From c143c40dcc57a18e9c6ba087bb160baba33680be Mon Sep 17 00:00:00 2001 From: Olav Reinert Date: Apr 11 2021 10:28:22 +0000 Subject: forum: config for new_forum.i.o.o --- diff --git a/pillar/id/new-forum_infra_opensuse_org.sls b/pillar/id/new-forum_infra_opensuse_org.sls new file mode 100644 index 0000000..f0709d8 --- /dev/null +++ b/pillar/id/new-forum_infra_opensuse_org.sls @@ -0,0 +1,21 @@ +grains: + city: nuremberg + country: de + hostusage: + - on vBulletin5 + roles: + - web_forum + reboot_safe: yes + salt_cluster: opensuse + virt_cluster: atreju + + aliases: [] + description: Webserver running forums.opensuse.org on vBulletin5 + documentation: + - https://www.vbulletin.com/en/manual + responsible: + - oreinert + - pjessen + partners: [] + weburls: + - https://forums.opensuse.org diff --git a/pillar/role/web_forum.sls b/pillar/role/web_forum.sls new file mode 100644 index 0000000..0481cd6 --- /dev/null +++ b/pillar/role/web_forum.sls @@ -0,0 +1,98 @@ +include: + - role.common.nginx + {% if salt['grains.get']('include_secrets', True) %} + - secrets.role.web_forum + {% endif %} + +{% set vhost = 'forums' %} +nginx: + ng: + servers: + managed: + {{vhost}}.conf: + config: + - server: + - listen: 80 + - server_name: forums.opensuse.org + - root: /srv/www/vhosts/{{vhost}}/htdocs + - index: index.php index.html + - access_log: /var/log/nginx/{{vhost}}.access.log combined + - error_log: /var/log/nginx/{{vhost}}.error.log + - location = /50x.html: + - root: /srv/www/htdocs + - location = /css\.php: + - rewrite: ^ /core/css.php break + - location ^~ /install: + - rewrite: ^/install/ /core/install/ break + - location /: + - if (!-f $request_filename): + - rewrite: ^/(.*)$ /index.php?routestring=$1 last + - location ^~ /admincp: + - if (!-f $request_filename): + - rewrite: ^/admincp/?(.*)$ /index.php?routestring=admincp/$1 last + - location ~ \.php$: + - if (!-f $request_filename): + - rewrite: ^/(.*)$ /index.php?routestring=$1 break + - fastcgi_split_path_info: ^(.+\.php)(.*)$ + - fastcgi_pass: phpfastcgi + - fastcgi_index: index.php + - fastcgi_param: SCRIPT_FILENAME $document_root$fastcgi_script_name + - include: fastcgi_params + - fastcgi_param: QUERY_STRING $query_string + - fastcgi_param: REQUEST_METHOD $request_method + - fastcgi_param: CONTENT_TYPE $content_type + - fastcgi_param: CONTENT_LENGTH $content_length + - fastcgi_intercept_errors: 'on' + - fastcgi_ignore_client_abort: 'off' + - fastcgi_connect_timeout: 60 + - fastcgi_send_timeout: 180 + - fastcgi_read_timeout: 180 + - fastcgi_buffers: 256 16k + - fastcgi_buffer_size: 32k + - fastcgi_temp_file_write_size: 256k + - upstream phpfastcgi: + - server: unix:/run/php-fpm/{{vhost}}.sock + enabled: True + +# configure host-specific parameters for vbulletin in pillar/id/*.sls +vbulletin: + config: + Database: + dbname: webforums5 + technicalemail: admin-auto@opensuse.org + tableprefix: vb_ + MasterServer: + servername: 192.168.47.4 + port: 3307 + username: vbulletin + # password provided as a secret + Mysqli: + charset: Latin1 + SpecialUsers: + canviewadminlog: '1,5' + canpruneadminlog: '1,5' + canrunqueries: '1,5' + undeletableusers: '1' + superadmins: '1,431,740,783,5442,105475' + Misc: + maxwidth: 2592 + maxheight: 1944 + +zypper: + packages: + php7-fpm: {} + php7-mysql: {} + php7-gd: {} + php7-json: {} + php7-xmlreader: {} + php7-xmlwriter: {} + php7-mbstring: {} + php7-iconv: {} + php7-imagick: {} + php7-curl: {} + php7-ctype: {} + php7-phar: {} + php7-opcache: {} + php7-tokenizer: {} + php7-zlib: {} + diff --git a/pillar/secrets/role/web_forum.sls b/pillar/secrets/role/web_forum.sls new file mode 100644 index 0000000..45b8a27 --- /dev/null +++ b/pillar/secrets/role/web_forum.sls @@ -0,0 +1,84 @@ +#!yaml|gpg + +vbulletin: + config: + MasterServer: + password: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+NrwgSJSbzEG9l9JDHfOqgTRfXXPGgD82zM0uMUIClRQM + 9W0DL4vSesG6og4M1YSnoOiuwuu2JlX4qcMDywc5RMmHpbrjACbFI+QTrL6yx4Nt + AzIOMUZJIU1t/9/spqt25utpfEl01CePae2e93VBxgfDVbkWS4a4TDIPTaGsMlSK + otBEWaUwVjPc6YbYehlCklWKkYG1HAm2lbI7cINYsteWRcE0zCPIsBzi81ydjyBO + PspSAwI1+GGPsgPKdWRNQfpc8mWD8+1ThRAb/nhBI/9TqCpt+yLTnmE+dEZK+exJ + XMUTsa5iaIqw8HRthuxVINvQcxjGBhauzT9+4nb/drV35s3/q/9dgm0QWzWcyPOr + CcyjJ6LENEISqnfLl+UdOeKaW39RW4Swl2hVMHyN1xyc2CmsIrf3RkZJnvR3VhDg + ptoS4Cva4EhcSMsYTT62lLp8t2ZcO4uzbQ8te260Gc2wa85ogmenLQw6OnPiYR4t + J++jZCXZOHebaIFTbbh/lIJ2UGxJjsspqiS7rCJ3neonajh0s6o8H9johbbo+t/d + qWR+jW7Xa9LKc/NIlJ4IXLJbZWAxtkFZPv/jx9LxYg/yRo2A26fh4upx1sF0ziF0 + JfQSAus+TO4lF9uRM+B3TCHMDJBppaaX9Lio5SiVaQ6x44/QfT1OKesmVkqCkVMP + /Ri5NEabHQmB3dKXp/JK2voaJIksF/3UvR8UEmw5Xhc/9mT8NBVtbytb3V41ZVhd + eRYO1b0hXBGicxbgKuKrIpUlPSDxNUX+Xie5iYA5i6ePsamg3Hulvz8lr4w/Z5O5 + zJOowZdEklBhFokHRs0wiBvOedXTGMZY9UKQjHNVHhCRO70dTYU9ayAL9oJtge1B + ugqk89k0Nr7r6AM6q+MPqa8kMMOOOdMcMZYZCIhKc9hkTPtotctOFWTfgFKOrJAT + iQK9u6FZk3RlIZP2JipY92sF/YzQDop5Fr7LfPbU9lEx2x31L/t1kdO95roFGoE/ + vuZwjVGI/wNTMWNQR0ODeHCB6ZrUqpANlDNCXhC2LiYdYCxVuEnjWtEo8/d+kymA + c3rRCR3Yei4UnNKWAcoQshzPh8SK+8aC3ordb+hVavG8sMkaU7nizYhRp6qsmPs+ + 90CKqeJdz1KFR0QxksVCTMgNYPKQpN6f3kUx//QIAtsC3WGIPi6gB3mfikhRKsMk + fzwzLn1ZR6+u+hFtzk4IVTL8LOnApabX/RVmMkHz1BDBny5YGaw9mkxxDy5W+UR2 + 5cbcFgAA36vk9WmL7oNv5q+1gVEaNG3bNUPqHKiy9hPTOKeE0MtfIfqvdF5L/UP9 + Q9SE14LOYlDMc+hDeASpypaxTs7tWNP4nPb+23vzY0X/hQIMA8amgupjyC8cARAA + ws9rZ+6cp+T8iTfcCwubKe8mFbXEnxktP2FSwkL7MRVHbe59302yH/se/+dpzzxp + 5Z+OGsVcRrNf8MuXjsmd9Zs0fzLDcp+nNBb40u9w8Ruq84l2EkJtGMrbw9AFvtZx + fZBEhdGu4Hbq2/S7u9lqZVczzj0lXo6EzieYMnksdal+t0jRyp8ozjkZ/RenDllS + vwnGCikBk0WCwkb6aug/Q0d2zQwcg8tpjAavZTP09e+St4EQKtliC8TEH2nzMJnE + c8eeNNDl4hsYJIkZX9aMxhFCSyn8wBUks768Clmj9KZR/fBnIhtJqIaU4o/RM5EK + NKgMskjfIuzdEZISZDdMIeAncr7P6phYzTnzJCHA5Sf35aal/Bk4Nrl33154wXc/ + G4OOFd474wk0N1++/gKOLbsXg7+R3DA9EOPW5nJXTkPYGt0oUFUI2TqPhU5TnI7R + KjEMO6ZqgKdrVug32SmLjuagV6HNQKrCqar/9z9dRJEAzu5oC/jkpd2osNMfeoLt + 9VfgFr5zXpCSUJzFGbfJ9UFhq4C754KscgMwP70bPNMwj1w+ykIAHEkpsJ1wDagp + bK3yhafyKXiWyQ/Rw/FyFZe00McCOGK1qT/L86e2q4VJ4YWt5RH+Mdh9ZkarmWae + pge+hwwbfIxd9myBlJyKW1TXPdQi7NOURfRg8dpCvr+FAQ4DslgfDDfB4G8QA/9G + Ho3hNptff9UOA9//PFmUMY8X9LryGHEOp0f8sTUa3mZzcJmsR1eU6lyDM1GTXM39 + xvG+O08o8Wf3ctlme/bYDr8ssK++bExXqQwRPTm3cft7uZ2ZAnMTaQNxcRw2hVFQ + AvFbZgiKH0AmR1/SIvyqWsNQZ/IuOPxvDIKiIwCM7wQAkdPiUuTNpCLlPtYAtS0U + ApDtc16MKx7HGbEY15kIs0REElRJgGf63WXymzCaV1wvCO5CT/86jgDPMbtjd5y2 + TNzxXNZ3T0hq+KIiCMViMUO8YZstoe/b4tVD3fFmDu8gPMZpKyDystd0s3ZITNQc + Nenx8Aj3ZwKYafXxrqyWnUKFAg4DiLcKbyvsTOYQB/sGK3YLqW03LckqcW6UPDib + l8k2zHX1ZPG5uQC0nCrW0ojqXq5nGBg15ZWm25Er8D9kXQLp02m5pDVzVpHhOTvZ + xemi1PdXUNch4qMDyDG6MLU3LOHGZ9Rq30H/q6xwpxHYs1o2fotnvUz+cFwjgEF9 + 8nowRHp3RJAtp0bC0FyTPZ5hLAZ3y4UMdvpPBIEdxLP3dX+BN+wnqovYnkiPdu5V + 4TCSbwdMab+aAAkWhVSOcMeUkalcJdB/v24b+N+N64iCQbC67oelKUrYI8LANJkM + 0bt8IXDjVxbMQaX/PBM2bkbDwjYpD5m7UBMZqu4g+PV78LlgJGGk7LNnJf7mGkxY + CACigFvQF1pc7N+69EoRrKOBaMKzH9zWvEHEVeoJ3ne+d7jPJiqNfyfMP/GInWFH + I8n4R1uV4KKF6VPfI7lKAC0PLNMaoM4Po3A4frCOj6jqZxKrRjLhoh/1CO8ER3Vj + 6SgypQTx1FBEgL9eLhs0k1rYEXs/LPBN5ScolC2kw2YWsk6fnC3xlH1z/h28SEGt + VdAHxjeOHfgdpbYMKcqWJ307FCkrGVHIDF6AaDiMHwMkxRFjZSZQMGWKN2iPvXiK + JOwrH+JjKn2yoZjG/mBcUxtIwFk+I+fuNgDxPMmkELZ5V3C1mh5Zx6UOzhdqFbTV + iaWWjqgl/L5sZ18Lv9oKqwDwhQIMA3GiBwULdMTdARAAgw4IlXr39O82xevKOVti + JJXZJMqemEN7pucu15a2oLXJM2PUSZUc2kxHW84WFbKEqVFXuAluxAQ3Qyktvjrw + Pfzx8V977oeJh038CFRbgtJU+q/tvbwgPXH6WJHNhZgndr0VPrSKtm2Bg80z52Tl + 8C6+vKS3eE/Ce0VcN4hgh8KzmV4aVQEevKn0CmDMC8ZMA99S2tdIR9pgfuKQb5Bv + GrgcNQDoryYEdt/NQu4dmhecT9XIlWAe150ilSk5q19Yu+ifdYJahFfqMMItgULd + w8nJdTiDGpiMumg8t4pmf/8IL1jq6katoHxop/FRtTz7tm/uLsrORe3QYIxjRgye + Q1NQC3TYa0QD+uT4hNOQ/wI0hk/hJFckqeNFdlOH1pb1qvQTxQNCFOUzaZbUsTGL + 4S0mLPEd28yWavg4FijERmpJ+mBCZ57FWCEQ/iTPFaowNTzRXi9vnb075NYzVskw + m33ZcJ7R8Hmlhjkvd7Qv2n+7Tsn2UHFJC16zWAWFAaHKbuOJhreH49XBHa2pOe1K + Jv/AmgkgNcjTZBYdo3Dc55LJNGptLUNSfQvDd1dbXy16UCasl4y0VhO3VhBSXNis + xGZej5rW2jywyLtWetlvUgLGH7Znxk4jtSCtnVJex8vXPCIVkXZepGdckGTeK4eX + 1dDPxVgb+knExgDXOVhX2cWFAgwDrPDOChusaZEBD/4vj9P46ilDx05kjcrdlXSB + PgnLc1Ne+Emc7mNRCSDAMBk038MVXflg7rLCDwHowtgk3ptkPDFeXe8guTw2dgws + loVwCWfIngefxqnxkc9sc8U1fgs8fCDD9+ZO7drmw3eU/DScvp8/TGYlEwpm/bAG + RWRt7GV2efXjC8fE2eEFAa3IydclAPzNddT9lC95ezOA3wec38i8/JJryfObc6Vl + Pdp2Sy7n6h43uaVbggJ28OiV6t5ROmaSYZOUVQmlcIfl5F0kQDSHNaN39GEmg8Kn + 0EyHc4NveRTG4M5GPekpgI7bRHHLV0I33wlDp+ems1rXLh/FkYnuWk9ffQ2xthz+ + m5du5CB0JRXiZaF2UvZpS9cdS/c8d6JeuEesjfZQ/lWUW4IXLnacygurt8JXq2JF + Kw+iT6jjy0JrQgB0j/yvPt4idssbgyZvIodWg6GGgLar6Wbsc04lDYs8wuetwHUV + BsMjjoUzXlrhPsEaBYt26r0zCHGDhHDXXTC2iOSMxnkGIUMwHije+GpDuZPYqarN + vohEBgHyEYmExittmCo/hPj1aablCAVKgl/s90DzTFckllIYZ0QK0JB/ccRyq/AN + oSGv4GiCxmOAKfdTsJ7rQY2mrDmoMwrIjAS8Qpp1BjI30g/sPuFOV62VqKk90cTf + zcJ5F6AToVarWPkUiMgo7dJQAWoEeUr46f+VZpYFrZVQPlAqQ/+/BcuzMqhqaHc0 + zuh+Bp2c+JCNHE2C5/kIVkvt/c+v69Kk7SzG8rONuFrE6r6Smbac1yGcT45ZWH8x + YyA= + =Juqz + -----END PGP MESSAGE----- diff --git a/salt/profile/vbulletin/files/db-tweak.sql b/salt/profile/vbulletin/files/db-tweak.sql new file mode 100644 index 0000000..cecec62 --- /dev/null +++ b/salt/profile/vbulletin/files/db-tweak.sql @@ -0,0 +1,6 @@ +grant all on VB.