_repeated_source = Off +implicit_flush = Off +log_errors = On +log_errors_max_len = 1024 +max_execution_time = 86400 +max_file_uploads = 20 +max_input_time = 86400 +memory_limit = <%= @php_memory_limit_mb %>M +output_buffering = Off +post_max_size = 30G +precision = 14 +register_argc_argv = Off +report_memleaks = On +request_order = "GP" +serialize_precision = -1 +short_open_tag = Off +unserialize_callback_func = +upload_max_filesize = 30G +user_dir = +variables_order = "GPCS" +zend.enable_gc = On +zend.exception_ignore_args = On +zlib.output_compression = Off +<% if @customer == "kau" -%> +upload_tmp_dir = /opt/tmp/ +<% end %> + +[CLI Server] +cli_server.color = On +[Date] +; Nothing here +[filter] +; Nothing here +[iconv] +; Nothing here +[imap] +; Nothing here +[intl] +; Nothing here +[sqlite3] +; Nothing here +[Pcre] +; Nothing here +[Pdo] +; Nothing here +[Pdo_mysql] +pdo_mysql.default_socket= +[Phar] +; Nothing here +[mail function] +SMTP = localhost +smtp_port = 25 +mail.add_x_header = Off +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off +[OCI8] +; Nothing here +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 +[bcmath] +bcmath.scale = 0 +[browscap] +; Nothing here +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.cookie_samesite = +session.serialize_handler = php +session.gc_probability = 0 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.sid_length = 26 +session.trans_sid_tags = "a=href,area=href,frame=src,form=" +session.sid_bits_per_character = 5 +[Assertion] +zend.assertions = -1 +[COM] +; Nothing here +[mbstring] +; Nothing here +[gd] +; Nothing here +[exif] +; Nothing here +[Tidy] +tidy.clean_output = Off +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 +[sysvshm] +; Nothing here +[ldap] +ldap.max_links = -1 +[dba] +; Nothing here +[opcache] +opcache.interned_strings_buffer=32 +[curl] +; Nothing here +[openssl] +; Nothing here +[ffi] +; Nothing here diff --git a/templates/application/apcu.ini.erb b/templates/application/apcu.ini.erb new file mode 100644 index 0000000..b005655 --- /dev/null +++ b/templates/application/apcu.ini.erb @@ -0,0 +1,2 @@ +extension=apcu.so +apc.enable_cli=1 diff --git a/templates/application/cli.php.ini.erb b/templates/application/cli.php.ini.erb new file mode 100644 index 0000000..20f5346 --- /dev/null +++ b/templates/application/cli.php.ini.erb @@ -0,0 +1,158 @@ +[PHP] +allow_url_fopen = On +allow_url_include = Off +auto_append_file = +auto_globals_jit = On +auto_prepend_file = +default_charset = "UTF-8" +default_mimetype = "text/html" +default_socket_timeout = 60 +disable_classes = +disable_functions = +display_errors = Off +display_startup_errors = Off +doc_root = +enable_dl = Off +engine = On +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +expose_php = On +file_uploads = On +ignore_repeated_errors = Off +ignore_repeated_source = Off +implicit_flush = Off +log_errors = On +log_errors_max_len = 1024 +max_execution_time = 86400 +max_file_uploads = 20 +max_input_time = 86400 +memory_limit = -1 +output_buffering = Off +post_max_size = 16G +precision = 14 +register_argc_argv = Off +report_memleaks = On +request_order = "GP" +serialize_precision = -1 +short_open_tag = Off +unserialize_callback_func = +upload_max_filesize = 16G +user_dir = +variables_order = "GPCS" +zend.enable_gc = On +zend.exception_ignore_args = On +zlib.output_compression = Off +[CLI Server] +cli_server.color = On +[Date] +; Nothing here +[filter] +; Nothing here +[iconv] +; Nothing here +[imap] +; Nothing here +[intl] +; Nothing here +[sqlite3] +; Nothing here +[Pcre] +; Nothing here +[Pdo] +; Nothing here +[Pdo_mysql] +pdo_mysql.default_socket= +[Phar] +; Nothing here +[mail function] +SMTP = localhost +smtp_port = 25 +mail.add_x_header = Off +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off +[OCI8] +; Nothing here +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 +[bcmath] +bcmath.scale = 0 +[browscap] +; Nothing here +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.cookie_samesite = +session.serialize_handler = php +session.gc_probability = 0 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.sid_length = 26 +session.trans_sid_tags = "a=href,area=href,frame=src,form=" +session.sid_bits_per_character = 5 +[Assertion] +zend.assertions = -1 +[COM] +; Nothing here +[mbstring] +; Nothing here +[gd] +; Nothing here +[exif] +; Nothing here +[Tidy] +tidy.clean_output = Off +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 +[sysvshm] +; Nothing here +[ldap] +ldap.max_links = -1 +[dba] +; Nothing here +[opcache] +opcache.interned_strings_buffer=16 +opcache.validate_timestamps=0 +opcache.memory_consumption=128 +[curl] +; Nothing here +[openssl] +; Nothing here +[ffi] +; Nothing here diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 6d7fb56..4773587 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -10,6 +10,7 @@ services: - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf - /opt/nextcloud/404.html:/var/www/html/404.html - /opt/nextcloud/apache.php.ini:/etc/php/8.0/apache2/php.ini + - /opt/nextcloud/apcu.ini:/etc/php/8.0/mods-available/apcu.ini - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh - /opt/nextcloud/config.php:/var/www/html/config/config.php diff --git a/templates/application/nce.ini.erb b/templates/application/nce.ini.erb deleted file mode 100644 index 3250d56..0000000 --- a/templates/application/nce.ini.erb +++ /dev/null @@ -1,8 +0,0 @@ - memory_limit=2048M - max_file_uploads=20 - upload_max_filesize=30G - post_max_size=30G - max_execution_time=86400 - max_input_time=86400 - session.save_handler = <%= @session_save_handler %> - session.save_path = "<%= @session_save_path %>" From 3531be828e705ca42890007b2ce1afe3c68be26c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 8 Jun 2023 16:32:43 +0200 Subject: [PATCH 05/10] Add nordu.net --- templates/application/mappingfile-test.json.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/application/mappingfile-test.json.erb b/templates/application/mappingfile-test.json.erb index b74ecb8..398bda2 100644 --- a/templates/application/mappingfile-test.json.erb +++ b/templates/application/mappingfile-test.json.erb @@ -35,6 +35,7 @@ "/mdu.se$/": "mdu.drive.test.sunet.se", "/miun.se$/": "miun.drive.test.sunet.se", "/nordunet.se$/": "nordunet.drive.test.sunet.se", + "/nordu.net$/": "nordunet.drive.test.sunet.se", "/nrm.se$/": "nrm.drive.test.sunet.se", "/oru.se$/": "oru.drive.test.sunet.se", "/rkh.se$/": "rkh.drive.test.sunet.se", From e7ffd6fac3012f918574a8ecfb83b5cc8efb08e9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Thu, 8 Jun 2023 16:42:35 +0200 Subject: [PATCH 06/10] Add nordu.net --- templates/application/mappingfile-prod.json.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/application/mappingfile-prod.json.erb b/templates/application/mappingfile-prod.json.erb index 0f2b606..b188884 100644 --- a/templates/application/mappingfile-prod.json.erb +++ b/templates/application/mappingfile-prod.json.erb @@ -35,6 +35,7 @@ "/mdu.se$/": "mdu.drive.sunet.se", "/miun.se$/": "miun.drive.sunet.se", "/nordunet.se$/": "nordunet.drive.sunet.se", + "/nordu.net$/": "nordunet.drive.sunet.se", "/nrm.se$/": "nrm.drive.sunet.se", "/oru.se$/": "oru.drive.sunet.se", "/rkh.se$/": "rkh.drive.sunet.se", From 0f8f27773b6b946676ef02561f42a68872fd4ccf Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 12 Jun 2023 09:31:41 +0200 Subject: [PATCH 07/10] Add support for replicating from multinode dbs --- manifests/mariadb.pp | 3 ++- templates/mariadb/my.cnf.erb | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 81f1cf2..d84ec27 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -4,7 +4,8 @@ class sunetdrive::mariadb ( $location = undef, $tag_mariadb = undef, $override_config = undef, - $override_compose = undef + $override_compose = undef, + $replicate_rewrite_db = undef, ) { $quorum_id = $::fqdn diff --git a/templates/mariadb/my.cnf.erb b/templates/mariadb/my.cnf.erb index 81892bb..2892c01 100644 --- a/templates/mariadb/my.cnf.erb +++ b/templates/mariadb/my.cnf.erb @@ -19,6 +19,10 @@ gtid_strict_mode = ON log_bin = binlog log_slave_updates = ON server_id = <%= @server_id %> +<% if not @replicate_rewrite_db.nil? -%> +replicate-rewrite-db = "<%= @replicate_rewrite_db %>->nextcloud" +replicate-wild-do-table = <%= @replicate_rewrite_db %>.