From afbd4a0f6000dbd691d8d80553d59c795614d56b Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 25 Jun 2019 15:56:35 +0200 Subject: [PATCH 001/228] New approach in package building and versioning --- build/usr/bin/fix-apk | 6 +- build/usr/bin/lxc-build | 207 +---------------- build/usr/bin/lxc-pack | 92 -------- build/usr/lib/python3.6/lxcbuild/__init__.py | 1 + .../usr/lib/python3.6/lxcbuild/lxcbuilder.py | 213 ++++++++++++++++++ build/usr/lib/python3.6/lxcbuild/lxcimage.py | 34 +++ build/usr/lib/python3.6/lxcbuild/lxcpacker.py | 89 ++++++++ lxc-apps/ckan-datapusher/lxcfile | 13 +- lxc-apps/ckan-datapusher/meta | 9 - lxc-apps/ckan/lxcfile | 14 +- lxc-apps/ckan/meta | 10 - lxc-apps/crisiscleanup/lxcfile | 16 +- lxc-apps/crisiscleanup/meta | 10 - lxc-apps/cts/lxcfile | 14 +- lxc-apps/cts/meta | 10 - lxc-apps/ecogis/lxcfile | 14 +- lxc-apps/ecogis/meta | 10 - lxc-apps/frontlinesms/lxcfile | 13 +- lxc-apps/frontlinesms/meta | 10 - lxc-apps/gnuhealth/lxcfile | 16 +- lxc-apps/gnuhealth/meta | 10 - lxc-apps/kanboard/lxcfile | 14 +- lxc-apps/kanboard/meta | 10 - lxc-apps/mifosx/lxcfile | 16 +- lxc-apps/mifosx/meta | 10 - lxc-apps/motech/lxcfile | 16 +- lxc-apps/motech/meta | 10 - lxc-apps/odoo/lxcfile | 16 +- lxc-apps/odoo/meta | 10 - lxc-apps/opendatakit-build/lxcfile | 16 +- lxc-apps/opendatakit-build/meta | 10 - lxc-apps/opendatakit/lxcfile | 16 +- lxc-apps/opendatakit/meta | 10 - lxc-apps/openmapkit/lxcfile | 17 +- lxc-apps/openmapkit/meta | 10 - lxc-apps/pandora/lxcfile | 14 +- lxc-apps/pandora/meta | 10 - lxc-apps/sahana-demo/lxcfile | 16 +- lxc-apps/sahana-demo/meta | 10 - lxc-apps/sahana-shared/lxcfile | 13 +- lxc-apps/sahana-shared/meta | 9 - lxc-apps/sahana/lxcfile | 16 +- lxc-apps/sahana/meta | 10 - lxc-apps/sambro/lxcfile | 16 +- lxc-apps/sambro/meta | 10 - lxc-apps/seeddms/lxcfile | 16 +- lxc-apps/seeddms/meta | 10 - lxc-apps/sigmah/lxcfile | 16 +- lxc-apps/sigmah/meta | 10 - lxc-apps/ushahidi/lxcfile | 14 +- lxc-apps/ushahidi/meta | 10 - lxc-services/activemq/lxcfile | 13 +- lxc-services/activemq/meta | 9 - lxc-services/mariadb/lxcfile | 11 +- lxc-services/mariadb/meta | 9 - lxc-services/postgres/lxcfile | 11 +- lxc-services/postgres/meta | 9 - lxc-services/rabbitmq/lxcfile | 11 +- lxc-services/rabbitmq/meta | 9 - lxc-services/redis/lxcfile | 11 +- lxc-services/redis/meta | 9 - lxc-services/solr/lxcfile | 13 +- lxc-services/solr/meta | 9 - lxc-shared/alpine3.8-nodejs8/lxcfile | 11 +- lxc-shared/alpine3.8-nodejs8/meta | 9 - lxc-shared/alpine3.8-php5.6/lxcfile | 11 +- lxc-shared/alpine3.8-php5.6/meta | 9 - lxc-shared/alpine3.8-ruby2.4/lxcfile | 11 +- lxc-shared/alpine3.8-ruby2.4/meta | 9 - lxc-shared/alpine3.8/lxcfile | 9 +- lxc-shared/alpine3.8/meta | 9 - lxc-shared/alpine3.9-java8/lxcfile | 11 +- lxc-shared/alpine3.9-java8/meta | 9 - lxc-shared/alpine3.9-nodejs10/lxcfile | 11 +- lxc-shared/alpine3.9-nodejs10/meta | 9 - lxc-shared/alpine3.9-php7.2/lxcfile | 11 +- lxc-shared/alpine3.9-php7.2/meta | 9 - lxc-shared/alpine3.9-python2.7/lxcfile | 11 +- lxc-shared/alpine3.9-python2.7/meta | 9 - lxc-shared/alpine3.9-python3.6/lxcfile | 11 +- lxc-shared/alpine3.9-python3.6/meta | 9 - lxc-shared/alpine3.9-ruby2.4/lxcfile | 11 +- lxc-shared/alpine3.9-ruby2.4/meta | 9 - lxc-shared/alpine3.9-tomcat7/lxcfile | 13 +- lxc-shared/alpine3.9-tomcat7/meta | 9 - lxc-shared/alpine3.9-tomcat8.5/lxcfile | 13 +- lxc-shared/alpine3.9-tomcat8.5/meta | 9 - lxc-shared/alpine3.9/lxcfile | 10 +- lxc-shared/alpine3.9/meta | 9 - 89 files changed, 729 insertions(+), 848 deletions(-) delete mode 100755 build/usr/bin/lxc-pack create mode 100644 build/usr/lib/python3.6/lxcbuild/__init__.py create mode 100644 build/usr/lib/python3.6/lxcbuild/lxcbuilder.py create mode 100644 build/usr/lib/python3.6/lxcbuild/lxcimage.py create mode 100644 build/usr/lib/python3.6/lxcbuild/lxcpacker.py delete mode 100644 lxc-apps/ckan-datapusher/meta delete mode 100644 lxc-apps/ckan/meta delete mode 100644 lxc-apps/crisiscleanup/meta delete mode 100644 lxc-apps/cts/meta delete mode 100644 lxc-apps/ecogis/meta delete mode 100644 lxc-apps/frontlinesms/meta delete mode 100644 lxc-apps/gnuhealth/meta delete mode 100644 lxc-apps/kanboard/meta delete mode 100644 lxc-apps/mifosx/meta delete mode 100644 lxc-apps/motech/meta delete mode 100644 lxc-apps/odoo/meta delete mode 100644 lxc-apps/opendatakit-build/meta delete mode 100644 lxc-apps/opendatakit/meta delete mode 100644 lxc-apps/openmapkit/meta delete mode 100644 lxc-apps/pandora/meta delete mode 100644 lxc-apps/sahana-demo/meta delete mode 100644 lxc-apps/sahana-shared/meta delete mode 100644 lxc-apps/sahana/meta delete mode 100644 lxc-apps/sambro/meta delete mode 100644 lxc-apps/seeddms/meta delete mode 100644 lxc-apps/sigmah/meta delete mode 100644 lxc-apps/ushahidi/meta delete mode 100644 lxc-services/activemq/meta delete mode 100644 lxc-services/mariadb/meta delete mode 100644 lxc-services/postgres/meta delete mode 100644 lxc-services/rabbitmq/meta delete mode 100644 lxc-services/redis/meta delete mode 100644 lxc-services/solr/meta delete mode 100644 lxc-shared/alpine3.8-nodejs8/meta delete mode 100644 lxc-shared/alpine3.8-php5.6/meta delete mode 100644 lxc-shared/alpine3.8-ruby2.4/meta delete mode 100644 lxc-shared/alpine3.8/meta delete mode 100644 lxc-shared/alpine3.9-java8/meta delete mode 100644 lxc-shared/alpine3.9-nodejs10/meta delete mode 100644 lxc-shared/alpine3.9-php7.2/meta delete mode 100644 lxc-shared/alpine3.9-python2.7/meta delete mode 100644 lxc-shared/alpine3.9-python3.6/meta delete mode 100644 lxc-shared/alpine3.9-ruby2.4/meta delete mode 100644 lxc-shared/alpine3.9-tomcat7/meta delete mode 100644 lxc-shared/alpine3.9-tomcat8.5/meta delete mode 100644 lxc-shared/alpine3.9/meta diff --git a/build/usr/bin/fix-apk b/build/usr/bin/fix-apk index 0de3c00..f241563 100755 --- a/build/usr/bin/fix-apk +++ b/build/usr/bin/fix-apk @@ -1,4 +1,5 @@ #!/usr/bin/python3 +# -*- coding: utf-8 -*- import os import sys @@ -39,5 +40,6 @@ def fix_world(layers): with open(os.path.join(layers[-1], 'etc/apk/world'), 'w') as f: f.writelines(world) -fix_installed(sys.argv[1:]) -fix_world(sys.argv[1:]) +if __name__ == '__main__': + fix_installed(sys.argv[1:]) + fix_world(sys.argv[1:]) diff --git a/build/usr/bin/lxc-build b/build/usr/bin/lxc-build index c7db300..406be81 100755 --- a/build/usr/bin/lxc-build +++ b/build/usr/bin/lxc-build @@ -1,210 +1,11 @@ #!/usr/bin/python3 +# -*- coding: utf-8 -*- -import os -import shutil -import subprocess -import sys - -LXC_ROOT = '/var/lib/lxc' -CONFIG_TEMPLATE = '''# Image name -lxc.uts.name = {name} - -# Network -lxc.net.0.type = veth -lxc.net.0.link = lxcbr0 -lxc.net.0.flags = up - -# Volumes -lxc.rootfs.path = {rootfs} - -# Mounts -lxc.mount.entry = shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0 -lxc.mount.entry = /etc/hosts etc/hosts none bind,create=file 0 0 -lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,create=file 0 0 -{mounts} - -# Init -lxc.init.cmd = {cmd} -lxc.init.uid = {uid} -lxc.init.gid = {gid} -lxc.init.cwd = {cwd} - -# Environment -lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -{env} - -# Halt -lxc.signal.halt = {halt} - -# Log -lxc.console.size = 1MB -lxc.console.logfile = /var/log/lxc/{name}.log - -# Other -lxc.arch = x86_64 -lxc.cap.drop = sys_admin -lxc.hook.pre-start = /usr/bin/vmmgr prepare-container -lxc.hook.start-host = /usr/bin/vmmgr register-container -lxc.hook.post-stop = /usr/bin/vmmgr unregister-container -lxc.include = /usr/share/lxc/config/common.conf -''' - -class LXCImage: - def __init__(self, build_path): - self.name = None - self.layers = [] - self.mounts = [] - self.env = [] - self.uid = 0 - self.gid = 0 - self.cmd = '/bin/true' - self.cwd = '/' - self.halt = 'SIGINT' - - if os.path.isfile(build_path): - self.lxcfile = os.path.realpath(build_path) - self.build_dir = os.path.dirname(self.lxcfile) - else: - self.build_dir = os.path.realpath(build_path) - self.lxcfile = os.path.join(self.build_dir, 'lxcfile') - - def build(self): - with open(self.lxcfile, 'r') as f: - lxcfile = [l.strip() for l in f.readlines()] - - script = [] - script_eof = None - - for line in lxcfile: - if script_eof: - if line == script_eof: - script_eof = None - self.run_script(script) - else: - script.append(line) - elif line.startswith('RUN'): - script = [] - script_eof = line.split()[1] - elif line.startswith('IMAGE'): - self.set_name(line.split()[1]) - elif line.startswith('LAYER'): - self.add_layer(line.split()[1]) - elif line.startswith('FIXLAYER'): - self.fix_layer(line.split()[1]) - elif line.startswith('COPY'): - srcdst = line.split() - self.copy_files(srcdst[1], srcdst[2] if len(srcdst) == 3 else '') - elif line.startswith('MOUNT'): - mount = line.split() - self.add_mount(mount[1], mount[2], mount[3]) - elif line.startswith('ENV'): - env = line.split() - self.add_env(env[1], env[2]) - elif line.startswith('USER'): - uidgid = line.split() - self.set_user(uidgid[1], uidgid[2]) - elif line.startswith('CMD'): - self.set_cmd(' '.join(line.split()[1:])) - elif line.startswith('WORKDIR'): - self.set_cwd(line.split()[1]) - elif line.startswith('HALT'): - self.set_halt(line.split()[1]) - # Add the final layer which will be treated as ephemeral - self.add_layer('{}/delta0'.format(self.name)) - - def rebuild_config(self): - if not self.name: - return - if len(self.layers) == 1: - rootfs = self.layers[0] - else: - # Multiple lower overlayfs layers are ordered from right to left (lower2:lower1:rootfs:upper) - rootfs = 'overlay:{}:{}'.format(':'.join(self.layers[:-1][::-1]), self.layers[-1]) - mounts = '\n'.join(self.mounts) - env = '\n'.join(self.env) - with open(os.path.join(LXC_ROOT, self.name, 'config'), 'w') as f: - f.write(CONFIG_TEMPLATE.format(name=self.name, - rootfs=rootfs, mounts=mounts, env=env, - uid=self.uid, gid=self.gid, - cmd=self.cmd, cwd=self.cwd, halt=self.halt)) - - def run_script(self, script): - sh = os.path.join(self.layers[-1], 'run.sh') - with open(sh, 'w') as f: - f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) - os.chmod(sh, 0o700) - subprocess.run(['lxc-execute', '-n', self.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True) - os.unlink(sh) - - def set_name(self, name): - self.name = name - os.makedirs(os.path.join(LXC_ROOT, self.name), 0o755, True) - - def add_layer(self, layer): - layer = os.path.join(LXC_ROOT, layer) - self.layers.append(layer) - os.makedirs(layer, 0o755, True) - self.rebuild_config() - - def fix_layer(self, cmd): - subprocess.run([cmd]+self.layers, check=True) - - def copy_files(self, src, dst): - dst = os.path.join(self.layers[-1], dst) - if src.startswith('http://') or src.startswith('https://'): - self.unpack_http_archive(src, dst) - else: - src = os.path.join(self.build_dir, src) - copy_tree(src, dst) - - def unpack_http_archive(self, src, dst): - xf = 'xzf' - if src.endswith('.bz2'): - xf = 'xjf' - elif src.endswith('.xz'): - xf = 'xJf' - with subprocess.Popen(['wget', src, '-O', '-'], stdout=subprocess.PIPE) as wget: - with subprocess.Popen(['tar', xf, '-', '-C', dst], stdin=wget.stdout) as tar: - wget.stdout.close() - tar.wait() - - def add_mount(self, type, src, dst): - self.mounts.append('lxc.mount.entry = {} {} none bind,create={} 0 0'.format(src, dst, type.lower())) - self.rebuild_config() - - def add_env(self, key, value): - self.env.append('lxc.environment = {}={}'.format(key, value)) - self.rebuild_config() - - def set_user(self, uid, gid): - self.uid = uid - self.gid = gid - self.rebuild_config() - - def set_cmd(self, cmd): - self.cmd = cmd - self.rebuild_config() - - def set_cwd(self, cwd): - self.cwd = cwd - self.rebuild_config() - - def set_halt(self, halt): - self.halt = halt - self.rebuild_config() - -def copy_tree(src, dst): - if not os.path.isdir(src): - shutil.copy2(src, dst) - else: - os.makedirs(dst, exist_ok=True) - for name in os.listdir(src): - copy_tree(os.path.join(src, name), os.path.join(dst, name)) - shutil.copystat(src, dst) +from lxcbuild.lxcimage import LXCImage if __name__ == '__main__': if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'): print('Usage: lxc-build \n where the buildpath can be either specific lxcfile or a directory containing one') else: - i = LXCImage(sys.argv[1]) - i.build() + image = LXCImage(sys.argv[1]) + image.build_and_pack() diff --git a/build/usr/bin/lxc-pack b/build/usr/bin/lxc-pack deleted file mode 100755 index 1b3f0a4..0000000 --- a/build/usr/bin/lxc-pack +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/python3 - -import hashlib -import json -import os -import subprocess -import sys - -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric import ec -from cryptography.hazmat.primitives.serialization import load_pem_private_key - -PKG_ROOT = '/srv/build/lxc' -PRIVATE_KEY = '/srv/build/packages.key' -LXC_ROOT = '/var/lib/lxc' - -def pack(path): - # Determine correct metadata file and package name - path = os.path.realpath(path) - if os.path.isdir(path): - meta_dir = path - meta_file = os.path.join(meta_dir, 'meta') - else: - meta_dir = os.path.dirname(path) - meta_file = path - pkg_name = os.path.basename(meta_dir) - - # Load metadata - with open(meta_file) as f: - meta = json.load(f) - - # Prepare package file names - os.makedirs(PKG_ROOT, 0o755, True) - tar_path = os.path.join(PKG_ROOT, '{}_{}-{}.tar'.format(pkg_name, meta['version'], meta['release'])) - xz_path = '{}.xz'.format(tar_path) - - # Remove old package - if os.path.exists(tar_path): - os.unlink(tar_path) - if os.path.exists(xz_path): - os.unlink(xz_path) - - # Create archive - print('Archiving', meta['lxcpath']) - subprocess.run(['tar', '--xattrs', '-cpf', tar_path, os.path.join(LXC_ROOT, meta['lxcpath'])], cwd='/') - # Add install/upgrade/uninstall scripts - scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') - scripts = [s for s in scripts if os.path.exists(os.path.join(meta_dir, s))] - subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(pkg_name), '-rpf', tar_path] + scripts, cwd=meta_dir) - # Compress the tarball with xz (LZMA2) - print('Compressing', tar_path, '({:.2f} MB)'.format(os.path.getsize(tar_path)/1048576)) - subprocess.run(['xz', '-9', tar_path]) - print('Compressed ', xz_path, '({:.2f} MB)'.format(os.path.getsize(xz_path)/1048576)) - - # Register package - print('Registering package') - packages = {} - packages_file = os.path.join(PKG_ROOT, 'packages') - if os.path.exists(packages_file): - with open(packages_file, 'r') as f: - packages = json.load(f) - packages[pkg_name] = meta - packages[pkg_name]['size'] = os.path.getsize(xz_path) - packages[pkg_name]['sha512'] = hash_file(xz_path) - with open(packages_file, 'w') as f: - json.dump(packages, f, sort_keys=True, indent=4) - - # Sign packages file - print('Signing packages') - with open(PRIVATE_KEY, 'rb') as f: - priv_key = load_pem_private_key(f.read(), None, default_backend()) - with open(os.path.join(PKG_ROOT, 'packages'), 'rb') as f: - data = f.read() - with open(os.path.join(PKG_ROOT, 'packages.sig'), 'wb') as f: - f.write(priv_key.sign(data, ec.ECDSA(hashes.SHA512()))) - -def hash_file(file_path): - sha512 = hashlib.sha512() - with open(file_path, 'rb') as f: - while True: - data = f.read(65536) - if not data: - break - sha512.update(data) - return sha512.hexdigest() - -if __name__ == '__main__': - if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'): - print('Usage: lxc-pack \n where the buildpath can be either specific meta file or a directory containing one') - else: - pack(sys.argv[1]) diff --git a/build/usr/lib/python3.6/lxcbuild/__init__.py b/build/usr/lib/python3.6/lxcbuild/__init__.py new file mode 100644 index 0000000..40a96af --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/__init__.py @@ -0,0 +1 @@ +# -*- coding: utf-8 -*- diff --git a/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py b/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py new file mode 100644 index 0000000..5a288e2 --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py @@ -0,0 +1,213 @@ +# -*- coding: utf-8 -*- + +import os +import shutil +import subprocess +import sys + +LXC_ROOT = '/var/lib/lxc' +CONFIG_TEMPLATE = '''# Image name +lxc.uts.name = {name} + +# Network +lxc.net.0.type = veth +lxc.net.0.link = lxcbr0 +lxc.net.0.flags = up + +# Volumes +lxc.rootfs.path = {rootfs} + +# Mounts +lxc.mount.entry = shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0 +lxc.mount.entry = /etc/hosts etc/hosts none bind,create=file 0 0 +lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,create=file 0 0 +{mounts} + +# Init +lxc.init.uid = {uid} +lxc.init.gid = {gid} +lxc.init.cwd = {cwd} + +# Environment +lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +{env} + +# Halt +lxc.signal.halt = {halt} + +# Log +lxc.console.size = 1MB +lxc.console.logfile = /var/log/lxc/{name}.log + +# Other +lxc.arch = x86_64 +lxc.cap.drop = sys_admin +lxc.hook.pre-start = /usr/bin/vmmgr prepare-container +lxc.hook.start-host = /usr/bin/vmmgr register-container +lxc.hook.post-stop = /usr/bin/vmmgr unregister-container +lxc.include = /usr/share/lxc/config/common.conf +''' + +class LXCBuilder: + def __init__(self, image): + self.image = image + self.script = [] + self.script_eof = None + self.already_built = False + + def build(self): + with open(self.image.lxcfile, 'r') as f: + for line in f: + line = line.strip() + if self.script_eof: + if line == self.script_eof: + self.script_eof = None + self.run_script(self.script) + else: + self.script.append(line) + elif line: + self.process_line(*line.split(None, 1)) + + def process_line(self, directive, args): + if 'RUN' == directive: + self.script = [] + self.script_eof = args + elif 'IMAGE' == directive: + self.set_name(*args.split()) + elif 'META' == directive: + self.add_meta(*args.split(None, 1)) + elif 'LAYER' == directive: + self.add_layer(*args.split()) + elif 'FIXLAYER' == directive: + self.fix_layer(args.split()) + elif 'COPY' == directive: + srcdst = args.split() + self.copy_files(srcdst[0], srcdst[1] if len(srcdst) == 2 else '') + elif 'MOUNT' == directive: + self.add_mount(args.split()) + elif 'ENV' == directive: + self.add_env(*args.split(None, 1)) + elif 'USER' == directive: + self.set_user(*args.split()) + elif 'CMD' == directive: + self.set_cmd(args) + elif 'WORKDIR' == directive: + self.set_cwd(args) + elif 'HALT' == directive: + self.set_halt(args) + + def get_layer_path(self, layer): + return os.path.join(LXC_ROOT, 'storage', layer) + + def rebuild_config(self): + if not self.image.upper_layer: + return + upper_layer = self.get_layer_path(self.image.upper_layer) + if not self.image.layers: + rootfs = upper_layer + else: + # Multiple lower overlayfs layers are ordered from right to left (lower2:lower1:rootfs:upper) + layers = [self.get_layer_path(layer) for layer in self.image.layers] + rootfs = 'overlay:{}:{}'.format(':'.join(layers[::-1]), upper_layer) + mounts = '\n'.join(['lxc.mount.entry = {} {} none bind,create={} 0 0'.format(m[1], m[2], m[0].lower()) for m in self.image.mounts]) + env = '\n'.join(['lxc.environment = {}={}'.format(e[0], e[1]) for e in self.image.env]) + cwd = self.image.cwd if self.image.cwd else '/' + halt = self.image.halt if self.image.halt else 'SIGINT' + with open(os.path.join(LXC_ROOT, self.image.upper_layer, 'config'), 'w') as f: + f.write(CONFIG_TEMPLATE.format(name=self.image.upper_layer, rootfs=rootfs, mounts=mounts, env=env, uid=self.image.uid, gid=self.image.gid, cwd=cwd, halt=halt)) + + def run_script(self, script): + if self.already_built: + return + sh = os.path.join(self.get_layer_path(self.image.upper_layer), 'run.sh') + with open(sh, 'w') as f: + f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) + os.chmod(sh, 0o700) + subprocess.run(['lxc-execute', '-n', self.image.upper_layer, '--', '/bin/sh', '-lc', '/run.sh'], check=True) + os.unlink(sh) + + def set_name(self, name, version): + self.image.name = name + self.image.version = version + self.image.upper_layer = '{}_{}'.format(self.image.name, self.image.version) + layer_path = self.get_layer_path(self.image.upper_layer) + if os.path.exists(layer_path): + self.already_built = True + print('Layer {} already exists, skipping build tasks'.format(self.image.upper_layer)) + else: + os.makedirs(layer_path, 0o755, True) + os.makedirs(os.path.join(LXC_ROOT, self.image.upper_layer), 0o755, True) + self.rebuild_config() + + def add_meta(self, key, value): + self.image.meta[key] = value + + def add_layer(self, name, version): + self.image.layers.append('{}_{}'.format(name, version)) + self.rebuild_config() + + def fix_layer(self, cmd): + if self.already_built: + return + layers = [self.get_layer_path(layer) for layer in self.image.layers] + layers.append(self.get_layer_path(self.image.upper_layer)) + subprocess.run([cmd]+layers, check=True) + + def copy_files(self, src, dst): + if self.already_built: + return + dst = os.path.join(self.get_layer_path(self.image.upper_layer), dst) + if src.startswith('http://') or src.startswith('https://'): + unpack_http_archive(src, dst) + else: + src = os.path.join(self.image.build_dir, src) + copy_tree(src, dst) + + def add_mount(self, args): + self.image.mounts.append(args) + if not self.already_built: + self.rebuild_config() + + def add_env(self, args): + self.image.env.append(args) + if not self.already_built: + self.rebuild_config() + + def set_user(self, uid, gid): + self.image.uid = uid + self.image.gid = gid + if not self.already_built: + self.rebuild_config() + + def set_cmd(self, cmd): + self.image.cmd = cmd + + def set_cwd(self, cwd): + self.image.cwd = cwd + if not self.already_built: + self.rebuild_config() + + def set_halt(self, halt): + self.image.halt = halt + if not self.already_built: + self.rebuild_config() + +def unpack_http_archive(src, dst): + xf = 'xzf' + if src.endswith('.bz2'): + xf = 'xjf' + elif src.endswith('.xz'): + xf = 'xJf' + with subprocess.Popen(['wget', src, '-O', '-'], stdout=subprocess.PIPE) as wget: + with subprocess.Popen(['tar', xf, '-', '-C', dst], stdin=wget.stdout) as tar: + wget.stdout.close() + tar.wait() + +def copy_tree(src, dst): + if not os.path.isdir(src): + shutil.copy2(src, dst) + else: + os.makedirs(dst, exist_ok=True) + for name in os.listdir(src): + copy_tree(os.path.join(src, name), os.path.join(dst, name)) + shutil.copystat(src, dst) diff --git a/build/usr/lib/python3.6/lxcbuild/lxcimage.py b/build/usr/lib/python3.6/lxcbuild/lxcimage.py new file mode 100644 index 0000000..4fbee93 --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/lxcimage.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- + +import os + +from .lxcbuilder import LXCBuilder +from .lxcpacker import LXCPacker + +class LXCImage: + def __init__(self, build_path): + self.name = None + self.version = None + self.meta = {} + self.layers = [] + self.upper_layer = None + self.mounts = [] + self.env = [] + self.uid = 0 + self.gid = 0 + self.cmd = None + self.cwd = None + self.halt = None + + if os.path.isfile(build_path): + self.lxcfile = os.path.realpath(build_path) + self.build_dir = os.path.dirname(self.lxcfile) + else: + self.build_dir = os.path.realpath(build_path) + self.lxcfile = os.path.join(self.build_dir, 'lxcfile') + + def build_and_pack(self): + builder = LXCBuilder(self) + builder.build() + packer = LXCPacker(self) + packer.pack() diff --git a/build/usr/lib/python3.6/lxcbuild/lxcpacker.py b/build/usr/lib/python3.6/lxcbuild/lxcpacker.py new file mode 100644 index 0000000..d3770de --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/lxcpacker.py @@ -0,0 +1,89 @@ +# -*- coding: utf-8 -*- + +import hashlib +import json +import os +import subprocess +import sys + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.serialization import load_pem_private_key + +PKG_ROOT = '/srv/build/lxc' +PRIVATE_KEY = '/srv/build/packages.key' +LXC_STORAGE = '/var/lib/lxc/storage' + +class LXCPacker: + def __init__(self, image): + self.image = image + self.tar_path = None + self.xz_path = None + + def pack(self): + # Prepare package file names + self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.upper_layer)) + self.xz_path = '{}.xz'.format(self.tar_path) + if os.path.exists(self.xz_path): + print('Package {} already exists, skipping packaging tasks'.format(self.xz_path)) + return + os.makedirs(PKG_ROOT, 0o755, True) + self.create_archive() + self.register_package() + self.sign_packages() + + def create_archive(self): + # Create archive + print('Archiving', self.image.upper_layer) + subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.upper_layer)], cwd='/') + # Add install/upgrade/uninstall scripts + scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') + scripts = [s for s in scripts if os.path.exists(os.path.join(self.image.build_dir, s))] + subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.upper_layer), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir) + # Compress the tarball with xz (LZMA2) + print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576)) + subprocess.run(['xz', '-9', self.tar_path]) + print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576)) + + def register_package(self): + # Prepare metadata + meta = self.image.meta.copy() + meta['lxc'] = {} + for key in ('layers', 'mounts', 'env', 'cmd', 'cwd', 'uid', 'gid', 'halt'): + value = getattr(self.image, key) + if value: + meta['lxc'][key] = value + + # Register package + print('Registering package') + packages = {} + packages_file = os.path.join(PKG_ROOT, 'packages') + if os.path.exists(packages_file): + with open(packages_file, 'r') as f: + packages = json.load(f) + packages[self.image.name] = meta + packages[self.image.name]['size'] = os.path.getsize(self.xz_path) + packages[self.image.name]['sha512'] = hash_file(self.xz_path) + with open(packages_file, 'w') as f: + json.dump(packages, f, sort_keys=True, indent=4) + + def sign_packages(self): + # Sign packages file + print('Signing packages') + with open(PRIVATE_KEY, 'rb') as f: + priv_key = load_pem_private_key(f.read(), None, default_backend()) + with open(os.path.join(PKG_ROOT, 'packages'), 'rb') as f: + data = f.read() + with open(os.path.join(PKG_ROOT, 'packages.sig'), 'wb') as f: + f.write(priv_key.sign(data, ec.ECDSA(hashes.SHA512()))) + +def hash_file(file_path): + sha512 = hashlib.sha512() + with open(file_path, 'rb') as f: + while True: + data = f.read(65536) + if not data: + break + sha512.update(data) + return sha512.hexdigest() diff --git a/lxc-apps/ckan-datapusher/lxcfile b/lxc-apps/ckan-datapusher/lxcfile index fca383a..283da90 100644 --- a/lxc-apps/ckan-datapusher/lxcfile +++ b/lxc-apps/ckan-datapusher/lxcfile @@ -1,7 +1,12 @@ -IMAGE ckan-datapusher -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER ckan-datapusher/ckan-datapusher +IMAGE ckan-datapusher 0.0.13-190620 +META title CKAN DataPusher +META desc-cs Služba datového skladu pro extrakci dat +META desc-en Data store data extraction service +META type app +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/ckan-datapusher/meta b/lxc-apps/ckan-datapusher/meta deleted file mode 100644 index dfe0675..0000000 --- a/lxc-apps/ckan-datapusher/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Služba datového skladu pro extrakci dat", - "desc-en": "Data store data extraction service", - "lxcpath": "ckan-datapusher", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7"] -} diff --git a/lxc-apps/ckan/lxcfile b/lxc-apps/ckan/lxcfile index 95175bb..5b863c3 100644 --- a/lxc-apps/ckan/lxcfile +++ b/lxc-apps/ckan/lxcfile @@ -1,7 +1,13 @@ -IMAGE ckan -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER ckan/ckan +IMAGE ckan 2.8.2-190620 +META title CKAN +META desc-cs Datový sklad +META desc-en Data store +META type app +META license GPL +META depends ckan-datapusher postgres redis solr + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/ckan/meta b/lxc-apps/ckan/meta deleted file mode 100644 index da7c74b..0000000 --- a/lxc-apps/ckan/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "CKAN", - "desc-cs": "Datový sklad", - "desc-en": "Data store", - "lxcpath": "ckan", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7", "ckan-datapusher", "postgres", "redis", "solr"] -} diff --git a/lxc-apps/crisiscleanup/lxcfile b/lxc-apps/crisiscleanup/lxcfile index 93a6c3c..6a1baa2 100644 --- a/lxc-apps/crisiscleanup/lxcfile +++ b/lxc-apps/crisiscleanup/lxcfile @@ -1,8 +1,14 @@ -IMAGE crisiscleanup -LAYER shared/alpine3.8 -LAYER shared/alpine3.8-ruby2.4 -LAYER shared/alpine3.8-nodejs8 -LAYER crisiscleanup/crisiscleanup +IMAGE crisiscleanup 2.2.0-190620 +META title Crisis Cleanup +META desc-cs Mapování následků katastrof +META desc-en Disaster relief mapping +META type app +META license GPL +META depends postgres + +LAYER alpine3.8 3.8.4-190620 +LAYER alpine3.8-ruby2.4 2.4.5-190620 +LAYER alpine3.8-nodejs8 8.14.0-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/crisiscleanup/meta b/lxc-apps/crisiscleanup/meta deleted file mode 100644 index 0dd212b..0000000 --- a/lxc-apps/crisiscleanup/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Crisis Cleanup", - "desc-cs": "Mapování následků katastrof", - "desc-en": "Disaster relief mapping", - "lxcpath": "crisiscleanup", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.8-ruby2.4", "alpine3.8-nodejs8", "postgres"] -} diff --git a/lxc-apps/cts/lxcfile b/lxc-apps/cts/lxcfile index d746230..570ad56 100644 --- a/lxc-apps/cts/lxcfile +++ b/lxc-apps/cts/lxcfile @@ -1,7 +1,13 @@ -IMAGE cts -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER cts/cts +IMAGE cts 0.8.0-190620 +META title CTS +META desc-cs Sledovací systém komodit +META desc-en Commodity tracking system +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/cts/meta b/lxc-apps/cts/meta deleted file mode 100644 index df1550e..0000000 --- a/lxc-apps/cts/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "CTS", - "desc-cs": "Sledovací systém komodit", - "desc-en": "Commodity tracking system", - "lxcpath": "cts", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7", "postgres"] -} diff --git a/lxc-apps/ecogis/lxcfile b/lxc-apps/ecogis/lxcfile index a4fb77e..cf006a9 100644 --- a/lxc-apps/ecogis/lxcfile +++ b/lxc-apps/ecogis/lxcfile @@ -1,7 +1,13 @@ -IMAGE ecogis -LAYER shared/alpine3.8 -LAYER shared/alpine3.8-php5.6 -LAYER ecogis/ecogis +IMAGE ecogis 0.0.1-190620 +META title EcoGIS +META desc-cs EcoGIS +META desc-en EcoGIS +META type app +META license GPL +META depends postgres + +LAYER alpine3.8 3.8.4-190620 +LAYER alpine3.8-php5.6 5.6.40-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/ecogis/meta b/lxc-apps/ecogis/meta deleted file mode 100644 index b20489c..0000000 --- a/lxc-apps/ecogis/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "EcoGIS", - "desc-cs": "EcoGIS", - "desc-en": "EcoGIS", - "lxcpath": "ecogis", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.8-php5.6", "postgres"] -} diff --git a/lxc-apps/frontlinesms/lxcfile b/lxc-apps/frontlinesms/lxcfile index 21fb94e..dd92bef 100644 --- a/lxc-apps/frontlinesms/lxcfile +++ b/lxc-apps/frontlinesms/lxcfile @@ -1,7 +1,12 @@ -IMAGE frontlinesms -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER frontlinesms/frontlinesms +IMAGE frontlinesms 2.6.5-190620 +META title FrontlineSMS +META desc-cs Hromadné odesílání zpráv +META desc-en Bulk SMS messaging +META type app +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/frontlinesms/meta b/lxc-apps/frontlinesms/meta deleted file mode 100644 index 0d264a1..0000000 --- a/lxc-apps/frontlinesms/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "FrontlineSMS", - "desc-cs": "Hromadné odesílání zpráv", - "desc-en": "Bulk SMS messaging", - "lxcpath": "frontlinesms", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-java8"] -} diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile index 487fc20..376f3f9 100644 --- a/lxc-apps/gnuhealth/lxcfile +++ b/lxc-apps/gnuhealth/lxcfile @@ -1,8 +1,14 @@ -IMAGE gnuhealth -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python3.6 -LAYER shared/alpine3.9-nodejs10 -LAYER gnuhealth/gnuhealth +IMAGE gnuhealth 3.4.1-190620 +META title GNU Health +META desc-cs Administrace lékařských záznamů +META desc-en Medical records administration +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python3.6 3.6.8-190620 +LAYER alpine3.9-nodejs10 10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/gnuhealth/meta b/lxc-apps/gnuhealth/meta deleted file mode 100644 index 21491ba..0000000 --- a/lxc-apps/gnuhealth/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "GNU Health", - "desc-cs": "Lékařské záznamy pacientů", - "desc-en": "Lékařské záznamy pacientů", - "lxcpath": "gnuhealth", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python3.6", "alpine3.9-nodejs10", "postgres"] -} diff --git a/lxc-apps/kanboard/lxcfile b/lxc-apps/kanboard/lxcfile index 7a76099..f96a380 100644 --- a/lxc-apps/kanboard/lxcfile +++ b/lxc-apps/kanboard/lxcfile @@ -1,7 +1,13 @@ -IMAGE kanboard -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-php7.2 -LAYER kanboard/kanboard +IMAGE kanboard 1.2.9-190620 +META title KanBoard +META desc-cs Kanban řízení projektů +META desc-en Kanban project management +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-php7.2 7.2.19-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/kanboard/meta b/lxc-apps/kanboard/meta deleted file mode 100644 index 08ce849..0000000 --- a/lxc-apps/kanboard/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "KanBoard", - "desc-cs": "Kanban řízení projektů", - "desc-en": "Kanban řízení projektů", - "lxcpath": "kanboard", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-php7.2", "postgres"] -} diff --git a/lxc-apps/mifosx/lxcfile b/lxc-apps/mifosx/lxcfile index 94542e7..5b3e6ee 100644 --- a/lxc-apps/mifosx/lxcfile +++ b/lxc-apps/mifosx/lxcfile @@ -1,8 +1,14 @@ -IMAGE mifosx -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat8.5 -LAYER mifosx/mifosx +IMAGE mifosx 18.03.01-190620 +META title Mifos X +META desc-cs Mikrofinancování rozvojových projektů +META desc-en Development projects microfinancing +META type app +META license GPL +META depends mariadb + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9-tomcat8.5 8.5.41-190620 RUN EOF # Install full-featured wget to work around sourceforge bugs diff --git a/lxc-apps/mifosx/meta b/lxc-apps/mifosx/meta deleted file mode 100644 index 897b25b..0000000 --- a/lxc-apps/mifosx/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Mifos X", - "desc-cs": "Mikrofinancování rozvojových projektů", - "desc-en": "Mikrofinancování rozvojových projektů", - "lxcpath": "mifosx", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-tomcat8.5", "mariadb"] -} diff --git a/lxc-apps/motech/lxcfile b/lxc-apps/motech/lxcfile index 1895097..bef95c7 100644 --- a/lxc-apps/motech/lxcfile +++ b/lxc-apps/motech/lxcfile @@ -1,8 +1,14 @@ -IMAGE motech -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat7 -LAYER motech/motech +IMAGE motech 1.3.0-190620 +META title Motech +META desc-cs Automatizace komunikace +META desc-en Communication automation +META type app +META license GPL +META depends activemq postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9-tomcat7 7.0.94-190620 RUN EOF # Download Motech diff --git a/lxc-apps/motech/meta b/lxc-apps/motech/meta deleted file mode 100644 index 428e124..0000000 --- a/lxc-apps/motech/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Motech", - "desc-cs": "Automatizace komunikace", - "desc-en": "Automatizace komunikace", - "lxcpath": "motech", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-tomcat7", "activemq", "postgres"] -} diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/lxcfile index 04476fe..f56b525 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/lxcfile @@ -1,8 +1,14 @@ -IMAGE odoo -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python3.6 -LAYER shared/alpine3.9-nodejs10 -LAYER odoo/odoo +IMAGE odoo 12.0.0-190620 +META title Odoo +META desc-cs Sada aplikací pro správu organizace +META desc-en Company management application suite +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python3.6 3.6.8-190620 +LAYER alpine3.9-nodejs10 10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/odoo/meta b/lxc-apps/odoo/meta deleted file mode 100644 index 8d8e092..0000000 --- a/lxc-apps/odoo/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Odoo", - "desc-cs": "Sada aplikací pro správu organizace", - "desc-en": "Sada aplikací pro správu organizace", - "lxcpath": "odoo", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python3.6", "alpine3.9-nodejs10", "postgres"] -} diff --git a/lxc-apps/opendatakit-build/lxcfile b/lxc-apps/opendatakit-build/lxcfile index 42cf5b4..8669e57 100644 --- a/lxc-apps/opendatakit-build/lxcfile +++ b/lxc-apps/opendatakit-build/lxcfile @@ -1,8 +1,14 @@ -IMAGE opendatakit-build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-ruby2.4 -LAYER shared/alpine3.9-nodejs10 -LAYER opendatakit-build/opendatakit-build +IMAGE opendatakit-build 0.3.5-190620 +META title OpenDataKit Build +META desc-cs Sběr formulářových dat - návrh formulářů +META desc-en Form data collection - Form designer +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-ruby2.4 2.4.5-190620 +LAYER alpine3.9-nodejs10 10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/opendatakit-build/meta b/lxc-apps/opendatakit-build/meta deleted file mode 100644 index f6dda74..0000000 --- a/lxc-apps/opendatakit-build/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "OpenDataKit Build", - "desc-cs": "Sběr formulářových dat - Aplikace pro návrh formulářů", - "desc-en": "Sběr formulářových dat - Aplikace pro návrh formulářů", - "lxcpath": "opendatakit-build", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-ruby2.4", "alpine3.9-nodejs10", "postgres"] -} diff --git a/lxc-apps/opendatakit/lxcfile b/lxc-apps/opendatakit/lxcfile index f2b5902..43b2a25 100644 --- a/lxc-apps/opendatakit/lxcfile +++ b/lxc-apps/opendatakit/lxcfile @@ -1,8 +1,14 @@ -IMAGE opendatakit -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat8.5 -LAYER opendatakit/opendatakit +IMAGE opendatakit 2.0.3-190620 +META title OpenDataKit +META desc-cs Sběr formulářových dat +META desc-en Form data collection +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9-tomcat8.5 8.5.41-190620 RUN EOF # Download OpenDataKit diff --git a/lxc-apps/opendatakit/meta b/lxc-apps/opendatakit/meta deleted file mode 100644 index aeb50a3..0000000 --- a/lxc-apps/opendatakit/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "OpenDataKit", - "desc-cs": "Sběr formulářových dat", - "desc-en": "Sběr formulářových dat", - "lxcpath": "opendatakit", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-tomcat8.5", "postgres"] -} diff --git a/lxc-apps/openmapkit/lxcfile b/lxc-apps/openmapkit/lxcfile index 6e3e281..8430097 100644 --- a/lxc-apps/openmapkit/lxcfile +++ b/lxc-apps/openmapkit/lxcfile @@ -1,9 +1,14 @@ -IMAGE openmapkit -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-python2.7 -LAYER shared/alpine3.9-nodejs10 -LAYER openmapkit/openmapkit +IMAGE openmapkit 0.12.0-190620 +META title OpenMapKit +META desc-cs Sběr mapových dat +META desc-en Map data collection +META type app +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER alpine3.9-nodejs10 10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/openmapkit/meta b/lxc-apps/openmapkit/meta deleted file mode 100644 index 078c327..0000000 --- a/lxc-apps/openmapkit/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "OpenMapKit", - "desc-cs": "Sběr mapových dat", - "desc-en": "Sběr mapových dat", - "lxcpath": "openmapkit", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-java8", "alpine3.9-python2.7", "alpine3.9-nodejs10", "postgres"] -} diff --git a/lxc-apps/pandora/lxcfile b/lxc-apps/pandora/lxcfile index 0b136ed..ce2b350 100644 --- a/lxc-apps/pandora/lxcfile +++ b/lxc-apps/pandora/lxcfile @@ -1,7 +1,13 @@ -IMAGE pandora -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python3.6 -LAYER pandora/pandora +IMAGE pandora 0.0.1-190620 +META title Pan.do/ra +META desc-cs Archiv medií +META desc-en Media archive +META type app +META license GPL +META depends postgres rabbitmq + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python3.6 3.6.8-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/pandora/meta b/lxc-apps/pandora/meta deleted file mode 100644 index 662509c..0000000 --- a/lxc-apps/pandora/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Pan.do/ra", - "desc-cs": "Archiv medií", - "desc-en": "Media archive", - "lxcpath": "pandora", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python3.6", "postgres", "rabbitmq"] -} diff --git a/lxc-apps/sahana-demo/lxcfile b/lxc-apps/sahana-demo/lxcfile index d2e4256..d0852a7 100644 --- a/lxc-apps/sahana-demo/lxcfile +++ b/lxc-apps/sahana-demo/lxcfile @@ -1,8 +1,14 @@ -IMAGE sahana-demo -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER shared/sahana -LAYER sahana-demo/sahana-demo +IMAGE sahana-demo 0.0.1-190620 +META title Sahana Eden - Demo +META desc-cs Řízení humanítární činnosti - Demo instance +META desc-en Management of humanitarian activities - Demo instance +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER sahana-shared 0.0.1-190620 MOUNT DIR /srv/sahana-demo/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sahana-demo/data/default srv/web2py/applications/eden/modules/templates/default diff --git a/lxc-apps/sahana-demo/meta b/lxc-apps/sahana-demo/meta deleted file mode 100644 index f460565..0000000 --- a/lxc-apps/sahana-demo/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Sahana Eden - Demo", - "desc-cs": "Řízení humanítární činnosti - Ukázková instance", - "desc-en": "Řízení humanítární činnosti - Ukázková instance", - "lxcpath": "sahana-demo", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["sahana-shared", "postgres"] -} diff --git a/lxc-apps/sahana-shared/lxcfile b/lxc-apps/sahana-shared/lxcfile index 5597048..81d1850 100644 --- a/lxc-apps/sahana-shared/lxcfile +++ b/lxc-apps/sahana-shared/lxcfile @@ -1,7 +1,12 @@ -IMAGE sahana -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER shared/sahana +IMAGE sahana-shared 0.0.1-190620 +META title Sahana Eden - Shared layer +META desc-cs Řízení humanítární činnosti - sdílená vrstva +META desc-en Management of humanitarian activities - shared layer +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/sahana-shared/meta b/lxc-apps/sahana-shared/meta deleted file mode 100644 index 54c7f97..0000000 --- a/lxc-apps/sahana-shared/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Řízení humanítární činnosti - Sdílená vrstva", - "desc-en": "Řízení humanítární činnosti - Sdílená vrstva", - "lxcpath": "shared/sahana", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-python2.7"] -} diff --git a/lxc-apps/sahana/lxcfile b/lxc-apps/sahana/lxcfile index ec9def2..2a3d1f2 100644 --- a/lxc-apps/sahana/lxcfile +++ b/lxc-apps/sahana/lxcfile @@ -1,8 +1,14 @@ -IMAGE sahana -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER shared/sahana -LAYER sahana/sahana +IMAGE sahana 0.0.1-190620 +META title Sahana Eden +META desc-cs Řízení humanítární činnosti +META desc-en Management of humanitarian activities +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER sahana-shared 0.0.1-190620 MOUNT DIR /srv/sahana/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sahana/data/Spotter srv/web2py/applications/eden/modules/templates/Spotter diff --git a/lxc-apps/sahana/meta b/lxc-apps/sahana/meta deleted file mode 100644 index 7157c0f..0000000 --- a/lxc-apps/sahana/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Sahana Eden", - "desc-cs": "Řízení humanítární činnosti", - "desc-en": "Řízení humanítární činnosti", - "lxcpath": "sahana", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["sahana-shared", "postgres"] -} diff --git a/lxc-apps/sambro/lxcfile b/lxc-apps/sambro/lxcfile index 0698ef2..8e53894 100644 --- a/lxc-apps/sambro/lxcfile +++ b/lxc-apps/sambro/lxcfile @@ -1,8 +1,14 @@ -IMAGE sambro -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 -LAYER shared/sahana -LAYER sambro/sambro +IMAGE sambro 0.0.1-190620 +META title Sahana Eden - SAMBRO +META desc-cs Řízení humanítární činnosti - Centrum hlášení a výstrah +META desc-en Management of humanitarian activities - Reporting and alerting center +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER sahana-shared 0.0.1-190620 MOUNT DIR /srv/sambro/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sambro/data/SAMBRO srv/web2py/applications/eden/modules/templates/SAMBRO diff --git a/lxc-apps/sambro/meta b/lxc-apps/sambro/meta deleted file mode 100644 index 6871f47..0000000 --- a/lxc-apps/sambro/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Sahana Eden - SAMBRO", - "desc-cs": "Centrum hlášení a výstrah", - "desc-en": "Centrum hlášení a výstrah", - "lxcpath": "sambro", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["sahana-shared", "postgres"] -} diff --git a/lxc-apps/seeddms/lxcfile b/lxc-apps/seeddms/lxcfile index 1ffb41e..4b6eee9 100644 --- a/lxc-apps/seeddms/lxcfile +++ b/lxc-apps/seeddms/lxcfile @@ -1,8 +1,14 @@ -IMAGE seeddms -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-php7.2 -LAYER shared/alpine3.9-python3.6 -LAYER seeddms/seeddms +IMAGE seeddms 5.1.9-190620 +META title SeedDMS +META desc-cs Archiv dokumentace +META desc-en Document management system +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-php7.2 7.2.19-190620 +LAYER alpine3.9-python3.6 3.6.8-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/seeddms/meta b/lxc-apps/seeddms/meta deleted file mode 100644 index 7df33c5..0000000 --- a/lxc-apps/seeddms/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "SeedDMS", - "desc-cs": "Archiv dokumentace", - "desc-en": "Archiv dokumentace", - "lxcpath": "seeddms", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-php7.2", "alpine3.9-python3.6", "postgres"] -} diff --git a/lxc-apps/sigmah/lxcfile b/lxc-apps/sigmah/lxcfile index a55c824..14f48c3 100644 --- a/lxc-apps/sigmah/lxcfile +++ b/lxc-apps/sigmah/lxcfile @@ -1,8 +1,14 @@ -IMAGE sigmah -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat8.5 -LAYER sigmah/sigmah +IMAGE sigmah 2.0.2-190620 +META title Sigmah +META desc-cs Finanční řízení sbírek +META desc-en Donation management +META type app +META license GPL +META depends postgres + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9-tomcat8.5 8.5.41-190620 RUN EOF # Download Sigmah diff --git a/lxc-apps/sigmah/meta b/lxc-apps/sigmah/meta deleted file mode 100644 index 3ead125..0000000 --- a/lxc-apps/sigmah/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Sigmah", - "desc-cs": "Finanční řízení sbírek", - "desc-en": "Finanční řízení sbírek", - "lxcpath": "sigmah", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-tomcat8.5", "postgres"] -} diff --git a/lxc-apps/ushahidi/lxcfile b/lxc-apps/ushahidi/lxcfile index 93a399c..d40b896 100644 --- a/lxc-apps/ushahidi/lxcfile +++ b/lxc-apps/ushahidi/lxcfile @@ -1,7 +1,13 @@ -IMAGE ushahidi -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-php7.2 -LAYER ushahidi/ushahidi +IMAGE ushahidi 3.12.3-190620 +META title Sigmah +META desc-cs Skupinová reakce na události +META desc-en Group reaction to events +META type app +META license GPL +META depends mariadb + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-php7.2 7.2.19-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/ushahidi/meta b/lxc-apps/ushahidi/meta deleted file mode 100644 index ac1fb06..0000000 --- a/lxc-apps/ushahidi/meta +++ /dev/null @@ -1,10 +0,0 @@ -{ - "title": "Ushahidi", - "desc-cs": "Skupinová reakce na události", - "desc-en": "Skupinová reakce na události", - "lxcpath": "ushahidi", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-php7.2", "mariadb"] -} diff --git a/lxc-services/activemq/lxcfile b/lxc-services/activemq/lxcfile index 183caf2..3e9ce0b 100644 --- a/lxc-services/activemq/lxcfile +++ b/lxc-services/activemq/lxcfile @@ -1,7 +1,12 @@ -IMAGE activemq -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER activemq/activemq +IMAGE activemq 5.15.9-190620 +META title ActiveMQ +META desc-cs ActveMQ message broker +META desc-en ActveMQ message broker +META type service +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 RUN EOF # Download and install ActiveMQ diff --git a/lxc-services/activemq/meta b/lxc-services/activemq/meta deleted file mode 100644 index 80dd28c..0000000 --- a/lxc-services/activemq/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "ActiveMQ", - "desc-en": "ActiveMQ", - "lxcpath": "activemq", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-java8"] -} diff --git a/lxc-services/mariadb/lxcfile b/lxc-services/mariadb/lxcfile index bee3afd..c91e839 100644 --- a/lxc-services/mariadb/lxcfile +++ b/lxc-services/mariadb/lxcfile @@ -1,6 +1,11 @@ -IMAGE mariadb -LAYER shared/alpine3.9 -LAYER mariadb/mariadb +IMAGE mariadb 10.3.15-190620 +META title MariaDB +META desc-cs Relační databázový systém kompatibilní s MySQL +META desc-en MySQL-compatible relational database management system +META type service +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) diff --git a/lxc-services/mariadb/meta b/lxc-services/mariadb/meta deleted file mode 100644 index 3c8ce8a..0000000 --- a/lxc-services/mariadb/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "MariaDB", - "desc-en": "MariaDB", - "lxcpath": "mariadb", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-services/postgres/lxcfile b/lxc-services/postgres/lxcfile index e398f79..4888fc0 100644 --- a/lxc-services/postgres/lxcfile +++ b/lxc-services/postgres/lxcfile @@ -1,6 +1,11 @@ -IMAGE postgres -LAYER shared/alpine3.9 -LAYER postgres/postgres +IMAGE postgres 11.3.0-190620 +META title PostgreSQL +META desc-cs Relační databázový systém s podporou pro geografické objekty +META desc-en Relational database management system with support for geographic objects +META type service +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF # Modify OS user (which will be picked up later by apk add) diff --git a/lxc-services/postgres/meta b/lxc-services/postgres/meta deleted file mode 100644 index 10d4b60..0000000 --- a/lxc-services/postgres/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "PostgreSQL", - "desc-en": "PostgreSQL", - "lxcpath": "postgres", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-services/rabbitmq/lxcfile b/lxc-services/rabbitmq/lxcfile index ddeb5c6..6213e4a 100644 --- a/lxc-services/rabbitmq/lxcfile +++ b/lxc-services/rabbitmq/lxcfile @@ -1,6 +1,11 @@ -IMAGE rabbitmq -LAYER shared/alpine3.9 -LAYER rabbitmq/rabbitmq +IMAGE rabbitmq 3.7.11-190620 +META title RabbitMQ +META desc-cs Multiprotokolový message broker +META desc-en Multi-protocol message broker +META type service +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) diff --git a/lxc-services/rabbitmq/meta b/lxc-services/rabbitmq/meta deleted file mode 100644 index c28040f..0000000 --- a/lxc-services/rabbitmq/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "RabbitMQ", - "desc-en": "RabbitMQ", - "lxcpath": "rabbitmq", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-services/redis/lxcfile b/lxc-services/redis/lxcfile index f8523fb..6802e7d 100644 --- a/lxc-services/redis/lxcfile +++ b/lxc-services/redis/lxcfile @@ -1,6 +1,11 @@ -IMAGE redis -LAYER shared/alpine3.9 -LAYER redis/redis +IMAGE redis 4.0.12-190620 +META title Redis +META desc-cs Pokročilá key-value databáze +META desc-en Advanced key-value store +META type service +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) diff --git a/lxc-services/redis/meta b/lxc-services/redis/meta deleted file mode 100644 index 4882655..0000000 --- a/lxc-services/redis/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Redis", - "desc-en": "Redis", - "lxcpath": "redis", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-services/solr/lxcfile b/lxc-services/solr/lxcfile index bbed9e6..1445a39 100644 --- a/lxc-services/solr/lxcfile +++ b/lxc-services/solr/lxcfile @@ -1,7 +1,12 @@ -IMAGE solr -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER solr/solr +IMAGE solr 6.5.1-190620 +META title Solr +META desc-cs Platforma pro fulltextové a fasetové vyhledávání +META desc-en Fulltext and faceted search platform +META type service +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-services/solr/meta b/lxc-services/solr/meta deleted file mode 100644 index 2ea5d74..0000000 --- a/lxc-services/solr/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Solr", - "desc-en": "Solr", - "lxcpath": "solr", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-java8"] -} diff --git a/lxc-shared/alpine3.8-nodejs8/lxcfile b/lxc-shared/alpine3.8-nodejs8/lxcfile index ce8dbdf..ff83b39 100644 --- a/lxc-shared/alpine3.8-nodejs8/lxcfile +++ b/lxc-shared/alpine3.8-nodejs8/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.8 -LAYER shared/alpine3.8-nodejs8 +IMAGE alpine3.8-nodejs8 8.14.0-190620 +META title Alpine 3.8 Node.js 8 +META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 8 +META desc-en Basic LXC layer with Node.js 8 runtime environment +META type layer +META license GPL + +LAYER alpine3.8 3.8.4-190620 RUN EOF apk --no-cache add nodejs diff --git a/lxc-shared/alpine3.8-nodejs8/meta b/lxc-shared/alpine3.8-nodejs8/meta deleted file mode 100644 index b010912..0000000 --- a/lxc-shared/alpine3.8-nodejs8/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro