diff --git a/.gitmodules b/.gitmodules index 3c43375..a28e022 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "app-vmmgr"] path = apk/vmmgr url = ssh://git@git.spotter.cz:2222/Spotter-Cluster/vmmgr.git +[submodule "spoc"] + path = apk/spoc + url = ssh://git@git.spotter.cz:2222/Spotter-Cluster/spoc.git diff --git a/apk/acme-sh/APKBUILD b/apk/acme-sh/APKBUILD deleted file mode 100644 index 72ee413..0000000 --- a/apk/acme-sh/APKBUILD +++ /dev/null @@ -1,28 +0,0 @@ -# Contributor: Disassembler -# Maintainer: Disassembler -pkgname=acme-sh -pkgver=2.8.1 -pkgrel=0 -pkgdesc="A pure Unix shell ACME protocol client" -url="https://github.com/Neilpang/acme.sh" -arch="noarch" -license="GPL" -_commit=09bce5e6d6be6b97b3c843b815087874e3e44a21 -source="${pkgname}-${pkgver}.tar.gz::https://github.com/Neilpang/acme.sh/archive/${_commit}.tar.gz" -builddir="${srcdir}/acme.sh-${_commit}" -options="!check" - -build() { - return 0 -} - -package() { - mkdir -p ${pkgdir}/usr/bin - mkdir -p ${pkgdir}/etc/acme.sh.d - mkdir -p ${pkgdir}/etc/periodic/daily - sed 's|$HOME/.$PROJECT_NAME|/etc/acme.sh.d|' ${builddir}/acme.sh > ${pkgdir}/usr/bin/acme.sh - chmod +x ${pkgdir}/usr/bin/acme.sh - cp ${startdir}/source/acme-sh ${pkgdir}/etc/periodic/daily/ -} - -sha512sums="b2d3d1c3f0ba1d57f40373aa430f53b8398e3798cadb4ab6bc376c9c70edda08cda4380bc8fe9fd272b9e02bd9f763de0a399aeeb5ea8d1a2e8ff5b1d8cef86a acme-sh-2.8.1.tar.gz" diff --git a/apk/acme-sh/source/acme-sh b/apk/acme-sh/source/acme-sh deleted file mode 100644 index 94303b8..0000000 --- a/apk/acme-sh/source/acme-sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -# Sleep randomly up to 1hr to avoid peak on ACME server -/bin/sleep $(/usr/bin/shuf -i 60-3600 -n 1) -/usr/bin/acme.sh --cron >/dev/null diff --git a/apk/gdal/APKBUILD b/apk/gdal/APKBUILD deleted file mode 100644 index 7ba80dd..0000000 --- a/apk/gdal/APKBUILD +++ /dev/null @@ -1,76 +0,0 @@ -# Contributor: Trevor R.H. Clarke -# Maintainer: Trevor R.H. Clarke -pkgname=gdal -pkgver=2.4.0 -pkgrel=1 -pkgdesc="A translator library for raster and vector geospatial data formats" -url="http://gdal.org" -arch="x86 x86_64" -license="MIT" -depends="" -depends_dev="gdal" -makedepends=" - curl-dev - geos-dev - giflib-dev - jpeg-dev - libjpeg-turbo-dev - libpng-dev - linux-headers - postgresql-dev - python2-dev - sqlite-dev - swig - tiff-dev - zlib-dev - " -subpackages=" - $pkgname-dev - py-$pkgname:py - " - -source="http://download.osgeo.org/$pkgname/$pkgver/$pkgname-$pkgver.tar.xz" -builddir="$srcdir/$pkgname-$pkgver" - -build() { - cd "$builddir" - - ./configure --prefix=/usr \ - --with-curl=/usr/bin/curl-config - make - - cd swig/python - python2 setup.py build -} - -package() { - cd "$builddir" - - make DESTDIR="$pkgdir" install - chmod -x "$pkgdir"/usr/include/*.h -} - -py() { - pkgdesc="$pkgname (python bindings)" - - cd "$builddir"/swig/python - python2 setup.py install --prefix=/usr --root="$subpkgdir" - - chmod a+x scripts/* - install -d "$subpkgdir"/usr/bin - install -m755 scripts/*.py "$subpkgdir"/usr/bin/ -} - -check() { - # TODO: https://trac.osgeo.org/gdal/wiki/TestingNotes - - cd "$builddir" - apps/gdal-config --version | grep "$pkgver" - - # confirms MBTiles support - apps/gdal_translate --formats | grep "MBTiles -raster,vector- (rw+v): MBTiles" - - # confirms PostgreSQL/PostGIS support - apps/ogr2ogr --formats | grep "PostgreSQL -vector- (rw+): PostgreSQL/PostGIS" -} -sha512sums="d4eb6535043b1495f691ab96aa8087d9254aa01efbc57a4051f8b9f4f6b2537719d7bf03ff82c3f6cfd0499a973c491fa9da9f5854dbd9863a0ec9796d3642bb gdal-2.4.0.tar.xz" diff --git a/apk/geos/APKBUILD b/apk/geos/APKBUILD deleted file mode 100644 index 5c7c097..0000000 --- a/apk/geos/APKBUILD +++ /dev/null @@ -1,55 +0,0 @@ -# Contributor: Eric Kidd -# Maintainer: -pkgname=geos -pkgver=3.7.1 -pkgrel=0 -pkgdesc="GEOS is a library providing OpenGIS and JTS spatial operations in C++." -url="https://trac.osgeo.org/geos/" -# test fails on other archs -arch="x86 x86_64" -license="LGPL-2.1" -makedepends="swig python2-dev" -subpackages="py-$pkgname:py $pkgname-dev" -source="http://download.osgeo.org/geos/geos-$pkgver.tar.bz2" -builddir="$srcdir/$pkgname-$pkgver" - -build() { - cd "$builddir" - - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --sysconfdir=/etc \ - --mandir=/usr/share/man \ - --localstatedir=/var \ - --enable-python - - # --enable-ruby produces a gem which crashes, and which seems to - # mostly ignored in favor of the rgeo and ffi-geos modules, anyway. - - make -} - -check() { - cd "$builddir" - - make check -} - -package() { - cd "$builddir" - - make DESTDIR="$pkgdir" install - install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING -} - -py() { - pkgdesc="$pkgname Python bindings" - - cd "$builddir" - install -d "$subpkgdir"/usr/lib - mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/ -} - -sha512sums="01e8087bcd3cb8f873adb7b56910e1575ccb3336badfdd3f13bc6792095b7010e5ab109ea0d0cd3d1459e2e526e83bcf64d6ee3f7eb47be75639becdaacd2a87 geos-3.7.1.tar.bz2" diff --git a/apk/lxc/APKBUILD b/apk/lxc/APKBUILD new file mode 100644 index 0000000..0aa8562 --- /dev/null +++ b/apk/lxc/APKBUILD @@ -0,0 +1,178 @@ +# Contributor: Łukasz Jendrysik +# Contributor: Jakub Jirutka +# Maintainer: Natanael Copa +pkgname=lxc +pkgver=3.2.1 +_pkgver=${pkgver/_rc/.rc} +pkgrel=2 +pkgdesc="Userspace interface for the Linux kernel containment features" +url="https://linuxcontainers.org/lxc/" +arch="all" +license="GPL-2.0-only" +makedepends=" + libcap-dev + libcap-static + libseccomp-dev + linux-pam-dev + linux-headers + bsd-compat-headers + docbook2x + + automake + autoconf + libtool + " + +options="suid" +subpackages=" + $pkgname-dev + $pkgname-doc + $pkgname-openrc + $pkgname-lvm::noarch + $pkgname-libs + $pkgname-bridge::noarch + $pkgname-bash-completion:bashcomp:noarch + $pkgname-pam + $pkgname-download:_download:noarch + $pkgname-templates-oci:templates_oci:noarch + $pkgname-templates::noarch + " + +source="https://linuxcontainers.org/downloads/lxc/lxc-$_pkgver.tar.gz + cgroups-initialize-cpuset-properly.patch + network-restore-ability-to-move-nl80211-devices.patch + execute-attach-user-group.patch + attach-returncode.patch + lxc.initd + lxc.confd + " + +# secfixes: +# 3.1.0-r1: +# - CVE-2019-5736 +# 2.1.1-r9: +# - CVE-2018-6556 +# + +_tmpldir="usr/share/lxc/templates" + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --disable-apparmor \ + --enable-pam \ + --with-distro=alpine \ + --disable-werror \ + --enable-doc + make +} + +check() { + make check +} + +package() { + make DESTDIR="$pkgdir" install + + install -Dm755 "$srcdir"/lxc.initd "$pkgdir"/etc/init.d/lxc + install -Dm644 "$srcdir"/lxc.confd "$pkgdir"/etc/conf.d/lxc + install -d "$pkgdir"/var/lib/lxc + + # Remove useless config for SysVinit. + rm -r "$pkgdir"/etc/default +} + +lvm() { + pkgdesc="LVM support for LXC" + depends="$pkgname=$pkgver-r$pkgrel lvm2 util-linux" + install_if="$pkgname=$pkgver-r$pkgrel lvm2" + mkdir "$subpkgdir" +} + +_py3() { + pkgdesc="Python3 module for LXC" + depends="python3" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/python3.* "$subpkgdir"/usr/lib +} + +_download() { + pkgdesc="LXC container image downloader template" + depends="$pkgname gnupg1 tar wget" + + mkdir -p "$subpkgdir"/$_tmpldir + mv "$pkgdir"/$_tmpldir/lxc-download "$subpkgdir"/$_tmpldir/ +} + +templates() { + pkgdesc="Templates for LXC (except alpine and download)" + depends="tar" + mkdir -p "$subpkgdir"/$_tmpldir + mv "$pkgdir"/$_tmpldir/* "$subpkgdir"/$_tmpldir/ +} + +templates_oci() { + pkgdesc="OCI Template for LXC" + depends="bash jq" + mkdir -p "$subpkgdir"/usr/share/lxc/templates + mv "$pkgdir"/usr/share/lxc/templates/lxc-oci \ + "$subpkgdir"/usr/share/lxc/templates/ +} + +pam() { + pkgdesc="PAM module for LXC" + mkdir -p "$subpkgdir"/lib/security + mv "$pkgdir"/lib/security/pam_cgfs.so "$subpkgdir"/lib/security/ +} + +dev() { + default_dev + # fix abuild smartness + mv "$subpkgdir"/usr/bin/lxc-config "$pkgdir"/usr/bin/ + mv "$subpkgdir"/usr/bin/lxc-update-config "$pkgdir"/usr/bin/ +} + +bridge() { + depends="dnsmasq" + pkgdesc="Bridge interface for LXC with dhcp" + mkdir -p "$subpkgdir"/etc/conf.d \ + "$subpkgdir"/etc/init.d \ + "$subpkgdir"/etc/lxc + + ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.lxcbr0 + cat >>"$subpkgdir"/etc/conf.d/dnsmasq.lxcbr0 <<- EOF + rc_before="lxc" + BRIDGE_ADDR="10.0.3.1" + BRIDGE_NETMASK="255.255.255.0" + BRIDGE_NETWORK="10.0.3.0/24" + BRIDGE_DHCP_RANGE="10.0.3.2,10.0.3.254" + BRIDGE_DHCP_MAX="253" + BRIDGE_MAC="00:16:3e:00:00:00" + DNSMASQ_CONFFILE="/etc/lxc/dnsmasq.conf" + EOF + cat >>"$subpkgdir"/etc/lxc/dnsmasq.conf <<- EOF + #dhcp-host=somehost,10.0.3.3 + #dhcp-host=otherhost,10.0.3.4 + EOF +} + +bashcomp() { + depends="" + pkgdesc="Bash completions for $pkgname" + install_if="$pkgname=$pkgver-r$pkgrel bash-completion" + mkdir -p "$subpkgdir"/usr/share/bash-completion/completions + mv "$pkgdir"/etc/bash_completion.d/$pkgname "$subpkgdir"/usr/share/bash-completion/completions + rmdir "$pkgdir"/etc/bash_completion.d +} + +sha512sums="4b3046fc6c4aa497fb26bd45839e60de503184af86d3966e796d14e619203536b9a9ed67bdcd8a108cf1a548f8d095fb46dff53094a08abd8d268c866db685c0 lxc-3.2.1.tar.gz +2bebe6cc24987354b6e7dc9003c3a4df450ca10263e6dc0e9313977fdfc2eb57c0d68560da4d1071c8de2f8e3e394ed3ca17af445bea524daa5f8ae8955b3ba6 cgroups-initialize-cpuset-properly.patch +d302b7296918680901d034dc12ae0687dbbc65766800a9f7256e661f638d3dcad66bcc737aec2c6de8c27d3b9c08833e00420c2064f356d6d73efda9ae9bd707 network-restore-ability-to-move-nl80211-devices.patch +a26cd718760e73309a686242b03c5de5ceff17ab9c348438cd19d2d875696e5c788f0e04d66dd01e08449754c14ce2b7cc1dfc1bac2a64429ccf4462f8aa93a5 execute-attach-user-group.patch +565b7c1774b19f66cc3435557325b75c85203bae4e53db1677580f4b93c4fb2db7f9bd9dd02b956b18bc2730b8645984e790f27162510d642ce7647df21febc0 attach-returncode.patch +b74ffe7c3e8f193265a90ffeb6e5743b1212bc1416b898e5a7e59ddd7f06fc77dc34e2dcbb3614038ac6222a95e2b9beb9f03ab734c991837203ab626b1b091f lxc.initd +91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467 lxc.confd" diff --git a/apk/lxc/attach-returncode.patch b/apk/lxc/attach-returncode.patch new file mode 100644 index 0000000..db9ea4f --- /dev/null +++ b/apk/lxc/attach-returncode.patch @@ -0,0 +1,15 @@ +--- a/src/lxc/tools/lxc_attach.c ++++ b/src/lxc/tools/lxc_attach.c +@@ -385,10 +385,9 @@ + ret = lxc_wait_for_pid_status(pid); + if (ret < 0) + goto out; +- +- if (WIFEXITED(ret)) +- wexit = WEXITSTATUS(ret); + } ++ if (WIFEXITED(ret)) ++ wexit = WEXITSTATUS(ret); + + out: + lxc_container_put(c); diff --git a/apk/lxc/cgroups-initialize-cpuset-properly.patch b/apk/lxc/cgroups-initialize-cpuset-properly.patch new file mode 100644 index 0000000..4096ba4 --- /dev/null +++ b/apk/lxc/cgroups-initialize-cpuset-properly.patch @@ -0,0 +1,33 @@ +From b31d62b847a3ee013613795094cce4acc12345ef Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sun, 28 Jul 2019 23:13:26 +0200 +Subject: [PATCH] cgroups: initialize cpuset properly + +Closes #3108. +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 7b8fe6736f..c29c0958e9 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -496,12 +496,12 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized) + } + + if (!flipped_bit) { +- DEBUG("No isolated or offline cpus present in cpuset"); +- return true; ++ cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); ++ TRACE("No isolated or offline cpus present in cpuset"); ++ } else { ++ cpulist = move_ptr(posscpus); ++ TRACE("Removed isolated or offline cpus from cpuset"); + } +- DEBUG("Removed isolated or offline cpus from cpuset"); +- +- cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); + if (!cpulist) { + ERROR("Failed to create cpu list"); + return false; diff --git a/apk/lxc/execute-attach-user-group.patch b/apk/lxc/execute-attach-user-group.patch new file mode 100644 index 0000000..a0dd700 --- /dev/null +++ b/apk/lxc/execute-attach-user-group.patch @@ -0,0 +1,53 @@ +--- a/src/lxc/tools/lxc_attach.c ++++ b/src/lxc/tools/lxc_attach.c +@@ -153,6 +153,8 @@ + .checker = NULL, + .log_priority = "ERROR", + .log_file = "none", ++ .uid = LXC_INVALID_UID, ++ .gid = LXC_INVALID_GID, + }; + + static int my_parser(struct lxc_arguments *args, int c, char *arg) +@@ -366,10 +368,10 @@ + goto out; + } + +- if (my_args.uid) ++ if (my_args.uid != LXC_INVALID_UID) + attach_options.uid = my_args.uid; + +- if (my_args.gid) ++ if (my_args.gid != LXC_INVALID_GID) + attach_options.gid = my_args.gid; + + if (command.program) { +--- a/src/lxc/tools/lxc_execute.c ++++ b/src/lxc/tools/lxc_execute.c +@@ -84,6 +84,8 @@ + .log_priority = "ERROR", + .log_file = "none", + .daemonize = 0, ++ .uid = LXC_INVALID_UID, ++ .gid = LXC_INVALID_GID, + }; + + static int my_parser(struct lxc_arguments *args, int c, char *arg) +@@ -211,7 +213,7 @@ + if (!bret) + goto out; + +- if (my_args.uid) { ++ if (my_args.uid != LXC_INVALID_UID) { + char buf[256]; + + ret = snprintf(buf, 256, "%d", my_args.uid); +@@ -223,7 +225,7 @@ + goto out; + } + +- if (my_args.gid) { ++ if (my_args.gid != LXC_INVALID_GID) { + char buf[256]; + + ret = snprintf(buf, 256, "%d", my_args.gid); diff --git a/apk/lxc/lxc.confd b/apk/lxc/lxc.confd new file mode 100644 index 0000000..1badcf8 --- /dev/null +++ b/apk/lxc/lxc.confd @@ -0,0 +1,10 @@ +# Configuration for /etc/init.d/lxc[.*] + +# Enable cgroup for systemd-based containers. +#systemd_container=no + +# autostart groups (comma separated) +#lxc_group="onboot" + +# Directory for containers' logs (used for symlinked runscripts lxc.*). +#logdir="/var/log/lxc" diff --git a/apk/lxc/lxc.initd b/apk/lxc/lxc.initd new file mode 100644 index 0000000..aab7147 --- /dev/null +++ b/apk/lxc/lxc.initd @@ -0,0 +1,157 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/files/lxc.initd.2,v 1.5 2012/07/21 05:07:15 flameeyes Exp $ + +extra_started_commands="reboot" + +description="Linux Containers (LXC)" +description_reboot="Reboot containers" + +CONTAINER=${SVCNAME#*.} +: ${lxc_group:=$LXC_GROUP} +: ${systemd_container:=no} +: ${logdir:=/var/log/lxc} + +command="/usr/bin/lxc-start" +pidfile="/var/run/lxc/$CONTAINER.pid" + +depend() { + need localmount sysfs cgroups + after firewall net +} + +lxc_get_configfile() { + local i + for i in /var/lib/lxc/${CONTAINER}/config \ + /etc/lxc/${CONTAINER}.conf \ + /etc/lxc/${CONTAINER}/config; do + if [ -f "$i" ]; then + echo "$i" + return 0 + fi + done + eerror "Unable to find a suitable configuration file." + eerror "If you set up the container in a non-standard" + eerror "location, please set the CONFIGFILE variable." + return 1 +} + +lxc_get_var() { + awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} | cut -d: -f2 +} + +checkconfig() { + if [ ${CONTAINER} = ${SVCNAME} ]; then + CONTAINER= + return 0 + fi + CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)} + + # no need to output anything, the function takes care of that. + [ -z "${CONFIGFILE}" ] && return 1 + + utsname=$(lxc_get_var lxc.uts.name) + if [ "${CONTAINER}" != "${utsname}" ]; then + eerror "You should use the same name for the service and the" + eerror "lxc.uts.name : Right now the lxc.uts.name is set to : ${utsname}" + return 1 + fi +} + +systemd_ctr() { + local cmd="$1" + # Required for lxc-console and services inside systemd containers. + local cgroup=/sys/fs/cgroup/systemd + local mnt_opts='rw,nosuid,nodev,noexec,relatime,none,name=systemd' + + case "$cmd" in + mount) + checkpath -d $cgroup + if ! mount | grep $cgroup >/dev/null; then + mount -t cgroup -o $mnt_opts cgroup $cgroup + fi + ;; + unmount) + if mount | grep $cgroup >/dev/null; then + umount $cgroup + fi + ;; + esac +} + +_autostart() { + ebegin "$1 LXC containers" + shift + lxc-autostart --group "$lxc_group" "$@" + eend $? +} + +start() { + checkconfig || return 1 + if yesno "$systemd_container"; then + systemd_ctr mount + fi + if [ -z "$CONTAINER" ]; then + _autostart "Starting" + return + fi + + rm -f "$logdir"/${CONTAINER}.log + + rootpath=$(lxc_get_var lxc.rootfs.path) + # verify that container is not on tmpfs + dev=$(df -P "${rootpath}" | awk '{d=$1}; END {print d}') + type=$(awk -v dev="$dev" '$1 == dev {m=$3}; END {print m}' /proc/mounts) + if [ "$type" = tmpfs ] && ! yesno "$ALLOW_TMPFS"; then + eerror "${rootpath} is on tmpfs and ALLOW_TMPFS is not set" + return 1 + fi + + checkpath -d -m 750 -o root:wheel $logdir + + checkpath -d ${pidfile%/*} + ebegin "Starting container ${CONTAINER}" + start-stop-daemon --start $command \ + --pidfile $pidfile \ + -- \ + --daemon \ + --pidfile $pidfile \ + --name ${CONTAINER} \ + --rcfile ${CONFIGFILE} \ + --logpriority WARN \ + --logfile $logdir/${CONTAINER}.log \ + || eend $? || return $? + lxc-wait -n ${CONTAINER} -t 5 -s RUNNING + eend $? +} + +stop() { + checkconfig || return 1 + systemd_ctr unmount + + if [ -z "$CONTAINER" ]; then + _autostart "Stopping" --shutdown --timeout ${LXC_TIMEOUT:-30} + return + fi + + ebegin "Stopping container ${CONTAINER}" + start-stop-daemon --stop --pidfile ${pidfile} \ + --retry ${POWEROFF_SIGNAL:-SIGUSR2}/${TIMEOUT:-30} \ + --progress + eend $? +} + +reboot() { + checkconfig || return 1 + if [ -z "$CONTAINER" ]; then + _autostart "Rebooting" --reboot + return + fi + + ebegin "Sending reboot signal to container $CONTAINER" + start-stop-daemon --signal ${RESTART_SIG:-SIGTERM} \ + --pidfile ${pidfile} + eend $? +} + diff --git a/apk/lxc/network-restore-ability-to-move-nl80211-devices.patch b/apk/lxc/network-restore-ability-to-move-nl80211-devices.patch new file mode 100644 index 0000000..965ef89 --- /dev/null +++ b/apk/lxc/network-restore-ability-to-move-nl80211-devices.patch @@ -0,0 +1,91 @@ +From 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 26 Jul 2019 08:20:02 +0200 +Subject: [PATCH] network: restore ability to move nl80211 devices + +Closes #3105. +Signed-off-by: Christian Brauner +--- + src/lxc/network.c | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +diff --git a/src/lxc/network.c b/src/lxc/network.c +index 9755116ba1..7684f95918 100644 +--- a/src/lxc/network.c ++++ b/src/lxc/network.c +@@ -1248,22 +1248,21 @@ static int lxc_netdev_rename_by_name_in_netns(pid_t pid, const char *old, + static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, + const char *newname) + { +- char *cmd; ++ __do_free char *cmd = NULL; + pid_t fpid; +- int err = -1; + + /* Move phyN into the container. TODO - do this using netlink. + * However, IIUC this involves a bit more complicated work to talk to + * the 80211 module, so for now just call out to iw. + */ + cmd = on_path("iw", NULL); +- if (!cmd) +- goto out1; +- free(cmd); ++ if (!cmd) { ++ return -1; ++ } + + fpid = fork(); + if (fpid < 0) +- goto out1; ++ return -1; + + if (fpid == 0) { + char pidstr[30]; +@@ -1274,21 +1273,18 @@ static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, + } + + if (wait_for_pid(fpid)) +- goto out1; ++ return -1; + +- err = 0; + if (newname) +- err = lxc_netdev_rename_by_name_in_netns(pid, ifname, newname); ++ return lxc_netdev_rename_by_name_in_netns(pid, ifname, newname); + +-out1: +- free(physname); +- return err; ++ return 0; + } + + int lxc_netdev_move_by_name(const char *ifname, pid_t pid, const char* newname) + { ++ __do_free char *physname = NULL; + int index; +- char *physname; + + if (!ifname) + return -EINVAL; +@@ -3279,13 +3275,20 @@ int lxc_network_move_created_netdev_priv(struct lxc_handler *handler) + return 0; + + lxc_list_for_each(iterator, network) { ++ __do_free char *physname = NULL; + int ret; + struct lxc_netdev *netdev = iterator->elem; + + if (!netdev->ifindex) + continue; + +- ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL); ++ if (netdev->type == LXC_NET_PHYS) ++ physname = is_wlan(netdev->link); ++ ++ if (physname) ++ ret = lxc_netdev_move_wlan(physname, netdev->link, pid, NULL); ++ else ++ ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL); + if (ret) { + errno = -ret; + SYSERROR("Failed to move network device \"%s\" with ifindex %d to network namespace %d", diff --git a/apk/postgis/APKBUILD b/apk/postgis/APKBUILD deleted file mode 100644 index 52328ee..0000000 --- a/apk/postgis/APKBUILD +++ /dev/null @@ -1,38 +0,0 @@ -# Contributor: Bjoern Schilberg -# Maintainer: Bjoern Schilberg -pkgname=postgis -pkgver=2.5.1 -pkgrel=1 -pkgdesc="PostGIS is a spatial database extender for PostgreSQL object-relational database." -url="https://postgis.net/" -# geos test fails on other archs -arch="x86 x86_64" # fails on x86* -license="GPL-2.0-or-later" -depends="postgresql perl" -makedepends="postgresql-dev geos-dev gdal-dev libxml2-dev proj4-dev perl-dev - json-c-dev pcre-dev" -subpackages="$pkgname-dev $pkgname-doc" -source="http://download.osgeo.org/postgis/source/$pkgname-$pkgver.tar.gz" -options="!check" # tests depends on a running PostgreSQL server - -build() { - cd "$builddir" - - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --disable-gtktest \ - --disable-nls \ - --disable-rpath \ - --without-protobuf - make -j1 -} - -package() { - cd "$builddir" - - make DESTDIR="$pkgdir" install -} - -sha512sums="c6c9c8c5befd945614e92d1062df1d753ca8b7fd69b70226065c2dac77a59783b14ece4da994187079b683ee090ba5a79389ba679f22fce8c20a5afc2c8dfca0 postgis-2.5.1.tar.gz" diff --git a/apk/proj4/APKBUILD b/apk/proj4/APKBUILD deleted file mode 100644 index e6e6240..0000000 --- a/apk/proj4/APKBUILD +++ /dev/null @@ -1,33 +0,0 @@ -# Maintainer: Natanael Copa -pkgname=proj4 -pkgver=5.2.0 -pkgrel=0 -pkgdesc="PROJ.4 - Cartographic Projections Library" -url="https://trac.osgeo.org/proj/" -arch="all" -license="MIT" -options="" -depends="" -makedepends="" -subpackages="$pkgname-doc $pkgname-dev" -source="http://download.osgeo.org/proj/proj-$pkgver.tar.gz - " - -builddir="$srcdir"/proj-$pkgver -build () { - cd "$builddir" - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --without-jni \ - || return 1 - make || return 1 -} - -package() { - cd "$builddir" - mkdir -p $pkgdir/usr/bin - make DESTDIR="$pkgdir" install -} -sha512sums="f773117d22309d4ee8dbedc2a7b6ba27e8cd032e1bd0af3c98f270bf7b7ab3353be0b04d91202a1f137fc45164c8e8a52712bb06281948008160d08f9f9074ba proj-5.2.0.tar.gz" diff --git a/apk/rabbitmq-server/APKBUILD b/apk/rabbitmq-server/APKBUILD index 035729e..f4af932 100644 --- a/apk/rabbitmq-server/APKBUILD +++ b/apk/rabbitmq-server/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Nathan Johnson # Maintainer: Nathan Johnson pkgname=rabbitmq-server -pkgver=3.7.11 -pkgrel=0 +pkgver=3.7.18 +pkgrel=1 pkgdesc="RabbitMQ is an open source multi-protocol messaging broker." url="https://www.rabbitmq.com/" arch="noarch !s390x" @@ -11,10 +11,9 @@ depends="erlang erlang-tools erlang-runtime-tools erlang-stdlib logrotate erlang-ssl erlang-crypto erlang-parsetools erlang-mnesia erlang-sasl erlang-inets erlang-syntax-tools erlang-eldap erlang-xmerl erlang-os-mon erlang-asn1 erlang-public-key" -depends_dev="" -makedepends="$depends_dev erlang-dev python2 py2-simplejson xmlto libxslt +makedepends="$depends_dev erlang-dev python3 py3-simplejson xmlto libxslt rsync zip gawk grep erlang-compiler erlang-erl-docgen - erlang-edoc socat elixir" + erlang-edoc socat erlang-eunit elixir" install="$pkgname.pre-install $pkgname.post-deinstall" pkgusers="rabbitmq" pkggroups="rabbitmq" @@ -22,34 +21,37 @@ subpackages="$pkgname-doc" source=" rabbitmq-server.initd rabbitmq-server.logrotate - https://github.com/rabbitmq/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz + https://github.com/rabbitmq/rabbitmq-server/releases/download/v$pkgver/rabbitmq-server-$pkgver.tar.xz + py3.patch " +options="!check" # test suite broken + +# secfixes: +# 3.7.17: +# - CVE-2015-9251 +# - CVE-2017-16012 +# - CVE-2019-11358 -builddir="$srcdir/${pkgname}-${pkgver}" build() { - cd "$builddir" - make dist manpages + make dist manpages PYTHON=python3 } package() { - cd "$builddir" - make install install-bin install-man DESTDIR="$pkgdir" PREFIX=/usr \ - RMQ_ROOTDIR="/usr/lib/rabbitmq" MANDIR=/usr/share/man + RMQ_ROOTDIR="/usr/lib/rabbitmq" MANDIR=/usr/share/man PYTHON=python3 mkdir -p "$pkgdir"/var/lib/rabbitmq/mnesia mkdir -p "$pkgdir"/var/log/rabbitmq #Copy all necessary lib files etc. install -p -m755 -D "$builddir"/scripts/rabbitmq-server.ocf \ - "$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server || return 1 + "$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server install -p -m755 -D "$builddir"/scripts/rabbitmq-server-ha.ocf \ - "$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server-ha \ - || return 1 + "$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server-ha install -p -m644 -D "$srcdir/"$pkgname.logrotate \ - "$pkgdir"/etc/logrotate.d/rabbitmq-server || return 1 + "$pkgdir"/etc/logrotate.d/rabbitmq-server install -m755 -D "$srcdir"/$pkgname.initd \ - "$pkgdir"/etc/init.d/$pkgname || return 1 + "$pkgdir"/etc/init.d/$pkgname mkdir -p "$pkgdir"/usr/sbin # This is lifted / adapted from the official upstream spec file. @@ -79,4 +81,5 @@ package() { sha512sums="a8bb02a7cae1f8720e5c7aaabfe6a2c0e731cffbe0d8f99bdcb6597daa654dc49e6d41943974601435700cf469eaa8286dc91a3255a6b9023754c3861fbb5cd9 rabbitmq-server.initd b8655cb048ab3b32001d4e6920bb5366696f3a5da75c053605e9b270e771c548e36858dca8338813d34376534515bba00af5e6dd7b4b1754a0e64a8fb756e3f3 rabbitmq-server.logrotate -a54034ebc919be0c6f58832ea5d47f8e3964e30ca9185c59bf882c3dc17d1df5b6e1ab0460f75e8cf0cc325504cc3a674f7cb44a5d7613e16a5ad8b721a286a4 rabbitmq-server-3.7.11.tar.xz" +7ac10172b2a1d282a0fbcfc13e4612b0aaee31c7248616cc16451c9390aabd96d866619336a29c9bb3b4142d2141b5d442a07a49c6bb0a4ea0cdb287dc813c0f rabbitmq-server-3.7.18.tar.xz +7862c8566631aeb8c7756e5c8ea11705546ffcdca6ec9058516f91c2650a21b1bb373879e8eb8a78dc5af808eb1fdf6c8167997ea7feace2de61dfa1fb1e5c8b py3.patch" diff --git a/apk/rabbitmq-server/py3.patch b/apk/rabbitmq-server/py3.patch new file mode 100644 index 0000000..24f3b06 --- /dev/null +++ b/apk/rabbitmq-server/py3.patch @@ -0,0 +1,112 @@ +diff --git a/deps/amqp10_common/codegen.py b/deps/amqp10_common/codegen.py +index dc4480a..d573bcf 100755 +--- a/deps/amqp10_common/codegen.py ++++ b/deps/amqp10_common/codegen.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + from __future__ import print_function + +diff --git a/deps/rabbit_common/codegen.py b/deps/rabbit_common/codegen.py +index 8b81362..70bd7fa 100755 +--- a/deps/rabbit_common/codegen.py ++++ b/deps/rabbit_common/codegen.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ## The contents of this file are subject to the Mozilla Public License + ## Version 1.1 (the "License"); you may not use this file except in +diff --git a/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py b/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py +index 1ae2e80..3e61442 100755 +--- a/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py ++++ b/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + import os + import sys + +diff --git a/deps/rabbitmq_consistent_hash_exchange/README.md b/deps/rabbitmq_consistent_hash_exchange/README.md +index ce1623f..6ff906b 100644 +--- a/deps/rabbitmq_consistent_hash_exchange/README.md ++++ b/deps/rabbitmq_consistent_hash_exchange/README.md +@@ -150,7 +150,7 @@ Executable versions of some of the code examples can be found under [./examples] + This version of the example uses [Pika](https://pika.readthedocs.io/en/stable/), the most widely used Python client for RabbitMQ: + + ``` python +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import pika + import time +@@ -342,7 +342,7 @@ routed to the same **arbitrarily chosen** queue. + #### Code Example in Python + + ``` python +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import pika + import time +@@ -544,7 +544,7 @@ routed to the same **arbitrarily chosen** queue. + #### Code Example in Python + + ``` python +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import pika + import time +diff --git a/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py b/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py +index 6cf67d6..30e43ea 100644 +--- a/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py ++++ b/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import pika + import time +diff --git a/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py b/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py +index 8c1ac15..0099b28 100644 +--- a/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py ++++ b/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import pika + import time +diff --git a/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py b/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py +index 0b74501..c11a4ce 100644 +--- a/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py ++++ b/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + import pika + import time +diff --git a/deps/rabbitmq_management/bin/rabbitmqadmin b/deps/rabbitmq_management/bin/rabbitmqadmin +index 55173cb..04c0c12 100755 +--- a/deps/rabbitmq_management/bin/rabbitmqadmin ++++ b/deps/rabbitmq_management/bin/rabbitmqadmin +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + # The contents of this file are subject to the Mozilla Public License + # Version 1.1 (the "License"); you may not use this file except in +diff --git a/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py b/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py +index 469f277..ea21f63 100755 +--- a/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py ++++ b/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + import os + import sys + + diff --git a/apk/rabbitmq-server/rabbitmq-server.pre-install b/apk/rabbitmq-server/rabbitmq-server.pre-install index 8e0b7ab..0c67e40 100644 --- a/apk/rabbitmq-server/rabbitmq-server.pre-install +++ b/apk/rabbitmq-server/rabbitmq-server.pre-install @@ -1,6 +1,6 @@ #!