% +<% end -%> # Innodb innodb_autoinc_lock_mode = 2 From b225e8d36453a43b267875828c9783bf657c1e6e Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Mon, 12 Jun 2023 09:32:10 +0200 Subject: [PATCH 08/10] Update legacy fact name --- manifests/mariadb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index d84ec27..66f3522 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -8,7 +8,7 @@ class sunetdrive::mariadb ( $replicate_rewrite_db = undef, ) { - $quorum_id = $::fqdn + $quorum_id = $facts['facts['networking']['fqdn']'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': bootstrap => $bootstrap, From e0139b07653daa94aacbfc048cc152a21e4cd3e9 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 13 Jun 2023 12:15:19 +0200 Subject: [PATCH 09/10] BAckups: Fix db backups DB backup dir clashed with statistics script storage location, and also some permission errors. diff --git a/templates/script/backupdb.erb.sh b/templates/script/backupdb.erb.sh index b35acbc..1eb7992 100644 --- a/templates/script/backupdb.erb.sh +++ b/templates/script/backupdb.erb.sh @@ -6,11 +6,16 @@ sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk number_of_full_to_keep="<%= @full_backup_retention %>" backup="${1}" +if [[ -z ${backup} ]]; then + backup="backup1.$(hostname -d)" +fi if ! [[ ${backup} =~ backup1.*sunet.se$ ]]; then echo "Usage: ${0} " echo "Example: ${0} backup1.sunet.drive.sunet.se" fi backup_dir="/opt/backups" +backup_dir_long="${backup_dir}/backups" +mkdir -p ${backup_dir} bucket="db-backups" mirror="<%= @customer %>-<%= @environment %>-mirror" if [[ ${mirror} =~ common-(test|prod)-mirror ]]; then @@ -23,11 +28,8 @@ ssh ${backup} "sudo /home/script/bin/backup_db.sh" echo "Cleaning up old backups for ${backup}" ssh ${backup} "sudo /home/script/bin/purge_backups.sh /opt/mariadb_backup/backups/" echo "Copying backups here" -mkdir -p ${backup_dir} -scp script@${backup}:/opt/mariadb_backup/backups/$(date +%Y/%m/%d)/*.gz ${backup_dir} +scp script@${backup}:/opt/mariadb_backup/backups/$(date +%Y/%m/%d)/*.gz ${backup_dir_long} echo "Copying backups to remote bucket" rclone mkdir ${mirror}:${bucket} duplicity --full-if-older-than 1M --tempdir /mnt --archive-dir /mnt --no-encryption ${backup_dir} rclone://${mirror}:/${bucket} duplicity remove-all-but-n-full ${number_of_full_to_keep} --tempdir /mnt --archive-dir /mnt --force rclone://${mirror}:/${bucket} -echo "cleaning up" -rm -r ${backup_dir} diff --git a/templates/scriptreceiver/backup_db.erb.sh b/templates/scriptreceiver/backup_db.erb.sh index 025a338..3e15f25 100644 --- a/templates/scriptreceiver/backup_db.erb.sh +++ b/templates/scriptreceiver/backup_db.erb.sh @@ -11,5 +11,7 @@ else fi docker exec ${container} /do_backup.sh ${customer} +chown root:script /opt/mariadb_backup/ +chmod 750 /opt/mariadb_backup/ chmod 755 ${backupdir} chown -R script:root ${backupdir} --- templates/script/backupdb.erb.sh | 10 ++++++---- templates/scriptreceiver/backup_db.erb.sh | 2 ++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/templates/script/backupdb.erb.sh b/templates/script/backupdb.erb.sh index b35acbc..1eb7992 100644 --- a/templates/script/backupdb.erb.sh +++ b/templates/script/backupdb.erb.sh @@ -6,11 +6,16 @@ sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk number_of_full_to_keep="<%= @full_backup_retention %>" backup="${1}" +if [[ -z ${backup} ]]; then + backup="backup1.$(hostname -d)" +fi if ! [[ ${backup} =~ backup1.