Node.js 8", - "desc-en": "Basic LXC layer with Node.js 8 runtime environment", - "lxcpath": "shared/alpine3.8-nodejs8", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.8"] -} diff --git a/lxc-shared/alpine3.8-php5.6/lxcfile b/lxc-shared/alpine3.8-php5.6/lxcfile index 6c4798b..a7b455e 100644 --- a/lxc-shared/alpine3.8-php5.6/lxcfile +++ b/lxc-shared/alpine3.8-php5.6/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.8 -LAYER shared/alpine3.8-php5.6 +IMAGE alpine3.8-php5.6 5.6.40-190620 +META title Alpine 3.8 PHP 5.6 +META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 5.6 +META desc-en Basic LXC layer with PHP 5.6 runtime environment +META type layer +META license GPL + +LAYER alpine3.8 3.8.4-190620 RUN EOF apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache diff --git a/lxc-shared/alpine3.8-php5.6/meta b/lxc-shared/alpine3.8-php5.6/meta deleted file mode 100644 index 436cd06..0000000 --- a/lxc-shared/alpine3.8-php5.6/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro PHP 5", - "desc-en": "Basic LXC layer with PHP 5 runtime environment", - "lxcpath": "shared/alpine3.8-php5.6", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.8"] -} diff --git a/lxc-shared/alpine3.8-ruby2.4/lxcfile b/lxc-shared/alpine3.8-ruby2.4/lxcfile index c390a84..7c9b5a1 100644 --- a/lxc-shared/alpine3.8-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.8-ruby2.4/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.8 -LAYER shared/alpine3.8-ruby2.4 +IMAGE alpine3.8-ruby2.4 2.4.5-190620 +META title Alpine 3.8 Ruby 2.4 +META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4 +META desc-en Basic LXC layer with Ruby 2.4 runtime environment +META type layer +META license GPL + +LAYER alpine3.8 3.8.4-190620 RUN EOF # Install Ruby runtime dependencies diff --git a/lxc-shared/alpine3.8-ruby2.4/meta b/lxc-shared/alpine3.8-ruby2.4/meta deleted file mode 100644 index aca5c56..0000000 --- a/lxc-shared/alpine3.8-ruby2.4/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro Ruby 2.4", - "desc-en": "Basic LXC layer with Ruby 2.4 runtime environment", - "lxcpath": "shared/alpine3.8-ruby2.4", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.8"] -} diff --git a/lxc-shared/alpine3.8/lxcfile b/lxc-shared/alpine3.8/lxcfile index 620675a..369510a 100644 --- a/lxc-shared/alpine3.8/lxcfile +++ b/lxc-shared/alpine3.8/lxcfile @@ -1,5 +1,10 @@ -IMAGE build -LAYER shared/alpine3.8 +IMAGE alpine3.8 3.8.4-190620 +META title Alpine 3.8 +META desc-cs Základní LXC vrstva s Alpine linuxem 3.8 +META desc-en Basic LXC layer with Alpine linux 3.8 +META type layer +META license GPL + COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.8/x86_64/versions/library-3.8/x86_64/rootfs.tar.xz RUN EOF diff --git a/lxc-shared/alpine3.8/meta b/lxc-shared/alpine3.8/meta deleted file mode 100644 index f9f8724..0000000 --- a/lxc-shared/alpine3.8/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s Alpine linuxem", - "desc-en": "Basic LXC layer with Alpine linux", - "lxcpath": "shared/alpine3.8", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": [] -} diff --git a/lxc-shared/alpine3.9-java8/lxcfile b/lxc-shared/alpine3.9-java8/lxcfile index 6f702dc..6c4f689 100644 --- a/lxc-shared/alpine3.9-java8/lxcfile +++ b/lxc-shared/alpine3.9-java8/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 +IMAGE alpine3.9-java8 8.212.04-190620 +META title Alpine 3.9 OpenJDK 8 +META desc-cs Základní LXC vrstva s běhovým prostředím pro Javu 8 +META desc-en Basic LXC layer with Java 8 runtime environment +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF # nss needed due to https://github.com/docker-library/openjdk/issues/289 , https://bugs.alpinelinux.org/issues/10126 diff --git a/lxc-shared/alpine3.9-java8/meta b/lxc-shared/alpine3.9-java8/meta deleted file mode 100644 index 8b3a3b9..0000000 --- a/lxc-shared/alpine3.9-java8/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro Javu", - "desc-en": "Basic LXC layer with Java runtime environment", - "lxcpath": "shared/alpine3.9-java8", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-shared/alpine3.9-nodejs10/lxcfile b/lxc-shared/alpine3.9-nodejs10/lxcfile index ca88e53..a13beb7 100644 --- a/lxc-shared/alpine3.9-nodejs10/lxcfile +++ b/lxc-shared/alpine3.9-nodejs10/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-nodejs10 +IMAGE alpine3.9-nodejs10 10.14.2-190620 +META title Alpine 3.9 Node.js 10 +META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 10 +META desc-en Basic LXC layer with Node.js 10 runtime environment +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF apk --no-cache add nodejs diff --git a/lxc-shared/alpine3.9-nodejs10/meta b/lxc-shared/alpine3.9-nodejs10/meta deleted file mode 100644 index 8272507..0000000 --- a/lxc-shared/alpine3.9-nodejs10/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro Node.js 10", - "desc-en": "Basic LXC layer with Node.js 10 runtime environment", - "lxcpath": "shared/alpine3.9-nodejs10", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-shared/alpine3.9-php7.2/lxcfile b/lxc-shared/alpine3.9-php7.2/lxcfile index 02519a9..7e6e145 100644 --- a/lxc-shared/alpine3.9-php7.2/lxcfile +++ b/lxc-shared/alpine3.9-php7.2/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-php7.2 +IMAGE alpine3.9-php7.2 7.2.19-190620 +META title Alpine 3.9 PHP 7.2 +META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 7.2 +META desc-en Basic LXC layer with PHP 7.2 runtime environment +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF apk --no-cache add nginx php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session diff --git a/lxc-shared/alpine3.9-php7.2/meta b/lxc-shared/alpine3.9-php7.2/meta deleted file mode 100644 index d4d674d..0000000 --- a/lxc-shared/alpine3.9-php7.2/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro PHP 7", - "desc-en": "Basic LXC layer with PHP 7 runtime environment", - "lxcpath": "shared/alpine3.9-php7.2", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-shared/alpine3.9-python2.7/lxcfile b/lxc-shared/alpine3.9-python2.7/lxcfile index 6de6f11..97584cc 100644 --- a/lxc-shared/alpine3.9-python2.7/lxcfile +++ b/lxc-shared/alpine3.9-python2.7/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python2.7 +IMAGE alpine3.9-python2.7 2.7.16-190620 +META title Alpine 3.9 python 2.7 +META desc-cs Základní LXC vrstva s běhovým prostředím pro python 2.7 +META desc-en Basic LXC layer with python 2.7 runtime environment +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF apk --no-cache add python2 diff --git a/lxc-shared/alpine3.9-python2.7/meta b/lxc-shared/alpine3.9-python2.7/meta deleted file mode 100644 index 63dd5e3..0000000 --- a/lxc-shared/alpine3.9-python2.7/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro python 2", - "desc-en": "Basic LXC layer with python 2 runtime environment", - "lxcpath": "shared/alpine3.9-python2.7", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-shared/alpine3.9-python3.6/lxcfile b/lxc-shared/alpine3.9-python3.6/lxcfile index 0ed3a03..fced4c2 100644 --- a/lxc-shared/alpine3.9-python3.6/lxcfile +++ b/lxc-shared/alpine3.9-python3.6/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-python3.6 +IMAGE alpine3.9-python3.6 3.6.8-190620 +META title Alpine 3.9 python 3.6 +META desc-cs Základní LXC vrstva s běhovým prostředím pro python 3.6 +META desc-en Basic LXC layer with python 3.6 runtime environment +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF apk --no-cache add python3 diff --git a/lxc-shared/alpine3.9-python3.6/meta b/lxc-shared/alpine3.9-python3.6/meta deleted file mode 100644 index df9ebb4..0000000 --- a/lxc-shared/alpine3.9-python3.6/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro python 3", - "desc-en": "Basic LXC layer with python 3 runtime environment", - "lxcpath": "shared/alpine3.9-python3.6", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-shared/alpine3.9-ruby2.4/lxcfile b/lxc-shared/alpine3.9-ruby2.4/lxcfile index c0c034c..15f0702 100644 --- a/lxc-shared/alpine3.9-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.4/lxcfile @@ -1,6 +1,11 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-ruby2.4 +IMAGE alpine3.9-ruby2.4 2.4.5-190620 +META title Alpine 3.9 Ruby 2.4 +META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4 +META desc-en Basic LXC layer with Ruby 2.4 runtime environment +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 RUN EOF # Install Ruby runtime dependencies diff --git a/lxc-shared/alpine3.9-ruby2.4/meta b/lxc-shared/alpine3.9-ruby2.4/meta deleted file mode 100644 index 66bfb39..0000000 --- a/lxc-shared/alpine3.9-ruby2.4/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s běhovým prostředím pro Ruby 2.4", - "desc-en": "Basic LXC layer with Ruby 2.4 runtime environment", - "lxcpath": "shared/alpine3.9-ruby2.4", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9"] -} diff --git a/lxc-shared/alpine3.9-tomcat7/lxcfile b/lxc-shared/alpine3.9-tomcat7/lxcfile index 8ab8bd3..b2192e9 100644 --- a/lxc-shared/alpine3.9-tomcat7/lxcfile +++ b/lxc-shared/alpine3.9-tomcat7/lxcfile @@ -1,7 +1,12 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat7 +IMAGE alpine3.9-tomcat7 7.0.94-190620 +META title Alpine 3.9 Tomcat 7 +META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 7 +META desc-en Basic LXC layer with Tomcat 7 JSP and servlet container +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 RUN EOF # Install Tomcat 7 diff --git a/lxc-shared/alpine3.9-tomcat7/meta b/lxc-shared/alpine3.9-tomcat7/meta deleted file mode 100644 index 374d387..0000000 --- a/lxc-shared/alpine3.9-tomcat7/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 8", - "desc-en": "Basic LXC layer with Tomcat 8 JSP and servlet container", - "lxcpath": "shared/alpine3.9-tomcat7", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-java8"] -} diff --git a/lxc-shared/alpine3.9-tomcat8.5/lxcfile b/lxc-shared/alpine3.9-tomcat8.5/lxcfile index 229aa79..0414ff4 100644 --- a/lxc-shared/alpine3.9-tomcat8.5/lxcfile +++ b/lxc-shared/alpine3.9-tomcat8.5/lxcfile @@ -1,7 +1,12 @@ -IMAGE build -LAYER shared/alpine3.9 -LAYER shared/alpine3.9-java8 -LAYER shared/alpine3.9-tomcat8.5 +IMAGE alpine3.9-tomcat8.5 8.5.41-190620 +META title Alpine 3.9 Tomcat 8.5 +META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 8.5 +META desc-en Basic LXC layer with Tomcat 8.5 JSP and servlet container +META type layer +META license GPL + +LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9-java8 8.212.04-190620 RUN EOF # Install Tomcat 8.5 diff --git a/lxc-shared/alpine3.9-tomcat8.5/meta b/lxc-shared/alpine3.9-tomcat8.5/meta deleted file mode 100644 index c3de862..0000000 --- a/lxc-shared/alpine3.9-tomcat8.5/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 8.5", - "desc-en": "Basic LXC layer with Tomcat 8.5 JSP and servlet container", - "lxcpath": "shared/alpine3.9-tomcat8.5", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": ["alpine3.9-java8"] -} diff --git a/lxc-shared/alpine3.9/lxcfile b/lxc-shared/alpine3.9/lxcfile index 9017dba..265717c 100644 --- a/lxc-shared/alpine3.9/lxcfile +++ b/lxc-shared/alpine3.9/lxcfile @@ -1,7 +1,11 @@ -IMAGE build -LAYER shared/alpine3.9 -COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.9/x86_64/versions/library-3.9/x86_64/rootfs.tar.xz +IMAGE alpine3.9 3.9.4-190620 +META title Alpine 3.9 +META desc-cs Základní LXC vrstva s Alpine linuxem 3.9 +META desc-en Basic LXC layer with Alpine linux 3.9 +META type layer +META license GPL +COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.9/x86_64/versions/library-3.9/x86_64/rootfs.tar.xz COPY lxc RUN EOF diff --git a/lxc-shared/alpine3.9/meta b/lxc-shared/alpine3.9/meta deleted file mode 100644 index 2a8b758..0000000 --- a/lxc-shared/alpine3.9/meta +++ /dev/null @@ -1,9 +0,0 @@ -{ - "desc-cs": "Základní LXC vrstva s Alpine linuxem", - "desc-en": "Basic LXC layer with Alpine linux", - "lxcpath": "shared/alpine3.9", - "version": "0.0.1", - "release": "0", - "license": "GPL", - "depends": [] -} From ec7e843024bafbde6e19e509ed279cd42f52102d Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 21 Aug 2019 11:09:06 +0200 Subject: [PATCH 002/228] Bump wireguard to 0.0.20190702 - 4.19.52 --- apk/wireguard-tools/APKBUILD | 17 ++++++++--------- apk/wireguard/APKBUILD | 16 ++++------------ 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/apk/wireguard-tools/APKBUILD b/apk/wireguard-tools/APKBUILD index d70554c..1be21c0 100644 --- a/apk/wireguard-tools/APKBUILD +++ b/apk/wireguard-tools/APKBUILD @@ -1,14 +1,15 @@ # Contributor: Stuart Cardall # Maintainer: Stuart Cardall - -# NOTE: pkgrel must match _toolsrel in wireguard-vanilla pkgname=wireguard-tools -pkgver=0.0.20190601 +pkgver=0.0.20190702 pkgrel=0 pkgdesc="Next generation secure network tunnel: userspace tools" -arch='all' -url='https://www.wireguard.com' -license="GPL-2.0" +arch="all" +url="https://www.wireguard.com" +# SPDX identifier headers tells us 'GPL-2.0' but considering it +# is a kernel project i think it is safe to assume it is GPL-2.0-only just +# like the kernel. +license="GPL-2.0-only" makedepends="libmnl-dev" depends="$pkgname-wg $pkgname-wg-quick" subpackages=" @@ -24,12 +25,10 @@ source="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$pkgver.tar.xz builddir="$srcdir"/WireGuard-$pkgver build() { - cd "$builddir" make -C src/tools } package() { - cd "$builddir" mkdir -p "$pkgdir/usr/share/doc/$pkgname" make -C src/tools \ @@ -62,5 +61,5 @@ bashcomp() { mv "$pkgdir"/usr/share "$subpkgdir"/usr } -sha512sums="d667e42b90fbda85b005ae2966689dadc9975c1a53ca5ddfff44214ed55ad7d55d451008c225a4619c834bd7af598af1f127d76a8a3a86cf2e6d886ea0638cf3 WireGuard-0.0.20190601.tar.xz +sha512sums="8b92b51506cd3f8e9939378b86f23678e08e8501432decd0abf6a9d4e3dfe4742b6f1cb75e06407f5816778b3dd90849a5da83252ab882392ec1905dfb997501 WireGuard-0.0.20190702.tar.xz 4577574333f023217ae6e0945807e1ccd2dec7caa87e329b1d5b44569f6b5969663ad74f8154b85d3dc7063dd762649e3fa87c7667e238ffb77c0e5df9245a5e alpine-compat.patch" diff --git a/apk/wireguard/APKBUILD b/apk/wireguard/APKBUILD index a32133a..5481bb6 100644 --- a/apk/wireguard/APKBUILD +++ b/apk/wireguard/APKBUILD @@ -2,11 +2,11 @@ # Maintainer: Stuart Cardall # wireguard version -_ver=0.0.20190601 +_ver=0.0.20190702 _rel=0 # kernel version -_kver=4.19.41 +_kver=4.19.52 _krel=0 _kpkgver="$_kver-r$_krel" @@ -25,8 +25,7 @@ _kpkg=linux-$_flavor pkgname=wireguard-$_flavor pkgver=$_kver -pkgrel=2 -pkgrel=$(($pkgrel + $_krel)) +pkgrel=$(( $_rel + $_krel)) pkgdesc="Next generation secure network tunnel: kernel modules for $_flavor" arch="all" @@ -57,13 +56,6 @@ prepare() { return 0 ) fi - if [ -z "$FLAVOR" ]; then - ( . "$startdir"/../../community/wireguard-tools/APKBUILD - [ "$_ver" != "$pkgver" ] && die "please update _ver to $pkgver" - [ "$_rel" != "$pkgrel" ] && die "please update _rel to $pkgrel" - return 0 - ) - fi local flavor= for flavor in $_flavor $_extra_flavors; do cp -r "$builddir" "$srcdir"/$flavor @@ -96,4 +88,4 @@ _extra() { "$subpkgdir/lib/modules/$kabi/extra/wireguard.ko" } -sha512sums="d667e42b90fbda85b005ae2966689dadc9975c1a53ca5ddfff44214ed55ad7d55d451008c225a4619c834bd7af598af1f127d76a8a3a86cf2e6d886ea0638cf3 WireGuard-0.0.20190601.tar.xz" +sha512sums="8b92b51506cd3f8e9939378b86f23678e08e8501432decd0abf6a9d4e3dfe4742b6f1cb75e06407f5816778b3dd90849a5da83252ab882392ec1905dfb997501 WireGuard-0.0.20190702.tar.xz" From 9f1f247484809b19cb68746d573c10743a916489 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 18 Sep 2019 11:29:58 +0200 Subject: [PATCH 003/228] Introduce LXC-composer --- apk/vmmgr | 2 +- apps/ckan/install.sh | 79 ++++++++ {lxc-apps => apps}/ckan/install/adminpwd.sql | 2 +- .../ckan/install/ckan_conf}/ckan.ini | 0 .../ckan/install/ckan_conf}/who.ini | 0 {lxc-apps => apps}/ckan/install/createdb.sql | 32 ++-- .../install/datapusher_conf}/datapusher.wsgi | 0 .../datapusher_conf}/datapusher_settings.py | 0 .../ckan/install/postgres_data}/pg_hba.conf | 0 .../install/postgres_data}/postgresql.conf | 10 +- .../ckan/install/redis_conf}/redis.conf | 2 +- .../install/solr_data}/ckan/conf/schema.xml | 0 .../solr_data}/ckan/conf/solrconfig.xml | 0 apps/ckan/install/solr_data/solr.xml | 53 ++++++ apps/ckan/install/update-conf.sh | 10 + apps/ckan/meta | 52 +++++ {lxc-apps => apps}/ckan/uninstall.sh | 0 build/usr/bin/lxc-build | 1 + .../usr/lib/python3.6/lxcbuild/lxcbuilder.py | 179 +++++++----------- build/usr/lib/python3.6/lxcbuild/lxcimage.py | 12 +- build/usr/lib/python3.6/lxcbuild/lxcpacker.py | 26 +-- lxc-apps/ckan-datapusher/install.sh | 17 -- .../install/etc/init.d/ckan-datapusher | 11 -- .../srv/ckan-datapusher/update-conf.sh | 3 - lxc-apps/ckan-datapusher/lxcfile | 19 +- lxc-apps/ckan-datapusher/uninstall.sh | 6 - lxc-apps/ckan/install.sh | 66 ------- lxc-apps/ckan/install/etc/init.d/ckan | 23 --- .../ckan/install/etc/periodic/hourly/ckan | 6 - lxc-apps/ckan/install/srv/ckan/update-conf.sh | 8 - lxc-apps/ckan/lxc/etc/crontabs/ckan | 2 + .../ckan/lxc/etc/services.d/.s6-svscan/finish | 4 + lxc-apps/ckan/lxc/etc/services.d/ckan/run | 5 + lxc-apps/ckan/lxc/etc/services.d/cron/run | 4 + lxc-apps/ckan/lxcfile | 22 +-- lxc-apps/crisiscleanup/lxcfile | 14 +- lxc-apps/cts/lxcfile | 12 +- lxc-apps/ecogis/lxcfile | 12 +- lxc-apps/frontlinesms/lxcfile | 11 +- lxc-apps/gnuhealth/lxcfile | 14 +- lxc-apps/kanboard/lxcfile | 12 +- lxc-apps/mifosx/lxcfile | 14 +- lxc-apps/motech/lxcfile | 14 +- lxc-apps/odoo/lxcfile | 14 +- lxc-apps/opendatakit-build/lxcfile | 14 +- lxc-apps/opendatakit/lxcfile | 14 +- lxc-apps/openmapkit/lxcfile | 15 +- lxc-apps/pandora/lxcfile | 12 +- lxc-apps/sahana-demo/lxcfile | 14 +- lxc-apps/sahana-shared/lxcfile | 11 +- lxc-apps/sahana/lxcfile | 14 +- lxc-apps/sambro/lxcfile | 14 +- lxc-apps/seeddms/lxcfile | 14 +- lxc-apps/sigmah/lxcfile | 14 +- lxc-apps/ushahidi/lxcfile | 12 +- lxc-services/activemq/lxcfile | 11 +- lxc-services/mariadb/lxcfile | 10 +- lxc-services/postgis/lxcfile | 13 ++ lxc-services/postgres/install.sh | 24 --- .../postgres/install/etc/init.d/postgres | 15 -- lxc-services/postgres/lxcfile | 18 +- lxc-services/postgres/uninstall.sh | 6 - lxc-services/rabbitmq/lxcfile | 10 +- lxc-services/redis/install.sh | 13 -- lxc-services/redis/install/etc/init.d/redis | 11 -- lxc-services/redis/lxcfile | 12 +- lxc-services/redis/uninstall.sh | 6 - lxc-services/solr/install.sh | 13 -- lxc-services/solr/install/etc/init.d/solr | 11 -- lxc-services/solr/uninstall.sh | 6 - .../{solr => solr6}/lxc/usr/bin/solr.in.sh | 2 +- lxc-services/{solr => solr6}/lxcfile | 13 +- lxc-shared/alpine3.8-nodejs8/lxcfile | 9 +- lxc-shared/alpine3.8-php5.6/lxcfile | 11 +- lxc-shared/alpine3.8-ruby2.4/lxcfile | 9 +- lxc-shared/alpine3.8/lxcfile | 10 +- lxc-shared/alpine3.9-java8/lxcfile | 9 +- lxc-shared/alpine3.9-nodejs10/lxcfile | 9 +- lxc-shared/alpine3.9-php7.2/lxcfile | 11 +- lxc-shared/alpine3.9-python2.7/lxcfile | 11 +- lxc-shared/alpine3.9-python3.6/lxcfile | 11 +- lxc-shared/alpine3.9-ruby2.4/lxcfile | 9 +- lxc-shared/alpine3.9-tomcat7/lxcfile | 13 +- lxc-shared/alpine3.9-tomcat8.5/lxcfile | 13 +- lxc-shared/alpine3.9/lxcfile | 10 +- 85 files changed, 473 insertions(+), 777 deletions(-) create mode 100644 apps/ckan/install.sh rename {lxc-apps => apps}/ckan/install/adminpwd.sql (99%) rename {lxc-apps/ckan/install/srv/ckan/conf => apps/ckan/install/ckan_conf}/ckan.ini (100%) rename {lxc-apps/ckan/install/srv/ckan/conf => apps/ckan/install/ckan_conf}/who.ini (100%) rename {lxc-apps => apps}/ckan/install/createdb.sql (97%) rename {lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/conf => apps/ckan/install/datapusher_conf}/datapusher.wsgi (100%) rename {lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/conf => apps/ckan/install/datapusher_conf}/datapusher_settings.py (100%) rename {lxc-services/postgres/install/srv/postgres/data => apps/ckan/install/postgres_data}/pg_hba.conf (100%) rename {lxc-services/postgres/install/srv/postgres/data => apps/ckan/install/postgres_data}/postgresql.conf (98%) rename {lxc-services/redis/install/srv/redis/conf => apps/ckan/install/redis_conf}/redis.conf (99%) rename {lxc-apps/ckan/install/srv/solr/data => apps/ckan/install/solr_data}/ckan/conf/schema.xml (100%) rename {lxc-apps/ckan/install/srv/solr/data => apps/ckan/install/solr_data}/ckan/conf/solrconfig.xml (100%) create mode 100644 apps/ckan/install/solr_data/solr.xml create mode 100644 apps/ckan/install/update-conf.sh create mode 100644 apps/ckan/meta rename {lxc-apps => apps}/ckan/uninstall.sh (100%) mode change 100755 => 100644 delete mode 100755 lxc-apps/ckan-datapusher/install.sh delete mode 100755 lxc-apps/ckan-datapusher/install/etc/init.d/ckan-datapusher delete mode 100755 lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/update-conf.sh delete mode 100755 lxc-apps/ckan-datapusher/uninstall.sh delete mode 100755 lxc-apps/ckan/install.sh delete mode 100755 lxc-apps/ckan/install/etc/init.d/ckan delete mode 100755 lxc-apps/ckan/install/etc/periodic/hourly/ckan delete mode 100755 lxc-apps/ckan/install/srv/ckan/update-conf.sh create mode 100644 lxc-apps/ckan/lxc/etc/crontabs/ckan create mode 100644 lxc-apps/ckan/lxc/etc/services.d/.s6-svscan/finish create mode 100644 lxc-apps/ckan/lxc/etc/services.d/ckan/run create mode 100644 lxc-apps/ckan/lxc/etc/services.d/cron/run create mode 100644 lxc-services/postgis/lxcfile delete mode 100755 lxc-services/postgres/install.sh delete mode 100755 lxc-services/postgres/install/etc/init.d/postgres delete mode 100755 lxc-services/postgres/uninstall.sh delete mode 100755 lxc-services/redis/install.sh delete mode 100755 lxc-services/redis/install/etc/init.d/redis delete mode 100755 lxc-services/redis/uninstall.sh delete mode 100755 lxc-services/solr/install.sh delete mode 100755 lxc-services/solr/install/etc/init.d/solr delete mode 100755 lxc-services/solr/uninstall.sh rename lxc-services/{solr => solr6}/lxc/usr/bin/solr.in.sh (53%) rename lxc-services/{solr => solr6}/lxcfile (66%) diff --git a/apk/vmmgr b/apk/vmmgr index d9334fd..972ca0b 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit d9334fd12be8feb11106564d1a3b2e7526c89f43 +Subproject commit 972ca0b6967edd56af96a7de159950ac9fcbc4a6 diff --git a/apps/ckan/install.sh b/apps/ckan/install.sh new file mode 100644 index 0000000..e1bf46b --- /dev/null +++ b/apps/ckan/install.sh @@ -0,0 +1,79 @@ +#!/bin/sh +set -ev + +cd $(realpath $(dirname "${0}"))/install + +# Create Postgres instance +mkdir -p /srv/ckan/postgres_data +chown -R 105432:105432 /srv/ckan/postgres_data +chmod 700 /srv/ckan/postgres_data +lxc-execute -n ckan_postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/ckan/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/ckan/postgres_data/pg_hba.conf + +# Create database +export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +lxc-start ckan_postgres #TODO: wait? +envsubst /srv/ckan/solr_data/solr.xml +chown -R 108983:108983 /srv/ckan/solr_data +lxc-start ckan_solr # TODO: wait? + +# Configure CKAN Solr core +lxc-attach -u 8983 -g 8983 ckan_solr -- solr create -p 8983 -c ckan # TODO: wait to ensure creation? +lxc-stop ckan_solr +cp solr_data/ckan/conf/schema.xml /srv/ckan/solr_data/ckan/conf/schema.xml +cp solr_data/ckan/conf/solrconfig.xml /srv/ckan/solr_data/ckan/conf/solrconfig.xml +chown 108983:108983 /srv/ckan/solr_data/ckan/conf/schema.xml # TODO: je to potreba? +lxc-start ckan_solr # TODO: wait? + +# Configure CKAN DataPusher +mkdir -p /srv/ckan/datapusher_conf /srv/ckan/datapusher_data +cp datapusher_conf/datapusher.wsgi /srv/ckan/datapusher_conf/datapusher.wsgi +cp datapusher_conf/datapusher_settings.py /srv/ckan/datapusher_conf/datapusher_settings.py +chown -R 108080:108080 /srv/ckan/datapusher_data + +# Configure CKAN +mkdir -p /srv/ckan/ckan_conf /srv/ckan/ckan_data +export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid) +envsubst /srv/ckan/ckan_conf/ckan.ini +cp ckan_conf/who.ini /srv/ckan/ckan_conf/who.ini +chown -R 108080:108080 /srv/ckan/ckan_data + +# Populate database +lxc-execute ckan_ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini +lxc-execute ckan_ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini +lxc-execute ckan_ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql + +# Create admin account +export CKAN_ADMIN_USER="admin" +export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid) +export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid) +export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') +export CKAN_ADMIN_HASH=$(lxc-execute ckan_ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')") +export CKAN_ADMIN_EMAIL="admin@example.com" +envsubst + + + + + + + + + ${host:} + ${jetty.port:8983} + ${hostContext:solr} + + ${genericCoreNodeNames:true} + + ${zkClientTimeout:30000} + ${distribUpdateSoTimeout:600000} + ${distribUpdateConnTimeout:60000} + ${zkCredentialsProvider:org.apache.solr.common.cloud.DefaultZkCredentialsProvider} + ${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider} + + + + + ${socketTimeout:600000} + ${connTimeout:60000} + + + diff --git a/apps/ckan/install/update-conf.sh b/apps/ckan/install/update-conf.sh new file mode 100644 index 0000000..399f806 --- /dev/null +++ b/apps/ckan/install/update-conf.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +HOST="${DOMAIN}" +[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}" +sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/ckan_conf/ckan.ini + +sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/ckan_conf/ckan.ini +sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/ckan_conf/ckan.ini + +sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" /srv/ckan/datapusher_conf/datapusher_settings.py diff --git a/apps/ckan/meta b/apps/ckan/meta new file mode 100644 index 0000000..183d77c --- /dev/null +++ b/apps/ckan/meta @@ -0,0 +1,52 @@ +{ + 'version': '1234', + 'meta': { + 'title': 'CKAN', + 'desc-cs': 'Datový sklad', + 'desc-en': 'Data store', + 'license': 'GPL' + }, + 'containers': { + 'ckan': { + 'image': 'ckan_123', + 'depends': [ + 'ckan_datapusher', + 'ckan_redis', + 'ckan_solr', + 'ckan_postgres' + ], + 'mounts': { + '/srv/ckan/ckan_conf': '/etc/ckan', + '/srv/ckan/ckan_data': '/srv/ckan/storage' + } + }, + 'ckan_datapusher': { + 'image': 'ckan-datapusher_123', + 'mounts': { + '/etc/ssl/services.pem': '/etc/ssl/services.pem', + '/srv/ckan/datapusher_conf': '/etc/ckan-datapusher', + '/srv/ckan/datapusher_data': '/srv/ckan-datapusher/data' + } + }, + 'ckan_redis': { + 'image': 'redis_123', + 'mounts': { + '/srv/ckan/redis_conf/redis.conf': '/etc/redis.conf' + '/srv/ckan/redis_data': '/var/lib/redis' + } + }, + 'ckan_solr': { + 'image': 'solr_123', + 'mounts': { + '/srv/ckan/solr_data': '/var/lib/solr' + } + }, + 'ckan_postgres': { + 'image': 'postgis_123', + 'mounts': { + '/srv/ckan/postgres_data': '/var/lib/postgresql' + } + } + }, + 'proxy': 'ckan' +} diff --git a/lxc-apps/ckan/uninstall.sh b/apps/ckan/uninstall.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/ckan/uninstall.sh rename to apps/ckan/uninstall.sh diff --git a/build/usr/bin/lxc-build b/build/usr/bin/lxc-build index 406be81..263f6f0 100755 --- a/build/usr/bin/lxc-build +++ b/build/usr/bin/lxc-build @@ -1,6 +1,7 @@ #!/usr/bin/python3 # -*- coding: utf-8 -*- +import sys from lxcbuild.lxcimage import LXCImage if __name__ == '__main__': diff --git a/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py b/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py index 5a288e2..8605ee0 100644 --- a/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py @@ -4,58 +4,25 @@ import os import shutil import subprocess import sys +from vmmgr import lxcmgr LXC_ROOT = '/var/lib/lxc' -CONFIG_TEMPLATE = '''# Image name -lxc.uts.name = {name} - -# Network -lxc.net.0.type = veth -lxc.net.0.link = lxcbr0 -lxc.net.0.flags = up - -# Volumes -lxc.rootfs.path = {rootfs} - -# Mounts -lxc.mount.entry = shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0 -lxc.mount.entry = /etc/hosts etc/hosts none bind,create=file 0 0 -lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,create=file 0 0 -{mounts} - -# Init -lxc.init.uid = {uid} -lxc.init.gid = {gid} -lxc.init.cwd = {cwd} - -# Environment -lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -{env} - -# Halt -lxc.signal.halt = {halt} - -# Log -lxc.console.size = 1MB -lxc.console.logfile = /var/log/lxc/{name}.log - -# Other -lxc.arch = x86_64 -lxc.cap.drop = sys_admin -lxc.hook.pre-start = /usr/bin/vmmgr prepare-container -lxc.hook.start-host = /usr/bin/vmmgr register-container -lxc.hook.post-stop = /usr/bin/vmmgr unregister-container -lxc.include = /usr/share/lxc/config/common.conf -''' class LXCBuilder: def __init__(self, image): self.image = image self.script = [] self.script_eof = None - self.already_built = False def build(self): + try: + self.image.conf['build'] = True + self.process_file() + except FileExistsError as e: + print(e) + del self.image.conf['build'] + + def process_file(self): with open(self.image.lxcfile, 'r') as f: for line in f: line = line.strip() @@ -73,18 +40,14 @@ class LXCBuilder: self.script = [] self.script_eof = args elif 'IMAGE' == directive: - self.set_name(*args.split()) - elif 'META' == directive: - self.add_meta(*args.split(None, 1)) + self.set_name(args) elif 'LAYER' == directive: - self.add_layer(*args.split()) + self.add_layer(args) elif 'FIXLAYER' == directive: self.fix_layer(args.split()) elif 'COPY' == directive: srcdst = args.split() self.copy_files(srcdst[0], srcdst[1] if len(srcdst) == 2 else '') - elif 'MOUNT' == directive: - self.add_mount(args.split()) elif 'ENV' == directive: self.add_env(*args.split(None, 1)) elif 'USER' == directive: @@ -95,102 +58,65 @@ class LXCBuilder: self.set_cwd(args) elif 'HALT' == directive: self.set_halt(args) + elif 'READY' == directive: + self.set_ready(args) def get_layer_path(self, layer): return os.path.join(LXC_ROOT, 'storage', layer) - def rebuild_config(self): - if not self.image.upper_layer: - return - upper_layer = self.get_layer_path(self.image.upper_layer) - if not self.image.layers: - rootfs = upper_layer - else: - # Multiple lower overlayfs layers are ordered from right to left (lower2:lower1:rootfs:upper) - layers = [self.get_layer_path(layer) for layer in self.image.layers] - rootfs = 'overlay:{}:{}'.format(':'.join(layers[::-1]), upper_layer) - mounts = '\n'.join(['lxc.mount.entry = {} {} none bind,create={} 0 0'.format(m[1], m[2], m[0].lower()) for m in self.image.mounts]) - env = '\n'.join(['lxc.environment = {}={}'.format(e[0], e[1]) for e in self.image.env]) - cwd = self.image.cwd if self.image.cwd else '/' - halt = self.image.halt if self.image.halt else 'SIGINT' - with open(os.path.join(LXC_ROOT, self.image.upper_layer, 'config'), 'w') as f: - f.write(CONFIG_TEMPLATE.format(name=self.image.upper_layer, rootfs=rootfs, mounts=mounts, env=env, uid=self.image.uid, gid=self.image.gid, cwd=cwd, halt=halt)) - def run_script(self, script): - if self.already_built: - return - sh = os.path.join(self.get_layer_path(self.image.upper_layer), 'run.sh') + lxcmgr.register_container(self.image.name, self.image.conf) + sh = os.path.join(self.get_layer_path(self.image.name), 'run.sh') with open(sh, 'w') as f: f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) os.chmod(sh, 0o700) - subprocess.run(['lxc-execute', '-n', self.image.upper_layer, '--', '/bin/sh', '-lc', '/run.sh'], check=True) + os.chown(sh, 100000, 100000) + subprocess.run(['lxc-execute', self.image.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True) os.unlink(sh) + lxcmgr.unregister_container(self.image.name) - def set_name(self, name, version): + def set_name(self, name): self.image.name = name - self.image.version = version - self.image.upper_layer = '{}_{}'.format(self.image.name, self.image.version) - layer_path = self.get_layer_path(self.image.upper_layer) - if os.path.exists(layer_path): - self.already_built = True - print('Layer {} already exists, skipping build tasks'.format(self.image.upper_layer)) - else: - os.makedirs(layer_path, 0o755, True) - os.makedirs(os.path.join(LXC_ROOT, self.image.upper_layer), 0o755, True) - self.rebuild_config() + self.image.conf['layers'] = [self.image.name] + image_path = self.get_layer_path(self.image.name) + os.makedirs(image_path, 0o755, True) + os.chown(image_path, 100000, 100000) - def add_meta(self, key, value): - self.image.meta[key] = value - - def add_layer(self, name, version): - self.image.layers.append('{}_{}'.format(name, version)) - self.rebuild_config() + def add_layer(self, name): + self.image.conf['layers'].insert(0, name) def fix_layer(self, cmd): - if self.already_built: - return - layers = [self.get_layer_path(layer) for layer in self.image.layers] - layers.append(self.get_layer_path(self.image.upper_layer)) - subprocess.run([cmd]+layers, check=True) + layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']] + subprocess.run([cmd] + layers, check=True) def copy_files(self, src, dst): - if self.already_built: - return - dst = os.path.join(self.get_layer_path(self.image.upper_layer), dst) + dst = os.path.join(self.get_layer_path(self.image.name), dst) if src.startswith('http://') or src.startswith('https://'): unpack_http_archive(src, dst) else: - src = os.path.join(self.image.build_dir, src) - copy_tree(src, dst) - - def add_mount(self, args): - self.image.mounts.append(args) - if not self.already_built: - self.rebuild_config() + copy_tree(os.path.join(self.build_dir, src), dst) + shift_uid(dst) def add_env(self, args): - self.image.env.append(args) - if not self.already_built: - self.rebuild_config() + if 'env' not in self.image.conf: + self.image.conf['env'] = [] + self.image.conf['env'].append(args) def set_user(self, uid, gid): - self.image.uid = uid - self.image.gid = gid - if not self.already_built: - self.rebuild_config() + self.image.conf['uid'] = uid + self.image.conf['gid'] = gid def set_cmd(self, cmd): - self.image.cmd = cmd + self.image.conf['cmd'] = cmd def set_cwd(self, cwd): - self.image.cwd = cwd - if not self.already_built: - self.rebuild_config() + self.image.conf['cwd'] = cwd def set_halt(self, halt): - self.image.halt = halt - if not self.already_built: - self.rebuild_config() + self.image.conf['halt'] = halt + + def set_ready(self, cmd): + self.image.conf['ready'] = cmd def unpack_http_archive(src, dst): xf = 'xzf' @@ -211,3 +137,26 @@ def copy_tree(src, dst): for name in os.listdir(src): copy_tree(os.path.join(src, name), os.path.join(dst, name)) shutil.copystat(src, dst) + +def shift_uid(dir): + shift_uid_entry(dir, os.stat(dir, follow_symlinks=True)) + shift_uid_recursively(dir) + +def shift_uid_recursively(dir): + for entry in os.scandir(dir): + shift_uid_entry(entry.path, entry.stat(follow_symlinks=False)) + if entry.is_dir(): + shift_uid_recursively(entry.path) + +def shift_uid_entry(path, stat): + uid = stat.st_uid + gid = stat.st_gid + do_chown = False + if uid < 100000: + uid = uid + 100000 + do_chown = True + if gid < 100000: + gid = gid + 100000 + do_chown = True + if do_chown: + os.lchown(path, uid, gid) diff --git a/build/usr/lib/python3.6/lxcbuild/lxcimage.py b/build/usr/lib/python3.6/lxcbuild/lxcimage.py index 4fbee93..a5515e3 100644 --- a/build/usr/lib/python3.6/lxcbuild/lxcimage.py +++ b/build/usr/lib/python3.6/lxcbuild/lxcimage.py @@ -8,17 +8,7 @@ from .lxcpacker import LXCPacker class LXCImage: def __init__(self, build_path): self.name = None - self.version = None - self.meta = {} - self.layers = [] - self.upper_layer = None - self.mounts = [] - self.env = [] - self.uid = 0 - self.gid = 0 - self.cmd = None - self.cwd = None - self.halt = None + self.conf = {} if os.path.isfile(build_path): self.lxcfile = os.path.realpath(build_path) diff --git a/build/usr/lib/python3.6/lxcbuild/lxcpacker.py b/build/usr/lib/python3.6/lxcbuild/lxcpacker.py index d3770de..8010460 100644 --- a/build/usr/lib/python3.6/lxcbuild/lxcpacker.py +++ b/build/usr/lib/python3.6/lxcbuild/lxcpacker.py @@ -23,7 +23,7 @@ class LXCPacker: def pack(self): # Prepare package file names - self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.upper_layer)) + self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.name)) self.xz_path = '{}.xz'.format(self.tar_path) if os.path.exists(self.xz_path): print('Package {} already exists, skipping packaging tasks'.format(self.xz_path)) @@ -35,36 +35,30 @@ class LXCPacker: def create_archive(self): # Create archive - print('Archiving', self.image.upper_layer) - subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.upper_layer)], cwd='/') + print('Archiving', self.image.name) + subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.name)], cwd='/') # Add install/upgrade/uninstall scripts + # TODO: skripty balit jen s aplikacemi, ne s imagi scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') scripts = [s for s in scripts if os.path.exists(os.path.join(self.image.build_dir, s))] - subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.upper_layer), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir) + subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.name), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir) # Compress the tarball with xz (LZMA2) print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576)) subprocess.run(['xz', '-9', self.tar_path]) print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576)) def register_package(self): - # Prepare metadata - meta = self.image.meta.copy() - meta['lxc'] = {} - for key in ('layers', 'mounts', 'env', 'cmd', 'cwd', 'uid', 'gid', 'halt'): - value = getattr(self.image, key) - if value: - meta['lxc'][key] = value - # Register package print('Registering package') - packages = {} packages_file = os.path.join(PKG_ROOT, 'packages') if os.path.exists(packages_file): with open(packages_file, 'r') as f: packages = json.load(f) - packages[self.image.name] = meta - packages[self.image.name]['size'] = os.path.getsize(self.xz_path) - packages[self.image.name]['sha512'] = hash_file(self.xz_path) + else: + packages = {'apps': {}, 'images': {}} + packages['images'][self.image.name] = self.image.conf.copy() + packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path) + packages['images'][self.image.name]['sha512'] = hash_file(self.xz_path) with open(packages_file, 'w') as f: json.dump(packages, f, sort_keys=True, indent=4) diff --git a/lxc-apps/ckan-datapusher/install.sh b/lxc-apps/ckan-datapusher/install.sh deleted file mode 100755 index 194f062..0000000 --- a/lxc-apps/ckan-datapusher/install.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Configure CKAN DataPusher -mkdir -p /srv/ckan-datapusher/conf /srv/ckan-datapusher/data -cp srv/ckan-datapusher/conf/datapusher.wsgi /srv/ckan-datapusher/conf/datapusher.wsgi -cp srv/ckan-datapusher/conf/datapusher_settings.py /srv/ckan-datapusher/conf/datapusher_settings.py -chown -R 8004:8004 /srv/ckan-datapusher/data - -# Install service -cp etc/init.d/ckan-datapusher /etc/init.d/ckan-datapusher -rc-update -u - -# Install config update script -cp srv/ckan-datapusher/update-conf.sh /srv/ckan-datapusher/update-conf.sh diff --git a/lxc-apps/ckan-datapusher/install/etc/init.d/ckan-datapusher b/lxc-apps/ckan-datapusher/install/etc/init.d/ckan-datapusher deleted file mode 100755 index 7fb4589..0000000 --- a/lxc-apps/ckan-datapusher/install/etc/init.d/ckan-datapusher +++ /dev/null @@ -1,11 +0,0 @@ -#!/sbin/openrc-run - -description="CKAN DataPusher container" - -start() { - lxc-start ckan-datapusher -} - -stop() { - lxc-stop ckan-datapusher -} diff --git a/lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/update-conf.sh b/lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/update-conf.sh deleted file mode 100755 index 766ab74..0000000 --- a/lxc-apps/ckan-datapusher/install/srv/ckan-datapusher/update-conf.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" /srv/ckan-datapusher/conf/datapusher_settings.py diff --git a/lxc-apps/ckan-datapusher/lxcfile b/lxc-apps/ckan-datapusher/lxcfile index 283da90..e1d13e1 100644 --- a/lxc-apps/ckan-datapusher/lxcfile +++ b/lxc-apps/ckan-datapusher/lxcfile @@ -1,12 +1,7 @@ -IMAGE ckan-datapusher 0.0.13-190620 -META title CKAN DataPusher -META desc-cs Služba datového skladu pro extrakci dat -META desc-en Data store data extraction service -META type app -META license GPL +IMAGE ckan-datapusher_0.0.13-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies @@ -26,8 +21,8 @@ RUN EOF pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt # Create OS user - addgroup -S -g 8004 ckandp - adduser -S -u 8004 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp + addgroup -S -g 8080 ckandp + adduser -S -u 8080 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp chown -R ckandp:ckandp /srv/ckan-datapusher # Cleanup @@ -38,8 +33,4 @@ EOF COPY lxc -MOUNT FILE /etc/ssl/services.pem etc/ssl/services.pem -MOUNT DIR /srv/ckan-datapusher/conf etc/ckan-datapusher -MOUNT DIR /srv/ckan-datapusher/data srv/ckan-datapusher/data - CMD execlineb -P /run diff --git a/lxc-apps/ckan-datapusher/uninstall.sh b/lxc-apps/ckan-datapusher/uninstall.sh deleted file mode 100755 index 8f2de9e..0000000 --- a/lxc-apps/ckan-datapusher/uninstall.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/ckan-datapusher -rc-update -u diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh deleted file mode 100755 index 41e3d4a..0000000 --- a/lxc-apps/ckan/install.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1 -[ ! -e /run/openrc/started/solr ] && service solr start && STOP_SOLR=1 - -# Create database -export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/ckan/conf/ckan.ini -cp srv/ckan/conf/who.ini /srv/ckan/conf/who.ini -chown -R 8003:8003 /srv/ckan/data - -# Set "production values" (increases performance) only if the DEBUG environment variable is not set -if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/debug = true/debug = false/' /srv/ckan/conf/ckan.ini -fi - -# Populate database -lxc-execute ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini -lxc-execute ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini -lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 postgres -- psql - -# Create admin account -export CKAN_ADMIN_USER="admin" -export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid) -export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid) -export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -export CKAN_ADMIN_HASH=$(lxc-execute ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')") -export CKAN_ADMIN_EMAIL="admin@example.com" -envsubst /dev/null - lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null -fi diff --git a/lxc-apps/ckan/install/srv/ckan/update-conf.sh b/lxc-apps/ckan/install/srv/ckan/update-conf.sh deleted file mode 100755 index 49ae9b9..0000000 --- a/lxc-apps/ckan/install/srv/ckan/update-conf.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -HOST="${DOMAIN}" -[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}" -sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/conf/ckan.ini - -sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/conf/ckan.ini -sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/conf/ckan.ini diff --git a/lxc-apps/ckan/lxc/etc/crontabs/ckan b/lxc-apps/ckan/lxc/etc/crontabs/ckan new file mode 100644 index 0000000..92f3f37 --- /dev/null +++ b/lxc-apps/ckan/lxc/etc/crontabs/ckan @@ -0,0 +1,2 @@ +0 * * * * paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null +0 * * * * paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null diff --git a/lxc-apps/ckan/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/ckan/lxc/etc/services.d/.s6-svscan/finish new file mode 100644 index 0000000..919ec2b --- /dev/null +++ b/lxc-apps/ckan/lxc/etc/services.d/.s6-svscan/finish @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +foreground { s6-svwait -d -t 3000 ckan } +foreground { s6-svwait -d -t 3000 cron } diff --git a/lxc-apps/ckan/lxc/etc/services.d/ckan/run b/lxc-apps/ckan/lxc/etc/services.d/ckan/run new file mode 100644 index 0000000..1b955e4 --- /dev/null +++ b/lxc-apps/ckan/lxc/etc/services.d/ckan/run @@ -0,0 +1,5 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +s6-setuidgid ckan +paster serve /etc/ckan/ckan.ini diff --git a/lxc-apps/ckan/lxc/etc/services.d/cron/run b/lxc-apps/ckan/lxc/etc/services.d/cron/run new file mode 100644 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/ckan/lxc/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/ckan/lxcfile b/lxc-apps/ckan/lxcfile index 5b863c3..fb8226e 100644 --- a/lxc-apps/ckan/lxcfile +++ b/lxc-apps/ckan/lxcfile @@ -1,13 +1,7 @@ -IMAGE ckan 2.8.2-190620 -META title CKAN -META desc-cs Datový sklad -META desc-en Data store -META type app -META license GPL -META depends ckan-datapusher postgres redis solr +IMAGE ckan_2.8.2-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies @@ -40,8 +34,8 @@ RUN EOF pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt # Create OS user - addgroup -S -g 8003 ckan - adduser -S -u 8003 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan + addgroup -S -g 8080 ckan + adduser -S -u 8080 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan chown -R ckan:ckan /srv/ckan # Cleanup @@ -50,8 +44,6 @@ RUN EOF rm -rf /root/.cache EOF -MOUNT DIR /srv/ckan/conf etc/ckan -MOUNT DIR /srv/ckan/data srv/ckan/storage +COPY lxc -USER 8003 8003 -CMD paster serve /etc/ckan/ckan.ini +CMD s6-svscan /etc/services.d diff --git a/lxc-apps/crisiscleanup/lxcfile b/lxc-apps/crisiscleanup/lxcfile index 6a1baa2..4a3beb2 100644 --- a/lxc-apps/crisiscleanup/lxcfile +++ b/lxc-apps/crisiscleanup/lxcfile @@ -1,14 +1,8 @@ -IMAGE crisiscleanup 2.2.0-190620 -META title Crisis Cleanup -META desc-cs Mapování následků katastrof -META desc-en Disaster relief mapping -META type app -META license GPL -META depends postgres +IMAGE crisiscleanup_2.2.0-190620 -LAYER alpine3.8 3.8.4-190620 -LAYER alpine3.8-ruby2.4 2.4.5-190620 -LAYER alpine3.8-nodejs8 8.14.0-190620 +LAYER alpine3.8_3.8.4-190620 +LAYER alpine3.8-ruby2.4_2.4.5-190620 +LAYER alpine3.8-nodejs8_8.14.0-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/cts/lxcfile b/lxc-apps/cts/lxcfile index 570ad56..a9e1d0d 100644 --- a/lxc-apps/cts/lxcfile +++ b/lxc-apps/cts/lxcfile @@ -1,13 +1,7 @@ -IMAGE cts 0.8.0-190620 -META title CTS -META desc-cs Sledovací systém komodit -META desc-en Commodity tracking system -META type app -META license GPL -META depends postgres +IMAGE cts_0.8.0-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/ecogis/lxcfile b/lxc-apps/ecogis/lxcfile index cf006a9..47ab03a 100644 --- a/lxc-apps/ecogis/lxcfile +++ b/lxc-apps/ecogis/lxcfile @@ -1,13 +1,7 @@ -IMAGE ecogis 0.0.1-190620 -META title EcoGIS -META desc-cs EcoGIS -META desc-en EcoGIS -META type app -META license GPL -META depends postgres +IMAGE ecogis_0.0.1-190620 -LAYER alpine3.8 3.8.4-190620 -LAYER alpine3.8-php5.6 5.6.40-190620 +LAYER alpine3.8_3.8.4-190620 +LAYER alpine3.8-php5.6_5.6.40-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/frontlinesms/lxcfile b/lxc-apps/frontlinesms/lxcfile index dd92bef..ecc12cf 100644 --- a/lxc-apps/frontlinesms/lxcfile +++ b/lxc-apps/frontlinesms/lxcfile @@ -1,12 +1,7 @@ -IMAGE frontlinesms 2.6.5-190620 -META title FrontlineSMS -META desc-cs Hromadné odesílání zpráv -META desc-en Bulk SMS messaging -META type app -META license GPL +IMAGE frontlinesms_2.6.5-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile index 376f3f9..a6f1b6c 100644 --- a/lxc-apps/gnuhealth/lxcfile +++ b/lxc-apps/gnuhealth/lxcfile @@ -1,14 +1,8 @@ -IMAGE gnuhealth 3.4.1-190620 -META title GNU Health -META desc-cs Administrace lékařských záznamů -META desc-en Medical records administration -META type app -META license GPL -META depends postgres +IMAGE gnuhealth_3.4.1-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python3.6 3.6.8-190620 -LAYER alpine3.9-nodejs10 10.14.2-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python3.6_3.6.8-190620 +LAYER alpine3.9-nodejs10_10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/kanboard/lxcfile b/lxc-apps/kanboard/lxcfile index f96a380..488163b 100644 --- a/lxc-apps/kanboard/lxcfile +++ b/lxc-apps/kanboard/lxcfile @@ -1,13 +1,7 @@ -IMAGE kanboard 1.2.9-190620 -META title KanBoard -META desc-cs Kanban řízení projektů -META desc-en Kanban project management -META type app -META license GPL -META depends postgres +IMAGE kanboard_1.2.9-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-php7.2 7.2.19-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-php7.2_7.2.19-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/mifosx/lxcfile b/lxc-apps/mifosx/lxcfile index 5b3e6ee..ed1e883 100644 --- a/lxc-apps/mifosx/lxcfile +++ b/lxc-apps/mifosx/lxcfile @@ -1,14 +1,8 @@ -IMAGE mifosx 18.03.01-190620 -META title Mifos X -META desc-cs Mikrofinancování rozvojových projektů -META desc-en Development projects microfinancing -META type app -META license GPL -META depends mariadb +IMAGE mifosx_18.03.01-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 -LAYER alpine3.9-tomcat8.5 8.5.41-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 +LAYER alpine3.9-tomcat8.5_8.5.41-190620 RUN EOF # Install full-featured wget to work around sourceforge bugs diff --git a/lxc-apps/motech/lxcfile b/lxc-apps/motech/lxcfile index bef95c7..44b5884 100644 --- a/lxc-apps/motech/lxcfile +++ b/lxc-apps/motech/lxcfile @@ -1,14 +1,8 @@ -IMAGE motech 1.3.0-190620 -META title Motech -META desc-cs Automatizace komunikace -META desc-en Communication automation -META type app -META license GPL -META depends activemq postgres +IMAGE motech_1.3.0-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 -LAYER alpine3.9-tomcat7 7.0.94-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 +LAYER alpine3.9-tomcat7_7.0.94-190620 RUN EOF # Download Motech diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/lxcfile index f56b525..7c7e503 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/lxcfile @@ -1,14 +1,8 @@ -IMAGE odoo 12.0.0-190620 -META title Odoo -META desc-cs Sada aplikací pro správu organizace -META desc-en Company management application suite -META type app -META license GPL -META depends postgres +IMAGE odoo_12.0.0-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python3.6 3.6.8-190620 -LAYER alpine3.9-nodejs10 10.14.2-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python3.6_3.6.8-190620 +LAYER alpine3.9-nodejs10_10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/opendatakit-build/lxcfile b/lxc-apps/opendatakit-build/lxcfile index 8669e57..cea70cf 100644 --- a/lxc-apps/opendatakit-build/lxcfile +++ b/lxc-apps/opendatakit-build/lxcfile @@ -1,14 +1,8 @@ -IMAGE opendatakit-build 0.3.5-190620 -META title OpenDataKit Build -META desc-cs Sběr formulářových dat - návrh formulářů -META desc-en Form data collection - Form designer -META type app -META license GPL -META depends postgres +IMAGE opendatakit-build_0.3.5-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-ruby2.4 2.4.5-190620 -LAYER alpine3.9-nodejs10 10.14.2-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-ruby2.4_2.4.5-190620 +LAYER alpine3.9-nodejs10_10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/opendatakit/lxcfile b/lxc-apps/opendatakit/lxcfile index 43b2a25..8eab6b6 100644 --- a/lxc-apps/opendatakit/lxcfile +++ b/lxc-apps/opendatakit/lxcfile @@ -1,14 +1,8 @@ -IMAGE opendatakit 2.0.3-190620 -META title OpenDataKit -META desc-cs Sběr formulářových dat -META desc-en Form data collection -META type app -META license GPL -META depends postgres +IMAGE opendatakit_2.0.3-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 -LAYER alpine3.9-tomcat8.5 8.5.41-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 +LAYER alpine3.9-tomcat8.5_8.5.41-190620 RUN EOF # Download OpenDataKit diff --git a/lxc-apps/openmapkit/lxcfile b/lxc-apps/openmapkit/lxcfile index 8430097..5c6471e 100644 --- a/lxc-apps/openmapkit/lxcfile +++ b/lxc-apps/openmapkit/lxcfile @@ -1,14 +1,9 @@ -IMAGE openmapkit 0.12.0-190620 -META title OpenMapKit -META desc-cs Sběr mapových dat -META desc-en Map data collection -META type app -META license GPL +IMAGE openmapkit_0.12.0-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 -LAYER alpine3.9-nodejs10 10.14.2-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 +LAYER alpine3.9-nodejs10_10.14.2-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/pandora/lxcfile b/lxc-apps/pandora/lxcfile index ce2b350..a04384a 100644 --- a/lxc-apps/pandora/lxcfile +++ b/lxc-apps/pandora/lxcfile @@ -1,13 +1,7 @@ -IMAGE pandora 0.0.1-190620 -META title Pan.do/ra -META desc-cs Archiv medií -META desc-en Media archive -META type app -META license GPL -META depends postgres rabbitmq +IMAGE pandora_0.0.1-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python3.6 3.6.8-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python3.6_3.6.8-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/sahana-demo/lxcfile b/lxc-apps/sahana-demo/lxcfile index d0852a7..27960ef 100644 --- a/lxc-apps/sahana-demo/lxcfile +++ b/lxc-apps/sahana-demo/lxcfile @@ -1,14 +1,8 @@ -IMAGE sahana-demo 0.0.1-190620 -META title Sahana Eden - Demo -META desc-cs Řízení humanítární činnosti - Demo instance -META desc-en Management of humanitarian activities - Demo instance -META type app -META license GPL -META depends postgres +IMAGE sahana-demo_0.0.1-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 -LAYER sahana-shared 0.0.1-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 +LAYER sahana-shared_0.0.1-190620 MOUNT DIR /srv/sahana-demo/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sahana-demo/data/default srv/web2py/applications/eden/modules/templates/default diff --git a/lxc-apps/sahana-shared/lxcfile b/lxc-apps/sahana-shared/lxcfile index 81d1850..78fed16 100644 --- a/lxc-apps/sahana-shared/lxcfile +++ b/lxc-apps/sahana-shared/lxcfile @@ -1,12 +1,7 @@ -IMAGE sahana-shared 0.0.1-190620 -META title Sahana Eden - Shared layer -META desc-cs Řízení humanítární činnosti - sdílená vrstva -META desc-en Management of humanitarian activities - shared layer -META type layer -META license GPL +IMAGE sahana-shared_0.0.1-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/sahana/lxcfile b/lxc-apps/sahana/lxcfile index 2a3d1f2..30154a2 100644 --- a/lxc-apps/sahana/lxcfile +++ b/lxc-apps/sahana/lxcfile @@ -1,14 +1,8 @@ -IMAGE sahana 0.0.1-190620 -META title Sahana Eden -META desc-cs Řízení humanítární činnosti -META desc-en Management of humanitarian activities -META type app -META license GPL -META depends postgres +IMAGE sahana_0.0.1-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 -LAYER sahana-shared 0.0.1-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 +LAYER sahana-shared_0.0.1-190620 MOUNT DIR /srv/sahana/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sahana/data/Spotter srv/web2py/applications/eden/modules/templates/Spotter diff --git a/lxc-apps/sambro/lxcfile b/lxc-apps/sambro/lxcfile index 8e53894..85823fd 100644 --- a/lxc-apps/sambro/lxcfile +++ b/lxc-apps/sambro/lxcfile @@ -1,14 +1,8 @@ -IMAGE sambro 0.0.1-190620 -META title Sahana Eden - SAMBRO -META desc-cs Řízení humanítární činnosti - Centrum hlášení a výstrah -META desc-en Management of humanitarian activities - Reporting and alerting center -META type app -META license GPL -META depends postgres +IMAGE sambro_0.0.1-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-python2.7 2.7.16-190620 -LAYER sahana-shared 0.0.1-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-python2.7_2.7.16-190620 +LAYER sahana-shared_0.0.1-190620 MOUNT DIR /srv/sambro/conf srv/web2py/applications/eden/models MOUNT DIR /srv/sambro/data/SAMBRO srv/web2py/applications/eden/modules/templates/SAMBRO diff --git a/lxc-apps/seeddms/lxcfile b/lxc-apps/seeddms/lxcfile index 4b6eee9..1494427 100644 --- a/lxc-apps/seeddms/lxcfile +++ b/lxc-apps/seeddms/lxcfile @@ -1,14 +1,8 @@ -IMAGE seeddms 5.1.9-190620 -META title SeedDMS -META desc-cs Archiv dokumentace -META desc-en Document management system -META type app -META license GPL -META depends postgres +IMAGE seeddms_5.1.9-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-php7.2 7.2.19-190620 -LAYER alpine3.9-python3.6 3.6.8-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-php7.2_7.2.19-190620 +LAYER alpine3.9-python3.6_3.6.8-190620 FIXLAYER /usr/bin/fix-apk diff --git a/lxc-apps/sigmah/lxcfile b/lxc-apps/sigmah/lxcfile index 14f48c3..f1d99df 100644 --- a/lxc-apps/sigmah/lxcfile +++ b/lxc-apps/sigmah/lxcfile @@ -1,14 +1,8 @@ -IMAGE sigmah 2.0.2-190620 -META title Sigmah -META desc-cs Finanční řízení sbírek -META desc-en Donation management -META type app -META license GPL -META depends postgres +IMAGE sigmah_2.0.2-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 -LAYER alpine3.9-tomcat8.5 8.5.41-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 +LAYER alpine3.9-tomcat8.5_8.5.41-190620 RUN EOF # Download Sigmah diff --git a/lxc-apps/ushahidi/lxcfile b/lxc-apps/ushahidi/lxcfile index d40b896..5572cca 100644 --- a/lxc-apps/ushahidi/lxcfile +++ b/lxc-apps/ushahidi/lxcfile @@ -1,13 +1,7 @@ -IMAGE ushahidi 3.12.3-190620 -META title Sigmah -META desc-cs Skupinová reakce na události -META desc-en Group reaction to events -META type app -META license GPL -META depends mariadb +IMAGE ushahidi_3.12.3-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-php7.2 7.2.19-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-php7.2_7.2.19-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-services/activemq/lxcfile b/lxc-services/activemq/lxcfile index 3e9ce0b..ef515b5 100644 --- a/lxc-services/activemq/lxcfile +++ b/lxc-services/activemq/lxcfile @@ -1,12 +1,7 @@ -IMAGE activemq 5.15.9-190620 -META title ActiveMQ -META desc-cs ActveMQ message broker -META desc-en ActveMQ message broker -META type service -META license GPL +IMAGE activemq_5.15.9-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 RUN EOF # Download and install ActiveMQ diff --git a/lxc-services/mariadb/lxcfile b/lxc-services/mariadb/lxcfile index c91e839..a5338d5 100644 --- a/lxc-services/mariadb/lxcfile +++ b/lxc-services/mariadb/lxcfile @@ -1,11 +1,6 @@ -IMAGE mariadb 10.3.15-190620 -META title MariaDB -META desc-cs Relační databázový systém kompatibilní s MySQL -META desc-en MySQL-compatible relational database management system -META type service -META license GPL +IMAGE mariadb_10.3.15-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) @@ -25,4 +20,5 @@ MOUNT DIR /srv/mariadb/data var/lib/mysql USER 3306 3306 CMD mysqld +READY test -e /run/mysqld/mysqld.sock HALT SIGTERM diff --git a/lxc-services/postgis/lxcfile b/lxc-services/postgis/lxcfile new file mode 100644 index 0000000..abce578 --- /dev/null +++ b/lxc-services/postgis/lxcfile @@ -0,0 +1,13 @@ +IMAGE postgis_11.3.0-190620 + +LAYER alpine3.9_3.9.4-190620 +LAYER postgres_11.3.0-190620 + +RUN EOF + # Install PostGIS + apk --no-cache add postgis@vm +EOF + +USER 5432 5432 +CMD postgres -D /var/lib/postgresql +READY pg_isready diff --git a/lxc-services/postgres/install.sh b/lxc-services/postgres/install.sh deleted file mode 100755 index 8a47d8d..0000000 --- a/lxc-services/postgres/install.