Add nordu.net

Don't expose php
2023-06-08 16:42:35 +02:00 · 2023-06-08 16:33:29 +02:00 · 2023-06-08 16:31:26 +02:00 · 2023-06-01 13:37:45 +02:00 · 2023-06-01 13:25:01 +02:00 · 2023-06-01 13:04:46 +02:00
6 changed files with 15 additions and 54 deletions
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@ -9,7 +9,13 @@ define sunetdrive::app_type (
  $environment = sunetdrive::get_environment()
  $customer = sunetdrive::get_customer()
  $nodenumber = sunetdrive::get_node_number()
  $is_multinode = (($override_config != undef) and ($override_compose != undef))
  if $is_multinode {
    $config = $override_config
  } else {
    $config = hiera_hash($environment)
  }
  # Common settings for multinode and full nodes
  $nextcloud_ip = $config['app']
  $s3_bucket = $config['s3_bucket']
@ -22,10 +28,7 @@ define sunetdrive::app_type (
  $gss_jwt_key = safe_hiera('gss_jwt_key')
  $smtppassword = safe_hiera('smtp_password')
  $is_multinode = (($override_config != undef) and ($override_compose != undef))
  if $is_multinode {
    # The config used
    $config = $override_config
    # Other settings
    $redis_host = $config['redis_host']
    $admin_password = $config[ 'admin_password' ]
@ -42,8 +45,6 @@ define sunetdrive::app_type (
    $session_save_handler = 'redis'
    $session_save_path = "tcp://${redis_host}:6379?auth=${redis_host_password}"
  } else {
    # The config used
    $config = hiera_hash($environment)
    $skeletondirectory = $config['skeletondirectory']
    # Other settings
    $redis_seeds = [
@ -70,7 +71,7 @@ define sunetdrive::app_type (
    $s3_secret = safe_hiera('s3_secret')
    $secret = safe_hiera('secret')
    $session_save_handler = 'rediscluster'
-    $session_save_path = "seed[]=${redis_seeds[0]['host']}:${redis_seeds[0]['port']}&seed[]=${redis_seeds[1]['host']}:${redis_seeds[1]['port']}&seed[]=${redis_seeds[2]['host']}:${redis_seeds[2]['port']}&seed[]=${redis_seeds[3]['host']}:${redis_seeds[3]['port']}&seed[]=${redis_seeds[4]['host']}:${redis_seeds[4]['port']}&seed[]=${redis_seeds[5]['host']}:${redis_seeds[6]['port']}&seed[]=${redis_seeds[7]['host']}:${redis_seeds[7]['port']}&seed[]=${redis_seeds[8]['host']}:${redis_seeds[8]['port']}&timeout=2&read_timeout=2&failover=error&persistent=1&auth=${redis_cluster_password}&stream[verify_peer]=0"
+    $session_save_path = "seed[]=${redis_seeds[0]['host']}:${redis_seeds[0]['port']}&seed[]=${redis_seeds[1]['host']}:${redis_seeds[1]['port']}&seed[]=${redis_seeds[2]['host']}:${redis_seeds[2]['port']}&seed[]=${redis_seeds[3]['host']}:${redis_seeds[3]['port']}&seed[]=${redis_seeds[4]['host']}:${redis_seeds[4]['port']}&seed[]=${redis_seeds[5]['host']}:${redis_seeds[6]['port']}&seed[]=${redis_seeds[7]['host']}:${redis_seeds[7]['port']}&seed[]=${redis_seeds[8]['host']}:${redis_seeds[8]['port']}&timeout=2&read_timeout=2&failover=error&persistent=1&auth=${redis_cluster_password}"
  }
  $twofactor_enforced_groups = hiera_array('twofactor_enforced_groups')
  $twofactor_enforced_excluded_groups = hiera_array('twofactor_enforced_excluded_groups')
--- a/templates/application/config.php.erb
+++ b/templates/application/config.php.erb
@ -101,57 +101,15 @@ $CONFIG = array (
  'overwritehost' => '<%= @site_name %>',
  'overwriteprotocol' => 'https',
  'passwordsalt' => '<%= @passwordsalt %>',
-<% if @location == 'gss-test' -%>
+<% if ! @is_multinode -%>
  'redis.cluster' => [
    'failover_mode' => \RedisCluster::FAILOVER_ERROR,
    'password' => '<%= @redis_cluster_password %>',
    'read_timeout' => 0.0,
    'seeds' => [
-      'redis1.drive.test.sunet.se:6379',
+<% @redis_seeds.each do |seed| -%>
-      'redis2.drive.test.sunet.se:6379',
+      '<%= seed['host'] %>:<%= seed['port'] %>',
-      'redis3.drive.test.sunet.se:6379',
+<% end -%>
      'redis1.drive.test.sunet.se:6380',
      'redis2.drive.test.sunet.se:6380',
      'redis3.drive.test.sunet.se:6380',
      'redis1.drive.test.sunet.se:6381',
      'redis2.drive.test.sunet.se:6381',
      'redis3.drive.test.sunet.se:6381'
    ],
    'timeout' => 1.1
  ],
