diff --git a/pillar/id/new-forum_infra_opensuse_org.sls b/pillar/id/new-forum_infra_opensuse_org.sls new file mode 100644 index 0000000..f0709d8 --- /dev/null +++ b/pillar/id/new-forum_infra_opensuse_org.sls @@ -0,0 +1,21 @@ +grains: + city: nuremberg + country: de + hostusage: + - on vBulletin5 + roles: + - web_forum + reboot_safe: yes + salt_cluster: opensuse + virt_cluster: atreju + + aliases: [] + description: Webserver running forums.opensuse.org on vBulletin5 + documentation: + - https://www.vbulletin.com/en/manual + responsible: + - oreinert + - pjessen + partners: [] + weburls: + - https://forums.opensuse.org diff --git a/pillar/role/web_forum.sls b/pillar/role/web_forum.sls new file mode 100644 index 0000000..0481cd6 --- /dev/null +++ b/pillar/role/web_forum.sls @@ -0,0 +1,98 @@ +include: + - role.common.nginx + {% if salt['grains.get']('include_secrets', True) %} + - secrets.role.web_forum + {% endif %} + +{% set vhost = 'forums' %} +nginx: + ng: + servers: + managed: + {{vhost}}.conf: + config: + - server: + - listen: 80 + - server_name: forums.opensuse.org + - root: /srv/www/vhosts/{{vhost}}/htdocs + - index: index.php index.html + - access_log: /var/log/nginx/{{vhost}}.access.log combined + - error_log: /var/log/nginx/{{vhost}}.error.log + - location = /50x.html: + - root: /srv/www/htdocs + - location = /css\.php: + - rewrite: ^ /core/css.php break + - location ^~ /install: + - rewrite: ^/install/ /core/install/ break + - location /: + - if (!-f $request_filename): + - rewrite: ^/(.*)$ /index.php?routestring=$1 last + - location ^~ /admincp: + - if (!-f $request_filename): + - rewrite: ^/admincp/?(.*)$ /index.php?routestring=admincp/$1 last + - location ~ \.php$: + - if (!-f $request_filename): + - rewrite: ^/(.*)$ /index.php?routestring=$1 break + - fastcgi_split_path_info: ^(.+\.php)(.*)$ + - fastcgi_pass: phpfastcgi + - fastcgi_index: index.php + - fastcgi_param: SCRIPT_FILENAME $document_root$fastcgi_script_name + - include: fastcgi_params + - fastcgi_param: QUERY_STRING $query_string + - fastcgi_param: REQUEST_METHOD $request_method + - fastcgi_param: CONTENT_TYPE $content_type + - fastcgi_param: CONTENT_LENGTH $content_length + - fastcgi_intercept_errors: 'on' + - fastcgi_ignore_client_abort: 'off' + - fastcgi_connect_timeout: 60 + - fastcgi_send_timeout: 180 + - fastcgi_read_timeout: 180 + - fastcgi_buffers: 256 16k + - fastcgi_buffer_size: 32k + - fastcgi_temp_file_write_size: 256k + - upstream