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Create Postgres instance -mkdir -p /srv/postgres/data -chown -R 5432:5432 /srv/postgres/data -chmod 700 /srv/postgres/data -lxc-execute -n postgres -- initdb -D /var/lib/postgresql - -# Configure Postgres -cp srv/postgres/data/postgresql.conf /srv/postgres/data/postgresql.conf -cp srv/postgres/data/pg_hba.conf /srv/postgres/data/pg_hba.conf - -# Enable query logging. Only if the DEBUG environment variable is set -if [ ${DEBUG:-0} -eq 1 ]; then - sed -i 's/^#log_destination/log_destination/' /srv/postgres/data/postgresql.conf - sed -i 's/^#log_statement/log_statement/' /srv/postgres/data/postgresql.conf -fi - -# Install service -cp etc/init.d/postgres /etc/init.d/postgres -rc-update -u diff --git a/lxc-services/postgres/install/etc/init.d/postgres b/lxc-services/postgres/install/etc/init.d/postgres deleted file mode 100755 index e031bda..0000000 --- a/lxc-services/postgres/install/etc/init.d/postgres +++ /dev/null @@ -1,15 +0,0 @@ -#!/sbin/openrc-run - -description="Postgres container" - -start() { - lxc-start postgres -} - -start_post() { - timeout -t 60 sh -c 'until lxc-attach postgres -- pg_isready >/dev/null 2>&1; do usleep 50000; done' -} - -stop() { - lxc-stop postgres -} diff --git a/lxc-services/postgres/lxcfile b/lxc-services/postgres/lxcfile index 4888fc0..c8fad4f 100644 --- a/lxc-services/postgres/lxcfile +++ b/lxc-services/postgres/lxcfile @@ -1,26 +1,20 @@ -IMAGE postgres 11.3.0-190620 -META title PostgreSQL -META desc-cs Relační databázový systém s podporou pro geografické objekty -META desc-en Relational database management system with support for geographic objects -META type service -META license GPL +IMAGE postgres_11.3.0-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF # Modify OS user (which will be picked up later by apk add) sed -i 's/postgres:x:70:70/postgres:x:5432:5432/' /etc/passwd sed -i 's/postgres:x:70/postgres:x:5432/' /etc/group - # Install PostgreSQL + PostGIS - apk --no-cache add postgresql postgresql-contrib postgis@vm + # Install PostgreSQL + apk --no-cache add postgresql postgresql-contrib # Create socket directory mkdir /run/postgresql chown postgres:postgres /run/postgresql EOF -MOUNT DIR /srv/postgres/data var/lib/postgresql - USER 5432 5432 -CMD postgres -D /var/lib/postgresql +CMD postgres -D /etc/postgresql +READY pg_isready diff --git a/lxc-services/postgres/uninstall.sh b/lxc-services/postgres/uninstall.sh deleted file mode 100755 index 7bed8f9..0000000 --- a/lxc-services/postgres/uninstall.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/postgres -rc-update -u diff --git a/lxc-services/rabbitmq/lxcfile b/lxc-services/rabbitmq/lxcfile index 6213e4a..e508608 100644 --- a/lxc-services/rabbitmq/lxcfile +++ b/lxc-services/rabbitmq/lxcfile @@ -1,11 +1,6 @@ -IMAGE rabbitmq 3.7.11-190620 -META title RabbitMQ -META desc-cs Multiprotokolový message broker -META desc-en Multi-protocol message broker -META type service -META license GPL +IMAGE rabbitmq_3.7.11-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) @@ -21,3 +16,4 @@ MOUNT DIR /srv/rabbitmq/data var/lib/rabbitmq/mnesia USER 5672 5672 ENV HOME /usr/lib/rabbitmq CMD rabbitmq-server +READY grep -q "Server startup complete" /var/log/rabbitmq/rabbit@*.log diff --git a/lxc-services/redis/install.sh b/lxc-services/redis/install.sh deleted file mode 100755 index ec465e2..0000000 --- a/lxc-services/redis/install.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Configure Redis -mkdir -p /srv/redis/conf /srv/redis/data -cp srv/redis/conf/redis.conf /srv/redis/conf/redis.conf -chown -R 6379:6379 /srv/redis/data - -# Install service -cp etc/init.d/redis /etc/init.d/redis -rc-update -u diff --git a/lxc-services/redis/install/etc/init.d/redis b/lxc-services/redis/install/etc/init.d/redis deleted file mode 100755 index 489b7cd..0000000 --- a/lxc-services/redis/install/etc/init.d/redis +++ /dev/null @@ -1,11 +0,0 @@ -#!/sbin/openrc-run - -description="Redis container" - -start() { - lxc-start redis -} - -stop() { - lxc-stop redis -} diff --git a/lxc-services/redis/lxcfile b/lxc-services/redis/lxcfile index 6802e7d..15cb56c 100644 --- a/lxc-services/redis/lxcfile +++ b/lxc-services/redis/lxcfile @@ -1,11 +1,6 @@ -IMAGE redis 4.0.12-190620 -META title Redis -META desc-cs Pokročilá key-value databáze -META desc-en Advanced key-value store -META type service -META license GPL +IMAGE redis_4.0.12-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) @@ -16,8 +11,5 @@ RUN EOF apk --no-cache add redis EOF -MOUNT FILE /srv/redis/conf/redis.conf etc/redis.conf -MOUNT DIR /srv/redis/data var/lib/redis - USER 6379 6379 CMD redis-server /etc/redis.conf diff --git a/lxc-services/redis/uninstall.sh b/lxc-services/redis/uninstall.sh deleted file mode 100755 index ee85d68..0000000 --- a/lxc-services/redis/uninstall.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/redis -rc-update -u diff --git a/lxc-services/solr/install.sh b/lxc-services/solr/install.sh deleted file mode 100755 index c19578a..0000000 --- a/lxc-services/solr/install.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Configure Solr -mkdir -p /srv/solr/data -cp /var/lib/lxc/solr/solr/opt/solr/server/solr/solr.xml /srv/solr/data/solr.xml -chown -R 8983:8983 /srv/solr/data - -# Install service -cp etc/init.d/solr /etc/init.d/solr -rc-update -u diff --git a/lxc-services/solr/install/etc/init.d/solr b/lxc-services/solr/install/etc/init.d/solr deleted file mode 100755 index 5d62670..0000000 --- a/lxc-services/solr/install/etc/init.d/solr +++ /dev/null @@ -1,11 +0,0 @@ -#!/sbin/openrc-run - -description="Solr container" - -start() { - lxc-start solr -} - -stop() { - lxc-stop solr -} diff --git a/lxc-services/solr/uninstall.sh b/lxc-services/solr/uninstall.sh deleted file mode 100755 index 8582c8f..0000000 --- a/lxc-services/solr/uninstall.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/solr -rc-update -u diff --git a/lxc-services/solr/lxc/usr/bin/solr.in.sh b/lxc-services/solr6/lxc/usr/bin/solr.in.sh similarity index 53% rename from lxc-services/solr/lxc/usr/bin/solr.in.sh rename to lxc-services/solr6/lxc/usr/bin/solr.in.sh index 759249c..ec72768 100644 --- a/lxc-services/solr/lxc/usr/bin/solr.in.sh +++ b/lxc-services/solr6/lxc/usr/bin/solr.in.sh @@ -1,3 +1,3 @@ -SOLR_JAVA_MEM="-Xms32m -Xmx256m" +SOLR_JAVA_MEM="-Xms32m -Xmx1024m" SOLR_HOME=/var/lib/solr SOLR_PORT=8983 diff --git a/lxc-services/solr/lxcfile b/lxc-services/solr6/lxcfile similarity index 66% rename from lxc-services/solr/lxcfile rename to lxc-services/solr6/lxcfile index 1445a39..271d8a4 100644 --- a/lxc-services/solr/lxcfile +++ b/lxc-services/solr6/lxcfile @@ -1,12 +1,7 @@ -IMAGE solr 6.5.1-190620 -META title Solr -META desc-cs Platforma pro fulltextové a fasetové vyhledávání -META desc-en Fulltext and faceted search platform -META type service -META license GPL +IMAGE solr6_6.5.1-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 RUN EOF # Install runtime dependencies @@ -27,7 +22,5 @@ EOF COPY lxc -MOUNT DIR /srv/solr/data var/lib/solr - USER 8983 8983 CMD solr start -f diff --git a/lxc-shared/alpine3.8-nodejs8/lxcfile b/lxc-shared/alpine3.8-nodejs8/lxcfile index ff83b39..c169d26 100644 --- a/lxc-shared/alpine3.8-nodejs8/lxcfile +++ b/lxc-shared/alpine3.8-nodejs8/lxcfile @@ -1,11 +1,6 @@ -IMAGE alpine3.8-nodejs8 8.14.0-190620 -META title Alpine 3.8 Node.js 8 -META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 8 -META desc-en Basic LXC layer with Node.js 8 runtime environment -META type layer -META license GPL +IMAGE alpine3.8-nodejs8_8.14.0-190620 -LAYER alpine3.8 3.8.4-190620 +LAYER alpine3.8_3.8.4-190620 RUN EOF apk --no-cache add nodejs diff --git a/lxc-shared/alpine3.8-php5.6/lxcfile b/lxc-shared/alpine3.8-php5.6/lxcfile index a7b455e..6b71f73 100644 --- a/lxc-shared/alpine3.8-php5.6/lxcfile +++ b/lxc-shared/alpine3.8-php5.6/lxcfile @@ -1,13 +1,10 @@ -IMAGE alpine3.8-php5.6 5.6.40-190620 -META title Alpine 3.8 PHP 5.6 -META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 5.6 -META desc-en Basic LXC layer with PHP 5.6 runtime environment -META type layer -META license GPL +IMAGE alpine3.8-php5.6_5.6.40-190620 -LAYER alpine3.8 3.8.4-190620 +LAYER alpine3.8_3.8.4-190620 RUN EOF apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache ln -s /usr/bin/php5 /usr/bin/php EOF + +CMD php -a diff --git a/lxc-shared/alpine3.8-ruby2.4/lxcfile b/lxc-shared/alpine3.8-ruby2.4/lxcfile index 7c9b5a1..893bb75 100644 --- a/lxc-shared/alpine3.8-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.8-ruby2.4/lxcfile @@ -1,11 +1,6 @@ -IMAGE alpine3.8-ruby2.4 2.4.5-190620 -META title Alpine 3.8 Ruby 2.4 -META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4 -META desc-en Basic LXC layer with Ruby 2.4 runtime environment -META type layer -META license GPL +IMAGE alpine3.8-ruby2.4_2.4.5-190620 -LAYER alpine3.8 3.8.4-190620 +LAYER alpine3.8_3.8.4-190620 RUN EOF # Install Ruby runtime dependencies diff --git a/lxc-shared/alpine3.8/lxcfile b/lxc-shared/alpine3.8/lxcfile index 369510a..53da343 100644 --- a/lxc-shared/alpine3.8/lxcfile +++ b/lxc-shared/alpine3.8/lxcfile @@ -1,9 +1,4 @@ -IMAGE alpine3.8 3.8.4-190620 -META title Alpine 3.8 -META desc-cs Základní LXC vrstva s Alpine linuxem 3.8 -META desc-en Basic LXC layer with Alpine linux 3.8 -META type layer -META license GPL +IMAGE alpine3.8_3.8.4-190620 COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.8/x86_64/versions/library-3.8/x86_64/rootfs.tar.xz @@ -13,4 +8,7 @@ RUN EOF # Install s6 supervisor apk --no-cache add libxml2 libxslt s6 + + # Cleanup + rm -rf /etc/crontabs/root /etc/periodic EOF diff --git a/lxc-shared/alpine3.9-java8/lxcfile b/lxc-shared/alpine3.9-java8/lxcfile index 6c4f689..8aa0376 100644 --- a/lxc-shared/alpine3.9-java8/lxcfile +++ b/lxc-shared/alpine3.9-java8/lxcfile @@ -1,11 +1,6 @@ -IMAGE alpine3.9-java8 8.212.04-190620 -META title Alpine 3.9 OpenJDK 8 -META desc-cs Základní LXC vrstva s běhovým prostředím pro Javu 8 -META desc-en Basic LXC layer with Java 8 runtime environment -META type layer -META license GPL +IMAGE alpine3.9-java8_8.212.04-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF # nss needed due to https://github.com/docker-library/openjdk/issues/289 , https://bugs.alpinelinux.org/issues/10126 diff --git a/lxc-shared/alpine3.9-nodejs10/lxcfile b/lxc-shared/alpine3.9-nodejs10/lxcfile index a13beb7..6d7b5db 100644 --- a/lxc-shared/alpine3.9-nodejs10/lxcfile +++ b/lxc-shared/alpine3.9-nodejs10/lxcfile @@ -1,11 +1,6 @@ -IMAGE alpine3.9-nodejs10 10.14.2-190620 -META title Alpine 3.9 Node.js 10 -META desc-cs Základní LXC vrstva s běhovým prostředím pro Node.js 10 -META desc-en Basic LXC layer with Node.js 10 runtime environment -META type layer -META license GPL +IMAGE alpine3.9-nodejs10_10.14.2-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF apk --no-cache add nodejs diff --git a/lxc-shared/alpine3.9-php7.2/lxcfile b/lxc-shared/alpine3.9-php7.2/lxcfile index 7e6e145..0e935b4 100644 --- a/lxc-shared/alpine3.9-php7.2/lxcfile +++ b/lxc-shared/alpine3.9-php7.2/lxcfile @@ -1,12 +1,9 @@ -IMAGE alpine3.9-php7.2 7.2.19-190620 -META title Alpine 3.9 PHP 7.2 -META desc-cs Základní LXC vrstva s běhovým prostředím pro PHP 7.2 -META desc-en Basic LXC layer with PHP 7.2 runtime environment -META type layer -META license GPL +IMAGE alpine3.9-php7.2_7.2.19-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF apk --no-cache add nginx php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session EOF + +CMD php -a diff --git a/lxc-shared/alpine3.9-python2.7/lxcfile b/lxc-shared/alpine3.9-python2.7/lxcfile index 97584cc..e37b81e 100644 --- a/lxc-shared/alpine3.9-python2.7/lxcfile +++ b/lxc-shared/alpine3.9-python2.7/lxcfile @@ -1,12 +1,9 @@ -IMAGE alpine3.9-python2.7 2.7.16-190620 -META title Alpine 3.9 python 2.7 -META desc-cs Základní LXC vrstva s běhovým prostředím pro python 2.7 -META desc-en Basic LXC layer with python 2.7 runtime environment -META type layer -META license GPL +IMAGE alpine3.9-python2.7_2.7.16-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF apk --no-cache add python2 EOF + +CMD python diff --git a/lxc-shared/alpine3.9-python3.6/lxcfile b/lxc-shared/alpine3.9-python3.6/lxcfile index fced4c2..a8b3f3d 100644 --- a/lxc-shared/alpine3.9-python3.6/lxcfile +++ b/lxc-shared/alpine3.9-python3.6/lxcfile @@ -1,13 +1,10 @@ -IMAGE alpine3.9-python3.6 3.6.8-190620 -META title Alpine 3.9 python 3.6 -META desc-cs Základní LXC vrstva s běhovým prostředím pro python 3.6 -META desc-en Basic LXC layer with python 3.6 runtime environment -META type layer -META license GPL +IMAGE alpine3.9-python3.6_3.6.8-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF apk --no-cache add python3 ln -s /usr/bin/python3 /usr/bin/python EOF + +CMD python diff --git a/lxc-shared/alpine3.9-ruby2.4/lxcfile b/lxc-shared/alpine3.9-ruby2.4/lxcfile index 15f0702..a908b1f 100644 --- a/lxc-shared/alpine3.9-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.4/lxcfile @@ -1,11 +1,6 @@ -IMAGE alpine3.9-ruby2.4 2.4.5-190620 -META title Alpine 3.9 Ruby 2.4 -META desc-cs Základní LXC vrstva s běhovým prostředím pro Ruby 2.4 -META desc-en Basic LXC layer with Ruby 2.4 runtime environment -META type layer -META license GPL +IMAGE alpine3.9-ruby2.4_2.4.5-190620 -LAYER alpine3.9 3.9.4-190620 +LAYER alpine3.9_3.9.4-190620 RUN EOF # Install Ruby runtime dependencies diff --git a/lxc-shared/alpine3.9-tomcat7/lxcfile b/lxc-shared/alpine3.9-tomcat7/lxcfile index b2192e9..da4cb3b 100644 --- a/lxc-shared/alpine3.9-tomcat7/lxcfile +++ b/lxc-shared/alpine3.9-tomcat7/lxcfile @@ -1,12 +1,7 @@ -IMAGE alpine3.9-tomcat7 7.0.94-190620 -META title Alpine 3.9 Tomcat 7 -META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 7 -META desc-en Basic LXC layer with Tomcat 7 JSP and servlet container -META type layer -META license GPL +IMAGE alpine3.9-tomcat7_7.0.94-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 RUN EOF # Install Tomcat 7 @@ -24,3 +19,5 @@ RUN EOF EOF COPY lxc + +RUN catalina.sh run diff --git a/lxc-shared/alpine3.9-tomcat8.5/lxcfile b/lxc-shared/alpine3.9-tomcat8.5/lxcfile index 0414ff4..9010118 100644 --- a/lxc-shared/alpine3.9-tomcat8.5/lxcfile +++ b/lxc-shared/alpine3.9-tomcat8.5/lxcfile @@ -1,12 +1,7 @@ -IMAGE alpine3.9-tomcat8.5 8.5.41-190620 -META title Alpine 3.9 Tomcat 8.5 -META desc-cs Základní LXC vrstva s JSP a servlet kontejnerem Tomcat 8.5 -META desc-en Basic LXC layer with Tomcat 8.5 JSP and servlet container -META type layer -META license GPL +IMAGE alpine3.9-tomcat8.5_8.5.41-190620 -LAYER alpine3.9 3.9.4-190620 -LAYER alpine3.9-java8 8.212.04-190620 +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-java8_8.212.04-190620 RUN EOF # Install Tomcat 8.5 @@ -29,3 +24,5 @@ RUN EOF EOF COPY lxc + +RUN catalina.sh run diff --git a/lxc-shared/alpine3.9/lxcfile b/lxc-shared/alpine3.9/lxcfile index 265717c..68cd1ae 100644 --- a/lxc-shared/alpine3.9/lxcfile +++ b/lxc-shared/alpine3.9/lxcfile @@ -1,9 +1,4 @@ -IMAGE alpine3.9 3.9.4-190620 -META title Alpine 3.9 -META desc-cs Základní LXC vrstva s Alpine linuxem 3.9 -META desc-en Basic LXC layer with Alpine linux 3.9 -META type layer -META license GPL +IMAGE alpine3.9_3.9.4-190620 COPY https://github.com/gliderlabs/docker-alpine/raw/rootfs/library-3.9/x86_64/versions/library-3.9/x86_64/rootfs.tar.xz COPY lxc @@ -14,4 +9,7 @@ RUN EOF # Install s6 supervisor apk --no-cache add libxml2 libxslt s6 + + # Cleanup + rm -rf /etc/crontabs/root /etc/periodic EOF From 846a85e9394aa942d33cedd61a60e3a2c6972270 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 20 Sep 2019 10:12:18 +0200 Subject: [PATCH 004/228] Move CKAN app meta+files back to lxc-apps --- apps/ckan/meta | 52 ------------------- {apps => lxc-apps}/ckan/install.sh | 0 {apps => lxc-apps}/ckan/install/adminpwd.sql | 0 .../ckan/install/ckan_conf/ckan.ini | 0 .../ckan/install/ckan_conf/who.ini | 0 {apps => lxc-apps}/ckan/install/createdb.sql | 0 .../install/datapusher_conf/datapusher.wsgi | 0 .../datapusher_conf/datapusher_settings.py | 0 .../ckan/install/postgres_data/pg_hba.conf | 0 .../install/postgres_data/postgresql.conf | 0 .../ckan/install/redis_conf/redis.conf | 0 .../install/solr_data/ckan/conf/schema.xml | 0 .../solr_data/ckan/conf/solrconfig.xml | 0 .../ckan/install/solr_data/solr.xml | 0 .../ckan/install/update-conf.sh | 0 lxc-apps/ckan/meta | 52 +++++++++++++++++++ {apps => lxc-apps}/ckan/uninstall.sh | 0 17 files changed, 52 insertions(+), 52 deletions(-) delete mode 100644 apps/ckan/meta rename {apps => lxc-apps}/ckan/install.sh (100%) rename {apps => lxc-apps}/ckan/install/adminpwd.sql (100%) rename {apps => lxc-apps}/ckan/install/ckan_conf/ckan.ini (100%) rename {apps => lxc-apps}/ckan/install/ckan_conf/who.ini (100%) rename {apps => lxc-apps}/ckan/install/createdb.sql (100%) rename {apps => lxc-apps}/ckan/install/datapusher_conf/datapusher.wsgi (100%) rename {apps => lxc-apps}/ckan/install/datapusher_conf/datapusher_settings.py (100%) rename {apps => lxc-apps}/ckan/install/postgres_data/pg_hba.conf (100%) rename {apps => lxc-apps}/ckan/install/postgres_data/postgresql.conf (100%) rename {apps => lxc-apps}/ckan/install/redis_conf/redis.conf (100%) rename {apps => lxc-apps}/ckan/install/solr_data/ckan/conf/schema.xml (100%) rename {apps => lxc-apps}/ckan/install/solr_data/ckan/conf/solrconfig.xml (100%) rename {apps => lxc-apps}/ckan/install/solr_data/solr.xml (100%) rename {apps => lxc-apps}/ckan/install/update-conf.sh (100%) create mode 100644 lxc-apps/ckan/meta rename {apps => lxc-apps}/ckan/uninstall.sh (100%) diff --git a/apps/ckan/meta b/apps/ckan/meta deleted file mode 100644 index 183d77c..0000000 --- a/apps/ckan/meta +++ /dev/null @@ -1,52 +0,0 @@ -{ - 'version': '1234', - 'meta': { - 'title': 'CKAN', - 'desc-cs': 'Datový sklad', - 'desc-en': 'Data store', - 'license': 'GPL' - }, - 'containers': { - 'ckan': { - 'image': 'ckan_123', - 'depends': [ - 'ckan_datapusher', - 'ckan_redis', - 'ckan_solr', - 'ckan_postgres' - ], - 'mounts': { - '/srv/ckan/ckan_conf': '/etc/ckan', - '/srv/ckan/ckan_data': '/srv/ckan/storage' - } - }, - 'ckan_datapusher': { - 'image': 'ckan-datapusher_123', - 'mounts': { - '/etc/ssl/services.pem': '/etc/ssl/services.pem', - '/srv/ckan/datapusher_conf': '/etc/ckan-datapusher', - '/srv/ckan/datapusher_data': '/srv/ckan-datapusher/data' - } - }, - 'ckan_redis': { - 'image': 'redis_123', - 'mounts': { - '/srv/ckan/redis_conf/redis.conf': '/etc/redis.conf' - '/srv/ckan/redis_data': '/var/lib/redis' - } - }, - 'ckan_solr': { - 'image': 'solr_123', - 'mounts': { - '/srv/ckan/solr_data': '/var/lib/solr' - } - }, - 'ckan_postgres': { - 'image': 'postgis_123', - 'mounts': { - '/srv/ckan/postgres_data': '/var/lib/postgresql' - } - } - }, - 'proxy': 'ckan' -} diff --git a/apps/ckan/install.sh b/lxc-apps/ckan/install.sh similarity index 100% rename from apps/ckan/install.sh rename to lxc-apps/ckan/install.sh diff --git a/apps/ckan/install/adminpwd.sql b/lxc-apps/ckan/install/adminpwd.sql similarity index 100% rename from apps/ckan/install/adminpwd.sql rename to lxc-apps/ckan/install/adminpwd.sql diff --git a/apps/ckan/install/ckan_conf/ckan.ini b/lxc-apps/ckan/install/ckan_conf/ckan.ini similarity index 100% rename from apps/ckan/install/ckan_conf/ckan.ini rename to lxc-apps/ckan/install/ckan_conf/ckan.ini diff --git a/apps/ckan/install/ckan_conf/who.ini b/lxc-apps/ckan/install/ckan_conf/who.ini similarity index 100% rename from apps/ckan/install/ckan_conf/who.ini rename to lxc-apps/ckan/install/ckan_conf/who.ini diff --git a/apps/ckan/install/createdb.sql b/lxc-apps/ckan/install/createdb.sql similarity index 100% rename from apps/ckan/install/createdb.sql rename to lxc-apps/ckan/install/createdb.sql diff --git a/apps/ckan/install/datapusher_conf/datapusher.wsgi b/lxc-apps/ckan/install/datapusher_conf/datapusher.wsgi similarity index 100% rename from apps/ckan/install/datapusher_conf/datapusher.wsgi rename to lxc-apps/ckan/install/datapusher_conf/datapusher.wsgi diff --git a/apps/ckan/install/datapusher_conf/datapusher_settings.py b/lxc-apps/ckan/install/datapusher_conf/datapusher_settings.py similarity index 100% rename from apps/ckan/install/datapusher_conf/datapusher_settings.py rename to lxc-apps/ckan/install/datapusher_conf/datapusher_settings.py diff --git a/apps/ckan/install/postgres_data/pg_hba.conf b/lxc-apps/ckan/install/postgres_data/pg_hba.conf similarity index 100% rename from apps/ckan/install/postgres_data/pg_hba.conf rename to lxc-apps/ckan/install/postgres_data/pg_hba.conf diff --git a/apps/ckan/install/postgres_data/postgresql.conf b/lxc-apps/ckan/install/postgres_data/postgresql.conf similarity index 100% rename from apps/ckan/install/postgres_data/postgresql.conf rename to lxc-apps/ckan/install/postgres_data/postgresql.conf diff --git a/apps/ckan/install/redis_conf/redis.conf b/lxc-apps/ckan/install/redis_conf/redis.conf similarity index 100% rename from apps/ckan/install/redis_conf/redis.conf rename to lxc-apps/ckan/install/redis_conf/redis.conf diff --git a/apps/ckan/install/solr_data/ckan/conf/schema.xml b/lxc-apps/ckan/install/solr_data/ckan/conf/schema.xml similarity index 100% rename from apps/ckan/install/solr_data/ckan/conf/schema.xml rename to lxc-apps/ckan/install/solr_data/ckan/conf/schema.xml diff --git a/apps/ckan/install/solr_data/ckan/conf/solrconfig.xml b/lxc-apps/ckan/install/solr_data/ckan/conf/solrconfig.xml similarity index 100% rename from apps/ckan/install/solr_data/ckan/conf/solrconfig.xml rename to lxc-apps/ckan/install/solr_data/ckan/conf/solrconfig.xml diff --git a/apps/ckan/install/solr_data/solr.xml b/lxc-apps/ckan/install/solr_data/solr.xml similarity index 100% rename from apps/ckan/install/solr_data/solr.xml rename to lxc-apps/ckan/install/solr_data/solr.xml diff --git a/apps/ckan/install/update-conf.sh b/lxc-apps/ckan/install/update-conf.sh similarity index 100% rename from apps/ckan/install/update-conf.sh rename to lxc-apps/ckan/install/update-conf.sh diff --git a/lxc-apps/ckan/meta b/lxc-apps/ckan/meta new file mode 100644 index 0000000..3ebf075 --- /dev/null +++ b/lxc-apps/ckan/meta @@ -0,0 +1,52 @@ +{ + "version": "2.8.2-190620", + "meta": { + "title": "CKAN", + "desc-cs": "Datový sklad", + "desc-en": "Data store", + "license": "GPL", + "proxy": "ckan" + }, + "containers": { + "ckan": { + "image": "ckan_2.8.2-190620", + "depends": [ + "ckan_datapusher", + "ckan_redis", + "ckan_solr", + "ckan_postgres" + ], + "mounts": [ + ["DIR", "/srv/ckan/ckan_conf", "/etc/ckan"], + ["DIR", "/srv/ckan/ckan_data", "/srv/ckan/storage"] + ] + }, + "ckan_datapusher": { + "image": "ckan-datapusher_0.0.13-190620", + "mounts": [ + ["FILE", "/etc/ssl/services.pem", "/etc/ssl/services.pem"], + ["DIR", "/srv/ckan/datapusher_conf", "/etc/ckan-datapusher"], + ["DIR", "/srv/ckan/datapusher_data", "/srv/ckan-datapusher/data"] + ] + }, + "ckan_redis": { + "image": "redis_4.0.12-190620", + "mounts": [ + ["FILE", "/srv/ckan/redis_conf/redis.conf", "/etc/redis.conf"], + ["DIR", "/srv/ckan/redis_data", "/var/lib/redis"] + ] + }, + "ckan_solr": { + "image": "solr6_6.5.1-190620", + "mounts": [ + ["DIR", "/srv/ckan/solr_data", "/var/lib/solr"] + ] + }, + "ckan_postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/ckan/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/apps/ckan/uninstall.sh b/lxc-apps/ckan/uninstall.sh similarity index 100% rename from apps/ckan/uninstall.sh rename to lxc-apps/ckan/uninstall.sh From 2ea88cabce08eb3e7d4e1f7f855a6d63cb1d61d0 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 20 Sep 2019 10:12:53 +0200 Subject: [PATCH 005/228] Install ncurses-libs by default in basic Alpine images --- lxc-shared/alpine3.8/lxcfile | 2 +- lxc-shared/alpine3.9/lxcfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lxc-shared/alpine3.8/lxcfile b/lxc-shared/alpine3.8/lxcfile index 53da343..0696876 100644 --- a/lxc-shared/alpine3.8/lxcfile +++ b/lxc-shared/alpine3.8/lxcfile @@ -7,7 +7,7 @@ RUN EOF apk --no-cache upgrade # Install s6 supervisor - apk --no-cache add libxml2 libxslt s6 + apk --no-cache add libxml2 libxslt ncurses-libs s6 # Cleanup rm -rf /etc/crontabs/root /etc/periodic diff --git a/lxc-shared/alpine3.9/lxcfile b/lxc-shared/alpine3.9/lxcfile index 68cd1ae..d86f9e6 100644 --- a/lxc-shared/alpine3.9/lxcfile +++ b/lxc-shared/alpine3.9/lxcfile @@ -8,7 +8,7 @@ RUN EOF apk --no-cache upgrade # Install s6 supervisor - apk --no-cache add libxml2 libxslt s6 + apk --no-cache add libxml2 libxslt ncurses-libs s6 # Cleanup rm -rf /etc/crontabs/root /etc/periodic From 7116566519f5d05fb495dc80e302bfb2adda8a69 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 20 Sep 2019 10:13:41 +0200 Subject: [PATCH 006/228] Allow lxcbuilder to pack meta files --- apk/vmmgr | 2 +- build/build-all.sh | 3 +- build/install-toolchain.sh | 4 +- build/usr/bin/lxc-build | 12 -- build/usr/bin/lxcbuild | 43 +++++++ build/usr/lib/python3.6/lxcbuild/app.py | 16 +++ .../lxcbuild/{lxcbuilder.py => builder.py} | 60 ++++++---- build/usr/lib/python3.6/lxcbuild/crypto.py | 28 +++++ build/usr/lib/python3.6/lxcbuild/image.py | 38 ++++++ build/usr/lib/python3.6/lxcbuild/lxcimage.py | 24 ---- build/usr/lib/python3.6/lxcbuild/lxcpacker.py | 83 ------------- build/usr/lib/python3.6/lxcbuild/packer.py | 109 ++++++++++++++++++ build/usr/lib/python3.6/lxcbuild/paths.py | 8 ++ 13 files changed, 283 insertions(+), 147 deletions(-) delete mode 100755 build/usr/bin/lxc-build create mode 100644 build/usr/bin/lxcbuild create mode 100644 build/usr/lib/python3.6/lxcbuild/app.py rename build/usr/lib/python3.6/lxcbuild/{lxcbuilder.py => builder.py} (78%) create mode 100644 build/usr/lib/python3.6/lxcbuild/crypto.py create mode 100644 build/usr/lib/python3.6/lxcbuild/image.py delete mode 100644 build/usr/lib/python3.6/lxcbuild/lxcimage.py delete mode 100644 build/usr/lib/python3.6/lxcbuild/lxcpacker.py create mode 100644 build/usr/lib/python3.6/lxcbuild/packer.py create mode 100644 build/usr/lib/python3.6/lxcbuild/paths.py diff --git a/apk/vmmgr b/apk/vmmgr index 972ca0b..c3b7118 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 972ca0b6967edd56af96a7de159950ac9fcbc4a6 +Subproject commit c3b711850e02a6e228c4eb64ed82a4d1bc889ae9 diff --git a/build/build-all.sh b/build/build-all.sh index 9662bb6..986de40 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -66,14 +66,15 @@ cd ${ROOT}/lxc-services lxc-build activemq lxc-build mariadb lxc-build postgres +lxc-build postgis lxc-build rabbitmq lxc-build redis lxc-build solr # Build applications cd ${ROOT}/lxc-apps -lxc-build ckan-datapusher lxc-build ckan +lxc-build ckan-datapusher lxc-build crisiscleanup lxc-build cts lxc-build ecogis diff --git a/build/install-toolchain.sh b/build/install-toolchain.sh index 35b1a22..1530203 100755 --- a/build/install-toolchain.sh +++ b/build/install-toolchain.sh @@ -24,7 +24,7 @@ cp etc/abuild.conf /etc/abuild.conf # Prepare LXC build toolchain cp usr/bin/fix-apk /usr/bin/fix-apk cp usr/bin/lxc-build /usr/bin/lxc-build -cp usr/bin/lxc-pack /usr/bin/lxc-pack +mkdir -p /srv/build/lxc/apps /srv/build/lxc/images # Prepare local APK repository cp etc/nginx/conf.d/apkrepo.conf /etc/nginx/conf.d/apkrepo.conf @@ -36,4 +36,4 @@ service nginx reload # Supply LXC build key # openssl ecparam -genkey -name secp384r1 -out /srv/build/packages.key -# openssl ec -in /srv/build/packages.key -pubout -out /srv/build/packages.pub +# openssl ec -in /srv/build/packages.key -pubout -out /srv/build/lxc/packages.pub diff --git a/build/usr/bin/lxc-build b/build/usr/bin/lxc-build deleted file mode 100755 index 263f6f0..0000000 --- a/build/usr/bin/lxc-build +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- - -import sys -from lxcbuild.lxcimage import LXCImage - -if __name__ == '__main__': - if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'): - print('Usage: lxc-build \n where the buildpath can be either specific lxcfile or a directory containing one') - else: - image = LXCImage(sys.argv[1]) - image.build_and_pack() diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild new file mode 100644 index 0000000..6da06f8 --- /dev/null +++ b/build/usr/bin/lxcbuild @@ -0,0 +1,43 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- + +import argparse +import sys +from lxcbuild.app import App +from lxcbuild.image import Image + +parser = argparse.ArgumentParser(description='VM application builder and packager') +parser.add_argument('-f', '--force', action='store_true', help='Force rebuild already built package') +parser.add_argument('buildpath', help='Either specific "lxcfile" or "meta" file or a directory containing one') + +if len(sys.argv) < 2: + parser.print_usage() + sys.exit(1) +args = parser.parse_args() + +buildpath = os.path.realpath(args.buildpath) +if os.path.isfile(buildpath): + basename = os.path.basename(buildpath) + if basename == 'lxcfile' or basename.endswith('.lxcfile'): + image = Image(buildpath) + image.build_and_pack(args.force) + elif basename == 'meta' or basename.endswith('.meta'): + app = App(buildpath) + app.build_and_pack() + else: + print('Unknown file {} given, expected "lxcfile" or "meta"'.format(buildpath)) + sys.exit(1) +else: + valid_dir = False + lxcfile = os.path.join(buildpath, 'lxcfile') + meta = os.path.join(buildpath, 'meta') + if os.path.exists(lxcfile): + valid_dir = True + image = Image(lxcfile) + image.build_and_pack(args.force) + if os.path.exists(meta): + valid_dir = True + app = App(buildpath) + app.pack() + if not valid_dir: + print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) diff --git a/build/usr/lib/python3.6/lxcbuild/app.py b/build/usr/lib/python3.6/lxcbuild/app.py new file mode 100644 index 0000000..d7ae2b4 --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/app.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import os + +from .packer import Packer + +class App: + def __init__(self, metafile): + self.build_dir = os.path.dirname(metafile) + self.name = os.path.basename(self.build_dir) + with open(metafile, 'r') as f: + self.conf = json.load(f) + + def pack(self): + packer = Packer() + packer.pack_app(self) diff --git a/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py b/build/usr/lib/python3.6/lxcbuild/builder.py similarity index 78% rename from build/usr/lib/python3.6/lxcbuild/lxcbuilder.py rename to build/usr/lib/python3.6/lxcbuild/builder.py index 8605ee0..652d38b 100644 --- a/build/usr/lib/python3.6/lxcbuild/lxcbuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/builder.py @@ -4,25 +4,26 @@ import os import shutil import subprocess import sys -from vmmgr import lxcmgr -LXC_ROOT = '/var/lib/lxc' +from lxcmgr import lxcmgr +from lxcmgr.paths import PKG_STORAGE_DIR -class LXCBuilder: - def __init__(self, image): - self.image = image +class ImageExistsError(Exception): + pass + +class ImageNotFoundError(Exception): + pass + +class Builder: + def __init__(self): + self.image = None self.script = [] self.script_eof = None + self.force = False - def build(self): - try: - self.image.conf['build'] = True - self.process_file() - except FileExistsError as e: - print(e) - del self.image.conf['build'] - - def process_file(self): + def build(self, image, force=False): + self.image = image + self.force = force with open(self.image.lxcfile, 'r') as f: for line in f: line = line.strip() @@ -62,11 +63,11 @@ class LXCBuilder: self.set_ready(args) def get_layer_path(self, layer): - return os.path.join(LXC_ROOT, 'storage', layer) + return os.path.join(PKG_STORAGE_DIR, layer) def run_script(self, script): lxcmgr.register_container(self.image.name, self.image.conf) - sh = os.path.join(self.get_layer_path(self.image.name), 'run.sh') + sh = os.path.join(self.image.path, 'run.sh') with open(sh, 'w') as f: f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) os.chmod(sh, 0o700) @@ -77,12 +78,20 @@ class LXCBuilder: def set_name(self, name): self.image.name = name - self.image.conf['layers'] = [self.image.name] - image_path = self.get_layer_path(self.image.name) - os.makedirs(image_path, 0o755, True) - os.chown(image_path, 100000, 100000) + self.image.path = self.get_layer_path(name) + self.image.conf['layers'] = [name] + if os.path.exists(self.image.path): + if self.force: + self.clean() + else: + raise ImageExistsError(self.image.path) + os.makedirs(self.image.path, 0o755, True) + os.chown(self.image.path, 100000, 100000) def add_layer(self, name): + layer_path = self.get_layer_path(name) + if not os.path.exists(layer_path): + raise ImageNotFoundError(layer_path) self.image.conf['layers'].insert(0, name) def fix_layer(self, cmd): @@ -90,17 +99,17 @@ class LXCBuilder: subprocess.run([cmd] + layers, check=True) def copy_files(self, src, dst): - dst = os.path.join(self.get_layer_path(self.image.name), dst) + dst = os.path.join(self.image.path, dst) if src.startswith('http://') or src.startswith('https://'): unpack_http_archive(src, dst) else: - copy_tree(os.path.join(self.build_dir, src), dst) + copy_tree(os.path.join(self.image.build_dir, src), dst) shift_uid(dst) - def add_env(self, args): + def add_env(self, key, value): if 'env' not in self.image.conf: self.image.conf['env'] = [] - self.image.conf['env'].append(args) + self.image.conf['env'].append('{}={}'.format(key, value)) def set_user(self, uid, gid): self.image.conf['uid'] = uid @@ -118,6 +127,9 @@ class LXCBuilder: def set_ready(self, cmd): self.image.conf['ready'] = cmd + def clean(self): + shutil.rmtree(self.image.path) + def unpack_http_archive(src, dst): xf = 'xzf' if src.endswith('.bz2'): diff --git a/build/usr/lib/python3.6/lxcbuild/crypto.py b/build/usr/lib/python3.6/lxcbuild/crypto.py new file mode 100644 index 0000000..fa94bde --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/crypto.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- + +import hashlib + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.serialization import load_pem_private_key + +def sign_file(private_key, input_path): + # Generate SHA512 signature of a file using EC private key + print('Signing packages') + with open(private_key, 'rb') as f: + priv_key = load_pem_private_key(f.read(), None, default_backend()) + with open(input_path, 'rb') as f: + data = f.read() + return priv_key.sign(data, ec.ECDSA(hashes.SHA512())) + +def hash_file(file_path): + # Calculate SHA512 hash of a file + sha512 = hashlib.sha512() + with open(file_path, 'rb') as f: + while True: + data = f.read(65536) + if not data: + break + sha512.update(data) + return sha512.hexdigest() diff --git a/build/usr/lib/python3.6/lxcbuild/image.py b/build/usr/lib/python3.6/lxcbuild/image.py new file mode 100644 index 0000000..d026843 --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/image.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- + +import os +import sys + +from .builder import Builder, ImageExistsError, ImageNotFoundError +from .packer import Packer, PackageExistsError + +class Image: + def __init__(self, lxcfile): + self.name = None + self.path = None + self.conf = {} + self.lxcfile = lxcfile + self.build_dir = os.path.dirname(lxcfile) + + def build_and_pack(self, force=False): + self.conf['build'] = True + try: + builder = Builder() + builder.build(self, force) + # In case of successful build, packaging needs to be forced to prevent outdated packages + force = True + except ImageExistsError as e: + print('Image {} already exists, skipping build tasks'.format(e)) + except ImageNotFoundError as e: + print('Image {} not found, can\'t build {}'.format(e, self.name)) + builder.clean() + sys.exit(1) + except: + builder.clean() + raise + try: + packer = Packer() + packer.pack_image(self, force) + except PackageExistsError as e: + print('Package {} already exists, skipping packaging tasks'.format(e)) + del self.conf['build'] diff --git a/build/usr/lib/python3.6/lxcbuild/lxcimage.py b/build/usr/lib/python3.6/lxcbuild/lxcimage.py deleted file mode 100644 index a5515e3..0000000 --- a/build/usr/lib/python3.6/lxcbuild/lxcimage.py +++ /dev/null @@ -1,24 +0,0 @@ -# -*- coding: utf-8 -*- - -import os - -from .lxcbuilder import LXCBuilder -from .lxcpacker import LXCPacker - -class LXCImage: - def __init__(self, build_path): - self.name = None - self.conf = {} - - if os.path.isfile(build_path): - self.lxcfile = os.path.realpath(build_path) - self.build_dir = os.path.dirname(self.lxcfile) - else: - self.build_dir = os.path.realpath(build_path) - self.lxcfile = os.path.join(self.build_dir, 'lxcfile') - - def build_and_pack(self): - builder = LXCBuilder(self) - builder.build() - packer = LXCPacker(self) - packer.pack() diff --git a/build/usr/lib/python3.6/lxcbuild/lxcpacker.py b/build/usr/lib/python3.6/lxcbuild/lxcpacker.py deleted file mode 100644 index 8010460..0000000 --- a/build/usr/lib/python3.6/lxcbuild/lxcpacker.py +++ /dev/null @@ -1,83 +0,0 @@ -# -*- coding: utf-8 -*- - -import hashlib -import json -import os -import subprocess -import sys - -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.primitives.asymmetric import ec -from cryptography.hazmat.primitives.serialization import load_pem_private_key - -PKG_ROOT = '/srv/build/lxc' -PRIVATE_KEY = '/srv/build/packages.key' -LXC_STORAGE = '/var/lib/lxc/storage' - -class LXCPacker: - def __init__(self, image): - self.image = image - self.tar_path = None - self.xz_path = None - - def pack(self): - # Prepare package file names - self.tar_path = os.path.join(PKG_ROOT, '{}.tar'.format(self.image.name)) - self.xz_path = '{}.xz'.format(self.tar_path) - if os.path.exists(self.xz_path): - print('Package {} already exists, skipping packaging tasks'.format(self.xz_path)) - return - os.makedirs(PKG_ROOT, 0o755, True) - self.create_archive() - self.register_package() - self.sign_packages() - - def create_archive(self): - # Create archive - print('Archiving', self.image.name) - subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, os.path.join(LXC_STORAGE, self.image.name)], cwd='/') - # Add install/upgrade/uninstall scripts - # TODO: skripty balit jen s aplikacemi, ne s imagi - scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') - scripts = [s for s in scripts if os.path.exists(os.path.join(self.image.build_dir, s))] - subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(self.image.name), '-rpf', self.tar_path] + scripts, cwd=self.image.build_dir) - # Compress the tarball with xz (LZMA2) - print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576)) - subprocess.run(['xz', '-9', self.tar_path]) - print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576)) - - def register_package(self): - # Register package - print('Registering package') - packages_file = os.path.join(PKG_ROOT, 'packages') - if os.path.exists(packages_file): - with open(packages_file, 'r') as f: - packages = json.load(f) - else: - packages = {'apps': {}, 'images': {}} - packages['images'][self.image.name] = self.image.conf.copy() - packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path) - packages['images'][self.image.name]['sha512'] = hash_file(self.xz_path) - with open(packages_file, 'w') as f: - json.dump(packages, f, sort_keys=True, indent=4) - - def sign_packages(self): - # Sign packages file - print('Signing packages') - with open(PRIVATE_KEY, 'rb') as f: - priv_key = load_pem_private_key(f.read(), None, default_backend()) - with open(os.path.join(PKG_ROOT, 'packages'), 'rb') as f: - data = f.read() - with open(os.path.join(PKG_ROOT, 'packages.sig'), 'wb') as f: - f.write(priv_key.sign(data, ec.ECDSA(hashes.SHA512()))) - -def hash_file(file_path): - sha512 = hashlib.sha512() - with open(file_path, 'rb') as f: - while True: - data = f.read(65536) - if not data: - break - sha512.update(data) - return sha512.hexdigest() diff --git a/build/usr/lib/python3.6/lxcbuild/packer.py b/build/usr/lib/python3.6/lxcbuild/packer.py new file mode 100644 index 0000000..737afe4 --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/packer.py @@ -0,0 +1,109 @@ +# -*- coding: utf-8 -*- + +import json +import os +import subprocess +import sys + +from lxcmgr.paths import LXC_STORAGE_DIR + +from . import crypto +from .paths import APP_DIR, IMAGE_DIR, META_FILE, PRIVATE_KEY, ROOT_DIR, SIGNATURE_FILE + +class PackageExistsError(Exception): + pass + +class Packer: + def __init__(self): + self.app = None + self.image = None + self.tar_path = None + self.xz_path = None + + def load_packages_meta(self): + if os.path.exists(PKG_META): + with open(PKG_META, 'r') as f: + return json.load(f) + else: + return {'apps': {}, 'images': {}} + + def save_packages_meta(self, packages): + with open(PKG_META, 'w') as f: + json.dump(packages, f, sort_keys=True, indent=4) + + + def pack_image(self, image, force): + self.image = image + # Prepare package file names + self.tar_path = os.path.join(IMAGE_DIR, '{}.tar'.format(self.image.name)) + self.xz_path = '{}.xz'.format(self.tar_path) + if os.path.exists(self.xz_path): + if force: + self.unregister_image() + os.unlink(self.xz_path) + else: + raise PackageExistsError(self.xz_path) + self.create_image_archive() + self.register_image() + self.sign_packages() + + def create_image_archive(self): + # Create archive + print('Archiving', self.image.path) + subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, self.image.name], cwd=LXC_STORAGE_DIR) + self.compress_archive() + + def compress_archive(self): + # Compress the tarball with xz (LZMA2) + print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576)) + subprocess.run(['xz', '-9', self.tar_path]) + print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576)) + + def register_image(self): + # Register package in global repository metadata file + print('Registering package {}'.format(self.image.name)) + packages = self.load_packages_meta() + packages['images'][self.image.name] = self.image.conf.copy() + packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path) + packages['images'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) + self.save_packages_meta(packages) + + def sign_packages(self): + signature = crypto.sign_file(PRIVATE_KEY, META_FILE) + with open(SIGNATURE_FILE, 'wb') as f: + f.write(signature) + + def unregister_image(self): + # Removes package from global repository metadata file + packages = self.load_packages_meta() + if self.image.name in packages['images']: + del packages['images'][self.image.name] + self.save_packages_meta(packages) + + def pack_app(self, app): + self.app = app + # Prepare package file names + self.tar_path = os.path.join(APP_DIR, '{}.tar'.format(self.image.name)) + self.xz_path = '{}.xz'.format(self.tar_path) + if os.path.exists(self.xz_path): + os.unlink(self.xz_path) + self.create_app_archive() + self.register_app() + self.sign_packages() + + def create_app_archive(self): + # Create archive with application setup scripts + print('Archiving setup scripts for', self.app.name) + scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') + scripts = [s for s in scripts if os.path.exists(os.path.join(self.app.build_dir, s))] + subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path] + scripts, cwd=self.app.build_dir) + self.compress_archive() + + def register_app(self): + # Register package in global repository metadata file + print('Registering package {}'.format(self.app.name)) + packages = self.load_packages_meta() + packages['apps'][self.image.name] = self.app.conf.copy() + packages['apps'][self.image.name]['size'] = os.path.getsize(self.xz_path) + packages['apps'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) + self.save_packages_meta(packages) diff --git a/build/usr/lib/python3.6/lxcbuild/paths.py b/build/usr/lib/python3.6/lxcbuild/paths.py new file mode 100644 index 0000000..bc1b8f9 --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/paths.py @@ -0,0 +1,8 @@ +# -*- coding: utf-8 -*- + +ROOT_DIR = '/srv/build/lxc' +IMAGE_DIR = os.path.join(ROOT_DIR, 'images') +APP_DIR = os.path.join(ROOT_DIR, 'apps') +META_FILE = os.path.join(ROOT_DIR, 'packages') +SIGNATURE_FILE = os.path.join(ROOT_DIR, 'packages.sig') +PRIVATE_KEY = '/srv/build/packages.key' From bbfe11f557bbdf71ca11087464272492e455db22 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 20 Sep 2019 15:43:01 +0200 Subject: [PATCH 007/228] Add checks, fix build --- apk/vmmgr | 2 +- build/usr/bin/lxcbuild | 3 +- build/usr/lib/python3.6/lxcbuild/app.py | 14 ++++- build/usr/lib/python3.6/lxcbuild/builder.py | 8 +-- build/usr/lib/python3.6/lxcbuild/crypto.py | 4 +- build/usr/lib/python3.6/lxcbuild/packer.py | 66 +++++++++++---------- build/usr/lib/python3.6/lxcbuild/paths.py | 9 ++- 7 files changed, 60 insertions(+), 46 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index c3b7118..4c26168 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit c3b711850e02a6e228c4eb64ed82a4d1bc889ae9 +Subproject commit 4c2616887f52b1265aa5943d1b6bd0f7d5e9f008 diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild index 6da06f8..cd60d72 100644 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -2,6 +2,7 @@ # -*- coding: utf-8 -*- import argparse +import os import sys from lxcbuild.app import App from lxcbuild.image import Image @@ -37,7 +38,7 @@ else: image.build_and_pack(args.force) if os.path.exists(meta): valid_dir = True - app = App(buildpath) + app = App(meta) app.pack() if not valid_dir: print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) diff --git a/build/usr/lib/python3.6/lxcbuild/app.py b/build/usr/lib/python3.6/lxcbuild/app.py index d7ae2b4..b1dfe74 100644 --- a/build/usr/lib/python3.6/lxcbuild/app.py +++ b/build/usr/lib/python3.6/lxcbuild/app.py @@ -1,16 +1,26 @@ # -*- coding: utf-8 -*- +import json import os +import sys +from .builder import ImageNotFoundError from .packer import Packer class App: def __init__(self, metafile): self.build_dir = os.path.dirname(metafile) - self.name = os.path.basename(self.build_dir) + if os.path.basename(metafile) == 'meta': + self.name = os.path.basename(self.build_dir) + else: + self.name = os.path.splitext(metafile)[0] with open(metafile, 'r') as f: self.conf = json.load(f) def pack(self): packer = Packer() - packer.pack_app(self) + try: + packer.pack_app(self) + except ImageNotFoundError as e: + print('Image {} not found, can\'t pack {}'.format(e, self.name)) + sys.exit(1) diff --git a/build/usr/lib/python3.6/lxcbuild/builder.py b/build/usr/lib/python3.6/lxcbuild/builder.py index 652d38b..b6521a8 100644 --- a/build/usr/lib/python3.6/lxcbuild/builder.py +++ b/build/usr/lib/python3.6/lxcbuild/builder.py @@ -6,7 +6,7 @@ import subprocess import sys from lxcmgr import lxcmgr -from lxcmgr.paths import PKG_STORAGE_DIR +from lxcmgr.paths import LXC_STORAGE_DIR class ImageExistsError(Exception): pass @@ -63,10 +63,10 @@ class Builder: self.set_ready(args) def get_layer_path(self, layer): - return os.path.join(PKG_STORAGE_DIR, layer) + return os.path.join(LXC_STORAGE_DIR, layer) def run_script(self, script): - lxcmgr.register_container(self.image.name, self.image.conf) + lxcmgr.create_container(self.image.name, self.image.conf) sh = os.path.join(self.image.path, 'run.sh') with open(sh, 'w') as f: f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) @@ -74,7 +74,7 @@ class Builder: os.chown(sh, 100000, 100000) subprocess.run(['lxc-execute', self.image.