* to '{{username}}'@'{{host}}' identified by '{{password}}'; + +update vb_setting set value='{{bburl}}' where varname='bburl'; +update vb_setting set value='{{frontendurl}}' where varname='frontendurl'; + +update vb_setting set value=1 where varname='bburl_basepath'; diff --git a/salt/profile/vbulletin/files/fpm-listener.conf b/salt/profile/vbulletin/files/fpm-listener.conf new file mode 100644 index 0000000..d8414db --- /dev/null +++ b/salt/profile/vbulletin/files/fpm-listener.conf @@ -0,0 +1,11 @@ +[{{name}}] +user = {{user}} +listen = /run/php-fpm/{{name}}.sock +listen.group = {{ listen_group | default(user) }} + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 20 + diff --git a/salt/profile/vbulletin/files/vb_test.php b/salt/profile/vbulletin/files/vb_test.php new file mode 100644 index 0000000..1769591 --- /dev/null +++ b/salt/profile/vbulletin/files/vb_test.php @@ -0,0 +1,406 @@ + + + + + + vBulletin Test Script + + + + + + + + +
cplogovBulletin Server Test Script
vBulletin Website
 
+
+
+ +options(MYSQLI_OPT_LOCAL_INFILE, false); + + if (mysqli_connect_errno()) + { + $db_connection_error = mysqli_connect_error(); + return false; + } + return $obj; + } +} + +function test_ini_set($setting, $value) +{ + $result = @ini_set($setting, $value); + if ($result === false OR $result === null) + { + return false; + } + else + { + return $result; + } +} + +//initalise variables dont want any XSS in our test script :) +$versions = array(); + +$required_versions = array( + 'PHP' => '7.2.0', + 'MySQL' => '5.5.8' +); + +if (!empty($_GET['help'])) +{ + $tested = false; + + $type = strtolower($_GET['help']); + $help = array(); + $help['php'] = 'Your PHP Version is too low to support vBulletin 5, you must at least upgrade to ' . $required_versions['PHP']; + $help['mysql'] = 'Your MySQL version is too low to support vBulletin 5, you must at least upgrade to ' . $required_versions['MySQL']; + $help['pcre'] = 'vBulletin requires PCRE to be enabled in PHP, ask your host to enable this in php.ini'; + $help['open_basedir'] = 'You may experience problems with uploading files to vBulletin'; + $help['curl'] = 'The cUrl extension is needed for many features that gather data from the internet'; + $help['json'] = 'The JSON extension is required to support vBulletin 5'; + $help['gzip'] = 'vBulletin uses GZIP to compress pages, though this is not essential for operation'; + $help['mysql_perms'] = 'vBulletin requires that the mysql username has create, select, update, insert, ' . + 'delete, alter and drop privledges, contact your host and ask them to adjust these privledges.'; + $help['xml'] = 'XML is required as a major component of vBulletin for data storage of languages, settings and templates.'; + $help['gd'] = 'GD functions are used to produce images, this includes features such as thumbnails and image verification on registration'; + $help['iconv'] = 'Iconv is used to handle different character encodings. Either the Multibyte String ' . + 'or iconv modules are required to properly handle character encodings. Multibyte String is preferred.'; + $help['mbstring'] = 'Multibyte String is used to handle different character encodings. Either the Multibyte String ' . + 'or iconv modules are required to properly handle character encodings. Multibyte String is preferred.'; + $help['pcre.backtrack_limit'] = 'PHP 5.2.0 and above imposes a limit on PCRE code that we are unable to work-around on this server. ' . + 'Ask your host to add the following to php.ini:
pcre.backtrack_limit = -1'; + $help['pcre.utf8'] = 'PCRE with utf8 support is recommended'; + $help['mysql.utf8mb4'] = 'The utf8mb4 character set allows extended (up to four byte) utf8 characters. Requires MySql 5.5.3 or greater.'; + + echo ''; + echo ''; +} +elseif (empty($_POST['server']) or empty($_POST['user']) or empty($_POST['db'])) +{ + $tested = false; + + echo ''; + echo ''; + echo ''; + echo ' '; + echo ' '; + echo ''; + echo ''; + echo ' '; + echo ' '; + echo ''; + echo ''; + echo ' '; + echo ' '; + echo ''; + echo ''; + echo ' '; + echo ' '; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; +} +else +{ + $tested = true; + + /** + * Define the tests + */ + + // modules + // modulename => 'represtative function' or array('function1', 'function2'). There should also be a "help" + // entry for every module + $required_modules = array( + 'PCRE' => 'preg_replace', + 'XML' => 'xml_set_element_handler', + 'curl' => 'curl_init', + 'json' => 'json_encode' + ); + + $recommended_modules = array( + 'GZIP' => array('crc32', 'gzcompress'), + 'GD' => 'imagecreatetruecolor', + 'iconv' => 'iconv', + 'mbstring' => 'mb_convert_encoding' + ); + + //'feature' => test query. Will check if query produces an error, but not + //what it returns + $mysql_perms = array( + 'create' => 'CREATE TABLE vb3_test (test int(10) unsigned NOT NULL)', + 'alter' => 'ALTER TABLE vb3_test CHANGE test test VARCHAR(254) NOT NULL', + 'insert' => 'INSERT INTO vb3_test (test) VALUES (\'abcd\')', + 'update' => 'UPDATE vb3_test SET test=123 WHERE test=\'abcd\'', + 'select' => 'SELECT * FROM vb3_test WHERE test=123', + 'delete' => 'DELETE FROM vb3_test WHERE test=123', + 'drop' => 'DROP TABLE vb3_test' + ); + + //either a query string (check for error) or an anonymous function that + //takes the mysqli object as a parameter. Always fails when the db connection + //does not exist (function will not be called). + $mysql_recommended = array( + 'mysql.utf8mb4' => function($db) + { + $result = $db->query("SHOW CHARACTER SET LIKE 'utf8mb4'"); + return ($result->num_rows > 0); + }, + ); + + $required_tests = array(); + + $recommended_tests = array( + 'open_basedir' => function() + { + return (get_cfg_var('open_basedir') == ''); + }, + 'pcre.backtrack_limit' => function() + { + return (!test_ini_set('pcre.backtrack_limit', -1) === false); + }, + 'pcre.utf8support' => function() + { + return (@preg_match('/\p{L}/u', 'a') == 1); + }, + ); + + + /** + * Run the tests + */ + + class vB_TestObserver + { + private $results = array(); + private $failures = 0; + + public function getFailureCount() + { + return $this->failures; + } + + public function getResults() + { + return $this->results; + } + + public function logTest($name, $result) + { + $this->results[$name] = (bool) $result; + if(!