/bin/sh addgroup -S rabbitmq 2>/dev/null -adduser -S -D -H -s /sbin/nologin -h /usr/lib/rabbitmq -G rabbitmq \ +adduser -S -D -H -s /sbin/nologin -h /var/lib/rabbitmq -G rabbitmq \ -g 'RabbitMQ Server' rabbitmq 2>/dev/null exit 0 diff --git a/apk/spoc b/apk/spoc new file mode 160000 index 0000000..0614c15 --- /dev/null +++ b/apk/spoc @@ -0,0 +1 @@ +Subproject commit 0614c15e3ed8b8482febaf6113a7f53ef006df18 diff --git a/apk/vmmgr b/apk/vmmgr index d9334fd..71604f2 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit d9334fd12be8feb11106564d1a3b2e7526c89f43 +Subproject commit 71604f26b6cd26e3d7cef720401bdc24bb13bd16 diff --git a/apk/wireguard-tools/APKBUILD b/apk/wireguard-tools/APKBUILD deleted file mode 100644 index 1be21c0..0000000 --- a/apk/wireguard-tools/APKBUILD +++ /dev/null @@ -1,65 +0,0 @@ -# Contributor: Stuart Cardall -# Maintainer: Stuart Cardall -pkgname=wireguard-tools -pkgver=0.0.20190702 -pkgrel=0 -pkgdesc="Next generation secure network tunnel: userspace tools" -arch="all" -url="https://www.wireguard.com" -# SPDX identifier headers tells us 'GPL-2.0' but considering it -# is a kernel project i think it is safe to assume it is GPL-2.0-only just -# like the kernel. -license="GPL-2.0-only" -makedepends="libmnl-dev" -depends="$pkgname-wg $pkgname-wg-quick" -subpackages=" - $pkgname-doc - $pkgname-bash-completion:bashcomp:noarch - $pkgname-wg:_split - $pkgname-wg-quick:_split:noarch - " -options="!check" -source="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$pkgver.tar.xz - alpine-compat.patch - " -builddir="$srcdir"/WireGuard-$pkgver - -build() { - make -C src/tools -} - -package() { - mkdir -p "$pkgdir/usr/share/doc/$pkgname" - - make -C src/tools \ - DESTDIR="$pkgdir" \ - WITH_BASHCOMPLETION=yes \ - WITH_WGQUICK=yes \ - WITH_SYSTEMDUNITS=no \ - install - - find "$builddir"/contrib/examples -name '.gitignore' -delete - cp -rf "$builddir"/contrib/examples "$pkgdir/usr/share/doc/$pkgname/" -} - -_split() { - local cmd=${subpkgname/$pkgname-} - pkgdesc="$pkgdesc ($cmd)" - case $cmd in - wg-quick) depends="$pkgname-wg iproute2 bash openresolv" ;; - *) depends= ;; - esac - mkdir -p "$subpkgdir"/usr/bin - mv "$pkgdir"/usr/bin/$cmd "$subpkgdir"/usr/bin/ -} - -bashcomp() { - depends="bash" - pkgdesc="WireGuard bash completions" - - mkdir -p "$subpkgdir"/usr - mv "$pkgdir"/usr/share "$subpkgdir"/usr -} - -sha512sums="8b92b51506cd3f8e9939378b86f23678e08e8501432decd0abf6a9d4e3dfe4742b6f1cb75e06407f5816778b3dd90849a5da83252ab882392ec1905dfb997501 WireGuard-0.0.20190702.tar.xz -4577574333f023217ae6e0945807e1ccd2dec7caa87e329b1d5b44569f6b5969663ad74f8154b85d3dc7063dd762649e3fa87c7667e238ffb77c0e5df9245a5e alpine-compat.patch" diff --git a/apk/wireguard-tools/alpine-compat.patch b/apk/wireguard-tools/alpine-compat.patch deleted file mode 100644 index 1268ffb..0000000 --- a/apk/wireguard-tools/alpine-compat.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/tools/wg-quick/linux.bash b/src/tools/wg-quick/linux.bash ---- a/src/tools/wg-quick/linux.bash -+++ b/src/tools/wg-quick/linux.bash -@@ -201,7 +201,7 @@ - cmd ip $proto rule add table main suppress_prefixlength 0 - while read -r key _ value; do - [[ $value -eq 1 ]] && sysctl -q "$key=2" -- done < <(sysctl -a -r '^net\.ipv4.conf\.[^ .=]+\.rp_filter$') -+ done < <(sysctl -a 2>/dev/null | sed -n -r 's#^(net\.ipv4.conf\.[^ .=]+\.rp_filter).*$#\1#p') - return 0 - } - diff --git a/apk/wireguard/APKBUILD b/apk/wireguard/APKBUILD deleted file mode 100644 index 5481bb6..0000000 --- a/apk/wireguard/APKBUILD +++ /dev/null @@ -1,91 +0,0 @@ -# Contributor: Stuart Cardall -# Maintainer: Stuart Cardall - -# wireguard version -_ver=0.0.20190702 -_rel=0 - -# kernel version -_kver=4.19.52 -_krel=0 - -_kpkgver="$_kver-r$_krel" - -# for custom kernels set $FLAVOR -_extra_flavors= -if [ -z "$FLAVOR" ]; then - _flavor=vanilla - case $CARCH in - x86|x86_64) _extra_flavors="virt";; - esac -else - _flavor=$FLAVOR -fi -_kpkg=linux-$_flavor - -pkgname=wireguard-$_flavor -pkgver=$_kver -pkgrel=$(( $_rel + $_krel)) - -pkgdesc="Next generation secure network tunnel: kernel modules for $_flavor" -arch="all" -url="https://www.wireguard.com" -license="GPL-2.0" -depends="linux-$_flavor=$_kpkgver" -makedepends=" - libmnl-dev - linux-$_flavor-dev=$_kpkgver - linux-firmware-none - " -install_if="wireguard-tools-wg=$_ver-r$_rel linux-$_flavor=$_kpkgver" -options="!check" -source="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$_ver.tar.xz" -builddir="$srcdir"/WireGuard-$_ver - -for f in $_extra_flavors; do - makedepends="$makedepends linux-$f-dev=$_kpkgver" - subpackages="$subpackages wireguard-$f:_extra" -done - -prepare() { - default_prepare - if [ -z "$FLAVOR" ]; then - ( . "$startdir"/../../main/linux-$_flavor/APKBUILD - [ "$_kver" != "$pkgver" ] && die "please update _kver to $pkgver" - [ "$_krel" != "$pkgrel" ] && die "please update _krel to $pkgrel" - return 0 - ) - fi - local flavor= - for flavor in $_flavor $_extra_flavors; do - cp -r "$builddir" "$srcdir"/$flavor - done -} - -build() { - unset LDFLAGS - local flavor= kabi= - for flavor in $_flavor $_extra_flavors; do - kabi="$_kver-$_krel-$flavor" - make -C "$srcdir/$flavor"/src \ - KERNELDIR=/lib/modules/$kabi/build module - done -} - -package() { - local kabi="$_kver-$_krel-$_flavor" - install -Dm644 "$srcdir"/$_flavor/src/wireguard.ko \ - "$pkgdir/lib/modules/$kabi/extra/wireguard.ko" -} - -_extra() { - flavor=${subpkgname##*-} - depends="linux-$flavor=$_kpkgver" - install_if="wireguard-tools-wg=$_ver-r$_rel linux-$flavor=$_kpkgver" - pkgdesc="Next generation secure network tunnel: kernel modules for $flavor" - local kabi="$_kver-$_krel-$flavor" - install -Dm644 "$srcdir"/virt/src/wireguard.ko \ - "$subpkgdir/lib/modules/$kabi/extra/wireguard.ko" -} - -sha512sums="8b92b51506cd3f8e9939378b86f23678e08e8501432decd0abf6a9d4e3dfe4742b6f1cb75e06407f5816778b3dd90849a5da83252ab882392ec1905dfb997501 WireGuard-0.0.20190702.tar.xz" diff --git a/build/build-all.sh b/build/build-all.sh index 9662bb6..e640bfc 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -7,140 +7,106 @@ ROOT=$(dirname $(dirname $(realpath "${0}"))) cd ${ROOT}/doc make html -# Build basic.tar +# Build basic tar cd ${ROOT}/vm -tar cpf /srv/build/vm.tar * +tar czpf /srv/build/vm.tar.gz * # Build native apps -cd ${ROOT}/apk/acme-sh -abuild -F - -cd ${ROOT}/apk/geos -apk add -U swig python2-dev -abuild -F - -cd ${ROOT}/apk/gdal -apk add -U curl-dev geos-dev@vm giflib-dev jpeg-dev libjpeg-turbo-dev libpng-dev linux-headers postgresql-dev python2-dev sqlite-dev swig tiff-dev zlib-dev -abuild -F - -cd ${ROOT}/apk/proj4 +cd ${ROOT}/apk/lxc +apk add -U autoconf automake bsd-compat-headers docbook2x libcap-dev libcap-static libseccomp-dev libtool linux-headers linux-pam-dev abuild -F cd ${ROOT}/apk/rabbitmq-server -apk add -U elixir erlang-compiler erlang-dev erlang-edoc erlang-eldap erlang-erl-docgen erlang-mnesia erlang-os-mon erlang-runtime-tools erlang-tools erlang-xmerl gawk grep libxslt logrotate py2-simplejson python2 rsync socat xmlto zip +apk add -U elixir erlang-compiler erlang-dev erlang-edoc erlang-eldap erlang-erl-docgen erlang-mnesia erlang-os-mon erlang-runtime-tools erlang-tools erlang-eunit erlang-xmerl gawk grep libxslt py3-simplejson python3 rsync socat xmlto zip abuild -F -cd ${ROOT}/apk/postgis -apk add -U gdal-dev@vm geos-dev@vm json-c-dev libxml2-dev pcre-dev perl perl-dev postgresql postgresql-dev proj4-dev@vm +cd ${ROOT}/apk/spoc abuild -F cd ${ROOT}/apk/vmmgr abuild -F -cd ${ROOT}/apk/wireguard -apk add -U libmnl-dev linux-virt-dev linux-firmware-none -FLAVOR=virt abuild -F - -cd ${ROOT}/apk/wireguard-tools -apk add -U libmnl-dev -abuild -F - -# Build apd pack runtimes +# Build runtimes cd ${ROOT}/lxc-shared -lxc-build alpine3.8 -lxc-build alpine3.8-php5.6 -lxc-build alpine3.8-nodejs8 -lxc-build alpine3.8-ruby2.4 -lxc-build alpine3.9 -lxc-build alpine3.9-java8 -lxc-build alpine3.9-php7.2 -lxc-build alpine3.9-python2.7 -lxc-build alpine3.9-python3.6 -lxc-build alpine3.9-nodejs10 -lxc-build alpine3.9-ruby2.4 -lxc-build alpine3.9-tomcat7 -lxc-build alpine3.9-tomcat8.5 +spoc-image build -p alpine3.8/image +spoc-image build -p alpine3.8-java8/image +spoc-image build -p alpine3.8-php5.6/image +spoc-image build -p alpine3.8-ruby2.4/image +spoc-image build -p alpine3.10/image +spoc-image build -p alpine3.10-nodejs10/image +spoc-image build -p alpine3.10-python2.7/image +spoc-image build -p alpine3.10-python3.7/image +spoc-image build -p alpine3.11/image +spoc-image build -p alpine3.11-java8/image +spoc-image build -p alpine3.11-php7.3/image +spoc-image build -p alpine3.11-python2.7/image +spoc-image build -p alpine3.11-python3.8/image +spoc-image build -p alpine3.11-ruby2.4/image +spoc-image build -p alpine3.11-ruby2.6/image +spoc-image build -p alpine3.11-tomcat7/image +spoc-image build -p alpine3.11-tomcat8.5/image # Build services cd ${ROOT}/lxc-services -lxc-build activemq -lxc-build mariadb -lxc-build postgres -lxc-build rabbitmq -lxc-build redis -lxc-build solr +spoc-image build -p activemq/image +spoc-image build -p mariadb/image +spoc-image build -p postgres/image +spoc-image build -p postgis/image +spoc-image build -p rabbitmq/image +spoc-image build -p redis/image +spoc-image build -p solr6/image # Build applications cd ${ROOT}/lxc-apps -lxc-build ckan-datapusher -lxc-build ckan -lxc-build crisiscleanup -lxc-build cts -lxc-build ecogis -lxc-build frontlinesms -lxc-build gnuhealth -lxc-build kanboard -lxc-build mifosx -lxc-build motech -lxc-build odoo -lxc-build opendatakit -lxc-build opendatakit-build -lxc-build openmapkit -lxc-build pandora -lxc-build sahana-shared -lxc-build sahana -lxc-build sahana-demo -lxc-build sambro -lxc-build seeddms -lxc-build sigmah -lxc-build ushahidi -# Pack runtimes -cd ${ROOT}/lxc-shared -lxc-pack alpine3.8 -lxc-pack alpine3.8-php5.6 -lxc-pack alpine3.8-nodejs8 -lxc-pack alpine3.8-ruby2.4 -lxc-pack alpine3.9 -lxc-pack alpine3.9-java8 -lxc-pack alpine3.9-php7.2 -lxc-pack alpine3.9-python2.7 -lxc-pack alpine3.9-python3.6 -lxc-pack alpine3.9-nodejs10 -lxc-pack alpine3.9-ruby2.4 -lxc-pack alpine3.9-tomcat7 -lxc-pack alpine3.9-tomcat8.5 +spoc-image build -p ckan/ckan.image +spoc-image build -p ckan/ckan-datapusher.image +spoc-app publish ckan/app -# Pack services -cd ${ROOT}/lxc-services -lxc-pack activemq -lxc-pack mariadb -lxc-pack postgres -lxc-pack rabbitmq -lxc-pack redis -lxc-pack solr +spoc-image build -p crisiscleanup/image +spoc-app publish crisiscleanup/app -# Pack applications -cd ${ROOT}/lxc-apps -lxc-pack ckan-datapusher -lxc-pack ckan -lxc-pack crisiscleanup -lxc-pack cts -lxc-pack ecogis -lxc-pack frontlinesms -lxc-pack gnuhealth -lxc-pack kanboard -lxc-pack mifosx -lxc-pack motech -lxc-pack odoo -lxc-pack opendatakit -lxc-pack opendatakit-build -lxc-pack openmapkit -lxc-pack pandora -lxc-pack sahana-shared -lxc-pack sahana -lxc-pack sahana-demo -lxc-pack sambro -lxc-pack seeddms -lxc-pack sigmah -lxc-pack ushahidi +spoc-image build -p cts/image +spoc-app publish cts/app + +spoc-image build -p decidim/image +spoc-app publish decidim/app + +spoc-image build -p frontlinesms/image +spoc-app publish frontlinesms/app + +spoc-image build -p gnuhealth/image +spoc-app publish gnuhealth/app + +spoc-image build -p kanboard/image +spoc-app publish kanboard/app + +spoc-image build -p mifosx/image +spoc-app publish mifosx/app + +spoc-image build -p motech/image +spoc-app publish motech/app + +spoc-image build -p odoo/image +spoc-app publish odoo/app + +spoc-image build -p opendatakit/opendatakit.image +spoc-image build -p opendatakit/opendatakit-build.image +spoc-app publish opendatakit/app + +spoc-image build -p openmapkit/image +spoc-app publish openmapkit/app + +spoc-image build -p pandora/image +spoc-app publish pandora/app + +spoc-image build -p sahana/image +spoc-app publish sahana/app +spoc-app publish sahana-demo/app +spoc-app publish sambro/app + +spoc-image build -p seeddms/image +spoc-app publish seeddms/app + +spoc-image build -p ushahidi/image +spoc-app publish ushahidi/app diff --git a/build/clean-all.sh b/build/clean-all.sh new file mode 100755 index 0000000..94d01ca --- /dev/null +++ b/build/clean-all.sh @@ -0,0 +1,29 @@ +#!/bin/sh +set -ev + +# Clean documentation +rm -rf /srv/build/doc/* + +# Clean basic tar +rm -f /srv/build/vm.tar.gz + +# Clean native apps +rm -rf /srv/build/alpine/* + +# Clean built LXC packages +rm -rf /srv/build/spoc + +# Remove nginx configs +for CONF in $(find /etc/nginx/conf.d -name '*.conf' -a ! -name repo.conf -a ! -name default.conf); do + rm -f ${CONF} +done +service nginx reload + +# Stop running containers +for APP in $(spoc-container list); do + spoc-container stop ${APP} +done + +# Remove data +rm -rf /var/lib/spoc +rm -rf /var/log/spoc diff --git a/build/etc/abuild.conf b/build/etc/abuild.conf index e36f1f7..15c9b86 100644 --- a/build/etc/abuild.conf +++ b/build/etc/abuild.conf @@ -9,18 +9,21 @@ export MAKEFLAGS=-j$JOBS # remove line below to disable colors USE_COLORS=1 +# uncomment line below to enable ccache support. +#USE_CCACHE=1 + SRCDEST=/var/cache/distfiles # uncomment line below to store built packages in other location # The package will be stored as $REPODEST/$repo/$pkgname-$pkgver-r$pkgrel.apk # where $repo is the name of the parent directory of $startdir. -REPODEST=/srv/build/alpine/v3.9 +REPODEST=/srv/build/alpine/v3.11 # PACKAGER and MAINTAINER are used by newapkbuild when creating new aports for # the APKBUILD's "Contributor:" and "Maintainer:" comments, respectively. #PACKAGER="Your Name " #MAINTAINER="$PACKAGER" -PACKAGER_PRIVKEY="/srv/build/repokey.rsa" +PACKAGER_PRIVKEY="/root/repo.spotter.cz.rsa" # what to clean up after a successful build CLEANUP="srcdir bldroot pkgdir deps" diff --git a/build/etc/nginx/conf.d/apkrepo.conf b/build/etc/nginx/conf.d/repo.conf similarity index 70% rename from build/etc/nginx/conf.d/apkrepo.conf rename to build/etc/nginx/conf.d/repo.conf index 1b91492..40e81ea 100644 --- a/build/etc/nginx/conf.d/apkrepo.conf +++ b/build/etc/nginx/conf.d/repo.conf @@ -1,6 +1,6 @@ server { listen [::]:80; - server_name repo.spotter.cz; + server_name repo.build.vm; location / { root /srv/build; diff --git a/build/install-toolchain.sh b/build/install-toolchain.sh index 35b1a22..53b6d75 100755 --- a/build/install-toolchain.sh +++ b/build/install-toolchain.sh @@ -5,7 +5,7 @@ cd $(realpath $(dirname "${0}")) # Install basic build tools apk update -apk add git file htop less openssh-client tar xz +apk add git file htop less openssh-client tree # Install Alpine SDK apk add alpine-sdk # Install Sphinx support @@ -13,7 +13,7 @@ apk add py3-sphinx pip3 install recommonmark sphinx-markdown-tables # Copy root profile files and settings -mkdir -p /root/.config/htop /root/.ssh +mkdir -p /root/.config/htop cp root/.profile /root/.profile cp root/.config/htop/htoprc /root/.config/htop/htoprc @@ -21,19 +21,17 @@ cp root/.config/htop/htoprc /root/.config/htop/htoprc adduser root abuild cp etc/abuild.conf /etc/abuild.conf -# Prepare LXC build toolchain -cp usr/bin/fix-apk /usr/bin/fix-apk -cp usr/bin/lxc-build /usr/bin/lxc-build -cp usr/bin/lxc-pack /usr/bin/lxc-pack - # Prepare local APK repository -cp etc/nginx/conf.d/apkrepo.conf /etc/nginx/conf.d/apkrepo.conf -echo "172.17.0.1 repo.spotter.cz" >>/etc/hosts +cp etc/nginx/conf.d/repo.conf /etc/nginx/conf.d/repo.conf +echo "172.17.0.1 repo.build.vm" >>/etc/hosts service nginx reload -# Supply abuild key -# echo '/srv/build/repokey.rsa' | abuild-keygen +# Change SPOC repository +sed -i 's/https:\/\/repo\.spotter\.cz/http:\/\/repo.build.vm/' /etc/spoc/spoc.conf -# Supply LXC build key -# openssl ecparam -genkey -name secp384r1 -out /srv/build/packages.key -# openssl ec -in /srv/build/packages.key -pubout -out /srv/build/packages.pub +# Supply abuild key +# echo '/root/repo.spotter.cz.rsa' | abuild-keygen + +# Supply SPOC key +# openssl ecparam -genkey -name secp384r1 -out /etc/spoc/publish.key +# openssl ec -in /etc/spoc/publish.key -pubout -out /tmp/repository.pub diff --git a/build/usr/bin/fix-apk b/build/usr/bin/fix-apk deleted file mode 100755 index 0de3c00..0000000 --- a/build/usr/bin/fix-apk +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/python3 - -import os -import sys - -def fix_installed(layers): - installed = [] - for layer in layers[:-1]: - try: - with open(os.path.join(layer, 'lib/apk/db/installed'), 'r') as f: - buffer = [] - for line in f: - if line.startswith('C:'): - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - buffer = [] - buffer.append(line) - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - except: - continue - os.makedirs(os.path.join(layers[-1], 'lib/apk/db'), 0o755, True) - with open(os.path.join(layers[-1], 'lib/apk/db/installed'), 'w') as f: - f.writelines(installed) - -def fix_world(layers): - world = [] - for layer in layers[:-1]: - try: - with open(os.path.join(layer, 'etc/apk/world'), 'r') as f: - for line in f: - if line not in world: - world.append(line) - except: - continue - os.makedirs(os.path.join(layers[-1], 'etc/apk'), 0o755, True) - with open(os.path.join(layers[-1], 'etc/apk/world'), 'w') as f: - f.writelines(world) - -fix_installed(sys.argv[1:]) -fix_world(sys.argv[1:]) diff --git a/build/usr/bin/lxc-build b/build/usr/bin/lxc-build deleted file mode 100755 index c7db300..0000000 --- a/build/usr/bin/lxc-build +++ /dev/null @@ -1,210 +0,0 @@ -#!/usr/bin/python3 - -import os -import shutil -import subprocess -import sys - -LXC_ROOT = '/var/lib/lxc' -CONFIG_TEMPLATE = '''# Image name -lxc.uts.name = {name} - -# Network -lxc.net.0.type = veth -lxc.net.0.link = lxcbr0 -lxc.net.0.flags = up - -# Volumes -lxc.rootfs.path = {rootfs} - -# Mounts -lxc.mount.entry = shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0 -lxc.mount.entry = /etc/hosts etc/hosts none bind,create=file 0 0 -lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,create=file 0 0 -{mounts} - -# Init -lxc.init.cmd = {cmd} -lxc.init.uid = {uid} -lxc.init.gid = {gid} -lxc.init.cwd = {cwd} - -# Environment -lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -{env} - -# Halt -lxc.signal.halt = {halt} - -# Log -lxc.console.size = 1MB -lxc.console.logfile = /var/log/lxc/{name}.log - -# Other -lxc.arch = x86_64 -lxc.cap.drop = sys_admin -lxc.hook.pre-start = /usr/bin/vmmgr prepare-container -lxc.hook.start-host = /usr/bin/vmmgr register-container -lxc.hook.post-stop = /usr/bin/vmmgr unregister-container -lxc.include = /usr/share/lxc/config/common.conf -''' - -class LXCImage: - def __init__(self, build_path): - self.name = None - self.layers = [] - self.mounts = [] - self.env = [] - self.uid = 0 - self.gid = 0 - self.cmd = '/bin/true' - self.cwd = '/' - self.halt = 'SIGINT' - - if os.path.isfile(build_path): - self.lxcfile = os.path.realpath(build_path) - self.build_dir = os.path.dirname(self.lxcfile) - else: - self.build_dir = os.path.realpath(build_path) - self.lxcfile = os.path.join(self.build_dir, 'lxcfile') - - def build(self): - with open(self.lxcfile, 'r') as f: - lxcfile = [l.strip() for l in f.readlines()] - - script = [] - script_eof = None - - for line in lxcfile: - if script_eof: - if line == script_eof: - script_eof = None - self.run_script(script) - else: - script.append(line) - elif line.startswith('RUN'): - script = [] - script_eof = line.split()[1] - elif line.startswith('IMAGE'): - self.set_name(line.split()[1]) - elif line.startswith('LAYER'): - self.add_layer(line.split()[1]) - elif line.startswith('FIXLAYER'): - self.fix_layer(line.split()[1]) - elif line.startswith('COPY'): - srcdst = line.split() - self.copy_files(srcdst[1], srcdst[2] if len(srcdst) == 3 else '') - elif line.startswith('MOUNT'): - mount = line.split() - self.add_mount(mount[1], mount[2], mount[3]) - elif line.startswith('ENV'): - env = line.split() - self.add_env(env[1], env[2]) - elif line.startswith('USER'): - uidgid = line.split() - self.set_user(uidgid[1], uidgid[2]) - elif line.startswith('CMD'): - self.set_cmd(' '.join(line.split()[1:])) - elif line.startswith('WORKDIR'): - self.set_cwd(line.split()[1]) - elif line.startswith('HALT'): - self.set_halt(line.split()[1]) - # Add the final layer which will be treated as ephemeral - self.add_layer('{}/delta0'.format(self.name)) - - def rebuild_config(self): - if not self.name: - return - if len(self.layers) == 1: - rootfs = self.layers[0] - else: - # Multiple lower overlayfs layers are ordered from right to left (lower2:lower1:rootfs:upper) - rootfs = 'overlay:{}:{}'.format(':'.join(self.layers[:-1][::-1]), self.layers[-1]) - mounts = '\n'.join(self.mounts) - env = '\n'.join(self.env) - with open(os.path.join(LXC_ROOT, self.name, 'config'), 'w') as f: - f.write(CONFIG_TEMPLATE.format(name=self.name, - rootfs=rootfs, mounts=mounts, env=env, - uid=self.uid, gid=self.gid, - cmd=self.cmd, cwd=self.cwd, halt=self.halt)) - - def run_script(self, script): - sh = os.path.join(self.layers[-1], 'run.sh') - with open(sh, 'w') as f: - f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) - os.chmod(sh, 0o700) - subprocess.run(['lxc-execute', '-n', self.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True) - os.unlink(sh) - - def set_name(self, name): - self.name = name - os.makedirs(os.path.join(LXC_ROOT, self.name), 0o755, True) - - def add_layer(self, layer): - layer = os.path.join(LXC_ROOT, layer) - self.layers.append(layer) - os.makedirs(layer, 0o755, True) - self.rebuild_config() - - def fix_layer(self, cmd): - subprocess.run([cmd]+self.layers, check=True) - - def copy_files(self, src, dst): - dst = os.path.join(self.layers[-1], dst) - if src.startswith('http://') or src.startswith('https://'): - self.unpack_http_archive(src, dst) - else: - src = os.path.join(self.build_dir, src) - copy_tree(src, dst) - - def unpack_http_archive(self, src, dst): - xf = 'xzf' - if src.endswith('.bz2'): - xf = 'xjf' - elif src.endswith('.xz'): - xf = 'xJf' - with subprocess.Popen(['wget', src, '-O', '-'], stdout=subprocess.PIPE) as wget: - with subprocess.Popen(['tar', xf, '-', '-C', dst], stdin=wget.stdout) as tar: - wget.stdout.close() - tar.wait() - - def add_mount(self, type, src, dst): - self.mounts.append('lxc.mount.entry = {} {} none bind,create={} 0 0'.format(src, dst, type.lower())) - self.rebuild_config() - - def add_env(self, key, value): - self.env.append('lxc.environment = {}={}'.format(key, value)) - self.rebuild_config() - - def set_user(self, uid, gid): - self.uid = uid - self.gid = gid - self.rebuild_config() - - def set_cmd(self, cmd): - self.cmd = cmd - self.rebuild_config() - - def set_cwd(self, cwd): - self.cwd = cwd - self.rebuild_config() - - def set_halt(self, halt): - self.halt = halt - self.rebuild_config() - -def copy_tree(src, dst): - if not os.path.isdir(src): - shutil.copy2(src, dst) - else: - os.makedirs(dst, exist_ok=True) - for name in os.listdir(src): - copy_tree(os.path.join(src, name), os.path.join(dst, name)) - shutil.copystat(src, dst) - -if __name__ == '__main__': - if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'): - print('Usage: lxc-build \n where the buildpath can be either specific lxcfile or a directory containing one') - else: - i = LXCImage(sys.argv[1]) - i.build() diff --git a/build/usr/bin/lxc-pack b/build/usr/bin/lxc-pack deleted file mode 100755 index 1b3f0a4..0000000 --- a/build/usr/bin/lxc-pack +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/python3 - -import hashlib -import json -import os -import subprocess -import sys - -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric import ec -from cryptography.hazmat.primitives.serialization import load_pem_private_key - -PKG_ROOT = '/srv/build/lxc' -PRIVATE_KEY = '/srv/build/packages.key' -LXC_ROOT = '/var/lib/lxc' - -def pack(path): - # Determine correct metadata file and package name - path = os.path.realpath(path) - if os.path.isdir(path): - meta_dir = path - meta_file = os.path.join(meta_dir, 'meta') - else: - meta_dir = os.path.dirname(path) - meta_file = path - pkg_name = os.path.basename(meta_dir) - - # Load metadata - with open(meta_file) as f: - meta = json.load(f) - - # Prepare package file names - os.makedirs(PKG_ROOT, 0o755, True) - tar_path = os.path.join(PKG_ROOT, '{}_{}-{}.tar'.format(pkg_name, meta['version'], meta['release'])) - xz_path = '{}.xz'.format(tar_path) - - # Remove old package - if os.path.exists(tar_path): - os.unlink(tar_path) - if os.path.exists(xz_path): - os.unlink(xz_path) - - # Create archive - print('Archiving', meta['lxcpath']) - subprocess.run(['tar', '--xattrs', '-cpf', tar_path, os.path.join(LXC_ROOT, meta['lxcpath'])], cwd='/') - # Add install/upgrade/uninstall scripts - scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') - scripts = [s for s in scripts if os.path.exists(os.path.join(meta_dir, s))] - subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(pkg_name), '-rpf', tar_path] + scripts, cwd=meta_dir) - # Compress the tarball with xz (LZMA2) - print('Compressing', tar_path, '({:.2f} MB)'.format(os.path.getsize(tar_path)/1048576)) - subprocess.run(['xz', '-9', tar_path]) - print('Compressed ', xz_path, '({:.2f} MB)'.format(os.path.getsize(xz_path)/1048576)) - - # Register package - print('Registering package') - packages = {} - packages_file = os.path.join(PKG_ROOT, 'packages') - if os.path.exists(packages_file): - with open(packages_file, 'r') as f: - packages = json.load(f) - packages[pkg_name] = meta - packages[pkg_name]['size'] = os.path.getsize(xz_path) - packages[pkg_name]['sha512'] = hash_file(xz_path) - with open(packages_file, 'w') as f: - json.dump(packages, f, sort_keys=True, indent=4) - - # Sign packages file - print('Signing packages') - with open(PRIVATE_KEY, 'rb') as f: - priv_key = load_pem_private_key(f.read(), None, default_backend()) - with open(os.path.join(PKG_ROOT, 'packages'), 'rb') as f: - data = f.read() - with open(os.path.join(PKG_ROOT, 'packages.sig'), 'wb') as f: - f.write(priv_key.sign(data, ec.ECDSA(hashes.SHA512()))) - -def hash_file(file_path): - sha512 = hashlib.sha512() - with open(file_path, 'rb') as f: - while True: - data = f.read(65536) - if not data: - break - sha512.update(data) - return sha512.hexdigest() - -if __name__ == '__main__': - if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'): - print('Usage: lxc-pack \n where the buildpath can be either specific meta file or a directory containing one') - else: - pack(sys.argv[1]) diff --git a/doc/existing/list.md b/doc/existing/list.md index f72519e..66d0c69 100644 --- a/doc/existing/list.md +++ b/doc/existing/list.md @@ -6,54 +6,52 @@ |-------------------------|---------------------| | Alpine 3.8 | alpine3.8 | | Alpine 3.8 - PHP 5.6 | alpine3.8-php5.6 | -| Alpine 3.8 - NodeJS 8 | alpine3.8-nodejs8 | | Alpine 3.9 - Ruby 2.4 | alpine3.8-ruby2.4 | | Alpine 3.9 | alpine3.9 | | Alpine 3.9 - Java 8 | alpine3.9-java8 | | Alpine 3.9 - PHP 7.2 | alpine3.9-php7.2 | | Alpine 3.9 - Python 2.7 | alpine3.9-python2.7 | | Alpine 3.9 - Python 3.6 | alpine3.9-python3.6 | -| Alpine 3.9 - NodeJS 10 | alpine3.9-nodejs10 | | Alpine 3.9 - Ruby 2.4 | alpine3.9-ruby2.4 | +| Alpine 3.9 - Ruby 2.6 | alpine3.9-ruby2.6 | | Alpine 3.9 - Tomcat 7 | alpine3.9-tomcat7 | | Alpine 3.9 - Tomcat 8.5 | alpine3.9-tomcat8.5 | -| Sahana - Shared | sahana-shared | ## List of service containers | Service | Container | UID/GID | Internal Port | |-----------------|-----------------|---------|------------------| | ActiveMQ | activemq | 61616 | 61616 (ActiveMQ) | -| CKAN Datapusher | ckan-datapusher | 8004 | 8080 (HTTP) | | MariaDB | mariadb | 3306 | 3306 (MySQL) | | Postgres | postgres | 5432 | 5432 (Postgres) | +| PostGIS | postgis | 5432 | 5432 (Postgres) | | RabbitMQ | rabbitmq | 5672 | 5672 (AMQP) | | Redis | redis | 6379 | 6379 (Redis) | -| Solr | solr | 8983 | 8983 (HTTP) | +| Solr 6 | solr6 | 8983 | 8983 (HTTP) | ## List of application containers -All application containers listen on internal port 8080 (HTTP) +All application containers have the application user UID/GID 8080 and listen on internal port 8080 (HTTP) -| Application | Container | UID/GID | Host | -|----------------|-------------------|---------|-------------| -| CKAN | ckan | 8003 | ckan | -| Crisis Cleanup | crisiscleanup | 8005 | cc | -| CTS | cts | 8006 | cts | -| EcoGIS | ecogis | 8020 | ecogis | -| FrontlineSMS | frontlinesms | 8018 | sms | -| GNU Health | gnuhealth | 8008 | gh | -| KanBoard | kanboard | 8009 | kb | -| Mifos X | mifosx | 8012 | mifosx | -| Motech | motech | 8013 | motech | -| ODK Aggregate | opendatakit | 8015 | odk | -| ODK Build | opendatakit-build | 8017 | odkbuild | -| Odoo | odoo | 8019 | odoo | -| OpenMapKit | openmapkit | 8007 | omk | -| Pan.do/ra | pandora | 8002 | pandora | -| Sahana | sahana | 8001 | sahana | -| Sahana - Demo | sahana-demo | 8001 | sahana-demo | -| SAMBRO | sambro | 8001 | sambro | -| SeedDMS | seeddms | 8010 | dms | -| Sigmah | sigmah | 8011 | sigmah | -| Ushahidi | ushahidi | 8014 | ush | +| Application | Container | Host | +|----------------|-------------------|-------------| +| CKAN | ckan | ckan | +| Crisis Cleanup | crisiscleanup | cc | +| CTS | cts | cts | +| EcoGIS | ecogis | ecogis | +| FrontlineSMS | frontlinesms | sms | +| GNU Health | gnuhealth | gh | +| KanBoard | kanboard | kb | +| Mifos X | mifosx | mifosx | +| Motech | motech | motech | +| ODK Aggregate | opendatakit | odk | +| ODK Build | opendatakit-build | odkbuild | +| Odoo | odoo | odoo | +| OpenMapKit | openmapkit | omk | +| Pan.do/ra | pandora | pandora | +| Sahana | sahana | sahana | +| Sahana - Demo | sahana-demo | sahana-demo | +| SAMBRO | sambro | sambro | +| SeedDMS | seeddms | dms | +| Sigmah | sigmah | sigmah | +| Ushahidi | ushahidi | ush | diff --git a/doc/toolchain/abuild.md b/doc/toolchain/abuild.md index e74b7a4..11db971 100644 --- a/doc/toolchain/abuild.md +++ b/doc/toolchain/abuild.md @@ -13,7 +13,7 @@ The usage of Abuild, APK package manager and syntax of `APKBUILD` files is best ## Abuild in a nutshell -Building with abuild requires `alpine-sdk` package installed, `/etc/abuild.conf` configured and an RSA private key created in `/srv/build/repokey.rsa` and subsequently registered by `abuild-keygen` command. All these are taken care of in `install-toolchain.sh` script as part of [Build environment installation](vm-creation). +Building with abuild requires `alpine-sdk` package installed, `/etc/abuild.conf` configured and an RSA private key created in `/srv/repo.spotter.cz.rsa` and subsequently registered by `abuild-keygen` command. All these are taken care of in `install-toolchain.sh` script as part of [Build environment installation](vm-creation). Abuild toolchain is intended to be used in automated builds, therefore it requires some dependencies normally not found in other packaging systems. Abuild expects that `APKBUILD` files are a part of git repository and tries to read current commit hash. Then it tries to automatically download, build (compile), strip binaries, find out dependencies, and generally perform a lot of tasks normally useful when you are compiling from sources. Finally it packages the result to one or more subpackages, according to the build recipe. For purposes of LXC packaging, this is mostly useless, which is the reason why we have a [custom package manager](pkgmgr). It is however perfectly suitable for packages installed directly on the basic VM. diff --git a/doc/toolchain/index.rst b/doc/toolchain/index.rst index c12be6e..b158571 100644 --- a/doc/toolchain/index.rst +++ b/doc/toolchain/index.rst @@ -7,7 +7,7 @@ VM building and packaging vm-creation abuild lxc-overview - lxc-build + lxcbuild lxc-pack pkgmgr vmmgr-hooks diff --git a/doc/toolchain/lxc-build.md b/doc/toolchain/lxc-build.md index 76aae4a..29d0172 100644 --- a/doc/toolchain/lxc-build.md +++ b/doc/toolchain/lxc-build.md @@ -2,18 +2,18 @@ ## Overview -`lxc-build` utility creates a LXC container based on its build recipe and build context path given in command line parameter. If a filename is given, the build recipe is loaded from the file and the directory in which the file resides is taken as build context, ie. all relative paths are resolved from it. In case a directory path is passed as parameter, the directory is then used as build context and a file called `lxcfile` from the given directory is used as build recipe. +`lxcbuild` utility creates a LXC container based on its build recipe and build context path given in command line parameter. If a filename is given, the build recipe is loaded from the file and the directory in which the file resides is taken as build context, ie. all relative paths are resolved from it. In case a directory path is passed as parameter, the directory is then used as build context and a file called `lxcfile` from the given directory is used as build recipe. ### Usage ```bash -lxc-build +lxcbuild where the buildpath can be either specific lxcfile or a directory containing one ``` ## Directives used in lxcfile -The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to ease the potential transition. Since LXC operates on much lower level of abstraction than Docker, some principles are applied more explicitly and verbosely. Major difference between Docker and *lxc-build* is that every directive in *Dockerfile* creates a new filesystem layer whereas layers in *lxc-build* are managed manually. +The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to ease the potential transition. Since LXC operates on much lower level of abstraction than Docker, some principles are applied more explicitly and verbosely. Major difference between Docker and *lxcbuild* is that every directive in *Dockerfile* creates a new filesystem layer whereas layers in *lxcbuild* are managed manually. ### IMAGE @@ -29,13 +29,6 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas - **Docker equivalent:** `FROM` - **Populates LXC field:** `lxc.rootfs.path` -### FIXLAYER - -- **Usage:** `FIXLAYER ` -- **Description:** Runs `` on LXC host and passes all layer paths as parameter to this script. This helps you to resolve the conflicts in cases where you mix multiple OverlayFS layers with overlapping files, ie. package manager cache. The idea is that all layers are read separately by the `` script and the fixed result is written back to the uppermost layer. -- **Docker equivalent:** None -- **Populates LXC field:** None - ### RUN - **Usage:** @@ -82,13 +75,6 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas - **Docker equivalent:** `COPY` or `ADD` - **Populates LXC field:** None -### MOUNT - -- **Usage:** `MOUNT DIR|FILE ` -- **Description:** Creates a directory or file mount for the container. The `` is usually given as absolute path existing on the LXC host, the `` is a path relative to the container root directory. If the file doesn't exist in any of the container layers, it is automatically created on container startup. -- **Docker equivalent:** `VOLUME` -- **Populates LXC field:** `lxc.mount.entry` - ### USER - **Usage:** `USER ` @@ -126,7 +112,7 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas ## LXC config -Although *lxcfile* populates some LXC config fields, there are lot of defaults with remain unchanged. The template file to which *lxc-build* fills in the values looks as follows: +Although *lxcfile* populates some LXC config fields, there are lot of defaults with remain unchanged. The template file to which *lxcbuild* fills in the values looks as follows: ```bash # Image name @@ -192,9 +178,6 @@ RUN EOF apk --no-cache add redis EOF -MOUNT FILE /srv/redis/conf/redis.conf etc/redis.conf -MOUNT DIR /srv/redis/data var/lib/redis - USER 6379 6379 CMD redis-server /etc/redis.conf ``` diff --git a/doc/toolchain/lxc-overview.md b/doc/toolchain/lxc-overview.md index ad6909d..e561bc9 100644 --- a/doc/toolchain/lxc-overview.md +++ b/doc/toolchain/lxc-overview.md @@ -28,7 +28,7 @@ Due to the Docker's approach, storage overlay layers cannot be easily managed by Finally, Docker maintainers explicitly refuse to implement a possibility to isolate the docker daemon to private Docker repositories (registries) in the community edition of Docker. It is possible to have some custom and even private repositories, but it is not possible to deactivate the default public *Dockerhub*. -The downsides of using LXC is that its usage requires a bit more knowledge about how the linux containers actually work, and that most 3rd party applications are distributed using `Dockerfile`, which requires rewriting into LXC, however this is simplified by the [`lxc-build`](lxc-build) tool, which aims to automatize LXC container building using *Dockerfile*-like syntax. +The downsides of using LXC is that its usage requires a bit more knowledge about how the linux containers actually work, and that most 3rd party applications are distributed using `Dockerfile`, which requires rewriting into LXC, however this is simplified by the [`lxcbuild`](lxcbuild) tool, which aims to automatize LXC container building using *Dockerfile*-like syntax. ## Container interfaces diff --git a/doc/toolchain/lxc-pack.md b/doc/toolchain/lxc-pack.md index c337383..f188b30 100644 --- a/doc/toolchain/lxc-pack.md +++ b/doc/toolchain/lxc-pack.md @@ -4,7 +4,7 @@ The `lxc-pack` utility creates a `.tar.xz` archives based on package metadata and manages the `packages.json` repository metadata file. If a filename is passed as command line parameter to `lxc-pack`, the metadata are loaded from the file. In case a directory path is given, the metadata are loaded from a file called `pkg` from the directory. All metadata files are in JSON format. -The product of *lxc-build* command described in LXC building documentation can be used in its entirety, ie. both filesystem layer and configuration, or only as dependency, in which case the container configuration is omitted and only the filesystem layer is used. Apart from that, the package can contain installation, upgrade and uninstallation script and data, all of which are optional. Accepted names are +The product of *lxcbuild* command described in LXC building documentation can be used in its entirety, ie. both filesystem layer and configuration, or only as dependency, in which case the container configuration is omitted and only the filesystem layer is used. Apart from that, the package can contain installation, upgrade and uninstallation script and data, all of which are optional. Accepted names are - `install.sh` file and `install` directory for post-install scripts. - `upgrade.sh` file and `upgrade` directory for post-upgrade scripts. diff --git a/doc/toolchain/vm-creation.md b/doc/toolchain/vm-creation.md index 674cb33..fac7ae0 100644 --- a/doc/toolchain/vm-creation.md +++ b/doc/toolchain/vm-creation.md @@ -19,8 +19,8 @@ Download **Alpine Virtual 3.9.0 x86_64** from 'pgsql', - 'dbhost' => 'postgres', // host + 'dbhost' => 'ecogis-postgres', // host 'dbuser' => 'ecogis', // login 'dbpass' => '${ECOGIS_PWD}', // Password 'dbname' => 'ecogis', // database diff --git a/lxc-services/postgres/install/srv/postgres/data/pg_hba.conf b/extra/graveyard/ecogis/install/postgres_data/pg_hba.conf similarity index 100% rename from lxc-services/postgres/install/srv/postgres/data/pg_hba.conf rename to extra/graveyard/ecogis/install/postgres_data/pg_hba.conf diff --git a/lxc-services/postgres/install/srv/postgres/data/postgresql.conf b/extra/graveyard/ecogis/install/postgres_data/postgresql.conf similarity index 79% rename from lxc-services/postgres/install/srv/postgres/data/postgresql.conf rename to extra/graveyard/ecogis/install/postgres_data/postgresql.conf index bec8b6b..93e2206 100644 --- a/lxc-services/postgres/install/srv/postgres/data/postgresql.conf +++ b/extra/graveyard/ecogis/install/postgres_data/postgresql.conf @@ -73,27 +73,7 @@ unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of direc #bonjour_name = '' # defaults to the computer name # (change requires restart) -# - Security and Authentication - - -#authentication_timeout = 1min # 1s-600s -#ssl = off -#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers -#ssl_prefer_server_ciphers = on -#ssl_ecdh_curve = 'prime256v1' -#ssl_dh_params_file = '' -#ssl_cert_file = 'server.crt' -#ssl_key_file = 'server.key' -#ssl_ca_file = '' -#ssl_crl_file = '' -#password_encryption = md5 # md5 or scram-sha-256 -#db_user_namespace = off -#row_security = on - -# GSSAPI using Kerberos -#krb_server_keyfile = '' -#krb_caseins_users = off - -# - TCP Keepalives - +# - TCP settings - # see "man 7 tcp" for details #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; @@ -102,6 +82,34 @@ unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of direc # 0 selects the system default #tcp_keepalives_count = 0 # TCP_KEEPCNT; # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off #------------------------------------------------------------------------------ @@ -110,7 +118,7 @@ unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of direc # - Memory - -shared_buffers = 192MB # min 128kB +shared_buffers = 128MB # min 128kB # (change requires restart) #huge_pages = try # on, off, or try # (change requires restart) @@ -121,16 +129,20 @@ shared_buffers = 192MB # min 128kB # you actively intend to use prepared transactions. #work_mem = 4MB # min 64kB #maintenance_work_mem = 64MB # min 1MB -#replacement_sort_tuples = 150000 # limits use of replacement selection sort #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem #max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) dynamic_shared_memory_type = posix # the default is the first option # supported by the operating system: # posix # sysv # windows # mmap - # use none to disable dynamic shared memory # (change requires restart) # - Disk - @@ -138,15 +150,14 @@ dynamic_shared_memory_type = posix # the default is the first option #temp_file_limit = -1 # limits per-process temp file space # in kB, or -1 for no limit -# - Kernel Resource Usage - +# - Kernel Resources - #max_files_per_process = 1000 # min 25 # (change requires restart) -#shared_preload_libraries = '' # (change requires restart) # - Cost-Based Vacuum Delay - -#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) #vacuum_cost_page_hit = 1 # 0-10000 credits #vacuum_cost_page_miss = 10 # 0-10000 credits #vacuum_cost_page_dirty = 20 # 0-10000 credits @@ -155,7 +166,7 @@ dynamic_shared_memory_type = posix # the default is the first option # - Background Writer - #bgwriter_delay = 200ms # 10-10000ms between rounds -#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round #bgwriter_flush_after = 512kB # measured in pages, 0 disables @@ -163,25 +174,27 @@ dynamic_shared_memory_type = posix # the default is the first option #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching #max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on #max_parallel_workers = 8 # maximum number of max_worker_processes that - # can be used in parallel queries + # can be used in parallel operations #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate # (change requires restart) #backend_flush_after = 0 # measured in pages, 0 disables #------------------------------------------------------------------------------ -# WRITE AHEAD LOG +# WRITE-AHEAD LOG #------------------------------------------------------------------------------ # - Settings - -#wal_level = replica # minimal, replica, or logical +wal_level = minimal # minimal, replica, or logical # (change requires restart) #fsync = on # flush data to disk for crash safety - # (turning this off can cause - # unrecoverable data corruption) + # (turning this off can cause + # unrecoverable data corruption) #synchronous_commit = on # synchronization level; # off, local, remote_write, remote_apply, or on #wal_sync_method = fsync # the default is the first option @@ -195,6 +208,8 @@ dynamic_shared_memory_type = posix # the default is the first option #wal_compression = off # enable compression of full-page writes #wal_log_hints = off # also do full page writes of non-critical updates # (change requires restart) +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers # (change requires restart) #wal_writer_delay = 200ms # 1-10000 milliseconds @@ -223,21 +238,57 @@ dynamic_shared_memory_type = posix # the default is the first option #archive_timeout = 0 # force a logfile segment switch after this # number of seconds; 0 disables +# - Archive Recovery - + +# These are only used in recovery mode. + +#restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + #------------------------------------------------------------------------------ # REPLICATION #------------------------------------------------------------------------------ -# - Sending Server(s) - +# - Sending Servers - # Set these on the master and on any standby that will send replication data. -#max_wal_senders = 10 # max number of walsender processes +max_wal_senders = 0 # max number of walsender processes # (change requires restart) -#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_keep_segments = 0 # in logfile segments; 0 disables #wal_sender_timeout = 60s # in milliseconds; 0 disables -#max_replication_slots = 10 # max number of replication slots +max_replication_slots = 0 # max number of replication slots # (change requires restart) #track_commit_timestamp = off # collect timestamp of transaction commit # (change requires restart) @@ -256,6 +307,11 @@ dynamic_shared_memory_type = posix # the default is the first option # These settings are ignored on a master server. +#primary_conninfo = '' # connection string to sending server + # (change requires restart) +#primary_slot_name = '' # replication slot on sending server + # (change requires restart) +#promote_trigger_file = '' # file name whose presence ends recovery #hot_standby = on # "off" disallows queries during recovery # (change requires restart) #max_standby_archive_delay = 30s # max delay before canceling queries @@ -273,14 +329,15 @@ dynamic_shared_memory_type = posix # the default is the first option # in milliseconds; 0 disables #wal_retrieve_retry_interval = 5s # time to wait before retrying to # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery # - Subscribers - # These settings are ignored on a publisher. -#max_logical_replication_workers = 4 # taken from max_worker_processes +max_logical_replication_workers = 0 # taken from max_worker_processes # (change requires restart) -#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers #------------------------------------------------------------------------------ @@ -297,9 +354,14 @@ dynamic_shared_memory_type = posix # the default is the first option #enable_material = on #enable_mergejoin = on #enable_nestloop = on +#enable_parallel_append = on #enable_seqscan = on #enable_sort = on #enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on # - Planner Cost Constants - @@ -310,6 +372,16 @@ dynamic_shared_memory_type = posix # the default is the first option #cpu_operator_cost = 0.0025 # same scale as above #parallel_tuple_cost = 0.1 # same scale as above #parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + #min_parallel_table_scan_size = 8MB #min_parallel_index_scan_size = 512kB #effective_cache_size = 4GB @@ -333,10 +405,13 @@ dynamic_shared_memory_type = posix # the default is the first option #join_collapse_limit = 8 # 1 disables collapsing of explicit # JOIN clauses #force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan #------------------------------------------------------------------------------ -# ERROR REPORTING AND LOGGING +# REPORTING AND LOGGING #------------------------------------------------------------------------------ # - Where to Log - @@ -385,17 +460,6 @@ dynamic_shared_memory_type = posix # the default is the first option # - When to Log - -#client_min_messages = notice # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # log - # notice - # warning - # error - #log_min_messages = warning # values in order of decreasing detail: # debug5 # debug4 @@ -429,6 +493,9 @@ dynamic_shared_memory_type = posix # the default is the first option # statements running at least this number # of milliseconds +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. # - What to Log - @@ -464,15 +531,16 @@ log_line_prefix = '%m [%p] %q%u@%d ' # special values: # %% = '%' # e.g. '<%u%%%d> ' #log_lock_waits = off # log lock waits >= deadlock_timeout -#log_statement = 'all' # none, ddl, mod, all +#log_statement = 'none' # none, ddl, mod, all #log_replication_commands = off #log_temp_files = -1 # log temporary files equal or larger # than the specified size in kilobytes; # -1 disables, 0 logs all temp files log_timezone = 'Europe/Prague' - -# - Process Title - +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ #cluster_name = '' # added to process titles if nonempty # (change requires restart) @@ -480,10 +548,10 @@ log_timezone = 'Europe/Prague' #------------------------------------------------------------------------------ -# RUNTIME STATISTICS +# STATISTICS #------------------------------------------------------------------------------ -# - Query/Index Statistics Collector - +# - Query and Index Statistics Collector - #track_activities = on #track_counts = on @@ -493,7 +561,7 @@ log_timezone = 'Europe/Prague' #stats_temp_directory = 'pg_stat_tmp' -# - Statistics Monitoring - +# - Monitoring - #log_parser_stats = off #log_planner_stats = off @@ -502,7 +570,7 @@ log_timezone = 'Europe/Prague' #------------------------------------------------------------------------------ -# AUTOVACUUM PARAMETERS +# AUTOVACUUM #------------------------------------------------------------------------------ #autovacuum = on # Enable autovacuum subprocess? 'on' @@ -525,7 +593,7 @@ log_timezone = 'Europe/Prague' #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age # before forced vacuum # (change requires restart) -#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for # autovacuum, in milliseconds; # -1 means use vacuum_cost_delay #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for @@ -539,10 +607,22 @@ log_timezone = 'Europe/Prague' # - Statement Behavior - +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error #search_path = '"$user", public' # schema names +#row_security = on #default_tablespace = '' # a tablespace name, '' uses the default #temp_tablespaces = '' # a list of tablespace names, '' uses # only default tablespace +#default_table_access_method = 'heap' #check_function_bodies = on #default_transaction_isolation = 'read committed' #default_transaction_read_only = off @@ -555,6 +635,9 @@ log_timezone = 'Europe/Prague' #vacuum_freeze_table_age = 150000000 #vacuum_multixact_freeze_min_age = 5000000 #vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup #bytea_output = 'hex' # hex, escape #xmlbinary = 'base64' #xmloption = 'content' @@ -573,7 +656,8 @@ timezone = 'Europe/Prague' # India # You can create your own file in # share/timezonesets/. -#extra_float_digits = 0 # min -15, max 3 +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode #client_encoding = sql_ascii # actually, defaults to database # encoding @@ -587,11 +671,16 @@ lc_time = 'C' # locale for time formatting # default configuration for text search default_text_search_config = 'pg_catalog.english' +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + # - Other Defaults - #dynamic_library_path = '$libdir' -#local_preload_libraries = '' -#session_preload_libraries = '' #------------------------------------------------------------------------------ @@ -610,14 +699,13 @@ default_text_search_config = 'pg_catalog.english' #------------------------------------------------------------------------------ -# VERSION/PLATFORM COMPATIBILITY +# VERSION AND PLATFORM COMPATIBILITY #------------------------------------------------------------------------------ # - Previous PostgreSQL Versions - #array_nulls = on #backslash_quote = safe_encoding # on, off, or safe_encoding -#default_with_oids = off #escape_string_warning = on #lo_compat_privileges = off #operator_precedence_warning = off @@ -636,6 +724,9 @@ default_text_search_config = 'pg_catalog.english' #exit_on_error = off # terminate session on any error? #restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) #------------------------------------------------------------------------------ @@ -643,12 +734,13 @@ default_text_search_config = 'pg_catalog.english' #------------------------------------------------------------------------------ # These options allow settings to be loaded from files other than the -# default postgresql.conf. +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. -#include_dir = 'conf.d' # include files ending in '.conf' from - # directory 'conf.d' -#include_if_exists = 'exists.conf' # include file only if it exists -#include = 'special.conf' # include file +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file #------------------------------------------------------------------------------ diff --git a/extra/graveyard/ecogis/uninstall.sh b/extra/graveyard/ecogis/uninstall.sh new file mode 100755 index 0000000..82db9af --- /dev/null +++ b/extra/graveyard/ecogis/uninstall.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -ev + +# Remove persistent data +rm -rf "${VOLUMES_DIR}/ecogis" + +# Unregister application +vmmgr unregister-app ecogis diff --git a/extra/graveyard/sigmah/app b/extra/graveyard/sigmah/app new file mode 100644 index 0000000..7408c18 --- /dev/null +++ b/extra/graveyard/sigmah/app @@ -0,0 +1,28 @@ +{ + "version": "2.0.2-200403", + "meta": { + "title": "Sigmah", + "desc-cs": "Finanční řízení sbírek", + "desc-en": "Donation management", + "license": "GPL" + }, + "containers": { + "sigmah": { + "image": "sigmah_2.0.2-200403", + "depends": [ + "sigmah-postgres" + ], + "mounts": { + "sigmah/sigmah_conf/persistence.xml": "srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml:file", + "sigmah/sigmah_conf/sigmah.properties": "srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties:file", + "sigmah/sigmah_data": "srv/sigmah" + } + }, + "sigmah-postgres": { + "image": "postgres_12.2.0-200403", + "mounts": { + "sigmah/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/sigmah/lxcfile b/extra/graveyard/sigmah/image similarity index 51% rename from lxc-apps/sigmah/lxcfile rename to extra/graveyard/sigmah/image index a55c824..73422e3 100644 --- a/lxc-apps/sigmah/lxcfile +++ b/extra/graveyard/sigmah/image @@ -1,8 +1,5 @@ -IMAGE sigmah -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat8.5 -LAYER sigmah/sigmah +IMAGE sigmah_2.0.2-200403 +FROM alpine3.11-tomcat8.5_8.5.53-200403 RUN EOF # Download Sigmah @@ -12,15 +9,13 @@ RUN EOF # Update Postgres JDBC driver rm /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar - wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-42.2.5.jar + wget https://jdbc.postgresql.org/download/postgresql-42.2.11.jar -O /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-42.2.11.jar # Remove logging config rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml - # Create OS user - addgroup -S -g 8011 sigmah - adduser -S -u 8011 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah - chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work + # Change webapps ownership + chown -R tomcat:tomcat /srv/tomcat/webapps # Download database files wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /srv/sigmah-MinimumDataKit.sql @@ -30,12 +25,8 @@ RUN EOF rm /tmp/sigmah.war EOF -COPY lxc +COPY image.d -MOUNT DIR /srv/sigmah/data srv/sigmah/data -MOUNT FILE /srv/sigmah/conf/persistence.xml srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml -MOUNT FILE /srv/sigmah/conf/sigmah.properties srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties - -USER 8011 8011 +USER tomcat WORKDIR /srv/tomcat -CMD catalina.sh run +CMD /usr/bin/catalina.sh run diff --git a/lxc-apps/sigmah/lxc/srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml b/extra/graveyard/sigmah/image.d/srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml similarity index 100% rename from lxc-apps/sigmah/lxc/srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml rename to extra/graveyard/sigmah/image.d/srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml diff --git a/extra/graveyard/sigmah/install.sh b/extra/graveyard/sigmah/install.sh new file mode 100755 index 0000000..1891fe1 --- /dev/null +++ b/extra/graveyard/sigmah/install.sh @@ -0,0 +1,52 @@ +#!