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True) os.unlink(sh) - lxcmgr.unregister_container(self.image.name) + lxcmgr.destroy_container(self.image.name) def set_name(self, name): self.image.name = name diff --git a/build/usr/lib/python3.6/lxcbuild/crypto.py b/build/usr/lib/python3.6/lxcbuild/crypto.py index fa94bde..44c27d2 100644 --- a/build/usr/lib/python3.6/lxcbuild/crypto.py +++ b/build/usr/lib/python3.6/lxcbuild/crypto.py @@ -7,10 +7,10 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.serialization import load_pem_private_key -def sign_file(private_key, input_path): +def sign_file(private_key_path, input_path): # Generate SHA512 signature of a file using EC private key print('Signing packages') - with open(private_key, 'rb') as f: + with open(private_key_path, 'rb') as f: priv_key = load_pem_private_key(f.read(), None, default_backend()) with open(input_path, 'rb') as f: data = f.read() diff --git a/build/usr/lib/python3.6/lxcbuild/packer.py b/build/usr/lib/python3.6/lxcbuild/packer.py index 737afe4..72c789d 100644 --- a/build/usr/lib/python3.6/lxcbuild/packer.py +++ b/build/usr/lib/python3.6/lxcbuild/packer.py @@ -6,9 +6,11 @@ import subprocess import sys from lxcmgr.paths import LXC_STORAGE_DIR +from lxcmgr.pkgmgr import PkgMgr from . import crypto -from .paths import APP_DIR, IMAGE_DIR, META_FILE, PRIVATE_KEY, ROOT_DIR, SIGNATURE_FILE +from .builder import ImageNotFoundError +from .paths import PRIVATE_KEY, REPO_APPS_DIR, REPO_IMAGES_DIR, REPO_META_FILE, REPO_SIG_FILE class PackageExistsError(Exception): pass @@ -19,23 +21,20 @@ class Packer: self.image = None self.tar_path = None self.xz_path = None - - def load_packages_meta(self): - if os.path.exists(PKG_META): - with open(PKG_META, 'r') as f: - return json.load(f) + if os.path.exists(REPO_META_FILE): + with open(REPO_META_FILE, 'r') as f: + self.packages = json.load(f) else: - return {'apps': {}, 'images': {}} - - def save_packages_meta(self, packages): - with open(PKG_META, 'w') as f: - json.dump(packages, f, sort_keys=True, indent=4) + self.packages = {'apps': {}, 'images': {}} + def save_repo_meta(self): + with open(REPO_META_FILE, 'w') as f: + json.dump(self.packages, f, sort_keys=True, indent=4) def pack_image(self, image, force): self.image = image # Prepare package file names - self.tar_path = os.path.join(IMAGE_DIR, '{}.tar'.format(self.image.name)) + self.tar_path = os.path.join(REPO_IMAGES_DIR, '{}.tar'.format(self.image.name)) self.xz_path = '{}.xz'.format(self.tar_path) if os.path.exists(self.xz_path): if force: @@ -60,30 +59,36 @@ class Packer: print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576)) def register_image(self): - # Register package in global repository metadata file + # Register image in global repository metadata file print('Registering package {}'.format(self.image.name)) - packages = self.load_packages_meta() - packages['images'][self.image.name] = self.image.conf.copy() - packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path) - packages['images'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) - self.save_packages_meta(packages) + self.packages['images'][self.image.name] = self.image.conf.copy() + self.packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path) + self.packages['images'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) + self.save_repo_meta() + # Register the image also to locally installed images for package manager + pm = PkgMgr() + pm.register_image(self.image.name, self.packages['images'][self.image.name]) def sign_packages(self): - signature = crypto.sign_file(PRIVATE_KEY, META_FILE) - with open(SIGNATURE_FILE, 'wb') as f: + signature = crypto.sign_file(PRIVATE_KEY, REPO_META_FILE) + with open(REPO_SIG_FILE, 'wb') as f: f.write(signature) def unregister_image(self): # Removes package from global repository metadata file - packages = self.load_packages_meta() - if self.image.name in packages['images']: - del packages['images'][self.image.name] - self.save_packages_meta(packages) + if self.image.name in self.packages['images']: + del self.packages['images'][self.image.name] + self.save_repo_meta() def pack_app(self, app): self.app = app + # Check if all images exist + for container in app.conf['containers']: + image = app.conf['containers'][container]['image'] + if image not in self.packages['images']: + raise ImageNotFoundError(image) # Prepare package file names - self.tar_path = os.path.join(APP_DIR, '{}.tar'.format(self.image.name)) + self.tar_path = os.path.join(REPO_APPS_DIR, '{}.tar'.format(self.app.name)) self.xz_path = '{}.xz'.format(self.tar_path) if os.path.exists(self.xz_path): os.unlink(self.xz_path) @@ -96,14 +101,13 @@ class Packer: print('Archiving setup scripts for', self.app.name) scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') scripts = [s for s in scripts if os.path.exists(os.path.join(self.app.build_dir, s))] - subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path] + scripts, cwd=self.app.build_dir) + subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, '--transform', 's,^,{}/,'.format(self.app.name)] + scripts, cwd=self.app.build_dir) self.compress_archive() def register_app(self): # Register package in global repository metadata file print('Registering package {}'.format(self.app.name)) - packages = self.load_packages_meta() - packages['apps'][self.image.name] = self.app.conf.copy() - packages['apps'][self.image.name]['size'] = os.path.getsize(self.xz_path) - packages['apps'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) - self.save_packages_meta(packages) + self.packages['apps'][self.app.name] = self.app.conf.copy() + self.packages['apps'][self.app.name]['size'] = os.path.getsize(self.xz_path) + self.packages['apps'][self.app.name]['sha512'] = crypto.hash_file(self.xz_path) + self.save_repo_meta() diff --git a/build/usr/lib/python3.6/lxcbuild/paths.py b/build/usr/lib/python3.6/lxcbuild/paths.py index bc1b8f9..bf4e455 100644 --- a/build/usr/lib/python3.6/lxcbuild/paths.py +++ b/build/usr/lib/python3.6/lxcbuild/paths.py @@ -1,8 +1,7 @@ # -*- coding: utf-8 -*- -ROOT_DIR = '/srv/build/lxc' -IMAGE_DIR = os.path.join(ROOT_DIR, 'images') -APP_DIR = os.path.join(ROOT_DIR, 'apps') -META_FILE = os.path.join(ROOT_DIR, 'packages') -SIGNATURE_FILE = os.path.join(ROOT_DIR, 'packages.sig') PRIVATE_KEY = '/srv/build/packages.key' +REPO_APPS_DIR = '/srv/build/lxc/apps' +REPO_IMAGES_DIR = '/srv/build/lxc/images' +REPO_META_FILE = '/srv/build/lxc/packages' +REPO_SIG_FILE = '/srv/build/lxc/packages.sig' From b1d705487ad5a811e1a6281c4e84239f9886bbbb Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 23 Sep 2019 15:34:37 +0200 Subject: [PATCH 008/228] Fix packaging --- apk/vmmgr | 2 +- build/usr/bin/lxcbuild | 2 +- build/usr/lib/python3.6/lxcbuild/image.py | 6 +++--- build/usr/lib/python3.6/lxcbuild/packer.py | 16 ++++++++++------ 4 files changed, 15 insertions(+), 11 deletions(-) mode change 100644 => 100755 build/usr/bin/lxcbuild diff --git a/apk/vmmgr b/apk/vmmgr index 4c26168..7b045cf 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 4c2616887f52b1265aa5943d1b6bd0f7d5e9f008 +Subproject commit 7b045cf9c3e7f0de494a75e99a9f2a9d34d4772d diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild old mode 100644 new mode 100755 index cd60d72..ae03087 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -24,7 +24,7 @@ if os.path.isfile(buildpath): image.build_and_pack(args.force) elif basename == 'meta' or basename.endswith('.meta'): app = App(buildpath) - app.build_and_pack() + app.pack() else: print('Unknown file {} given, expected "lxcfile" or "meta"'.format(buildpath)) sys.exit(1) diff --git a/build/usr/lib/python3.6/lxcbuild/image.py b/build/usr/lib/python3.6/lxcbuild/image.py index d026843..f77bff8 100644 --- a/build/usr/lib/python3.6/lxcbuild/image.py +++ b/build/usr/lib/python3.6/lxcbuild/image.py @@ -14,12 +14,12 @@ class Image: self.lxcfile = lxcfile self.build_dir = os.path.dirname(lxcfile) - def build_and_pack(self, force=False): + def build_and_pack(self, force): self.conf['build'] = True try: builder = Builder() builder.build(self, force) - # In case of successful build, packaging needs to be forced to prevent outdated packages + # In case of successful build, packaging needs to happen in all cases to prevent outdated packages force = True except ImageExistsError as e: print('Image {} already exists, skipping build tasks'.format(e)) @@ -30,9 +30,9 @@ class Image: except: builder.clean() raise + del self.conf['build'] try: packer = Packer() packer.pack_image(self, force) except PackageExistsError as e: print('Package {} already exists, skipping packaging tasks'.format(e)) - del self.conf['build'] diff --git a/build/usr/lib/python3.6/lxcbuild/packer.py b/build/usr/lib/python3.6/lxcbuild/packer.py index 72c789d..ffbeb53 100644 --- a/build/usr/lib/python3.6/lxcbuild/packer.py +++ b/build/usr/lib/python3.6/lxcbuild/packer.py @@ -36,12 +36,14 @@ class Packer: # Prepare package file names self.tar_path = os.path.join(REPO_IMAGES_DIR, '{}.tar'.format(self.image.name)) self.xz_path = '{}.xz'.format(self.tar_path) - if os.path.exists(self.xz_path): - if force: - self.unregister_image() + if force: + self.unregister_image() + try: os.unlink(self.xz_path) - else: - raise PackageExistsError(self.xz_path) + except FileNotFoundError: + pass + elif os.path.exists(self.xz_path): + raise PackageExistsError(self.xz_path) self.create_image_archive() self.register_image() self.sign_packages() @@ -90,8 +92,10 @@ class Packer: # Prepare package file names self.tar_path = os.path.join(REPO_APPS_DIR, '{}.tar'.format(self.app.name)) self.xz_path = '{}.xz'.format(self.tar_path) - if os.path.exists(self.xz_path): + try: os.unlink(self.xz_path) + except FileNotFoundError: + pass self.create_app_archive() self.register_app() self.sign_packages() From 69f67649f39b358365bcd70a7d8ee13732b405cc Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 23 Sep 2019 15:40:59 +0200 Subject: [PATCH 009/228] Make CKAN script executable --- lxc-apps/ckan/install.sh | 0 lxc-apps/ckan/uninstall.sh | 23 ++--------------------- 2 files changed, 2 insertions(+), 21 deletions(-) mode change 100644 => 100755 lxc-apps/ckan/install.sh mode change 100644 => 100755 lxc-apps/ckan/uninstall.sh diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh old mode 100644 new mode 100755 diff --git a/lxc-apps/ckan/uninstall.sh b/lxc-apps/ckan/uninstall.sh old mode 100644 new mode 100755 index 1454828..0eeb8f6 --- a/lxc-apps/ckan/uninstall.sh +++ b/lxc-apps/ckan/uninstall.sh @@ -1,27 +1,8 @@ #!/bin/sh set -ev -# Remove cronjob -rm -f /etc/periodic/hourly/ckan - -# Remove service -rm -f /etc/init.d/ckan -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS ckan; DROP DATABASE IF EXISTS ckan_datastore; DROP ROLE IF EXISTS ckan; DROP ROLE IF EXISTS ckan_datastore;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Remove redis data -[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1 -lxc-attach redis -- redis-cli -n 0 flushdb -[ ! -z ${STOP_REDIS} ] && service redis stop - -# Remove solr core -[ -e /run/openrc/started/solr ] && service solr stop && START_SOLR=1 -rm -rf /srv/solr/data/ckan -[ ! -z ${START_SOLR} ] && service solr start +# Remove persistent data +rm -f /srv/ckan # Unregister application vmmgr unregister-app ckan From 7f0d9572e30db523cc95144fcee7f4d8d4dcb5b1 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 24 Sep 2019 10:04:13 +0200 Subject: [PATCH 010/228] Add unpacked sizes --- apk/vmmgr | 2 +- build/usr/lib/python3.6/lxcbuild/packer.py | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index 7b045cf..d14fba7 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 7b045cf9c3e7f0de494a75e99a9f2a9d34d4772d +Subproject commit d14fba7ec1759bb9a9a45369d155a9937dbdbecd diff --git a/build/usr/lib/python3.6/lxcbuild/packer.py b/build/usr/lib/python3.6/lxcbuild/packer.py index ffbeb53..11aab79 100644 --- a/build/usr/lib/python3.6/lxcbuild/packer.py +++ b/build/usr/lib/python3.6/lxcbuild/packer.py @@ -20,7 +20,9 @@ class Packer: self.app = None self.image = None self.tar_path = None + self.tar_size = 0 self.xz_path = None + self.xz_size = 0 if os.path.exists(REPO_META_FILE): with open(REPO_META_FILE, 'r') as f: self.packages = json.load(f) @@ -56,15 +58,18 @@ class Packer: def compress_archive(self): # Compress the tarball with xz (LZMA2) - print('Compressing', self.tar_path, '({:.2f} MB)'.format(os.path.getsize(self.tar_path)/1048576)) + self.tar_size = os.path.getsize(self.tar_path) + print('Compressing', self.tar_path, '({:.2f} MB)'.format(self.tar_size/1048576)) subprocess.run(['xz', '-9', self.tar_path]) - print('Compressed ', self.xz_path, '({:.2f} MB)'.format(os.path.getsize(self.xz_path)/1048576)) + self.xz_size = os.path.getsize(self.xz_path) + print('Compressed ', self.xz_path, '({:.2f} MB)'.format(self.xz_size/1048576)) def register_image(self): # Register image in global repository metadata file print('Registering package {}'.format(self.image.name)) self.packages['images'][self.image.name] = self.image.conf.copy() - self.packages['images'][self.image.name]['size'] = os.path.getsize(self.xz_path) + self.packages['images'][self.image.name]['size'] = self.tar_size + self.packages['images'][self.image.name]['pkgsize'] = self.xz_size self.packages['images'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) self.save_repo_meta() # Register the image also to locally installed images for package manager @@ -112,6 +117,7 @@ class Packer: # Register package in global repository metadata file print('Registering package {}'.format(self.app.name)) self.packages['apps'][self.app.name] = self.app.conf.copy() - self.packages['apps'][self.app.name]['size'] = os.path.getsize(self.xz_path) + self.packages['apps'][self.app.name]['size'] = self.tar_size + self.packages['apps'][self.app.name]['pkgsize'] = self.xz_size self.packages['apps'][self.app.name]['sha512'] = crypto.hash_file(self.xz_path) self.save_repo_meta() From 89d3dd7d0ca3904a06480f933442798177b2063a Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 24 Sep 2019 10:53:01 +0200 Subject: [PATCH 011/228] Fix layer ordering --- apk/vmmgr | 2 +- build/usr/lib/python3.6/lxcbuild/builder.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index d14fba7..171aa76 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit d14fba7ec1759bb9a9a45369d155a9937dbdbecd +Subproject commit 171aa760438326240ece7f034ad5b39a89a4fa74 diff --git a/build/usr/lib/python3.6/lxcbuild/builder.py b/build/usr/lib/python3.6/lxcbuild/builder.py index b6521a8..8072907 100644 --- a/build/usr/lib/python3.6/lxcbuild/builder.py +++ b/build/usr/lib/python3.6/lxcbuild/builder.py @@ -92,7 +92,7 @@ class Builder: layer_path = self.get_layer_path(name) if not os.path.exists(layer_path): raise ImageNotFoundError(layer_path) - self.image.conf['layers'].insert(0, name) + self.image.conf['layers'].insert(-1, name) def fix_layer(self, cmd): layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']] From f9cc2834771c88dc4835423d072d43404d79a3dd Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 24 Sep 2019 10:53:12 +0200 Subject: [PATCH 012/228] Fix CKAN scripts --- lxc-apps/ckan/install.sh | 16 ++++++++-------- lxc-apps/ckan/uninstall.sh | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index e1bf46b..5e8ce8e 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -16,28 +16,28 @@ cp postgres_data/pg_hba.conf /srv/ckan/postgres_data/pg_hba.conf # Create database export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -lxc-start ckan_postgres #TODO: wait? +service ckan_postgres start #TODO: wait? envsubst /srv/ckan/solr_data/solr.xml chown -R 108983:108983 /srv/ckan/solr_data -lxc-start ckan_solr # TODO: wait? +service ckan_solr start # TODO: add ready / wait # Configure CKAN Solr core lxc-attach -u 8983 -g 8983 ckan_solr -- solr create -p 8983 -c ckan # TODO: wait to ensure creation? -lxc-stop ckan_solr +service ckan_solr stop cp solr_data/ckan/conf/schema.xml /srv/ckan/solr_data/ckan/conf/schema.xml cp solr_data/ckan/conf/solrconfig.xml /srv/ckan/solr_data/ckan/conf/solrconfig.xml chown 108983:108983 /srv/ckan/solr_data/ckan/conf/schema.xml # TODO: je to potreba? -lxc-start ckan_solr # TODO: wait? +service ckan_solr start # Configure CKAN DataPusher mkdir -p /srv/ckan/datapusher_conf /srv/ckan/datapusher_data @@ -71,9 +71,9 @@ envsubst Date: Tue, 24 Sep 2019 19:15:22 +0200 Subject: [PATCH 013/228] Fix layers, destroy container on build cleanup --- apk/vmmgr | 2 +- build/usr/lib/python3.6/lxcbuild/builder.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index 171aa76..7591cf2 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 171aa760438326240ece7f034ad5b39a89a4fa74 +Subproject commit 7591cf2d477c9d97c96e13ee276da0bc0cf2a47e diff --git a/build/usr/lib/python3.6/lxcbuild/builder.py b/build/usr/lib/python3.6/lxcbuild/builder.py index 8072907..4a64a76 100644 --- a/build/usr/lib/python3.6/lxcbuild/builder.py +++ b/build/usr/lib/python3.6/lxcbuild/builder.py @@ -92,7 +92,7 @@ class Builder: layer_path = self.get_layer_path(name) if not os.path.exists(layer_path): raise ImageNotFoundError(layer_path) - self.image.conf['layers'].insert(-1, name) + self.image.conf['layers'].insert(1, name) def fix_layer(self, cmd): layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']] @@ -129,6 +129,7 @@ class Builder: def clean(self): shutil.rmtree(self.image.path) + lxcmgr.destroy_container(self.image.name) def unpack_http_archive(src, dst): xf = 'xzf' From 8d42eac02925611b4e30592b39729e5fb56e0cd5 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 24 Sep 2019 19:15:40 +0200 Subject: [PATCH 014/228] Fix CKAN install script --- lxc-apps/ckan/install.sh | 8 ++++---- lxc-services/postgres/lxcfile | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index 5e8ce8e..8c397c1 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -54,16 +54,16 @@ cp ckan_conf/who.ini /srv/ckan/ckan_conf/who.ini chown -R 108080:108080 /srv/ckan/ckan_data # Populate database -lxc-execute ckan_ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini -lxc-execute ckan_ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini -lxc-execute ckan_ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql +lxc-execute ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini +lxc-execute ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini +lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql # Create admin account export CKAN_ADMIN_USER="admin" export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid) export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid) export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -export CKAN_ADMIN_HASH=$(lxc-execute ckan_ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')") +export CKAN_ADMIN_HASH=$(lxc-execute ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')") export CKAN_ADMIN_EMAIL="admin@example.com" envsubst Date: Tue, 24 Sep 2019 19:49:02 +0200 Subject: [PATCH 015/228] Hostnames shouldn't have underscores --- apk/vmmgr | 2 +- lxc-apps/ckan/install.sh | 28 ++++++++++++------------ lxc-apps/ckan/install/ckan_conf/ckan.ini | 10 ++++----- lxc-apps/ckan/meta | 8 +++---- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index 7591cf2..ae2a913 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 7591cf2d477c9d97c96e13ee276da0bc0cf2a47e +Subproject commit ae2a913d0ca05422a1f070c27c4057119177ab8d diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index 8c397c1..ccee7a9 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install mkdir -p /srv/ckan/postgres_data chown -R 105432:105432 /srv/ckan/postgres_data chmod 700 /srv/ckan/postgres_data -lxc-execute -n ckan_postgres -- initdb -D /var/lib/postgresql +lxc-execute -n ckan-postgres -- initdb -D /var/lib/postgresql # Configure Postgres cp postgres_data/postgresql.conf /srv/ckan/postgres_data/postgresql.conf @@ -16,28 +16,28 @@ cp postgres_data/pg_hba.conf /srv/ckan/postgres_data/pg_hba.conf # Create database export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -service ckan_postgres start #TODO: wait? -envsubst /srv/ckan/solr_data/solr.xml +lxc-execute ckan-solr -- cat /opt/solr/server/solr/solr.xml >/srv/ckan/solr_data/solr.xml chown -R 108983:108983 /srv/ckan/solr_data -service ckan_solr start # TODO: add ready / wait +service ckan-solr start # TODO: add ready / wait # Configure CKAN Solr core -lxc-attach -u 8983 -g 8983 ckan_solr -- solr create -p 8983 -c ckan # TODO: wait to ensure creation? -service ckan_solr stop +lxc-attach -u 8983 -g 8983 ckan-solr -- solr create -p 8983 -c ckan # TODO: wait to ensure creation? +service ckan-solr stop cp solr_data/ckan/conf/schema.xml /srv/ckan/solr_data/ckan/conf/schema.xml cp solr_data/ckan/conf/solrconfig.xml /srv/ckan/solr_data/ckan/conf/solrconfig.xml chown 108983:108983 /srv/ckan/solr_data/ckan/conf/schema.xml # TODO: je to potreba? -service ckan_solr start +service ckan-solr start # Configure CKAN DataPusher mkdir -p /srv/ckan/datapusher_conf /srv/ckan/datapusher_data @@ -56,7 +56,7 @@ chown -R 108080:108080 /srv/ckan/ckan_data # Populate database lxc-execute ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini lxc-execute ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini -lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 ckan_postgres -- psql +lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 ckan-postgres -- psql # Create admin account export CKAN_ADMIN_USER="admin" @@ -65,15 +65,15 @@ export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid) export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export CKAN_ADMIN_HASH=$(lxc-execute ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')") export CKAN_ADMIN_EMAIL="admin@example.com" -envsubst Date: Fri, 27 Sep 2019 11:28:00 +0200 Subject: [PATCH 016/228] Rework CrisisCleanup --- lxc-apps/ckan/install.sh | 11 +- lxc-apps/ckan/meta | 8 +- lxc-apps/crisiscleanup/install.sh | 38 +- .../conf/boot.rb | 0 .../conf/database.yml | 0 .../conf/environments/production.rb | 0 .../conf/initializers/devise.rb | 0 .../db/seeds.rb | 0 .../install/etc/init.d/crisiscleanup | 23 - .../install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../{srv/crisiscleanup => }/update-conf.sh | 0 lxc-apps/crisiscleanup/lxcfile | 2 - lxc-apps/crisiscleanup/meta | 27 + lxc-apps/crisiscleanup/uninstall.sh | 10 +- lxc-services/solr6/lxcfile | 3 +- 16 files changed, 724 insertions(+), 59 deletions(-) rename lxc-apps/crisiscleanup/install/{srv/crisiscleanup => crisiscleanup_conf}/conf/boot.rb (100%) rename lxc-apps/crisiscleanup/install/{srv/crisiscleanup => crisiscleanup_conf}/conf/database.yml (100%) rename lxc-apps/crisiscleanup/install/{srv/crisiscleanup => crisiscleanup_conf}/conf/environments/production.rb (100%) rename lxc-apps/crisiscleanup/install/{srv/crisiscleanup => crisiscleanup_conf}/conf/initializers/devise.rb (100%) rename lxc-apps/crisiscleanup/install/{srv/crisiscleanup => crisiscleanup_conf}/db/seeds.rb (100%) delete mode 100755 lxc-apps/crisiscleanup/install/etc/init.d/crisiscleanup create mode 100644 lxc-apps/crisiscleanup/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/crisiscleanup/install/postgres_data/postgresql.conf rename lxc-apps/crisiscleanup/install/{srv/crisiscleanup => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/crisiscleanup/meta diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index ccee7a9..d380064 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -16,12 +16,13 @@ cp postgres_data/pg_hba.conf /srv/ckan/postgres_data/pg_hba.conf # Create database export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -service ckan-postgres start #TODO: wait? +service ckan-postgres start envsubst /srv/ckan/solr_data/solr.xml chown -R 108983:108983 /srv/ckan/solr_data -service ckan-solr start # TODO: add ready / wait +service ckan-solr start # Configure CKAN Solr core -lxc-attach -u 8983 -g 8983 ckan-solr -- solr create -p 8983 -c ckan # TODO: wait to ensure creation? +lxc-attach -u 8983 -g 8983 ckan-solr -- solr create -p 8983 -c ckan service ckan-solr stop cp solr_data/ckan/conf/schema.xml /srv/ckan/solr_data/ckan/conf/schema.xml cp solr_data/ckan/conf/solrconfig.xml /srv/ckan/solr_data/ckan/conf/solrconfig.xml -chown 108983:108983 /srv/ckan/solr_data/ckan/conf/schema.xml # TODO: je to potreba? +chown -R 108983:108983 /srv/ckan/solr_data service ckan-solr start # Configure CKAN DataPusher mkdir -p /srv/ckan/datapusher_conf /srv/ckan/datapusher_data cp datapusher_conf/datapusher.wsgi /srv/ckan/datapusher_conf/datapusher.wsgi cp datapusher_conf/datapusher_settings.py /srv/ckan/datapusher_conf/datapusher_settings.py +chown -R 100000:100000 /srv/ckan/datapusher_conf chown -R 108080:108080 /srv/ckan/datapusher_data # Configure CKAN @@ -51,6 +53,7 @@ export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid) envsubst /srv/ckan/ckan_conf/ckan.ini cp ckan_conf/who.ini /srv/ckan/ckan_conf/who.ini +chown -R 100000:100000 /srv/ckan/ckan_conf chown -R 108080:108080 /srv/ckan/ckan_data # Populate database diff --git a/lxc-apps/ckan/meta b/lxc-apps/ckan/meta index 133f557..69fa27f 100644 --- a/lxc-apps/ckan/meta +++ b/lxc-apps/ckan/meta @@ -11,10 +11,10 @@ "ckan": { "image": "ckan_2.8.2-190620", "depends": [ - "ckan_datapusher", - "ckan_redis", - "ckan_solr", - "ckan_postgres" + "ckan-datapusher", + "ckan-redis", + "ckan-solr", + "ckan-postgres" ], "mounts": [ ["DIR", "/srv/ckan/ckan_conf", "/etc/ckan"], diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh index 5f6b5ad..99c1b3d 100755 --- a/lxc-apps/crisiscleanup/install.sh +++ b/lxc-apps/crisiscleanup/install.sh @@ -3,41 +3,45 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/crisiscleanup/postgres_data +chown -R 105432:105432 /srv/crisiscleanup/postgres_data +chmod 700 /srv/crisiscleanup/postgres_data +lxc-execute -n crisiscleanup-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/crisiscleanup/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/crisiscleanup/postgres_data/pg_hba.conf # Create database export CRISISCLEANUP_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/crisiscleanup/conf/database.yml -cp srv/crisiscleanup/conf/boot.rb /srv/crisiscleanup/conf/boot.rb -cp srv/crisiscleanup/conf/initializers/devise.rb /srv/crisiscleanup/conf/initializers/devise.rb -cp srv/crisiscleanup/conf/environments/production.rb /srv/crisiscleanup/conf/environments/production.rb +envsubst /srv/crisiscleanup/crisiscleanup_conf/database.yml +cp crisiscleanup_conf/boot.rb /srv/crisiscleanup/crisiscleanup_conf/boot.rb +cp crisiscleanup_conf/initializers/devise.rb /srv/crisiscleanup/crisiscleanup_conf/initializers/devise.rb +cp crisiscleanup_conf/environments/production.rb /srv/crisiscleanup/crisiscleanup_conf/environments/production.rb # Populate database -envsubst /var/lib/lxc/crisiscleanup/crisiscleanup/srv/crisiscleanup/db/seeds.rb +#envsubst /var/lib/lxc/crisiscleanup/crisiscleanup/srv/crisiscleanup/db/seeds.rb # TODO bud volat User.create! zvlast nebo vyresit jinak lxc-execute crisiscleanup -- rake db:schema:load lxc-execute crisiscleanup -- rake db:seed -# Install service -cp etc/init.d/crisiscleanup /etc/init.d/crisiscleanup -rc-update -u - # Install config update script -cp srv/crisiscleanup/update-conf.sh /srv/crisiscleanup/update-conf.sh +cp update-conf.sh /srv/crisiscleanup/update-conf.sh # Stop services required for setup -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +service crisiscleanup-postgres stop # Register application vmmgr register-app crisiscleanup cc "${CRISISCLEANUP_ADMIN_EMAIL}" "${CRISISCLEANUP_ADMIN_PWD}" diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/boot.rb b/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/boot.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/boot.rb rename to lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/boot.rb diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/database.yml b/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/database.yml similarity index 100% rename from lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/database.yml rename to lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/database.yml diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/environments/production.rb b/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/environments/production.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/environments/production.rb rename to lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/environments/production.rb diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/initializers/devise.rb b/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/initializers/devise.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/srv/crisiscleanup/conf/initializers/devise.rb rename to lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/initializers/devise.rb diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/db/seeds.rb b/lxc-apps/crisiscleanup/install/crisiscleanup_conf/db/seeds.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/srv/crisiscleanup/db/seeds.rb rename to lxc-apps/crisiscleanup/install/crisiscleanup_conf/db/seeds.rb diff --git a/lxc-apps/crisiscleanup/install/etc/init.d/crisiscleanup b/lxc-apps/crisiscleanup/install/etc/init.d/crisiscleanup deleted file mode 100755 index 5897e03..0000000 --- a/lxc-apps/crisiscleanup/install/etc/init.d/crisiscleanup +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="Crisis Cleanup container" - -depend() { - need postgres -} - -start() { - lxc-start crisiscleanup -} - -start_post() { - vmmgr register-proxy crisiscleanup -} - -stop_pre() { - vmmgr unregister-proxy crisiscleanup -} - -stop() { - lxc-stop crisiscleanup -} diff --git a/lxc-apps/crisiscleanup/install/postgres_data/pg_hba.conf b/lxc-apps/crisiscleanup/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/crisiscleanup/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/crisiscleanup/install/postgres_data/postgresql.conf b/lxc-apps/crisiscleanup/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/crisiscleanup/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/crisiscleanup/install/srv/crisiscleanup/update-conf.sh b/lxc-apps/crisiscleanup/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/crisiscleanup/install/srv/crisiscleanup/update-conf.sh rename to lxc-apps/crisiscleanup/install/update-conf.sh diff --git a/lxc-apps/crisiscleanup/lxcfile b/lxc-apps/crisiscleanup/lxcfile index 4a3beb2..feb50ea 100644 --- a/lxc-apps/crisiscleanup/lxcfile +++ b/lxc-apps/crisiscleanup/lxcfile @@ -46,8 +46,6 @@ RUN EOF rm -rf /root/.bundle /root/.config /root/.npm EOF -MOUNT DIR /srv/crisiscleanup/conf srv/crisiscleanup/config - USER 8005 8005 WORKDIR /srv/crisiscleanup CMD rails server diff --git a/lxc-apps/crisiscleanup/meta b/lxc-apps/crisiscleanup/meta new file mode 100644 index 0000000..6007327 --- /dev/null +++ b/lxc-apps/crisiscleanup/meta @@ -0,0 +1,27 @@ +{ + "version": "2.2.0-190620", + "meta": { + "title": "Crisis Cleanup", + "desc-cs": "Mapování následků katastrof", + "desc-en": "Disaster relief mapping", + "license": "GPL", + "proxy": "crisiscleanup" + }, + "containers": { + "crisiscleanup": { + "image": "crisiscleanup_2.2.0-190620", + "depends": [ + "crisiscleanup-postgres" + ], + "mounts": [ + ["DIR", "/srv/crisiscleanup/crisiscleanup_conf", "/srv/crisiscleanup/config"] + ] + }, + "crisiscleanup-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/crisiscleanup/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/crisiscleanup/uninstall.sh b/lxc-apps/crisiscleanup/uninstall.sh index bc943ab..2be97d2 100755 --- a/lxc-apps/crisiscleanup/uninstall.sh +++ b/lxc-apps/crisiscleanup/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/crisiscleanup -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS crisiscleanup; DROP ROLE IF EXISTS crisiscleanup;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/crisiscleanup # Unregister application vmmgr unregister-app crisiscleanup diff --git a/lxc-services/solr6/lxcfile b/lxc-services/solr6/lxcfile index 271d8a4..e5d5f25 100644 --- a/lxc-services/solr6/lxcfile +++ b/lxc-services/solr6/lxcfile @@ -23,4 +23,5 @@ EOF COPY lxc USER 8983 8983 -CMD solr start -f +CMD /usr/bin/solr start -f +READY /bin/grep -q 'o.e.j.s.Server Started' /opt/solr/server/logs/solr.log From 77196fdcca59768a2f96ab1178570e4bd31fde4a Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 12:12:45 +0200 Subject: [PATCH 017/228] Rework fix-apk to cover all apk files --- build/usr/bin/fix-apk | 123 +++++++++++++++++++++++++++++------------- 1 file changed, 86 insertions(+), 37 deletions(-) diff --git a/build/usr/bin/fix-apk b/build/usr/bin/fix-apk index f241563..20f1570 100755 --- a/build/usr/bin/fix-apk +++ b/build/usr/bin/fix-apk @@ -1,45 +1,94 @@ #!/usr/bin/python3 # -*- coding: utf-8 -*- +import argparse import os +import shutil import sys +import tarfile +import tempfile -def fix_installed(layers): - installed = [] - for layer in layers[:-1]: - try: - with open(os.path.join(layer, 'lib/apk/db/installed'), 'r') as f: - buffer = [] - for line in f: - if line.startswith('C:'): - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - buffer = [] - buffer.append(line) - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - except: - continue - os.makedirs(os.path.join(layers[-1], 'lib/apk/db'), 0o755, True) - with open(os.path.join(layers[-1], 'lib/apk/db/installed'), 'w') as f: - f.writelines(installed) +parser = argparse.ArgumentParser(description='APK database merge script') +parser.add_argument('layers', help='Path to LXC layers to be merged', nargs=argparse.REMAINDER) -def fix_world(layers): - world = [] - for layer in layers[:-1]: - try: - with open(os.path.join(layer, 'etc/apk/world'), 'r') as f: - for line in f: - if line not in world: - world.append(line) - except: - continue - os.makedirs(os.path.join(layers[-1], 'etc/apk'), 0o755, True) - with open(os.path.join(layers[-1], 'etc/apk/world'), 'w') as f: - f.writelines(world) +if len(sys.argv) < 2: + parser.print_usage() + sys.exit(1) +args = parser.parse_args() +layers = args.layers[::-1] -if __name__ == '__main__': - fix_installed(sys.argv[1:]) - fix_world(sys.argv[1:]) +# /etc/apk/world +world = [] +for layer in layers: + try: + with open(os.path.join(layer, 'etc/apk/world'), 'r') as f: + for line in f: + if line not in world: + world.append(line) + except: + continue +os.makedirs(os.path.join(layers[-1], 'etc/apk'), 0o755, True) +with open(os.path.join(layers[-1], 'etc/apk/world'), 'w') as f: + f.writelines(world) +os.chown(os.path.join(layers[-1], 'etc'), 100000, 100000) +os.chown(os.path.join(layers[-1], 'etc/apk'), 100000, 100000) +os.chown(os.path.join(layers[-1], 'etc/apk/world'), 100000, 100000) + +# /lib/apk/db/installed +installed = [] +for layer in layers: + try: + with open(os.path.join(layer, 'lib/apk/db/installed'), 'r') as f: + buffer = [] + for line in f: + if line.startswith('C:'): + buffer = ''.join(buffer) + if buffer not in installed: + installed.append(buffer) + buffer = [] + buffer.append(line) + buffer = ''.join(buffer) + if buffer not in installed: + installed.append(buffer) + except: + continue +os.makedirs(os.path.join(layers[-1], 'lib/apk/db'), 0o755, True) +with open(os.path.join(layers[-1], 'lib/apk/db/installed'), 'w') as f: + f.writelines(installed) +os.chown(os.path.join(layers[-1], 'lib'), 100000, 100000) +os.chown(os.path.join(layers[-1], 'lib/apk'), 100000, 100000) +os.chown(os.path.join(layers[-1], 'lib/apk/db'), 100000, 100000) +os.chown(os.path.join(layers[-1], 'lib/apk/db/installed'), 100000, 100000) + +# /lib/apk/db/scripts.tar +tmp_tar_path = tempfile.mkstemp()[1] +files_in_tar = [] +with tarfile.open(tmp_tar_path, 'w:') as tmp_tar: + for layer in layers: + tar_path = os.path.join(layer, 'lib/apk/db/scripts.tar') + if os.path.exists(tar_path): + with tarfile.open(tar_path, 'r:') as tar: + for member in tar.getmembers(): + if member.name not in files_in_tar: + buffer = tar.extractfile(member) + tmp_tar.addfile(member, buffer) + files_in_tar.append(member.name) +if files_in_tar: + shutil.move(tmp_tar_path, os.path.join(layers[-1], 'lib/apk/db/scripts.tar')) + os.chown(os.path.join(layers[-1], 'lib/apk/db/scripts.tar'), 100000, 100000) +else: + os.unlink(tmp_tar_path) + +# /lib/apk/db/triggers +triggers = [] +for layer in layers: + try: + with open(os.path.join(layer, 'lib/apk/db/triggers'), 'r') as f: + for line in f: + if line not in triggers: + triggers.append(line) + except: + continue +with open(os.path.join(layers[-1], 'lib/apk/db/triggers'), 'w') as f: + f.writelines(triggers) +os.chown(os.path.join(layers[-1], 'lib/apk/db/triggers'), 100000, 100000) From dfdd1de8e869e917d959fd256621753dea2d9450 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 12:13:39 +0200 Subject: [PATCH 018/228] Fix fix-layer launching and env var population --- build/usr/lib/python3.6/lxcbuild/builder.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/usr/lib/python3.6/lxcbuild/builder.py b/build/usr/lib/python3.6/lxcbuild/builder.py index 4a64a76..3e20780 100644 --- a/build/usr/lib/python3.6/lxcbuild/builder.py +++ b/build/usr/lib/python3.6/lxcbuild/builder.py @@ -96,7 +96,7 @@ class Builder: def fix_layer(self, cmd): layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']] - subprocess.run([cmd] + layers, check=True) + subprocess.run(cmd + layers, check=True) def copy_files(self, src, dst): dst = os.path.join(self.image.path, dst) @@ -109,7 +109,7 @@ class Builder: def add_env(self, key, value): if 'env' not in self.image.conf: self.image.conf['env'] = [] - self.image.conf['env'].append('{}={}'.format(key, value)) + self.image.conf['env'].append([key, value]) def set_user(self, uid, gid): self.image.conf['uid'] = uid From c9ceaff64847244e2df990784431da9182ba4d54 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 13:19:52 +0200 Subject: [PATCH 019/228] Rework CTS --- lxc-apps/cts/install.sh | 35 +- .../{srv/cts/conf => cts_conf}/spotter.py | 0 lxc-apps/cts/install/etc/init.d/cts | 23 - .../cts/install/postgres_data/pg_hba.conf | 3 + .../cts/install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../cts/install/{srv/cts => }/update-conf.sh | 0 lxc-apps/cts/lxcfile | 2 - lxc-apps/cts/meta | 27 + lxc-apps/cts/uninstall.sh | 10 +- 9 files changed, 710 insertions(+), 48 deletions(-) rename lxc-apps/cts/install/{srv/cts/conf => cts_conf}/spotter.py (100%) delete mode 100755 lxc-apps/cts/install/etc/init.d/cts create mode 100644 lxc-apps/cts/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/cts/install/postgres_data/postgresql.conf rename lxc-apps/cts/install/{srv/cts => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/cts/meta diff --git a/lxc-apps/cts/install.sh b/lxc-apps/cts/install.sh index 3856667..f02d849 100755 --- a/lxc-apps/cts/install.sh +++ b/lxc-apps/cts/install.sh @@ -3,25 +3,34 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/cts/postgres_data +chown -R 105432:105432 /srv/cts/postgres_data +chmod 700 /srv/cts/postgres_data +lxc-execute -n cts-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/cts/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/cts/postgres_data/pg_hba.conf # Create database export CTS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/cts/conf/spotter.py -touch /srv/cts/conf/__init__.py +envsubst /srv/cts/cts_conf/spotter.py +touch /srv/cts/cts_conf/__init__.py # Set "production values" (increases performance) only if the DEBUG environment variable is not set if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/DEBUG = True/DEBUG = False/' /srv/cts/conf/spotter.py + sed -i 's/DEBUG = True/DEBUG = False/' /srv/cts/cts_conf/spotter.py fi # Populate database @@ -32,17 +41,13 @@ export CTS_ADMIN_EMAIL=admin@example.com export CTS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export CTS_ADMIN_HASH=$(lxc-execute cts -- python -c "from django.contrib.auth.hashers import make_password; print make_password('${CTS_ADMIN_PWD}')") export CTS_ADMIN_SECRET=$(head -c 12 /dev/urandom | sha256sum | cut -c1-13) -envsubst 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/cts/install/srv/cts/update-conf.sh b/lxc-apps/cts/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/cts/install/srv/cts/update-conf.sh rename to lxc-apps/cts/install/update-conf.sh diff --git a/lxc-apps/cts/lxcfile b/lxc-apps/cts/lxcfile index a9e1d0d..c1b81a9 100644 --- a/lxc-apps/cts/lxcfile +++ b/lxc-apps/cts/lxcfile @@ -38,8 +38,6 @@ EOF COPY lxc -MOUNT DIR /srv/cts/conf srv/cts/cts/settings - ENV DJANGO_SETTINGS_MODULE cts.settings.spotter WORKDIR /srv/cts CMD s6-svscan /etc/services.d diff --git a/lxc-apps/cts/meta b/lxc-apps/cts/meta new file mode 100644 index 0000000..6cba55e --- /dev/null +++ b/lxc-apps/cts/meta @@ -0,0 +1,27 @@ +{ + "version": "0.8.0-190620", + "meta": { + "title": "CTS", + "desc-cs": "Sledovací systém komodit", + "desc-en": "Commodity tracking system", + "license": "GPL", + "proxy": "cts" + }, + "containers": { + "cts": { + "image": "cts_0.8.0-190620", + "depends": [ + "cts-postgres" + ], + "mounts": [ + ["DIR", "/srv/cts/cts_conf", "/srv/cts/cts/settings"] + ] + }, + "cts-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/cts/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/cts/uninstall.sh b/lxc-apps/cts/uninstall.sh index 74bf4a0..3e51a6a 100755 --- a/lxc-apps/cts/uninstall.sh +++ b/lxc-apps/cts/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/cts -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS cts; DROP ROLE IF EXISTS cts;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/cts # Unregister application vmmgr unregister-app cts From 2e674aa2d00742860da61600222bb557ca627784 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 20:08:37 +0200 Subject: [PATCH 020/228] Update build-all.sh --- apk/vmmgr | 2 +- build/build-all.sh | 134 ++++++++++++------------------------- doc/toolchain/lxc-build.md | 10 --- 3 files changed, 43 insertions(+), 103 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index ae2a913..6045349 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit ae2a913d0ca05422a1f070c27c4057119177ab8d +Subproject commit 6045349f9c3602d6ba9b081a62d4338b202521d6 diff --git a/build/build-all.sh b/build/build-all.sh index 986de40..143025d 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -47,101 +47,51 @@ abuild -F # Build apd pack runtimes cd ${ROOT}/lxc-shared -lxc-build alpine3.8 -lxc-build alpine3.8-php5.6 -lxc-build alpine3.8-nodejs8 -lxc-build alpine3.8-ruby2.4 -lxc-build alpine3.9 -lxc-build alpine3.9-java8 -lxc-build alpine3.9-php7.2 -lxc-build alpine3.9-python2.7 -lxc-build alpine3.9-python3.6 -lxc-build alpine3.9-nodejs10 -lxc-build alpine3.9-ruby2.4 -lxc-build alpine3.9-tomcat7 -lxc-build alpine3.9-tomcat8.5 +lxcbuild alpine3.8 +lxcbuild alpine3.8-php5.6 +lxcbuild alpine3.8-nodejs8 +lxcbuild alpine3.8-ruby2.4 +lxcbuild alpine3.9 +lxcbuild alpine3.9-java8 +lxcbuild alpine3.9-php7.2 +lxcbuild alpine3.9-python2.7 +lxcbuild alpine3.9-python3.6 +lxcbuild alpine3.9-nodejs10 +lxcbuild alpine3.9-ruby2.4 +lxcbuild alpine3.9-tomcat7 +lxcbuild alpine3.9-tomcat8.5 # Build services cd ${ROOT}/lxc-services -lxc-build activemq -lxc-build mariadb -lxc-build postgres -lxc-build postgis -lxc-build rabbitmq -lxc-build redis -lxc-build solr +lxcbuild activemq +lxcbuild mariadb +lxcbuild postgres +lxcbuild postgis +lxcbuild rabbitmq +lxcbuild redis +lxcbuild solr6 # Build applications cd ${ROOT}/lxc-apps -lxc-build ckan -lxc-build ckan-datapusher -lxc-build crisiscleanup -lxc-build cts -lxc-build ecogis -lxc-build frontlinesms -lxc-build gnuhealth -lxc-build kanboard -lxc-build mifosx -lxc-build motech -lxc-build odoo -lxc-build opendatakit -lxc-build opendatakit-build -lxc-build openmapkit -lxc-build pandora -lxc-build sahana-shared -lxc-build sahana -lxc-build sahana-demo -lxc-build sambro -lxc-build seeddms -lxc-build sigmah -lxc-build ushahidi - -# Pack runtimes -cd ${ROOT}/lxc-shared -lxc-pack alpine3.8 -lxc-pack alpine3.8-php5.6 -lxc-pack alpine3.8-nodejs8 -lxc-pack alpine3.8-ruby2.4 -lxc-pack alpine3.9 -lxc-pack alpine3.9-java8 -lxc-pack alpine3.9-php7.2 -lxc-pack alpine3.9-python2.7 -lxc-pack alpine3.9-python3.6 -lxc-pack alpine3.9-nodejs10 -lxc-pack alpine3.9-ruby2.4 -lxc-pack alpine3.9-tomcat7 -lxc-pack alpine3.9-tomcat8.5 - -# Pack services -cd ${ROOT}/lxc-services -lxc-pack activemq -lxc-pack mariadb -lxc-pack postgres -lxc-pack rabbitmq -lxc-pack redis -lxc-pack solr - -# Pack applications -cd ${ROOT}/lxc-apps -lxc-pack ckan-datapusher -lxc-pack ckan -lxc-pack crisiscleanup -lxc-pack cts -lxc-pack ecogis -lxc-pack frontlinesms -lxc-pack gnuhealth -lxc-pack kanboard -lxc-pack mifosx -lxc-pack motech -lxc-pack odoo -lxc-pack opendatakit -lxc-pack opendatakit-build -lxc-pack openmapkit -lxc-pack pandora -lxc-pack sahana-shared -lxc-pack sahana -lxc-pack sahana-demo -lxc-pack sambro -lxc-pack seeddms -lxc-pack sigmah -lxc-pack ushahidi +lxcbuild ckan +lxcbuild ckan-datapusher +lxcbuild crisiscleanup +lxcbuild cts +lxcbuild ecogis +lxcbuild frontlinesms +lxcbuild gnuhealth +lxcbuild kanboard +lxcbuild mifosx +lxcbuild motech +lxcbuild odoo +lxcbuild opendatakit +lxcbuild opendatakit-build +lxcbuild openmapkit +lxcbuild pandora +lxcbuild sahana-shared +lxcbuild sahana +lxcbuild sahana-demo +lxcbuild sambro +lxcbuild seeddms +lxcbuild sigmah +lxcbuild ushahidi diff --git a/doc/toolchain/lxc-build.md b/doc/toolchain/lxc-build.md index 76aae4a..835d38d 100644 --- a/doc/toolchain/lxc-build.md +++ b/doc/toolchain/lxc-build.md @@ -82,13 +82,6 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas - **Docker equivalent:** `COPY` or `ADD` - **Populates LXC field:** None -### MOUNT - -- **Usage:** `MOUNT DIR|FILE ` -- **Description:** Creates a directory or file mount for the container. The `` is usually given as absolute path existing on the LXC host, the `` is a path relative to the container root directory. If the file doesn't exist in any of the container layers, it is automatically created on container startup. -- **Docker equivalent:** `VOLUME` -- **Populates LXC field:** `lxc.mount.entry` - ### USER - **Usage:** `USER ` @@ -192,9 +185,6 @@ RUN EOF apk --no-cache add redis EOF -MOUNT FILE /srv/redis/conf/redis.conf etc/redis.conf -MOUNT DIR /srv/redis/data var/lib/redis - USER 6379 6379 CMD redis-server /etc/redis.conf ``` From ed0c6c90a7242456d02a5c07c5a93289e2cc3252 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 20:09:58 +0200 Subject: [PATCH 021/228] Rework EcoGIS --- lxc-apps/ecogis/install.sh | 24 +- .../ecogis/conf => ecogis_conf}/config.php | 0 lxc-apps/ecogis/install/etc/init.d/ecogis | 23 - .../ecogis/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ lxc-apps/ecogis/lxcfile | 3 - lxc-apps/ecogis/meta | 28 + lxc-apps/ecogis/uninstall.sh | 10 +- 8 files changed, 705 insertions(+), 44 deletions(-) rename lxc-apps/ecogis/install/{srv/ecogis/conf => ecogis_conf}/config.php (100%) delete mode 100755 lxc-apps/ecogis/install/etc/init.d/ecogis create mode 100644 lxc-apps/ecogis/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/ecogis/install/postgres_data/postgresql.conf create mode 100644 lxc-apps/ecogis/meta diff --git a/lxc-apps/ecogis/install.sh b/lxc-apps/ecogis/install.sh index 965aa1b..b2989a0 100755 --- a/lxc-apps/ecogis/install.sh +++ b/lxc-apps/ecogis/install.sh @@ -3,24 +3,28 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/ecogis/postgres_data +chown -R 105432:105432 /srv/ecogis/postgres_data +chmod 700 /srv/ecogis/postgres_data +lxc-execute -n ecogis-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/ecogis/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/ecogis/postgres_data/pg_hba.conf # Populate database export ECOGIS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/ecogis/conf/config.php -chown -R 8020:8020 /srv/ecogis/conf - -# Install service -cp etc/init.d/ecogis /etc/init.d/ecogis -rc-update -u +chown -R 108020:108020 /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data # Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +service ecogis-postgres stop # Register application vmmgr register-app ecogis ecogis diff --git a/lxc-apps/ecogis/install/srv/ecogis/conf/config.php b/lxc-apps/ecogis/install/ecogis_conf/config.php similarity index 100% rename from lxc-apps/ecogis/install/srv/ecogis/conf/config.php rename to lxc-apps/ecogis/install/ecogis_conf/config.php diff --git a/lxc-apps/ecogis/install/etc/init.d/ecogis b/lxc-apps/ecogis/install/etc/init.d/ecogis deleted file mode 100755 index 2d8a87c..0000000 --- a/lxc-apps/ecogis/install/etc/init.d/ecogis +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="EcoGIS container" - -depend() { - need postgres -} - -start() { - lxc-start ecogis -} - -start_post() { - vmmgr register-proxy ecogis -} - -stop_pre() { - vmmgr unregister-proxy ecogis -} - -stop() { - lxc-stop ecogis -} diff --git a/lxc-apps/ecogis/install/postgres_data/pg_hba.conf b/lxc-apps/ecogis/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/ecogis/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/ecogis/install/postgres_data/postgresql.conf b/lxc-apps/ecogis/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/ecogis/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/ecogis/lxcfile b/lxc-apps/ecogis/lxcfile index 47ab03a..20fa0b5 100644 --- a/lxc-apps/ecogis/lxcfile +++ b/lxc-apps/ecogis/lxcfile @@ -34,7 +34,4 @@ EOF COPY lxc -# MOUNT DIR /srv/ecogis/data srv/ecogis/data/files -MOUNT FILE /srv/ecogis/conf/config.php srv/ecogis/etc/config.php - CMD s6-svscan /etc/services.d diff --git a/lxc-apps/ecogis/meta b/lxc-apps/ecogis/meta new file mode 100644 index 0000000..304a168 --- /dev/null +++ b/lxc-apps/ecogis/meta @@ -0,0 +1,28 @@ +{ + "version": "0.0.1-190620", + "meta": { + "title": "EcoGIS", + "desc-cs": "EcoGIS", + "desc-en": "EcoGIS", + "license": "GPL", + "proxy": "ecogis" + }, + "containers": { + "ecogis": { + "image": "ecogis_0.0.1-190620", + "depends": [ + "ecogis-postgres" + ], + "mounts": [ + ["DIR", "/srv/ecogis/ecogis_data", "/srv/ecogis/data/files"], + ["FILE", "/srv/ecogis/ecogis_conf/config.php", "/srv/ecogis/etc/config.php"], + ] + }, + "ecogis-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/ecogis/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/ecogis/uninstall.sh b/lxc-apps/ecogis/uninstall.sh index a4a2be3..066d74e 100755 --- a/lxc-apps/ecogis/uninstall.sh +++ b/lxc-apps/ecogis/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/ecogis -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS ecogis; DROP ROLE IF EXISTS ecogis;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/ecogis # Unregister application vmmgr unregister-app ecogis From 0bc2daf4ad0c70fe3f094a7c91e0ab11ef8f3b39 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 20:19:13 +0200 Subject: [PATCH 022/228] Rework FrontlineSMS --- lxc-apps/frontlinesms/install.sh | 10 +++------- .../install/etc/init.d/frontlinesms | 19 ------------------- .../app-settings.properties | 0 lxc-apps/frontlinesms/lxcfile | 2 -- lxc-apps/frontlinesms/meta | 18 ++++++++++++++++++ lxc-apps/frontlinesms/uninstall.sh | 5 ++--- 6 files changed, 23 insertions(+), 31 deletions(-) delete mode 100755 lxc-apps/frontlinesms/install/etc/init.d/frontlinesms rename lxc-apps/frontlinesms/install/{srv/frontlinesms/data => flsms_data}/app-settings.properties (100%) create mode 100644 lxc-apps/frontlinesms/meta diff --git a/lxc-apps/frontlinesms/install.sh b/lxc-apps/frontlinesms/install.sh index a588c2e..94b2086 100755 --- a/lxc-apps/frontlinesms/install.sh +++ b/lxc-apps/frontlinesms/install.sh @@ -4,17 +4,13 @@ set -ev cd $(realpath $(dirname "${0}"))/install # Configure FrontlineSMS -mkdir -p /srv/frontlinesms/data +mkdir -p /srv/frontlinesms/flsms_data export FRONTLINESMS_ADMIN_USER="admin" export FRONTLINESMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export FRONTLINESMS_ADMIN_USER_HASH=$(echo -n "${FRONTLINESMS_ADMIN_USER}" | base64) export FRONTLINESMS_ADMIN_PWD_HASH=$(echo -n "${FRONTLINESMS_ADMIN_PWD}" | base64) -envsubst /srv/frontlinesms/data/app-settings.properties -chown -R 8018:8018 /srv/frontlinesms/data - -# Install service -cp etc/init.d/frontlinesms /etc/init.d/frontlinesms -rc-update -u +envsubst /srv/frontlinesms/flsms_data/app-settings.properties +chown -R 8018:8018 /srv/frontlinesms/flsms_data # Register application vmmgr register-app frontlinesms sms "${FRONTLINESMS_ADMIN_USER}" "${FRONTLINESMS_ADMIN_PWD}" diff --git a/lxc-apps/frontlinesms/install/etc/init.d/frontlinesms b/lxc-apps/frontlinesms/install/etc/init.d/frontlinesms deleted file mode 100755 index ff41d5f..0000000 --- a/lxc-apps/frontlinesms/install/etc/init.d/frontlinesms +++ /dev/null @@ -1,19 +0,0 @@ -#!