$result) + { + $this->failures++; + } + } + } + + $requiredResults = new vB_TestObserver(); + $recommendedResults = new vB_TestObserver(); + $mysqlResults = new vB_TestObserver(); + + //PHP + $versions['PHP'] = phpversion(); + + $db = DB::fetch_db($_POST['server'], $_POST['user'], $_POST['pass'], $_POST['db']); + //MySQL + if(!$db) + { + //if we don't this this, then then it will be set by the version test. + $requiredResults->logTest('MySQL', false); + } + else + { + $vquery = $db->query('SELECT VERSION() AS version'); + $mysql = $vquery->fetch_array(); + $versions['MySQL'] = $mysql['version']; + } + + //check mysql permissions + foreach($mysql_perms AS $feature => $query) + { + $mysqlResults->logTest($feature, ($db AND $db->query($query))); + } + + foreach($mysql_recommended AS $feature => $query) + { + if(!$db) + { + $result = false; + } + else if (is_callable($query)) + { + $result = $query($db); + } + else + { + $result = (bool) $db->query($query); + } + + $recommendedResults->logTest($feature, $result); + } + + + if ($db) + { + $db->close(); + } + + //check versions -- if we don't set the version of something, we skip the check + //(presumably this means we couldn't look it up and there is another error that covers + //that such as the database. + foreach($versions as $feature => $version) + { + $requiredResults->logTest($feature, !version_compare($version, $required_versions[$feature], '<')); + } + + function check_modules($modules, $observer) + { + //check modules. + foreach ($modules AS $module => $function) + { + $test_function = $function; + if (!is_array($function)) + { + $test_function = array($test_function); + } + + $pass = true; + foreach($test_function AS $check) + { + if (!function_exists($check)) + { + $pass = false; + } + } + + $observer->logTest($module, $pass); + } + } + + check_modules($required_modules, $requiredResults); + check_modules($recommended_modules, $recommendedResults); + + foreach($required_tests AS $name => $function) + { + $requiredResults->logTest($name, $function()); + } + + foreach($recommended_tests AS $name => $function) + { + $recommendedResults->logTest($name, $function()); + } + + //translate to the previos vars for display -- should eventually rewrite that + //part as well. + $e_test = $requiredResults->getResults(); + $mysql = $mysqlResults->getResults(); + $test = $recommendedResults->getResults(); + + //a bit of a hack to handle previous behavior. This doesn't + //fit into our nice little formal setup. + //not sure why we set the version only if GD passes. + if ($test['GD']) + { + $versions['GD'] = '2.x'; + } + + $e_error = $requiredResults->getFailureCount() + $mysqlResults->getFailureCount(); + $error = $recommendedResults->getFailureCount(); + + echo ''; + foreach ($e_test AS $type => $result) { + echo ''; + echo ' '; + echo ' '; + echo ' '; + echo ''; + } + if ($db_connection_error) + { + echo ''; + echo ' '; + echo ''; + } + echo ''; + foreach ($mysql AS $type => $result) { + echo ''; + echo ' '; + echo ' '; + echo ''; + } + + echo ''; + foreach ($test AS $type => $result) { + echo ''; + echo ' '; + echo ' '; + echo ' '; + echo ''; + } + + echo ''; + +} + +?> +