 <% elsif @environment == 'test' && ! @is_multinode -%>
  'redis.cluster' => [
    'failover_mode' => \RedisCluster::FAILOVER_ERROR,
    'password' => '<%= @redis_cluster_password %>',
    'read_timeout' => 0.0,
    'seeds' => [
      'redis1.<%= @customer %>.drive.test.sunet.se:6379',
      'redis2.<%= @customer %>.drive.test.sunet.se:6379',
      'redis3.<%= @customer %>.drive.test.sunet.se:6379',
      'redis1.<%= @customer %>.drive.test.sunet.se:6380',
      'redis2.<%= @customer %>.drive.test.sunet.se:6380',
      'redis3.<%= @customer %>.drive.test.sunet.se:6380',
      'redis1.<%= @customer %>.drive.test.sunet.se:6381',
      'redis2.<%= @customer %>.drive.test.sunet.se:6381',
      'redis3.<%= @customer %>.drive.test.sunet.se:6381'
    ],
    'timeout' => 1.1
  ],
 <% elsif @environment == 'prod' && ! @is_multinode && @location != 'gss-prod' -%>
  'redis.cluster' => [
    'failover_mode' => \RedisCluster::FAILOVER_ERROR,
    'password' => '<%= @redis_cluster_password %>',
    'read_timeout' => 0.0,
    'seeds' => [
      'redis1.<%= @customer %>.drive.sunet.se:6379',
      'redis2.<%= @customer %>.drive.sunet.se:6379',
      'redis3.<%= @customer %>.drive.sunet.se:6379',
      'redis1.<%= @customer %>.drive.sunet.se:6380',
      'redis2.<%= @customer %>.drive.sunet.se:6380',
      'redis3.<%= @customer %>.drive.sunet.se:6380',
      'redis1.<%= @customer %>.drive.sunet.se:6381',
      'redis2.<%= @customer %>.drive.sunet.se:6381',
      'redis3.<%= @customer %>.drive.sunet.se:6381'
    ],
    'timeout' => 1.1
  ],
--- a/templates/application/docker-compose_nextcloud.yml.erb
+++ b/templates/application/docker-compose_nextcloud.yml.erb
@ -9,8 +9,7 @@ services:
      - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf
      - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf
      - /opt/nextcloud/404.html:/var/www/html/404.html
-      - /opt/nextcloud/apache.php.ini:/etc/php/8.0/apache2/php.ini
+      - /opt/nextcloud/nce.ini:/usr/local/etc/php/conf.d/nce.ini
      - /opt/nextcloud/cli.php.ini:/etc/php/8.0/cli/php.ini
      - /opt/nextcloud/complete_reinstall.sh:/complete_reinstall.sh
      - /opt/nextcloud/config.php:/var/www/html/config/config.php
      - /opt/nextcloud/nextcloud.log:/var/www/html/data/nextcloud.log
--- a/templates/application/mappingfile-prod.json.erb
+++ b/templates/application/mappingfile-prod.json.erb
@ -35,6 +35,7 @@
  "/mdu.se$/": "mdu.drive.sunet.se",
  "/miun.se$/": "miun.drive.sunet.se",
  "/nordunet.se$/": "nordunet.drive.sunet.se",
  "/nordu.net$/": "nordunet.drive.sunet.se",
  "/nrm.se$/": "nrm.drive.sunet.se",
  "/oru.se$/": "oru.drive.sunet.se",
  "/rkh.se$/": "rkh.drive.sunet.se",
--- a/templates/application/mappingfile-test.json.erb
+++ b/templates/application/mappingfile-test.json.erb
@ -35,6 +35,7 @@
  "/mdu.se$/": "mdu.drive.test.sunet.se",
  "/miun.se$/": "miun.drive.test.sunet.se",
  "/nordunet.se$/": "nordunet.drive.test.sunet.se",
  "/nordu.net$/": "nordunet.drive.test.sunet.se",
  "/nrm.se$/": "nrm.drive.test.sunet.se",
  "/oru.se$/": "oru.drive.test.sunet.se",
  "/rkh.se$/": "rkh.drive.test.sunet.se",
--- a/templates/application/nce.ini.erb
+++ b/templates/application/nce.ini.erb
@ -4,5 +4,6 @@
  post_max_size=30G
  max_execution_time=86400
  max_input_time=86400
  expose_php = off
  session.save_handler = <%= @session_save_handler %>
  session.save_path = "<%= @session_save_path %>"
Author	SHA1	Message	Date
Micke Nordin	3bd444762b	Add nordu.net	2023-06-08 16:42:35 +02:00
Micke Nordin	4f7a727dd5	Add nordu.net	2023-06-08 16:33:29 +02:00
Micke Nordin	b8fd3c22de	Don't expose php	2023-06-08 16:31:26 +02:00
Micke Nordin	cbd61f1e9b	Try without verify peer	2023-06-01 13:37:45 +02:00
Micke Nordin	f7b728a823	Try to set tcp	2023-06-01 13:25:01 +02:00
Micke Nordin	347d33d96e	Simplify config.ph with redis_seeds	2023-06-01 13:04:46 +02:00
Micke Nordin	f5cc63843e	fix name	2023-06-01 12:53:57 +02:00
Micke Nordin	3daa399b06	Reorder config	2023-06-01 12:37:18 +02:00
Micke Nordin	3be9fb986d	Add nce config	2023-06-01 12:28:14 +02:00