/sbin/openrc-run - -description="FrontlineSMS container" - -start() { - lxc-start frontlinesms -} - -start_post() { - vmmgr register-proxy frontlinesms -} - -stop_pre() { - vmmgr unregister-proxy frontlinesms -} - -stop() { - lxc-stop frontlinesms -} diff --git a/lxc-apps/frontlinesms/install/srv/frontlinesms/data/app-settings.properties b/lxc-apps/frontlinesms/install/flsms_data/app-settings.properties similarity index 100% rename from lxc-apps/frontlinesms/install/srv/frontlinesms/data/app-settings.properties rename to lxc-apps/frontlinesms/install/flsms_data/app-settings.properties diff --git a/lxc-apps/frontlinesms/lxcfile b/lxc-apps/frontlinesms/lxcfile index ecc12cf..ab5aa65 100644 --- a/lxc-apps/frontlinesms/lxcfile +++ b/lxc-apps/frontlinesms/lxcfile @@ -38,6 +38,4 @@ RUN EOF chown 8018:8018 frontlinesms-core_messages_cs* EOF -MOUNT DIR /srv/frontlinesms/data srv/frontlinesms/.frontlinesms2 - CMD s6-svscan /etc/services.d diff --git a/lxc-apps/frontlinesms/meta b/lxc-apps/frontlinesms/meta new file mode 100644 index 0000000..3413c92 --- /dev/null +++ b/lxc-apps/frontlinesms/meta @@ -0,0 +1,18 @@ +{ + "version": "0.0.1-190620", + "meta": { + "title": "FrontlineSMS", + "desc-cs": "Hromadné odesílání zpráv", + "desc-en": "Bulk SMS messaging", + "license": "GPL", + "proxy": "frontlinesms" + }, + "containers": { + "frontlinesms": { + "image": "frontlinesms_0.0.1-190620", + "mounts": [ + ["DIR", "/srv/frontlinesms/flsms_data", "/srv/frontlinesms/.frontlinesms2"] + ] + } + } +} diff --git a/lxc-apps/frontlinesms/uninstall.sh b/lxc-apps/frontlinesms/uninstall.sh index e22e404..31932e4 100755 --- a/lxc-apps/frontlinesms/uninstall.sh +++ b/lxc-apps/frontlinesms/uninstall.sh @@ -1,9 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/frontlinesms -rc-update -u +# Remove persistent data +rm -rf /srv/frontlinesms # Unregister application vmmgr unregister-app frontlinesms From 1ec7dfcc953377462b30b3944fa8ec30dc6408b0 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 20:35:51 +0200 Subject: [PATCH 023/228] Remove meta['proxy'] and use vmmgr register-app instead --- lxc-apps/ckan/meta | 3 +-- lxc-apps/crisiscleanup/meta | 3 +-- lxc-apps/cts/meta | 3 +-- lxc-apps/ecogis/install.sh | 2 +- lxc-apps/ecogis/meta | 3 +-- lxc-apps/frontlinesms/meta | 3 +-- 6 files changed, 6 insertions(+), 11 deletions(-) diff --git a/lxc-apps/ckan/meta b/lxc-apps/ckan/meta index 69fa27f..3985edb 100644 --- a/lxc-apps/ckan/meta +++ b/lxc-apps/ckan/meta @@ -4,8 +4,7 @@ "title": "CKAN", "desc-cs": "Datový sklad", "desc-en": "Data store", - "license": "GPL", - "proxy": "ckan" + "license": "GPL" }, "containers": { "ckan": { diff --git a/lxc-apps/crisiscleanup/meta b/lxc-apps/crisiscleanup/meta index 6007327..97f4d11 100644 --- a/lxc-apps/crisiscleanup/meta +++ b/lxc-apps/crisiscleanup/meta @@ -4,8 +4,7 @@ "title": "Crisis Cleanup", "desc-cs": "Mapování následků katastrof", "desc-en": "Disaster relief mapping", - "license": "GPL", - "proxy": "crisiscleanup" + "license": "GPL" }, "containers": { "crisiscleanup": { diff --git a/lxc-apps/cts/meta b/lxc-apps/cts/meta index 6cba55e..de3cd36 100644 --- a/lxc-apps/cts/meta +++ b/lxc-apps/cts/meta @@ -4,8 +4,7 @@ "title": "CTS", "desc-cs": "Sledovací systém komodit", "desc-en": "Commodity tracking system", - "license": "GPL", - "proxy": "cts" + "license": "GPL" }, "containers": { "cts": { diff --git a/lxc-apps/ecogis/install.sh b/lxc-apps/ecogis/install.sh index b2989a0..b92e6b3 100755 --- a/lxc-apps/ecogis/install.sh +++ b/lxc-apps/ecogis/install.sh @@ -20,7 +20,7 @@ envsubst /srv/ecogis/conf/config.php +envsubst /srv/ecogis/conf/config.php chown -R 108020:108020 /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data # Stop services required for build diff --git a/lxc-apps/ecogis/meta b/lxc-apps/ecogis/meta index 304a168..c10fe71 100644 --- a/lxc-apps/ecogis/meta +++ b/lxc-apps/ecogis/meta @@ -4,8 +4,7 @@ "title": "EcoGIS", "desc-cs": "EcoGIS", "desc-en": "EcoGIS", - "license": "GPL", - "proxy": "ecogis" + "license": "GPL" }, "containers": { "ecogis": { diff --git a/lxc-apps/frontlinesms/meta b/lxc-apps/frontlinesms/meta index 3413c92..9b354bf 100644 --- a/lxc-apps/frontlinesms/meta +++ b/lxc-apps/frontlinesms/meta @@ -4,8 +4,7 @@ "title": "FrontlineSMS", "desc-cs": "Hromadné odesílání zpráv", "desc-en": "Bulk SMS messaging", - "license": "GPL", - "proxy": "frontlinesms" + "license": "GPL" }, "containers": { "frontlinesms": { From 8b6f09c7d5e479a4107ad3325d92f07b6e4909ed Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 20:36:14 +0200 Subject: [PATCH 024/228] Rework GNU Health --- lxc-apps/gnuhealth/install.sh | 32 +- .../gnuhealth/install/etc/init.d/gnuhealth | 23 - .../conf => gnuhealth_conf}/trytond.conf | 0 .../install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../{srv/gnuhealth => }/update-conf.sh | 0 lxc-apps/gnuhealth/lxcfile | 5 +- lxc-apps/gnuhealth/meta | 26 + lxc-apps/gnuhealth/uninstall.sh | 10 +- 9 files changed, 708 insertions(+), 49 deletions(-) delete mode 100755 lxc-apps/gnuhealth/install/etc/init.d/gnuhealth rename lxc-apps/gnuhealth/install/{srv/gnuhealth/conf => gnuhealth_conf}/trytond.conf (100%) create mode 100644 lxc-apps/gnuhealth/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/gnuhealth/install/postgres_data/postgresql.conf rename lxc-apps/gnuhealth/install/{srv/gnuhealth => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/gnuhealth/meta diff --git a/lxc-apps/gnuhealth/install.sh b/lxc-apps/gnuhealth/install.sh index efba169..d76a5c5 100755 --- a/lxc-apps/gnuhealth/install.sh +++ b/lxc-apps/gnuhealth/install.sh @@ -3,36 +3,38 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/gnuhealth/postgres_data +chown -R 105432:105432 /srv/gnuhealth/postgres_data +chmod 700 /srv/gnuhealth/postgres_data +lxc-execute -n gnuhealth-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/gnuhealth/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/gnuhealth/postgres_data/pg_hba.conf # Create databases export GNUHEALTH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/gnuhealth/conf/trytond.conf +mkdir -p /srv/gnuhealth/gnuhealth_conf/ +envsubst /srv/gnuhealth/gnuhealth_conf/trytond.conf # Populate database export GNUHEALTH_ADMIN_USER="admin" export GNUHEALTH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -echo ${GNUHEALTH_ADMIN_PWD} >/var/lib/lxc/gnuhealth/gnuhealth/tmp/.adminpwd -lxc-execute gnuhealth -- sh -c 'TRYTONPASSFILE=/tmp/.adminpwd trytond-admin -d gnuhealth --all -v' -rm -f /var/lib/lxc/gnuhealth/gnuhealth/tmp/.adminpwd +lxc-execute gnuhealth -- sh -c "echo ${GNUHEALTH_ADMIN_PWD} >/tmp/.adminpwd; TRYTONPASSFILE=/tmp/.adminpwd trytond-admin -d gnuhealth --all -v; rm /tmp/.adminpwd" # Populate demo database -zcat /var/lib/lxc/gnuhealth/gnuhealth/srv/gnuhealth/gnuhealth_demo.sql.gz | lxc-attach -u 5432 -g 5432 postgres -- sh -c "PGPASSWORD=${GNUHEALTH_PWD} psql gnuhealth_demo gnuhealth" - -# Install service -cp etc/init.d/gnuhealth /etc/init.d/gnuhealth -rc-update -u +lxc-execute gnuhealth -- zcat /srv/gnuhealth/gnuhealth_demo.sql.gz | lxc-attach -u 5432 -g 5432 gnuhealth-postgres -- sh -c "PGPASSWORD=${GNUHEALTH_PWD} psql gnuhealth_demo gnuhealth" # Install config update script -cp srv/gnuhealth/update-conf.sh /srv/gnuhealth/update-conf.sh +cp update-conf.sh /srv/gnuhealth/update-conf.sh # Stop services required for setup -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +service gnuhealth-postgres stop # Register application vmmgr register-app gnuhealth gh "${GNUHEALTH_ADMIN_USER}" "${GNUHEALTH_ADMIN_PWD}" diff --git a/lxc-apps/gnuhealth/install/etc/init.d/gnuhealth b/lxc-apps/gnuhealth/install/etc/init.d/gnuhealth deleted file mode 100755 index ccfc58c..0000000 --- a/lxc-apps/gnuhealth/install/etc/init.d/gnuhealth +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="GNU Health container" - -depend() { - need postgres -} - -start() { - lxc-start gnuhealth -} - -start_post() { - vmmgr register-proxy gnuhealth -} - -stop_pre() { - vmmgr unregister-proxy gnuhealth -} - -stop() { - lxc-stop gnuhealth -} diff --git a/lxc-apps/gnuhealth/install/srv/gnuhealth/conf/trytond.conf b/lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf similarity index 100% rename from lxc-apps/gnuhealth/install/srv/gnuhealth/conf/trytond.conf rename to lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf diff --git a/lxc-apps/gnuhealth/install/postgres_data/pg_hba.conf b/lxc-apps/gnuhealth/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/gnuhealth/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/gnuhealth/install/postgres_data/postgresql.conf b/lxc-apps/gnuhealth/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/gnuhealth/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/gnuhealth/install/srv/gnuhealth/update-conf.sh b/lxc-apps/gnuhealth/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/gnuhealth/install/srv/gnuhealth/update-conf.sh rename to lxc-apps/gnuhealth/install/update-conf.sh diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile index a6f1b6c..f0fed8f 100644 --- a/lxc-apps/gnuhealth/lxcfile +++ b/lxc-apps/gnuhealth/lxcfile @@ -55,10 +55,9 @@ RUN EOF rm -f /tmp/gnuhealth.tgz EOF -MOUNT DIR /srv/gnuhealth/conf srv/gnuhealth/gnuhealth/tryton/server/config - -USER 8008 8008 ENV PATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ENV TRYTOND_CONFIG /srv/gnuhealth/gnuhealth/tryton/server/config/trytond.conf ENV PYTHONPATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15:/srv/gnuhealth/gnuhealth/tryton/server/config + +USER 8008 8008 CMD trytond --verbose diff --git a/lxc-apps/gnuhealth/meta b/lxc-apps/gnuhealth/meta new file mode 100644 index 0000000..13f78e3 --- /dev/null +++ b/lxc-apps/gnuhealth/meta @@ -0,0 +1,26 @@ +{ + "version": "3.4.1-190620", + "meta": { + "title": "GNU Health", + "desc-cs": "Lékařské záznamy pacientů", + "desc-en": "Medical records administration", + "license": "GPL", + }, + "containers": { + "gnuhealth": { + "image": "gnuhealth_3.4.1-190620", + "depends": [ + "gnuhealth-postgres" + ], + "mounts": [ + ["DIR", "/srv/gnuhealth/gnuhealth_conf", "/srv/gnuhealth/gnuhealth/tryton/server/config"] + ] + }, + "gnuhealth-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/gnuhealth/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/gnuhealth/uninstall.sh b/lxc-apps/gnuhealth/uninstall.sh index 3c5d4ae..5a98aa4 100755 --- a/lxc-apps/gnuhealth/uninstall.sh +++ b/lxc-apps/gnuhealth/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/gnuhealth -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS gnuhealth; DROP DATABASE IF EXISTS gnuhealth_demo; DROP ROLE IF EXISTS gnuhealth;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/gnuhealth # Unregister application vmmgr unregister-app gnuhealth From a8bca6727bfb20d74af273acf54f9f450434e140 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 20:48:09 +0200 Subject: [PATCH 025/228] Rework KanBoard --- lxc-apps/kanboard/install.sh | 37 +- lxc-apps/kanboard/install/etc/init.d/kanboard | 23 - .../install/etc/periodic/daily/kanboard | 5 - .../conf => kanboard_conf}/config.php | 0 .../install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../install/{srv/kanboard => }/update-conf.sh | 0 lxc-apps/kanboard/lxcfile | 3 - lxc-apps/kanboard/meta | 27 + lxc-apps/kanboard/uninstall.sh | 13 +- 10 files changed, 710 insertions(+), 59 deletions(-) delete mode 100755 lxc-apps/kanboard/install/etc/init.d/kanboard delete mode 100755 lxc-apps/kanboard/install/etc/periodic/daily/kanboard rename lxc-apps/kanboard/install/{srv/kanboard/conf => kanboard_conf}/config.php (100%) create mode 100644 lxc-apps/kanboard/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/kanboard/install/postgres_data/postgresql.conf rename lxc-apps/kanboard/install/{srv/kanboard => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/kanboard/meta diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh index dc33cae..33cfe2e 100755 --- a/lxc-apps/kanboard/install.sh +++ b/lxc-apps/kanboard/install.sh @@ -3,35 +3,38 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/kanboard/postgres_data +chown -R 105432:105432 /srv/kanboard/postgres_data +chmod 700 /srv/kanboard/postgres_data +lxc-execute -n kanboard-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/kanboard/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/kanboard/postgres_data/pg_hba.conf # Populate database export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/kanboard/conf/config.php +mkdir -p /srv/kanboard/kanboard_conf /srv/kanboard/kanboard_data +chown -R 8009:8009 /srv/kanboard/kanboard_data +envsubst /srv/kanboard/kanboard_conf/config.php export KANBOARD_ADMIN_USER=admin export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export KANBOARD_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${KANBOARD_ADMIN_PWD}'.encode(), bcrypt.gensalt()).decode().replace('2b', '2y'))") -envsubst /dev/null -fi diff --git a/lxc-apps/kanboard/install/srv/kanboard/conf/config.php b/lxc-apps/kanboard/install/kanboard_conf/config.php similarity index 100% rename from lxc-apps/kanboard/install/srv/kanboard/conf/config.php rename to lxc-apps/kanboard/install/kanboard_conf/config.php diff --git a/lxc-apps/kanboard/install/postgres_data/pg_hba.conf b/lxc-apps/kanboard/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/kanboard/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/kanboard/install/postgres_data/postgresql.conf b/lxc-apps/kanboard/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/kanboard/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/kanboard/install/srv/kanboard/update-conf.sh b/lxc-apps/kanboard/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/kanboard/install/srv/kanboard/update-conf.sh rename to lxc-apps/kanboard/install/update-conf.sh diff --git a/lxc-apps/kanboard/lxcfile b/lxc-apps/kanboard/lxcfile index 488163b..3574e0c 100644 --- a/lxc-apps/kanboard/lxcfile +++ b/lxc-apps/kanboard/lxcfile @@ -43,7 +43,4 @@ EOF COPY lxc -MOUNT DIR /srv/kanboard/data srv/kanboard/data/files -MOUNT FILE /srv/kanboard/conf/config.php srv/kanboard/config.php - CMD s6-svscan /etc/services.d diff --git a/lxc-apps/kanboard/meta b/lxc-apps/kanboard/meta new file mode 100644 index 0000000..1e913af --- /dev/null +++ b/lxc-apps/kanboard/meta @@ -0,0 +1,27 @@ +{ + "version": "1.2.9-190620", + "meta": { + "title": "KanBoard", + "desc-cs": "Kanban řízení projektů", + "desc-en": "Kanban project management", + "license": "GPL", + }, + "containers": { + "kanboard": { + "image": "kanboard_1.2.9-190620", + "depends": [ + "kanboard-postgres" + ], + "mounts": [ + ["DIR", "/srv/kanboard/kanboard_data", "/srv/kanboard/data/files"], + ["FILE", "/srv/kanboard/kanboard_conf/config.php", "/srv/kanboard/config.php"] + ] + }, + "kanboard-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/kanboard/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/kanboard/uninstall.sh b/lxc-apps/kanboard/uninstall.sh index c0f1cc6..a5d47ae 100755 --- a/lxc-apps/kanboard/uninstall.sh +++ b/lxc-apps/kanboard/uninstall.sh @@ -1,17 +1,8 @@ #!/bin/sh set -ev -# Remove cronjob -rm -f /etc/periodic/daily/kanboard - -# Remove service -rm -f /etc/init.d/kanboard -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS kanboard; DROP ROLE IF EXISTS kanboard;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/kanboard # Unregister application vmmgr unregister-app kanboard From 990a9dcb717191f1daa5a573aa91e02e899a55e8 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 21:28:43 +0200 Subject: [PATCH 026/228] Rework MariaDB --- lxc-services/mariadb/install.sh | 19 --------------- .../mariadb/install/etc/init.d/mariadb | 15 ------------ .../mariadb/install/srv/mariadb/conf/my.cnf | 24 ------------------- lxc-services/mariadb/lxcfile | 3 --- lxc-services/mariadb/uninstall.sh | 6 ----- 5 files changed, 67 deletions(-) delete mode 100755 lxc-services/mariadb/install.sh delete mode 100755 lxc-services/mariadb/install/etc/init.d/mariadb delete mode 100644 lxc-services/mariadb/install/srv/mariadb/conf/my.cnf delete mode 100755 lxc-services/mariadb/uninstall.sh diff --git a/lxc-services/mariadb/install.sh b/lxc-services/mariadb/install.sh deleted file mode 100755 index 76fe2f1..0000000 --- a/lxc-services/mariadb/install.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Create MariaDB instance -mkdir -p /srv/mariadb/conf /srv/mariadb/data -chown 3306:3306 /srv/mariadb/data -cp srv/mariadb/conf/my.cnf /srv/mariadb/conf/my.cnf -lxc-execute mariadb -- mysql_install_db --user=mysql --datadir=/var/lib/mysql --auth-root-authentication-method=socket --skip-test-db - -# Enable query logging. Only if the DEBUG environment variable is set -if [ ${DEBUG:-0} -eq 1 ]; then - sed -i 's/#general_log/general_log/g' /srv/mariadb/conf/my.cnf -fi - -# Install service -cp etc/init.d/mariadb /etc/init.d/mariadb -rc-update -u diff --git a/lxc-services/mariadb/install/etc/init.d/mariadb b/lxc-services/mariadb/install/etc/init.d/mariadb deleted file mode 100755 index 0e3a0e8..0000000 --- a/lxc-services/mariadb/install/etc/init.d/mariadb +++ /dev/null @@ -1,15 +0,0 @@ -#!/sbin/openrc-run - -description="MariaDB container" - -start() { - lxc-start mariadb -} - -start_post() { - ewaitfile 60 /var/lib/lxc/mariadb/delta0/run/mysqld/mysqld.sock -} - -stop() { - lxc-stop mariadb -} diff --git a/lxc-services/mariadb/install/srv/mariadb/conf/my.cnf b/lxc-services/mariadb/install/srv/mariadb/conf/my.cnf deleted file mode 100644 index 5740333..0000000 --- a/lxc-services/mariadb/install/srv/mariadb/conf/my.cnf +++ /dev/null @@ -1,24 +0,0 @@ -[mysqld] -skip-external-locking -skip-name-resolve -key_buffer_size = 16M -max_allowed_packet = 1M -table_open_cache = 64 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M - -[mysqldump] -quick -max_allowed_packet = 1M - -[mysql] -no-auto-rehash - -[myisamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M diff --git a/lxc-services/mariadb/lxcfile b/lxc-services/mariadb/lxcfile index a5338d5..40835e1 100644 --- a/lxc-services/mariadb/lxcfile +++ b/lxc-services/mariadb/lxcfile @@ -15,9 +15,6 @@ RUN EOF chown mysql:mysql /run/mysqld EOF -MOUNT FILE /srv/mariadb/conf/my.cnf etc/my.cnf -MOUNT DIR /srv/mariadb/data var/lib/mysql - USER 3306 3306 CMD mysqld READY test -e /run/mysqld/mysqld.sock diff --git a/lxc-services/mariadb/uninstall.sh b/lxc-services/mariadb/uninstall.sh deleted file mode 100755 index 2cda801..0000000 --- a/lxc-services/mariadb/uninstall.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/mariadb -rc-update -u From 57cd65115dae2d722565c384287890fa1fee8bb0 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 21:29:19 +0200 Subject: [PATCH 027/228] Rework MifosX --- lxc-apps/cts/install.sh | 5 --- lxc-apps/cts/install/cts_conf/spotter.py | 2 +- lxc-apps/mifosx/install.sh | 38 +++++++++---------- lxc-apps/mifosx/install/etc/init.d/mifosx | 23 ----------- lxc-apps/mifosx/install/mariadb_conf/my.cnf | 24 ++++++++++++ .../mifosx/conf => mifosx_conf}/context.xml | 0 .../mifosx/conf => mifosx_conf}/server.xml | 0 .../install/{srv/mifosx => }/update-conf.sh | 0 lxc-apps/mifosx/lxcfile | 3 -- lxc-apps/mifosx/meta | 28 ++++++++++++++ lxc-apps/mifosx/uninstall.sh | 10 +---- 11 files changed, 74 insertions(+), 59 deletions(-) delete mode 100755 lxc-apps/mifosx/install/etc/init.d/mifosx create mode 100644 lxc-apps/mifosx/install/mariadb_conf/my.cnf rename lxc-apps/mifosx/install/{srv/mifosx/conf => mifosx_conf}/context.xml (100%) rename lxc-apps/mifosx/install/{srv/mifosx/conf => mifosx_conf}/server.xml (100%) rename lxc-apps/mifosx/install/{srv/mifosx => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/mifosx/meta diff --git a/lxc-apps/cts/install.sh b/lxc-apps/cts/install.sh index f02d849..56ba078 100755 --- a/lxc-apps/cts/install.sh +++ b/lxc-apps/cts/install.sh @@ -28,11 +28,6 @@ export CTS_SECRET=$(head -c 26 /dev/urandom | base64 | tr -d '+/=') envsubst /srv/cts/cts_conf/spotter.py touch /srv/cts/cts_conf/__init__.py -# Set "production values" (increases performance) only if the DEBUG environment variable is not set -if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/DEBUG = True/DEBUG = False/' /srv/cts/cts_conf/spotter.py -fi - # Populate database lxc-execute cts -- manage.py migrate diff --git a/lxc-apps/cts/install/cts_conf/spotter.py b/lxc-apps/cts/install/cts_conf/spotter.py index fe77949..b0ff6ca 100644 --- a/lxc-apps/cts/install/cts_conf/spotter.py +++ b/lxc-apps/cts/install/cts_conf/spotter.py @@ -43,5 +43,5 @@ CELERY_EAGER_PROPAGATES_EXCEPTIONS = True TIME_ZONE = 'Europe/Prague' LANGUAGE_CODE = 'cs' -DEBUG = True +DEBUG = False TEMPLATE_DEBUG = DEBUG diff --git a/lxc-apps/mifosx/install.sh b/lxc-apps/mifosx/install.sh index 949a95e..2a2a869 100755 --- a/lxc-apps/mifosx/install.sh +++ b/lxc-apps/mifosx/install.sh @@ -3,49 +3,49 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/mariadb ] && service mariadb start && STOP_MARIADB=1 +# Create MariaDB instance +mkdir -p /srv/mifosx/mariadb_conf /srv/mifosx/mariadb_data +chown 103306:103306 /srv/mifosx/mariadb_data +cp mariadb_conf/my.cnf /srv/mifosx/mariadb_conf/my.cnf +chown -R 100000:100000 /srv/mifosx/mariadb_conf +lxc-execute mifosx-mariadb -- mysql_install_db --user=mysql --datadir=/var/lib/mysql --auth-root-authentication-method=socket --skip-test-db # Create databases export MIFOSX_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/mifosx/conf/context.xml -cp srv/mifosx/conf/server.xml /srv/mifosx/conf/server.xml - -# Install service -cp etc/init.d/mifosx /etc/init.d/mifosx -rc-update -u +mkdir -p /srv/mifosx_conf +envsubst /srv/mifosx/mifosx_conf/context.xml +cp mifosx_conf/server.xml /srv/mifosx/mifosx_conf/server.xml # Populate database ->/var/log/lxc/mifosx.log -lxc-start mifosx +service start mifosx until grep -q 'org.apache.catalina.startup.Catalina.start Server startup' /var/log/lxc/mifosx.log; do sleep 1 done -lxc-stop mifosx +service stop mifosx # Fix missing previous_run_status column -echo 'ALTER TABLE `scheduled_email_campaign` ADD `previous_run_status` VARCHAR(10) NULL;' | lxc-attach mariadb -- mysql mifostenant-default +echo 'ALTER TABLE `scheduled_email_campaign` ADD `previous_run_status` VARCHAR(10) NULL;' | lxc-attach mifosx-mariadb -- mysql mifostenant-default # Update admin account export MIFOSX_ADMIN_USER=admin export MIFOSX_ADMIN_EMAIL=admin@example.com export MIFOSX_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export MIFOSX_ADMIN_HASH=$(echo -n "${MIFOSX_ADMIN_PWD}{1}" | sha256sum | awk '{print $1}') -envsubst Date: Thu, 3 Oct 2019 21:41:02 +0200 Subject: [PATCH 028/228] Rework ActiveMQ --- lxc-apps/ecogis/install.sh | 2 +- lxc-apps/kanboard/install.sh | 2 +- lxc-services/activemq/install/etc/init.d/activemq | 11 ----------- lxc-services/activemq/lxcfile | 2 -- lxc-services/activemq/uninstall.sh | 6 ------ 5 files changed, 2 insertions(+), 21 deletions(-) delete mode 100755 lxc-services/activemq/install/etc/init.d/activemq delete mode 100755 lxc-services/activemq/uninstall.sh diff --git a/lxc-apps/ecogis/install.sh b/lxc-apps/ecogis/install.sh index b92e6b3..2f1f96f 100755 --- a/lxc-apps/ecogis/install.sh +++ b/lxc-apps/ecogis/install.sh @@ -23,7 +23,7 @@ mkdir -p /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data envsubst /srv/ecogis/conf/config.php chown -R 108020:108020 /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data -# Stop services required for build +# Stop services required for setup service ecogis-postgres stop # Register application diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh index 33cfe2e..d82f11d 100755 --- a/lxc-apps/kanboard/install.sh +++ b/lxc-apps/kanboard/install.sh @@ -31,7 +31,7 @@ envsubst Date: Thu, 3 Oct 2019 21:41:23 +0200 Subject: [PATCH 029/228] Rework Motech --- lxc-apps/motech/install.sh | 50 +- lxc-apps/motech/install/etc/init.d/motech | 23 - .../config-locations.properties | 0 .../config/bootstrap.properties | 0 .../config/motech-settings.properties | 0 .../motech-email.properties | 0 .../motech/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../install/{srv/motech => }/update-conf.sh | 0 lxc-apps/motech/lxcfile | 2 - lxc-apps/motech/meta | 34 + lxc-apps/motech/uninstall.sh | 12 +- 12 files changed, 727 insertions(+), 55 deletions(-) delete mode 100755 lxc-apps/motech/install/etc/init.d/motech rename lxc-apps/motech/install/{srv/motech/conf => motech_conf}/config-locations.properties (100%) rename lxc-apps/motech/install/{srv/motech/conf => motech_conf}/config/bootstrap.properties (100%) rename lxc-apps/motech/install/{srv/motech/conf => motech_conf}/config/motech-settings.properties (100%) rename lxc-apps/motech/install/{srv/motech/conf => motech_conf}/config/org.motechproject.motech-platform-email/motech-email.properties (100%) create mode 100644 lxc-apps/motech/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/motech/install/postgres_data/postgresql.conf rename lxc-apps/motech/install/{srv/motech => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/motech/meta diff --git a/lxc-apps/motech/install.sh b/lxc-apps/motech/install.sh index 69e1795..74b36dc 100755 --- a/lxc-apps/motech/install.sh +++ b/lxc-apps/motech/install.sh @@ -3,28 +3,36 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/activemq ] && service activemq start && STOP_ACTIVEMQ=1 -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/motech/postgres_data +chown -R 105432:105432 /srv/motech/postgres_data +chmod 700 /srv/motech/postgres_data +lxc-execute -n motech-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/motech/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/motech/postgres_data/pg_hba.conf + +# Configure ActiveMQ +mkdir -p /srv/motech/activemq_data +chown -R 161616:161616 /srv/motech/activemq_data # Create database export MOTECH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/motech/conf/config/bootstrap.properties -cp srv/motech/conf/config-locations.properties /srv/motech/conf/config-locations.properties -cp srv/motech/conf/config/motech-settings.properties /srv/motech/conf/config/motech-settings.properties -cp srv/motech/conf/config/org.motechproject.motech-platform-email/motech-email.properties /srv/motech/conf/config/org.motechproject.motech-platform-email/motech-email.properties -chown -R 8013:8013 /srv/motech/conf - -# Install service -cp etc/init.d/motech /etc/init.d/motech -rc-update -u +mkdir -p /srv/motech/motech_conf/config/org.motechproject.motech-platform-email +envsubst /srv/motech/motech_conf/config/bootstrap.properties +cp motech_conf/config-locations.properties /srv/motech/motech_conf/config-locations.properties +cp motech_conf/config/motech-settings.properties /srv/motech/motech_conf/config/motech-settings.properties +cp motech_conf/config/org.motechproject.motech-platform-email/motech-email.properties /srv/motech/motech_conf/config/org.motechproject.motech-platform-email/motech-email.properties +chown -R 108013:108013 /srv/motech/motech_conf # Populate database and create admin account -lxc-start motech +service activemq start +service motech start until curl -s "http://motech:8080/module/server/startup/" | grep -q adminLogin; do sleep 1 done @@ -32,14 +40,16 @@ export MOTECH_ADMIN_USER="admin" export MOTECH_ADMIN_EMAIL="admin@example.com" export MOTECH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') curl -H "Content-Type: application/json" -X POST -d "{\"adminLogin\":\"${MOTECH_ADMIN_USER}\",\"adminEmail\":\"${MOTECH_ADMIN_EMAIL}\",\"adminPassword\":\"${MOTECH_ADMIN_PWD}\",\"adminConfirmPassword\":\"${MOTECH_ADMIN_PWD}\",\"language\":\"cs\",\"providerName\":\"\",\"providerUrl\":\"\",\"schedulerUrl\":\"\"}" http://motech:8080/module/server/startup/ -lxc-stop motech +service motech stop # Install config update script -cp srv/motech/update-conf.sh /srv/motech/update-conf.sh +cp update-conf.sh /srv/motech/update-conf.sh -# Stop services required for build -[ ! -z ${STOP_ACTIVEMQ} ] && service activemq stop -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Stop services required for setup +service motech-activemq stop +service motech-postgres stop # Register application vmmgr register-app motech motech "${MOTECH_ADMIN_USER}" "${MOTECH_ADMIN_PWD}" + +TODO: move the activemq conf here diff --git a/lxc-apps/motech/install/etc/init.d/motech b/lxc-apps/motech/install/etc/init.d/motech deleted file mode 100755 index c49c61c..0000000 --- a/lxc-apps/motech/install/etc/init.d/motech +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="Motech container" - -depend() { - need activemq postgres -} - -start() { - lxc-start motech -} - -start_post() { - vmmgr register-proxy motech -} - -stop_pre() { - vmmgr unregister-proxy motech -} - -stop() { - lxc-stop motech -} diff --git a/lxc-apps/motech/install/srv/motech/conf/config-locations.properties b/lxc-apps/motech/install/motech_conf/config-locations.properties similarity index 100% rename from lxc-apps/motech/install/srv/motech/conf/config-locations.properties rename to lxc-apps/motech/install/motech_conf/config-locations.properties diff --git a/lxc-apps/motech/install/srv/motech/conf/config/bootstrap.properties b/lxc-apps/motech/install/motech_conf/config/bootstrap.properties similarity index 100% rename from lxc-apps/motech/install/srv/motech/conf/config/bootstrap.properties rename to lxc-apps/motech/install/motech_conf/config/bootstrap.properties diff --git a/lxc-apps/motech/install/srv/motech/conf/config/motech-settings.properties b/lxc-apps/motech/install/motech_conf/config/motech-settings.properties similarity index 100% rename from lxc-apps/motech/install/srv/motech/conf/config/motech-settings.properties rename to lxc-apps/motech/install/motech_conf/config/motech-settings.properties diff --git a/lxc-apps/motech/install/srv/motech/conf/config/org.motechproject.motech-platform-email/motech-email.properties b/lxc-apps/motech/install/motech_conf/config/org.motechproject.motech-platform-email/motech-email.properties similarity index 100% rename from lxc-apps/motech/install/srv/motech/conf/config/org.motechproject.motech-platform-email/motech-email.properties rename to lxc-apps/motech/install/motech_conf/config/org.motechproject.motech-platform-email/motech-email.properties diff --git a/lxc-apps/motech/install/postgres_data/pg_hba.conf b/lxc-apps/motech/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/motech/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/motech/install/postgres_data/postgresql.conf b/lxc-apps/motech/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/motech/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/motech/install/srv/motech/update-conf.sh b/lxc-apps/motech/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/motech/install/srv/motech/update-conf.sh rename to lxc-apps/motech/install/update-conf.sh diff --git a/lxc-apps/motech/lxcfile b/lxc-apps/motech/lxcfile index 44b5884..c697026 100644 --- a/lxc-apps/motech/lxcfile +++ b/lxc-apps/motech/lxcfile @@ -24,8 +24,6 @@ RUN EOF rm -f /tmp/motech.war EOF -MOUNT DIR /srv/motech/conf srv/tomcat/.motech - USER 8013 8013 WORKDIR /srv/tomcat CMD catalina.sh run diff --git a/lxc-apps/motech/meta b/lxc-apps/motech/meta new file mode 100644 index 0000000..1f78046 --- /dev/null +++ b/lxc-apps/motech/meta @@ -0,0 +1,34 @@ +{ + "version": "1.3.0-190620", + "meta": { + "title": "Motech", + "desc-cs": "Automatizace komunikace", + "desc-en": "Communication automation", + "license": "GPL", + }, + "containers": { + "motech": { + "image": "motech_1.3.0-190620", + "depends": [ + "motech-activemq", + "motech-postgres" + ], + "mounts": [ + ["DIR", "/srv/motech/motech_data", "/srv/motech/data/files"], + ["FILE", "/srv/motech/motech_conf/config.php", "/srv/motech/config.php"] + ] + }, + "motech-activemq": { + "image": "activemq_5.15.9-190620", + "mounts": [ + ["DIR", "/srv/motech/activemq_data", "/srv/activemq/data"] + ] + }, + "motech-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/motech/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/motech/uninstall.sh b/lxc-apps/motech/uninstall.sh index 33ab363..77a36e1 100755 --- a/lxc-apps/motech/uninstall.sh +++ b/lxc-apps/motech/uninstall.sh @@ -1,16 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/motech -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS motech; DROP DATABASE IF EXISTS motechdata; DROP DATABASE IF EXISTS motechquartz; DROP DATABASE IF EXISTS motechschema; DROP ROLE IF EXISTS motech;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# TODO: Clear ActiveMQ config +# Remove persistent data +rm -rf /srv/motech # Unregister application vmmgr unregister-app motech From 4e107840a1c5a54d745802b7cddd69a5fd48434d Mon Sep 17 00:00:00 2001 From: Disassembler Date: Thu, 3 Oct 2019 21:53:42 +0200 Subject: [PATCH 030/228] Rework Odoo --- lxc-apps/odoo/install.sh | 30 +- lxc-apps/odoo/install/etc/init.d/odoo | 23 - .../{srv/odoo/conf => odoo_conf}/odoo.conf | 0 .../odoo/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../install/{srv/odoo => }/update-conf.sh | 0 lxc-apps/odoo/lxcfile | 3 - lxc-apps/odoo/meta | 27 + lxc-apps/odoo/uninstall.sh | 10 +- 9 files changed, 709 insertions(+), 45 deletions(-) delete mode 100755 lxc-apps/odoo/install/etc/init.d/odoo rename lxc-apps/odoo/install/{srv/odoo/conf => odoo_conf}/odoo.conf (100%) create mode 100644 lxc-apps/odoo/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/odoo/install/postgres_data/postgresql.conf rename lxc-apps/odoo/install/{srv/odoo => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/odoo/meta diff --git a/lxc-apps/odoo/install.sh b/lxc-apps/odoo/install.sh index 439bc6b..40da869 100755 --- a/lxc-apps/odoo/install.sh +++ b/lxc-apps/odoo/install.sh @@ -3,21 +3,30 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/odoo/postgres_data +chown -R 105432:105432 /srv/odoo/postgres_data +chmod 700 /srv/odoo/postgres_data +lxc-execute -n odoo-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/odoo/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/odoo/postgres_data/pg_hba.conf # Create databases export ODOO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/odoo/conf/odoo.conf +mkdir -p /srv/odoo/odoo_conf/ /srv/odoo/odoo_data/ +envsubst /srv/odoo/odoo_conf/odoo.conf +chown 100000:100000 /srv/odoo/odoo_conf/ +chown 108019:108019 /srv/odoo/odoo_data/ # Populate database +# TODO: proc ne execute? lxc-start odoo -- /srv/odoo/odoo-bin -c /srv/odoo/odoo.conf -i base --load-language=cs_CZ until grep -q 'odoo.modules.loading: Modules loaded.' /var/log/lxc/odoo.log; do sleep 1 @@ -26,14 +35,13 @@ lxc-stop odoo # Update admin account export ODOO_ADMIN_HASH=$(lxc-execute odoo -- python -c "from passlib.hash import pbkdf2_sha512;print(pbkdf2_sha512.encrypt('${ODOO_ADMIN_PWD}'))") -envsubst 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/odoo/install/srv/odoo/update-conf.sh b/lxc-apps/odoo/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/odoo/install/srv/odoo/update-conf.sh rename to lxc-apps/odoo/install/update-conf.sh diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/lxcfile index 7c7e503..dc6da9c 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/lxcfile @@ -31,8 +31,5 @@ RUN EOF rm -rf /usr/local/share/.cache EOF -MOUNT FILE /srv/odoo/conf/odoo.conf srv/odoo/odoo.conf -MOUNT DIR /srv/odoo/data srv/odoo/data - USER 8019 8019 CMD /srv/odoo/odoo-bin -c srv/odoo/odoo.conf diff --git a/lxc-apps/odoo/meta b/lxc-apps/odoo/meta new file mode 100644 index 0000000..34ce18f --- /dev/null +++ b/lxc-apps/odoo/meta @@ -0,0 +1,27 @@ +{ + "version": "12.0.0-190620", + "meta": { + "title": "Odoo", + "desc-cs": "Sada aplikací pro správu organizace", + "desc-en": "Company management application suite", + "license": "GPL", + }, + "containers": { + "odoo": { + "image": "odoo_12.0.0-190620", + "depends": [ + "odoo-postgres" + ], + "mounts": [ + ["DIR", "/srv/odoo/odoo_data", "/srv/odoo/data"], + ["FILE", "/srv/odoo/odoo_conf/odoo.conf", "/srv/odoo/odoo.conf"] + ] + }, + "odoo-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/odoo/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/odoo/uninstall.sh b/lxc-apps/odoo/uninstall.sh index 267ab89..314e248 100755 --- a/lxc-apps/odoo/uninstall.sh +++ b/lxc-apps/odoo/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/odoo -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS odoo; DROP ROLE IF EXISTS odoo;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/odoo # Unregister application vmmgr unregister-app odoo From d1fc5b7796a10a0ff29acb91a332ef59b2371340 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 14:37:43 +0200 Subject: [PATCH 031/228] Rework OpenDataKit --- lxc-apps/opendatakit-build/install.sh | 27 - .../opendatakit-build/install/createdb.sql | 4 - .../install/etc/init.d/opendatakit-build | 23 - lxc-apps/opendatakit-build/lxcfile | 3 - lxc-apps/opendatakit-build/uninstall.sh | 14 - lxc-apps/opendatakit/install.sh | 49 +- lxc-apps/opendatakit/install/createdb.sql | 5 + .../install/etc/init.d/opendatakit | 23 - .../conf => odk_conf}/jdbc.properties | 0 .../conf => odk_conf}/security.properties | 0 .../opendatakit/conf => odk_conf}/server.xml | 0 .../install/odkbuild_conf}/config.yml | 0 .../install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../{srv/opendatakit => }/update-conf.sh | 0 lxc-apps/opendatakit/lxcfile | 4 - lxc-apps/opendatakit/meta | 38 + lxc-apps/opendatakit/uninstall.sh | 10 +- 18 files changed, 737 insertions(+), 124 deletions(-) delete mode 100755 lxc-apps/opendatakit-build/install.sh delete mode 100644 lxc-apps/opendatakit-build/install/createdb.sql delete mode 100755 lxc-apps/opendatakit-build/install/etc/init.d/opendatakit-build delete mode 100755 lxc-apps/opendatakit-build/uninstall.sh delete mode 100755 lxc-apps/opendatakit/install/etc/init.d/opendatakit rename lxc-apps/opendatakit/install/{srv/opendatakit/conf => odk_conf}/jdbc.properties (100%) rename lxc-apps/opendatakit/install/{srv/opendatakit/conf => odk_conf}/security.properties (100%) rename lxc-apps/opendatakit/install/{srv/opendatakit/conf => odk_conf}/server.xml (100%) rename lxc-apps/{opendatakit-build/install/srv/opendatakit-build/conf => opendatakit/install/odkbuild_conf}/config.yml (100%) create mode 100644 lxc-apps/opendatakit/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/opendatakit/install/postgres_data/postgresql.conf rename lxc-apps/opendatakit/install/{srv/opendatakit => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/opendatakit/meta diff --git a/lxc-apps/opendatakit-build/install.sh b/lxc-apps/opendatakit-build/install.sh deleted file mode 100755 index 7795f7f..0000000 --- a/lxc-apps/opendatakit-build/install.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 - -# Create databases -export OPENDATAKITBUILD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/opendatakit-build/conf/config.yml -lxc-execute opendatakit-build -- sh -c 'cd /srv/opendatakit-build; rake db:migrate' - -# Install service -cp etc/init.d/opendatakit-build /etc/init.d/opendatakit-build -rc-update -u - -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Register application -vmmgr register-app opendatakit-build odkbuild diff --git a/lxc-apps/opendatakit-build/install/createdb.sql b/lxc-apps/opendatakit-build/install/createdb.sql deleted file mode 100644 index 1b73f2b..0000000 --- a/lxc-apps/opendatakit-build/install/createdb.sql +++ /dev/null @@ -1,4 +0,0 @@ -CREATE ROLE opendatakitbuild NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${OPENDATAKITBUILD_PWD}'; -CREATE DATABASE opendatakitbuild; -REVOKE ALL ON DATABASE opendatakitbuild FROM public; -ALTER DATABASE opendatakitbuild OWNER TO opendatakitbuild; diff --git a/lxc-apps/opendatakit-build/install/etc/init.d/opendatakit-build b/lxc-apps/opendatakit-build/install/etc/init.d/opendatakit-build deleted file mode 100755 index 57751dd..0000000 --- a/lxc-apps/opendatakit-build/install/etc/init.d/opendatakit-build +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="OpenDataKit Build container" - -depend() { - need postgres -} - -start() { - lxc-start opendatakit-build -} - -start_post() { - vmmgr register-proxy opendatakit-build -} - -stop_pre() { - vmmgr unregister-proxy opendatakit-build -} - -stop() { - lxc-stop opendatakit-build -} diff --git a/lxc-apps/opendatakit-build/lxcfile b/lxc-apps/opendatakit-build/lxcfile index cea70cf..d4371e7 100644 --- a/lxc-apps/opendatakit-build/lxcfile +++ b/lxc-apps/opendatakit-build/lxcfile @@ -40,7 +40,4 @@ EOF COPY lxc -MOUNT FILE /etc/ssl/services.pem usr/local/share/ca-certificates/services.crt -MOUNT FILE /srv/opendatakit-build/conf/config.yml srv/opendatakit-build/config.yml - CMD s6-svscan /etc/services.d diff --git a/lxc-apps/opendatakit-build/uninstall.sh b/lxc-apps/opendatakit-build/uninstall.sh deleted file mode 100755 index a71d1cd..0000000 --- a/lxc-apps/opendatakit-build/uninstall.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/opendatakit-build -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS opendatakitbuild; DROP ROLE IF EXISTS opendatakitbuild;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop - -# Unregister application -vmmgr unregister-app opendatakit-build diff --git a/lxc-apps/opendatakit/install.sh b/lxc-apps/opendatakit/install.sh index e13ed83..63f9f08 100755 --- a/lxc-apps/opendatakit/install.sh +++ b/lxc-apps/opendatakit/install.sh @@ -3,45 +3,58 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/opendatakit/postgres_data +chown -R 105432:105432 /srv/opendatakit/postgres_data +chmod 700 /srv/opendatakit/postgres_data +lxc-execute -n opendatakit-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/opendatakit/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/opendatakit/postgres_data/pg_hba.conf # Create databases export OPENDATAKIT_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/opendatakit/conf/jdbc.properties -envsubst /srv/opendatakit/conf/security.properties -cp srv/opendatakit/conf/server.xml /srv/opendatakit/conf/server.xml -chown -R 8015:8015 /srv/opendatakit/conf +envsubst /srv/opendatakit/odk_conf/jdbc.properties +envsubst /srv/opendatakit/odk_conf/security.properties +cp odk_conf/server.xml /srv/opendatakit/odk_conf/server.xml +chown -R 108015:108015 /srv/opendatakit/odk_conf -# Install service -cp etc/init.d/opendatakit /etc/init.d/opendatakit -rc-update -u +# Configure OpenDataKit Build +export OPENDATAKITBUILD_COOKIE_SECRET=$(head -c 8 /dev/urandom | hexdump -e '"%x"') +mkdir -p /srv/opendatakit/odkbuild_conf +envsubst /srv/opendatakit/odkbuild_conf/config.yml +lxc-execute opendatakit-build -- sh -c 'cd /srv/opendatakit-build; rake db:migrate' +chown -R 100000:100000 /srv/opendatakit/odkbuild_conf # Populate database -lxc-start opendatakit +service opendatakit start until grep -q 'org.apache.catalina.startup.Catalina.start Server startup' /var/log/lxc/opendatakit.log; do sleep 1 done -lxc-stop opendatakit +service opendatakit stop # Update admin account export OPENDATAKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -export OPENDATAKIT_ADMIN_SALT=$(head -c 4 /dev/urandom | hexdump -e '"%x"') # Must be 8 characters +export OPENDATAKIT_ADMIN_SALT=$(head -c 4 /dev/urandom | hexdump -e '"%x"') # Must be exactly 8 characters export OPENDATAKIT_ADMIN_BASIC_HASH=$(echo -n "${OPENDATAKIT_ADMIN_PWD}{${OPENDATAKIT_ADMIN_SALT}}" | sha1sum | tr -d " -") export OPENDATAKIT_ADMIN_DIGEST_HASH=$(echo -n "${OPENDATAKIT_ADMIN_USER}:${OPENDATAKIT_ADMIN_REALM}:${OPENDATAKIT_ADMIN_PWD}" | md5sum | tr -d " -") -envsubst 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/opendatakit/install/srv/opendatakit/update-conf.sh b/lxc-apps/opendatakit/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/opendatakit/install/srv/opendatakit/update-conf.sh rename to lxc-apps/opendatakit/install/update-conf.sh diff --git a/lxc-apps/opendatakit/lxcfile b/lxc-apps/opendatakit/lxcfile index 8eab6b6..e2dbf69 100644 --- a/lxc-apps/opendatakit/lxcfile +++ b/lxc-apps/opendatakit/lxcfile @@ -23,10 +23,6 @@ RUN EOF rm /tmp/odk.war EOF -MOUNT FILE /srv/opendatakit/conf/server.xml srv/tomcat/conf/server.xml -MOUNT FILE /srv/opendatakit/conf/jdbc.properties srv/tomcat/webapps/ROOT/WEB-INF/classes/jdbc.properties -MOUNT FILE /srv/opendatakit/conf/security.properties srv/tomcat/webapps/ROOT/WEB-INF/classes/security.properties - USER 8015 8015 WORKDIR /srv/tomcat CMD catalina.sh run diff --git a/lxc-apps/opendatakit/meta b/lxc-apps/opendatakit/meta new file mode 100644 index 0000000..b0d4e27 --- /dev/null +++ b/lxc-apps/opendatakit/meta @@ -0,0 +1,38 @@ +{ + "version": "2.0.3-190620", + "meta": { + "title": "OpenDataKit", + "desc-cs": "Sběr formulářových dat", + "desc-en": "Form data collection", + "license": "GPL", + }, + "containers": { + "opendatakit": { + "image": "opendatakit_2.0.3-190620", + "depends": [ + "opendatakit-postgres" + ], + "mounts": [ + ["FILE", "/srv/opendatakit/odk_conf/server.xml", "/srv/tomcat/conf/server.xml"], + ["FILE", "/srv/opendatakit/odk_conf/jdbc.properties", "/srv/tomcat/webapps/ROOT/WEB-INF/classes/jdbc.properties"], + ["FILE", "/srv/opendatakit/odk_conf/security.properties", "/srv/tomcat/webapps/ROOT/WEB-INF/classes/security.properties"] + ] + }, + "opendatakit-build": { + "image": "opendatakit-build_0.3.5-190620", + "depends": [ + "opendatakit-postgres" + ], + "mounts": [ + ["FILE", "/etc/ssl/services.pem", "/usr/local/share/ca-certificates/services.crt"], + ["FILE", "/srv/opendatakit/odkbuild_conf/config.yml", "/srv/opendatakit-build/config.yml"] + ] + }, + "opendatakit-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/opendatakit/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/opendatakit/uninstall.sh b/lxc-apps/opendatakit/uninstall.sh index d965a2d..b5ee139 100755 --- a/lxc-apps/opendatakit/uninstall.sh +++ b/lxc-apps/opendatakit/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/opendatakit -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS opendatakit; DROP ROLE IF EXISTS opendatakit;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/opendatakit # Unregister application vmmgr unregister-app opendatakit From 6c16aedadd93dc3ca5a71e70acabe47984f802ab Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:01:03 +0200 Subject: [PATCH 032/228] Merge CKAN+Datapusher and ODK+Build into respective single build directories --- build/usr/bin/lxcbuild | 12 ++++++------ .../lxc => ckan/ckan-datapusher.lxc}/bin/add-ca-cert | 0 .../lxc => ckan/ckan-datapusher.lxc}/run | 0 .../lxcfile => ckan/ckan-datapusher.lxcfile} | 2 +- lxc-apps/ckan/{lxc => ckan.lxc}/etc/crontabs/ckan | 0 .../etc/services.d/.s6-svscan/finish | 0 .../ckan/{lxc => ckan.lxc}/etc/services.d/ckan/run | 0 .../ckan/{lxc => ckan.lxc}/etc/services.d/cron/run | 0 lxc-apps/ckan/{lxcfile => ckan.lxcfile} | 0 .../etc/services.d/.s6-svscan/finish | 0 .../etc/services.d/build2xlsform/run | 0 .../etc/services.d/odkbuild/down-signal | 0 .../etc/services.d/odkbuild/run | 0 .../opendatakit-build.lxcfile} | 0 .../opendatakit/{lxcfile => opendatakit.lxcfile} | 0 lxc-apps/openmapkit/lxcfile | 3 --- 16 files changed, 7 insertions(+), 10 deletions(-) rename lxc-apps/{ckan-datapusher/lxc => ckan/ckan-datapusher.lxc}/bin/add-ca-cert (100%) mode change 100755 => 100644 rename lxc-apps/{ckan-datapusher/lxc => ckan/ckan-datapusher.lxc}/run (100%) rename lxc-apps/{ckan-datapusher/lxcfile => ckan/ckan-datapusher.lxcfile} (97%) rename lxc-apps/ckan/{lxc => ckan.lxc}/etc/crontabs/ckan (100%) rename lxc-apps/ckan/{lxc => ckan.lxc}/etc/services.d/.s6-svscan/finish (100%) rename lxc-apps/ckan/{lxc => ckan.lxc}/etc/services.d/ckan/run (100%) rename lxc-apps/ckan/{lxc => ckan.lxc}/etc/services.d/cron/run (100%) rename lxc-apps/ckan/{lxcfile => ckan.lxcfile} (100%) rename lxc-apps/{opendatakit-build/lxc => opendatakit/opendatakit-build.lxc}/etc/services.d/.s6-svscan/finish (100%) mode change 100755 => 100644 rename lxc-apps/{opendatakit-build/lxc => opendatakit/opendatakit-build.lxc}/etc/services.d/build2xlsform/run (100%) mode change 100755 => 100644 rename lxc-apps/{opendatakit-build/lxc => opendatakit/opendatakit-build.lxc}/etc/services.d/odkbuild/down-signal (100%) rename lxc-apps/{opendatakit-build/lxc => opendatakit/opendatakit-build.lxc}/etc/services.d/odkbuild/run (100%) mode change 100755 => 100644 rename lxc-apps/{opendatakit-build/lxcfile => opendatakit/opendatakit-build.lxcfile} (100%) rename lxc-apps/opendatakit/{lxcfile => opendatakit.lxcfile} (100%) diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild index ae03087..a2673b8 100755 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -9,7 +9,7 @@ from lxcbuild.image import Image parser = argparse.ArgumentParser(description='VM application builder and packager') parser.add_argument('-f', '--force', action='store_true', help='Force rebuild already built package') -parser.add_argument('buildpath', help='Either specific "lxcfile" or "meta" file or a directory containing one') +parser.add_argument('buildpath', help='Either specific "lxcfile" or "meta" file or a directory containing at least one') if len(sys.argv) < 2: parser.print_usage() @@ -30,12 +30,12 @@ if os.path.isfile(buildpath): sys.exit(1) else: valid_dir = False - lxcfile = os.path.join(buildpath, 'lxcfile') + for entry in os.scandir(buildpath): + if entry.is_file() and (entry.name == 'lxcfile' or entry.name.endswith('.lxcfile')): + valid_dir = True + image = Image(entry.path) + image.build_and_pack(args.force) meta = os.path.join(buildpath, 'meta') - if os.path.exists(lxcfile): - valid_dir = True - image = Image(lxcfile) - image.build_and_pack(args.force) if os.path.exists(meta): valid_dir = True app = App(meta) diff --git a/lxc-apps/ckan-datapusher/lxc/bin/add-ca-cert b/lxc-apps/ckan/ckan-datapusher.lxc/bin/add-ca-cert old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/ckan-datapusher/lxc/bin/add-ca-cert rename to lxc-apps/ckan/ckan-datapusher.lxc/bin/add-ca-cert diff --git a/lxc-apps/ckan-datapusher/lxc/run b/lxc-apps/ckan/ckan-datapusher.lxc/run similarity index 100% rename from lxc-apps/ckan-datapusher/lxc/run rename to lxc-apps/ckan/ckan-datapusher.lxc/run diff --git a/lxc-apps/ckan-datapusher/lxcfile b/lxc-apps/ckan/ckan-datapusher.lxcfile similarity index 97% rename from lxc-apps/ckan-datapusher/lxcfile rename to lxc-apps/ckan/ckan-datapusher.lxcfile index e1d13e1..db6a1bc 100644 --- a/lxc-apps/ckan-datapusher/lxcfile +++ b/lxc-apps/ckan/ckan-datapusher.lxcfile @@ -31,6 +31,6 @@ RUN EOF rm -rf /root/.cache EOF -COPY lxc +COPY ckan-datapusher.lxc CMD execlineb -P /run diff --git a/lxc-apps/ckan/lxc/etc/crontabs/ckan b/lxc-apps/ckan/ckan.lxc/etc/crontabs/ckan similarity index 100% rename from lxc-apps/ckan/lxc/etc/crontabs/ckan rename to lxc-apps/ckan/ckan.lxc/etc/crontabs/ckan diff --git a/lxc-apps/ckan/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/ckan/ckan.lxc/etc/services.d/.s6-svscan/finish similarity index 100% rename from lxc-apps/ckan/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/ckan/ckan.lxc/etc/services.d/.s6-svscan/finish diff --git a/lxc-apps/ckan/lxc/etc/services.d/ckan/run b/lxc-apps/ckan/ckan.lxc/etc/services.d/ckan/run similarity index 100% rename from lxc-apps/ckan/lxc/etc/services.d/ckan/run rename to lxc-apps/ckan/ckan.lxc/etc/services.d/ckan/run diff --git a/lxc-apps/ckan/lxc/etc/services.d/cron/run b/lxc-apps/ckan/ckan.lxc/etc/services.d/cron/run similarity index 100% rename from lxc-apps/ckan/lxc/etc/services.d/cron/run rename to lxc-apps/ckan/ckan.lxc/etc/services.d/cron/run diff --git a/lxc-apps/ckan/lxcfile b/lxc-apps/ckan/ckan.lxcfile similarity index 100% rename from lxc-apps/ckan/lxcfile rename to lxc-apps/ckan/ckan.lxcfile diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/.s6-svscan/finish old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/.s6-svscan/finish diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/build2xlsform/run b/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/build2xlsform/run old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/build2xlsform/run rename to lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/build2xlsform/run diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/down-signal b/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/odkbuild/down-signal similarity index 100% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/down-signal rename to lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/odkbuild/down-signal diff --git a/lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/run b/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/odkbuild/run old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/opendatakit-build/lxc/etc/services.d/odkbuild/run rename to lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/odkbuild/run diff --git a/lxc-apps/opendatakit-build/lxcfile b/lxc-apps/opendatakit/opendatakit-build.lxcfile similarity index 100% rename from lxc-apps/opendatakit-build/lxcfile rename to lxc-apps/opendatakit/opendatakit-build.lxcfile diff --git a/lxc-apps/opendatakit/lxcfile b/lxc-apps/opendatakit/opendatakit.lxcfile similarity index 100% rename from lxc-apps/opendatakit/lxcfile rename to lxc-apps/opendatakit/opendatakit.lxcfile diff --git a/lxc-apps/openmapkit/lxcfile b/lxc-apps/openmapkit/lxcfile index 5c6471e..859a09d 100644 --- a/lxc-apps/openmapkit/lxcfile +++ b/lxc-apps/openmapkit/lxcfile @@ -39,7 +39,4 @@ EOF # s6 required for single service due to inability of nodejs to process signals when running as PID 1 COPY lxc -MOUNT FILE /srv/openmapkit/conf/settings.js srv/openmapkit/settings.js -MOUNT DIR /srv/openmapkit/data srv/openmapkit/data - CMD s6-svscan /etc/services.d From ed3aeb60d8e5f554ad07ebfe57d241b7bdaa32f4 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:07:53 +0200 Subject: [PATCH 033/228] Rework OpenMapKit --- lxc-apps/openmapkit/install.sh | 12 ++++-------- .../openmapkit/install/etc/init.d/openmapkit | 19 ------------------- .../openmapkit/conf => omk_conf}/settings.js | 0 lxc-apps/openmapkit/meta | 18 ++++++++++++++++++ lxc-apps/openmapkit/uninstall.sh | 10 ++-------- 5 files changed, 24 insertions(+), 35 deletions(-) delete mode 100755 lxc-apps/openmapkit/install/etc/init.d/openmapkit rename lxc-apps/openmapkit/install/{srv/openmapkit/conf => omk_conf}/settings.js (100%) create mode 100644 lxc-apps/openmapkit/meta diff --git a/lxc-apps/openmapkit/install.sh b/lxc-apps/openmapkit/install.sh index a8151cb..1b0900e 100755 --- a/lxc-apps/openmapkit/install.sh +++ b/lxc-apps/openmapkit/install.sh @@ -6,14 +6,10 @@ cd $(realpath $(dirname "${0}"))/install # Configure OpenMapKit export OPENMAPKIT_ADMIN_USER="admin" export OPENMAPKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -mkdir -p /srv/openmapkit/conf /srv/openmapkit/data -chown -R 8007:8007 /srv/openmapkit/data -cp -rp /var/lib/lxc/openmapkit/openmapkit/srv/openmapkit/data/. /srv/openmapkit/data -envsubst /srv/openmapkit/conf/settings.js - -# Install service -cp etc/init.d/openmapkit /etc/init.d/openmapkit -rc-update -u +mkdir -p /srv/openmapkit/omk_conf /srv/openmapkit/omk_data +chown -R 108007:108007 /srv/openmapkit/omk_data +lxc-execute openmapkit -- tar -cC /srv/openmapkit/data . | tar -xC /srv/openmapkit/omk_data +envsubst /srv/openmapkit/omk_conf/settings.js # Register application vmmgr register-app openmapkit omk "${OPENMAPKIT_ADMIN_USER}" "${OPENMAPKIT_ADMIN_PWD}" diff --git a/lxc-apps/openmapkit/install/etc/init.d/openmapkit b/lxc-apps/openmapkit/install/etc/init.d/openmapkit deleted file mode 100755 index 7fe3243..0000000 --- a/lxc-apps/openmapkit/install/etc/init.d/openmapkit +++ /dev/null @@ -1,19 +0,0 @@ -#!