*sunet.se$ ]]; then echo "Usage: ${0} " echo "Example: ${0} backup1.sunet.drive.sunet.se" fi backup_dir="/opt/backups" +backup_dir_long="${backup_dir}/backups" +mkdir -p ${backup_dir} bucket="db-backups" mirror="<%= @customer %>-<%= @environment %>-mirror" if [[ ${mirror} =~ common-(test|prod)-mirror ]]; then @@ -23,11 +28,8 @@ ssh ${backup} "sudo /home/script/bin/backup_db.sh" echo "Cleaning up old backups for ${backup}" ssh ${backup} "sudo /home/script/bin/purge_backups.sh /opt/mariadb_backup/backups/" echo "Copying backups here" -mkdir -p ${backup_dir} -scp script@${backup}:/opt/mariadb_backup/backups/$(date +%Y/%m/%d)/*.gz ${backup_dir} +scp script@${backup}:/opt/mariadb_backup/backups/$(date +%Y/%m/%d)/*.gz ${backup_dir_long} echo "Copying backups to remote bucket" rclone mkdir ${mirror}:${bucket} duplicity --full-if-older-than 1M --tempdir /mnt --archive-dir /mnt --no-encryption ${backup_dir} rclone://${mirror}:/${bucket} duplicity remove-all-but-n-full ${number_of_full_to_keep} --tempdir /mnt --archive-dir /mnt --force rclone://${mirror}:/${bucket} -echo "cleaning up" -rm -r ${backup_dir} diff --git a/templates/scriptreceiver/backup_db.erb.sh b/templates/scriptreceiver/backup_db.erb.sh index 025a338..3e15f25 100644 --- a/templates/scriptreceiver/backup_db.erb.sh +++ b/templates/scriptreceiver/backup_db.erb.sh @@ -11,5 +11,7 @@ else fi docker exec ${container} /do_backup.sh ${customer} +chown root:script /opt/mariadb_backup/ +chmod 750 /opt/mariadb_backup/ chmod 755 ${backupdir} chown -R script:root ${backupdir} From ff3a5c143c6a0933a01382af9eed12cd5f359f92 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 13 Jun 2023 12:16:55 +0200 Subject: [PATCH 10/10] Pass on vaiables --- manifests/db_type.pp | 14 ++++++++------ manifests/mariadb.pp | 9 +++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/manifests/db_type.pp b/manifests/db_type.pp index 6448878..7c953b4 100644 --- a/manifests/db_type.pp +++ b/manifests/db_type.pp @@ -4,7 +4,9 @@ define sunetdrive::db_type( $bootstrap=undef, $location=undef, $override_config = undef, - $override_compose = undef) + $override_compose = undef, + $replicate_rewrite_db = undef, +) { # Config from group.yaml @@ -27,8 +29,8 @@ define sunetdrive::db_type( $mysql_user_password = safe_hiera('mysql_user_password') $mariadb_dir = '/etc/mariadb' $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb' - $server_id = 1000 + Integer($facts['hostname'][-1]) - ensure_resource('file',"${mariadb_dir}", { ensure => directory, recurse => true } ) + $server_id = 1000 + Integer($facts['networking']['hostname'][-1]) + ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } ) $dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ] $dirs.each |$dir| { ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } ) @@ -90,7 +92,7 @@ define sunetdrive::db_type( mode => '0744', } sunet::scriptherder::cronjob { 'purge_binlogs': - cmd => "/usr/local/bin/purge-binlogs", + cmd => '/usr/local/bin/purge-binlogs', hour => '6', minute => '0', ok_criteria => ['exit_status=0','max_age=2d'], @@ -109,14 +111,14 @@ define sunetdrive::db_type( content => template('sunetdrive/mariadb/status-test.erb'), mode => '0744', } - file { "/etc/sudoers.d/99-size-test": + file { '/etc/sudoers.d/99-size-test': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/size-test\n", mode => '0440', owner => 'root', group => 'root', } - file { "/etc/sudoers.d/99-status-test": + file { '/etc/sudoers.d/99-status-test': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/status-test\n", mode => '0440', diff --git a/manifests/mariadb.pp b/manifests/mariadb.pp index 66f3522..8725c8a 100644 --- a/manifests/mariadb.pp +++ b/manifests/mariadb.pp @@ -8,12 +8,13 @@ class sunetdrive::mariadb ( $replicate_rewrite_db = undef, ) { - $quorum_id = $facts['facts['networking']['fqdn']'] + $quorum_id = $facts['networking']['fqdn'] $quorum_password = safe_hiera('quorum_password') $db = sunetdrive::db_type { 'base_db': - bootstrap => $bootstrap, - tag_mariadb => $tag_mariadb, - location => $location, + bootstrap => $bootstrap, + tag_mariadb => $tag_mariadb, + location => $location, + replicate_rewrite_db => $replicate_rewrite_db, } file { '/etc/quorum.conf': ensure => file,