/bin/sh +set -ev + +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/sigmah/postgres_data" +SIGMAH_DATA="${VOLUMES_DIR}/sigmah/sigmah_data" +SIGMAH_CONF="${VOLUMES_DIR}/sigmah/sigmah_conf" +SIGMAH_LAYER="${LAYERS_DIR}/sigmah_2.0.2-200403" + +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec sigmah-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf + +# Create database +export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +spoc-container start sigmah-postgres +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/sigmah/install/srv/sigmah/conf/persistence.xml b/extra/graveyard/sigmah/install/sigmah_conf/persistence.xml similarity index 98% rename from lxc-apps/sigmah/install/srv/sigmah/conf/persistence.xml rename to extra/graveyard/sigmah/install/sigmah_conf/persistence.xml index 8144a8a..575ff0f 100644 --- a/lxc-apps/sigmah/install/srv/sigmah/conf/persistence.xml +++ b/extra/graveyard/sigmah/install/sigmah_conf/persistence.xml @@ -13,7 +13,7 @@ - + diff --git a/lxc-apps/sigmah/install/srv/sigmah/conf/sigmah.properties b/extra/graveyard/sigmah/install/sigmah_conf/sigmah.properties similarity index 86% rename from lxc-apps/sigmah/install/srv/sigmah/conf/sigmah.properties rename to extra/graveyard/sigmah/install/sigmah_conf/sigmah.properties index 14ea4ce..86c5124 100644 --- a/lxc-apps/sigmah/install/srv/sigmah/conf/sigmah.properties +++ b/extra/graveyard/sigmah/install/sigmah_conf/sigmah.properties @@ -10,10 +10,10 @@ # -- # Root directory name where files are stored. -files.repository.name=/srv/sigmah/data/files +files.repository.name=/srv/sigmah/files # Root directory name where backup archives are stored. -archives.repository.name=/srv/sigmah/data/archives/ +archives.repository.name=/srv/sigmah/archives #Maximum size of the uploaded files (bytes) files.upload.maxSize=20971520 diff --git a/extra/graveyard/sigmah/install/update-conf.sh b/extra/graveyard/sigmah/install/update-conf.sh new file mode 100755 index 0000000..5a702dc --- /dev/null +++ b/extra/graveyard/sigmah/install/update-conf.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# Volumes +SIGMAH_CONF="${VOLUMES_DIR}/sigmah/sigmah_conf" + +# Replacements +sed -i "s|\(^mail\.from\.address=\).*|\1${EMAIL}|" ${SIGMAH_CONF}/sigmah.properties +sed -i "s|\(^mail\.support\.to=\).*|\1${EMAIL}|" ${SIGMAH_CONF}/sigmah.properties +sed -i "s|\(^maps\.key=\).*|\1${GMAPS_API_KEY}|" ${SIGMAH_CONF}/sigmah.properties diff --git a/extra/graveyard/sigmah/uninstall.sh b/extra/graveyard/sigmah/uninstall.sh new file mode 100755 index 0000000..1e032fd --- /dev/null +++ b/extra/graveyard/sigmah/uninstall.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -ev + +# Remove persistent data +rm -rf "${VOLUMES_DIR}/sigmah" + +# Unregister application +vmmgr unregister-app sigmah diff --git a/extra/frontlinesms-lang-js.py b/extra/helpers/frontlinesms-lang-js.py similarity index 100% rename from extra/frontlinesms-lang-js.py rename to extra/helpers/frontlinesms-lang-js.py diff --git a/extra/sahana-lang-csv.py b/extra/helpers/sahana-lang-csv.py similarity index 100% rename from extra/sahana-lang-csv.py rename to extra/helpers/sahana-lang-csv.py diff --git a/extra/myip.php b/extra/www/myip.php similarity index 94% rename from extra/myip.php rename to extra/www/myip.php index 5e172e8..439471b 100644 --- a/extra/myip.php +++ b/extra/www/myip.php @@ -1,2 +1,2 @@ ->/usr/lib/python2.7/site-packages/requests/cacert.pem -/bin/cat /etc/ssl/services.pem >>/usr/lib/python2.7/site-packages/certifi/cacert.pem diff --git a/lxc-apps/ckan-datapusher/meta b/lxc-apps/ckan-datapusher/meta deleted file mode 100644 index dfe0675..0000000 --- a/lxc-apps/ckan-datapusher/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Služba datového skladu pro extrakci dat", - "desc-en": "Data store data extraction service", - "lxcpath": "ckan-datapusher", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7"] -} diff --git a/lxc-apps/ckan-datapusher/uninstall.sh b/lxc-apps/ckan-datapusher/uninstall.sh deleted file mode 100755 index 8f2de9e..0000000 --- a/lxc-apps/ckan-datapusher/uninstall.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/ckan-datapusher -rc-update -u diff --git a/lxc-apps/ckan/app b/lxc-apps/ckan/app new file mode 100644 index 0000000..320a7ae --- /dev/null +++ b/lxc-apps/ckan/app @@ -0,0 +1,50 @@ +{ + "version": "2.8.3-200403", + "meta": { + "title": "CKAN", + "desc-cs": "Datový sklad", + "desc-en": "Data store", + "license": "GPL" + }, + "containers": { + "ckan": { + "image": "ckan_2.8.3-200403", + "depends": [ + "ckan-datapusher", + "ckan-redis", + "ckan-solr", + "ckan-postgres" + ], + "mounts": { + "ckan/ckan_conf": "etc/ckan", + "ckan/ckan_data": "srv/ckan/storage" + } + }, + "ckan-datapusher": { + "image": "ckan-datapusher_0.0.16-200403", + "mounts": { + "ckan/datapusher_conf": "etc/ckan-datapusher", + "ckan/datapusher_data": "srv/ckan-datapusher/data" + } + }, + "ckan-redis": { + "image": "redis_5.0.7-200403", + "mounts": { + "ckan/redis_conf/redis.conf": "etc/redis.conf:file", + "ckan/redis_data": "var/lib/redis" + } + }, + "ckan-solr": { + "image": "solr6_6.5.1-200403", + "mounts": { + "ckan/solr_data": "var/lib/solr" + } + }, + "ckan-postgres": { + "image": "postgis_3.0.0-200403", + "mounts": { + "ckan/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/ckan-datapusher/lxcfile b/lxc-apps/ckan/ckan-datapusher.image similarity index 52% rename from lxc-apps/ckan-datapusher/lxcfile rename to lxc-apps/ckan/ckan-datapusher.image index fca383a..c4803cb 100644 --- a/lxc-apps/ckan-datapusher/lxcfile +++ b/lxc-apps/ckan/ckan-datapusher.image @@ -1,11 +1,10 @@ -IMAGE ckan-datapusher -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER ckan-datapusher/ckan-datapusher +IMAGE ckan-datapusher_0.0.16-200403 +FROM alpine3.10-python2.7_2.7.16-200403 +# Alpine 3.11 discontinued uwsgi-python2 module RUN EOF # Install runtime dependencies - apk --no-cache add libffi libressl uwsgi-python + apk --no-cache add libffi uwsgi-python # Install build dependencies apk --no-cache add --virtual .deps build-base git libffi-dev libressl-dev libxml2-dev libxslt-dev py2-pip python2-dev @@ -14,15 +13,19 @@ RUN EOF mkdir -p /srv/ckan-datapusher cd /srv/ckan-datapusher pip install -U setuptools - pip install -e 'git+https://github.com/ckan/datapusher.git#egg=datapusher' + pip install -e 'git+https://github.com/ckan/datapusher.git@e662e3c33e069ac174cdb4fb1d61121f0ba4bb3a#egg=datapusher' # Hackfix the X509_STORE_CTX wrapper sed -i 's/\[security\]//' /srv/ckan-datapusher/src/datapusher/requirements.txt pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt + # Hackfix werkzeug==1.0.0 proxy_fix import + # https://github.com/ckan/ckan-service-provider/pull/49 + sed -i 's/werkzeug\.contrib\.fixers/werkzeug.middleware.proxy_fix/' /usr/lib/python2.7/site-packages/ckanserviceprovider/web.py + # Create OS user - addgroup -S -g 8004 ckandp - adduser -S -u 8004 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp + addgroup -S -g 8080 ckandp + adduser -S -u 8080 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp chown -R ckandp:ckandp /srv/ckan-datapusher # Cleanup @@ -31,10 +34,6 @@ RUN EOF rm -rf /root/.cache EOF -COPY lxc +COPY ckan-datapusher.image.d -MOUNT FILE /etc/ssl/services.pem etc/ssl/services.pem -MOUNT DIR /srv/ckan-datapusher/conf etc/ckan-datapusher -MOUNT DIR /srv/ckan-datapusher/data srv/ckan-datapusher/data - -CMD execlineb -P /run +CMD /bin/execlineb -P /run diff --git a/lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert b/lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert new file mode 100755 index 0000000..49cd105 --- /dev/null +++ b/lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert @@ -0,0 +1,13 @@ +#!/usr/bin/python + +import ssl + +with open('/etc/ckan-datapusher/add-ca-cert.env') as f: + env = dict(tuple(line.split('=')) for line in f.read().splitlines()) + +cert = ssl.get_server_certificate((env['HOST'], env['PORT'])) +with open('/usr/lib/python2.7/site-packages/requests/cacert.pem', 'a') as f: + f.write(cert) + +with open('/usr/lib/python2.7/site-packages/certifi/cacert.pem', 'a') as f: + f.write(cert) diff --git a/lxc-apps/ckan-datapusher/lxc/run b/lxc-apps/ckan/ckan-datapusher.image.d/run old mode 100644 new mode 100755 similarity index 82% rename from lxc-apps/ckan-datapusher/lxc/run rename to lxc-apps/ckan/ckan-datapusher.image.d/run index b6b51f8..93317c0 --- a/lxc-apps/ckan-datapusher/lxc/run +++ b/lxc-apps/ckan/ckan-datapusher.image.d/run @@ -1,5 +1,5 @@ #!/bin/execlineb -P -foreground { add-ca-cert } +foreground { /bin/add-ca-cert } s6-setuidgid ckandp uwsgi --plugin python --http-socket 0.0.0.0:8080 --wsgi-file /etc/ckan-datapusher/datapusher.wsgi --enable-threads diff --git a/lxc-apps/ckan/lxcfile b/lxc-apps/ckan/ckan.image similarity index 70% rename from lxc-apps/ckan/lxcfile rename to lxc-apps/ckan/ckan.image index 95175bb..8093d4b 100644 --- a/lxc-apps/ckan/lxcfile +++ b/lxc-apps/ckan/ckan.image @@ -1,24 +1,19 @@ -IMAGE ckan -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER ckan/ckan +IMAGE ckan_2.8.3-200403 +FROM alpine3.11-python2.7_2.7.16-200403 RUN EOF # Install runtime dependencies - apk --no-cache add geos@vm libjpeg-turbo libmagic libpq mailcap py2-pip zlib + apk --no-cache add geos libjpeg-turbo libmagic libpq mailcap py2-pip zlib # Install build dependencies apk --no-cache add --virtual .deps build-base git libjpeg-turbo-dev libxml2-dev libxslt-dev postgresql-dev python2-dev zlib-dev - # Hackfix for python find_library('c') call - ln -s /lib/ld-musl-x86_64.so.1 /lib/libc.so.1 - # Install CKAN mkdir -p /srv/ckan cd /srv/ckan pip install -U setuptools pip install flask-debugtoolbar - pip install -e 'git+https://github.com/ckan/ckan.git#egg=ckan' + pip install -e 'git+https://github.com/ckan/ckan.git@8e1cc60b2fa11da6843051678b7ee2cc08c2a7a9#egg=ckan' pip install -r /srv/ckan/src/ckan/requirements.txt # Install CKAN extensions @@ -33,9 +28,13 @@ RUN EOF pip install -r /srv/ckan/src/ckanext-geoview/pip-requirements.txt pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt + # Hackfix support for PostgreSQL 12 + # https://github.com/sqlalchemy/sqlalchemy/issues/4463 + sed -i 's/cons\.consrc/pg_get_constraintdef(cons.oid)/' /usr/lib/python2.7/site-packages/sqlalchemy/dialects/postgresql/base.py + # Create OS user - addgroup -S -g 8003 ckan - adduser -S -u 8003 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan + addgroup -S -g 8080 ckan + adduser -S -u 8080 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan chown -R ckan:ckan /srv/ckan # Cleanup @@ -44,8 +43,6 @@ RUN EOF rm -rf /root/.cache EOF -MOUNT DIR /srv/ckan/conf etc/ckan -MOUNT DIR /srv/ckan/data srv/ckan/storage +COPY ckan.image.d -USER 8003 8003 -CMD paster serve /etc/ckan/ckan.ini +CMD /bin/s6-svscan /etc/services.d diff --git a/lxc-apps/ckan/ckan.image.d/etc/crontabs/ckan b/lxc-apps/ckan/ckan.image.d/etc/crontabs/ckan new file mode 100644 index 0000000..92f3f37 --- /dev/null +++ b/lxc-apps/ckan/ckan.image.d/etc/crontabs/ckan @@ -0,0 +1,2 @@ +0 * * * * paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null +0 * * * * paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null diff --git a/lxc-apps/ckan/ckan.image.d/etc/services.d/.s6-svscan/finish b/lxc-apps/ckan/ckan.image.d/etc/services.d/.s6-svscan/finish new file mode 100755 index 0000000..919ec2b --- /dev/null +++ b/lxc-apps/ckan/ckan.image.d/etc/services.d/.s6-svscan/finish @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +foreground { s6-svwait -d -t 3000 ckan } +foreground { s6-svwait -d -t 3000 cron } diff --git a/lxc-apps/ckan/ckan.image.d/etc/services.d/ckan/run b/lxc-apps/ckan/ckan.image.d/etc/services.d/ckan/run new file mode 100755 index 0000000..1b955e4 --- /dev/null +++ b/lxc-apps/ckan/ckan.image.d/etc/services.d/ckan/run @@ -0,0 +1,5 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +s6-setuidgid ckan +paster serve /etc/ckan/ckan.ini diff --git a/lxc-apps/ckan/ckan.image.d/etc/services.d/cron/run b/lxc-apps/ckan/ckan.image.d/etc/services.d/cron/run new file mode 100755 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/ckan/ckan.image.d/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index 41e3d4a..5719589 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -1,66 +1,82 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/ckan/postgres_data" +REDIS_CONF="${VOLUMES_DIR}/ckan/redis_conf" +REDIS_DATA="${VOLUMES_DIR}/ckan/redis_data" +SOLR_DATA="${VOLUMES_DIR}/ckan/solr_data" +SOLR_LAYER="${LAYERS_DIR}/solr6_6.5.1-200403" +DATAPUSHER_CONF="${VOLUMES_DIR}/ckan/datapusher_conf" +DATAPUSHER_DATA="${VOLUMES_DIR}/ckan/datapusher_data" +CKAN_CONF="${VOLUMES_DIR}/ckan/ckan_conf" +CKAN_DATA="${VOLUMES_DIR}/ckan/ckan_data" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1 -[ ! -e /run/openrc/started/solr ] && service solr start && STOP_SOLR=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec ckan-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf # Create database export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/ckan/conf/ckan.ini -cp srv/ckan/conf/who.ini /srv/ckan/conf/who.ini -chown -R 8003:8003 /srv/ckan/data - -# Set "production values" (increases performance) only if the DEBUG environment variable is not set -if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/debug = true/debug = false/' /srv/ckan/conf/ckan.ini -fi +envsubst #package_new_return_url = http://another.frontend/dataset/ -#ckan.recaptcha.version = 1 #ckan.recaptcha.publickey = #ckan.recaptcha.privatekey = #licenses_group_url = http://licenses.opendefinition.org/licenses/groups/ckan.json @@ -172,6 +171,11 @@ ckan.storage_path = /srv/ckan/storage ckan.max_resource_size = 100 ckan.max_image_size = 10 +## Webassets Settings +#ckan.webassets.use_x_sendfile = false +#ckan.webassets.path = /var/lib/ckan/webassets + + ## Datapusher settings # Make sure you have set up the DataStore @@ -204,7 +208,10 @@ smtp.starttls = False #smtp.user = username@example.com #smtp.password = your_password smtp.mail_from = admin@example.com +#smtp.reply_to = +## Background Job Settings +ckan.jobs.timeout = 180 ## Logging configuration [loggers] diff --git a/lxc-apps/ckan/install/srv/ckan/conf/who.ini b/lxc-apps/ckan/install/ckan_conf/who.ini similarity index 100% rename from lxc-apps/ckan/install/srv/ckan/conf/who.ini rename to lxc-apps/ckan/install/ckan_conf/who.ini diff --git a/lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env b/lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env new file mode 100644 index 0000000..41eb4d4 --- /dev/null +++ b/lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env @@ -0,0 +1,2 @@ +HOST=ckan.spotter.vm +PORT=443 diff --git a/lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/conf/datapusher.wsgi b/lxc-apps/ckan/install/datapusher_conf/datapusher.wsgi similarity index 100% rename from lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/conf/datapusher.wsgi rename to lxc-apps/ckan/install/datapusher_conf/datapusher.wsgi diff --git a/lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/conf/datapusher_settings.py b/lxc-apps/ckan/install/datapusher_conf/datapusher_settings.py similarity index 100% rename from lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/conf/datapusher_settings.py rename to lxc-apps/ckan/install/datapusher_conf/datapusher_settings.py diff --git a/lxc-apps/ckan/install/etc/init.d/ckan b/lxc-apps/ckan/install/etc/init.d/ckan deleted file mode 100755 index 5f3f581..0000000 --- a/lxc-apps/ckan/install/etc/init.d/ckan +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="CKAN container" - -depend() { - need ckan-datapusher postgres redis solr -} - -start() { - lxc-start ckan -} - -start_post() { - vmmgr register-proxy ckan -} - -stop_pre() { - vmmgr unregister-proxy ckan -} - -stop() { - lxc-stop ckan -} diff --git a/lxc-apps/ckan/install/etc/periodic/hourly/ckan b/lxc-apps/ckan/install/etc/periodic/hourly/ckan deleted file mode 100755 index 5c58ed5..0000000 --- a/lxc-apps/ckan/install/etc/periodic/hourly/ckan +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -if [ -e /run/openrc/started/ckan ]; then - lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null - lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null -fi diff --git a/lxc-apps/ckan/install/postgres_data/pg_hba.conf b/lxc-apps/ckan/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/ckan/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/ckan/install/postgres_data/postgresql.conf b/lxc-apps/ckan/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..93e2206 --- /dev/null +++ b/lxc-apps/ckan/install/postgres_data/postgresql.conf @@ -0,0 +1,750 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP settings - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + +# - Archive Recovery - + +# These are only used in recovery mode. + +#restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#primary_conninfo = '' # connection string to sending server + # (change requires restart) +#primary_slot_name = '' # replication slot on sending server + # (change requires restart) +#promote_trigger_file = '' # file name whose presence ends recovery +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-services/redis/install/srv/redis/conf/redis.conf b/lxc-apps/ckan/install/redis_conf/redis.conf similarity index 99% rename from lxc-services/redis/install/srv/redis/conf/redis.conf rename to lxc-apps/ckan/install/redis_conf/redis.conf index 91176d1..f9c113b 100644 --- a/lxc-services/redis/install/srv/redis/conf/redis.conf +++ b/lxc-apps/ckan/install/redis_conf/redis.conf @@ -191,7 +191,7 @@ databases 16 # # However it is possible to force the pre-4.0 behavior and always show a # ASCII art logo in startup logs by setting the following option to yes. -always-show-logo yes +always-show-logo no ################################ SNAPSHOTTING ################################ # diff --git a/lxc-apps/ckan/install/srv/solr/data/ckan/conf/schema.xml b/lxc-apps/ckan/install/solr_data/ckan/conf/schema.xml similarity index 100% rename from lxc-apps/ckan/install/srv/solr/data/ckan/conf/schema.xml rename to lxc-apps/ckan/install/solr_data/ckan/conf/schema.xml diff --git a/lxc-apps/ckan/install/srv/solr/data/ckan/conf/solrconfig.xml b/lxc-apps/ckan/install/solr_data/ckan/conf/solrconfig.xml similarity index 100% rename from lxc-apps/ckan/install/srv/solr/data/ckan/conf/solrconfig.xml rename to lxc-apps/ckan/install/solr_data/ckan/conf/solrconfig.xml diff --git a/lxc-apps/ckan/install/solr_data/solr.xml b/lxc-apps/ckan/install/solr_data/solr.xml new file mode 100644 index 0000000..68b15ba --- /dev/null +++ b/lxc-apps/ckan/install/solr_data/solr.xml @@ -0,0 +1,53 @@ + + + + + + + + + + ${host:} + ${jetty.port:8983} + ${hostContext:solr} + + ${genericCoreNodeNames:true} + + ${zkClientTimeout:30000} + ${distribUpdateSoTimeout:600000} + ${distribUpdateConnTimeout:60000} + ${zkCredentialsProvider:org.apache.solr.common.cloud.DefaultZkCredentialsProvider} + ${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider} + + + + + ${socketTimeout:600000} + ${connTimeout:60000} + + + diff --git a/lxc-apps/ckan/install/srv/ckan/update-conf.sh b/lxc-apps/ckan/install/srv/ckan/update-conf.sh deleted file mode 100755 index 49ae9b9..0000000 --- a/lxc-apps/ckan/install/srv/ckan/update-conf.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -HOST="${DOMAIN}" -[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}" -sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/conf/ckan.ini - -sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/conf/ckan.ini -sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/conf/ckan.ini diff --git a/lxc-apps/ckan/install/update-conf.sh b/lxc-apps/ckan/install/update-conf.sh new file mode 100755 index 0000000..25c2ed4 --- /dev/null +++ b/lxc-apps/ckan/install/update-conf.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# Volumes +DATAPUSHER_CONF="${VOLUMES_DIR}/ckan/datapusher_conf" +CKAN_CONF="${VOLUMES_DIR}/ckan/ckan_conf" + +# Variables +HTTP_HOST="${HOST}" +[ "${PORT}" != "443" ] && HTTP_HOST="${HTTP_HOST}:${PORT}" + +# Replacements +sed -i "s|\(^ckan\.site_url = \).*|\1https://${HTTP_HOST}|" ${CKAN_CONF}/ckan.ini +sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" ${CKAN_CONF}/ckan.ini +sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" ${CKAN_CONF}/ckan.ini + +cat <${DATAPUSHER_CONF}/add-ca-cert.env +HOST=${HOST} +PORT=${PORT} +EOF +sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" ${DATAPUSHER_CONF}/datapusher_settings.py diff --git a/lxc-apps/ckan/meta b/lxc-apps/ckan/meta deleted file mode 100644 index da7c74b..0000000 --- a/lxc-apps/ckan/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "CKAN", - "desc-cs": "Datový sklad", - "desc-en": "Data store", - "lxcpath": "ckan", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7", "ckan-datapusher", "postgres", "redis", "solr"] -} diff --git a/lxc-apps/ckan/uninstall.sh b/lxc-apps/ckan/uninstall.sh index 1454828..2b11215 100755 --- a/lxc-apps/ckan/uninstall.sh +++ b/lxc-apps/ckan/uninstall.sh @@ -1,27 +1,8 @@ #!/bin/sh set -ev -# Remove cronjob -rm -f /etc/periodic/hourly/ckan - -# Remove service -rm -f /etc/init.d/ckan -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS ckan; DROP DATABASE IF EXISTS ckan_datastore; DROP ROLE IF EXISTS ckan; DROP ROLE IF EXISTS ckan_datastore;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Remove redis data -[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1 -lxc-attach redis -- redis-cli -n 0 flushdb -[ ! -z ${STOP_REDIS} ] && service redis stop - -# Remove solr core -[ -e /run/openrc/started/solr ] && service solr stop && START_SOLR=1 -rm -rf /srv/solr/data/ckan -[ ! -z ${START_SOLR} ] && service solr start +# Remove persistent data +rm -rf "${VOLUMES_DIR}/ckan" # Unregister application vmmgr unregister-app ckan diff --git a/lxc-apps/crisiscleanup/app b/lxc-apps/crisiscleanup/app new file mode 100644 index 0000000..f6eab0d --- /dev/null +++ b/lxc-apps/crisiscleanup/app @@ -0,0 +1,26 @@ +{ + "version": "2.2.0-200403", + "meta": { + "title": "Crisis Cleanup", + "desc-cs": "Mapování následků katastrof", + "desc-en": "Disaster relief mapping", + "license": "GPL" + }, + "containers": { + "crisiscleanup": { + "image": "crisiscleanup_2.2.0-200403", + "depends": [ + "crisiscleanup-postgres" + ], + "mounts": { + "crisiscleanup/cc_conf": "srv/crisiscleanup/config" + } + }, + "crisiscleanup-postgres": { + "image": "postgres_12.2.0-200403", + "mounts": { + "crisiscleanup/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/crisiscleanup/lxcfile b/lxc-apps/crisiscleanup/image similarity index 57% rename from lxc-apps/crisiscleanup/lxcfile rename to lxc-apps/crisiscleanup/image index 93a6c3c..32edcaf 100644 --- a/lxc-apps/crisiscleanup/lxcfile +++ b/lxc-apps/crisiscleanup/image @@ -1,25 +1,23 @@ -IMAGE crisiscleanup -LAYER shared/alpine3.8 -LAYER shared/alpine3.8-ruby2.4 -LAYER shared/alpine3.8-nodejs8 -LAYER crisiscleanup/crisiscleanup - -FIXLAYER /usr/bin/fix-apk +IMAGE crisiscleanup_2.2.0-200403 +FROM alpine3.8-ruby2.4_2.4.9-200403 +# yarn dependencies installation fails on nodejs>8 ENV RAILS_ENV production RUN EOF # Install runtime dependencies - apk --no-cache add libpq tzdata + apk --no-cache add libpq nodejs tzdata # Install build dependencies apk --no-cache add --virtual .deps build-base git libxml2-dev libxslt-dev linux-headers npm postgresql-dev yarn zlib-dev # Clone CrisisCleanup - git clone --depth 1 https://github.com/CrisisCleanup/crisiscleanup /srv/crisiscleanup + git clone https://github.com/CrisisCleanup/crisiscleanup-2 /srv/crisiscleanup + git -C /srv/crisiscleanup checkout e362761e67e835d46c36073de1f95803737d1d29 # Hackfix ruby dependency versions - sed -i 's/2\.4\.4/2.4.5/' /srv/crisiscleanup/Gemfile + sed -i 's/ruby "2\.4\.4"/ruby "2.4.9"/' /srv/crisiscleanup/Gemfile + gem install bundler:1.16.6 # Install Ruby and NodeJS dependencies cd /srv/crisiscleanup @@ -28,27 +26,25 @@ RUN EOF npm install yarn - # Create CrisisCleanup secret + # Create dummy CrisisCleanup secret echo -e "production:\n secret_key_base: $(rake secret)" >/srv/crisiscleanup/config/secrets.yml # Generate static resources rake assets:precompile # Create OS user - addgroup -S -g 8005 cc - adduser -S -u 8005 -h /srv/crisiscleanup -s /bin/false -g cc -G cc cc + addgroup -S -g 8080 cc + adduser -S -u 8080 -h /srv/crisiscleanup -s /bin/false -g cc -G cc cc chown -R cc:cc /srv/crisiscleanup # Cleanup apk --no-cache del .deps find /srv/crisiscleanup -name '.git*' -exec rm -rf {} + rm -rf /usr/local/share/.cache - rm -rf /root/.bundle /root/.config /root/.npm + rm -rf /.bundle /root/.config /root/.npm EOF -MOUNT DIR /srv/crisiscleanup/conf srv/crisiscleanup/config - -USER 8005 8005 +USER cc WORKDIR /srv/crisiscleanup -CMD rails server +CMD /usr/local/bin/rails server HALT SIGTERM diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh index 5f6b5ad..1b826fc 100755 --- a/lxc-apps/crisiscleanup/install.sh +++ b/lxc-apps/crisiscleanup/install.sh @@ -1,43 +1,44 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/crisiscleanup/postgres_data" +CC_CONF="${VOLUMES_DIR}/crisiscleanup/cc_conf" +CC_LAYER="${LAYERS_DIR}/crisiscleanup_2.2.0-200403" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec crisiscleanup-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf # Create database export CRISISCLEANUP_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/crisiscleanup/conf/database.yml -cp srv/crisiscleanup/conf/boot.rb /srv/crisiscleanup/conf/boot.rb -cp srv/crisiscleanup/conf/initializers/devise.rb /srv/crisiscleanup/conf/initializers/devise.rb -cp srv/crisiscleanup/conf/environments/production.rb /srv/crisiscleanup/conf/environments/production.rb +export CRISISCLEANUP_SECRET=$(spoc-container exec crisiscleanup -- rake secret) +envsubst /var/lib/lxc/crisiscleanup/crisiscleanup/srv/crisiscleanup/db/seeds.rb -lxc-execute crisiscleanup -- rake db:schema:load -lxc-execute crisiscleanup -- rake db:seed - -# Install service -cp etc/init.d/crisiscleanup /etc/init.d/crisiscleanup -rc-update -u - -# Install config update script -cp srv/crisiscleanup/update-conf.sh /srv/crisiscleanup/update-conf.sh +spoc-container exec crisiscleanup -- rake db:schema:load +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/db/seeds.rb b/lxc-apps/crisiscleanup/install/srv/crisiscleanup/db/seeds.rb deleted file mode 100644 index 6332e0b..0000000 --- a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/db/seeds.rb +++ /dev/null @@ -1,23 +0,0 @@ -Form.create!([ - {legacy_event_id: 1, html: "\r\n

Demo Waiting List: Enter property damage and needs. No sensitive information! Tell the client this information will be shared with many organizations to provide service as fast as possible, which may be several weeks. Service is not guaranteed.