/sbin/openrc-run - -description="OpenMapKit container" - -start() { - lxc-start openmapkit -} - -start_post() { - vmmgr register-proxy openmapkit -} - -stop_pre() { - vmmgr unregister-proxy openmapkit -} - -stop() { - lxc-stop openmapkit -} diff --git a/lxc-apps/openmapkit/install/srv/openmapkit/conf/settings.js b/lxc-apps/openmapkit/install/omk_conf/settings.js similarity index 100% rename from lxc-apps/openmapkit/install/srv/openmapkit/conf/settings.js rename to lxc-apps/openmapkit/install/omk_conf/settings.js diff --git a/lxc-apps/openmapkit/meta b/lxc-apps/openmapkit/meta new file mode 100644 index 0000000..dc7adba --- /dev/null +++ b/lxc-apps/openmapkit/meta @@ -0,0 +1,18 @@ +{ + "version": "0.12.0-190620", + "meta": { + "title": "OpenMapKit", + "desc-cs": "Sběr mapových dat", + "desc-en": "Map data collection", + "license": "GPL", + }, + "containers": { + "openmapkit": { + "image": "openmapkit_0.12.0-190620", + "mounts": [ + ["FILE", "/srv/openmapkit/omk_conf/settings.js", "/srv/openmapkit/settings.js"], + ["DIR", "/srv/openmapkit/omk_data", "/srv/openmapkit/data"] + ] + } + } +} diff --git a/lxc-apps/openmapkit/uninstall.sh b/lxc-apps/openmapkit/uninstall.sh index 0e5d4c0..dffba05 100755 --- a/lxc-apps/openmapkit/uninstall.sh +++ b/lxc-apps/openmapkit/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/openmapkit -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS openmapkit; DROP ROLE IF EXISTS openmapkit;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/openmapkit # Unregister application vmmgr unregister-app openmapkit From eac6129fb396c4b0dec6ef252a0d0c9ba08b304c Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:13:00 +0200 Subject: [PATCH 034/228] Rework RabbitMQ --- lxc-services/rabbitmq/install.sh | 12 ------------ lxc-services/rabbitmq/install/etc/init.d/rabbitmq | 15 --------------- lxc-services/rabbitmq/lxcfile | 2 -- lxc-services/rabbitmq/uninstall.sh | 6 ------ 4 files changed, 35 deletions(-) delete mode 100755 lxc-services/rabbitmq/install.sh delete mode 100755 lxc-services/rabbitmq/install/etc/init.d/rabbitmq delete mode 100755 lxc-services/rabbitmq/uninstall.sh diff --git a/lxc-services/rabbitmq/install.sh b/lxc-services/rabbitmq/install.sh deleted file mode 100755 index a06ef80..0000000 --- a/lxc-services/rabbitmq/install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Create RabbitMQ directory structure -mkdir -p /srv/rabbitmq/data -chown 5672:5672 /srv/rabbitmq/data - -# Install service -cp etc/init.d/rabbitmq /etc/init.d/rabbitmq -rc-update -u diff --git a/lxc-services/rabbitmq/install/etc/init.d/rabbitmq b/lxc-services/rabbitmq/install/etc/init.d/rabbitmq deleted file mode 100755 index 3743466..0000000 --- a/lxc-services/rabbitmq/install/etc/init.d/rabbitmq +++ /dev/null @@ -1,15 +0,0 @@ -#!/sbin/openrc-run - -description="RabbitMQ container" - -start() { - lxc-start rabbitmq -} - -start_post() { - timeout -t 60 sh -c 'until grep -q "Server startup complete" /var/lib/lxc/rabbitmq/delta0/var/log/rabbitmq/rabbit@rabbitmq.log 2>/dev/null; do usleep 50000; done' -} - -stop() { - lxc-stop rabbitmq -} diff --git a/lxc-services/rabbitmq/lxcfile b/lxc-services/rabbitmq/lxcfile index e508608..187e594 100644 --- a/lxc-services/rabbitmq/lxcfile +++ b/lxc-services/rabbitmq/lxcfile @@ -11,8 +11,6 @@ RUN EOF apk --no-cache add rabbitmq-server@vm EOF -MOUNT DIR /srv/rabbitmq/data var/lib/rabbitmq/mnesia - USER 5672 5672 ENV HOME /usr/lib/rabbitmq CMD rabbitmq-server diff --git a/lxc-services/rabbitmq/uninstall.sh b/lxc-services/rabbitmq/uninstall.sh deleted file mode 100755 index 9b3328b..0000000 --- a/lxc-services/rabbitmq/uninstall.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -ev - -# Remove service -rm -f /etc/init.d/rabbitmq -rc-update -u From 826b244baebd05b5ffa69a58cf339bcff876a7e3 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:18:36 +0200 Subject: [PATCH 035/228] Rework Pan.do/ra --- lxc-apps/pandora/install.sh | 59 ++++++++++--------- lxc-apps/pandora/install/etc/init.d/pandora | 23 -------- .../conf => pandora_conf}/config.jsonc | 0 .../conf => pandora_conf}/gunicorn_config.py | 0 .../conf => pandora_conf}/local_settings.py | 2 +- .../install/{srv/pandora => }/update-conf.sh | 0 lxc-apps/pandora/lxcfile | 3 - lxc-apps/pandora/meta | 34 +++++++++++ lxc-apps/pandora/uninstall.sh | 16 +---- 9 files changed, 68 insertions(+), 69 deletions(-) delete mode 100755 lxc-apps/pandora/install/etc/init.d/pandora rename lxc-apps/pandora/install/{srv/pandora/conf => pandora_conf}/config.jsonc (100%) rename lxc-apps/pandora/install/{srv/pandora/conf => pandora_conf}/gunicorn_config.py (100%) rename lxc-apps/pandora/install/{srv/pandora/conf => pandora_conf}/local_settings.py (96%) rename lxc-apps/pandora/install/{srv/pandora => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/pandora/meta diff --git a/lxc-apps/pandora/install.sh b/lxc-apps/pandora/install.sh index d91c628..4d20831 100755 --- a/lxc-apps/pandora/install.sh +++ b/lxc-apps/pandora/install.sh @@ -3,37 +3,44 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -[ ! -e /run/openrc/started/rabbitmq ] && service rabbitmq start && STOP_RABBITMQ=1 +# Create Postgres instance +mkdir -p /srv/pandora/postgres_data +chown -R 105432:105432 /srv/pandora/postgres_data +chmod 700 /srv/pandora/postgres_data +lxc-execute -n pandora-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/pandora/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/pandora/postgres_data/pg_hba.conf # Create PostgreSQL user and database export PANDORA_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/pandora/conf/local_settings.py - -# Set "production values" (increases performance) only if the DEBUG environment variable is not set -if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/DEBUG = True/DEBUG = False/' /srv/pandora/conf/local_settings.py + lxc-execute pandora -- cat /srv/pandora/pandora/config.pandora.jsonc >/srv/pandora/pandora_conf/config.jsonc fi +cp pandora_conf/gunicorn_config.py /srv/pandora/pandora_conf/gunicorn_config.py +envsubst /srv/pandora/pandora_conf/local_settings.py +chown -R 108002:108002 /srv/pandora/pandora_conf # Populate database lxc-execute pandora -- /srv/pandora/pandora/manage.py migrate --noinput @@ -46,18 +53,14 @@ export PANDORA_ADMIN_USER=admin export PANDORA_ADMIN_EMAIL=admin@example.com export PANDORA_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export PANDORA_ADMIN_HASH=$(lxc-execute pandora -- sh -c "DJANGO_SETTINGS_MODULE=srv.pandora.pandora.settings python3 -c \"from django.contrib.auth.hashers import make_password; print(make_password('${PANDORA_ADMIN_PWD}'))\"") -envsubst Date: Sat, 5 Oct 2019 15:27:14 +0200 Subject: [PATCH 036/228] Rework SeedDMS --- lxc-apps/seeddms/install.sh | 48 ++++++++++--------- lxc-apps/seeddms/install/etc/init.d/seeddms | 23 --------- .../install/etc/periodic/15min/seeddms | 5 -- .../conf => seeddms_conf}/settings.xml | 0 .../install/{srv/seeddms => }/update-conf.sh | 0 lxc-apps/seeddms/lxcfile | 3 -- lxc-apps/seeddms/meta | 27 +++++++++++ lxc-apps/seeddms/uninstall.sh | 13 +---- 8 files changed, 55 insertions(+), 64 deletions(-) delete mode 100755 lxc-apps/seeddms/install/etc/init.d/seeddms delete mode 100755 lxc-apps/seeddms/install/etc/periodic/15min/seeddms rename lxc-apps/seeddms/install/{srv/seeddms/conf => seeddms_conf}/settings.xml (100%) rename lxc-apps/seeddms/install/{srv/seeddms => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/seeddms/meta diff --git a/lxc-apps/seeddms/install.sh b/lxc-apps/seeddms/install.sh index 48916ac..b1423ed 100755 --- a/lxc-apps/seeddms/install.sh +++ b/lxc-apps/seeddms/install.sh @@ -3,41 +3,45 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/seeddms/postgres_data +chown -R 105432:105432 /srv/seeddms/postgres_data +chmod 700 /srv/seeddms/postgres_data +lxc-execute -n seeddms-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/seeddms/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/seeddms/postgres_data/pg_hba.conf # Populate database export SEEDDMS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/seeddms/conf/settings.xml +envsubst /srv/seeddms/seeddms_conf/settings.xml export SEEDDMS_ADMIN_USER=admin export SEEDDMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export SEEDDMS_ADMIN_EMAIL=admin@example.com -envsubst /dev/null -fi diff --git a/lxc-apps/seeddms/install/srv/seeddms/conf/settings.xml b/lxc-apps/seeddms/install/seeddms_conf/settings.xml similarity index 100% rename from lxc-apps/seeddms/install/srv/seeddms/conf/settings.xml rename to lxc-apps/seeddms/install/seeddms_conf/settings.xml diff --git a/lxc-apps/seeddms/install/srv/seeddms/update-conf.sh b/lxc-apps/seeddms/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/seeddms/install/srv/seeddms/update-conf.sh rename to lxc-apps/seeddms/install/update-conf.sh diff --git a/lxc-apps/seeddms/lxcfile b/lxc-apps/seeddms/lxcfile index 1494427..eed7e12 100644 --- a/lxc-apps/seeddms/lxcfile +++ b/lxc-apps/seeddms/lxcfile @@ -44,7 +44,4 @@ RUN EOF rm -rf /srv/seeddms/data/conf /srv/seeddms/www/ext/example EOF -MOUNT DIR /srv/seeddms/conf srv/seeddms/conf -MOUNT DIR /srv/seeddms/data srv/seeddms/data - CMD s6-svscan /etc/services.d diff --git a/lxc-apps/seeddms/meta b/lxc-apps/seeddms/meta new file mode 100644 index 0000000..186af42 --- /dev/null +++ b/lxc-apps/seeddms/meta @@ -0,0 +1,27 @@ +{ + "version": "5.1.9-190620", + "meta": { + "title": "SeedDMS", + "desc-cs": "Archiv dokumentace", + "desc-en": "Document management system", + "license": "GPL", + }, + "containers": { + "seeddms": { + "image": "seeddms_5.1.9-190620", + "depends": [ + "seeddms-postgres" + ], + "mounts": [ + ["DIR", "/srv/seeddms/seeddms_conf", "/srv/seeddms/conf"], + ["DIR", "/srv/seeddms/seeddms_data", "/srv/seeddms/data"] + ] + }, + "seeddms-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/seeddms/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/seeddms/uninstall.sh b/lxc-apps/seeddms/uninstall.sh index b11fa33..45f57a8 100755 --- a/lxc-apps/seeddms/uninstall.sh +++ b/lxc-apps/seeddms/uninstall.sh @@ -1,17 +1,8 @@ #!/bin/sh set -ev -# Remove cronjob -rm -f /etc/periodic/15min/seeddms - -# Remove service -rm -f /etc/init.d/seeddms -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS seeddms; DROP ROLE IF EXISTS seeddms;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/seeddms # Unregister application vmmgr unregister-app seeddms From 4ac414c69125a2219a6ddc3ceef223340fbb3f0d Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:34:42 +0200 Subject: [PATCH 037/228] Rework Sigmah --- lxc-apps/sigmah/install.sh | 45 +++++++++++-------- lxc-apps/sigmah/install/etc/init.d/sigmah | 23 ---------- .../conf => sigmah_conf}/persistence.xml | 0 .../conf => sigmah_conf}/sigmah.properties | 0 .../install/{srv/sigmah => }/update-conf.sh | 0 lxc-apps/sigmah/lxcfile | 4 -- lxc-apps/sigmah/meta | 27 +++++++++++ lxc-apps/sigmah/uninstall.sh | 10 +---- 8 files changed, 55 insertions(+), 54 deletions(-) delete mode 100755 lxc-apps/sigmah/install/etc/init.d/sigmah rename lxc-apps/sigmah/install/{srv/sigmah/conf => sigmah_conf}/persistence.xml (100%) rename lxc-apps/sigmah/install/{srv/sigmah/conf => sigmah_conf}/sigmah.properties (100%) rename lxc-apps/sigmah/install/{srv/sigmah => }/update-conf.sh (100%) mode change 100755 => 100644 create mode 100644 lxc-apps/sigmah/meta diff --git a/lxc-apps/sigmah/install.sh b/lxc-apps/sigmah/install.sh index 9a58e62..e9b5b2f 100755 --- a/lxc-apps/sigmah/install.sh +++ b/lxc-apps/sigmah/install.sh @@ -3,23 +3,32 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/sigmah/postgres_data +chown -R 105432:105432 /srv/sigmah/postgres_data +chmod 700 /srv/sigmah/postgres_data +lxc-execute -n sigmah-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/sigmah/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/sigmah/postgres_data/pg_hba.conf # Create database export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/sigmah/conf/persistence.xml -cp srv/sigmah/conf/sigmah.properties /srv/sigmah/conf/sigmah.properties -cp /var/lib/lxc/sigmah/sigmah/srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/data/files/logo.png +mkdir -p /srv/sigmah/sigmah_conf /srv/sigmah/sigmah_data/files /srv/sigmah/sigmah_data/archives +chown -R 108011:108011 /srv/sigmah/sigmah_data +envsubst /srv/sigmah/sigmah_conf/persistence.xml +cp sigmah_conf/sigmah.properties /srv/sigmah/sigmah_conf/sigmah.properties +chown -R 108011:108011 /srv/sigmah/sigmah_conf +lxc-execute sigmah -- cat /srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png >/srv/sigmah/sigmah_data/files/logo.png # Populate database -cp -f /var/lib/lxc/sigmah/sigmah/srv/sigmah-MinimumDataKit.sql /tmp/ -cp -f /var/lib/lxc/sigmah/sigmah/srv/sigmah-newOrganizationLaunchScript.sql /tmp/ +lxc-execute sigmah -- cat /srv/sigmah-MinimumDataKit.sql >/tmp/sigmah-MinimumDataKit.sql +lxc-execute sigmah -- cat /srv/sigmah-newOrganizationLaunchScript.sql >/tmp/sigmah-newOrganizationLaunchScript.sql export SIGMAH_ADMIN_USER=Admin export SIGMAH_ADMIN_EMAIL=admin@example.com export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') @@ -32,19 +41,17 @@ sed -i "s|§UserName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunch sed -i "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|§UserLocale§|en|g" /tmp/sigmah-newOrganizationLaunchScript.sql sed -i "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" /tmp/sigmah-newOrganizationLaunchScript.sql -cat /tmp/sigmah-MinimumDataKit.sql | lxc-attach postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" -cat /tmp/sigmah-newOrganizationLaunchScript.sql | lxc-attach postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" +cat /tmp/sigmah-MinimumDataKit.sql | lxc-attach sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" +cat /tmp/sigmah-newOrganizationLaunchScript.sql | lxc-attach sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" rm -f /tmp/sigmah-MinimumDataKit.sql /tmp/sigmah-newOrganizationLaunchScript.sql -# Install service -cp etc/init.d/sigmah /etc/init.d/sigmah -rc-update -u - # Install config update script -cp srv/sigmah/update-conf.sh /srv/sigmah/update-conf.sh +cp update-conf.sh /srv/sigmah/update-conf.sh -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Stop services required for setup +service sigmah-postgres stop # Register application vmmgr register-app sigmah sigmah "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}" + +# TODO: SQL skripty jako soucast installu? diff --git a/lxc-apps/sigmah/install/etc/init.d/sigmah b/lxc-apps/sigmah/install/etc/init.d/sigmah deleted file mode 100755 index 88c95af..0000000 --- a/lxc-apps/sigmah/install/etc/init.d/sigmah +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="Sigmah container" - -depend() { - need postgres -} - -start() { - lxc-start sigmah -} - -start_post() { - vmmgr register-proxy sigmah -} - -stop_pre() { - vmmgr unregister-proxy sigmah -} - -stop() { - lxc-stop sigmah -} diff --git a/lxc-apps/sigmah/install/srv/sigmah/conf/persistence.xml b/lxc-apps/sigmah/install/sigmah_conf/persistence.xml similarity index 100% rename from lxc-apps/sigmah/install/srv/sigmah/conf/persistence.xml rename to lxc-apps/sigmah/install/sigmah_conf/persistence.xml diff --git a/lxc-apps/sigmah/install/srv/sigmah/conf/sigmah.properties b/lxc-apps/sigmah/install/sigmah_conf/sigmah.properties similarity index 100% rename from lxc-apps/sigmah/install/srv/sigmah/conf/sigmah.properties rename to lxc-apps/sigmah/install/sigmah_conf/sigmah.properties diff --git a/lxc-apps/sigmah/install/srv/sigmah/update-conf.sh b/lxc-apps/sigmah/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/sigmah/install/srv/sigmah/update-conf.sh rename to lxc-apps/sigmah/install/update-conf.sh diff --git a/lxc-apps/sigmah/lxcfile b/lxc-apps/sigmah/lxcfile index f1d99df..ab397ec 100644 --- a/lxc-apps/sigmah/lxcfile +++ b/lxc-apps/sigmah/lxcfile @@ -32,10 +32,6 @@ EOF COPY lxc -MOUNT DIR /srv/sigmah/data srv/sigmah/data -MOUNT FILE /srv/sigmah/conf/persistence.xml srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml -MOUNT FILE /srv/sigmah/conf/sigmah.properties srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties - USER 8011 8011 WORKDIR /srv/tomcat CMD catalina.sh run diff --git a/lxc-apps/sigmah/meta b/lxc-apps/sigmah/meta new file mode 100644 index 0000000..a0faf6b --- /dev/null +++ b/lxc-apps/sigmah/meta @@ -0,0 +1,27 @@ +{ + "version": "5.1.9-190620", + "meta": { + "title": "Sigmah", + "desc-cs": "Finanční řízení sbírek", + "desc-en": "Donation management", + "license": "GPL", + }, + "containers": { + "sigmah": { + "image": "sigmah_5.1.9-190620", + "depends": [ + "sigmah-postgres" + ], + "mounts": [ + ["DIR", "/srv/sigmah/sigmah_conf", "/srv/sigmah/conf"], + ["DIR", "/srv/sigmah/sigmah_data", "/srv/sigmah/data"] + ] + }, + "sigmah-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/sigmah/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/sigmah/uninstall.sh b/lxc-apps/sigmah/uninstall.sh index 3205ed6..c2e1c7c 100755 --- a/lxc-apps/sigmah/uninstall.sh +++ b/lxc-apps/sigmah/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/sigmah -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS sigmah; DROP ROLE IF EXISTS sigmah;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/sigmah # Unregister application vmmgr unregister-app sigmah From 0f093a1087e44db97623eb43baf82c689dff3df9 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:40:27 +0200 Subject: [PATCH 038/228] Rework Ushahidi --- lxc-apps/ushahidi/install.sh | 37 ++++++++++--------- lxc-apps/ushahidi/install/etc/init.d/ushahidi | 23 ------------ .../install/etc/periodic/15min/ushahidi | 9 ----- lxc-apps/ushahidi/install/mariadb_conf/my.cnf | 24 ++++++++++++ .../install/{srv/ushahidi => }/update-conf.sh | 0 .../conf => ushahidi_conf}/config.json | 0 .../{srv/ushahidi/conf => ushahidi_conf}/env | 0 lxc-apps/ushahidi/lxcfile | 4 -- lxc-apps/ushahidi/meta | 29 +++++++++++++++ lxc-apps/ushahidi/uninstall.sh | 13 +------ 10 files changed, 74 insertions(+), 65 deletions(-) delete mode 100755 lxc-apps/ushahidi/install/etc/init.d/ushahidi delete mode 100755 lxc-apps/ushahidi/install/etc/periodic/15min/ushahidi create mode 100644 lxc-apps/ushahidi/install/mariadb_conf/my.cnf rename lxc-apps/ushahidi/install/{srv/ushahidi => }/update-conf.sh (100%) mode change 100755 => 100644 rename lxc-apps/ushahidi/install/{srv/ushahidi/conf => ushahidi_conf}/config.json (100%) rename lxc-apps/ushahidi/install/{srv/ushahidi/conf => ushahidi_conf}/env (100%) create mode 100644 lxc-apps/ushahidi/meta diff --git a/lxc-apps/ushahidi/install.sh b/lxc-apps/ushahidi/install.sh index f75df25..627d8f2 100755 --- a/lxc-apps/ushahidi/install.sh +++ b/lxc-apps/ushahidi/install.sh @@ -3,18 +3,24 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/mariadb ] && service mariadb start && STOP_MARIADB=1 +# Create MariaDB instance +mkdir -p /srv/ushahidi/mariadb_conf /srv/ushahidi/mariadb_data +chown 103306:103306 /srv/ushahidi/mariadb_data +cp mariadb_conf/my.cnf /srv/ushahidi/mariadb_conf/my.cnf +chown -R 100000:100000 /srv/ushahidi/mariadb_conf +lxc-execute ushahidi-mariadb -- mysql_install_db --user=mysql --datadir=/var/lib/mysql --auth-root-authentication-method=socket --skip-test-db # Create database export USHAHIDI_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/ushahidi/conf/env -cp srv/ushahidi/conf/config.json /srv/ushahidi/conf/config.json +mkdir -p /srv/ushahidi/ushahidi_conf /srv/ushahidi/ushahidi_data +chown 108014:108014 /srv/ushahidi/ushahidi_data +envsubst /srv/ushahidi/ushahidi_conf/env +cp ushahidi_conf/config.json /srv/ushahidi/ushahidi_conf/config.json +chown -R 100000:100000 /srv/ushahidi/ushahidi_conf # Populate database lxc-execute ushahidi -- /srv/ushahidi/platform/bin/phinx migrate -c /srv/ushahidi/platform/application/phinx.php @@ -23,20 +29,15 @@ lxc-execute ushahidi -- /srv/ushahidi/platform/bin/phinx migrate -c /srv/ushahid export USHAHIDI_ADMIN_USER=admin@example.com export USHAHIDI_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export USHAHIDI_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${USHAHIDI_ADMIN_PWD}'.encode(), bcrypt.gensalt()).decode().replace('2b', '2y'))") -envsubst /dev/null - lxc-attach -u 8014 -g 8014 ushahidi -- sh -c 'cd /srv/ushahidi/platform; bin/ushahidi dataprovider incoming' >/dev/null - lxc-attach -u 8014 -g 8014 ushahidi -- sh -c 'cd /srv/ushahidi/platform; bin/ushahidi savedsearch' >/dev/null - lxc-attach -u 8014 -g 8014 ushahidi -- sh -c 'cd /srv/ushahidi/platform; bin/ushahidi notification queue' >/dev/null - lxc-attach -u 8014 -g 8014 ushahidi -- sh -c 'cd /srv/ushahidi/platform; bin/ushahidi webhook send' >/dev/null -fi diff --git a/lxc-apps/ushahidi/install/mariadb_conf/my.cnf b/lxc-apps/ushahidi/install/mariadb_conf/my.cnf new file mode 100644 index 0000000..5740333 --- /dev/null +++ b/lxc-apps/ushahidi/install/mariadb_conf/my.cnf @@ -0,0 +1,24 @@ +[mysqld] +skip-external-locking +skip-name-resolve +key_buffer_size = 16M +max_allowed_packet = 1M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +[mysqldump] +quick +max_allowed_packet = 1M + +[mysql] +no-auto-rehash + +[myisamchk] +key_buffer_size = 20M +sort_buffer_size = 20M +read_buffer = 2M +write_buffer = 2M diff --git a/lxc-apps/ushahidi/install/srv/ushahidi/update-conf.sh b/lxc-apps/ushahidi/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/ushahidi/install/srv/ushahidi/update-conf.sh rename to lxc-apps/ushahidi/install/update-conf.sh diff --git a/lxc-apps/ushahidi/install/srv/ushahidi/conf/config.json b/lxc-apps/ushahidi/install/ushahidi_conf/config.json similarity index 100% rename from lxc-apps/ushahidi/install/srv/ushahidi/conf/config.json rename to lxc-apps/ushahidi/install/ushahidi_conf/config.json diff --git a/lxc-apps/ushahidi/install/srv/ushahidi/conf/env b/lxc-apps/ushahidi/install/ushahidi_conf/env similarity index 100% rename from lxc-apps/ushahidi/install/srv/ushahidi/conf/env rename to lxc-apps/ushahidi/install/ushahidi_conf/env diff --git a/lxc-apps/ushahidi/lxcfile b/lxc-apps/ushahidi/lxcfile index 5572cca..3100047 100644 --- a/lxc-apps/ushahidi/lxcfile +++ b/lxc-apps/ushahidi/lxcfile @@ -33,8 +33,4 @@ RUN EOF rm aura.patch EOF -MOUNT FILE /srv/ushahidi/conf/env srv/ushahidi/platform/.env -MOUNT FILE /srv/ushahidi/conf/config.json srv/ushahidi/config.json -MOUNT DIR /srv/ushahidi/data srv/ushahidi/platform/application/media/uploads - CMD s6-svscan /etc/services.d diff --git a/lxc-apps/ushahidi/meta b/lxc-apps/ushahidi/meta new file mode 100644 index 0000000..153351a --- /dev/null +++ b/lxc-apps/ushahidi/meta @@ -0,0 +1,29 @@ +{ + "version": "3.12.3-190620", + "meta": { + "title": "Ushahidi", + "desc-cs": "Skupinová reakce na události", + "desc-en": "Group reaction to events", + "license": "GPL", + }, + "containers": { + "ushahidi": { + "image": "ushahidi_3.12.3-190620", + "depends": [ + "ushahidi-mariadb" + ], + "mounts": [ + ["FILE", "/srv/ushahidi/ushahidi_conf/env", "/srv/ushahidi/platform/.env"], + ["FILE", "/srv/ushahidi/ushahidi_conf/config.json", "/srv/ushahidi/config.json"], + ["DIR", "/srv/ushahidi/ushahidi_data", "/srv/ushahidi/platform/application/media/uploads"] + ] + }, + "ushahidi-mariadb": { + "image": "mariadb_10.3.15-190620", + "mounts": [ + ["FILE", "/srv/ushahidi/mariadb_conf/my.cnf", "/etc/my.cnf"], + ["DIR", "/srv/ushahidi/mariadb_data", "/var/lib/mysql"] + ] + } + } +} diff --git a/lxc-apps/ushahidi/uninstall.sh b/lxc-apps/ushahidi/uninstall.sh index 1890160..19a7339 100755 --- a/lxc-apps/ushahidi/uninstall.sh +++ b/lxc-apps/ushahidi/uninstall.sh @@ -1,17 +1,8 @@ #!/bin/sh set -ev -# Remove cronjob -rm -f /etc/periodic/15min/ushahidi - -# Remove service -rm -f /etc/init.d/ushahidi -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/mariadb ] && service mariadb start && STOP_MARIADB=1 -echo 'DROP DATABASE IF EXISTS ushahidi; DROP USER IF EXISTS ushahidi;' | lxc-attach mariadb -- mysql -[ ! -z ${STOP_MARIADB} ] && service mariadb stop +# Remove persistent data +rm -rf /srv/ushahidi # Unregister application vmmgr unregister-app ushahidi From 4ba938d17f00d747ac323c3098b2f103c2561061 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:43:20 +0200 Subject: [PATCH 039/228] Add forgotten Pandora Postgres config --- .../pandora/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ 2 files changed, 661 insertions(+) create mode 100644 lxc-apps/pandora/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/pandora/install/postgres_data/postgresql.conf diff --git a/lxc-apps/pandora/install/postgres_data/pg_hba.conf b/lxc-apps/pandora/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/pandora/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/pandora/install/postgres_data/postgresql.conf b/lxc-apps/pandora/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/pandora/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here From f46fafa4ed2178edd27ab50576073befbddce0d5 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 15:49:29 +0200 Subject: [PATCH 040/228] Rework Sahana Eden --- lxc-apps/sahana-shared/lxcfile | 56 -- lxc-apps/sahana/install.sh | 48 +- lxc-apps/sahana/install/etc/init.d/sahana | 23 - .../sahana/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../sahana/conf => sahana_conf}/000_config.py | 0 .../conf => sahana_conf}/00_settings.py | 0 .../Spotter/DefaultItems.csv | 0 .../Spotter/DefaultSkillCompetency.csv | 0 .../Spotter/DefaultSkillList.csv | 0 .../Spotter/DrivingSkillList.csv | 0 .../Spotter/DrivingSkillList_EU.csv | 0 .../Spotter/LanguageCompetency.csv | 0 .../Spotter/LanguageSkillList.csv | 0 .../Spotter/StandardItems.csv | 0 .../data => sahana_data}/Spotter/__init__.py | 0 .../Spotter/auth_roles.csv | 0 .../Spotter/certificate.csv | 0 .../data => sahana_data}/Spotter/cms_post.csv | 0 .../data => sahana_data}/Spotter/config.py | 0 .../data => sahana_data}/Spotter/css.cfg | 0 .../Spotter/dvr_case_status.csv | 0 .../Spotter/event_type.csv | 0 .../Spotter/gis_config.csv | 0 .../Spotter/gis_hierarchy.csv | 0 .../Spotter/gis_layer_bing.csv | 0 .../Spotter/gis_layer_coordinate.csv | 0 .../Spotter/gis_layer_feature.csv | 0 .../Spotter/gis_layer_geojson.csv | 0 .../Spotter/gis_layer_georss.csv | 0 .../Spotter/gis_layer_google.csv | 0 .../Spotter/gis_layer_mgrs.csv | 0 .../Spotter/gis_layer_openstreetmap.csv | 0 .../Spotter/gis_layer_openweathermap.csv | 0 .../Spotter/gis_layer_tms.csv | 0 .../Spotter/gis_layer_wms.csv | 0 .../Spotter/gis_marker.csv | 0 .../Spotter/incident_type.csv | 0 .../data => sahana_data}/Spotter/layouts.py | 0 .../Spotter/maintenance.py | 0 .../Spotter/masterUsers.csv | 0 .../Spotter/membership_type.csv | 0 .../data => sahana_data}/Spotter/menus.py | 0 .../data => sahana_data}/Spotter/monitor.py | 0 .../Spotter/office_type.csv | 0 .../Spotter/org_sector.csv | 0 .../Spotter/organisation_type.csv | 0 .../data => sahana_data}/Spotter/parser.py | 0 .../Spotter/project_activity_type.csv | 0 .../Spotter/project_beneficiary_type.csv | 0 .../Spotter/project_hazard.csv | 0 .../Spotter/project_status.csv | 0 .../Spotter/project_theme.csv | 0 .../Spotter/shelter_type.csv | 0 .../data => sahana_data}/Spotter/tasks.cfg | 0 .../data => sahana_data}/Spotter/tests.py | 0 .../Spotter/views/footer.html | 0 .../Spotter/views/layout.html | 0 .../Spotter/work_job_type.csv | 0 .../install/{srv/sahana => }/update-conf.sh | 0 .../lxc/etc/nginx/nginx.conf | 0 .../lxc/etc/services.d/.s6-svscan/finish | 0 .../lxc/etc/services.d/nginx/run | 0 .../lxc/etc/services.d/uwsgi/down-signal | 0 .../lxc/etc/services.d/uwsgi/run | 0 .../lxc/etc/uwsgi/uwsgi.conf | 0 .../web2py/applications/eden/languages/cs.py | 0 .../lxc/srv/web2py/routes.py | 0 .../lxc/srv/web2py/run_scheduler.py | 0 lxc-apps/sahana/lxcfile | 56 +- lxc-apps/sahana/meta | 27 + lxc-apps/sahana/uninstall.sh | 10 +- 72 files changed, 767 insertions(+), 114 deletions(-) delete mode 100644 lxc-apps/sahana-shared/lxcfile delete mode 100755 lxc-apps/sahana/install/etc/init.d/sahana create mode 100644 lxc-apps/sahana/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/sahana/install/postgres_data/postgresql.conf rename lxc-apps/sahana/install/{srv/sahana/conf => sahana_conf}/000_config.py (100%) rename lxc-apps/sahana/install/{srv/sahana/conf => sahana_conf}/00_settings.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/DefaultItems.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/DefaultSkillCompetency.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/DefaultSkillList.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/DrivingSkillList.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/DrivingSkillList_EU.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/LanguageCompetency.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/LanguageSkillList.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/StandardItems.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/__init__.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/auth_roles.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/certificate.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/cms_post.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/config.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/css.cfg (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/dvr_case_status.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/event_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_config.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_hierarchy.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_bing.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_coordinate.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_feature.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_geojson.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_georss.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_google.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_mgrs.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_openstreetmap.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_openweathermap.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_tms.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_layer_wms.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/gis_marker.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/incident_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/layouts.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/maintenance.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/masterUsers.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/membership_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/menus.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/monitor.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/office_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/org_sector.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/organisation_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/parser.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/project_activity_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/project_beneficiary_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/project_hazard.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/project_status.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/project_theme.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/shelter_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/tasks.cfg (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/tests.py (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/views/footer.html (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/views/layout.html (100%) rename lxc-apps/sahana/install/{srv/sahana/data => sahana_data}/Spotter/work_job_type.csv (100%) rename lxc-apps/sahana/install/{srv/sahana => }/update-conf.sh (100%) mode change 100755 => 100644 rename lxc-apps/{sahana-shared => sahana}/lxc/etc/nginx/nginx.conf (100%) rename lxc-apps/{sahana-shared => sahana}/lxc/etc/services.d/.s6-svscan/finish (100%) mode change 100755 => 100644 rename lxc-apps/{sahana-shared => sahana}/lxc/etc/services.d/nginx/run (100%) mode change 100755 => 100644 rename lxc-apps/{sahana-shared => sahana}/lxc/etc/services.d/uwsgi/down-signal (100%) rename lxc-apps/{sahana-shared => sahana}/lxc/etc/services.d/uwsgi/run (100%) mode change 100755 => 100644 rename lxc-apps/{sahana-shared => sahana}/lxc/etc/uwsgi/uwsgi.conf (100%) rename lxc-apps/{sahana-shared => sahana}/lxc/srv/web2py/applications/eden/languages/cs.py (100%) rename lxc-apps/{sahana-shared => sahana}/lxc/srv/web2py/routes.py (100%) rename lxc-apps/{sahana-shared => sahana}/lxc/srv/web2py/run_scheduler.py (100%) create mode 100644 lxc-apps/sahana/meta diff --git a/lxc-apps/sahana-shared/lxcfile b/lxc-apps/sahana-shared/lxcfile deleted file mode 100644 index 78fed16..0000000 --- a/lxc-apps/sahana-shared/lxcfile +++ /dev/null @@ -1,56 +0,0 @@ -IMAGE sahana-shared_0.0.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 - -RUN EOF - # Install runtime dependencies - apk --no-cache add geos@vm nginx py-gdal@vm py2-dateutil py2-lxml py2-numpy py2-pillow py2-psycopg2 py2-requests uwsgi-python - - # Install build dependencies - apk --no-cache add --virtual .deps build-base git freetype-dev libpng-dev py-numpy-dev py2-pip python2-dev ttf-dejavu - - # Hackfix for python find_library('c') call - ln -s /lib/ld-musl-x86_64.so.1 /lib/libc.so.1 - - # Install web2py - git clone --recursive https://github.com/web2py/web2py.git /srv/web2py - git -C /srv/web2py checkout 7035398 - git -C /srv/web2py submodule update - - # Fix Web2py urllib import (https://github.com/web2py/pydal/commit/9d2290c) - sed -i 's/import traceback/import traceback\nimport urllib/' /srv/web2py/gluon/packages/dal/pydal/base.py - - # Symlink WSGI handler - ln -s /srv/web2py/handlers/wsgihandler.py /srv/web2py/wsgihandler.py - - # Install Sahana - git clone --depth 1 https://github.com/sahana/eden.git /srv/web2py/applications/eden - - # Install python dependencies, exclude old or unnecessary ones - sed -i 's/^ansible/#ansible/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^boto/#boto/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^PIL/#PIL/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^PyRTF/#PyRTF/' /srv/web2py/applications/eden/optional_requirements.txt - sed -i 's/^PyYAML/#PyYAML/' /srv/web2py/applications/eden/optional_requirements.txt - pip install -r /srv/web2py/applications/eden/optional_requirements.txt - - # Copy fonts with Czech glyphs - cp /usr/share/fonts/ttf-dejavu/DejaVuSerif-Bold.ttf /srv/web2py/applications/eden/static/fonts/Helvetica-Bold.ttf - cp /usr/share/fonts/ttf-dejavu/DejaVuSerif.ttf /srv/web2py/applications/eden/static/fonts/Helvetica.ttf -EOF - -COPY lxc - -RUN EOF - # Create OS user - addgroup -S -g 8001 sahana - adduser -S -u 8001 -h /srv/web2py -s /bin/false -g sahana -G sahana sahana - chown -R sahana:sahana /srv/web2py - - # Cleanup - apk --no-cache del .deps - find /srv/web2py -name '.git*' -exec rm -rf {} + - rm -r /srv/web2py/applications/admin /srv/web2py/applications/examples /srv/web2py/applications/welcome - rm -r /root/.cache -EOF diff --git a/lxc-apps/sahana/install.sh b/lxc-apps/sahana/install.sh index dbf8342..f085f24 100755 --- a/lxc-apps/sahana/install.sh +++ b/lxc-apps/sahana/install.sh @@ -3,49 +3,55 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/sahana/postgres_data +chown -R 105432:105432 /srv/sahana/postgres_data +chmod 700 /srv/sahana/postgres_data +lxc-execute -n sahana-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/sahana/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/sahana/postgres_data/pg_hba.conf # Create PostgreSQL user and database export SAHANA_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/sahana/conf/000_config.py -envsubst /srv/sahana/data/Spotter/masterUsers.csv -cp srv/sahana/conf/00_settings.py /srv/sahana/conf/00_settings.py +envsubst /srv/sahana/sahana_conf/000_config.py +envsubst /srv/sahana/sahana_data/Spotter/masterUsers.csv +cp sahana_conf/00_settings.py /srv/sahana/sahana_conf/00_settings.py +chown -R 108001:108001 /srv/sahana/sahana_conf +chown -R 108001:108001 /srv/sahana/sahana_data # Populate database lxc-execute -u 8001 -g 8001 sahana -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' # Set "production values" (increases performance) only if the DEBUG environment variable is not set if [ ${DEBUG:-0} -eq 0 ]; then - sed -i 's/settings.base.migrate = True/settings.base.migrate = False/' /srv/sahana/conf/000_config.py - sed -i 's/settings.base.debug = True/settings.base.debug = False/' /srv/sahana/conf/000_config.py - sed -i 's/#settings.base.prepopulate = 0/settings.base.prepopulate = 0/' /srv/sahana/conf/000_config.py + sed -i 's/settings.base.migrate = True/settings.base.migrate = False/' /srv/sahana/sahana_conf/000_config.py + sed -i 's/settings.base.debug = True/settings.base.debug = False/' /srv/sahana/sahana_conf/000_config.py + sed -i 's/#settings.base.prepopulate = 0/settings.base.prepopulate = 0/' /srv/sahana/sahana_conf/000_config.py fi -# Install service -cp etc/init.d/sahana /etc/init.d/sahana -rc-update -u - # Install config update script -cp srv/sahana/update-conf.sh /srv/sahana/update-conf.sh +cp update-conf.sh /srv/sahana/update-conf.sh -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Stop services required for setup +service sahana-postgres stop # Register application vmmgr register-app sahana sahana "${SAHANA_ADMIN_USER}" "${SAHANA_ADMIN_PWD}" diff --git a/lxc-apps/sahana/install/etc/init.d/sahana b/lxc-apps/sahana/install/etc/init.d/sahana deleted file mode 100755 index 468edc8..0000000 --- a/lxc-apps/sahana/install/etc/init.d/sahana +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="Sahana Eden container" - -depend() { - need postgres -} - -start() { - lxc-start sahana -} - -start_post() { - vmmgr register-proxy sahana -} - -stop_pre() { - vmmgr unregister-proxy sahana -} - -stop() { - lxc-stop sahana -} diff --git a/lxc-apps/sahana/install/postgres_data/pg_hba.conf b/lxc-apps/sahana/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/sahana/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/sahana/install/postgres_data/postgresql.conf b/lxc-apps/sahana/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/sahana/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/sahana/install/srv/sahana/conf/000_config.py b/lxc-apps/sahana/install/sahana_conf/000_config.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/conf/000_config.py rename to lxc-apps/sahana/install/sahana_conf/000_config.py diff --git a/lxc-apps/sahana/install/srv/sahana/conf/00_settings.py b/lxc-apps/sahana/install/sahana_conf/00_settings.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/conf/00_settings.py rename to lxc-apps/sahana/install/sahana_conf/00_settings.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultItems.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DefaultItems.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultItems.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DefaultItems.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillCompetency.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillCompetency.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillCompetency.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillCompetency.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillList.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillList.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DefaultSkillList.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DefaultSkillList.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList_EU.csv b/lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList_EU.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/DrivingSkillList_EU.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/DrivingSkillList_EU.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageCompetency.csv b/lxc-apps/sahana/install/sahana_data/Spotter/LanguageCompetency.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageCompetency.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/LanguageCompetency.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageSkillList.csv b/lxc-apps/sahana/install/sahana_data/Spotter/LanguageSkillList.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/LanguageSkillList.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/LanguageSkillList.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/StandardItems.csv b/lxc-apps/sahana/install/sahana_data/Spotter/StandardItems.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/StandardItems.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/StandardItems.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/__init__.py b/lxc-apps/sahana/install/sahana_data/Spotter/__init__.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/__init__.py rename to lxc-apps/sahana/install/sahana_data/Spotter/__init__.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/auth_roles.csv b/lxc-apps/sahana/install/sahana_data/Spotter/auth_roles.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/auth_roles.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/auth_roles.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/certificate.csv b/lxc-apps/sahana/install/sahana_data/Spotter/certificate.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/certificate.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/certificate.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/cms_post.csv b/lxc-apps/sahana/install/sahana_data/Spotter/cms_post.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/cms_post.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/cms_post.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/config.py b/lxc-apps/sahana/install/sahana_data/Spotter/config.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/config.py rename to lxc-apps/sahana/install/sahana_data/Spotter/config.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/css.cfg b/lxc-apps/sahana/install/sahana_data/Spotter/css.cfg similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/css.cfg rename to lxc-apps/sahana/install/sahana_data/Spotter/css.cfg diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/dvr_case_status.csv b/lxc-apps/sahana/install/sahana_data/Spotter/dvr_case_status.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/dvr_case_status.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/dvr_case_status.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/event_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/event_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/event_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/event_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_config.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_config.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_config.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_config.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_hierarchy.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_hierarchy.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_hierarchy.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_hierarchy.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_bing.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_bing.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_bing.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_bing.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_coordinate.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_coordinate.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_coordinate.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_coordinate.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_feature.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_feature.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_feature.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_feature.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_geojson.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_geojson.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_geojson.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_geojson.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_georss.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_georss.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_georss.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_georss.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_google.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_google.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_google.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_google.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_mgrs.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_mgrs.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_mgrs.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_mgrs.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_openstreetmap.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_openstreetmap.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_openstreetmap.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_openstreetmap.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_openweathermap.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_openweathermap.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_openweathermap.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_openweathermap.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_tms.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_tms.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_tms.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_tms.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_wms.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_wms.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_layer_wms.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_layer_wms.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_marker.csv b/lxc-apps/sahana/install/sahana_data/Spotter/gis_marker.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/gis_marker.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/gis_marker.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/incident_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/incident_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/incident_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/incident_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/layouts.py b/lxc-apps/sahana/install/sahana_data/Spotter/layouts.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/layouts.py rename to lxc-apps/sahana/install/sahana_data/Spotter/layouts.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/maintenance.py b/lxc-apps/sahana/install/sahana_data/Spotter/maintenance.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/maintenance.py rename to lxc-apps/sahana/install/sahana_data/Spotter/maintenance.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/masterUsers.csv b/lxc-apps/sahana/install/sahana_data/Spotter/masterUsers.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/masterUsers.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/masterUsers.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/membership_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/membership_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/membership_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/membership_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/menus.py b/lxc-apps/sahana/install/sahana_data/Spotter/menus.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/menus.py rename to lxc-apps/sahana/install/sahana_data/Spotter/menus.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/monitor.py b/lxc-apps/sahana/install/sahana_data/Spotter/monitor.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/monitor.py rename to lxc-apps/sahana/install/sahana_data/Spotter/monitor.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/office_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/office_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/office_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/office_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/org_sector.csv b/lxc-apps/sahana/install/sahana_data/Spotter/org_sector.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/org_sector.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/org_sector.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/organisation_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/organisation_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/organisation_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/organisation_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/parser.py b/lxc-apps/sahana/install/sahana_data/Spotter/parser.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/parser.py rename to lxc-apps/sahana/install/sahana_data/Spotter/parser.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/project_activity_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/project_activity_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/project_activity_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/project_activity_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/project_beneficiary_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/project_beneficiary_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/project_beneficiary_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/project_beneficiary_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/project_hazard.csv b/lxc-apps/sahana/install/sahana_data/Spotter/project_hazard.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/project_hazard.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/project_hazard.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/project_status.csv b/lxc-apps/sahana/install/sahana_data/Spotter/project_status.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/project_status.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/project_status.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/project_theme.csv b/lxc-apps/sahana/install/sahana_data/Spotter/project_theme.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/project_theme.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/project_theme.