phpfastcgi: + - server: unix:/run/php-fpm/{{vhost}}.sock + enabled: True + +# configure host-specific parameters for vbulletin in pillar/id/*.sls +vbulletin: + config: + Database: + dbname: webforums5 + technicalemail: admin-auto@opensuse.org + tableprefix: vb_ + MasterServer: + servername: 192.168.47.4 + port: 3307 + username: vbulletin + # password provided as a secret + Mysqli: + charset: Latin1 + SpecialUsers: + canviewadminlog: '1,5' + canpruneadminlog: '1,5' + canrunqueries: '1,5' + undeletableusers: '1' + superadmins: '1,431,740,783,5442,105475' + Misc: + maxwidth: 2592 + maxheight: 1944 + +zypper: + packages: + php7-fpm: {} + php7-mysql: {} + php7-gd: {} + php7-json: {} + php7-xmlreader: {} + php7-xmlwriter: {} + php7-mbstring: {} + php7-iconv: {} + php7-imagick: {} + php7-curl: {} + php7-ctype: {} + php7-phar: {} + php7-opcache: {} + php7-tokenizer: {} + php7-zlib: {} + diff --git a/pillar/secrets/role/web_forum.sls b/pillar/secrets/role/web_forum.sls new file mode 100644 index 0000000..45b8a27 --- /dev/null +++ b/pillar/secrets/role/web_forum.sls @@ -0,0 +1,84 @@ +#!yaml|gpg + +vbulletin: + config: + MasterServer: + password: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+NrwgSJSbzEG9l9JDHfOqgTRfXXPGgD82zM0uMUIClRQM + 9W0DL4vSesG6og4M1YSnoOiuwuu2JlX4qcMDywc5RMmHpbrjACbFI+QTrL6yx4Nt + AzIOMUZJIU1t/9/spqt25utpfEl01CePae2e93VBxgfDVbkWS4a4TDIPTaGsMlSK + otBEWaUwVjPc6YbYehlCklWKkYG1HAm2lbI7cINYsteWRcE0zCPIsBzi81ydjyBO + PspSAwI1+GGPsgPKdWRNQfpc8mWD8+1ThRAb/nhBI/9TqCpt+yLTnmE+dEZK+exJ + XMUTsa5iaIqw8HRthuxVINvQcxjGBhauzT9+4nb/drV35s3/q/9dgm0QWzWcyPOr + CcyjJ6LENEISqnfLl+UdOeKaW39RW4Swl2hVMHyN1xyc2CmsIrf3RkZJnvR3VhDg + ptoS4Cva4EhcSMsYTT62lLp8t2ZcO4uzbQ8te260Gc2wa85ogmenLQw6OnPiYR4t + J++jZCXZOHebaIFTbbh/lIJ2UGxJjsspqiS7rCJ3neonajh0s6o8H9johbbo+t/d + qWR+jW7Xa9LKc/NIlJ4IXLJbZWAxtkFZPv/jx9LxYg/yRo2A26fh4upx1sF0ziF0 + JfQSAus+TO4lF9uRM+B3TCHMDJBppaaX9Lio5SiVaQ6x44/QfT1OKesmVkqCkVMP + /Ri5NEabHQmB3dKXp/JK2voaJIksF/3UvR8UEmw5Xhc/9mT8NBVtbytb3V41ZVhd + eRYO1b0hXBGicxbgKuKrIpUlPSDxNUX+Xie5iYA5i6ePsamg3Hulvz8lr4w/Z5O5 + zJOowZdEklBhFokHRs0wiBvOedXTGMZY9UKQjHNVHhCRO70dTYU9ayAL9oJtge1B + ugqk89k0Nr7r6AM6q+MPqa8kMMOOOdMcMZYZCIhKc9hkTPtotctOFWTfgFKOrJAT + iQK9u6FZk3RlIZP2JipY92sF/YzQDop5Fr7LfPbU9lEx2x31L/t1kdO95roFGoE/ + vuZwjVGI/wNTMWNQR0ODeHCB6ZrUqpANlDNCXhC2LiYdYCxVuEnjWtEo8/d+kymA + c3rRCR3Yei4UnNKWAcoQshzPh8SK+8aC3ordb+hVavG8sMkaU7nizYhRp6qsmPs+ + 90CKqeJdz1KFR0QxksVCTMgNYPKQpN6f3kUx//QIAtsC3WGIPi6gB3mfikhRKsMk + fzwzLn1ZR6+u+hFtzk4IVTL8LOnApabX/RVmMkHz1BDBny5YGaw9mkxxDy5W+UR2 + 5cbcFgAA36vk9WmL7oNv5q+1gVEaNG3bNUPqHKiy9hPTOKeE0MtfIfqvdF5L/UP9 + Q9SE14LOYlDMc+hDeASpypaxTs7tWNP4nPb+23vzY0X/hQIMA8amgupjyC8cARAA + ws9rZ+6cp+T8iTfcCwubKe8mFbXEnxktP2FSwkL7MRVHbe59302yH/se/+dpzzxp + 5Z+OGsVcRrNf8MuXjsmd9Zs0fzLDcp+nNBb40u9w8Ruq84l2EkJtGMrbw9AFvtZx + fZBEhdGu4Hbq2/S7u9lqZVczzj0lXo6EzieYMnksdal+t0jRyp8ozjkZ/RenDllS + vwnGCikBk0WCwkb6aug/Q0d2zQwcg8tpjAavZTP09e+St4EQKtliC8TEH2nzMJnE + c8eeNNDl4hsYJIkZX9aMxhFCSyn8wBUks768Clmj9KZR/fBnIhtJqIaU4o/RM5EK + NKgMskjfIuzdEZISZDdMIeAncr7P6phYzTnzJCHA5Sf35aal/Bk4Nrl33154wXc/ + G4OOFd474wk0N1++/gKOLbsXg7+R3DA9EOPW5nJXTkPYGt0oUFUI2TqPhU5TnI7R + KjEMO6ZqgKdrVug32SmLjuagV6HNQKrCqar/9z9dRJEAzu5oC/jkpd2osNMfeoLt + 9VfgFr5zXpCSUJzFGbfJ9UFhq4C754KscgMwP70bPNMwj1w+ykIAHEkpsJ1wDagp + bK3yhafyKXiWyQ/Rw/FyFZe00McCOGK1qT/L86e2q4VJ4YWt5RH+Mdh9ZkarmWae + pge+hwwbfIxd9myBlJyKW1TXPdQi7NOURfRg8dpCvr+FAQ4DslgfDDfB4G8QA/9G + Ho3hNptff9UOA9//PFmUMY8X9LryGHEOp0f8sTUa3mZzcJmsR1eU6lyDM1GTXM39 + xvG+O08o8Wf3ctlme/bYDr8ssK++bExXqQwRPTm3cft7uZ2ZAnMTaQNxcRw2hVFQ + AvFbZgiKH0AmR1/SIvyqWsNQZ/IuOPxvDIKiIwCM7wQAkdPiUuTNpCLlPtYAtS0U + ApDtc16MKx7HGbEY15kIs0REElRJgGf63WXymzCaV1wvCO5CT/86jgDPMbtjd5y2 + TNzxXNZ3T0hq+KIiCMViMUO8YZstoe/b4tVD3fFmDu8gPMZpKyDystd0s3ZITNQc + Nenx8Aj3ZwKYafXxrqyWnUKFAg4DiLcKbyvsTOYQB/sGK3YLqW03LckqcW6UPDib + l8k2zHX1ZPG5uQC0nCrW0ojqXq5nGBg15ZWm25Er8D9kXQLp02m5pDVzVpHhOTvZ + xemi1PdXUNch4qMDyDG6MLU3LOHGZ9Rq30H/q6xwpxHYs1o2fotnvUz+cFwjgEF9 + 8nowRHp3RJAtp0bC0FyTPZ5hLAZ3y4UMdvpPBIEdxLP3dX+BN+wnqovYnkiPdu5V + 4TCSbwdMab+aAAkWhVSOcMeUkalcJdB/v24b+N+N64iCQbC67oelKUrYI8LANJkM + 0bt8IXDjVxbMQaX/PBM2bkbDwjYpD5m7UBMZqu4g+PV78LlgJGGk7LNnJf7mGkxY + CACigFvQF1pc7N+69EoRrKOBaMKzH9zWvEHEVeoJ3ne+d7jPJiqNfyfMP/GInWFH + I8n4R1uV4KKF6VPfI7lKAC0PLNMaoM4Po3A4frCOj6jqZxKrRjLhoh/1CO8ER3Vj + 6SgypQTx1FBEgL9eLhs0k1rYEXs/LPBN5ScolC2kw2YWsk6fnC3xlH1z/h28SEGt + VdAHxjeOHfgdpbYMKcqWJ307FCkrGVHIDF6AaDiMHwMkxRFjZSZQMGWKN2iPvXiK + JOwrH+JjKn2yoZjG/mBcUxtIwFk+I+fuNgDxPMmkELZ5V3C1mh5Zx6UOzhdqFbTV + iaWWjqgl/L5sZ18Lv9oKqwDwhQIMA3GiBwULdMTdARAAgw4IlXr39O82xevKOVti + JJXZJMqemEN7pucu15a2oLXJM2PUSZUc2kxHW84WFbKEqVFXuAluxAQ3Qyktvjrw + Pfzx8V977oeJh038CFRbgtJU+q/tvbwgPXH6WJHNhZgndr0VPrSKtm2Bg80z52Tl + 8C6+vKS3eE/Ce0VcN4hgh8KzmV4aVQEevKn0CmDMC8ZMA99S2tdIR9pgfuKQb5Bv + GrgcNQDoryYEdt/NQu4dmhecT9XIlWAe150ilSk5q19Yu+ifdYJahFfqMMItgULd + w8nJdTiDGpiMumg8t4pmf/8IL1jq6katoHxop/FRtTz7tm/uLsrORe3QYIxjRgye + Q1NQC3TYa0QD+uT4hNOQ/wI0hk/hJFckqeNFdlOH1pb1qvQTxQNCFOUzaZbUsTGL + 4S0mLPEd28yWavg4FijERmpJ+mBCZ57FWCEQ/iTPFaowNTzRXi9vnb075NYzVskw + m33ZcJ7R8Hmlhjkvd7Qv2n+7Tsn2UHFJC16zWAWFAaHKbuOJhreH49XBHa2pOe1K + Jv/AmgkgNcjTZBYdo3Dc55LJNGptLUNSfQvDd1dbXy16UCasl4y0VhO3VhBSXNis + xGZej5rW2jywyLtWetlvUgLGH7Znxk4jtSCtnVJex8vXPCIVkXZepGdckGTeK4eX + 1dDPxVgb+knExgDXOVhX2cWFAgwDrPDOChusaZEBD/4vj9P46ilDx05kjcrdlXSB + PgnLc1Ne+Emc7mNRCSDAMBk038MVXflg7rLCDwHowtgk3ptkPDFeXe8guTw2dgws + loVwCWfIngefxqnxkc9sc8U1fgs8fCDD9+ZO7drmw3eU/DScvp8/TGYlEwpm/bAG + RWRt7GV2efXjC8fE2eEFAa3IydclAPzNddT9lC95ezOA3wec38i8/JJryfObc6Vl + Pdp2Sy7n6h43uaVbggJ28OiV6t5ROmaSYZOUVQmlcIfl5F0kQDSHNaN39GEmg8Kn + 0EyHc4NveRTG4M5GPekpgI7bRHHLV0I33wlDp+ems1rXLh/FkYnuWk9ffQ2xthz+ + m5du5CB0JRXiZaF2UvZpS9cdS/c8d6JeuEesjfZQ/lWUW4IXLnacygurt8JXq2JF + Kw+iT6jjy0JrQgB0j/yvPt4idssbgyZvIodWg6GGgLar6Wbsc04lDYs8wuetwHUV + BsMjjoUzXlrhPsEaBYt26r0zCHGDhHDXXTC2iOSMxnkGIUMwHije+GpDuZPYqarN + vohEBgHyEYmExittmCo/hPj1aablCAVKgl/s90DzTFckllIYZ0QK0JB/ccRyq/AN + oSGv4GiCxmOAKfdTsJ7rQY2mrDmoMwrIjAS8Qpp1BjI30g/sPuFOV62VqKk90cTf + zcJ5F6AToVarWPkUiMgo7dJQAWoEeUr46f+VZpYFrZVQPlAqQ/+/BcuzMqhqaHc0 + zuh+Bp2c+JCNHE2C5/kIVkvt/c+v69Kk7SzG8rONuFrE6r6Smbac1yGcT45ZWH8x + YyA= + =Juqz + -----END PGP MESSAGE----- diff --git a/salt/profile/vbulletin/files/db-tweak.sql b/salt/profile/vbulletin/files/db-tweak.sql new file mode 100644 index 0000000..cecec62 --- /dev/null +++ b/salt/profile/vbulletin/files/db-tweak.sql @@ -0,0 +1,6 @@ +grant all on VB.* to '{{username}}'@'{{host}}' identified by '{{password}}'; + +update vb_setting set value='{{bburl}}' where varname='bburl'; +update vb_setting set value='{{frontendurl}}' where varname='frontendurl'; + +update vb_setting set value=1 where varname='bburl_basepath'; diff --git a/salt/profile/vbulletin/files/fpm-listener.conf b/salt/profile/vbulletin/files/fpm-listener.conf new file mode 100644 index 0000000..d8414db --- /dev/null +++ b/salt/profile/vbulletin/files/fpm-listener.conf @@ -0,0 +1,11 @@ +[{{name}}] +user = {{user}} +listen = /run/php-fpm/{{name}}.sock +listen.group = {{ listen_group | default(user) }} + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 20 + diff --git a/salt/profile/vbulletin/files/vb_test.php b/salt/profile/vbulletin/files/vb_test.php new file mode 100644 index 0000000..1769591 --- /dev/null +++ b/salt/profile/vbulletin/files/vb_test.php @@ -0,0 +1,406 @@ + + +
+ + ++ | vBulletin Server Test Script vBulletin Website |
+
+
|