\r\n\r\n
\r\n
\r\n

Property and Personal Information Crisis Cleanup is about property, not people.
Never include SSNs, FEMA numbers, dates of birth, detailed medical information, etc.\">

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Work help@crisiscleanup.org to request another question. Be sure to include the incident name.\">

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Debris
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Structural Issues
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Tree Work
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Feeding Unit
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Hazards

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Claim, Status and Report

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Other Information

\r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n"} -]) -Legacy::LegacyContact.create!([ - {email: "demo@crisiscleanup.org", first_name: "Demo", last_name: "User", legacy_organization_id: 2, is_primary: false, phone: "(555) 555-5555", appengine_key: nil, title: nil, organizational_title: nil} -]) -Legacy::LegacyEvent.create!([ - {case_label: "A", counties: [], name: "Demo Incident", short_name: "demo", created_date: "2016-05-31", start_date: "2016-05-31", end_date: nil, num_sites: nil, reminder_contents: "", reminder_days: nil, timestamp_last_login: nil, appengine_key: nil} -]) -Legacy::LegacyOrganization.create!([ - {activate_by: nil, activated_at: nil, activation_code: nil, address: "", admin_notes: nil, city: "", deprecated: false, email: "", facebook: "", is_active: true, is_admin: true, latitude: nil, longitude: nil, name: "Admin Org", not_an_org: false, only_session_authentication: false, org_verified: true, password: nil, permissions: nil, phone: nil, physical_presence: nil, publish: nil, reputable: nil, state: "", terms_privacy: nil, timestamp_login: nil, timestamp_signup: nil, twitter: "", url: "", voad_referral: nil, work_area: nil, zip_code: "", voad_member: nil, mold_treatment: nil, tree_removal: nil, design: nil, replace_appliances: nil, canvass: nil, sanitizing: nil, exterior_debris: nil, water_pumping: nil, appropriate_work: nil, reconstruction: nil, interior_debris: nil, assessment: nil, muck_out: nil, permission: nil, refurbishing: nil, clean_up: nil, mold_abatement: nil, permits: nil, replace_furniture: nil, gutting: nil, number_volunteers: nil, primary_contact_email: nil, voad_member_url: nil, appengine_key: nil, referral: "", publishable: false, _password_hash_list: nil, does_damage_assessment: false, does_intake_assessment: nil, does_cleanup: false, does_follow_up: false, does_minor_repairs: false, does_rebuilding: false, does_coordination: false, government: false, does_other_activity: false, where_are_you_working: "", accepted_terms: true, accepted_terms_timestamp: "2017-09-18 20:46:30", review_other_organizations: false, situational_awareness: nil, does_recovery: nil, does_only_coordination: nil, does_only_sit_aware: nil, does_something_else: nil}, - {activate_by: nil, activated_at: nil, activation_code: nil, address: "", admin_notes: nil, city: "", deprecated: false, email: "", facebook: "", is_active: false, is_admin: false, latitude: nil, longitude: nil, name: "Demo Org", not_an_org: true, only_session_authentication: false, org_verified: false, password: nil, permissions: nil, phone: nil, physical_presence: nil, publish: nil, reputable: nil, state: "", terms_privacy: nil, timestamp_login: nil, timestamp_signup: nil, twitter: "", url: "", voad_referral: nil, work_area: nil, zip_code: "", voad_member: nil, mold_treatment: nil, tree_removal: nil, design: nil, replace_appliances: nil, canvass: nil, sanitizing: nil, exterior_debris: nil, water_pumping: nil, appropriate_work: nil, reconstruction: nil, interior_debris: nil, assessment: nil, muck_out: nil, permission: nil, refurbishing: nil, clean_up: nil, mold_abatement: nil, permits: nil, replace_furniture: nil, gutting: nil, number_volunteers: nil, primary_contact_email: nil, voad_member_url: nil, appengine_key: nil, referral: "", publishable: false, _password_hash_list: nil, does_damage_assessment: true, does_intake_assessment: nil, does_cleanup: true, does_follow_up: true, does_minor_repairs: true, does_rebuilding: true, does_coordination: true, government: true, does_other_activity: true, where_are_you_working: "Houston", accepted_terms: true, accepted_terms_timestamp: "2017-09-18 20:46:30", review_other_organizations: true, situational_awareness: nil, does_recovery: nil, does_only_coordination: nil, does_only_sit_aware: nil, does_something_else: nil} -]) -Legacy::LegacyOrganizationEvent.create!([ - {legacy_organization_id: 1, legacy_event_id: 1}, - {legacy_organization_id: 2, legacy_event_id: 1} -]) -Legacy::LegacySite.create!([ - {address: "200 Epcot Center Drive", blurred_latitude: 28.3849506927356, blurred_longitude: -81.5443968549352, case_number: "A7", city: "Orlando", claimed_by: 2, legacy_event_id: 1, latitude: 28.383045, longitude: -81.5485919, name: "Timothy Schmidt", phone1: "1234567890", reported_by: 2, requested_at: nil, state: "Florida", status: "Open, unassigned", work_type: "Debris", data: {"email"=>"", "notes"=>"", "habitable"=>"n", "assigned_to"=>"", "electricity"=>"n", "prepared_by"=>"", "rent_or_own"=>"", "unsafe_roof"=>"n", "cross_street"=>"", "status_notes"=>"", "time_to_call"=>"", "older_than_60"=>"n", "other_hazards"=>"", "roof_collapse"=>"n", "special_needs"=>"", "num_trees_down"=>"0", "num_wide_trees"=>"0", "chainsaw_needed"=>"n", "first_responder"=>"n", "autofill_disable"=>"", "electrical_lines"=>"n", "total_volunteers"=>"", "destruction_level"=>"", "meal_location_poc"=>"", "do_not_work_before"=>"", "meal_serving_times"=>"", "structural_problems"=>"n", "required_daily_meals"=>"", "work_without_resident"=>"n", "interior_debris_removal"=>"n", "unsalvageable_structure"=>"n", "heavy_machinary_required"=>"n", "vegitative_debris_removal"=>"n", "hours_worked_per_volunteer"=>"", "initials_of_resident_present"=>"", "nonvegitative_debris_removal"=>"n", "member_of_assessing_organization"=>"n"}, request_date: "2017-09-18", appengine_key: nil, zip_code: "32821", county: "Orange County", phone2: "", work_requested: "", name_metaphone: "TM0 SXMTT", city_metaphone: "ORLNT", county_metaphone: "ORNJ KNT", address_metaphone: " EPKT SNTR TRF", user_id: 2} -]) -User.create!([ - {email: "${CRISISCLEANUP_ADMIN_EMAIL}", password: "${CRISISCLEANUP_ADMIN_PWD}", name: "${CRISISCLEANUP_ADMIN_USER}", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, sign_in_count: 1, legacy_organization_id: 1, current_sign_in_at: "2016-07-15 03:45:59", last_sign_in_at: "2016-06-08 16:56:37", current_sign_in_ip: "1.1.1.1", last_sign_in_ip: "173.164.56.105", referring_user_id: nil, admin: true, role: nil, mobile: nil, accepted_terms: true, accepted_terms_timestamp: "2017-09-18 20:46:31", title: nil} -]) diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/update-conf.sh b/lxc-apps/crisiscleanup/install/srv/crisiscleanup/update-conf.sh deleted file mode 100755 index 744fc35..0000000 --- a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/update-conf.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -sed -i "s|\(^ config\.mailer_sender = \).*|\1'${EMAIL}'|" /srv/crisiscleanup/conf/initializers/devise.rb -sed -i "s|\(^ENV['GOOGLE_MAPS_API_KEY'] = \).*|\1${GMAPS_API_KEY}|" /srv/crisiscleanup/conf/boot.rb diff --git a/lxc-apps/crisiscleanup/install/update-conf.sh b/lxc-apps/crisiscleanup/install/update-conf.sh new file mode 100755 index 0000000..5c2f336 --- /dev/null +++ b/lxc-apps/crisiscleanup/install/update-conf.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# Volumes +CC_CONF="${VOLUMES_DIR}/crisiscleanup/cc_conf" + +# Replacements +sed -i "s|\(^ config\.mailer_sender = \).*|\1'${EMAIL}'|" ${CC_CONF}/initializers/devise.rb +sed -i "s|\(^ENV['GOOGLE_MAPS_API_KEY'] = \).*|\1${GMAPS_API_KEY}|" ${CC_CONF}/boot.rb diff --git a/lxc-apps/crisiscleanup/meta b/lxc-apps/crisiscleanup/meta deleted file mode 100644 index 0dd212b..0000000 --- a/lxc-apps/crisiscleanup/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Crisis Cleanup", - "desc-cs": "Mapování následků katastrof", - "desc-en": "Disaster relief mapping", - "lxcpath": "crisiscleanup", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.8-ruby2.4", "alpine3.8-nodejs8", "postgres"] -} diff --git a/lxc-apps/crisiscleanup/uninstall.sh b/lxc-apps/crisiscleanup/uninstall.sh index bc943ab..1a27650 100755 --- a/lxc-apps/crisiscleanup/uninstall.sh +++ b/lxc-apps/crisiscleanup/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/crisiscleanup -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS crisiscleanup; DROP ROLE IF EXISTS crisiscleanup;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/crisiscleanup" # Unregister application vmmgr unregister-app crisiscleanup diff --git a/lxc-apps/cts/app b/lxc-apps/cts/app new file mode 100644 index 0000000..1f26d47 --- /dev/null +++ b/lxc-apps/cts/app @@ -0,0 +1,26 @@ +{ + "version": "0.8.0-200403", + "meta": { + "title": "CTS", + "desc-cs": "Sledovací systém komodit", + "desc-en": "Commodity tracking system", + "license": "GPL" + }, + "containers": { + "cts": { + "image": "cts_0.8.0-200403", + "depends": [ + "cts-postgres" + ], + "mounts": { + "cts/cts_conf": "srv/cts/cts/settings" + } + }, + "cts-postgres": { + "image": "postgis_3.0.0-200403", + "mounts": { + "cts/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/cts/lxcfile b/lxc-apps/cts/image similarity index 76% rename from lxc-apps/cts/lxcfile rename to lxc-apps/cts/image index d746230..7d64476 100644 --- a/lxc-apps/cts/lxcfile +++ b/lxc-apps/cts/image @@ -1,11 +1,9 @@ -IMAGE cts -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER cts/cts +IMAGE cts_0.8.0-200403 +FROM alpine3.11-python2.7_2.7.16-200403 RUN EOF # Install runtime dependencies - apk --no-cache add geos@vm libpq nginx zlib + apk --no-cache add geos libpq nginx zlib # Install build dependencies apk --no-cache add --virtual .deps build-base git postgresql-dev python2-dev py2-pip zlib-dev @@ -26,8 +24,8 @@ RUN EOF DJANGO_SETTINGS_MODULE=cts.settings.dev manage.py collectstatic -l --noinput # Create OS user - addgroup -S -g 8006 cts - adduser -S -u 8006 -h /srv/cts -s /bin/false -g cts -G cts cts + addgroup -S -g 8080 cts + adduser -S -u 8080 -h /srv/cts -s /bin/false -g cts -G cts cts chown -R cts:cts /srv/cts # Cleanup @@ -36,10 +34,8 @@ RUN EOF rm -rf /root/.cache EOF -COPY lxc - -MOUNT DIR /srv/cts/conf srv/cts/cts/settings +COPY image.d ENV DJANGO_SETTINGS_MODULE cts.settings.spotter WORKDIR /srv/cts -CMD s6-svscan /etc/services.d +CMD /bin/s6-svscan /etc/services.d diff --git a/lxc-apps/cts/lxc/etc/nginx/nginx.conf b/lxc-apps/cts/image.d/etc/nginx/nginx.conf similarity index 98% rename from lxc-apps/cts/lxc/etc/nginx/nginx.conf rename to lxc-apps/cts/image.d/etc/nginx/nginx.conf index 5333aad..c188871 100644 --- a/lxc-apps/cts/lxc/etc/nginx/nginx.conf +++ b/lxc-apps/cts/image.d/etc/nginx/nginx.conf @@ -15,6 +15,7 @@ http { server_tokens off; client_max_body_size 100m; sendfile on; + tcp_nodelay on; send_timeout 300; server { diff --git a/lxc-apps/cts/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/cts/image.d/etc/services.d/.s6-svscan/finish similarity index 100% rename from lxc-apps/cts/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/cts/image.d/etc/services.d/.s6-svscan/finish diff --git a/lxc-apps/cts/lxc/etc/services.d/cts/down-signal b/lxc-apps/cts/image.d/etc/services.d/cts/down-signal similarity index 87% rename from lxc-apps/cts/lxc/etc/services.d/cts/down-signal rename to lxc-apps/cts/image.d/etc/services.d/cts/down-signal index fc6cc59..d751378 100644 --- a/lxc-apps/cts/lxc/etc/services.d/cts/down-signal +++ b/lxc-apps/cts/image.d/etc/services.d/cts/down-signal @@ -1 +1 @@ -SIGINT +SIGINT diff --git a/lxc-apps/cts/lxc/etc/services.d/cts/run b/lxc-apps/cts/image.d/etc/services.d/cts/run similarity index 100% rename from lxc-apps/cts/lxc/etc/services.d/cts/run rename to lxc-apps/cts/image.d/etc/services.d/cts/run diff --git a/lxc-apps/ecogis/lxc/etc/services.d/nginx/run b/lxc-apps/cts/image.d/etc/services.d/nginx/run similarity index 100% rename from lxc-apps/ecogis/lxc/etc/services.d/nginx/run rename to lxc-apps/cts/image.d/etc/services.d/nginx/run diff --git a/lxc-apps/cts/install.sh b/lxc-apps/cts/install.sh index 3856667..0e91e57 100755 --- a/lxc-apps/cts/install.sh +++ b/lxc-apps/cts/install.sh @@ -1,48 +1,44 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/cts/postgres_data" +CTS_CONF="${VOLUMES_DIR}/cts/cts_conf" +CTS_LAYER="${LAYERS_DIR}/cts_0.8.0-200403" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec cts-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf # Create database export CTS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/cts/conf/spotter.py -touch /srv/cts/conf/__init__.py - -# Set "production values" (increases performance) only if the DEBUG environment variable is not set -if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/DEBUG = True/DEBUG = False/' /srv/cts/conf/spotter.py -fi +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/cts/install/srv/cts/update-conf.sh b/lxc-apps/cts/install/srv/cts/update-conf.sh deleted file mode 100755 index 9cea8da..0000000 --- a/lxc-apps/cts/install/srv/cts/update-conf.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -sed -i "s|\(^SERVER_EMAIL = \).*|\1'${EMAIL}'|" /srv/cts/conf/spotter.py diff --git a/lxc-apps/cts/install/update-conf.sh b/lxc-apps/cts/install/update-conf.sh new file mode 100755 index 0000000..2d8e28f --- /dev/null +++ b/lxc-apps/cts/install/update-conf.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Volumes +CTS_CONF="${VOLUMES_DIR}/cts/cts_conf" + +# Replacements +sed -i "s|\(^SERVER_EMAIL = \).*|\1'${EMAIL}'|" ${CTS_CONF}/spotter.py diff --git a/lxc-apps/cts/meta b/lxc-apps/cts/meta deleted file mode 100644 index df1550e..0000000 --- a/lxc-apps/cts/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "CTS", - "desc-cs": "Sledovací systém komodit", - "desc-en": "Commodity tracking system", - "lxcpath": "cts", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7", "postgres"] -} diff --git a/lxc-apps/cts/uninstall.sh b/lxc-apps/cts/uninstall.sh index 74bf4a0..cc6e34a 100755 --- a/lxc-apps/cts/uninstall.sh +++ b/lxc-apps/cts/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/cts -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS cts; DROP ROLE IF EXISTS cts;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/cts" # Unregister application vmmgr unregister-app cts diff --git a/lxc-apps/decidim/app b/lxc-apps/decidim/app new file mode 100644 index 0000000..d460d14 --- /dev/null +++ b/lxc-apps/decidim/app @@ -0,0 +1,28 @@ +{ + "version": "0.20.1-200403", + "meta": { + "title": "Decidim", + "desc-cs": "Platforma pro účast občanů", + "desc-en": "Platform for citizen participation", + "license": "GPL" + }, + "containers": { + "decidim": { + "image": "decidim_0.20.1-200403", + "depends": [ + "decidim-postgres" + ], + "mounts": { + "decidim/decidim_conf": "srv/decidim-app/config", + "decidim/decidim_data/storage": "srv/decidim-app/storage", + "decidim/decidim_data/uploads": "srv/decidim-app/public/uploads" + } + }, + "decidim-postgres": { + "image": "postgres_12.2.0-200403", + "mounts": { + "decidim/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/decidim/image b/lxc-apps/decidim/image new file mode 100644 index 0000000..ffbb200 --- /dev/null +++ b/lxc-apps/decidim/image @@ -0,0 +1,81 @@ +IMAGE decidim_0.20.1-200403 +FROM alpine3.11-ruby2.6_2.6.5-200403 + +# https://github.com/Platoniq/decidim-install/blob/master/decidim-bionic.md +# https://github.com/Platoniq/decidim-install/blob/master/basic-config.md + +ENV RAILS_ENV production + +RUN EOF + # Install runtime dependencies + apk --no-cache add curl imagemagick libpq nodejs pcre procps tzdata + + # Install build dependencies + apk --no-cache add --virtual .deps build-base curl-dev icu-dev libxml2-dev libxslt-dev linux-headers pcre-dev postgresql-dev zlib-dev + + # Install passenger + gem install passenger --no-document + + # Create OS user + addgroup -S -g 8080 decidim + adduser -S -u 8080 -h /srv/decidim-app -s /sbin/nologin -G decidim -g decidim decidim + + # Compile nginx + # taken from passenger-install-nginx-module + cd /tmp + wget https://nginx.org/download/nginx-1.17.3.tar.gz + tar xf nginx-1.17.3.tar.gz + cd nginx-1.17.3 + ./configure \ + --prefix=/var/lib/nginx \ + --sbin-path=/usr/sbin/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --pid-path=/run/nginx.pid \ + --lock-path=/run/nginx.lock \ + --user=decidim \ + --group=decidim \ + --with-threads \ + --with-file-aio \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_realip_module \ + --with-http_gzip_static_module \ + --with-http_stub_status_module \ + --with-http_addition_module \ + --with-cc-opt=-Wno-error \ + --add-module=/usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4/src/nginx_module + make -j $(getconf _NPROCESSORS_ONLN) + make install + rm -f /etc/nginx/*.default + + # Install Decidim + bundle config build.nokogiri --use-system-libraries + gem install bundler:1.17.3 + gem install decidim + cd /srv + decidim decidim-app +EOF + +COPY image.d + +RUN EOF + # Install gems required by decidim + cd /srv/decidim-app + bundle update + + # Setup delayed job for mail sending + bin/rails generate delayed_job:active_record + + # Precompile static assets + bin/rails assets:precompile + + # Change ownership + chown -R decidim:decidim /srv/decidim-app + + # Cleanup + apk --no-cache del .deps + rm -rf /tmp/* + rm -rf /.bundle /root/.gem +EOF + +CMD /bin/s6-svscan /etc/services.d diff --git a/lxc-apps/decidim/image.d/etc/crontabs/decidim b/lxc-apps/decidim/image.d/etc/crontabs/decidim new file mode 100644 index 0000000..9e13ea8 --- /dev/null +++ b/lxc-apps/decidim/image.d/etc/crontabs/decidim @@ -0,0 +1 @@ +*/5 * * * * [ -s /srv/decidim-app/tmp/pids/delayed_job.pid ] || RAILS_ENV=production /srv/decidim-app/bin/delayed_job start >/dev/null diff --git a/lxc-apps/decidim/image.d/etc/nginx/nginx.conf b/lxc-apps/decidim/image.d/etc/nginx/nginx.conf new file mode 100644 index 0000000..83fe181 --- /dev/null +++ b/lxc-apps/decidim/image.d/etc/nginx/nginx.conf @@ -0,0 +1,33 @@ +user decidim; +pid /run/nginx.pid; +worker_processes 1; +error_log /dev/stderr warn; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + access_log off; + server_tokens off; + client_max_body_size 100m; + sendfile on; + tcp_nodelay on; + send_timeout 300; + + passenger_root /usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4; + passenger_ruby /usr/local/bin/ruby; + + server { + listen 8080; + server_name localhost; + + passenger_enabled on; + rails_env production; + + root /srv/decidim-app/public; + } +} diff --git a/lxc-apps/decidim/image.d/etc/services.d/.s6-svscan/finish b/lxc-apps/decidim/image.d/etc/services.d/.s6-svscan/finish new file mode 100755 index 0000000..d042464 --- /dev/null +++ b/lxc-apps/decidim/image.d/etc/services.d/.s6-svscan/finish @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +foreground { s6-svwait -d -t 3000 cron } +foreground { s6-svwait -d -t 3000 nginx } diff --git a/lxc-apps/decidim/image.d/etc/services.d/cron/run b/lxc-apps/decidim/image.d/etc/services.d/cron/run new file mode 100755 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/decidim/image.d/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/kanboard/lxc/etc/services.d/nginx/run b/lxc-apps/decidim/image.d/etc/services.d/nginx/run similarity index 100% rename from lxc-apps/kanboard/lxc/etc/services.d/nginx/run rename to lxc-apps/decidim/image.d/etc/services.d/nginx/run diff --git a/lxc-apps/decidim/image.d/srv/decidim-app/Gemfile b/lxc-apps/decidim/image.d/srv/decidim-app/Gemfile new file mode 100644 index 0000000..9b40263 --- /dev/null +++ b/lxc-apps/decidim/image.d/srv/decidim-app/Gemfile @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +ruby RUBY_VERSION + +gem "decidim", "0.20.1" +# gem "decidim-consultations", "0.20.1" +# gem "decidim-initiatives", "0.20.1" + +gem "bootsnap", "~> 1.3" + +gem "puma", "~> 3.12.2" +gem "uglifier", "~> 4.1" + +gem "faker", "~> 1.9" + +group :development, :test do + gem "byebug", "~> 11.0", platform: :mri + + gem "decidim-dev", "0.20.1" +end + +group :development do + gem "letter_opener_web", "~> 1.3" + gem "listen", "~> 3.1" + gem "spring", "~> 2.0" + gem "spring-watcher-listen", "~> 2.0" + gem "web-console", "~> 3.5" +end + +gem "figaro" +group :production do + gem "passenger" + gem "delayed_job_active_record" + gem "daemons" +end diff --git a/lxc-apps/decidim/install.sh b/lxc-apps/decidim/install.sh new file mode 100755 index 0000000..c9219a3 --- /dev/null +++ b/lxc-apps/decidim/install.sh @@ -0,0 +1,46 @@ +#!/bin/sh +set -ev + +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/decidim/postgres_data" +DECIDIM_CONF="${VOLUMES_DIR}/decidim/decidim_conf" +DECIDIM_DATA="${VOLUMES_DIR}/decidim/decidim_data" +DECIDIM_LAYER="${LAYERS_DIR}/decidim_0.20.1-200403" + +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec decidim-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf + +# Create database +export DECIDIM_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +spoc-container start decidim-postgres +envsubst true) + # config.assets.css_compressor = :sass + + # Do not fallback to assets pipeline if a precompiled asset is missed. + config.assets.compile = false + + # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb + + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.action_controller.asset_host = 'http://assets.example.com' + + # Specifies the header that your server uses for sending files. + # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + + # Store uploaded files on the local file system (see config/storage.yml for options) + config.active_storage.service = :local + + # Mount Action Cable outside main process or domain + # config.action_cable.mount_path = nil + # config.action_cable.url = 'wss://example.com/cable' + # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + config.force_ssl = true + + # Use the lowest log level to ensure availability of diagnostic information + # when problems arise. + config.log_level = :info + + # Prepend all log lines with the following tags. + config.log_tags = [ :request_id ] + + # Use a different cache store in production. + # config.cache_store = :mem_cache_store + + # Use a real queuing backend for Active Job (and separate queues per environment) + # config.active_job.queue_adapter = :resque + # config.active_job.queue_name_prefix = "decidim-app_#{Rails.env}" + + config.action_mailer.perform_caching = false + + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. + # config.action_mailer.raise_delivery_errors = false + + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation cannot be found). + config.i18n.fallbacks = true + + # Send deprecation notices to registered listeners. + config.active_support.deprecation = :notify + + # Use default logging formatter so that PID and timestamp are not suppressed. + config.log_formatter = ::Logger::Formatter.new + config.action_mailer.smtp_settings = { + :address => Rails.application.secrets.smtp_address, + :port => Rails.application.secrets.smtp_port, + :authentication => Rails.application.secrets.smtp_authentication, + :user_name => Rails.application.secrets.smtp_username, + :password => Rails.application.secrets.smtp_password, + :domain => Rails.application.secrets.smtp_domain, + :enable_starttls_auto => Rails.application.secrets.smtp_starttls_auto, + :openssl_verify_mode => 'none' + } + + # Use a different logger for distributed setups. + # require 'syslog/logger' + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') + + if ENV["RAILS_LOG_TO_STDOUT"].present? + logger = ActiveSupport::Logger.new(STDOUT) + logger.formatter = config.log_formatter + config.logger = ActiveSupport::TaggedLogging.new(logger) + end + + # Do not dump schema after migrations. + config.active_record.dump_schema_after_migration = false +end diff --git a/lxc-apps/decidim/install/decidim_conf/initializers/decidim.rb b/lxc-apps/decidim/install/decidim_conf/initializers/decidim.rb new file mode 100644 index 0000000..9debe4e --- /dev/null +++ b/lxc-apps/decidim/install/decidim_conf/initializers/decidim.rb @@ -0,0 +1,128 @@ +# frozen_string_literal: true + +Decidim.configure do |config| + config.application_name = "Decidim" + config.mailer_sender = "admin@example.com" + + # Change these lines to set your preferred locales + config.default_locale = :cs + config.available_locales = [:cs, :sk, :en, :de, :fr, :es] + + # Geocoder configuration + # config.geocoder = { + # static_map_url: "https://image.maps.cit.api.here.com/mia/1.6/mapview", + # here_app_id: Rails.application.secrets.geocoder[:here_app_id], + # here_app_code: Rails.application.secrets.geocoder[:here_app_code] + # } + + # Custom resource reference generator method + # config.reference_generator = lambda do |resource, component| + # # Implement your custom method to generate resources references + # "1234-#{resource.id}" + # end + + # Currency unit + # config.currency_unit = "€" + + # The number of reports which an object can receive before hiding it + # config.max_reports_before_hiding = 3 + + # Custom HTML Header snippets + # + # The most common use is to integrate third-party services that require some + # extra JavaScript or CSS. Also, you can use it to add extra meta tags to the + # HTML. Note that this will only be rendered in public pages, not in the admin + # section. + # + # Before enabling this you should ensure that any tracking that might be done + # is in accordance with the rules and regulations that apply to your + # environment and usage scenarios. This component also comes with the risk + # that an organization's administrator injects malicious scripts to spy on or + # take over user accounts. + # + config.enable_html_header_snippets = false + + # SMS gateway configuration + # + # If you want to verify your users by sending a verification code via + # SMS you need to provide a SMS gateway service class. + # + # An example class would be something like: + # + # class MySMSGatewayService + # attr_reader :mobile_phone_number, :code + # + # def initialize(mobile_phone_number, code) + # @mobile_phone_number = mobile_phone_number + # @code = code + # end + # + # def deliver_code + # # Actual code to deliver the code + # true + # end + # end + # + # config.sms_gateway_service = "MySMSGatewayService" + + # Timestamp service configuration + # + # Provide a class to generate a timestamp for a document. The instances of + # this class are initialized with a hash containing the :document key with + # the document to be timestamped as value. The istances respond to a + # timestamp public method with the timestamp + # + # An example class would be something like: + # + # class MyTimestampService + # attr_accessor :document + # + # def initialize(args = {}) + # @document = args.fetch(:document) + # end + # + # def timestamp + # # Code to generate timestamp + # "My timestamp" + # end + # end + # + # config.timestamp_service = "MyTimestampService" + + # PDF signature service configuration + # + # Provide a class to process a pdf and return the document including a + # digital signature. The instances of this class are initialized with a hash + # containing the :pdf key with the pdf file content as value. The instances + # respond to a signed_pdf method containing the pdf with the signature + # + # An example class would be something like: + # + # class MyPDFSignatureService + # attr_accessor :pdf + # + # def initialize(args = {}) + # @pdf = args.fetch(:pdf) + # end + # + # def signed_pdf + # # Code to return the pdf signed + # end + # end + # + # config.pdf_signature_service = "MyPDFSignatureService" + + # Etherpad configuration + # + # Only needed if you want to have Etherpad integration with Decidim. See + # Decidim docs at docs/services/etherpad.md in order to set it up. + # + # config.etherpad = { + # server: Rails.application.secrets.etherpad[:server], + # api_key: Rails.application.secrets.etherpad[:api_key], + # api_version: Rails.application.secrets.etherpad[:api_version] + # } +end + +Rails.application.config.i18n.available_locales = Decidim.available_locales +Rails.application.config.i18n.default_locale = Decidim.default_locale diff --git a/lxc-apps/decidim/install/postgres_data/pg_hba.conf b/lxc-apps/decidim/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/decidim/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/decidim/install/postgres_data/postgresql.conf b/lxc-apps/decidim/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..93e2206 --- /dev/null +++ b/lxc-apps/decidim/install/postgres_data/postgresql.conf @@ -0,0 +1,750 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP settings - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + +# - Archive Recovery - + +# These are only used in recovery mode. + +#restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#primary_conninfo = '' # connection string to sending server + # (change requires restart) +#primary_slot_name = '' # replication slot on sending server + # (change requires restart) +#promote_trigger_file = '' # file name whose presence ends recovery +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/decidim/uninstall.sh b/lxc-apps/decidim/uninstall.sh new file mode 100755 index 0000000..15833ac --- /dev/null +++ b/lxc-apps/decidim/uninstall.