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/shelter_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/shelter_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/shelter_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/shelter_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/tasks.cfg b/lxc-apps/sahana/install/sahana_data/Spotter/tasks.cfg similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/tasks.cfg rename to lxc-apps/sahana/install/sahana_data/Spotter/tasks.cfg diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/tests.py b/lxc-apps/sahana/install/sahana_data/Spotter/tests.py similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/tests.py rename to lxc-apps/sahana/install/sahana_data/Spotter/tests.py diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/views/footer.html b/lxc-apps/sahana/install/sahana_data/Spotter/views/footer.html similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/views/footer.html rename to lxc-apps/sahana/install/sahana_data/Spotter/views/footer.html diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/views/layout.html b/lxc-apps/sahana/install/sahana_data/Spotter/views/layout.html similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/views/layout.html rename to lxc-apps/sahana/install/sahana_data/Spotter/views/layout.html diff --git a/lxc-apps/sahana/install/srv/sahana/data/Spotter/work_job_type.csv b/lxc-apps/sahana/install/sahana_data/Spotter/work_job_type.csv similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/data/Spotter/work_job_type.csv rename to lxc-apps/sahana/install/sahana_data/Spotter/work_job_type.csv diff --git a/lxc-apps/sahana/install/srv/sahana/update-conf.sh b/lxc-apps/sahana/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/sahana/install/srv/sahana/update-conf.sh rename to lxc-apps/sahana/install/update-conf.sh diff --git a/lxc-apps/sahana-shared/lxc/etc/nginx/nginx.conf b/lxc-apps/sahana/lxc/etc/nginx/nginx.conf similarity index 100% rename from lxc-apps/sahana-shared/lxc/etc/nginx/nginx.conf rename to lxc-apps/sahana/lxc/etc/nginx/nginx.conf diff --git a/lxc-apps/sahana-shared/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/sahana/lxc/etc/services.d/.s6-svscan/finish old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/sahana-shared/lxc/etc/services.d/.s6-svscan/finish rename to lxc-apps/sahana/lxc/etc/services.d/.s6-svscan/finish diff --git a/lxc-apps/sahana-shared/lxc/etc/services.d/nginx/run b/lxc-apps/sahana/lxc/etc/services.d/nginx/run old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/sahana-shared/lxc/etc/services.d/nginx/run rename to lxc-apps/sahana/lxc/etc/services.d/nginx/run diff --git a/lxc-apps/sahana-shared/lxc/etc/services.d/uwsgi/down-signal b/lxc-apps/sahana/lxc/etc/services.d/uwsgi/down-signal similarity index 100% rename from lxc-apps/sahana-shared/lxc/etc/services.d/uwsgi/down-signal rename to lxc-apps/sahana/lxc/etc/services.d/uwsgi/down-signal diff --git a/lxc-apps/sahana-shared/lxc/etc/services.d/uwsgi/run b/lxc-apps/sahana/lxc/etc/services.d/uwsgi/run old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/sahana-shared/lxc/etc/services.d/uwsgi/run rename to lxc-apps/sahana/lxc/etc/services.d/uwsgi/run diff --git a/lxc-apps/sahana-shared/lxc/etc/uwsgi/uwsgi.conf b/lxc-apps/sahana/lxc/etc/uwsgi/uwsgi.conf similarity index 100% rename from lxc-apps/sahana-shared/lxc/etc/uwsgi/uwsgi.conf rename to lxc-apps/sahana/lxc/etc/uwsgi/uwsgi.conf diff --git a/lxc-apps/sahana-shared/lxc/srv/web2py/applications/eden/languages/cs.py b/lxc-apps/sahana/lxc/srv/web2py/applications/eden/languages/cs.py similarity index 100% rename from lxc-apps/sahana-shared/lxc/srv/web2py/applications/eden/languages/cs.py rename to lxc-apps/sahana/lxc/srv/web2py/applications/eden/languages/cs.py diff --git a/lxc-apps/sahana-shared/lxc/srv/web2py/routes.py b/lxc-apps/sahana/lxc/srv/web2py/routes.py similarity index 100% rename from lxc-apps/sahana-shared/lxc/srv/web2py/routes.py rename to lxc-apps/sahana/lxc/srv/web2py/routes.py diff --git a/lxc-apps/sahana-shared/lxc/srv/web2py/run_scheduler.py b/lxc-apps/sahana/lxc/srv/web2py/run_scheduler.py similarity index 100% rename from lxc-apps/sahana-shared/lxc/srv/web2py/run_scheduler.py rename to lxc-apps/sahana/lxc/srv/web2py/run_scheduler.py diff --git a/lxc-apps/sahana/lxcfile b/lxc-apps/sahana/lxcfile index 30154a2..9d0df85 100644 --- a/lxc-apps/sahana/lxcfile +++ b/lxc-apps/sahana/lxcfile @@ -2,11 +2,55 @@ IMAGE sahana_0.0.1-190620 LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python2.7_2.7.16-190620 -LAYER sahana-shared_0.0.1-190620 -MOUNT DIR /srv/sahana/conf srv/web2py/applications/eden/models -MOUNT DIR /srv/sahana/data/Spotter srv/web2py/applications/eden/modules/templates/Spotter -MOUNT DIR /srv/sahana/data/databases srv/web2py/applications/eden/databases -MOUNT DIR /srv/sahana/data/uploads srv/web2py/applications/eden/uploads +RUN EOF + # Install runtime dependencies + apk --no-cache add geos@vm nginx py-gdal@vm py2-dateutil py2-lxml py2-numpy py2-pillow py2-psycopg2 py2-requests uwsgi-python -CMD s6-svscan /etc/services.d + # Install build dependencies + apk --no-cache add --virtual .deps build-base git freetype-dev libpng-dev py-numpy-dev py2-pip python2-dev ttf-dejavu + + # Hackfix for python find_library('c') call + ln -s /lib/ld-musl-x86_64.so.1 /lib/libc.so.1 + + # Install web2py + git clone --recursive https://github.com/web2py/web2py.git /srv/web2py + git -C /srv/web2py checkout 7035398 + git -C /srv/web2py submodule update + + # Fix Web2py urllib import (https://github.com/web2py/pydal/commit/9d2290c) + sed -i 's/import traceback/import traceback\nimport urllib/' /srv/web2py/gluon/packages/dal/pydal/base.py + + # Symlink WSGI handler + ln -s /srv/web2py/handlers/wsgihandler.py /srv/web2py/wsgihandler.py + + # Install Sahana + git clone --depth 1 https://github.com/sahana/eden.git /srv/web2py/applications/eden + + # Install python dependencies, exclude old or unnecessary ones + sed -i 's/^ansible/#ansible/' /srv/web2py/applications/eden/optional_requirements.txt + sed -i 's/^boto/#boto/' /srv/web2py/applications/eden/optional_requirements.txt + sed -i 's/^PIL/#PIL/' /srv/web2py/applications/eden/optional_requirements.txt + sed -i 's/^PyRTF/#PyRTF/' /srv/web2py/applications/eden/optional_requirements.txt + sed -i 's/^PyYAML/#PyYAML/' /srv/web2py/applications/eden/optional_requirements.txt + pip install -r /srv/web2py/applications/eden/optional_requirements.txt + + # Copy fonts with Czech glyphs + cp /usr/share/fonts/ttf-dejavu/DejaVuSerif-Bold.ttf /srv/web2py/applications/eden/static/fonts/Helvetica-Bold.ttf + cp /usr/share/fonts/ttf-dejavu/DejaVuSerif.ttf /srv/web2py/applications/eden/static/fonts/Helvetica.ttf +EOF + +COPY lxc + +RUN EOF + # Create OS user + addgroup -S -g 8001 sahana + adduser -S -u 8001 -h /srv/web2py -s /bin/false -g sahana -G sahana sahana + chown -R sahana:sahana /srv/web2py + + # Cleanup + apk --no-cache del .deps + find /srv/web2py -name '.git*' -exec rm -rf {} + + rm -r /srv/web2py/applications/admin /srv/web2py/applications/examples /srv/web2py/applications/welcome + rm -r /root/.cache +EOF diff --git a/lxc-apps/sahana/meta b/lxc-apps/sahana/meta new file mode 100644 index 0000000..285deca --- /dev/null +++ b/lxc-apps/sahana/meta @@ -0,0 +1,27 @@ +{ + "version": "0.0.1-190620", + "meta": { + "title": "Sahana Eden", + "desc-cs": "Řízení humanítární činnosti", + "desc-en": "Management of humanitarian activities", + "license": "GPL", + }, + "containers": { + "sahana": { + "image": "sahana_0.0.1-190620", + "depends": [ + "sahana-postgres" + ], + "mounts": [ + ["DIR", "/srv/sahana/sahana_conf", "/srv/sahana/conf"], + ["DIR", "/srv/sahana/sahana_data", "/srv/sahana/data"] + ] + }, + "sahana-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/sahana/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/sahana/uninstall.sh b/lxc-apps/sahana/uninstall.sh index cc2caa1..4b0d562 100755 --- a/lxc-apps/sahana/uninstall.sh +++ b/lxc-apps/sahana/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/sahana -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS sahana; DROP ROLE IF EXISTS sahana;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/sahana # Unregister application vmmgr unregister-app sahana From 985dd2998ad2cd4a13e02ce9e3c6e74b1c06596d Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 16:01:55 +0200 Subject: [PATCH 041/228] Rework Sahana Eden - Demo --- lxc-apps/sahana-demo/install.sh | 47 +- .../install/etc/init.d/sahana-demo | 23 - .../install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../conf => sahana_conf}/000_config.py | 2 +- .../{srv/sahana-demo => }/update-conf.sh | 0 lxc-apps/sahana-demo/lxcfile | 12 - lxc-apps/sahana-demo/meta | 27 + lxc-apps/sahana-demo/uninstall.sh | 10 +- lxc-apps/sahana/install.sh | 5 +- 10 files changed, 714 insertions(+), 73 deletions(-) delete mode 100755 lxc-apps/sahana-demo/install/etc/init.d/sahana-demo create mode 100644 lxc-apps/sahana-demo/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/sahana-demo/install/postgres_data/postgresql.conf rename lxc-apps/sahana-demo/install/{srv/sahana-demo/conf => sahana_conf}/000_config.py (99%) rename lxc-apps/sahana-demo/install/{srv/sahana-demo => }/update-conf.sh (100%) mode change 100755 => 100644 delete mode 100644 lxc-apps/sahana-demo/lxcfile create mode 100644 lxc-apps/sahana-demo/meta diff --git a/lxc-apps/sahana-demo/install.sh b/lxc-apps/sahana-demo/install.sh index c468905..8a1db26 100755 --- a/lxc-apps/sahana-demo/install.sh +++ b/lxc-apps/sahana-demo/install.sh @@ -2,49 +2,44 @@ set -ev cd $(realpath $(dirname "${0}"))/install -export TEMPLATE=${TEMPLATE:-"default"} -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/sahana-demo/postgres_data +chown -R 105432:105432 /srv/sahana-demo/postgres_data +chmod 700 /srv/sahana-demo/postgres_data +lxc-execute -n sahana-demo-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/sahana-demo/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/sahana-demo/postgres_data/pg_hba.conf # Create PostgreSQL user and database export SAHANADEMO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/sahana-demo/conf/000_config.py -if [ ${TEMPLATE} == "default" ]; then - envsubst /srv/sahana-demo/data/default/users/masterUsers.csv -else - mkdir -p /var/lib/lxc/sahana-demo/sahana-demo/srv/web2py/applications/eden/modules/templates/default/users - envsubst /var/lib/lxc/sahana-demo/sahana-demo/srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv - chown -R 8001:8001 /var/lib/lxc/sahana-demo/sahana-demo/srv/web2py -fi - -# Replace template in LXC container mount definition -sed -i "s/default/${TEMPLATE}/g" /var/lib/lxc/sahana-demo/config +envsubst /srv/sahana-demo/sahana_conf/000_config.py +envsubst /srv/sahana-demo/sahana_data/default/users/masterUsers.csv +chown -R 108001:108001 /srv/sahana/sahana_conf /srv/sahana/sahana_data # Populate database lxc-execute -u 8001 -g 8001 sahana-demo -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' -# Install service -envsubst /etc/init.d/sahana-demo -chmod +x /etc/init.d/sahana-demo - # Install config update script -cp srv/sahana-demo/update-conf.sh /srv/sahana-demo/update-conf.sh +cp update-conf.sh /srv/sahana-demo/update-conf.sh -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Stop services required for setup +service sahana-demo-postgres stop # Register application vmmgr register-app sahana-demo sahana-demo "${SAHANADEMO_ADMIN_USER}" "${SAHANADEMO_ADMIN_PWD}" diff --git a/lxc-apps/sahana-demo/install/etc/init.d/sahana-demo b/lxc-apps/sahana-demo/install/etc/init.d/sahana-demo deleted file mode 100755 index 0ae2bc8..0000000 --- a/lxc-apps/sahana-demo/install/etc/init.d/sahana-demo +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="Sahana Eden Demo container" - -depend() { - need postgres -} - -start() { - lxc-start sahana-demo -} - -start_post() { - vmmgr register-proxy sahana-demo -} - -stop_pre() { - vmmgr unregister-proxy sahana-demo -} - -stop() { - lxc-stop sahana-demo -} diff --git a/lxc-apps/sahana-demo/install/postgres_data/pg_hba.conf b/lxc-apps/sahana-demo/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/sahana-demo/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/sahana-demo/install/postgres_data/postgresql.conf b/lxc-apps/sahana-demo/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/sahana-demo/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/sahana-demo/install/srv/sahana-demo/conf/000_config.py b/lxc-apps/sahana-demo/install/sahana_conf/000_config.py similarity index 99% rename from lxc-apps/sahana-demo/install/srv/sahana-demo/conf/000_config.py rename to lxc-apps/sahana-demo/install/sahana_conf/000_config.py index e9ed49f..a19ef42 100644 --- a/lxc-apps/sahana-demo/install/srv/sahana-demo/conf/000_config.py +++ b/lxc-apps/sahana-demo/install/sahana_conf/000_config.py @@ -23,7 +23,7 @@ FINISHED_EDITING_CONFIG_FILE = True # - Workflows # - Theme # - note that you should restart your web2py after changing this setting -settings.base.template = "${TEMPLATE}" +settings.base.template = "default" # Database settings # Uncomment to use a different database, other than sqlite diff --git a/lxc-apps/sahana-demo/install/srv/sahana-demo/update-conf.sh b/lxc-apps/sahana-demo/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/sahana-demo/install/srv/sahana-demo/update-conf.sh rename to lxc-apps/sahana-demo/install/update-conf.sh diff --git a/lxc-apps/sahana-demo/lxcfile b/lxc-apps/sahana-demo/lxcfile deleted file mode 100644 index 27960ef..0000000 --- a/lxc-apps/sahana-demo/lxcfile +++ /dev/null @@ -1,12 +0,0 @@ -IMAGE sahana-demo_0.0.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 -LAYER sahana-shared_0.0.1-190620 - -MOUNT DIR /srv/sahana-demo/conf srv/web2py/applications/eden/models -MOUNT DIR /srv/sahana-demo/data/default srv/web2py/applications/eden/modules/templates/default -MOUNT DIR /srv/sahana-demo/data/databases srv/web2py/applications/eden/databases -MOUNT DIR /srv/sahana-demo/data/uploads srv/web2py/applications/eden/uploads - -CMD s6-svscan /etc/services.d diff --git a/lxc-apps/sahana-demo/meta b/lxc-apps/sahana-demo/meta new file mode 100644 index 0000000..ca691cc --- /dev/null +++ b/lxc-apps/sahana-demo/meta @@ -0,0 +1,27 @@ +{ + "version": "0.0.1-190620", + "meta": { + "title": "Sahana Eden - Demo", + "desc-cs": "Řízení humanítární činnosti", + "desc-en": "Management of humanitarian activities", + "license": "GPL", + }, + "containers": { + "sahana-demo": { + "image": "sahana_0.0.1-190620", + "depends": [ + "sahana-demo-postgres" + ], + "mounts": [ + ["DIR", "/srv/sahana-demo/sahana_conf", "/srv/sahana/conf"], + ["DIR", "/srv/sahana-demo/sahana_data", "/srv/sahana/data"] + ] + }, + "sahana-demo-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/sahana-demo/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/sahana-demo/uninstall.sh b/lxc-apps/sahana-demo/uninstall.sh index a6adf51..dd3b7ae 100755 --- a/lxc-apps/sahana-demo/uninstall.sh +++ b/lxc-apps/sahana-demo/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/sahana-demo -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS sahanademo; DROP ROLE IF EXISTS sahanademo;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/sahana-demo # Unregister application vmmgr unregister-app sahana-demo diff --git a/lxc-apps/sahana/install.sh b/lxc-apps/sahana/install.sh index f085f24..7bc335c 100755 --- a/lxc-apps/sahana/install.sh +++ b/lxc-apps/sahana/install.sh @@ -21,7 +21,7 @@ envsubst /srv/sahana/sahana_conf/000_config.py envsubst /srv/sahana/sahana_data/Spotter/masterUsers.csv cp sahana_conf/00_settings.py /srv/sahana/sahana_conf/00_settings.py -chown -R 108001:108001 /srv/sahana/sahana_conf -chown -R 108001:108001 /srv/sahana/sahana_data +chown -R 108001:108001 /srv/sahana/sahana_conf /srv/sahana/sahana_data # Populate database lxc-execute -u 8001 -g 8001 sahana -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' From 9b18c94dddfced779f1ab0005427f8679431ac81 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 16:10:29 +0200 Subject: [PATCH 042/228] Rework SAMBRO --- lxc-apps/sahana-demo/meta | 10 ++-- lxc-apps/sahana/meta | 6 ++- lxc-apps/sambro/install.sh | 46 +++++++++++-------- lxc-apps/sambro/install/etc/init.d/sambro | 23 ---------- .../sambro/conf => sahana_conf}/000_config.py | 0 .../conf => sahana_conf}/00_settings.py | 0 .../data => sahana_data}/SAMBRO/config.py | 0 .../install/{srv/sambro => }/update-conf.sh | 0 lxc-apps/sambro/lxcfile | 12 ----- lxc-apps/sambro/meta | 29 ++++++++++++ lxc-apps/sambro/uninstall.sh | 10 +--- 11 files changed, 67 insertions(+), 69 deletions(-) delete mode 100755 lxc-apps/sambro/install/etc/init.d/sambro rename lxc-apps/sambro/install/{srv/sambro/conf => sahana_conf}/000_config.py (100%) rename lxc-apps/sambro/install/{srv/sambro/conf => sahana_conf}/00_settings.py (100%) rename lxc-apps/sambro/install/{srv/sambro/data => sahana_data}/SAMBRO/config.py (100%) rename lxc-apps/sambro/install/{srv/sambro => }/update-conf.sh (100%) mode change 100755 => 100644 delete mode 100644 lxc-apps/sambro/lxcfile create mode 100644 lxc-apps/sambro/meta diff --git a/lxc-apps/sahana-demo/meta b/lxc-apps/sahana-demo/meta index ca691cc..1be2cdc 100644 --- a/lxc-apps/sahana-demo/meta +++ b/lxc-apps/sahana-demo/meta @@ -2,8 +2,8 @@ "version": "0.0.1-190620", "meta": { "title": "Sahana Eden - Demo", - "desc-cs": "Řízení humanítární činnosti", - "desc-en": "Management of humanitarian activities", + "desc-cs": "Řízení humanítární činnosti - Demo instance", + "desc-en": "Management of humanitarian activities - Demo instance", "license": "GPL", }, "containers": { @@ -13,8 +13,10 @@ "sahana-demo-postgres" ], "mounts": [ - ["DIR", "/srv/sahana-demo/sahana_conf", "/srv/sahana/conf"], - ["DIR", "/srv/sahana-demo/sahana_data", "/srv/sahana/data"] + ["DIR", "/srv/sahana-demo/sahana_conf", "/srv/web2py/applications/eden/models"], + ["DIR", "/srv/sahana-demo/sahana_data/default", "/srv/web2py/applications/eden/modules/templates/default"], + ["DIR", "/srv/sahana-demo/sahana_data/databases", "/srv/web2py/applications/eden/databases"], + ["DIR", "/srv/sahana-demo/sahana_data/uploads", "/srv/web2py/applications/eden/uploads"] ] }, "sahana-demo-postgres": { diff --git a/lxc-apps/sahana/meta b/lxc-apps/sahana/meta index 285deca..0272165 100644 --- a/lxc-apps/sahana/meta +++ b/lxc-apps/sahana/meta @@ -13,8 +13,10 @@ "sahana-postgres" ], "mounts": [ - ["DIR", "/srv/sahana/sahana_conf", "/srv/sahana/conf"], - ["DIR", "/srv/sahana/sahana_data", "/srv/sahana/data"] + ["DIR", "/srv/sahana/sahana_conf", "/srv/web2py/applications/eden/models"], + ["DIR", "/srv/sahana/sahana_data/Spotter", "/srv/web2py/applications/eden/modules/templates/Spotter"], + ["DIR", "/srv/sahana/sahana_data/databases", "/srv/web2py/applications/eden/databases"], + ["DIR", "/srv/sahana/sahana_data/uploads", "/srv/web2py/applications/eden/uploads"] ] }, "sahana-postgres": { diff --git a/lxc-apps/sambro/install.sh b/lxc-apps/sambro/install.sh index b884f6e..42520ad 100755 --- a/lxc-apps/sambro/install.sh +++ b/lxc-apps/sambro/install.sh @@ -3,29 +3,39 @@ set -ev cd $(realpath $(dirname "${0}"))/install -# Check prerequisites -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 +# Create Postgres instance +mkdir -p /srv/sambro/postgres_data +chown -R 105432:105432 /srv/sambro/postgres_data +chmod 700 /srv/sambro/postgres_data +lxc-execute -n sambro-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/sambro/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/sambro/postgres_data/pg_hba.conf # Create PostgreSQL user and database export SAMBRO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/sambro/conf/000_config.py -mkdir -p /var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users -envsubst /var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv -chown -R 8001:8001 /var/lib/lxc/sambro/sambro/srv/web2py -cp srv/sambro/conf/00_settings.py /srv/sambro/conf/00_settings.py -cp srv/sambro/data/SAMBRO/config.py /srv/sambro/data/SAMBRO/config.py +envsubst /srv/sambro/sahana_conf/000_config.py +# TODO: +#mkdir -p /var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users +#envsubst /var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv +#chown -R 8001:8001 /var/lib/lxc/sambro/sambro/srv/web2py +cp sahana_conf/00_settings.py /srv/sambro/sahana_conf/00_settings.py +cp sahana_data/SAMBRO/config.py /srv/sambro/sahana_data/SAMBRO/config.py +chown -R 108001:108001 /srv/sambro/sahana_conf /srv/sambro/sahana_data # Populate database lxc-execute -u 8001 -g 8001 sambro -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' @@ -37,15 +47,11 @@ if [ ${DEBUG:-0} -eq 0 ]; then sed -i 's/#settings.base.prepopulate = 0/settings.base.prepopulate = 0/' /srv/sambro/conf/000_config.py fi -# Install service -cp etc/init.d/sambro /etc/init.d/sambro -rc-update -u - # Install config update script -cp srv/sambro/update-conf.sh /srv/sambro/update-conf.sh +cp update-conf.sh /srv/sambro/update-conf.sh -# Stop services required for build -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Stop services required for setup +service sambro-postgres stop # Register application vmmgr register-app sambro sambro "${SAMBRO_ADMIN_USER}" "${SAMBRO_ADMIN_PWD}" diff --git a/lxc-apps/sambro/install/etc/init.d/sambro b/lxc-apps/sambro/install/etc/init.d/sambro deleted file mode 100755 index d1aa284..0000000 --- a/lxc-apps/sambro/install/etc/init.d/sambro +++ /dev/null @@ -1,23 +0,0 @@ -#!/sbin/openrc-run - -description="SAMBRO container" - -depend() { - need postgres -} - -start() { - lxc-start sambro -} - -start_post() { - vmmgr register-proxy sambro -} - -stop_pre() { - vmmgr unregister-proxy sambro -} - -stop() { - lxc-stop sambro -} diff --git a/lxc-apps/sambro/install/srv/sambro/conf/000_config.py b/lxc-apps/sambro/install/sahana_conf/000_config.py similarity index 100% rename from lxc-apps/sambro/install/srv/sambro/conf/000_config.py rename to lxc-apps/sambro/install/sahana_conf/000_config.py diff --git a/lxc-apps/sambro/install/srv/sambro/conf/00_settings.py b/lxc-apps/sambro/install/sahana_conf/00_settings.py similarity index 100% rename from lxc-apps/sambro/install/srv/sambro/conf/00_settings.py rename to lxc-apps/sambro/install/sahana_conf/00_settings.py diff --git a/lxc-apps/sambro/install/srv/sambro/data/SAMBRO/config.py b/lxc-apps/sambro/install/sahana_data/SAMBRO/config.py similarity index 100% rename from lxc-apps/sambro/install/srv/sambro/data/SAMBRO/config.py rename to lxc-apps/sambro/install/sahana_data/SAMBRO/config.py diff --git a/lxc-apps/sambro/install/srv/sambro/update-conf.sh b/lxc-apps/sambro/install/update-conf.sh old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/sambro/install/srv/sambro/update-conf.sh rename to lxc-apps/sambro/install/update-conf.sh diff --git a/lxc-apps/sambro/lxcfile b/lxc-apps/sambro/lxcfile deleted file mode 100644 index 85823fd..0000000 --- a/lxc-apps/sambro/lxcfile +++ /dev/null @@ -1,12 +0,0 @@ -IMAGE sambro_0.0.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 -LAYER sahana-shared_0.0.1-190620 - -MOUNT DIR /srv/sambro/conf srv/web2py/applications/eden/models -MOUNT DIR /srv/sambro/data/SAMBRO srv/web2py/applications/eden/modules/templates/SAMBRO -MOUNT DIR /srv/sambro/data/databases srv/web2py/applications/eden/databases -MOUNT DIR /srv/sambro/data/uploads srv/web2py/applications/eden/uploads - -CMD s6-svscan /etc/services.d diff --git a/lxc-apps/sambro/meta b/lxc-apps/sambro/meta new file mode 100644 index 0000000..dc75bc8 --- /dev/null +++ b/lxc-apps/sambro/meta @@ -0,0 +1,29 @@ +{ + "version": "0.0.1-190620", + "meta": { + "title": "Sahana Eden - SAMBRO", + "desc-cs": "Řízení humanítární činnosti - Centrum hlášení a výstrah", + "desc-en": "Management of humanitarian activities - Reporting and alerting center", + "license": "GPL", + }, + "containers": { + "sambro": { + "image": "sahana_0.0.1-190620", + "depends": [ + "sambro-postgres" + ], + "mounts": [ + ["DIR", "/srv/sambro/sahana_conf", "/srv/web2py/applications/eden/models"], + ["DIR", "/srv/sambro/sahana_data/SAMBRO", "/srv/web2py/applications/eden/modules/templates/SAMBRO"], + ["DIR", "/srv/sambro/sahana_data/databases", "/srv/web2py/applications/eden/databases"], + ["DIR", "/srv/sambro/sahana_data/uploads", "/srv/web2py/applications/eden/uploads"] + ] + }, + "sambro-postgres": { + "image": "postgis_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/sambro/postgres_data", "/var/lib/postgresql"] + ] + } + } +} diff --git a/lxc-apps/sambro/uninstall.sh b/lxc-apps/sambro/uninstall.sh index 4fd1cf6..1e0465c 100755 --- a/lxc-apps/sambro/uninstall.sh +++ b/lxc-apps/sambro/uninstall.sh @@ -1,14 +1,8 @@ #!/bin/sh set -ev -# Remove service -rm -f /etc/init.d/sambro -rc-update -u - -# Drop database and user -[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1 -echo 'DROP DATABASE IF EXISTS sambro; DROP ROLE IF EXISTS sambro;' | lxc-attach -u 5432 -g 5432 postgres -- psql -[ ! -z ${STOP_POSTGRES} ] && service postgres stop +# Remove persistent data +rm -rf /srv/sambro # Unregister application vmmgr unregister-app sambro From cf9982638632a84057f54b9a1a0044f4a08a8d52 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 16:34:10 +0200 Subject: [PATCH 043/228] Fix hostnames --- lxc-apps/crisiscleanup/install.sh | 16 ++++++++-------- .../{crisiscleanup_conf => cc_conf}/conf/boot.rb | 0 .../conf/database.yml | 2 +- .../conf/environments/production.rb | 0 .../conf/initializers/devise.rb | 0 .../{crisiscleanup_conf => cc_conf}/db/seeds.rb | 0 lxc-apps/crisiscleanup/install/update-conf.sh | 4 ++-- lxc-apps/crisiscleanup/meta | 2 +- lxc-apps/cts/install/cts_conf/spotter.py | 2 +- lxc-apps/cts/install/update-conf.sh | 2 +- lxc-apps/ecogis/install/ecogis_conf/config.php | 2 +- .../install/gnuhealth_conf/trytond.conf | 2 +- lxc-apps/gnuhealth/install/update-conf.sh | 2 +- .../kanboard/install/kanboard_conf/config.php | 2 +- lxc-apps/kanboard/install/update-conf.sh | 2 +- lxc-apps/mifosx/install/mifosx_conf/context.xml | 2 +- lxc-apps/mifosx/install/update-conf.sh | 6 +++--- .../motech_conf/config/bootstrap.properties | 4 ++-- .../config/motech-settings.properties | 2 +- lxc-apps/motech/install/update-conf.sh | 2 +- lxc-apps/odoo/install/odoo_conf/odoo.conf | 2 +- lxc-apps/odoo/install/update-conf.sh | 2 +- .../opendatakit/install/odk_conf/jdbc.properties | 2 +- .../opendatakit/install/odkbuild_conf/config.yml | 2 +- lxc-apps/opendatakit/install/update-conf.sh | 6 +++--- .../install/pandora_conf/local_settings.py | 4 ++-- lxc-apps/pandora/install/update-conf.sh | 4 ++-- .../install/sahana_conf/000_config.py | 2 +- lxc-apps/sahana-demo/install/update-conf.sh | 8 ++++---- .../sahana/install/sahana_conf/000_config.py | 2 +- lxc-apps/sahana/install/update-conf.sh | 8 ++++---- .../sambro/install/sahana_conf/000_config.py | 2 +- lxc-apps/sambro/install/update-conf.sh | 8 ++++---- .../seeddms/install/seeddms_conf/settings.xml | 2 +- lxc-apps/seeddms/install/update-conf.sh | 2 +- .../sigmah/install/sigmah_conf/persistence.xml | 2 +- lxc-apps/sigmah/install/update-conf.sh | 6 +++--- lxc-apps/ushahidi/install/update-conf.sh | 10 +++++----- lxc-apps/ushahidi/install/ushahidi_conf/env | 2 +- 39 files changed, 65 insertions(+), 65 deletions(-) rename lxc-apps/crisiscleanup/install/{crisiscleanup_conf => cc_conf}/conf/boot.rb (100%) rename lxc-apps/crisiscleanup/install/{crisiscleanup_conf => cc_conf}/conf/database.yml (82%) rename lxc-apps/crisiscleanup/install/{crisiscleanup_conf => cc_conf}/conf/environments/production.rb (100%) rename lxc-apps/crisiscleanup/install/{crisiscleanup_conf => cc_conf}/conf/initializers/devise.rb (100%) rename lxc-apps/crisiscleanup/install/{crisiscleanup_conf => cc_conf}/db/seeds.rb (100%) diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh index 99c1b3d..aa6d6b4 100755 --- a/lxc-apps/crisiscleanup/install.sh +++ b/lxc-apps/crisiscleanup/install.sh @@ -19,21 +19,21 @@ service crisiscleanup-postgres start envsubst /srv/crisiscleanup/crisiscleanup_conf/database.yml -cp crisiscleanup_conf/boot.rb /srv/crisiscleanup/crisiscleanup_conf/boot.rb -cp crisiscleanup_conf/initializers/devise.rb /srv/crisiscleanup/crisiscleanup_conf/initializers/devise.rb -cp crisiscleanup_conf/environments/production.rb /srv/crisiscleanup/crisiscleanup_conf/environments/production.rb +envsubst /srv/crisiscleanup/cc_conf/database.yml +cp cc_conf/boot.rb /srv/crisiscleanup/cc_conf/boot.rb +cp cc_conf/initializers/devise.rb /srv/crisiscleanup/cc_conf/initializers/devise.rb +cp cc_conf/environments/production.rb /srv/crisiscleanup/cc_conf/environments/production.rb # Populate database -#envsubst /var/lib/lxc/crisiscleanup/crisiscleanup/srv/crisiscleanup/db/seeds.rb # TODO bud volat User.create! zvlast nebo vyresit jinak +#envsubst /var/lib/lxc/crisiscleanup/crisiscleanup/srv/crisiscleanup/db/seeds.rb # TODO bud volat User.create! zvlast nebo vyresit jinak lxc-execute crisiscleanup -- rake db:schema:load lxc-execute crisiscleanup -- rake db:seed diff --git a/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/boot.rb b/lxc-apps/crisiscleanup/install/cc_conf/conf/boot.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/boot.rb rename to lxc-apps/crisiscleanup/install/cc_conf/conf/boot.rb diff --git a/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/database.yml b/lxc-apps/crisiscleanup/install/cc_conf/conf/database.yml similarity index 82% rename from lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/database.yml rename to lxc-apps/crisiscleanup/install/cc_conf/conf/database.yml index da8b643..436acf9 100644 --- a/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/database.yml +++ b/lxc-apps/crisiscleanup/install/cc_conf/conf/database.yml @@ -3,6 +3,6 @@ production: encoding: unicode database: crisiscleanup pool: 5 - host: postgres + host: crisiscleanup-postgres username: crisiscleanup password: ${CRISISCLEANUP_PWD} diff --git a/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/environments/production.rb b/lxc-apps/crisiscleanup/install/cc_conf/conf/environments/production.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/environments/production.rb rename to lxc-apps/crisiscleanup/install/cc_conf/conf/environments/production.rb diff --git a/lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/initializers/devise.rb b/lxc-apps/crisiscleanup/install/cc_conf/conf/initializers/devise.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/crisiscleanup_conf/conf/initializers/devise.rb rename to lxc-apps/crisiscleanup/install/cc_conf/conf/initializers/devise.rb diff --git a/lxc-apps/crisiscleanup/install/crisiscleanup_conf/db/seeds.rb b/lxc-apps/crisiscleanup/install/cc_conf/db/seeds.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/crisiscleanup_conf/db/seeds.rb rename to lxc-apps/crisiscleanup/install/cc_conf/db/seeds.rb diff --git a/lxc-apps/crisiscleanup/install/update-conf.sh b/lxc-apps/crisiscleanup/install/update-conf.sh index 744fc35..660c050 100644 --- a/lxc-apps/crisiscleanup/install/update-conf.sh +++ b/lxc-apps/crisiscleanup/install/update-conf.sh @@ -1,4 +1,4 @@ #!/bin/sh -sed -i "s|\(^ config\.mailer_sender = \).*|\1'${EMAIL}'|" /srv/crisiscleanup/conf/initializers/devise.rb -sed -i "s|\(^ENV['GOOGLE_MAPS_API_KEY'] = \).*|\1${GMAPS_API_KEY}|" /srv/crisiscleanup/conf/boot.rb +sed -i "s|\(^ config\.mailer_sender = \).*|\1'${EMAIL}'|" /srv/crisiscleanup/cc_conf/initializers/devise.rb +sed -i "s|\(^ENV['GOOGLE_MAPS_API_KEY'] = \).*|\1${GMAPS_API_KEY}|" /srv/crisiscleanup/cc_conf/boot.rb diff --git a/lxc-apps/crisiscleanup/meta b/lxc-apps/crisiscleanup/meta index 97f4d11..ef5618f 100644 --- a/lxc-apps/crisiscleanup/meta +++ b/lxc-apps/crisiscleanup/meta @@ -13,7 +13,7 @@ "crisiscleanup-postgres" ], "mounts": [ - ["DIR", "/srv/crisiscleanup/crisiscleanup_conf", "/srv/crisiscleanup/config"] + ["DIR", "/srv/crisiscleanup/cc_conf", "/srv/crisiscleanup/config"] ] }, "crisiscleanup-postgres": { diff --git a/lxc-apps/cts/install/cts_conf/spotter.py b/lxc-apps/cts/install/cts_conf/spotter.py index b0ff6ca..b255909 100644 --- a/lxc-apps/cts/install/cts_conf/spotter.py +++ b/lxc-apps/cts/install/cts_conf/spotter.py @@ -18,7 +18,7 @@ DATABASES = { 'NAME': 'cts', 'USER': 'cts', 'PASSWORD': '${CTS_PWD}', - 'HOST': 'postgres', + 'HOST': 'cts-postgres', 'PORT': '5432', } } diff --git a/lxc-apps/cts/install/update-conf.sh b/lxc-apps/cts/install/update-conf.sh index 9cea8da..cfb76d0 100644 --- a/lxc-apps/cts/install/update-conf.sh +++ b/lxc-apps/cts/install/update-conf.sh @@ -1,3 +1,3 @@ #!/bin/sh -sed -i "s|\(^SERVER_EMAIL = \).*|\1'${EMAIL}'|" /srv/cts/conf/spotter.py +sed -i "s|\(^SERVER_EMAIL = \).*|\1'${EMAIL}'|" /srv/cts/cts_conf/spotter.py diff --git a/lxc-apps/ecogis/install/ecogis_conf/config.php b/lxc-apps/ecogis/install/ecogis_conf/config.php index 687ed7d..1b4ce19 100644 --- a/lxc-apps/ecogis/install/ecogis_conf/config.php +++ b/lxc-apps/ecogis/install/ecogis_conf/config.php @@ -9,7 +9,7 @@ /* ------------------------------ DB Settings ------------------------------ */ $dsn = array('dbtype' => 'pgsql', - 'dbhost' => 'postgres', // host + 'dbhost' => 'ecogis-postgres', // host 'dbuser' => 'ecogis', // login 'dbpass' => '${ECOGIS_PWD}', // Password 'dbname' => 'ecogis', // database diff --git a/lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf b/lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf index 83353b0..1ea995a 100644 --- a/lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf +++ b/lxc-apps/gnuhealth/install/gnuhealth_conf/trytond.conf @@ -1,5 +1,5 @@ [database] -uri = postgresql://gnuhealth:${GNUHEALTH_PWD}@postgres +uri = postgresql://gnuhealth:${GNUHEALTH_PWD}@gnuhealth-postgres path = /srv/gnuhealth/attach [web] diff --git a/lxc-apps/gnuhealth/install/update-conf.sh b/lxc-apps/gnuhealth/install/update-conf.sh index 57e4043..8fedb18 100644 --- a/lxc-apps/gnuhealth/install/update-conf.sh +++ b/lxc-apps/gnuhealth/install/update-conf.sh @@ -1,3 +1,3 @@ #!/bin/sh -sed -i "s|\(^from = \).*|\1${EMAIL}|" /srv/gnuhealth/conf/trytond.conf +sed -i "s|\(^from = \).*|\1${EMAIL}|" /srv/gnuhealth/gnuhealth_conf/trytond.conf diff --git a/lxc-apps/kanboard/install/kanboard_conf/config.php b/lxc-apps/kanboard/install/kanboard_conf/config.php index 290c835..214b901 100644 --- a/lxc-apps/kanboard/install/kanboard_conf/config.php +++ b/lxc-apps/kanboard/install/kanboard_conf/config.php @@ -68,7 +68,7 @@ define('DB_USERNAME', 'kanboard'); define('DB_PASSWORD', '${KANBOARD_PWD}'); // Mysql/Postgres hostname -define('DB_HOSTNAME', 'postgres'); +define('DB_HOSTNAME', 'kanboard-postgres'); // Mysql/Postgres database name define('DB_NAME', 'kanboard'); diff --git a/lxc-apps/kanboard/install/update-conf.sh b/lxc-apps/kanboard/install/update-conf.sh index 4b8d77b..aedf93a 100644 --- a/lxc-apps/kanboard/install/update-conf.sh +++ b/lxc-apps/kanboard/install/update-conf.sh @@ -1,3 +1,3 @@ #!/bin/sh -sed -i "s|\(^define('MAIL_FROM', \).*|\1'${EMAIL}');|" /srv/kanboard/conf/config.php +sed -i "s|\(^define('MAIL_FROM', \).*|\1'${EMAIL}');|" /srv/kanboard/kanboard_conf/config.php diff --git a/lxc-apps/mifosx/install/mifosx_conf/context.xml b/lxc-apps/mifosx/install/mifosx_conf/context.xml index f1eb457..01e7b94 100644 --- a/lxc-apps/mifosx/install/mifosx_conf/context.xml +++ b/lxc-apps/mifosx/install/mifosx_conf/context.xml @@ -4,7 +4,7 @@ - + diff --git a/lxc-apps/seeddms/install/update-conf.sh b/lxc-apps/seeddms/install/update-conf.sh index f5f590f..c0651f1 100644 --- a/lxc-apps/seeddms/install/update-conf.sh +++ b/lxc-apps/seeddms/install/update-conf.sh @@ -1,3 +1,3 @@ #!/bin/sh -sed -i "s|\(^\s\+|" /srv/seeddms/conf/settings.xml +sed -i "s|\(^\s\+|" /srv/seeddms/seeddms_conf/settings.xml diff --git a/lxc-apps/sigmah/install/sigmah_conf/persistence.xml b/lxc-apps/sigmah/install/sigmah_conf/persistence.xml index 8144a8a..575ff0f 100644 --- a/lxc-apps/sigmah/install/sigmah_conf/persistence.xml +++ b/lxc-apps/sigmah/install/sigmah_conf/persistence.xml @@ -13,7 +13,7 @@ - + diff --git a/lxc-apps/sigmah/install/update-conf.sh b/lxc-apps/sigmah/install/update-conf.sh index 44561f2..ac29218 100644 --- a/lxc-apps/sigmah/install/update-conf.sh +++ b/lxc-apps/sigmah/install/update-conf.sh @@ -1,5 +1,5 @@ #!/bin/sh -sed -i "s|\(^mail\.from\.address=\).*|\1${EMAIL}|" /srv/sigmah/conf/sigmah.properties -sed -i "s|\(^mail\.support\.to=\).*|\1${EMAIL}|" /srv/sigmah/conf/sigmah.properties -sed -i "s|\(^maps\.key=\).*|\1${GMAPS_API_KEY}|" /srv/sigmah/conf/sigmah.properties +sed -i "s|\(^mail\.from\.address=\).*|\1${EMAIL}|" /srv/sigmah/sigmah_conf/sigmah.properties +sed -i "s|\(^mail\.support\.to=\).*|\1${EMAIL}|" /srv/sigmah/sigmah_conf/sigmah.properties +sed -i "s|\(^maps\.key=\).*|\1${GMAPS_API_KEY}|" /srv/sigmah/sigmah_conf/sigmah.properties diff --git a/lxc-apps/ushahidi/install/update-conf.sh b/lxc-apps/ushahidi/install/update-conf.sh index 335c7ba..17eecf6 100644 --- a/lxc-apps/ushahidi/install/update-conf.sh +++ b/lxc-apps/ushahidi/install/update-conf.sh @@ -2,14 +2,14 @@ HOST="${DOMAIN}" [ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}" -sed -i "s|\(^\s\+\"backend_url\": \).*|\1\"https://ush.${HOST}/platform\",|" /srv/ushahidi/conf/config.json +sed -i "s|\(^\s\+\"backend_url\": \).*|\1\"https://ush.${HOST}/platform\",|" /srv/ushahidi/ushahidi_conf/config.json API_URL="\"https:\\\/\\\/ush.${HOST}\\\/platform\\\/api\\\/v3\\\/config\\\/data-provider\"" QUERY="UPDATE \`config\` SET \`config_value\` = '${API_URL}' WHERE \`group_name\` LIKE 'data-provider' AND \`config_key\` LIKE 'url'" -lxc-attach mariadb -- mysql -e "${QUERY}" ushahidi +lxc-attach ushahidi-mariadb -- mysql -e "${QUERY}" ushahidi JSON="{\"incoming_type\":\"IMAP\",\"incoming_server\":\"localhost\",\"incoming_port\":143,\"incoming_security\":\"None\",\"incoming_username\":\"${EMAIL}\",\"incoming_password\":\"password\",\"outgoing_type\":\"SMTP\",\"outgoing_server\":\"host\",\"outgoing_port\":25,\"outgoing_security\":\"None\",\"outgoing_username\":\"${EMAIL}\",\"outgoing_password\":\"password\",\"from\":\"${EMAIL}\",\"from_name\":\"Ushahidi\"}" QUERY="UPDATE \`config\` SET \`config_value\` = '${JSON}' WHERE \`group_name\` LIKE 'data-provider' AND \`config_key\` LIKE 'email'" -lxc-attach mariadb -- mysql -e "${QUERY}" ushahidi +lxc-attach ushahidi-mariadb -- mysql -e "${QUERY}" ushahidi QUERY="UPDATE \`config\` SET \`config_value\` = '\"${EMAIL}\"' WHERE \`group_name\` LIKE 'site' AND \`config_key\` LIKE 'email'" -lxc-attach mariadb -- mysql -e "${QUERY}" ushahidi -sed -i "s|\(^\s\+\"google_analytics_id\": \).*|\1\"${GMAPS_API_KEY}\"|" /srv/ushahidi/conf/config.json +lxc-attach ushahidi-mariadb -- mysql -e "${QUERY}" ushahidi +sed -i "s|\(^\s\+\"google_analytics_id\": \).*|\1\"${GMAPS_API_KEY}\"|" /srv/ushahidi/ushahidi_conf/config.json diff --git a/lxc-apps/ushahidi/install/ushahidi_conf/env b/lxc-apps/ushahidi/install/ushahidi_conf/env index 42aa855..8b09956 100644 --- a/lxc-apps/ushahidi/install/ushahidi_conf/env +++ b/lxc-apps/ushahidi/install/ushahidi_conf/env @@ -1,4 +1,4 @@ -DB_HOST=mariadb +DB_HOST=ushahidi-mariadb DB_NAME=ushahidi DB_USER=ushahidi DB_PASS=${USHAHIDI_PWD} From 3a554e1c843cc6d418fd85045860bbe0ca69405c Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 16:35:10 +0200 Subject: [PATCH 044/228] Simplify composed builds --- build/build-all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/build/build-all.sh b/build/build-all.sh index 143025d..e3ac551 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -74,7 +74,6 @@ lxcbuild solr6 # Build applications cd ${ROOT}/lxc-apps lxcbuild ckan -lxcbuild ckan-datapusher lxcbuild crisiscleanup lxcbuild cts lxcbuild ecogis @@ -85,10 +84,8 @@ lxcbuild mifosx lxcbuild motech lxcbuild odoo lxcbuild opendatakit -lxcbuild opendatakit-build lxcbuild openmapkit lxcbuild pandora -lxcbuild sahana-shared lxcbuild sahana lxcbuild sahana-demo lxcbuild sambro From 1aaf16e8b790852920b140e3cc7e7ee328516210 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 17:26:19 +0200 Subject: [PATCH 045/228] Fix CKAN build --- lxc-apps/ckan/ckan.lxcfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/ckan/ckan.lxcfile b/lxc-apps/ckan/ckan.lxcfile index fb8226e..087b01c 100644 --- a/lxc-apps/ckan/ckan.lxcfile +++ b/lxc-apps/ckan/ckan.lxcfile @@ -44,6 +44,6 @@ RUN EOF rm -rf /root/.cache EOF -COPY lxc +COPY ckan.lxc CMD s6-svscan /etc/services.d From 715ad2240927f55d3bb7c5e0876fa1ec5510569c Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 17:47:33 +0200 Subject: [PATCH 046/228] Typo fix --- lxc-apps/ecogis/meta | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/ecogis/meta b/lxc-apps/ecogis/meta index c10fe71..afbbef5 100644 --- a/lxc-apps/ecogis/meta +++ b/lxc-apps/ecogis/meta @@ -14,7 +14,7 @@ ], "mounts": [ ["DIR", "/srv/ecogis/ecogis_data", "/srv/ecogis/data/files"], - ["FILE", "/srv/ecogis/ecogis_conf/config.php", "/srv/ecogis/etc/config.php"], + ["FILE", "/srv/ecogis/ecogis_conf/config.php", "/srv/ecogis/etc/config.php"] ] }, "ecogis-postgres": { From f2016d1b716beeacef34f56834be54085dfcf6e7 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 17:51:14 +0200 Subject: [PATCH 047/228] Fix FlSMS meta version --- lxc-apps/frontlinesms/meta | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxc-apps/frontlinesms/meta b/lxc-apps/frontlinesms/meta index 9b354bf..450600a 100644 --- a/lxc-apps/frontlinesms/meta +++ b/lxc-apps/frontlinesms/meta @@ -1,5 +1,5 @@ { - "version": "0.0.1-190620", + "version": "2.6.5-190620", "meta": { "title": "FrontlineSMS", "desc-cs": "Hromadné odesílání zpráv", @@ -8,7 +8,7 @@ }, "containers": { "frontlinesms": { - "image": "frontlinesms_0.0.1-190620", + "image": "frontlinesms_2.6.5-190620", "mounts": [ ["DIR", "/srv/frontlinesms/flsms_data", "/srv/frontlinesms/.frontlinesms2"] ] From 62a6612a7944f4e9661725788d7268d3ad838ad2 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 22:26:54 +0200 Subject: [PATCH 048/228] Implement scratch containers and image/app removal --- apk/vmmgr | 2 +- build/usr/bin/lxcbuild | 77 +++++++++++------ build/usr/lib/python3.6/lxcbuild/app.py | 22 +++-- build/usr/lib/python3.6/lxcbuild/apppacker.py | 61 +++++++++++++ build/usr/lib/python3.6/lxcbuild/image.py | 47 ++++++---- .../lxcbuild/{builder.py => imagebuilder.py} | 32 ++++--- .../usr/lib/python3.6/lxcbuild/imagepacker.py | 66 ++++++++++++++ build/usr/lib/python3.6/lxcbuild/packer.py | 85 +------------------ 8 files changed, 243 insertions(+), 149 deletions(-) create mode 100644 build/usr/lib/python3.6/lxcbuild/apppacker.py rename build/usr/lib/python3.6/lxcbuild/{builder.py => imagebuilder.py} (88%) create mode 100644 build/usr/lib/python3.6/lxcbuild/imagepacker.py diff --git a/apk/vmmgr b/apk/vmmgr index 6045349..b02fc3f 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 6045349f9c3602d6ba9b081a62d4338b202521d6 +Subproject commit b02fc3f42c65d8833451e41b550f7588c9de2cc2 diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild index a2673b8..9d47df9 100755 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -8,37 +8,62 @@ from lxcbuild.app import App from lxcbuild.image import Image parser = argparse.ArgumentParser(description='VM application builder and packager') -parser.add_argument('-f', '--force', action='store_true', help='Force rebuild already built package') -parser.add_argument('buildpath', help='Either specific "lxcfile" or "meta" file or a directory containing at least one') +group = parser.add_mutually_exclusive_group() +group.add_argument('-f', '--force', action='store_true', help='Force rebuild already built package') +group.add_argument('-s', '--scratch', action='store_true', help='Build container for testing purposes, i.e. without cleanup on failure and packaging') +group.add_argument('-r', '--remove-image', action='store_true', help='Delete image (including scratch) from build repository') +group.add_argument('-e', '--remove-app', action='store_true', help='Delete application from build repository') +parser.add_argument('buildarg', help='Either specific "lxcfile" or "meta" file or a directory containing at least one of them') if len(sys.argv) < 2: parser.print_usage() sys.exit(1) args = parser.parse_args() -buildpath = os.path.realpath(args.buildpath) -if os.path.isfile(buildpath): - basename = os.path.basename(buildpath) - if basename == 'lxcfile' or basename.endswith('.lxcfile'): - image = Image(buildpath) - image.build_and_pack(args.force) - elif basename == 'meta' or basename.endswith('.meta'): - app = App(buildpath) - app.pack() - else: - print('Unknown file {} given, expected "lxcfile" or "meta"'.format(buildpath)) - sys.exit(1) +def build_and_pack_image(args, path): + image = Image() + image.force_build = args.force or args.scratch + image.scratch_build = args.scratch + image.build_and_pack(path) + +def pack_app(path): + app = App() + app.pack(path) + +if args.remove_image: + image = Image() + image.name = args.buildarg + image.remove() +elif args.remove_app: + app = App() + app.name = args.buildarg + app.remove() else: - valid_dir = False - for entry in os.scandir(buildpath): - if entry.is_file() and (entry.name == 'lxcfile' or entry.name.endswith('.lxcfile')): + buildpath = os.path.realpath(args.buildarg) + # If the buildpath is a file, determine type from filename + if os.path.isfile(buildpath): + basename = os.path.basename(buildpath) + if basename == 'lxcfile' or basename.endswith('.lxcfile'): + build_and_pack_image(args, buildpath) + # Compose files needs to be ignored when performing scratch builds + elif not args.scratch and basename == 'meta': + pack_app(buildpath) + else: + print('Unknown file {} given, expected "lxcfile"{}'.format(buildpath, '' if args.scratch else ' or "meta"')) + sys.exit(1) + # If the buildpath is a directory, build as much as possible, unless scratch build was requested, in which case don't build anything + else: + if args.scratch: + print('Please specify an lxcfile for scratch build') + sys.exit(1) + valid_dir = False + for entry in os.scandir(buildpath): + if entry.is_file() and (entry.name == 'lxcfile' or entry.name.endswith('.lxcfile')): + valid_dir = True + build_and_pack_image(args, entry.path) + meta = os.path.join(buildpath, 'meta') + if os.path.exists(meta): valid_dir = True - image = Image(entry.path) - image.build_and_pack(args.force) - meta = os.path.join(buildpath, 'meta') - if os.path.exists(meta): - valid_dir = True - app = App(meta) - app.pack() - if not valid_dir: - print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) + pack_app(meta) + if not valid_dir: + print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) diff --git a/build/usr/lib/python3.6/lxcbuild/app.py b/build/usr/lib/python3.6/lxcbuild/app.py index b1dfe74..2b25e73 100644 --- a/build/usr/lib/python3.6/lxcbuild/app.py +++ b/build/usr/lib/python3.6/lxcbuild/app.py @@ -4,11 +4,16 @@ import json import os import sys -from .builder import ImageNotFoundError -from .packer import Packer +from .apppacker import AppPacker +from .imagebuilder import ImageNotFoundError class App: - def __init__(self, metafile): + def __init__(self): + self.name = None + self.conf = {} + self.build_dir = None + + def load_metafile(self, metafile): self.build_dir = os.path.dirname(metafile) if os.path.basename(metafile) == 'meta': self.name = os.path.basename(self.build_dir) @@ -17,10 +22,15 @@ class App: with open(metafile, 'r') as f: self.conf = json.load(f) - def pack(self): - packer = Packer() + def pack(self, metafile): + self.load_metafile(metafile) + packer = AppPacker(self) try: - packer.pack_app(self) + packer.pack() except ImageNotFoundError as e: print('Image {} not found, can\'t pack {}'.format(e, self.name)) sys.exit(1) + + def remove(self): + packer = AppPacker(self) + packer.remove() diff --git a/build/usr/lib/python3.6/lxcbuild/apppacker.py b/build/usr/lib/python3.6/lxcbuild/apppacker.py new file mode 100644 index 0000000..dac61cd --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/apppacker.py @@ -0,0 +1,61 @@ +# -*- coding: utf-8 -*- + +import os +import subprocess + +from . import crypto +from .imagebuilder import ImageNotFoundError +from .packer import Packer +from .paths import REPO_APPS_DIR + +class AppPacker(Packer): + def __init__(self, app): + super().__init__() + self.app = app + # Prepare package file names + self.tar_path = os.path.join(REPO_APPS_DIR, '{}.tar'.format(self.app.name)) + self.xz_path = '{}.xz'.format(self.tar_path) + + def pack(self): + # Check if all images used by containers exist + for container in self.app.conf['containers']: + image = self.app.conf['containers'][container]['image'] + if image not in self.packages['images']: + raise ImageNotFoundError(image) + try: + os.unlink(self.xz_path) + except FileNotFoundError: + pass + self.create_archive() + self.register() + self.sign_packages() + + def remove(self): + self.unregister() + try: + os.unlink(self.xz_path) + except FileNotFoundError: + pass + + def create_archive(self): + # Create archive with application setup scripts + print('Archiving setup scripts for', self.app.name) + scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') + scripts = [s for s in scripts if os.path.exists(os.path.join(self.app.build_dir, s))] + subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, '--transform', 's,^,{}/,'.format(self.app.name)] + scripts, cwd=self.app.build_dir) + self.compress_archive() + + def register(self): + # Register package in global repository metadata file + print('Registering package {}'.format(self.app.name)) + self.packages['apps'][self.app.name] = self.app.conf.copy() + self.packages['apps'][self.app.name]['size'] = self.tar_size + self.packages['apps'][self.app.name]['pkgsize'] = self.xz_size + self.packages['apps'][self.app.name]['sha512'] = crypto.hash_file(self.xz_path) + self.save_repo_meta() + + def unregister(self): + # Removes package from global repository metadata file + if self.app.name in self.packages['apps']: + del self.packages['apps'][self.app.name] + self.save_repo_meta() diff --git a/build/usr/lib/python3.6/lxcbuild/image.py b/build/usr/lib/python3.6/lxcbuild/image.py index f77bff8..0bc3260 100644 --- a/build/usr/lib/python3.6/lxcbuild/image.py +++ b/build/usr/lib/python3.6/lxcbuild/image.py @@ -3,24 +3,30 @@ import os import sys -from .builder import Builder, ImageExistsError, ImageNotFoundError -from .packer import Packer, PackageExistsError +from lxcmgr import lxcmgr + +from .imagebuilder import ImageBuilder, ImageExistsError, ImageNotFoundError +from .imagepacker import ImagePacker +from .packer import PackageExistsError class Image: - def __init__(self, lxcfile): + def __init__(self): self.name = None - self.path = None self.conf = {} + self.lxcfile = None + self.build_dir = None + self.force_build = False + self.scratch_build = False + + def build_and_pack(self, lxcfile): self.lxcfile = lxcfile self.build_dir = os.path.dirname(lxcfile) - - def build_and_pack(self, force): self.conf['build'] = True try: - builder = Builder() - builder.build(self, force) + builder = ImageBuilder(self) + builder.build() # In case of successful build, packaging needs to happen in all cases to prevent outdated packages - force = True + self.force_build = True except ImageExistsError as e: print('Image {} already exists, skipping build tasks'.format(e)) except ImageNotFoundError as e: @@ -28,11 +34,22 @@ class Image: builder.clean() sys.exit(1) except: - builder.clean() + if not self.scratch_build: + builder.clean() raise del self.conf['build'] - try: - packer = Packer() - packer.pack_image(self, force) - except PackageExistsError as e: - print('Package {} already exists, skipping packaging tasks'.format(e)) + # If we're doing a scratch build, regenerate the final LXC container configuration including ephemeral layer + if self.scratch_build: + lxcmgr.create_container(self.name, self.conf) + else: + try: + packer = ImagePacker(self) + packer.pack() + except PackageExistsError as e: + print('Package {} already exists, skipping packaging tasks'.format(e)) + + def remove(self): + builder = ImageBuilder(self) + builder.clean() + packer = ImagePacker(self) + packer.remove() diff --git a/build/usr/lib/python3.6/lxcbuild/builder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py similarity index 88% rename from build/usr/lib/python3.6/lxcbuild/builder.py rename to build/usr/lib/python3.6/lxcbuild/imagebuilder.py index 3e20780..337a9c5 100644 --- a/build/usr/lib/python3.6/lxcbuild/builder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -14,16 +14,13 @@ class ImageExistsError(Exception): class ImageNotFoundError(Exception): pass -class Builder: - def __init__(self): - self.image = None +class ImageBuilder: + def __init__(self, image): + self.image = image self.script = [] self.script_eof = None - self.force = False - def build(self, image, force=False): - self.image = image - self.force = force + def build(self): with open(self.image.lxcfile, 'r') as f: for line in f: line = line.strip() @@ -67,26 +64,27 @@ class Builder: def run_script(self, script): lxcmgr.create_container(self.image.name, self.image.conf) - sh = os.path.join(self.image.path, 'run.sh') + sh = os.path.join(LXC_STORAGE_DIR, self.image.name, 'run.sh') with open(sh, 'w') as f: f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script))) os.chmod(sh, 0o700) os.chown(sh, 100000, 100000) subprocess.run(['lxc-execute', self.image.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True) os.unlink(sh) - lxcmgr.destroy_container(self.image.name) + if not self.image.scratch_build: + lxcmgr.destroy_container(self.image.name) def set_name(self, name): self.image.name = name - self.image.path = self.get_layer_path(name) self.image.conf['layers'] = [name] - if os.path.exists(self.image.path): - if self.force: + image_path = self.get_layer_path(name) + if os.path.exists(image_path): + if self.image.force_build: self.clean() else: - raise ImageExistsError(self.image.path) - os.makedirs(self.image.path, 0o755, True) - os.chown(self.image.path, 100000, 100000) + raise ImageExistsError(image_path) + os.makedirs(image_path, 0o755, True) + os.chown(image_path, 100000, 100000) def add_layer(self, name): layer_path = self.get_layer_path(name) @@ -99,7 +97,7 @@ class Builder: subprocess.run(cmd + layers, check=True) def copy_files(self, src, dst): - dst = os.path.join(self.image.path, dst) + dst = os.path.join(LXC_STORAGE_DIR, self.image.name, dst) if src.startswith('http://') or src.startswith('https://'): unpack_http_archive(src, dst) else: @@ -128,8 +126,8 @@ class Builder: self.image.conf['ready'] = cmd def clean(self): - shutil.rmtree(self.image.path) lxcmgr.destroy_container(self.image.name) + shutil.rmtree(self.get_layer_path(self.image.name)) def unpack_http_archive(src, dst): xf = 'xzf' diff --git a/build/usr/lib/python3.6/lxcbuild/imagepacker.py b/build/usr/lib/python3.6/lxcbuild/imagepacker.py new file mode 100644 index 0000000..9c3b869 --- /dev/null +++ b/build/usr/lib/python3.6/lxcbuild/imagepacker.py @@ -0,0 +1,66 @@ +# -*- coding: utf-8 -*- + +import os +import subprocess + +from lxcmgr.paths import LXC_STORAGE_DIR +from lxcmgr.pkgmgr import PkgMgr + +from . import crypto +from .packer import Packer +from .paths import REPO_IMAGES_DIR + +class ImagePacker(Packer): + def __init__(self, image): + super().