vBulletin 5 should run on your system though there may be reduced functionality, click the link(s) above for more information
'; + } + else + { + echo 'vBulletin5 will not run on your system, please click the link(s) above for more information.
'; + } + } +/*======================================================================*\ +|| #################################################################### +|| # CVS: $RCSfile$ - $Revision: 105451 $ +|| #################################################################### +\*======================================================================*/ +?> + + diff --git a/salt/profile/vbulletin/init.sls b/salt/profile/vbulletin/init.sls new file mode 100644 index 0000000..350b17f --- /dev/null +++ b/salt/profile/vbulletin/init.sls @@ -0,0 +1,13 @@ +# NOTE: +# The vb5 binaries must be uploaded to the target host, and made available at +# +# /root/vb5_connect.zip +# +# before running state.apply + +include: + - profile.vbulletin.php-fpm +{% if salt['file.file_exists']('/root/vb5_connect.zip') %} + - profile.vbulletin.setup + - profile.vbulletin.tools +{% endif %} diff --git a/salt/profile/vbulletin/php-fpm.sls b/salt/profile/vbulletin/php-fpm.sls new file mode 100644 index 0000000..b856755 --- /dev/null +++ b/salt/profile/vbulletin/php-fpm.sls @@ -0,0 +1,34 @@ +/etc/php7/fpm/php.ini: + file.managed: + - contents: + - memory_limit = 192M + - opcache.enable=1 + - opcache.interned_strings_buffer=8 + - opcache.max_accelerated_files=10000 + - opcache.memory_consumption=128 + - opcache.save_comments=1 + - opcache.revalidate_freq=1 + +/etc/php7/fpm/php-fpm.conf: + file.managed: + - contents: + - pid = run/php-fpm.pid + - error_log = syslog + - syslog.ident = fpm + - log_level = notice + - include=/etc/php7/fpm/php-fpm.d/*.conf + +/etc/php7/fpm/php-fpm.d/forums.conf: + file.managed: + - source: salt://profile/vbulletin/files/fpm-listener.conf + - template: jinja + - context: + name: forums + user: nginx + +php-fpm: + service.running: + - enable: True + - watch: + - file: /etc/php7/fpm/* + diff --git a/salt/profile/vbulletin/setup.sls b/salt/profile/vbulletin/setup.sls new file mode 100644 index 0000000..a2cae5c --- /dev/null +++ b/salt/profile/vbulletin/setup.sls @@ -0,0 +1,57 @@ +/srv/www/vhosts/forums: + file.directory: + - user: root + - group: nginx + - dir_mode: 750 + - makedirs: True + archive.extracted: + - source: /root/vb5_connect.zip + - keep_source: False + - enforce_toplevel: False + - trim_output: True + +/srv/www/vhosts/forums/htdocs: + file.copy: + - source: /srv/www/vhosts/forums/upload + - preserve: True + - user: root + - group: nginx + - mode: 644 + +/srv/www/vhosts/forums/htdocs/.htaccess: + file.rename: + - source: /srv/www/vhosts/forums/htdocs/htaccess.txt + +/srv/www/vhosts/forums/htdocs/config.php: + file.rename: + - source: /srv/www/vhosts/forums/htdocs/config.php.bkp + +/srv/www/vhosts/forums/htdocs/core/includes/config.php: + file.rename: + - source: /srv/www/vhosts/forums/htdocs/core/includes/config.php.new + +{% for key1, values in pillar.vbulletin.config.items() %} +{% for key2, value in values.items() %} + +configure vBulletin {{key1}}-{{key2}}: + file.line: + - name: /srv/www/vhosts/forums/htdocs/core/includes/config.php + - match: "^(// )?\\$config\\['{{key1}}']\\['{{key2}}']" + - content: "$config['{{key1}}']['{{key2}}'] = '{{value}}';" + - mode: replace + +{% endfor %} +{% endfor %} + +/srv/www/vhosts/forums/htdocs/core/includes/md5_sums_vbulletin.php: + file.managed: + - mode: 444 + - create: no + - replace: no + +/srv/www/vhosts/forums/htdocs/core/cache/css: + file.directory: + - user: nginx + - recurse: + - user + diff --git a/salt/profile/vbulletin/tools.sls b/salt/profile/vbulletin/tools.sls new file mode 100644 index 0000000..a6199a5 --- /dev/null +++ b/salt/profile/vbulletin/tools.sls @@ -0,0 +1,36 @@ +# NB: do not enable these tools in production + +{% set tools = salt['pillar.get']('vbulletin:tools', False) %} + +{% if tools %} +/srv/www/vhosts/forums/htdocs/vb_test.php: + file.managed: + - source: salt://profile/vbulletin/files/vb_test.php +{% else %} + file.absent +{% endif %} + +{% if tools %} +/srv/www/vhosts/forums/htdocs/info.php: + file.managed: + - contents: "" +{% else %} + file.absent +{% endif %} + +{% if tools %} +/srv/www/vhosts/forums/db-tweak.sql: + file.managed: + - source: salt://profile/vbulletin/files/db-tweak.sql + - template: jinja + - defaults: + host: {{ pillar.vbulletin.config.MasterServer.servername }} + username: {{ pillar.vbulletin.config.MasterServer.username }} + password: {{ pillar.vbulletin.config.MasterServer.password }} + bburl: {{ grains.weburls[0] ~ '/forum' }} + frontendurl: {{ grains.weburls[0] }} +{% else %} + file.absent +{% endif %} + + diff --git a/salt/role/web_forum.sls b/salt/role/web_forum.sls new file mode 100644 index 0000000..4db44b7 --- /dev/null +++ b/salt/role/web_forum.sls @@ -0,0 +1,3 @@ +include: + - profile.web.server.nginx + - profile.vbulletin