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -ev + +# Remove persistent data +rm -rf "${VOLUMES_DIR}/decidim" + +# Unregister application +vmmgr unregister-app decidim diff --git a/lxc-apps/ecogis/install.sh b/lxc-apps/ecogis/install.sh deleted file mode 100755 index 965aa1b..0000000 --- a/lxc-apps/ecogis/install.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 - -# Populate database -export ECOGIS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/ecogis/conf/config.php -chown -R 8020:8020 /srv/ecogis/conf - -# Install service -cp etc/init.d/ecogis /etc/init.d/ecogis -rc-update -u - -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Register application -vmmgr register-app ecogis ecogis diff --git a/lxc-apps/ecogis/install/etc/init.d/ecogis b/lxc-apps/ecogis/install/etc/init.d/ecogis deleted file mode 100755 index 2d8a87c..0000000 --- a/lxc-apps/ecogis/install/etc/init.d/ecogis +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="EcoGIS container" - -depend() { - need postgres -} - -start() { - lxc-start ecogis -} - -start_post() { - vmmgr register-proxy ecogis -} - -stop_pre() { - vmmgr unregister-proxy ecogis -} - -stop() { - lxc-stop ecogis -} diff --git a/lxc-apps/ecogis/meta b/lxc-apps/ecogis/meta deleted file mode 100644 index b20489c..0000000 --- a/lxc-apps/ecogis/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "EcoGIS", - "desc-cs": "EcoGIS", - "desc-en": "EcoGIS", - "lxcpath": "ecogis", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.8-php5.6", "postgres"] -} diff --git a/lxc-apps/ecogis/uninstall.sh b/lxc-apps/ecogis/uninstall.sh deleted file mode 100755 index a4a2be3..0000000 --- a/lxc-apps/ecogis/uninstall.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/ecogis -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS ecogis; DROP ROLE IF EXISTS ecogis;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Unregister application -vmmgr unregister-app ecogis diff --git a/lxc-apps/frontlinesms/app b/lxc-apps/frontlinesms/app new file mode 100644 index 0000000..73c3929 --- /dev/null +++ b/lxc-apps/frontlinesms/app @@ -0,0 +1,17 @@ +{ + "version": "2.6.5-200403", + "meta": { + "title": "FrontlineSMS", + "desc-cs": "Hromadné odesílání zpráv", + "desc-en": "Bulk SMS messaging", + "license": "GPL" + }, + "containers": { + "frontlinesms": { + "image": "frontlinesms_2.6.5-200403", + "mounts": { + "frontlinesms/flsms_data": "srv/frontlinesms/.frontlinesms2" + } + } + } +} diff --git a/lxc-apps/frontlinesms/lxcfile b/lxc-apps/frontlinesms/image similarity index 75% rename from lxc-apps/frontlinesms/lxcfile rename to lxc-apps/frontlinesms/image index 21fb94e..7257650 100644 --- a/lxc-apps/frontlinesms/lxcfile +++ b/lxc-apps/frontlinesms/image @@ -1,15 +1,14 @@ -IMAGE frontlinesms -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER frontlinesms/frontlinesms +IMAGE frontlinesms_2.6.5-200403 +FROM alpine3.8-java8_8.222.10-200403 +# HTTP connection accept fails on Java 8.242 RUN EOF # Install runtime dependencies apk --no-cache add openjdk8-jre ttf-opensans xf86-video-dummy xorg-server # Create OS user - addgroup -S -g 8018 sms - adduser -S -u 8018 -h /srv/frontlinesms -s /bin/sh -g sms -G sms sms + addgroup -S -g 8080 sms + adduser -S -u 8080 -h /srv/frontlinesms -s /bin/sh -g sms -G sms sms adduser sms dialout # Install FrontlineSMS @@ -26,7 +25,7 @@ RUN EOF rm /tmp/frontlinesms2.sh EOF -COPY lxc +COPY image.d RUN EOF # Install Czech translation @@ -35,9 +34,7 @@ RUN EOF MD5=$(md5sum frontlinesms-core_messages_cs.js | cut -d' ' -f1) cp frontlinesms-core_messages_cs.js frontlinesms-core_messages_cs-${MD5}.js cp frontlinesms-core_messages_cs.js.gz frontlinesms-core_messages_cs-${MD5}.js.gz - chown 8018:8018 frontlinesms-core_messages_cs* + chown 8080:8080 frontlinesms-core_messages_cs* EOF -MOUNT DIR /srv/frontlinesms/data srv/frontlinesms/.frontlinesms2 - -CMD s6-svscan /etc/services.d +CMD /bin/s6-svscan /etc/services.d diff --git a/lxc-apps/frontlinesms/lxc/etc/X11/dummy.conf b/lxc-apps/frontlinesms/image.d/etc/X11/dummy.conf similarity index 100% rename from lxc-apps/frontlinesms/lxc/etc/X11/dummy.conf rename to lxc-apps/frontlinesms/image.d/etc/X11/dummy.conf diff --git a/lxc-apps/frontlinesms/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/frontlinesms/image.d/etc/services.d/.s6-svscan/finish similarity index 100% rename from lxc-apps/frontlinesms/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/frontlinesms/image.d/etc/services.d/.s6-svscan/finish diff --git a/lxc-apps/frontlinesms/lxc/etc/services.d/frontlinesms/run b/lxc-apps/frontlinesms/image.d/etc/services.d/frontlinesms/run similarity index 100% rename from lxc-apps/frontlinesms/lxc/etc/services.d/frontlinesms/run rename to lxc-apps/frontlinesms/image.d/etc/services.d/frontlinesms/run diff --git a/lxc-apps/frontlinesms/lxc/etc/services.d/xorg/run b/lxc-apps/frontlinesms/image.d/etc/services.d/xorg/run similarity index 100% rename from lxc-apps/frontlinesms/lxc/etc/services.d/xorg/run rename to lxc-apps/frontlinesms/image.d/etc/services.d/xorg/run diff --git a/lxc-apps/frontlinesms/lxc/srv/frontlinesms/frontlinesms2/web-app/WEB-INF/grails-app/i18n/messages_cs.properties b/lxc-apps/frontlinesms/image.d/srv/frontlinesms/frontlinesms2/web-app/WEB-INF/grails-app/i18n/messages_cs.properties similarity index 100% rename from lxc-apps/frontlinesms/lxc/srv/frontlinesms/frontlinesms2/web-app/WEB-INF/grails-app/i18n/messages_cs.properties rename to lxc-apps/frontlinesms/image.d/srv/frontlinesms/frontlinesms2/web-app/WEB-INF/grails-app/i18n/messages_cs.properties diff --git a/lxc-apps/frontlinesms/lxc/srv/frontlinesms/frontlinesms2/web-app/assets/i18n/frontlinesms-core_messages_cs.js b/lxc-apps/frontlinesms/image.d/srv/frontlinesms/frontlinesms2/web-app/assets/i18n/frontlinesms-core_messages_cs.js similarity index 100% rename from lxc-apps/frontlinesms/lxc/srv/frontlinesms/frontlinesms2/web-app/assets/i18n/frontlinesms-core_messages_cs.js rename to lxc-apps/frontlinesms/image.d/srv/frontlinesms/frontlinesms2/web-app/assets/i18n/frontlinesms-core_messages_cs.js diff --git a/lxc-apps/frontlinesms/install.sh b/lxc-apps/frontlinesms/install.sh index a588c2e..89ce519 100755 --- a/lxc-apps/frontlinesms/install.sh +++ b/lxc-apps/frontlinesms/install.sh @@ -1,20 +1,16 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +FLSMS_DATA="${VOLUMES_DIR}/frontlinesms/flsms_data" # Configure FrontlineSMS -mkdir -p /srv/frontlinesms/data +install -o 108080 -g 108080 -m 750 -d ${FLSMS_DATA} export FRONTLINESMS_ADMIN_USER="admin" export FRONTLINESMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export FRONTLINESMS_ADMIN_USER_HASH=$(echo -n "${FRONTLINESMS_ADMIN_USER}" | base64) export FRONTLINESMS_ADMIN_PWD_HASH=$(echo -n "${FRONTLINESMS_ADMIN_PWD}" | base64) -envsubst /srv/frontlinesms/data/app-settings.properties -chown -R 8018:8018 /srv/frontlinesms/data - -# Install service -cp etc/init.d/frontlinesms /etc/init.d/frontlinesms -rc-update -u +envsubst /srv/gnuhealth/conf/trytond.conf +install -o 108080 -g 108080 -m 750 -d ${GNUHEALTH_CONF} +envsubst /var/lib/lxc/gnuhealth/gnuhealth/tmp/.adminpwd -lxc-execute gnuhealth -- sh -c 'TRYTONPASSFILE=/tmp/.adminpwd trytond-admin -d gnuhealth --all -v' -rm -f /var/lib/lxc/gnuhealth/gnuhealth/tmp/.adminpwd +spoc-container exec gnuhealth -- sh -c "echo ${GNUHEALTH_ADMIN_PWD} >/tmp/.adminpwd; TRYTONPASSFILE=/tmp/.adminpwd trytond-admin -d gnuhealth --email ${GNUHEALTH_ADMIN_EMAIL} --all -v; rm /tmp/.adminpwd" # Populate demo database -zcat /var/lib/lxc/gnuhealth/gnuhealth/srv/gnuhealth/gnuhealth_demo.sql.gz | lxc-attach -u 5432 -g 5432 postgres -- sh -c "PGPASSWORD=${GNUHEALTH_PWD} psql gnuhealth_demo gnuhealth" - -# Install service -cp etc/init.d/gnuhealth /etc/init.d/gnuhealth -rc-update -u - -# Install config update script -cp srv/gnuhealth/update-conf.sh /srv/gnuhealth/update-conf.sh +spoc-container exec gnuhealth -- zcat /srv/gnuhealth/gnuhealth_demo.sql.gz | spoc-container exec gnuhealth-postgres -- sh -c "PGPASSWORD=${GNUHEALTH_PWD} psql gnuhealth_demo gnuhealth" # Stop services required for setup -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +spoc-container stop gnuhealth-postgres # Register application vmmgr register-app gnuhealth gh "${GNUHEALTH_ADMIN_USER}" "${GNUHEALTH_ADMIN_PWD}" diff --git a/lxc-apps/gnuhealth/install/etc/init.d/gnuhealth b/lxc-apps/gnuhealth/install/etc/init.d/gnuhealth deleted file mode 100755 index ccfc58c..0000000 --- a/lxc-apps/gnuhealth/install/etc/init.d/gnuhealth +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="GNU Health container" - -depend() { - need postgres -} - -start() { - lxc-start gnuhealth -} - -start_post() { - vmmgr register-proxy gnuhealth -} - -stop_pre() { - vmmgr unregister-proxy gnuhealth -} - -stop() { - lxc-stop gnuhealth -} diff --git a/lxc-apps/gnuhealth/install/srv/gnuhealth/conf/trytond.conf b/lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf similarity index 75% rename from lxc-apps/gnuhealth/install/srv/gnuhealth/conf/trytond.conf rename to lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf index 83353b0..1ea995a 100644 --- a/lxc-apps/gnuhealth/install/srv/gnuhealth/conf/trytond.conf +++ b/lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf @@ -1,5 +1,5 @@ [database] -uri = postgresql://gnuhealth:${GNUHEALTH_PWD}@postgres +uri = postgresql://gnuhealth:${GNUHEALTH_PWD}@gnuhealth-postgres path = /srv/gnuhealth/attach [web] diff --git a/lxc-apps/gnuhealth/install/postgres_data/pg_hba.conf b/lxc-apps/gnuhealth/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/gnuhealth/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/gnuhealth/install/postgres_data/postgresql.conf b/lxc-apps/gnuhealth/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..93e2206 --- /dev/null +++ b/lxc-apps/gnuhealth/install/postgres_data/postgresql.conf @@ -0,0 +1,750 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP settings - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + +# - Archive Recovery - + +# These are only used in recovery mode. + +#restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#primary_conninfo = '' # connection string to sending server + # (change requires restart) +#primary_slot_name = '' # replication slot on sending server + # (change requires restart) +#promote_trigger_file = '' # file name whose presence ends recovery +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/gnuhealth/install/srv/gnuhealth/update-conf.sh b/lxc-apps/gnuhealth/install/srv/gnuhealth/update-conf.sh deleted file mode 100755 index 57e4043..0000000 --- a/lxc-apps/gnuhealth/install/srv/gnuhealth/update-conf.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -sed -i "s|\(^from = \).*|\1${EMAIL}|" /srv/gnuhealth/conf/trytond.conf diff --git a/lxc-apps/gnuhealth/install/update-conf.sh b/lxc-apps/gnuhealth/install/update-conf.sh new file mode 100755 index 0000000..03bf1a3 --- /dev/null +++ b/lxc-apps/gnuhealth/install/update-conf.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Volumes +GNUHEALTH_CONF="${VOLUMES_DIR}/gnuhealth/gnuhealth_conf" + +# Replacements +sed -i "s|\(^from = \).*|\1${EMAIL}|" ${GNUHEALTH_CONF}/trytond.conf diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile deleted file mode 100644 index 487fc20..0000000 --- a/lxc-apps/gnuhealth/lxcfile +++ /dev/null @@ -1,64 +0,0 @@ -IMAGE gnuhealth -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python3.6 -LAYER shared/alpine3.9-nodejs10 -LAYER gnuhealth/gnuhealth - -FIXLAYER /usr/bin/fix-apk - -RUN EOF - # Install runtime dependencies - apk --no-cache add bash coreutils libffi libjpeg-turbo libpq - - # Install build dependencies - apk --no-cache add --virtual .deps build-base git libffi-dev libjpeg-turbo-dev libxml2-dev libxslt-dev ncurses npm patch postgresql-dev python3-dev sudo - - # Download GNU Health - # To get the matching trytond version, check latest trytond-.tar.gz on http://downloads.tryton.org/4.6/ - wget http://ftp.gnu.org/gnu/health/gnuhealth-3.4.1.tar.gz -O /tmp/gnuhealth.tgz - tar xzf /tmp/gnuhealth.tgz -C /srv - mv /srv/gnuhealth-3.4.1 /srv/install - - # Hackfix python-barcode support (will work in 3.4.2 - see http://hg.savannah.gnu.org/hgweb/health/rev/61b7bc7b1a78) - sed -i 's/pybarcode/python-barcode/' /srv/install/gnuhealth-setup - - # Clone Sao (Tryton web client) repository - git clone -b 4.6 --single-branch --depth 1 https://github.com/tryton/sao /srv/gnuhealth/sao - - # Create OS user - addgroup -S -g 8008 gnuhealth - adduser -S -u 8008 -h /srv/gnuhealth -s /bin/bash -g gnuhealth -G gnuhealth gnuhealth - chown -R gnuhealth:gnuhealth /srv/gnuhealth - - # Install GNU Health - cd /srv/install - sudo -u gnuhealth ./gnuhealth-setup install - - # Hackfix extraneous pymongo requirement - sed -i '/pymongo/d' /srv/gnuhealth/gnuhealth/tryton/server/modules/health_federation/health_federation.py - - # Hackfix template1 database lock - sed -i 's/template1/gnuhealth/g' /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15/trytond/backend/postgresql/database.py - - # Install Sao (Tryton web client) dependencies - cd /srv/gnuhealth/sao - sudo -u gnuhealth npm install --production - sudo -u gnuhealth ./node_modules/grunt-cli/bin/grunt - - # Download Demo database - wget http://health.gnu.org/downloads/postgres_dumps/gnuhealth-34-demo.sql.gz -O /srv/gnuhealth/gnuhealth_demo.sql.gz - - # Cleanup - apk --no-cache del .deps - find /srv/gnuhealth -name '.git*' -exec rm -rf {} + - rm -rf /srv/install - rm -f /tmp/gnuhealth.tgz -EOF - -MOUNT DIR /srv/gnuhealth/conf srv/gnuhealth/gnuhealth/tryton/server/config - -USER 8008 8008 -ENV PATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -ENV TRYTOND_CONFIG /srv/gnuhealth/gnuhealth/tryton/server/config/trytond.conf -ENV PYTHONPATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15:/srv/gnuhealth/gnuhealth/tryton/server/config -CMD trytond --verbose diff --git a/lxc-apps/gnuhealth/meta b/lxc-apps/gnuhealth/meta deleted file mode 100644 index 21491ba..0000000 --- a/lxc-apps/gnuhealth/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "GNU Health", - "desc-cs": "Lékařské záznamy pacientů", - "desc-en": "Lékařské záznamy pacientů", - "lxcpath": "gnuhealth", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python3.6", "alpine3.9-nodejs10", "postgres"] -} diff --git a/lxc-apps/gnuhealth/uninstall.sh b/lxc-apps/gnuhealth/uninstall.sh index 3c5d4ae..196c7e8 100755 --- a/lxc-apps/gnuhealth/uninstall.sh +++ b/lxc-apps/gnuhealth/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/gnuhealth -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS gnuhealth; DROP DATABASE IF EXISTS gnuhealth_demo; DROP ROLE IF EXISTS gnuhealth;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/gnuhealth" # Unregister application vmmgr unregister-app gnuhealth diff --git a/lxc-apps/kanboard/app b/lxc-apps/kanboard/app new file mode 100644 index 0000000..710863e --- /dev/null +++ b/lxc-apps/kanboard/app @@ -0,0 +1,27 @@ +{ + "version": "1.2.13-200403", + "meta": { + "title": "KanBoard", + "desc-cs": "Kanban řízení projektů", + "desc-en": "Kanban project management", + "license": "GPL" + }, + "containers": { + "kanboard": { + "image": "kanboard_1.2.13-200403", + "depends": [ + "kanboard-postgres" + ], + "mounts": { + "kanboard/kanboard_data": "srv/kanboard/data/files", + "kanboard/kanboard_conf/config.php": "srv/kanboard/config.php:file" + } + }, + "kanboard-postgres": { + "image": "postgres_12.2.0-200403", + "mounts": { + "kanboard/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/kanboard/lxcfile b/lxc-apps/kanboard/image similarity index 80% rename from lxc-apps/kanboard/lxcfile rename to lxc-apps/kanboard/image index 7a76099..d99213c 100644 --- a/lxc-apps/kanboard/lxcfile +++ b/lxc-apps/kanboard/image @@ -1,7 +1,5 @@ -IMAGE kanboard -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-php7.2 -LAYER kanboard/kanboard +IMAGE kanboard_1.2.13-200403 +FROM alpine3.11-php7.3_7.3.16-200403 RUN EOF # Install runtime dependencies @@ -11,9 +9,9 @@ RUN EOF apk --no-cache add --virtual .deps git # Download KanBoard - wget https://github.com/kanboard/kanboard/archive/v1.2.9.zip -O /srv/kanboard.zip + wget https://github.com/kanboard/kanboard/archive/v1.2.13.zip -O /srv/kanboard.zip unzip /srv/kanboard.zip -d /srv - mv /srv/kanboard-1.2.9 /srv/kanboard + mv /srv/kanboard-* /srv/kanboard # Install plugins git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_overwrite_translation /srv/kanboard/plugins/Overwrite_translation @@ -32,8 +30,8 @@ RUN EOF git clone --depth=1 https://github.com/xavividal/kanboard-plugin-relationgraph /srv/kanboard/plugins/Relationgraph # Create OS user - addgroup -S -g 8009 kanboard - adduser -S -u 8009 -h /srv/kanboard -s /bin/false -g kanboard -G kanboard kanboard + addgroup -S -g 8080 kanboard + adduser -S -u 8080 -h /srv/kanboard -s /bin/false -g kanboard -G kanboard kanboard # Cleanup apk --no-cache del .deps @@ -41,9 +39,6 @@ RUN EOF find /srv/kanboard -name '.git*' -exec rm -rf {} + EOF -COPY lxc +COPY image.d -MOUNT DIR /srv/kanboard/data srv/kanboard/data/files -MOUNT FILE /srv/kanboard/conf/config.php srv/kanboard/config.php - -CMD s6-svscan /etc/services.d +CMD /bin/s6-svscan /etc/services.d diff --git a/lxc-apps/kanboard/image.d/etc/crontabs/kanboard b/lxc-apps/kanboard/image.d/etc/crontabs/kanboard new file mode 100644 index 0000000..74721dc --- /dev/null +++ b/lxc-apps/kanboard/image.d/etc/crontabs/kanboard @@ -0,0 +1 @@ +0 * * * * /srv/kanboard/cli cronjob >/dev/null diff --git a/lxc-apps/kanboard/lxc/etc/nginx/nginx.conf b/lxc-apps/kanboard/image.d/etc/nginx/nginx.conf similarity index 97% rename from lxc-apps/kanboard/lxc/etc/nginx/nginx.conf rename to lxc-apps/kanboard/image.d/etc/nginx/nginx.conf index 72ed728..421172d 100644 --- a/lxc-apps/kanboard/lxc/etc/nginx/nginx.conf +++ b/lxc-apps/kanboard/image.d/etc/nginx/nginx.conf @@ -15,6 +15,8 @@ http { server_tokens off; client_max_body_size 100m; sendfile on; + tcp_nodelay on; + send_timeout 300; server { listen 8080; diff --git a/lxc-apps/kanboard/lxc/etc/php7/php-fpm.conf b/lxc-apps/kanboard/image.d/etc/php7/php-fpm.conf similarity index 100% rename from lxc-apps/kanboard/lxc/etc/php7/php-fpm.conf rename to lxc-apps/kanboard/image.d/etc/php7/php-fpm.conf diff --git a/lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/kanboard/image.d/etc/services.d/.s6-svscan/finish similarity index 72% rename from lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/kanboard/image.d/etc/services.d/.s6-svscan/finish index c9e7add..d4ff9d9 100755 --- a/lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/kanboard/image.d/etc/services.d/.s6-svscan/finish @@ -1,4 +1,5 @@ #!/bin/execlineb -P +foreground { s6-svwait -d -t 3000 cron } foreground { s6-svwait -d -t 3000 nginx } foreground { s6-svwait -d -t 3000 php-fpm } diff --git a/lxc-apps/kanboard/image.d/etc/services.d/cron/run b/lxc-apps/kanboard/image.d/etc/services.d/cron/run new file mode 100755 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/kanboard/image.d/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/pandora/lxc/etc/services.d/nginx/run b/lxc-apps/kanboard/image.d/etc/services.d/nginx/run similarity index 100% rename from lxc-apps/pandora/lxc/etc/services.d/nginx/run rename to lxc-apps/kanboard/image.d/etc/services.d/nginx/run diff --git a/lxc-apps/kanboard/lxc/etc/services.d/php-fpm/run b/lxc-apps/kanboard/image.d/etc/services.d/php-fpm/run similarity index 100% rename from lxc-apps/kanboard/lxc/etc/services.d/php-fpm/run rename to lxc-apps/kanboard/image.d/etc/services.d/php-fpm/run diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh index dc33cae..1b73294 100755 --- a/lxc-apps/kanboard/install.sh +++ b/lxc-apps/kanboard/install.sh @@ -1,37 +1,38 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/kanboard/postgres_data" +KANBOARD_CONF="${VOLUMES_DIR}/kanboard/kanboard_conf" +KANBOARD_DATA="${VOLUMES_DIR}/kanboard/kanboard_data" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec kanboard-postgres -- initdb -D /var/lib/postgresql -# Populate database -export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/kanboard/conf/config.php -export KANBOARD_ADMIN_USER=admin +export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +install -o 108080 -g 108080 -m 750 -d ${KANBOARD_CONF} +install -o 108080 -g 108080 -m 750 -d ${KANBOARD_DATA} +envsubst /dev/null -fi diff --git a/lxc-apps/kanboard/install/srv/kanboard/conf/config.php b/lxc-apps/kanboard/install/kanboard_conf/config.php similarity index 99% rename from lxc-apps/kanboard/install/srv/kanboard/conf/config.php rename to lxc-apps/kanboard/install/kanboard_conf/config.php index 290c835..214b901 100644 --- a/lxc-apps/kanboard/install/srv/kanboard/conf/config.php +++ b/lxc-apps/kanboard/install/kanboard_conf/config.php @@ -68,7 +68,7 @@ define('DB_USERNAME', 'kanboard'); define('DB_PASSWORD', '${KANBOARD_PWD}'); // Mysql/Postgres hostname -define('DB_HOSTNAME', 'postgres'); +define('DB_HOSTNAME', 'kanboard-postgres'); // Mysql/Postgres database name define('DB_NAME', 'kanboard'); diff --git a/lxc-apps/kanboard/install/postgres_data/pg_hba.conf b/lxc-apps/kanboard/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/kanboard/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/kanboard/install/postgres_data/postgresql.conf b/lxc-apps/kanboard/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..93e2206 --- /dev/null +++ b/lxc-apps/kanboard/install/postgres_data/postgresql.conf @@ -0,0 +1,750 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP settings - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + +# - Archive Recovery - + +# These are only used in recovery mode. + +#restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#primary_conninfo = '' # connection string to sending server + # (change requires restart) +#primary_slot_name = '' # replication slot on sending server + # (change requires restart) +#promote_trigger_file = '' # file name whose presence ends recovery +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/kanboard/install/srv/kanboard/update-conf.sh b/lxc-apps/kanboard/install/srv/kanboard/update-conf.sh deleted file mode 100755 index 4b8d77b..0000000 --- a/lxc-apps/kanboard/install/srv/kanboard/update-conf.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -sed -i "s|\(^define('MAIL_FROM', \).*|\1'${EMAIL}');|" /srv/kanboard/conf/config.php diff --git a/lxc-apps/kanboard/install/update-conf.sh b/lxc-apps/kanboard/install/update-conf.sh new file mode 100755 index 0000000..55c7e1e --- /dev/null +++ b/lxc-apps/kanboard/install/update-conf.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Volumes +KANBOARD_CONF="${VOLUMES_DIR}/kanboard/kanboard_conf" + +# Replacements +sed -i "s|\(^define('MAIL_FROM', \).*|\1'${EMAIL}');|" ${KANBOARD_CONF}/config.php diff --git a/lxc-apps/kanboard/meta b/lxc-apps/kanboard/meta deleted file mode 100644 index 08ce849..0000000 --- a/lxc-apps/kanboard/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "KanBoard", - "desc-cs": "Kanban řízení projektů", - "desc-en": "Kanban řízení projektů", - "lxcpath": "kanboard", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-php7.2", "postgres"] -} diff --git a/lxc-apps/kanboard/uninstall.sh b/lxc-apps/kanboard/uninstall.sh index c0f1cc6..686ea3b 100755 --- a/lxc-apps/kanboard/uninstall.sh +++ b/lxc-apps/kanboard/uninstall.sh @@ -1,17 +1,8 @@ #!/bin/sh set -ev -# Remove cronjob -rm -f /etc/periodic/daily/kanboard - -# Remove service -rm -f /etc/init.d/kanboard -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS kanboard; DROP ROLE IF EXISTS kanboard;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/kanboard" # Unregister application vmmgr unregister-app kanboard diff --git a/lxc-apps/mifosx/app b/lxc-apps/mifosx/app new file mode 100644 index 0000000..7f014e4 --- /dev/null +++ b/lxc-apps/mifosx/app @@ -0,0 +1,28 @@ +{ + "version": "18.03.01-200403", + "meta": { + "title": "Mifos X", + "desc-cs": "Mikrofinancování rozvojových projektů", + "desc-en": "Development projects microfinancing", + "license": "GPL" + }, + "containers": { + "mifosx": { + "image": "mifosx_18.03.01-200403", + "depends": [ + "mifosx-mariadb" + ], + "mounts": { + "mifosx/mifosx_conf/server.xml": "srv/tomcat/conf/server.xml:file", + "mifosx/mifosx_conf/context.xml": "srv/tomcat/webapps/fineract-provider/META-INF/context.xml:file" + } + }, + "mifosx-mariadb": { + "image": "mariadb_10.4.12-200403", + "mounts": { + "mifosx/mariadb_conf/my.cnf": "etc/my.cnf:file", + "mifosx/mariadb_data": "var/lib/mysql" + } + } + } +} diff --git a/lxc-apps/mifosx/lxcfile b/lxc-apps/mifosx/image similarity index 63% rename from lxc-apps/mifosx/lxcfile rename to lxc-apps/mifosx/image index 94542e7..012901a 100644 --- a/lxc-apps/mifosx/lxcfile +++ b/lxc-apps/mifosx/image @@ -1,8 +1,5 @@ -IMAGE mifosx -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat8.5 -LAYER mifosx/mifosx +IMAGE mifosx_18.03.01-200403 +FROM alpine3.11-tomcat8.5_8.5.53-200403 RUN EOF # Install full-featured wget to work around sourceforge bugs @@ -17,12 +14,7 @@ RUN EOF mv /tmp/fineractplatform-18.03.01.RELEASE/database/mifospltaform-tenants-first-time-install.sql /tmp/mifospltaform-tenants-first-time-install.sql # Download Java library dependencies - wget http://central.maven.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar - - # Create OS user - addgroup -S -g 8012 mifosx - adduser -S -u 8012 -h /srv/tomcat -s /bin/false -g mifosx -G mifosx mifosx - chown -R mifosx:mifosx /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work + wget https://repo.maven.apache.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar # Cleanup apk --no-cache del wget @@ -30,7 +22,7 @@ RUN EOF EOF # s6 required for single service due to hanging threads -COPY lxc +COPY image.d RUN EOF # Update Czech translation of community-app @@ -38,9 +30,9 @@ RUN EOF cd /srv/tomcat/webapps/ROOT/scripts/ patch -p0 /srv/mifosx/conf/context.xml -cp srv/mifosx/conf/server.xml /srv/mifosx/conf/server.xml - -# Install service -cp etc/init.d/mifosx /etc/init.d/mifosx -rc-update -u +install -o 100000 -g 100000 -m 755 -d ${MIFOSX_CONF} +envsubst /var/log/lxc/mifosx.log -lxc-start mifosx -until grep -q 'org.apache.catalina.startup.Catalina.start Server startup' /var/log/lxc/mifosx.log; do +spoc-container exec mifosx -- cat /tmp/mifospltaform-tenants-first-time-install.sql | spoc-container exec mifosx-mariadb -- mysql mifosplatform-tenants +envsubst /srv/motech/conf/config/bootstrap.properties -cp srv/motech/conf/config-locations.properties /srv/motech/conf/config-locations.properties -cp srv/motech/conf/config/motech-settings.properties /srv/motech/conf/config/motech-settings.properties -cp srv/motech/conf/config/org.motechproject.motech-platform-email/motech-email.properties /srv/motech/conf/config/org.motechproject.motech-platform-email/motech-email.properties -chown -R 8013:8013 /srv/motech/conf - -# Install service -cp etc/init.d/motech /etc/init.d/motech -rc-update -u +install -o 108080 -g 108080 -m 750 -d ${MOTECH_CONF} +install -o 108080 -g 108080 -m 750 -d ${MOTECH_CONF}/config +install -o 108080 -g 108080 -m 750 -d ${MOTECH_CONF}/config/org.motechproject.motech-platform-email +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/motech/install/srv/motech/update-conf.sh b/lxc-apps/motech/install/srv/motech/update-conf.sh deleted file mode 100755 index 3626871..0000000 --- a/lxc-apps/motech/install/srv/motech/update-conf.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -HOST="${DOMAIN}" -[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}" -sed -i "s|\(^server\.url=\).*|\1https://motech.${HOST}|" /srv/motech/conf/config/motech-settings.properties diff --git a/lxc-apps/motech/install/update-conf.sh b/lxc-apps/motech/install/update-conf.sh new file mode 100755 index 0000000..9c65b73 --- /dev/null +++ b/lxc-apps/motech/install/update-conf.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +# Volumes +MOTECH_CONF="${VOLUMES_DIR}/motech/motech_conf" + +# Variables +HTTP_HOST="${HOST}" +[ "${PORT}" != "443" ] && HTTP_HOST="${HTTP_HOST}:${PORT}" + +# Replacements +sed -i "s|\(^server\.url=\).