' . htmlspecialchars($type) . ' Help
' . $help["$type"] . '
MySQL Information
MySQL Server
MySQL Database
MySQL Username
MySQL Password
Essential vBulletin Requirements
' . $type . '' . (!isset($versions["$type"]) ? '' : $versions["$type"]) . '' . iif($result, 'Pass', 'Fail') . '
Database Connection Error:  ' . htmlspecialchars($db_connection_error) . '
MySQL Permission Requirements
' . $type . '' . iif($result, 'Pass', 'Fail') . '
Recommended Settings (Optional)
' . $type . '' . (!isset($versions["$type"]) ? '' : $versions["$type"]) . '' . iif($result, 'Pass', 'Fail') . '
Overall Result:' . iif($e_error, 'Fail', 'Pass') . '
+
+vBulletin 5 should run on your system without any errors

'; + } + elseif ($e_error == 0) + { + echo '

vBulletin 5 should run on your system though there may be reduced functionality, click the link(s) above for more information

'; + } + else + { + echo '

vBulletin5 will not run on your system, please click the link(s) above for more information.

'; + } + } +/*======================================================================*\ +|| #################################################################### +|| # CVS: $RCSfile$ - $Revision: 105451 $ +|| #################################################################### +\*======================================================================*/ +?> + + diff --git a/salt/profile/vbulletin/init.sls b/salt/profile/vbulletin/init.sls new file mode 100644 index 0000000..350b17f --- /dev/null +++ b/salt/profile/vbulletin/init.sls @@ -0,0 +1,13 @@ +# NOTE: +# The vb5 binaries must be uploaded to the target host, and made available at +# +# /root/vb5_connect.zip +# +# before running state.apply + +include: + - profile.vbulletin.php-fpm +{% if salt['file.file_exists']('/root/vb5_connect.zip') %} + - profile.vbulletin.setup + - profile.vbulletin.tools +{% endif %} diff --git a/salt/profile/vbulletin/php-fpm.sls b/salt/profile/vbulletin/php-fpm.sls new file mode 100644 index 0000000..b856755 --- /dev/null +++ b/salt/profile/vbulletin/php-fpm.sls @@ -0,0 +1,34 @@ +/etc/php7/fpm/php.ini: + file.managed: + - contents: + - memory_limit = 192M + - opcache.enable=1 + - opcache.interned_strings_buffer=8 + - opcache.max_accelerated_files=10000 + - opcache.memory_consumption=128 + - opcache.save_comments=1 + - opcache.revalidate_freq=1 + +/etc/php7/fpm/php-fpm.conf: + file.managed: + - contents: + - pid = run/php-fpm.pid + - error_log = syslog + - syslog.ident = fpm + - log_level = notice + - include=/etc/php7/fpm/php-fpm.d/*.conf + +/etc/php7/fpm/php-fpm.d/forums.conf: + file.managed: + - source: salt://profile/vbulletin/files/fpm-listener.conf + - template: jinja + - context: + name: forums + user: nginx + +php-fpm: + service.running: + - enable: True + - watch: + - file: /etc/php7/fpm/* + diff --git a/salt/profile/vbulletin/setup.sls b/salt/profile/vbulletin/setup.sls new file mode 100644 index 0000000..a2cae5c --- /dev/null +++ b/salt/profile/vbulletin/setup.sls @@ -0,0 +1,57 @@ +/srv/www/vhosts/forums: + file.directory: + - user: root + - group: nginx + - dir_mode: 750 + - makedirs: True + archive.extracted: + - source: /root/vb5_connect.zip + - keep_source: False + - enforce_toplevel: False + - trim_output: True + +/srv/www/vhosts/forums/htdocs: + file.copy: + - source: /srv/www/vhosts/forums/upload + - preserve: True + - user: root + - group: nginx + - mode: 644 + +/srv/www/vhosts/forums/htdocs/.htaccess: + file.rename: + - source: /srv/www/vhosts/forums/htdocs/htaccess.txt + +/srv/www/vhosts/forums/htdocs/config.php: + file.rename: + - source: /srv/www/vhosts/forums/htdocs/config.php.bkp + +/srv/www/vhosts/forums/htdocs/core/includes/config.php: + file.rename: + - source: /srv/www/vhosts/forums/htdocs/core/includes/config.php.new + +{% for key1, values in pillar.vbulletin.config.items() %} +{% for key2, value in values.items() %} + +configure vBulletin {{key1}}-{{key2}}: + file.line: + - name: /srv/www/vhosts/forums/htdocs/core/includes/config.php + - match: "^(// )?\\$config\\['{{key1}}']\\['{{key2}}']" + - content: "$config['{{key1}}']['{{key2}}'] = '{{value}}';" + - mode: replace + +{% endfor %} +{% endfor %} + +/srv/www/vhosts/forums/htdocs/core/includes/md5_sums_vbulletin.php: + file.managed: + - mode: 444 + - create: no + - replace: no + +/srv/www/vhosts/forums/htdocs/core/cache/css: + file.directory: + - user: nginx + - recurse: + - user + diff --git a/salt/profile/vbulletin/tools.sls b/salt/profile/vbulletin/tools.sls new file mode 100644 index 0000000..a6199a5 --- /dev/null +++ b/salt/profile/vbulletin/tools.sls @@ -0,0 +1,36 @@ +# NB: do not enable these tools in production + +{% set tools = salt['pillar.get']('vbulletin:tools', False) %} + +{% if tools %} +/srv/www/vhosts/forums/htdocs/vb_test.php: + file.managed: + - source: salt://profile/vbulletin/files/vb_test.php +{% else %} + file.absent +{% endif %} + +{% if tools %} +/srv/www/vhosts/forums/htdocs/info.php: + file.managed: + - contents: "" +{% else %} + file.absent +{% endif %} + +{% if tools %} +/srv/www/vhosts/forums/db-tweak.sql: + file.managed: + - source: salt://profile/vbulletin/files/db-tweak.sql + - template: jinja + - defaults: + host: {{ pillar.vbulletin.config.MasterServer.servername }} + username: {{ pillar.vbulletin.config.MasterServer.username }} + password: {{ pillar.vbulletin.config.MasterServer.password }} + bburl: {{ grains.weburls[0] ~ '/forum' }} + frontendurl: {{ grains.weburls[0] }} +{% else %} + file.absent +{% endif %} + + diff --git a/salt/role/web_forum.sls b/salt/role/web_forum.sls new file mode 100644 index 0000000..4db44b7 --- /dev/null +++ b/salt/role/web_forum.sls @@ -0,0 +1,3 @@ +include: + - profile.web.server.nginx + - profile.vbulletin