*|\1https://${HTTP_HOST}|" ${MOTECH_CONF}/config/motech-settings.properties diff --git a/lxc-apps/motech/lxcfile b/lxc-apps/motech/lxcfile deleted file mode 100644 index 1895097..0000000 --- a/lxc-apps/motech/lxcfile +++ /dev/null @@ -1,31 +0,0 @@ -IMAGE motech -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat7 -LAYER motech/motech - -RUN EOF - # Download Motech - wget http://nexus.motechproject.org/service/local/repositories/releases/content/org/motechproject/motech-platform-server/1.3/motech-platform-server-1.3.war -O /tmp/motech.war - mkdir /srv/tomcat/webapps/ROOT - unzip /tmp/motech.war -d /srv/tomcat/webapps/ROOT - - # Update Postgres JDBC driver - rm -f /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-9.1-901.jdbc4.jar /srv/tomcat/webapps/ROOT/WEB-INF/bundles/postgresql-9.1-901.jdbc4.jar - wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar - cp /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar /srv/tomcat/webapps/ROOT/WEB-INF/bundles/postgresql-42.2.5.jar - - # Create OS user - addgroup -S -g 8013 motech - adduser -S -u 8013 -h /srv/tomcat -s /bin/false -g motech -G motech motech - chown -R motech:motech /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work - - # Cleanup - rm -f /tmp/motech.war -EOF - -MOUNT DIR /srv/motech/conf srv/tomcat/.motech - -USER 8013 8013 -WORKDIR /srv/tomcat -CMD catalina.sh run diff --git a/lxc-apps/motech/meta b/lxc-apps/motech/meta deleted file mode 100644 index 428e124..0000000 --- a/lxc-apps/motech/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Motech", - "desc-cs": "Automatizace komunikace", - "desc-en": "Automatizace komunikace", - "lxcpath": "motech", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-tomcat7", "activemq", "postgres"] -} diff --git a/lxc-apps/motech/uninstall.sh b/lxc-apps/motech/uninstall.sh index 33ab363..6c1b988 100755 --- a/lxc-apps/motech/uninstall.sh +++ b/lxc-apps/motech/uninstall.sh @@ -1,16 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/motech -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS motech; DROP DATABASE IF EXISTS motechdata; DROP DATABASE IF EXISTS motechquartz; DROP DATABASE IF EXISTS motechschema; DROP ROLE IF EXISTS motech;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# TODO: Clear ActiveMQ config +# Remove persistent data +rm -rf "${VOLUMES_DIR}/motech" # Unregister application vmmgr unregister-app motech diff --git a/lxc-apps/odoo/app b/lxc-apps/odoo/app new file mode 100644 index 0000000..37a08ce --- /dev/null +++ b/lxc-apps/odoo/app @@ -0,0 +1,27 @@ +{ + "version": "13.0.0-200403", + "meta": { + "title": "Odoo", + "desc-cs": "Sada aplikací pro správu organizace", + "desc-en": "Company management application suite", + "license": "GPL" + }, + "containers": { + "odoo": { + "image": "odoo_13.0.0-200403", + "depends": [ + "odoo-postgres" + ], + "mounts": { + "odoo/odoo_data": "srv/odoo/data", + "odoo/odoo_conf/odoo.conf": "srv/odoo/odoo.conf:file" + } + }, + "odoo-postgres": { + "image": "postgres_12.2.0-200403", + "mounts": { + "odoo/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/image similarity index 55% rename from lxc-apps/odoo/lxcfile rename to lxc-apps/odoo/image index 04476fe..495d61b 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/image @@ -1,28 +1,23 @@ -IMAGE odoo -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python3.6 -LAYER shared/alpine3.9-nodejs10 -LAYER odoo/odoo - -FIXLAYER /usr/bin/fix-apk +IMAGE odoo_13.0.0-200403 +FROM alpine3.11-python3.8_3.8.2-200403 RUN EOF # Install runtime dependencies - apk --no-cache add libjpeg-turbo libpq + apk --no-cache add libjpeg-turbo libpq nodejs # Install build dependencies apk --no-cache add --virtual .deps build-base git libjpeg-turbo-dev libxml2-dev libxslt-dev linux-headers openldap-dev postgresql-dev python3-dev # Clone Odoo repository - git clone --depth 1 https://github.com/odoo/odoo.git /srv/odoo + git clone -b 13.0 --depth 1 https://github.com/odoo/odoo.git /srv/odoo # Install Odoo cd /srv/odoo pip3 install -r requirements.txt # Create OS user - addgroup -S -g 8019 odoo - adduser -S -u 8019 -h /srv/odoo -s /bin/false -g odoo -G odoo odoo + addgroup -S -g 8080 odoo + adduser -S -u 8080 -h /srv/odoo -s /bin/false -g odoo -G odoo odoo chown -R odoo:odoo /srv/odoo # Cleanup @@ -31,8 +26,5 @@ RUN EOF rm -rf /usr/local/share/.cache EOF -MOUNT FILE /srv/odoo/conf/odoo.conf srv/odoo/odoo.conf -MOUNT DIR /srv/odoo/data srv/odoo/data - -USER 8019 8019 +USER odoo CMD /srv/odoo/odoo-bin -c srv/odoo/odoo.conf diff --git a/lxc-apps/odoo/install.sh b/lxc-apps/odoo/install.sh index 439bc6b..53a7e52 100755 --- a/lxc-apps/odoo/install.sh +++ b/lxc-apps/odoo/install.sh @@ -1,39 +1,44 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/odoo/postgres_data" +ODOO_CONF="${VOLUMES_DIR}/odoo/odoo_conf" +ODOO_DATA="${VOLUMES_DIR}/odoo/odoo_data" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec odoo-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf # Create databases export ODOO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/odoo/conf/odoo.conf +install -o 108080 -g 108080 -m 750 -d ${ODOO_CONF} +install -o 108080 -g 108080 -m 750 -d ${ODOO_DATA} +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/odoo/install/srv/odoo/update-conf.sh b/lxc-apps/odoo/install/srv/odoo/update-conf.sh deleted file mode 100755 index 6d29b0d..0000000 --- a/lxc-apps/odoo/install/srv/odoo/update-conf.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -sed -i "s|\(^email_from = \).*|\1${EMAIL}|" /srv/odoo/conf/odoo.conf diff --git a/lxc-apps/odoo/install/update-conf.sh b/lxc-apps/odoo/install/update-conf.sh new file mode 100755 index 0000000..29ba6ee --- /dev/null +++ b/lxc-apps/odoo/install/update-conf.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Volumes +ODOO_CONF="${VOLUMES_DIR}/odoo/odoo_conf" + +# Replacements +sed -i "s|\(^email_from = \).*|\1${EMAIL}|" ${ODOO_CONF}/odoo.conf diff --git a/lxc-apps/odoo/meta b/lxc-apps/odoo/meta deleted file mode 100644 index 8d8e092..0000000 --- a/lxc-apps/odoo/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Odoo", - "desc-cs": "Sada aplikací pro správu organizace", - "desc-en": "Sada aplikací pro správu organizace", - "lxcpath": "odoo", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python3.6", "alpine3.9-nodejs10", "postgres"] -} diff --git a/lxc-apps/odoo/uninstall.sh b/lxc-apps/odoo/uninstall.sh index 267ab89..857f866 100755 --- a/lxc-apps/odoo/uninstall.sh +++ b/lxc-apps/odoo/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/odoo -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS odoo; DROP ROLE IF EXISTS odoo;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/odoo" # Unregister application vmmgr unregister-app odoo diff --git a/lxc-apps/opendatakit-build/install.sh b/lxc-apps/opendatakit-build/install.sh deleted file mode 100755 index 7795f7f..0000000 --- a/lxc-apps/opendatakit-build/install.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 - -# Create databases -export OPENDATAKITBUILD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/opendatakit-build/conf/config.yml -lxc-execute opendatakit-build -- sh -c 'cd /srv/opendatakit-build; rake db:migrate' - -# Install service -cp etc/init.d/opendatakit-build /etc/init.d/opendatakit-build -rc-update -u - -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Register application -vmmgr register-app opendatakit-build odkbuild diff --git a/lxc-apps/opendatakit-build/install/createdb.sql b/lxc-apps/opendatakit-build/install/createdb.sql deleted file mode 100644 index 1b73f2b..0000000 --- a/lxc-apps/opendatakit-build/install/createdb.sql +++ /dev/null @@ -1,4 +0,0 @@ -CREATE ROLE opendatakitbuild NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${OPENDATAKITBUILD_PWD}'; -CREATE DATABASE opendatakitbuild; -REVOKE ALL ON DATABASE opendatakitbuild FROM public; -ALTER DATABASE opendatakitbuild OWNER TO opendatakitbuild; diff --git a/lxc-apps/opendatakit-build/install/etc/init.d/opendatakit-build b/lxc-apps/opendatakit-build/install/etc/init.d/opendatakit-build deleted file mode 100755 index 57751dd..0000000 --- a/lxc-apps/opendatakit-build/install/etc/init.d/opendatakit-build +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="OpenDataKit Build container" - -depend() { - need postgres -} - -start() { - lxc-start opendatakit-build -} - -start_post() { - vmmgr register-proxy opendatakit-build -} - -stop_pre() { - vmmgr unregister-proxy opendatakit-build -} - -stop() { - lxc-stop opendatakit-build -} diff --git a/lxc-apps/opendatakit-build/meta b/lxc-apps/opendatakit-build/meta deleted file mode 100644 index f6dda74..0000000 --- a/lxc-apps/opendatakit-build/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "OpenDataKit Build", - "desc-cs": "Sběr formulářových dat - Aplikace pro návrh formulářů", - "desc-en": "Sběr formulářových dat - Aplikace pro návrh formulářů", - "lxcpath": "opendatakit-build", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-ruby2.4", "alpine3.9-nodejs10", "postgres"] -} diff --git a/lxc-apps/opendatakit-build/uninstall.sh b/lxc-apps/opendatakit-build/uninstall.sh deleted file mode 100755 index a71d1cd..0000000 --- a/lxc-apps/opendatakit-build/uninstall.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/opendatakit-build -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS opendatakitbuild; DROP ROLE IF EXISTS opendatakitbuild;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Unregister application -vmmgr unregister-app opendatakit-build diff --git a/lxc-apps/opendatakit/app b/lxc-apps/opendatakit/app new file mode 100644 index 0000000..97654d8 --- /dev/null +++ b/lxc-apps/opendatakit/app @@ -0,0 +1,38 @@ +{ + "version": "2.0.5-200403", + "meta": { + "title": "OpenDataKit", + "desc-cs": "Sběr formulářových dat", + "desc-en": "Form data collection", + "license": "GPL" + }, + "containers": { + "opendatakit": { + "image": "opendatakit_2.0.5-200403", + "depends": [ + "opendatakit-postgres" + ], + "mounts": { + "opendatakit/odk_conf/server.xml": "srv/tomcat/conf/server.xml:file", + "opendatakit/odk_conf/jdbc.properties": "srv/tomcat/webapps/ROOT/WEB-INF/classes/jdbc.properties:file", + "opendatakit/odk_conf/security.properties": "srv/tomcat/webapps/ROOT/WEB-INF/classes/security.properties:file" + } + }, + "opendatakit-build": { + "image": "opendatakit-build_0.3.5-200403", + "depends": [ + "opendatakit-postgres" + ], + "mounts": { + "opendatakit/odkbuild_conf/add-ca-cert.env": "srv/opendatakit-build/add-ca-cert.env:file", + "opendatakit/odkbuild_conf/config.yml": "srv/opendatakit-build/config.yml:file" + } + }, + "opendatakit-postgres": { + "image": "postgres_12.2.0-200403", + "mounts": { + "opendatakit/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/opendatakit/install.sh b/lxc-apps/opendatakit/install.sh index e13ed83..03b6051 100755 --- a/lxc-apps/opendatakit/install.sh +++ b/lxc-apps/opendatakit/install.sh @@ -1,47 +1,57 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/opendatakit/postgres_data" +ODK_CONF="${VOLUMES_DIR}/opendatakit/odk_conf" +ODKBUILD_CONF="${VOLUMES_DIR}/opendatakit/odkbuild_conf" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec opendatakit-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf # Create databases export OPENDATAKIT_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/opendatakit/conf/jdbc.properties -envsubst /srv/opendatakit/conf/security.properties -cp srv/opendatakit/conf/server.xml /srv/opendatakit/conf/server.xml -chown -R 8015:8015 /srv/opendatakit/conf +export OPENDATAKIT_ADMIN_USER="admin" +export OPENDATAKIT_ADMIN_REALM="spotter" +install -o 108080 -g 108080 -m 750 -d ${ODK_CONF} +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/opendatakit/install/srv/opendatakit/update-conf.sh b/lxc-apps/opendatakit/install/srv/opendatakit/update-conf.sh deleted file mode 100755 index bbe857f..0000000 --- a/lxc-apps/opendatakit/install/srv/opendatakit/update-conf.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -sed -i "s|\(^\s\+proxyName=\).*|\1\"odk.${DOMAIN}\"|" /srv/opendatakit/conf/server.xml -sed -i "s|\(^\s\+proxyPort=\).*|\1\"${PORT}\"|" /srv/opendatakit/conf/server.xml -sed -i "s|\(^security\.server\.securePort=\).*|\1${PORT}|" /srv/opendatakit/conf/security.properties diff --git a/lxc-apps/opendatakit/install/update-conf.sh b/lxc-apps/opendatakit/install/update-conf.sh new file mode 100755 index 0000000..f668aa4 --- /dev/null +++ b/lxc-apps/opendatakit/install/update-conf.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +# Volumes +ODK_CONF="${VOLUMES_DIR}/opendatakit/odk_conf" +ODKBUILD_CONF="${VOLUMES_DIR}/opendatakit/odkbuild_conf" + +# Replacements +sed -i "s|\(^\s\+proxyName=\).*|\1\"${HOST}\"|" ${ODK_CONF}/server.xml +sed -i "s|\(^\s\+proxyPort=\).*|\1\"${PORT}\"|" ${ODK_CONF}/server.xml +sed -i "s|\(^security\.server\.securePort=\).*|\1${PORT}|" ${ODK_CONF}/security.properties + +cat <${ODKBUILD_CONF}/add-ca-cert.env +HOST=${HOST} +PORT=${PORT} +EOF diff --git a/lxc-apps/opendatakit/lxcfile b/lxc-apps/opendatakit/lxcfile deleted file mode 100644 index f2b5902..0000000 --- a/lxc-apps/opendatakit/lxcfile +++ /dev/null @@ -1,32 +0,0 @@ -IMAGE opendatakit -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat8.5 -LAYER opendatakit/opendatakit - -RUN EOF - # Download OpenDataKit - wget https://github.com/opendatakit/aggregate/releases/download/v2.0.3/ODK-Aggregate-v2.0.3.war -O /tmp/odk.war - mkdir /srv/tomcat/webapps/ROOT - unzip /tmp/odk.war -d /srv/tomcat/webapps/ROOT - - # Update Postgres JDBC driver - rm /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.1.4.jre7.jar - wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar - - # Create OS user - addgroup -S -g 8015 odk - adduser -S -u 8015 -h /srv/tomcat -s /bin/false -g odk -G odk odk - chown -R odk:odk /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work - - # Cleanup - rm /tmp/odk.war -EOF - -MOUNT FILE /srv/opendatakit/conf/server.xml srv/tomcat/conf/server.xml -MOUNT FILE /srv/opendatakit/conf/jdbc.properties srv/tomcat/webapps/ROOT/WEB-INF/classes/jdbc.properties -MOUNT FILE /srv/opendatakit/conf/security.properties srv/tomcat/webapps/ROOT/WEB-INF/classes/security.properties - -USER 8015 8015 -WORKDIR /srv/tomcat -CMD catalina.sh run diff --git a/lxc-apps/opendatakit/meta b/lxc-apps/opendatakit/meta deleted file mode 100644 index aeb50a3..0000000 --- a/lxc-apps/opendatakit/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "OpenDataKit", - "desc-cs": "Sběr formulářových dat", - "desc-en": "Sběr formulářových dat", - "lxcpath": "opendatakit", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-tomcat8.5", "postgres"] -} diff --git a/lxc-apps/opendatakit-build/lxcfile b/lxc-apps/opendatakit/opendatakit-build.image similarity index 59% rename from lxc-apps/opendatakit-build/lxcfile rename to lxc-apps/opendatakit/opendatakit-build.image index 42cf5b4..9fcc969 100644 --- a/lxc-apps/opendatakit-build/lxcfile +++ b/lxc-apps/opendatakit/opendatakit-build.image @@ -1,14 +1,9 @@ -IMAGE opendatakit-build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-ruby2.4 -LAYER shared/alpine3.9-nodejs10 -LAYER opendatakit-build/opendatakit-build - -FIXLAYER /usr/bin/fix-apk +IMAGE opendatakit-build_0.3.5-200403 +FROM alpine3.11-ruby2.4_2.4.9-200403 RUN EOF # Install runtime dependencies - apk --no-cache add libpq + apk --no-cache add libpq nodejs openssl # Install build dependencies apk --no-cache add --virtual .deps build-base git linux-headers make npm openjdk8-jre-base postgresql-dev @@ -18,6 +13,7 @@ RUN EOF # Install Ruby dependencies cd /srv/opendatakit-build + gem install bundler:1.13.6 bundle install --without test rake deploy:build @@ -27,20 +23,17 @@ RUN EOF make # Create OS user - addgroup -S -g 8017 odkbuild - adduser -S -u 8017 -h /srv/opendatakit-build -s /bin/false -g odkbuild -G odkbuild odkbuild + addgroup -S -g 8080 odkbuild + adduser -S -u 8080 -h /srv/opendatakit-build -s /bin/false -g odkbuild -G odkbuild odkbuild chown -R odkbuild:odkbuild /srv/opendatakit-build chown -R odkbuild:odkbuild /srv/build2xlsform # Cleanup apk --no-cache del .deps find /srv -name '.git*' -exec rm -rf {} + - rm -rf /root/.bundle /root/.config /root/.npm + rm -rf /.bundle /root/.config /root/.npm EOF -COPY lxc +COPY opendatakit-build.image.d -MOUNT FILE /etc/ssl/services.pem usr/local/share/ca-certificates/services.crt -MOUNT FILE /srv/opendatakit-build/conf/config.yml srv/opendatakit-build/config.yml - -CMD s6-svscan /etc/services.d +CMD /bin/s6-svscan /etc/services.d diff --git a/lxc-apps/opendatakit/opendatakit-build.image.d/bin/add-ca-cert b/lxc-apps/opendatakit/opendatakit-build.image.d/bin/add-ca-cert new file mode 100755 index 0000000..0648e5f --- /dev/null +++ b/lxc-apps/opendatakit/opendatakit-build.image.d/bin/add-ca-cert @@ -0,0 +1,6 @@ +#!/bin/sh + +. /srv/opendatakit-build/add-ca-cert.env + +true | openssl s_client -connect ${HOST}:${PORT} | openssl x509 -out /usr/local/share/ca-certificates/opendatakit.crt +update-ca-certificates diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/.s6-svscan/finish similarity index 56% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/.s6-svscan/finish index a280967..913d9f4 100755 --- a/lxc-apps/opendatakit-build/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/.s6-svscan/finish @@ -1,4 +1,4 @@ #!/bin/execlineb -P -foreground { s6-svwait -d -t 3000 build2xlsform } +foreground { s6-svwait -d -t 3000 build2xlsform } foreground { s6-svwait -d -t 3000 odkbuild } diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/build2xlsform/run b/lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/build2xlsform/run similarity index 100% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/build2xlsform/run rename to lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/build2xlsform/run diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/down-signal b/lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/odkbuild/down-signal similarity index 87% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/down-signal rename to lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/odkbuild/down-signal index fc6cc59..d751378 100644 --- a/lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/down-signal +++ b/lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/odkbuild/down-signal @@ -1 +1 @@ -SIGINT +SIGINT diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/run b/lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/odkbuild/run similarity index 77% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/run rename to lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/odkbuild/run index 3781d04..eebc23b 100755 --- a/lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/run +++ b/lxc-apps/opendatakit/opendatakit-build.image.d/etc/services.d/odkbuild/run @@ -2,6 +2,6 @@ cd /srv/opendatakit-build fdmove -c 2 1 -foreground { update-ca-certificates } +foreground { /bin/add-ca-cert } s6-setuidgid odkbuild bundle exec rackup config.ru -o 0.0.0.0 -p 8080 diff --git a/lxc-apps/opendatakit/opendatakit.image b/lxc-apps/opendatakit/opendatakit.image new file mode 100644 index 0000000..2e53755 --- /dev/null +++ b/lxc-apps/opendatakit/opendatakit.image @@ -0,0 +1,23 @@ +IMAGE opendatakit_2.0.5-200403 +FROM alpine3.11-tomcat8.5_8.5.53-200403 + +RUN EOF + # Download OpenDataKit + wget https://github.com/opendatakit/aggregate/releases/download/v2.0.5/ODK-Aggregate-v2.0.5.war -O /tmp/odk.war + mkdir /srv/tomcat/webapps/ROOT + unzip /tmp/odk.war -d /srv/tomcat/webapps/ROOT + + # Update Postgres JDBC driver + rm /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.1.4.jre7.jar + wget https://jdbc.postgresql.org/download/postgresql-42.2.11.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.11.jar + + # Change webapps ownership + chown -R tomcat:tomcat /srv/tomcat/webapps + + # Cleanup + rm /tmp/odk.war +EOF + +USER tomcat +WORKDIR /srv/tomcat +CMD /usr/bin/catalina.sh run diff --git a/lxc-apps/opendatakit/uninstall.sh b/lxc-apps/opendatakit/uninstall.sh index d965a2d..7ce82d7 100755 --- a/lxc-apps/opendatakit/uninstall.sh +++ b/lxc-apps/opendatakit/uninstall.sh @@ -1,14 +1,9 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/opendatakit -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS opendatakit; DROP ROLE IF EXISTS opendatakit;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/opendatakit" # Unregister application vmmgr unregister-app opendatakit +vmmgr unregister-app opendatakit-build diff --git a/lxc-apps/openmapkit/app b/lxc-apps/openmapkit/app new file mode 100644 index 0000000..6a0f736 --- /dev/null +++ b/lxc-apps/openmapkit/app @@ -0,0 +1,18 @@ +{ + "version": "0.12.0-200403", + "meta": { + "title": "OpenMapKit", + "desc-cs": "Sběr mapových dat", + "desc-en": "Map data collection", + "license": "GPL" + }, + "containers": { + "openmapkit": { + "image": "openmapkit_0.12.0-200403", + "mounts": { + "openmapkit/omk_conf/settings.js": "srv/openmapkit/settings.js:file", + "openmapkit/omk_data": "srv/openmapkit/data" + } + } + } +} diff --git a/lxc-apps/openmapkit/lxcfile b/lxc-apps/openmapkit/image similarity index 55% rename from lxc-apps/openmapkit/lxcfile rename to lxc-apps/openmapkit/image index 6e3e281..ea03224 100644 --- a/lxc-apps/openmapkit/lxcfile +++ b/lxc-apps/openmapkit/image @@ -1,22 +1,19 @@ -IMAGE openmapkit -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-python2.7 -LAYER shared/alpine3.9-nodejs10 -LAYER openmapkit/openmapkit - -FIXLAYER /usr/bin/fix-apk +IMAGE openmapkit_0.12.0-200403 +FROM alpine3.10-nodejs10_10.19.0-200403 +# libxmljs installation fails on nodejs>10 RUN EOF + # Install runtime dependencies + apk --no-cache add python2 openjdk8-jre-base + # Install build dependencies apk --no-cache add --virtual .deps build-base git py2-pip yarn # Clone OpenMapKit - git clone --depth 1 https://github.com/posm/OpenMapKitServer /srv/openmapkit - cd /srv/openmapkit - git submodule update --init + git clone --recursive --depth 1 https://github.com/posm/OpenMapKitServer /srv/openmapkit # Install OpenMapKit dependencies + cd /srv/openmapkit pip install -r requirements.txt yarn add libxmljs yarn @@ -25,8 +22,8 @@ RUN EOF yarn build # Create OS user - addgroup -S -g 8007 omk - adduser -S -u 8007 -h /srv/openmapkit -s /bin/false -g omk -G omk omk + addgroup -S -g 8080 omk + adduser -S -u 8080 -h /srv/openmapkit -s /bin/false -g omk -G omk omk chown -R omk:omk /srv/openmapkit # Cleanup @@ -37,9 +34,6 @@ RUN EOF EOF # s6 required for single service due to inability of nodejs to process signals when running as PID 1 -COPY lxc +COPY image.d -MOUNT FILE /srv/openmapkit/conf/settings.js srv/openmapkit/settings.js -MOUNT DIR /srv/openmapkit/data srv/openmapkit/data - -CMD s6-svscan /etc/services.d +CMD /bin/s6-svscan /etc/services.d diff --git a/lxc-apps/openmapkit/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/openmapkit/image.d/etc/services.d/.s6-svscan/finish similarity index 100% rename from lxc-apps/openmapkit/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/openmapkit/image.d/etc/services.d/.s6-svscan/finish diff --git a/lxc-apps/openmapkit/lxc/etc/services.d/openmapkit/run b/lxc-apps/openmapkit/image.d/etc/services.d/openmapkit/run similarity index 100% rename from lxc-apps/openmapkit/lxc/etc/services.d/openmapkit/run rename to lxc-apps/openmapkit/image.d/etc/services.d/openmapkit/run diff --git a/lxc-apps/openmapkit/install.sh b/lxc-apps/openmapkit/install.sh index a8151cb..27eb3ea 100755 --- a/lxc-apps/openmapkit/install.sh +++ b/lxc-apps/openmapkit/install.sh @@ -1,19 +1,19 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +OMK_CONF="${VOLUMES_DIR}/openmapkit/omk_conf" +OMK_DATA="${VOLUMES_DIR}/openmapkit/omk_data" +OMK_LAYER="${LAYERS_DIR}/openmapkit_0.12.0-200403" # Configure OpenMapKit export OPENMAPKIT_ADMIN_USER="admin" export OPENMAPKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -mkdir -p /srv/openmapkit/conf /srv/openmapkit/data -chown -R 8007:8007 /srv/openmapkit/data -cp -rp /var/lib/lxc/openmapkit/openmapkit/srv/openmapkit/data/. /srv/openmapkit/data -envsubst /srv/openmapkit/conf/settings.js +install -o 108080 -g 108080 -m 750 -d ${OMK_CONF} +envsubst /srv/pandora/conf/local_settings.py - -# Set "production values" (increases performance) only if the DEBUG environment variable is not set -if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/DEBUG = True/DEBUG = False/' /srv/pandora/conf/local_settings.py -fi +install -o 108080 -g 108080 -m 750 -d ${PANDORA_CONF} +install -o 108080 -g 108080 -m 755 -d ${PANDORA_DATA} +install -o 108080 -g 108080 -m 640 pandora_conf/config.jsonc ${PANDORA_CONF}/config.jsonc +install -o 108080 -g 108080 -m 640 pandora_conf/gunicorn_config.py ${PANDORA_CONF}/gunicorn_config.py +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/pandora/install/srv/pandora/update-conf.sh b/lxc-apps/pandora/install/srv/pandora/update-conf.sh deleted file mode 100755 index a68d15b..0000000 --- a/lxc-apps/pandora/install/srv/pandora/update-conf.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -HOST="${DOMAIN}" -[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}" -sed -i "s|\(^\s\+\"url\": \).*|\1\"pandora.${HOST}\"|" /srv/pandora/conf/config.jsonc - -sed -i "s|\(^GOOGLE_API_KEY = \).*|\1'${GMAPS_API_KEY}'|" /srv/pandora/conf/local_settings.py diff --git a/lxc-apps/pandora/install/update-conf.sh b/lxc-apps/pandora/install/update-conf.sh new file mode 100755 index 0000000..5164b88 --- /dev/null +++ b/lxc-apps/pandora/install/update-conf.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +# Volumes +PANDORA_CONF="${VOLUMES_DIR}/pandora/pandora_conf" + +# Variables +HTTP_HOST="${HOST}" +[ "${PORT}" != "443" ] && HTTP_HOST="${HTTP_HOST}:${PORT}" + +# Replacements +sed -i "s|\(^\s\+\"url\": \).*|\1\"${HTTP_HOST}\"|" ${PANDORA_CONF}/config.jsonc +sed -i "s|\(^GOOGLE_API_KEY = \).*|\1'${GMAPS_API_KEY}'|" ${PANDORA_CONF}/local_settings.py diff --git a/lxc-apps/pandora/lxc/etc/services.d/pandora-encoding/run b/lxc-apps/pandora/lxc/etc/services.d/pandora-encoding/run deleted file mode 100755 index eb9a1d5..0000000 --- a/lxc-apps/pandora/lxc/etc/services.d/pandora-encoding/run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/execlineb -P - -cd /srv/pandora/pandora -export HOME /srv/pandora -fdmove -c 2 1 -s6-setuidgid pandora -./manage.py celery worker -Q encoding -n pandora-encoding --pidfile pandora-encoding.pid --maxtasksperchild 500 -l INFO diff --git a/lxc-apps/pandora/lxc/etc/services.d/pandora-tasks/run b/lxc-apps/pandora/lxc/etc/services.d/pandora-tasks/run deleted file mode 100755 index 5f5c1d6..0000000 --- a/lxc-apps/pandora/lxc/etc/services.d/pandora-tasks/run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/execlineb -P - -cd /srv/pandora/pandora -export HOME /srv/pandora -fdmove -c 2 1 -s6-setuidgid pandora -./manage.py celery worker -Q default,celery -n pandora-default --pidfile pandora-tasks.pid --maxtasksperchild 1000 -l INFO diff --git a/lxc-apps/pandora/meta b/lxc-apps/pandora/meta deleted file mode 100644 index 662509c..0000000 --- a/lxc-apps/pandora/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Pan.do/ra", - "desc-cs": "Archiv medií", - "desc-en": "Media archive", - "lxcpath": "pandora", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python3.6", "postgres", "rabbitmq"] -} diff --git a/lxc-apps/pandora/uninstall.sh b/lxc-apps/pandora/uninstall.sh index cdd4a0f..5e9234d 100755 --- a/lxc-apps/pandora/uninstall.sh +++ b/lxc-apps/pandora/uninstall.sh @@ -1,20 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/pandora -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS pandora; DROP ROLE IF EXISTS pandora;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Remove RabbitMQ vhost and user -[ ! -e /run/openrc/started/rabbitmq ] && service rabbitmq start && STOP_RABBITMQ=1 -lxc-attach rabbitmq -- rabbitmqctl delete_vhost /pandora || true -lxc-attach rabbitmq -- rabbitmqctl delete_user pandora || true -[ ! -z ${STOP_RABBITMQ} ] && service rabbitmq stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/pandora" # Unregister application vmmgr unregister-app pandora diff --git a/lxc-apps/sahana-demo/app b/lxc-apps/sahana-demo/app new file mode 100644 index 0000000..8ff48f8 --- /dev/null +++ b/lxc-apps/sahana-demo/app @@ -0,0 +1,29 @@ +{ + "version": "0.0.1-200403", + "meta": { + "title": "Sahana Eden - Demo", + "desc-cs": "Řízení humanítární činnosti - Demo instance", + "desc-en": "Management of humanitarian activities - Demo instance", + "license": "GPL" + }, + "containers": { + "sahana-demo": { + "image": "sahana_0.0.1-200403", + "depends": [ + "sahana-demo-postgres" + ], + "mounts": { + "sahana-demo/sahana_conf": "srv/web2py/applications/eden/models", + "sahana-demo/sahana_data/default": "srv/web2py/applications/eden/modules/templates/default", + "sahana-demo/sahana_data/databases": "srv/web2py/applications/eden/databases", + "sahana-demo/sahana_data/uploads": "srv/web2py/applications/eden/uploads" + } + }, + "sahana-demo-postgres": { + "image": "postgis_3.0.0-200403", + "mounts": { + "sahana-demo/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/sahana-demo/install.sh b/lxc-apps/sahana-demo/install.sh index c468905..2054237 100755 --- a/lxc-apps/sahana-demo/install.sh +++ b/lxc-apps/sahana-demo/install.sh @@ -1,50 +1,49 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install -export TEMPLATE=${TEMPLATE:-"default"} +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/sahana-demo/postgres_data" +SAHANA_DATA="${VOLUMES_DIR}/sahana-demo/sahana_data" +SAHANA_CONF="${VOLUMES_DIR}/sahana-demo/sahana_conf" +SAHANA_LAYER="${LAYERS_DIR}/sahana_0.0.1-200403" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec sahana-demo-postgres -- initdb -D /var/lib/postgresql +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf # Create PostgreSQL user and database export SAHANADEMO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/sahana-demo/conf/000_config.py -if [ ${TEMPLATE} == "default" ]; then - envsubst /srv/sahana-demo/data/default/users/masterUsers.csv -else - mkdir -p /var/lib/lxc/sahana-demo/sahana-demo/srv/web2py/applications/eden/modules/templates/default/users - envsubst /var/lib/lxc/sahana-demo/sahana-demo/srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv - chown -R 8001:8001 /var/lib/lxc/sahana-demo/sahana-demo/srv/web2py -fi - -# Replace template in LXC container mount definition -sed -i "s/default/${TEMPLATE}/g" /var/lib/lxc/sahana-demo/config +envsubst /etc/init.d/sahana-demo -chmod +x /etc/init.d/sahana-demo +# Set "production values" (increases performance) only if the DEBUG environment variable is not set +if [ ${DEBUG:-0} -eq 0 ]; then + sed -i 's/settings.base.migrate = True/settings.base.migrate = False/' ${SAHANA_CONF}/000_config.py + sed -i 's/settings.base.debug = True/settings.base.debug = False/' ${SAHANA_CONF}/000_config.py + sed -i 's/#settings.base.prepopulate = 0/settings.base.prepopulate = 0/' ${SAHANA_CONF}/000_config.py +fi -# Install config update script -cp srv/sahana-demo/update-conf.sh /srv/sahana-demo/update-conf.sh - -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Stop services required for setup +spoc-container stop sahana-demo-postgres # Register application vmmgr register-app sahana-demo sahana-demo "${SAHANADEMO_ADMIN_USER}" "${SAHANADEMO_ADMIN_PWD}" diff --git a/lxc-apps/sahana-demo/install/etc/init.d/sahana-demo b/lxc-apps/sahana-demo/install/etc/init.d/sahana-demo deleted file mode 100755 index 0ae2bc8..0000000 --- a/lxc-apps/sahana-demo/install/etc/init.d/sahana-demo +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="Sahana Eden Demo container" - -depend() { - need postgres -} - -start() { - lxc-start sahana-demo -} - -start_post() { - vmmgr register-proxy sahana-demo -} - -stop_pre() { - vmmgr unregister-proxy sahana-demo -} - -stop() { - lxc-stop sahana-demo -} diff --git a/lxc-apps/sahana-demo/install/postgres_data/pg_hba.conf b/lxc-apps/sahana-demo/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/sahana-demo/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/sahana-demo/install/postgres_data/postgresql.conf b/lxc-apps/sahana-demo/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..93e2206 --- /dev/null +++ b/lxc-apps/sahana-demo/install/postgres_data/postgresql.conf @@ -0,0 +1,750 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP settings - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + +# - Archive Recovery - + +# These are only used in recovery mode. + +#restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' + # (change requires restart) +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#primary_conninfo = '' # connection string to sending server + # (change requires restart) +#primary_slot_name = '' # replication slot on sending server + # (change requires restart) +#promote_trigger_file = '' # file name whose presence ends recovery +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off +#jit = on # allow JIT compilation +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/sahana-demo/install/srv/sahana-demo/conf/000_config.py b/lxc-apps/sahana-demo/install/sahana_conf/000_config.py similarity index 93% rename from lxc-apps/sahana-demo/install/srv/sahana-demo/conf/000_config.py rename to lxc-apps/sahana-demo/install/sahana_conf/000_config.py index e9ed49f..c606c2e 100644 --- a/lxc-apps/sahana-demo/install/srv/sahana-demo/conf/000_config.py +++ b/lxc-apps/sahana-demo/install/sahana_conf/000_config.py @@ -23,14 +23,14 @@ FINISHED_EDITING_CONFIG_FILE = True # - Workflows # - Theme # - note that you should restart your web2py after changing this setting -settings.base.template = "${TEMPLATE}" +settings.base.template = "default" # Database settings # Uncomment to use a different database, other than sqlite settings.database.db_type = "postgres" #settings.database.db_type = "mysql" # Uncomment to use a different host -settings.database.host = "postgres" +settings.database.host = "sahana-demo-postgres" # Uncomment to use a different port #settings.database.port = 3306 #settings.database.port = 5432 @@ -68,8 +68,8 @@ settings.base.debug = True # Uncomment this to prevent automated test runs from remote # settings.base.allow_testing = False -# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging -#settings.log.level = "WARNING" +# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging (default) +#settings.log.level = "ERROR" # DEBUG set automatically when base.debug is True # Uncomment to prevent writing log messages to the console (sys.stderr) #settings.log.console = False # Configure a log file (file name) @@ -87,6 +87,9 @@ settings.base.debug = True # - should happen automatically if installing using supported scripts settings.auth.hmac_key = "${SAHANADEMO_HMAC}" +# If using Masterkey Authentication, then set this to a deployment-specific 32 char string: +#settings.auth.masterkey_app_key = "randomstringrandomstringrandomstring" + # Minimum Password Length #settings.auth.password_min_length = 8 @@ -100,10 +103,10 @@ settings.mail.server = "host:25" #settings.mail.tls = True #settings.mail.login = "username:password" # From Address - until this is set, no mails can be sent -settings.mail.sender = "admin@example.com" +settings.mail.sender = "${SAHANADEMO_ADMIN_USER}" # Default email address to which requests to approve new user accounts gets sent # This can be overridden for specific domains/organisations via the auth_domain table -#settings.mail.approver = "useradmin@example.org" +settings.mail.approver = "${SAHANADEMO_ADMIN_USER}" # Daily Limit on Sending of emails #settings.mail.limit = 1000 @@ -215,10 +218,8 @@ settings.base.session_db = True # See http://alerting.worldweather.org/ for oid # Country root oid. The oid for the organisation includes this base #settings.cap.identifier_oid = "2.49.0.0.608.0" -# Change this for the offset period in days that the alert will be effective for -# Expire Date = Effective Date + expire_offset -# Default is 2 days -#settings.cap.expire_offset = 2 +# Set the period (in days) after which alert info segments expire (default=2) +#settings.cap.info_effective_period = 2 # ============================================================================= # Import the settings from the Template @@ -238,6 +239,7 @@ settings.import_template() #settings.L10n.default_language = "en" #settings.security.policy = 7 # Organisation-ACLs # Enable Additional Module(s) +#from gluon.storage import Storage #settings.modules["delphi"] = Storage( # name_nice = T("Delphi Decision Maker"), # restricted = False, diff --git a/lxc-apps/sahana-demo/install/srv/sahana-demo/update-conf.sh b/lxc-apps/sahana-demo/install/srv/sahana-demo/update-conf.sh deleted file mode 100755 index d6c2771..0000000 --- a/lxc-apps/sahana-demo/install/srv/sahana-demo/update-conf.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -HOST="${DOMAIN}" -[ "${PORT}" != "443" ] && HOST="${PORT}:${DOMAIN}" -sed -i "s|\(^settings\.base\.public_url = \).*|\1\"https://sahana-demo.${HOST}\"|" /srv/sahana-demo/conf/000_config.py - -sed -i "s|\(^settings\.mail\.sender = \).*|\1\"${EMAIL}\"|" /srv/sahana-demo/conf/000_config.py -sed -i "s|\(^settings\.mail\.approver = \).*|\1\"${EMAIL}\"|" /srv/sahana-demo/conf/000_config.py -sed -i "s|\(^settings\.gis\.api_google = \).*|\1\"${GMAPS_API_KEY}\"|" /srv/sahana-demo/conf/000_config.py diff --git a/lxc-apps/sahana-demo/install/update-conf.sh b/lxc-apps/sahana-demo/install/update-conf.sh new file mode 100755 index 0000000..0b53a62 --- /dev/null +++ b/lxc-apps/sahana-demo/install/update-conf.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# Volumes +SAHANA_CONF="${VOLUMES_DIR}/sahana-demo/sahana_conf" + +# Variables +HTTP_HOST="${HOST}" +[ "${PORT}" != "443" ] && HTTP_HOST="${HTTP_HOST}:${PORT}" + +# Replacements +sed -i "s|\(^settings\.base\.public_url = \).*|\1\"https://${HTTP_HOST}\"|" ${SAHANA_CONF}/000_config.py +sed -i "s|\(^settings\.mail\.sender = \).*|\1\"${EMAIL}\"|" ${SAHANA_CONF}/000_config.py +sed -i "s|\(^settings\.mail\.approver = \).*|\1\"${EMAIL}\"|" ${SAHANA_CONF}/000_config.py +sed -i "s|\(^settings\.gis\.api_google = \).*|\1\"${GMAPS_API_KEY}\"|" ${SAHANA_CONF}/000_config.py diff --git a/lxc-apps/sahana-demo/lxcfile b/lxc-apps/sahana-demo/lxcfile deleted file mode 100644 index d2e4256..0000000 --- a/lxc-apps/sahana-demo/lxcfile +++ /dev/null @@ -1,12 +0,0 @@ -IMAGE sahana-demo -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER shared/sahana -LAYER sahana-demo/sahana-demo - -MOUNT DIR /srv/sahana-demo/conf srv/web2py/applications/eden/models -MOUNT DIR /srv/sahana-demo/data/default srv/web2py/applications/eden/modules/templates/default -MOUNT DIR /srv/sahana-demo/data/databases srv/web2py/applications/eden/databases -MOUNT DIR /srv/sahana-demo/data/uploads srv/web2py/applications/eden/uploads - -CMD s6-svscan /etc/services.d diff --git a/lxc-apps/sahana-demo/meta b/lxc-apps/sahana-demo/meta deleted file mode 100644 index f460565..0000000 --- a/lxc-apps/sahana-demo/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Sahana Eden - Demo", - "desc-cs": "Řízení humanítární činnosti - Ukázková instance", - "desc-en": "Řízení humanítární činnosti - Ukázková instance", - "lxcpath": "sahana-demo", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["sahana-shared", "postgres"] -} diff --git a/lxc-apps/sahana-demo/uninstall.sh b/lxc-apps/sahana-demo/uninstall.sh index a6adf51..72e6ca0 100755 --- a/lxc-apps/sahana-demo/uninstall.sh +++ b/lxc-apps/sahana-demo/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/sahana-demo -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS sahanademo; DROP ROLE IF EXISTS sahanademo;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf "${VOLUMES_DIR}/sahana-demo" # Unregister application vmmgr unregister-app sahana-demo diff --git a/lxc-apps/sahana-shared/meta b/lxc-apps/sahana-shared/meta deleted file mode 100644 index 54c7f97..0000000 --- a/lxc-apps/sahana-shared/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Řízení humanítární činnosti - Sdílená vrstva", - "desc-en": "Řízení humanítární činnosti - Sdílená vrstva", - "lxcpath": "shared/sahana", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7"] -} diff --git a/lxc-apps/sahana/app b/lxc-apps/sahana/app new file mode 100644 index 0000000..de7d1be --- /dev/null +++ b/lxc-apps/sahana/app @@ -0,0 +1,29 @@ +{ + "version": "0.0.1-200403", + "meta": { + "title": "Sahana Eden", + "desc-cs": "Řízení humanítární činnosti", + "desc-en": "Management of humanitarian activities", + "license": "GPL" + }, + "containers": { + "sahana": { + "image": "sahana_0.0.1-200403", + "depends": [ + "sahana-postgres" + ], + "mounts": { + "sahana/sahana_conf": "srv/web2py/applications/eden/models", + "sahana/sahana_data/Spotter": "srv/web2py/applications/eden/modules/templates/Spotter", + "sahana/sahana_data/databases": "srv/web2py/applications/eden/databases", + "sahana/sahana_data/uploads": "srv/web2py/applications/eden/uploads" + } + }, + "sahana-postgres": { + "image": "postgis_3.0.0-200403", + "mounts": { + "sahana/postgres_data": "var/lib/postgresql" + } + } + } +} diff --git a/lxc-apps/sahana-shared/lxcfile b/lxc-apps/sahana/image similarity index 51% rename from lxc-apps/sahana-shared/lxcfile rename to lxc-apps/sahana/image index 5597048..9c631ef 100644 --- a/lxc-apps/sahana-shared/lxcfile +++ b/lxc-apps/sahana/image @@ -1,26 +1,18 @@ -IMAGE sahana -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER shared/sahana +IMAGE sahana_0.0.1-200403 +FROM alpine3.11-python3.8_3.8.2-200403 RUN EOF # Install runtime dependencies - apk --no-cache add geos@vm nginx py-gdal@vm py2-dateutil py2-lxml py2-numpy py2-pillow py2-psycopg2 py2-requests uwsgi-python + apk --no-cache add geos nginx py3-dateutil py3-gdal py3-lxml py3-numpy py3-pillow py3-psycopg2 py3-requests py3-sgmllib3k uwsgi-python3 # Install build dependencies - apk --no-cache add --virtual .deps build-base git freetype-dev libpng-dev py-numpy-dev py2-pip python2-dev ttf-dejavu - - # Hackfix for python find_library('c') call - ln -s /lib/ld-musl-x86_64.so.1 /lib/libc.so.1 + apk --no-cache add --virtual .deps build-base freetype-dev git py3-numpy-dev py3-pip python3-dev ttf-dejavu # Install web2py git clone --recursive https://github.com/web2py/web2py.git /srv/web2py - git -C /srv/web2py checkout 7035398 + git -C /srv/web2py checkout 59700b8 git -C /srv/web2py submodule update - # Fix Web2py urllib import (https://github.com/web2py/pydal/commit/9d2290c) - sed -i 's/import traceback/import traceback\nimport urllib/' /srv/web2py/gluon/packages/dal/pydal/base.py - # Symlink WSGI handler ln -s /srv/web2py/handlers/wsgihandler.py /srv/web2py/wsgihandler.py @@ -28,29 +20,37 @@ RUN EOF git clone --depth 1 https://github.com/sahana/eden.git /srv/web2py/applications/eden # Install python dependencies, exclude old or unnecessary ones - sed -i 's/^ansible/#ansible/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^boto/#boto/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^PIL/#PIL/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^PyRTF/#PyRTF/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^PyYAML/#PyYAML/' /srv/web2py/applications/eden/optional_requirements.txt - pip install -r /srv/web2py/applications/eden/optional_requirements.txt + sed -i 's/^Pillow/#Pillow/' /srv/web2py/applications/eden/optional_requirements.txt # We have 6.2.1, Sahana requires 6.2.2 + sed -i 's/^ansible/#ansible/' /srv/web2py/applications/eden/optional_requirements.txt # Needed for setup + sed -i 's/^boto/#boto/' /srv/web2py/applications/eden/optional_requirements.txt # Needed for setup on AWS + sed -i 's/^PyRTF/#PyRTF/' /srv/web2py/applications/eden/optional_requirements.txt # Ceased to exist + sed -i 's/^PyYAML/#PyYAML/' /srv/web2py/applications/eden/optional_requirements.txt # Needed for setup + sed -i 's/^openst/#openst/' /srv/web2py/applications/eden/optional_requirements.txt # Needed for setup on OpenStack + pip3 install -r /srv/web2py/applications/eden/optional_requirements.txt + pip3 install translate-toolkit # Copy fonts with Czech glyphs cp /usr/share/fonts/ttf-dejavu/DejaVuSerif-Bold.ttf /srv/web2py/applications/eden/static/fonts/Helvetica-Bold.ttf cp /usr/share/fonts/ttf-dejavu/DejaVuSerif.ttf /srv/web2py/applications/eden/static/fonts/Helvetica.ttf EOF -COPY lxc +COPY image.d RUN EOF # Create OS user - addgroup -S -g 8001 sahana - adduser -S -u 8001 -h /srv/web2py -s /bin/false -g sahana -G sahana sahana + addgroup -S -g 8080 sahana + adduser -S -u 8080 -h /srv/web2py -s /bin/false -g sahana -G sahana sahana chown -R sahana:sahana /srv/web2py - + + # Patch web2py for python 3.8 + cd /srv/web2py + patch -p0 0: +--- gluon/packages/dal/pydal/validators.py ++++ gluon/packages/dal/pydal/validators.py +@@ -148,7 +148,7 @@ + + + def validator_caller(func, value): +- if getattr(func, 'validate', None) is Validator.validate: ++ if getattr(func, 'validate', None) is not Validator.validate: + return func.validate(value) + value, error = func(value) + if error is not None: +@@ -3154,7 +3154,7 @@ + if not all_special.count(True) >= self.special: + failures.append(self.translator("Must include at least %s of the following: %s") + % (self.special, self.specials)) +- elif self.special is 0: ++ elif self.special == 0 and self.special is not False: + if len(all_special) > 0: + failures.append(self.translator("May not contain any of the following: %s") + % self.specials) +@@ -3169,7 +3169,7 @@ + if not len(all_upper) >= self.upper: + failures.append(self.translator("Must include at least %s uppercase") + % str(self.upper)) +- elif self.upper is 0: ++ elif self.upper == 0 and self.upper is not False: + if len(all_upper) > 0: + failures.append( + self.translator("May not include any uppercase letters")) +@@ -3179,7 +3179,7 @@ + if not len(all_lower) >= self.lower: + failures.append(self.translator("Must include at least %s lowercase") + % str(self.lower)) +- elif self.lower is 0: ++ elif self.lower == 0 and self.lower is not False: + if len(all_lower) > 0: + failures.append( + self.translator("May not include any lowercase letters")) +@@ -3192,7 +3192,7 @@ + if not len(all_number) >= self.number: + failures.append(self.translator("Must include at least %s %s") + % (str(self.number), numbers)) +- elif self.number is 0: ++ elif self.number == 0 and self.number is not False: + if len(all_number) > 0: + failures.append(self.translator("May not include any numbers")) + if len(failures) == 0: diff --git a/lxc-apps/sahana/install.sh b/lxc-apps/sahana/install.sh index dbf8342..da74e1b 100755 --- a/lxc-apps/sahana/install.sh +++ b/lxc-apps/sahana/install.sh @@ -1,51 +1,54 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install +# Volumes +POSTGRES_DATA="${VOLUMES_DIR}/sahana/postgres_data" +SAHANA_DATA="${VOLUMES_DIR}/sahana/sahana_data" +SAHANA_CONF="${VOLUMES_DIR}/sahana/sahana_conf" +SAHANA_LAYER="${LAYERS_DIR}/sahana_0.0.1-200403" -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA} +spoc-container exec sahana-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf +install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf # Create PostgreSQL user and database export SAHANA_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/sahana/conf/000_config.py -envsubst /srv/sahana/data/Spotter/masterUsers.csv -cp srv/sahana/conf/00_settings.py /srv/sahana/conf/00_settings.py +envsubst 0 logs only + # statements running at least this number + # of milliseconds + +#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements + # are logged regardless of their duration. 1.0 logs all + # statements from all transactions, 0.0 never logs. + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#default_table_access_method = 'heap' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Shared Library Preloading - + +#shared_preload_libraries = '' # (change requires restart) +#local_preload_libraries = '' +#session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/sahana/install/srv/sahana/conf/000_config.py b/lxc-apps/sahana/install/sahana_conf/000_config.py similarity index 94% rename from lxc-apps/sahana/install/srv/sahana/conf/000_config.py rename to lxc-apps/sahana/install/sahana_conf/000_config.py index 4dfc77e..c17fbc7 100644 --- a/lxc-apps/sahana/install/srv/sahana/conf/000_config.py +++ b/lxc-apps/sahana/install/sahana_conf/000_config.py @@ -30,7 +30,7 @@ settings.base.template = "Spotter" settings.database.db_type = "postgres" #settings.database.db_type = "mysql" # Uncomment to use a different host -settings.database.host = "postgres" +settings.database.host = "sahana-postgres" # Uncomment to use a different port #settings.database.port = 3306 #settings.database.port = 5432 @@ -68,8 +68,8 @@ settings.base.debug = True # Uncomment this to prevent automated test runs from remote # settings.base.allow_testing = False -# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging -#settings.log.level = "WARNING" +# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging (default) +#settings.log.level = "ERROR" # DEBUG set automatically when base.debug is True # Uncomment to prevent writing log messages to the console (sys.stderr) #settings.log.console = False # Configure a log file (file name) @@ -87,6 +87,9 @@ settings.base.debug = True # - should happen automatically if installing using supported scripts settings.auth.hmac_key = "${SAHANA_HMAC}" +# If using Masterkey Authentication, then set this to a deployment-specific 32 char string: +#settings.auth.masterkey_app_key = "randomstringrandomstringrandomstring" + # Minimum Password Length #settings.auth.password_min_length = 8 @@ -100,10 +103,10 @@ settings.mail.server = "host:25" #settings.mail.tls = True #settings.mail.login = "username:password" # From Address - until this is set, no mails can be sent -settings.mail.sender = "admin@example.com" +settings.mail.sender = "${SAHANA_ADMIN_USER}" # Default email address to which requests to approve new user accounts gets sent # This can be overridden for specific domains/organisations via the auth_domain table -settings.mail.approver = "admin@example.com" +settings.mail.approver = "${SAHANA_ADMIN_USER}" # Daily Limit on Sending of emails #settings.mail.limit = 1000 @@ -219,10 +222,8 @@ settings.base.session_db = True # See http://alerting.worldweather.org/ for oid # Country root oid. The oid for the organisation includes this base #settings.cap.identifier_oid = "2.49.0.0.608.0" -# Change this for the offset period in days that the alert will be effective for -# Expire Date = Effective Date + expire_offset -# Default is 2 days -#settings.cap.expire_offset = 2 +# Set the period (in days) after which alert info segments expire (default=2) +#settings.cap.info_effective_period = 2 # ============================================================================= # Import the settings from the Template @@ -242,6 +243,7 @@ settings.import_template() #settings.L10n.default_language = "en" #settings.security.policy = 7 # Organisation-ACLs # Enable Additional Module(s) +#from gluon.storage import Storage #settings.modules["delphi"] = Storage( # name_nice = T("Delphi Decision Maker"), # restricted = False, diff --git a/lxc-apps/sambro/install/srv/sambro/conf/00_settings.py b/lxc-apps/sahana/install/sahana_conf/00_settings.py similarity index 88% rename from lxc-apps/sambro/install/srv/sambro/conf/00_settings.py rename to lxc-apps/sahana/install/sahana_conf/00_settings.py index 009e3a7..5610291 100644 --- a/lxc-apps/sambro/install/srv/sambro/conf/00_settings.py +++ b/lxc-apps/sahana/install/sahana_conf/00_settings.py @@ -88,6 +88,7 @@ s3.stylesheets = [] s3.external_stylesheets = [] # To get included at the end of s3.scripts = [] +s3.scripts_modules = [] s3.js_global = [] s3.jquery_ready = [] @@ -194,20 +195,23 @@ _settings.allow_basic_login = True _settings.logout_onlogout = s3_auth_on_logout _settings.login_onaccept = s3_auth_on_login -_settings.login_next = settings.get_auth_login_next() +# Now read in auth.login() to avoid setting unneccesarily in every request +#_settings.login_next = settings.get_auth_login_next() if settings.has_module("vol") and \ settings.get_auth_registration_volunteer(): _settings.register_next = URL(c="vol", f="person") # Languages available in User Profiles -if len(s3.l10n_languages) > 1: - _settings.table_user.language.requires = IS_IN_SET(s3.l10n_languages, - zero=None) -else: - field = _settings.table_user.language - field.default = s3.l10n_languages.keys()[0] - field.readable = False - field.writable = False +#if len(s3.l10n_languages) > 1: +# _settings.table_user.language.requires = s3base.IS_ISO639_2_LANGUAGE_CODE(sort = True, +# translate = True, +# zero = None, +# ) +#else: +# field = _settings.table_user.language +# field.default = s3.l10n_languages.keys()[0] +# field.readable = False +# field.writable = False _settings.lock_keys = True @@ -241,14 +245,14 @@ session.information = [] session.warning = [] # Shortcuts for system role IDs, see modules/s3aaa.py/AuthS3 -system_roles = auth.get_system_roles() -ADMIN = system_roles.ADMIN -AUTHENTICATED = system_roles.AUTHENTICATED -ANONYMOUS = system_roles.ANONYMOUS -EDITOR = system_roles.EDITOR -MAP_ADMIN = system_roles.MAP_ADMIN -ORG_ADMIN = system_roles.ORG_ADMIN -ORG_GROUP_ADMIN = system_roles.ORG_GROUP_ADMIN +#system_roles = auth.get_system_roles() +#ADMIN = system_roles.ADMIN +#AUTHENTICATED = system_roles.AUTHENTICATED +#ANONYMOUS = system_roles.ANONYMOUS +#EDITOR = system_roles.EDITOR +#MAP_ADMIN = system_roles.MAP_ADMIN +#ORG_ADMIN = system_roles.ORG_ADMIN +#ORG_GROUP_ADMIN = system_roles.ORG_GROUP_ADMIN if s3.debug: # Add the developer toolbar from modules/s3/s3utils.py @@ -261,15 +265,15 @@ s3_formstyle = settings.get_ui_formstyle() s3_formstyle_read = settings.get_ui_formstyle_read() s3_formstyle_mobile = s3_formstyle submit_button = T("Save") -_crud = s3.crud -_crud.formstyle = s3_formstyle -_crud.formstyle_read = s3_formstyle_read -_crud.submit_button = submit_button +s3_crud = s3.crud +s3_crud.formstyle = s3_formstyle +s3_crud.formstyle_read = s3_formstyle_read +s3_crud.submit_button = submit_button # Optional class for Submit buttons -#_crud.submit_style = "submit-button" -_crud.confirm_delete = T("Do you really want to delete these records?") -_crud.archive_not_delete = settings.get_security_archive_not_delete() -_crud.navigate_away_confirm = settings.get_ui_navigate_away_confirm() +#s3_crud.submit_style = "submit-button" +s3_crud.confirm_delete = T("Do you really want to delete these records?") +s3_crud.archive_not_delete = settings.get_security_archive_not_delete() +s3_crud.navigate_away_confirm = settings.get_ui_navigate_away_confirm() # Content Type Headers, default is application/xml for XML formats # and text/x-json for JSON formats, other content types must be diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultItems.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DefaultItems.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultItems.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DefaultItems.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillCompetency.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillCompetency.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillCompetency.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillCompetency.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillList.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillList.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillList.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillList.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList_EU.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList_EU.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList_EU.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList_EU.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageCompetency.csv b/lxc-apps/sahana/install/sahana_data/Spotter/LanguageCompetency.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageCompetency.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/LanguageCompetency.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageSkillList.csv b/lxc-apps/sahana/install/sahana_data/Spotter/LanguageSkillList.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageSkillList.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/LanguageSkillList.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/StandardItems.csv b/lxc-apps/sahana/install/sahana_data/Spotter/StandardItems.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/StandardItems.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/StandardItems.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/__init__.py b/lxc-apps/sahana/install/sahana_data/Spotter/__init__.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/__init__.py rename to lxc-apps/sahana/install/sahana_data/Spotter/__init__.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/auth_roles.csv b/lxc-apps/sahana/install/sahana_data/Spotter/auth_roles.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/auth_roles.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/auth_roles.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/certificate.csv b/lxc-apps/sahana/install/sahana_data/Spotter/certificate.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/certificate.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/certificate.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/cms_post.csv b/lxc-apps/sahana/install/sahana_data/Spotter/cms_post.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/cms_post.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/cms_post.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/config.py b/lxc-apps/sahana/install/sahana_data/Spotter/config.py similarity index 86% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/config.py rename to lxc-apps/sahana/install/sahana_data/Spotter/config.py index d952e3c..3bf808f 100644 --- a/lxc-apps/sahana/install/srv/sahana/data/Spotter/config.py +++ b/lxc-apps/sahana/install/sahana_data/Spotter/config.py @@ -20,6 +20,9 @@ def config(settings): # In Production, prepopulate = 0 (to save 1x DAL hit every page) settings.base.prepopulate.append("Spotter") + # Uncomment this to prefer scalability-optimized strategies globally + #settings.base.bigtable = True + # Theme (folder to use for views/layout.html) #settings.base.theme = "default" @@ -35,6 +38,8 @@ def config(settings): #settings.auth.registration_requires_verification = True # Do new users need to be approved by an administrator prior to being able to login? #settings.auth.registration_requires_approval = True + # Disable welcome-emails to newly registered users + #settings.auth.registration_welcome_email = False # Allow a new user to be linked to a record (and a new record will be created if it doesn't already exist) settings.auth.registration_link_user_to = {"staff":T("Staff"), @@ -72,8 +77,6 @@ def config(settings): #settings.auth.registration_requests_site = True # Uncomment this to allow Admin to see Organisations in User Admin even if the Registration doesn't request this #settings.auth.admin_sees_organisation = True - # Uncomment to hide the UTC Offset in Registration/Profile - #settings.auth.show_utc_offset = False # Uncomment to set the default role UUIDs assigned to newly-registered users # This is a dictionary of lists, where the key is the realm that the list of roles applies to # The key 0 implies not realm restricted @@ -104,14 +107,20 @@ def config(settings): # https://termsfeed.com/terms-conditions/generator/ # uses