__init__() + self.image = image + # Prepare package file names + self.tar_path = os.path.join(REPO_IMAGES_DIR, '{}.tar'.format(self.image.name)) + self.xz_path = '{}.xz'.format(self.tar_path) + + def pack(self): + if self.image.force_build: + self.unregister() + try: + os.unlink(self.xz_path) + except FileNotFoundError: + pass + elif os.path.exists(self.xz_path): + raise PackageExistsError(self.xz_path) + self.create_archive() + self.register() + self.sign_packages() + + def remove(self): + self.unregister() + try: + os.unlink(self.xz_path) + except FileNotFoundError: + pass + + def create_archive(self): + # Create archive + print('Archiving', self.image.path) + subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, self.image.name], cwd=LXC_STORAGE_DIR) + self.compress_archive() + + def register(self): + # Register image in global repository metadata file + print('Registering package {}'.format(self.image.name)) + self.packages['images'][self.image.name] = self.image.conf.copy() + self.packages['images'][self.image.name]['size'] = self.tar_size + self.packages['images'][self.image.name]['pkgsize'] = self.xz_size + self.packages['images'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) + self.save_repo_meta() + # Register the image also to locally installed images for package manager + pm = PkgMgr() + pm.register_image(self.image.name, self.packages['images'][self.image.name]) + + def unregister(self): + # Removes package from global repository metadata file + if self.image.name in self.packages['images']: + del self.packages['images'][self.image.name] + self.save_repo_meta() + # Unregister the image also from locally installed images for package manager + pm = PkgMgr() + pm.unregister_image(self.image.name) diff --git a/build/usr/lib/python3.6/lxcbuild/packer.py b/build/usr/lib/python3.6/lxcbuild/packer.py index 11aab79..0a55efd 100644 --- a/build/usr/lib/python3.6/lxcbuild/packer.py +++ b/build/usr/lib/python3.6/lxcbuild/packer.py @@ -3,22 +3,15 @@ import json import os import subprocess -import sys - -from lxcmgr.paths import LXC_STORAGE_DIR -from lxcmgr.pkgmgr import PkgMgr from . import crypto -from .builder import ImageNotFoundError -from .paths import PRIVATE_KEY, REPO_APPS_DIR, REPO_IMAGES_DIR, REPO_META_FILE, REPO_SIG_FILE +from .paths import PRIVATE_KEY, REPO_META_FILE, REPO_SIG_FILE class PackageExistsError(Exception): pass class Packer: def __init__(self): - self.app = None - self.image = None self.tar_path = None self.tar_size = 0 self.xz_path = None @@ -33,29 +26,6 @@ class Packer: with open(REPO_META_FILE, 'w') as f: json.dump(self.packages, f, sort_keys=True, indent=4) - def pack_image(self, image, force): - self.image = image - # Prepare package file names - self.tar_path = os.path.join(REPO_IMAGES_DIR, '{}.tar'.format(self.image.name)) - self.xz_path = '{}.xz'.format(self.tar_path) - if force: - self.unregister_image() - try: - os.unlink(self.xz_path) - except FileNotFoundError: - pass - elif os.path.exists(self.xz_path): - raise PackageExistsError(self.xz_path) - self.create_image_archive() - self.register_image() - self.sign_packages() - - def create_image_archive(self): - # Create archive - print('Archiving', self.image.path) - subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, self.image.name], cwd=LXC_STORAGE_DIR) - self.compress_archive() - def compress_archive(self): # Compress the tarball with xz (LZMA2) self.tar_size = os.path.getsize(self.tar_path) @@ -64,60 +34,7 @@ class Packer: self.xz_size = os.path.getsize(self.xz_path) print('Compressed ', self.xz_path, '({:.2f} MB)'.format(self.xz_size/1048576)) - def register_image(self): - # Register image in global repository metadata file - print('Registering package {}'.format(self.image.name)) - self.packages['images'][self.image.name] = self.image.conf.copy() - self.packages['images'][self.image.name]['size'] = self.tar_size - self.packages['images'][self.image.name]['pkgsize'] = self.xz_size - self.packages['images'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) - self.save_repo_meta() - # Register the image also to locally installed images for package manager - pm = PkgMgr() - pm.register_image(self.image.name, self.packages['images'][self.image.name]) - def sign_packages(self): signature = crypto.sign_file(PRIVATE_KEY, REPO_META_FILE) with open(REPO_SIG_FILE, 'wb') as f: f.write(signature) - - def unregister_image(self): - # Removes package from global repository metadata file - if self.image.name in self.packages['images']: - del self.packages['images'][self.image.name] - self.save_repo_meta() - - def pack_app(self, app): - self.app = app - # Check if all images exist - for container in app.conf['containers']: - image = app.conf['containers'][container]['image'] - if image not in self.packages['images']: - raise ImageNotFoundError(image) - # Prepare package file names - self.tar_path = os.path.join(REPO_APPS_DIR, '{}.tar'.format(self.app.name)) - self.xz_path = '{}.xz'.format(self.tar_path) - try: - os.unlink(self.xz_path) - except FileNotFoundError: - pass - self.create_app_archive() - self.register_app() - self.sign_packages() - - def create_app_archive(self): - # Create archive with application setup scripts - print('Archiving setup scripts for', self.app.name) - scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh') - scripts = [s for s in scripts if os.path.exists(os.path.join(self.app.build_dir, s))] - subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, '--transform', 's,^,{}/,'.format(self.app.name)] + scripts, cwd=self.app.build_dir) - self.compress_archive() - - def register_app(self): - # Register package in global repository metadata file - print('Registering package {}'.format(self.app.name)) - self.packages['apps'][self.app.name] = self.app.conf.copy() - self.packages['apps'][self.app.name]['size'] = self.tar_size - self.packages['apps'][self.app.name]['pkgsize'] = self.xz_size - self.packages['apps'][self.app.name]['sha512'] = crypto.hash_file(self.xz_path) - self.save_repo_meta() From 93cc9f435b37c0b29478660f7b4375ec1a6707b4 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 22:42:29 +0200 Subject: [PATCH 049/228] String formatting simplification --- apk/vmmgr | 2 +- build/usr/lib/python3.6/lxcbuild/apppacker.py | 2 +- build/usr/lib/python3.6/lxcbuild/imagepacker.py | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index b02fc3f..ecfa225 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit b02fc3f42c65d8833451e41b550f7588c9de2cc2 +Subproject commit ecfa2251877abd38e681b0faa35fc4c246723e11 diff --git a/build/usr/lib/python3.6/lxcbuild/apppacker.py b/build/usr/lib/python3.6/lxcbuild/apppacker.py index dac61cd..29412de 100644 --- a/build/usr/lib/python3.6/lxcbuild/apppacker.py +++ b/build/usr/lib/python3.6/lxcbuild/apppacker.py @@ -47,7 +47,7 @@ class AppPacker(Packer): def register(self): # Register package in global repository metadata file - print('Registering package {}'.format(self.app.name)) + print('Registering package', self.app.name) self.packages['apps'][self.app.name] = self.app.conf.copy() self.packages['apps'][self.app.name]['size'] = self.tar_size self.packages['apps'][self.app.name]['pkgsize'] = self.xz_size diff --git a/build/usr/lib/python3.6/lxcbuild/imagepacker.py b/build/usr/lib/python3.6/lxcbuild/imagepacker.py index 9c3b869..aad02d0 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagepacker.py +++ b/build/usr/lib/python3.6/lxcbuild/imagepacker.py @@ -40,13 +40,13 @@ class ImagePacker(Packer): def create_archive(self): # Create archive - print('Archiving', self.image.path) + print('Archiving', self.image.name) subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, self.image.name], cwd=LXC_STORAGE_DIR) self.compress_archive() def register(self): # Register image in global repository metadata file - print('Registering package {}'.format(self.image.name)) + print('Registering package', self.image.name) self.packages['images'][self.image.name] = self.image.conf.copy() self.packages['images'][self.image.name]['size'] = self.tar_size self.packages['images'][self.image.name]['pkgsize'] = self.xz_size From 466a83e407e62017bbfb36704999d6a0f04e8883 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 23:09:30 +0200 Subject: [PATCH 050/228] Allow scratch builds with dir as argument --- build/usr/bin/lxcbuild | 33 +++++++++++-------- build/usr/lib/python3.6/lxcbuild/apppacker.py | 2 +- .../usr/lib/python3.6/lxcbuild/imagepacker.py | 4 +-- 3 files changed, 22 insertions(+), 17 deletions(-) diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild index 9d47df9..e15b61b 100755 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -20,7 +20,7 @@ if len(sys.argv) < 2: sys.exit(1) args = parser.parse_args() -def build_and_pack_image(args, path): +def build_and_pack_image(path, args): image = Image() image.force_build = args.force or args.scratch image.scratch_build = args.scratch @@ -44,7 +44,7 @@ else: if os.path.isfile(buildpath): basename = os.path.basename(buildpath) if basename == 'lxcfile' or basename.endswith('.lxcfile'): - build_and_pack_image(args, buildpath) + build_and_pack_image(buildpath, args) # Compose files needs to be ignored when performing scratch builds elif not args.scratch and basename == 'meta': pack_app(buildpath) @@ -54,16 +54,21 @@ else: # If the buildpath is a directory, build as much as possible, unless scratch build was requested, in which case don't build anything else: if args.scratch: - print('Please specify an lxcfile for scratch build') - sys.exit(1) - valid_dir = False - for entry in os.scandir(buildpath): - if entry.is_file() and (entry.name == 'lxcfile' or entry.name.endswith('.lxcfile')): + lxcfile = os.path.join(buildpath, 'lxcfile') + if os.path.exists(lxcfile): + build_and_pack_image(lxcfile, args) + else: + print('Please specify an lxcfile for scratch build') + sys.exit(1) + else: + valid_dir = False + for entry in os.scandir(buildpath): + if entry.is_file() and (entry.name == 'lxcfile' or entry.name.endswith('.lxcfile')): + valid_dir = True + build_and_pack_image(entry.path, args) + meta = os.path.join(buildpath, 'meta') + if os.path.exists(meta): valid_dir = True - build_and_pack_image(args, entry.path) - meta = os.path.join(buildpath, 'meta') - if os.path.exists(meta): - valid_dir = True - pack_app(meta) - if not valid_dir: - print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) + pack_app(meta) + if not valid_dir: + print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) diff --git a/build/usr/lib/python3.6/lxcbuild/apppacker.py b/build/usr/lib/python3.6/lxcbuild/apppacker.py index 29412de..24da80a 100644 --- a/build/usr/lib/python3.6/lxcbuild/apppacker.py +++ b/build/usr/lib/python3.6/lxcbuild/apppacker.py @@ -47,7 +47,7 @@ class AppPacker(Packer): def register(self): # Register package in global repository metadata file - print('Registering package', self.app.name) + print('Registering application package', self.app.name) self.packages['apps'][self.app.name] = self.app.conf.copy() self.packages['apps'][self.app.name]['size'] = self.tar_size self.packages['apps'][self.app.name]['pkgsize'] = self.xz_size diff --git a/build/usr/lib/python3.6/lxcbuild/imagepacker.py b/build/usr/lib/python3.6/lxcbuild/imagepacker.py index aad02d0..4ce7fd9 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagepacker.py +++ b/build/usr/lib/python3.6/lxcbuild/imagepacker.py @@ -40,13 +40,13 @@ class ImagePacker(Packer): def create_archive(self): # Create archive - print('Archiving', self.image.name) + print('Archiving image', self.image.name) subprocess.run(['tar', '--xattrs', '-cpf', self.tar_path, self.image.name], cwd=LXC_STORAGE_DIR) self.compress_archive() def register(self): # Register image in global repository metadata file - print('Registering package', self.image.name) + print('Registering image package', self.image.name) self.packages['images'][self.image.name] = self.image.conf.copy() self.packages['images'][self.image.name]['size'] = self.tar_size self.packages['images'][self.image.name]['pkgsize'] = self.xz_size From 3a3552f1548089217bb0c07d779fb62288de848c Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 23:09:59 +0200 Subject: [PATCH 051/228] Fix GNU Health build via symlink to current version of trytond --- lxc-apps/gnuhealth/lxcfile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile index f0fed8f..cf2634e 100644 --- a/lxc-apps/gnuhealth/lxcfile +++ b/lxc-apps/gnuhealth/lxcfile @@ -14,7 +14,6 @@ RUN EOF apk --no-cache add --virtual .deps build-base git libffi-dev libjpeg-turbo-dev libxml2-dev libxslt-dev ncurses npm patch postgresql-dev python3-dev sudo # Download GNU Health - # To get the matching trytond version, check latest trytond-.tar.gz on http://downloads.tryton.org/4.6/ wget http://ftp.gnu.org/gnu/health/gnuhealth-3.4.1.tar.gz -O /tmp/gnuhealth.tgz tar xzf /tmp/gnuhealth.tgz -C /srv mv /srv/gnuhealth-3.4.1 /srv/install @@ -34,11 +33,14 @@ RUN EOF cd /srv/install sudo -u gnuhealth ./gnuhealth-setup install + # Create symlink for the current version of trytond + ln -s /srv/gnuhealth/gnuhealth/tryton/server/trytond-* /srv/gnuhealth/gnuhealth/tryton/server/trytond-current + # Hackfix extraneous pymongo requirement sed -i '/pymongo/d' /srv/gnuhealth/gnuhealth/tryton/server/modules/health_federation/health_federation.py # Hackfix template1 database lock - sed -i 's/template1/gnuhealth/g' /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15/trytond/backend/postgresql/database.py + sed -i 's/template1/gnuhealth/g' /srv/gnuhealth/gnuhealth/tryton/server/trytond-current/trytond/backend/postgresql/database.py # Install Sao (Tryton web client) dependencies cd /srv/gnuhealth/sao @@ -55,9 +57,9 @@ RUN EOF rm -f /tmp/gnuhealth.tgz EOF -ENV PATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV PATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-current/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ENV TRYTOND_CONFIG /srv/gnuhealth/gnuhealth/tryton/server/config/trytond.conf -ENV PYTHONPATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-4.6.15:/srv/gnuhealth/gnuhealth/tryton/server/config +ENV PYTHONPATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-current:/srv/gnuhealth/gnuhealth/tryton/server/config USER 8008 8008 CMD trytond --verbose From d476a36f248a51196737e88ca47890d758a519a4 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 23:37:44 +0200 Subject: [PATCH 052/228] Fix propagated typo --- lxc-apps/gnuhealth/meta | 2 +- lxc-apps/kanboard/meta | 2 +- lxc-apps/mifosx/meta | 2 +- lxc-apps/motech/meta | 2 +- lxc-apps/odoo/meta | 2 +- lxc-apps/opendatakit/meta | 2 +- lxc-apps/openmapkit/meta | 2 +- lxc-apps/pandora/meta | 2 +- lxc-apps/sahana-demo/meta | 2 +- lxc-apps/sahana/meta | 2 +- lxc-apps/sambro/meta | 2 +- lxc-apps/seeddms/meta | 2 +- lxc-apps/sigmah/meta | 2 +- lxc-apps/ushahidi/meta | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lxc-apps/gnuhealth/meta b/lxc-apps/gnuhealth/meta index 13f78e3..49607f8 100644 --- a/lxc-apps/gnuhealth/meta +++ b/lxc-apps/gnuhealth/meta @@ -4,7 +4,7 @@ "title": "GNU Health", "desc-cs": "Lékařské záznamy pacientů", "desc-en": "Medical records administration", - "license": "GPL", + "license": "GPL" }, "containers": { "gnuhealth": { diff --git a/lxc-apps/kanboard/meta b/lxc-apps/kanboard/meta index 1e913af..c844238 100644 --- a/lxc-apps/kanboard/meta +++ b/lxc-apps/kanboard/meta @@ -4,7 +4,7 @@ "title": "KanBoard", "desc-cs": "Kanban řízení projektů", "desc-en": "Kanban project management", - "license": "GPL", + "license": "GPL" }, "containers": { "kanboard": { diff --git a/lxc-apps/mifosx/meta b/lxc-apps/mifosx/meta index 6c51a57..1d6abc8 100644 --- a/lxc-apps/mifosx/meta +++ b/lxc-apps/mifosx/meta @@ -4,7 +4,7 @@ "title": "Mifos X", "desc-cs": "Mikrofinancování rozvojových projektů", "desc-en": "Development projects microfinancing", - "license": "GPL", + "license": "GPL" }, "containers": { "mifosx": { diff --git a/lxc-apps/motech/meta b/lxc-apps/motech/meta index 1f78046..43e46e7 100644 --- a/lxc-apps/motech/meta +++ b/lxc-apps/motech/meta @@ -4,7 +4,7 @@ "title": "Motech", "desc-cs": "Automatizace komunikace", "desc-en": "Communication automation", - "license": "GPL", + "license": "GPL" }, "containers": { "motech": { diff --git a/lxc-apps/odoo/meta b/lxc-apps/odoo/meta index 34ce18f..0c2b60e 100644 --- a/lxc-apps/odoo/meta +++ b/lxc-apps/odoo/meta @@ -4,7 +4,7 @@ "title": "Odoo", "desc-cs": "Sada aplikací pro správu organizace", "desc-en": "Company management application suite", - "license": "GPL", + "license": "GPL" }, "containers": { "odoo": { diff --git a/lxc-apps/opendatakit/meta b/lxc-apps/opendatakit/meta index b0d4e27..440e4dc 100644 --- a/lxc-apps/opendatakit/meta +++ b/lxc-apps/opendatakit/meta @@ -4,7 +4,7 @@ "title": "OpenDataKit", "desc-cs": "Sběr formulářových dat", "desc-en": "Form data collection", - "license": "GPL", + "license": "GPL" }, "containers": { "opendatakit": { diff --git a/lxc-apps/openmapkit/meta b/lxc-apps/openmapkit/meta index dc7adba..244a1b4 100644 --- a/lxc-apps/openmapkit/meta +++ b/lxc-apps/openmapkit/meta @@ -4,7 +4,7 @@ "title": "OpenMapKit", "desc-cs": "Sběr mapových dat", "desc-en": "Map data collection", - "license": "GPL", + "license": "GPL" }, "containers": { "openmapkit": { diff --git a/lxc-apps/pandora/meta b/lxc-apps/pandora/meta index ce9bd72..a32fa04 100644 --- a/lxc-apps/pandora/meta +++ b/lxc-apps/pandora/meta @@ -4,7 +4,7 @@ "title": "Pan.do/ra", "desc-cs": "Archiv medií", "desc-en": "Media archive", - "license": "GPL", + "license": "GPL" }, "containers": { "pandora": { diff --git a/lxc-apps/sahana-demo/meta b/lxc-apps/sahana-demo/meta index 1be2cdc..f761794 100644 --- a/lxc-apps/sahana-demo/meta +++ b/lxc-apps/sahana-demo/meta @@ -4,7 +4,7 @@ "title": "Sahana Eden - Demo", "desc-cs": "Řízení humanítární činnosti - Demo instance", "desc-en": "Management of humanitarian activities - Demo instance", - "license": "GPL", + "license": "GPL" }, "containers": { "sahana-demo": { diff --git a/lxc-apps/sahana/meta b/lxc-apps/sahana/meta index 0272165..303ee12 100644 --- a/lxc-apps/sahana/meta +++ b/lxc-apps/sahana/meta @@ -4,7 +4,7 @@ "title": "Sahana Eden", "desc-cs": "Řízení humanítární činnosti", "desc-en": "Management of humanitarian activities", - "license": "GPL", + "license": "GPL" }, "containers": { "sahana": { diff --git a/lxc-apps/sambro/meta b/lxc-apps/sambro/meta index dc75bc8..be46534 100644 --- a/lxc-apps/sambro/meta +++ b/lxc-apps/sambro/meta @@ -4,7 +4,7 @@ "title": "Sahana Eden - SAMBRO", "desc-cs": "Řízení humanítární činnosti - Centrum hlášení a výstrah", "desc-en": "Management of humanitarian activities - Reporting and alerting center", - "license": "GPL", + "license": "GPL" }, "containers": { "sambro": { diff --git a/lxc-apps/seeddms/meta b/lxc-apps/seeddms/meta index 186af42..eccb9aa 100644 --- a/lxc-apps/seeddms/meta +++ b/lxc-apps/seeddms/meta @@ -4,7 +4,7 @@ "title": "SeedDMS", "desc-cs": "Archiv dokumentace", "desc-en": "Document management system", - "license": "GPL", + "license": "GPL" }, "containers": { "seeddms": { diff --git a/lxc-apps/sigmah/meta b/lxc-apps/sigmah/meta index a0faf6b..2460b98 100644 --- a/lxc-apps/sigmah/meta +++ b/lxc-apps/sigmah/meta @@ -4,7 +4,7 @@ "title": "Sigmah", "desc-cs": "Finanční řízení sbírek", "desc-en": "Donation management", - "license": "GPL", + "license": "GPL" }, "containers": { "sigmah": { diff --git a/lxc-apps/ushahidi/meta b/lxc-apps/ushahidi/meta index 153351a..635222d 100644 --- a/lxc-apps/ushahidi/meta +++ b/lxc-apps/ushahidi/meta @@ -4,7 +4,7 @@ "title": "Ushahidi", "desc-cs": "Skupinová reakce na události", "desc-en": "Group reaction to events", - "license": "GPL", + "license": "GPL" }, "containers": { "ushahidi": { From 8434f192c9698d130a502bf2873efa9c40cfb2fb Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 23:39:00 +0200 Subject: [PATCH 053/228] Fix missing import --- build/usr/lib/python3.6/lxcbuild/imagepacker.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/usr/lib/python3.6/lxcbuild/imagepacker.py b/build/usr/lib/python3.6/lxcbuild/imagepacker.py index 4ce7fd9..f423dfa 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagepacker.py +++ b/build/usr/lib/python3.6/lxcbuild/imagepacker.py @@ -7,7 +7,7 @@ from lxcmgr.paths import LXC_STORAGE_DIR from lxcmgr.pkgmgr import PkgMgr from . import crypto -from .packer import Packer +from .packer import PackageExistsError, Packer from .paths import REPO_IMAGES_DIR class ImagePacker(Packer): From f9507ae4b7da89ec546a141c0a17113da6026b8e Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 5 Oct 2019 23:53:32 +0200 Subject: [PATCH 054/228] Fix ODK build --- lxc-apps/opendatakit/opendatakit-build.lxcfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/opendatakit/opendatakit-build.lxcfile b/lxc-apps/opendatakit/opendatakit-build.lxcfile index d4371e7..b818d42 100644 --- a/lxc-apps/opendatakit/opendatakit-build.lxcfile +++ b/lxc-apps/opendatakit/opendatakit-build.lxcfile @@ -38,6 +38,6 @@ RUN EOF rm -rf /root/.bundle /root/.config /root/.npm EOF -COPY lxc +COPY opendatakit-build.lxc CMD s6-svscan /etc/services.d From 79efa46226bb811e2dec038a79ddaf8395191a8f Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 6 Oct 2019 00:03:39 +0200 Subject: [PATCH 055/228] Fix rabbitmq image for Pandora --- lxc-apps/pandora/meta | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/pandora/meta b/lxc-apps/pandora/meta index a32fa04..c416f74 100644 --- a/lxc-apps/pandora/meta +++ b/lxc-apps/pandora/meta @@ -25,7 +25,7 @@ ] }, "pandora-rabbitmq": { - "image": "pandora-build_0.3.5-190620", + "image": "rabbitmq_3.7.11-190620", "mounts": [ ["DIR", "/srv/pandora/rabbitmq_data", "/var/lib/rabbitmq/mnesia"] ] From 7e3431a4c0a8adc26001294c6ae23ec046a22821 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 7 Oct 2019 09:48:37 +0200 Subject: [PATCH 056/228] Add cron jobs for KanBoard, SeedDMS, Ushahidi --- lxc-apps/kanboard/install.sh | 2 -- lxc-apps/kanboard/lxc/etc/crontab/kanboard | 1 + lxc-apps/kanboard/lxc/etc/services.d/cron/run | 4 ++++ lxc-apps/seeddms/install.sh | 2 -- lxc-apps/seeddms/lxc/etc/crontab/seeddms | 1 + lxc-apps/seeddms/lxc/etc/services.d/cron/run | 4 ++++ lxc-apps/ushahidi/install.sh | 2 -- lxc-apps/ushahidi/lxc/etc/crontab/ushahidi | 5 +++++ lxc-apps/ushahidi/lxc/etc/services.d/cron/run | 4 ++++ 9 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 lxc-apps/kanboard/lxc/etc/crontab/kanboard create mode 100644 lxc-apps/kanboard/lxc/etc/services.d/cron/run create mode 100644 lxc-apps/seeddms/lxc/etc/crontab/seeddms create mode 100644 lxc-apps/seeddms/lxc/etc/services.d/cron/run create mode 100644 lxc-apps/ushahidi/lxc/etc/crontab/ushahidi create mode 100644 lxc-apps/ushahidi/lxc/etc/services.d/cron/run diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh index d82f11d..ad5fb85 100755 --- a/lxc-apps/kanboard/install.sh +++ b/lxc-apps/kanboard/install.sh @@ -36,5 +36,3 @@ service kanboard-postgres stop # Register application vmmgr register-app kanboard kb "${KANBOARD_ADMIN_USER}" "${KANBOARD_ADMIN_PWD}" - -# TODO: cron diff --git a/lxc-apps/kanboard/lxc/etc/crontab/kanboard b/lxc-apps/kanboard/lxc/etc/crontab/kanboard new file mode 100644 index 0000000..74721dc --- /dev/null +++ b/lxc-apps/kanboard/lxc/etc/crontab/kanboard @@ -0,0 +1 @@ +0 * * * * /srv/kanboard/cli cronjob >/dev/null diff --git a/lxc-apps/kanboard/lxc/etc/services.d/cron/run b/lxc-apps/kanboard/lxc/etc/services.d/cron/run new file mode 100644 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/kanboard/lxc/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/seeddms/install.sh b/lxc-apps/seeddms/install.sh index b1423ed..d0087d2 100755 --- a/lxc-apps/seeddms/install.sh +++ b/lxc-apps/seeddms/install.sh @@ -43,5 +43,3 @@ service seeddms-postgres stop # Register application vmmgr register-app seeddms dms "${SEEDDMS_ADMIN_USER}" "${SEEDDMS_ADMIN_PWD}" - -# TODO: cron diff --git a/lxc-apps/seeddms/lxc/etc/crontab/seeddms b/lxc-apps/seeddms/lxc/etc/crontab/seeddms new file mode 100644 index 0000000..c2331f6 --- /dev/null +++ b/lxc-apps/seeddms/lxc/etc/crontab/seeddms @@ -0,0 +1 @@ +*/10 * * * * /srv/seeddms/seeddms/utils/seeddms-indexer >/dev/null diff --git a/lxc-apps/seeddms/lxc/etc/services.d/cron/run b/lxc-apps/seeddms/lxc/etc/services.d/cron/run new file mode 100644 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/seeddms/lxc/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/ushahidi/install.sh b/lxc-apps/ushahidi/install.sh index 627d8f2..bce9df2 100755 --- a/lxc-apps/ushahidi/install.sh +++ b/lxc-apps/ushahidi/install.sh @@ -39,5 +39,3 @@ service ushahidi-mariadb stop # Register application vmmgr register-app ushahidi ush "${USHAHIDI_ADMIN_USER}" "${USHAHIDI_ADMIN_PWD}" - -# TODO: cron diff --git a/lxc-apps/ushahidi/lxc/etc/crontab/ushahidi b/lxc-apps/ushahidi/lxc/etc/crontab/ushahidi new file mode 100644 index 0000000..7ef59c4 --- /dev/null +++ b/lxc-apps/ushahidi/lxc/etc/crontab/ushahidi @@ -0,0 +1,5 @@ +*/10 * * * * cd /srv/ushahidi/platform; bin/ushahidi dataprovider outgoing >/dev/null +*/10 * * * * cd /srv/ushahidi/platform; bin/ushahidi dataprovider incoming >/dev/null +*/10 * * * * cd /srv/ushahidi/platform; bin/ushahidi savedsearch >/dev/null +*/10 * * * * cd /srv/ushahidi/platform; bin/ushahidi notification queue >/dev/null +*/10 * * * * cd /srv/ushahidi/platform; bin/ushahidi webhook send >/dev/null diff --git a/lxc-apps/ushahidi/lxc/etc/services.d/cron/run b/lxc-apps/ushahidi/lxc/etc/services.d/cron/run new file mode 100644 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/ushahidi/lxc/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 From 4e9c63d8aab9ac1f9108e47c042a072fb89d331a Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 7 Oct 2019 09:52:53 +0200 Subject: [PATCH 057/228] Make the executable files executable --- .../ckan/ckan.lxc/etc/services.d/.s6-svscan/finish | 0 lxc-apps/ckan/ckan.lxc/etc/services.d/ckan/run | 0 lxc-apps/ckan/ckan.lxc/etc/services.d/cron/run | 0 lxc-apps/kanboard/lxc/etc/crontab/kanboard | 0 lxc-apps/kanboard/lxc/etc/services.d/cron/run | 0 .../etc/services.d/.s6-svscan/finish | 0 .../etc/services.d/build2xlsform/run | 0 .../etc/services.d/odkbuild/run | 0 lxc-apps/sahana/lxc/etc/services.d/.s6-svscan/finish | 0 lxc-apps/sahana/lxc/etc/services.d/nginx/run | 0 lxc-apps/sahana/lxc/etc/services.d/uwsgi/run | 0 lxc-apps/seeddms/lxc/etc/crontab/seeddms | 0 lxc-apps/seeddms/lxc/etc/services.d/cron/run | 0 lxc-apps/ushahidi/lxc/etc/crontab/ushahidi | 0 lxc-apps/ushahidi/lxc/etc/services.d/cron/run | 0 lxc-services/activemq/install.sh | 12 ------------ 16 files changed, 12 deletions(-) mode change 100644 => 100755 lxc-apps/ckan/ckan.lxc/etc/services.d/.s6-svscan/finish mode change 100644 => 100755 lxc-apps/ckan/ckan.lxc/etc/services.d/ckan/run mode change 100644 => 100755 lxc-apps/ckan/ckan.lxc/etc/services.d/cron/run mode change 100644 => 100755 lxc-apps/kanboard/lxc/etc/crontab/kanboard mode change 100644 => 100755 lxc-apps/kanboard/lxc/etc/services.d/cron/run mode change 100644 => 100755 lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/.s6-svscan/finish mode change 100644 => 100755 lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/build2xlsform/run mode change 100644 => 100755 lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/odkbuild/run mode change 100644 => 100755 lxc-apps/sahana/lxc/etc/services.d/.s6-svscan/finish mode change 100644 => 100755 lxc-apps/sahana/lxc/etc/services.d/nginx/run mode change 100644 => 100755 lxc-apps/sahana/lxc/etc/services.d/uwsgi/run mode change 100644 => 100755 lxc-apps/seeddms/lxc/etc/crontab/seeddms mode change 100644 => 100755 lxc-apps/seeddms/lxc/etc/services.d/cron/run mode change 100644 => 100755 lxc-apps/ushahidi/lxc/etc/crontab/ushahidi mode change 100644 => 100755 lxc-apps/ushahidi/lxc/etc/services.d/cron/run delete mode 100755 lxc-services/activemq/install.sh diff --git a/lxc-apps/ckan/ckan.lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/ckan/ckan.lxc/etc/services.d/.s6-svscan/finish old mode 100644 new mode 100755 diff --git a/lxc-apps/ckan/ckan.lxc/etc/services.d/ckan/run b/lxc-apps/ckan/ckan.lxc/etc/services.d/ckan/run old mode 100644 new mode 100755 diff --git a/lxc-apps/ckan/ckan.lxc/etc/services.d/cron/run b/lxc-apps/ckan/ckan.lxc/etc/services.d/cron/run old mode 100644 new mode 100755 diff --git a/lxc-apps/kanboard/lxc/etc/crontab/kanboard b/lxc-apps/kanboard/lxc/etc/crontab/kanboard old mode 100644 new mode 100755 diff --git a/lxc-apps/kanboard/lxc/etc/services.d/cron/run b/lxc-apps/kanboard/lxc/etc/services.d/cron/run old mode 100644 new mode 100755 diff --git a/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/.s6-svscan/finish old mode 100644 new mode 100755 diff --git a/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/build2xlsform/run b/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/build2xlsform/run old mode 100644 new mode 100755 diff --git a/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/odkbuild/run b/lxc-apps/opendatakit/opendatakit-build.lxc/etc/services.d/odkbuild/run old mode 100644 new mode 100755 diff --git a/lxc-apps/sahana/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/sahana/lxc/etc/services.d/.s6-svscan/finish old mode 100644 new mode 100755 diff --git a/lxc-apps/sahana/lxc/etc/services.d/nginx/run b/lxc-apps/sahana/lxc/etc/services.d/nginx/run old mode 100644 new mode 100755 diff --git a/lxc-apps/sahana/lxc/etc/services.d/uwsgi/run b/lxc-apps/sahana/lxc/etc/services.d/uwsgi/run old mode 100644 new mode 100755 diff --git a/lxc-apps/seeddms/lxc/etc/crontab/seeddms b/lxc-apps/seeddms/lxc/etc/crontab/seeddms old mode 100644 new mode 100755 diff --git a/lxc-apps/seeddms/lxc/etc/services.d/cron/run b/lxc-apps/seeddms/lxc/etc/services.d/cron/run old mode 100644 new mode 100755 diff --git a/lxc-apps/ushahidi/lxc/etc/crontab/ushahidi b/lxc-apps/ushahidi/lxc/etc/crontab/ushahidi old mode 100644 new mode 100755 diff --git a/lxc-apps/ushahidi/lxc/etc/services.d/cron/run b/lxc-apps/ushahidi/lxc/etc/services.d/cron/run old mode 100644 new mode 100755 diff --git a/lxc-services/activemq/install.sh b/lxc-services/activemq/install.sh deleted file mode 100755 index e86b9bb..0000000 --- a/lxc-services/activemq/install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -set -ev - -cd $(realpath $(dirname "${0}"))/install - -# Configure ActiveMQ -mkdir -p /srv/activemq/data -chown -R 61616:61616 /srv/activemq/data - -# Create service -cp etc/init.d/activemq /etc/init.d/activemq -rc-update -u From 0f5c1d6433ac8007ea8260cf7043b86cb52f88b7 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 14 Oct 2019 07:59:06 +0200 Subject: [PATCH 058/228] Change application users UID/GID to 8080 --- doc/existing/list.md | 48 +++++++++---------- lxc-apps/crisiscleanup/install.sh | 2 +- lxc-apps/crisiscleanup/lxcfile | 6 +-- lxc-apps/cts/install.sh | 2 +- lxc-apps/cts/lxcfile | 4 +- lxc-apps/ecogis/install.sh | 2 +- lxc-apps/ecogis/lxcfile | 4 +- lxc-apps/frontlinesms/install.sh | 2 +- lxc-apps/frontlinesms/lxcfile | 6 +-- lxc-apps/gnuhealth/lxcfile | 6 +-- lxc-apps/kanboard/install.sh | 2 +- lxc-apps/kanboard/lxcfile | 4 +- lxc-apps/mifosx/lxcfile | 4 +- lxc-apps/motech/install.sh | 2 +- lxc-apps/motech/lxcfile | 6 +-- lxc-apps/odoo/install.sh | 2 +- lxc-apps/odoo/lxcfile | 6 +-- lxc-apps/opendatakit/install.sh | 2 +- .../opendatakit/opendatakit-build.lxcfile | 4 +- lxc-apps/opendatakit/opendatakit.lxcfile | 6 +-- lxc-apps/openmapkit/install.sh | 2 +- lxc-apps/openmapkit/lxcfile | 6 +-- lxc-apps/pandora/install.sh | 4 +- lxc-apps/pandora/lxcfile | 6 +-- lxc-apps/sahana-demo/install.sh | 6 +-- lxc-apps/sahana/install.sh | 8 ++-- lxc-apps/sahana/lxcfile | 4 +- lxc-apps/sambro/install.sh | 8 ++-- lxc-apps/seeddms/install.sh | 6 +-- lxc-apps/seeddms/lxcfile | 4 +- lxc-apps/sigmah/install.sh | 4 +- lxc-apps/sigmah/lxcfile | 6 +-- lxc-apps/ushahidi/install.sh | 2 +- lxc-apps/ushahidi/lxcfile | 4 +- 34 files changed, 95 insertions(+), 95 deletions(-) diff --git a/doc/existing/list.md b/doc/existing/list.md index f72519e..c731d7b 100644 --- a/doc/existing/list.md +++ b/doc/existing/list.md @@ -24,7 +24,7 @@ | Service | Container | UID/GID | Internal Port | |-----------------|-----------------|---------|------------------| | ActiveMQ | activemq | 61616 | 61616 (ActiveMQ) | -| CKAN Datapusher | ckan-datapusher | 8004 | 8080 (HTTP) | +| CKAN Datapusher | ckan-datapusher | 8080 | 8080 (HTTP) | | MariaDB | mariadb | 3306 | 3306 (MySQL) | | Postgres | postgres | 5432 | 5432 (Postgres) | | RabbitMQ | rabbitmq | 5672 | 5672 (AMQP) | @@ -33,27 +33,27 @@ ## List of application containers -All application containers listen on internal port 8080 (HTTP) +All application containers have the application user UID/GID 8080 and listen on internal port 8080 (HTTP) -| Application | Container | UID/GID | Host | -|----------------|-------------------|---------|-------------| -| CKAN | ckan | 8003 | ckan | -| Crisis Cleanup | crisiscleanup | 8005 | cc | -| CTS | cts | 8006 | cts | -| EcoGIS | ecogis | 8020 | ecogis | -| FrontlineSMS | frontlinesms | 8018 | sms | -| GNU Health | gnuhealth | 8008 | gh | -| KanBoard | kanboard | 8009 | kb | -| Mifos X | mifosx | 8012 | mifosx | -| Motech | motech | 8013 | motech | -| ODK Aggregate | opendatakit | 8015 | odk | -| ODK Build | opendatakit-build | 8017 | odkbuild | -| Odoo | odoo | 8019 | odoo | -| OpenMapKit | openmapkit | 8007 | omk | -| Pan.do/ra | pandora | 8002 | pandora | -| Sahana | sahana | 8001 | sahana | -| Sahana - Demo | sahana-demo | 8001 | sahana-demo | -| SAMBRO | sambro | 8001 | sambro | -| SeedDMS | seeddms | 8010 | dms | -| Sigmah | sigmah | 8011 | sigmah | -| Ushahidi | ushahidi | 8014 | ush | +| Application | Container | Host | +|----------------|-------------------|-------------| +| CKAN | ckan | ckan | +| Crisis Cleanup | crisiscleanup | cc | +| CTS | cts | cts | +| EcoGIS | ecogis | ecogis | +| FrontlineSMS | frontlinesms | sms | +| GNU Health | gnuhealth | gh | +| KanBoard | kanboard | kb | +| Mifos X | mifosx | mifosx | +| Motech | motech | motech | +| ODK Aggregate | opendatakit | odk | +| ODK Build | opendatakit-build | odkbuild | +| Odoo | odoo | odoo | +| OpenMapKit | openmapkit | omk | +| Pan.do/ra | pandora | pandora | +| Sahana | sahana | sahana | +| Sahana - Demo | sahana-demo | sahana-demo | +| SAMBRO | sambro | sambro | +| SeedDMS | seeddms | dms | +| Sigmah | sigmah | sigmah | +| Ushahidi | ushahidi | ush | diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh index aa6d6b4..92e4e00 100755 --- a/lxc-apps/crisiscleanup/install.sh +++ b/lxc-apps/crisiscleanup/install.sh @@ -20,7 +20,7 @@ envsubst /srv/ecogis/conf/config.php -chown -R 108020:108020 /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data +chown -R 108080:108080 /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data # Stop services required for setup service ecogis-postgres stop diff --git a/lxc-apps/ecogis/lxcfile b/lxc-apps/ecogis/lxcfile index 20fa0b5..692f084 100644 --- a/lxc-apps/ecogis/lxcfile +++ b/lxc-apps/ecogis/lxcfile @@ -23,8 +23,8 @@ RUN EOF pear install Auth Log # Create OS user - addgroup -S -g 8020 ecogis - adduser -S -u 8020 -h /srv/ecogis -s /bin/false -g ecogis -G ecogis ecogis + addgroup -S -g 8080 ecogis + adduser -S -u 8080 -h /srv/ecogis -s /bin/false -g ecogis -G ecogis ecogis # Cleanup apk --no-cache del .deps diff --git a/lxc-apps/frontlinesms/install.sh b/lxc-apps/frontlinesms/install.sh index 94b2086..969b28f 100755 --- a/lxc-apps/frontlinesms/install.sh +++ b/lxc-apps/frontlinesms/install.sh @@ -10,7 +10,7 @@ export FRONTLINESMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export FRONTLINESMS_ADMIN_USER_HASH=$(echo -n "${FRONTLINESMS_ADMIN_USER}" | base64) export FRONTLINESMS_ADMIN_PWD_HASH=$(echo -n "${FRONTLINESMS_ADMIN_PWD}" | base64) envsubst /srv/frontlinesms/flsms_data/app-settings.properties -chown -R 8018:8018 /srv/frontlinesms/flsms_data +chown -R 8080:8080 /srv/frontlinesms/flsms_data # Register application vmmgr register-app frontlinesms sms "${FRONTLINESMS_ADMIN_USER}" "${FRONTLINESMS_ADMIN_PWD}" diff --git a/lxc-apps/frontlinesms/lxcfile b/lxc-apps/frontlinesms/lxcfile index ab5aa65..35a0818 100644 --- a/lxc-apps/frontlinesms/lxcfile +++ b/lxc-apps/frontlinesms/lxcfile @@ -8,8 +8,8 @@ RUN EOF apk --no-cache add openjdk8-jre ttf-opensans xf86-video-dummy xorg-server # Create OS user - addgroup -S -g 8018 sms - adduser -S -u 8018 -h /srv/frontlinesms -s /bin/sh -g sms -G sms sms + addgroup -S -g 8080 sms + adduser -S -u 8080 -h /srv/frontlinesms -s /bin/sh -g sms -G sms sms adduser sms dialout # Install FrontlineSMS @@ -35,7 +35,7 @@ RUN EOF MD5=$(md5sum frontlinesms-core_messages_cs.js | cut -d' ' -f1) cp frontlinesms-core_messages_cs.js frontlinesms-core_messages_cs-${MD5}.js cp frontlinesms-core_messages_cs.js.gz frontlinesms-core_messages_cs-${MD5}.js.gz - chown 8018:8018 frontlinesms-core_messages_cs* + chown 8080:8080 frontlinesms-core_messages_cs* EOF CMD s6-svscan /etc/services.d diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile index cf2634e..cde9b09 100644 --- a/lxc-apps/gnuhealth/lxcfile +++ b/lxc-apps/gnuhealth/lxcfile @@ -25,8 +25,8 @@ RUN EOF git clone -b 4.6 --single-branch --depth 1 https://github.com/tryton/sao /srv/gnuhealth/sao # Create OS user - addgroup -S -g 8008 gnuhealth - adduser -S -u 8008 -h /srv/gnuhealth -s /bin/bash -g gnuhealth -G gnuhealth gnuhealth + addgroup -S -g 8080 gnuhealth + adduser -S -u 8080 -h /srv/gnuhealth -s /bin/bash -g gnuhealth -G gnuhealth gnuhealth chown -R gnuhealth:gnuhealth /srv/gnuhealth # Install GNU Health @@ -61,5 +61,5 @@ ENV PATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-current/bin:/usr/local/s ENV TRYTOND_CONFIG /srv/gnuhealth/gnuhealth/tryton/server/config/trytond.conf ENV PYTHONPATH /srv/gnuhealth/gnuhealth/tryton/server/trytond-current:/srv/gnuhealth/gnuhealth/tryton/server/config -USER 8008 8008 +USER 8080 8080 CMD trytond --verbose diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh index ad5fb85..b13abe3 100755 --- a/lxc-apps/kanboard/install.sh +++ b/lxc-apps/kanboard/install.sh @@ -21,7 +21,7 @@ lxc-execute kanboard -- cat /srv/kanboard/app/Schema/Sql/postgres.sql | lxc-atta # Configure Kanboard mkdir -p /srv/kanboard/kanboard_conf /srv/kanboard/kanboard_data -chown -R 8009:8009 /srv/kanboard/kanboard_data +chown -R 8080:8080 /srv/kanboard/kanboard_data envsubst /srv/kanboard/kanboard_conf/config.php export KANBOARD_ADMIN_USER=admin export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') diff --git a/lxc-apps/kanboard/lxcfile b/lxc-apps/kanboard/lxcfile index 3574e0c..45f7870 100644 --- a/lxc-apps/kanboard/lxcfile +++ b/lxc-apps/kanboard/lxcfile @@ -32,8 +32,8 @@ RUN EOF git clone --depth=1 https://github.com/xavividal/kanboard-plugin-relationgraph /srv/kanboard/plugins/Relationgraph # Create OS user - addgroup -S -g 8009 kanboard - adduser -S -u 8009 -h /srv/kanboard -s /bin/false -g kanboard -G kanboard kanboard + addgroup -S -g 8080 kanboard + adduser -S -u 8080 -h /srv/kanboard -s /bin/false -g kanboard -G kanboard kanboard # Cleanup apk --no-cache del .deps diff --git a/lxc-apps/mifosx/lxcfile b/lxc-apps/mifosx/lxcfile index e51d98d..cdd15e8 100644 --- a/lxc-apps/mifosx/lxcfile +++ b/lxc-apps/mifosx/lxcfile @@ -20,8 +20,8 @@ RUN EOF wget http://central.maven.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar # Create OS user - addgroup -S -g 8012 mifosx - adduser -S -u 8012 -h /srv/tomcat -s /bin/false -g mifosx -G mifosx mifosx + addgroup -S -g 8080 mifosx + adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g mifosx -G mifosx mifosx chown -R mifosx:mifosx /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work # Cleanup diff --git a/lxc-apps/motech/install.sh b/lxc-apps/motech/install.sh index 74b36dc..f44f984 100755 --- a/lxc-apps/motech/install.sh +++ b/lxc-apps/motech/install.sh @@ -28,7 +28,7 @@ envsubst /srv/motech/motech_conf/confi cp motech_conf/config-locations.properties /srv/motech/motech_conf/config-locations.properties cp motech_conf/config/motech-settings.properties /srv/motech/motech_conf/config/motech-settings.properties cp motech_conf/config/org.motechproject.motech-platform-email/motech-email.properties /srv/motech/motech_conf/config/org.motechproject.motech-platform-email/motech-email.properties -chown -R 108013:108013 /srv/motech/motech_conf +chown -R 108080:108080 /srv/motech/motech_conf # Populate database and create admin account service activemq start diff --git a/lxc-apps/motech/lxcfile b/lxc-apps/motech/lxcfile index c697026..bbf3728 100644 --- a/lxc-apps/motech/lxcfile +++ b/lxc-apps/motech/lxcfile @@ -16,14 +16,14 @@ RUN EOF cp /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar /srv/tomcat/webapps/ROOT/WEB-INF/bundles/postgresql-42.2.5.jar # Create OS user - addgroup -S -g 8013 motech - adduser -S -u 8013 -h /srv/tomcat -s /bin/false -g motech -G motech motech + addgroup -S -g 8080 motech + adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g motech -G motech motech chown -R motech:motech /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work # Cleanup rm -f /tmp/motech.war EOF -USER 8013 8013 +USER 8080 8080 WORKDIR /srv/tomcat CMD catalina.sh run diff --git a/lxc-apps/odoo/install.sh b/lxc-apps/odoo/install.sh index 40da869..3971251 100755 --- a/lxc-apps/odoo/install.sh +++ b/lxc-apps/odoo/install.sh @@ -23,7 +23,7 @@ export ODOO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') mkdir -p /srv/odoo/odoo_conf/ /srv/odoo/odoo_data/ envsubst /srv/odoo/odoo_conf/odoo.conf chown 100000:100000 /srv/odoo/odoo_conf/ -chown 108019:108019 /srv/odoo/odoo_data/ +chown 108080:108080 /srv/odoo/odoo_data/ # Populate database # TODO: proc ne execute? diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/lxcfile index dc6da9c..58e2146 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/lxcfile @@ -21,8 +21,8 @@ RUN EOF pip3 install -r requirements.txt # Create OS user - addgroup -S -g 8019 odoo - adduser -S -u 8019 -h /srv/odoo -s /bin/false -g odoo -G odoo odoo + addgroup -S -g 8080 odoo + adduser -S -u 8080 -h /srv/odoo -s /bin/false -g odoo -G odoo odoo chown -R odoo:odoo /srv/odoo # Cleanup @@ -31,5 +31,5 @@ RUN EOF rm -rf /usr/local/share/.cache EOF -USER 8019 8019 +USER 8080 8080 CMD /srv/odoo/odoo-bin -c srv/odoo/odoo.conf diff --git a/lxc-apps/opendatakit/install.sh b/lxc-apps/opendatakit/install.sh index 63f9f08..5def99e 100755 --- a/lxc-apps/opendatakit/install.sh +++ b/lxc-apps/opendatakit/install.sh @@ -26,7 +26,7 @@ export OPENDATAKIT_ADMIN_REALM=spotter envsubst /srv/opendatakit/odk_conf/jdbc.properties envsubst /srv/opendatakit/odk_conf/security.properties cp odk_conf/server.xml /srv/opendatakit/odk_conf/server.xml -chown -R 108015:108015 /srv/opendatakit/odk_conf +chown -R 108080:108080 /srv/opendatakit/odk_conf # Configure OpenDataKit Build export OPENDATAKITBUILD_COOKIE_SECRET=$(head -c 8 /dev/urandom | hexdump -e '"%x"') diff --git a/lxc-apps/opendatakit/opendatakit-build.lxcfile b/lxc-apps/opendatakit/opendatakit-build.lxcfile index b818d42..492e6d9 100644 --- a/lxc-apps/opendatakit/opendatakit-build.lxcfile +++ b/lxc-apps/opendatakit/opendatakit-build.lxcfile @@ -27,8 +27,8 @@ RUN EOF make # Create OS user - addgroup -S -g 8017 odkbuild - adduser -S -u 8017 -h /srv/opendatakit-build -s /bin/false -g odkbuild -G odkbuild odkbuild + addgroup -S -g 8080 odkbuild + adduser -S -u 8080 -h /srv/opendatakit-build -s /bin/false -g odkbuild -G odkbuild odkbuild chown -R odkbuild:odkbuild /srv/opendatakit-build chown -R odkbuild:odkbuild /srv/build2xlsform diff --git a/lxc-apps/opendatakit/opendatakit.lxcfile b/lxc-apps/opendatakit/opendatakit.lxcfile index e2dbf69..931c494 100644 --- a/lxc-apps/opendatakit/opendatakit.lxcfile +++ b/lxc-apps/opendatakit/opendatakit.lxcfile @@ -15,14 +15,14 @@ RUN EOF wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar # Create OS user - addgroup -S -g 8015 odk - adduser -S -u 8015 -h /srv/tomcat -s /bin/false -g odk -G odk odk + addgroup -S -g 8080 odk + adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g odk -G odk odk chown -R odk:odk /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work # Cleanup rm /tmp/odk.war EOF -USER 8015 8015 +USER 8080 8080 WORKDIR /srv/tomcat CMD catalina.sh run diff --git a/lxc-apps/openmapkit/install.sh b/lxc-apps/openmapkit/install.sh index 1b0900e..5964b39 100755 --- a/lxc-apps/openmapkit/install.sh +++ b/lxc-apps/openmapkit/install.sh @@ -7,7 +7,7 @@ cd $(realpath $(dirname "${0}"))/install export OPENMAPKIT_ADMIN_USER="admin" export OPENMAPKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') mkdir -p /srv/openmapkit/omk_conf /srv/openmapkit/omk_data -chown -R 108007:108007 /srv/openmapkit/omk_data +chown -R 108080:108080 /srv/openmapkit/omk_data lxc-execute openmapkit -- tar -cC /srv/openmapkit/data . | tar -xC /srv/openmapkit/omk_data envsubst /srv/openmapkit/omk_conf/settings.js diff --git a/lxc-apps/openmapkit/lxcfile b/lxc-apps/openmapkit/lxcfile index 859a09d..563fd12 100644 --- a/lxc-apps/openmapkit/lxcfile +++ b/lxc-apps/openmapkit/lxcfile @@ -14,7 +14,7 @@ RUN EOF # Clone OpenMapKit git clone --depth 1 https://github.com/posm/OpenMapKitServer /srv/openmapkit cd /srv/openmapkit - git submodule update --init + git submodule update --init #TODO: Why does this fail? # Install OpenMapKit dependencies pip install -r requirements.txt @@ -25,8 +25,8 @@ RUN EOF yarn build # Create OS user - addgroup -S -g 8007 omk - adduser -S -u 8007 -h /srv/openmapkit -s /bin/false -g omk -G omk omk + addgroup -S -g 8080 omk + adduser -S -u 8080 -h /srv/openmapkit -s /bin/false -g omk -G omk omk chown -R omk:omk /srv/openmapkit # Cleanup diff --git a/lxc-apps/pandora/install.sh b/lxc-apps/pandora/install.sh index 4d20831..1a4484c 100755 --- a/lxc-apps/pandora/install.sh +++ b/lxc-apps/pandora/install.sh @@ -31,7 +31,7 @@ lxc-attach pandora-rabbitmq -- rabbitmqctl set_permissions -p /pandora pandora " # Configure Pandora mkdir -p /srv/pandora/pandora_conf /srv/pandora/pandora_data -chown 108002:108002 /srv/pandora/pandora_data +chown 108080:108080 /srv/pandora/pandora_data # Copy customized configuration if VANILLA environment variable is not set, else use the default pandora config if [ ${VANILLA:-0} -eq 0 ]; then cp pandora_conf/config.jsonc /srv/pandora/pandora_conf/config.jsonc @@ -40,7 +40,7 @@ else fi cp pandora_conf/gunicorn_config.py /srv/pandora/pandora_conf/gunicorn_config.py envsubst /srv/pandora/pandora_conf/local_settings.py -chown -R 108002:108002 /srv/pandora/pandora_conf +chown -R 108080:108080 /srv/pandora/pandora_conf # Populate database lxc-execute pandora -- /srv/pandora/pandora/manage.py migrate --noinput diff --git a/lxc-apps/pandora/lxcfile b/lxc-apps/pandora/lxcfile index 14f9d9e..3f757e3 100644 --- a/lxc-apps/pandora/lxcfile +++ b/lxc-apps/pandora/lxcfile @@ -59,8 +59,8 @@ RUN EOF ./manage.py collectstatic -l --noinput # Create OS user - addgroup -S -g 8002 pandora - adduser -S -u 8002 -h /srv/pandora -s /bin/false -g pandora -G pandora pandora + addgroup -S -g 8080 pandora + adduser -S -u 8080 -h /srv/pandora -s /bin/false -g pandora -G pandora pandora EOF COPY lxc @@ -80,7 +80,7 @@ RUN EOF ln -s /srv/pandora/conf/config.jsonc config.jsonc ln -s /srv/pandora/conf/gunicorn_config.py gunicorn_config.py ln -s /srv/pandora/conf/local_settings.py local_settings.py - chown -R 8002:8002 /srv/pandora + chown -R 8080:8080 /srv/pandora # Cleanup apk --no-cache del .deps diff --git a/lxc-apps/sahana-demo/install.sh b/lxc-apps/sahana-demo/install.sh index 8a1db26..9b3d42d 100755 --- a/lxc-apps/sahana-demo/install.sh +++ b/lxc-apps/sahana-demo/install.sh @@ -20,7 +20,7 @@ envsubst /srv/sahana-demo/sahana_conf/000_config.py envsubst /srv/sahana-demo/sahana_data/default/users/masterUsers.csv -chown -R 108001:108001 /srv/sahana/sahana_conf /srv/sahana/sahana_data +chown -R 108080:108080 /srv/sahana/sahana_conf /srv/sahana/sahana_data # Populate database -lxc-execute -u 8001 -g 8001 sahana-demo -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' +lxc-execute -u 8080 -g 8080 sahana-demo -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' # Install config update script cp update-conf.sh /srv/sahana-demo/update-conf.sh diff --git a/lxc-apps/sahana/install.sh b/lxc-apps/sahana/install.sh index 7bc335c..6f0ae05 100755 --- a/lxc-apps/sahana/install.sh +++ b/lxc-apps/sahana/install.sh @@ -20,12 +20,12 @@ envsubst /srv/sahana/sahana_conf/000_config.py envsubst /srv/sahana/sahana_data/Spotter/masterUsers.csv cp sahana_conf/00_settings.py /srv/sahana/sahana_conf/00_settings.py -chown -R 108001:108001 /srv/sahana/sahana_conf /srv/sahana/sahana_data +chown -R 108080:108080 /srv/sahana/sahana_conf /srv/sahana/sahana_data # Populate database -lxc-execute -u 8001 -g 8001 sahana -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' +lxc-execute -u 8080 -g 8080 sahana -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' # Set "production values" (increases performance) only if the DEBUG environment variable is not set if [ ${DEBUG:-0} -eq 0 ]; then diff --git a/lxc-apps/sahana/lxcfile b/lxc-apps/sahana/lxcfile index 9d0df85..fba0ac2 100644 --- a/lxc-apps/sahana/lxcfile +++ b/lxc-apps/sahana/lxcfile @@ -44,8 +44,8 @@ COPY lxc RUN EOF # Create OS user - addgroup -S -g 8001 sahana - adduser -S -u 8001 -h /srv/web2py -s /bin/false -g sahana -G sahana sahana + addgroup -S -g 8080 sahana + adduser -S -u 8080 -h /srv/web2py -s /bin/false -g sahana -G sahana sahana chown -R sahana:sahana /srv/web2py # Cleanup diff --git a/lxc-apps/sambro/install.sh b/lxc-apps/sambro/install.sh index 42520ad..6fa21f7 100755 --- a/lxc-apps/sambro/install.sh +++ b/lxc-apps/sambro/install.sh @@ -20,7 +20,7 @@ envsubst /srv/sambro/sahana_conf/000_config.py # TODO: #mkdir -p /var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users #envsubst /var/lib/lxc/sambro/sambro/srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv -#chown -R 8001:8001 /var/lib/lxc/sambro/sambro/srv/web2py +#chown -R 8080:8080 /var/lib/lxc/sambro/sambro/srv/web2py cp sahana_conf/00_settings.py /srv/sambro/sahana_conf/00_settings.py cp sahana_data/SAMBRO/config.py /srv/sambro/sahana_data/SAMBRO/config.py -chown -R 108001:108001 /srv/sambro/sahana_conf /srv/sambro/sahana_data +chown -R 108080:108080 /srv/sambro/sahana_conf /srv/sambro/sahana_data # Populate database -lxc-execute -u 8001 -g 8001 sambro -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' +lxc-execute -u 8080 -g 8080 sambro -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py' # Set "production values" (increases performance) only if the DEBUG environment variable is not set if [ ${DEBUG:-0} -eq 0 ]; then diff --git a/lxc-apps/seeddms/install.sh b/lxc-apps/seeddms/install.sh index d0087d2..b77c141 100755 --- a/lxc-apps/seeddms/install.sh +++ b/lxc-apps/seeddms/install.sh @@ -22,8 +22,8 @@ cat custom.sql | lxc-attach -u 5432 -g 5432 seeddms-postgres -- psql seeddms # Copy existing files into persistent storage mkdir -p /srv/seeddms/seeddms_conf /srv/seeddms/seeddms)data -chown 108010:108010 /srv/seeddms/conf -chown 108010:108010 /srv/seeddms/data +chown 108080:108080 /srv/seeddms/conf +chown 108080:108080 /srv/seeddms/data lxc-execute seeddms -- tar -cC /srv/seeddms/conf . | tar -xC /srv/seeddms/seeddms_conf lxc-execute seeddms -- tar -cC /srv/seeddms/data . | tar -xC /srv/seeddms/seeddms_data @@ -33,7 +33,7 @@ export SEEDDMS_ADMIN_USER=admin export SEEDDMS_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export SEEDDMS_ADMIN_EMAIL=admin@example.com envsubst /srv/sigmah/sigmah_conf/persistence.xml cp sigmah_conf/sigmah.properties /srv/sigmah/sigmah_conf/sigmah.properties -chown -R 108011:108011 /srv/sigmah/sigmah_conf +chown -R 108080:108080 /srv/sigmah/sigmah_conf lxc-execute sigmah -- cat /srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png >/srv/sigmah/sigmah_data/files/logo.png # Populate database diff --git a/lxc-apps/sigmah/lxcfile b/lxc-apps/sigmah/lxcfile index ab397ec..15692a2 100644 --- a/lxc-apps/sigmah/lxcfile +++ b/lxc-apps/sigmah/lxcfile @@ -18,8 +18,8 @@ RUN EOF rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml # Create OS user - addgroup -S -g 8011 sigmah - adduser -S -u 8011 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah + addgroup -S -g 8080 sigmah + adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work # Download database files @@ -32,6 +32,6 @@ EOF COPY lxc -USER 8011 8011 +USER 8080 8080 WORKDIR /srv/tomcat CMD catalina.sh run diff --git a/lxc-apps/ushahidi/install.sh b/lxc-apps/ushahidi/install.sh index bce9df2..ae68bca 100755 --- a/lxc-apps/ushahidi/install.sh +++ b/lxc-apps/ushahidi/install.sh @@ -17,7 +17,7 @@ envsubst /srv/ushahidi/ushahidi_conf/env cp ushahidi_conf/config.json /srv/ushahidi/ushahidi_conf/config.json chown -R 100000:100000 /srv/ushahidi/ushahidi_conf diff --git a/lxc-apps/ushahidi/lxcfile b/lxc-apps/ushahidi/lxcfile index 3100047..4f36744 100644 --- a/lxc-apps/ushahidi/lxcfile +++ b/lxc-apps/ushahidi/lxcfile @@ -16,8 +16,8 @@ RUN EOF mv /srv/ushahidi/ushahidi-platform-bundle-v3.12.3 /srv/ushahidi/platform # Create OS user - addgroup -S -g 8014 ushahidi - adduser -S -u 8014 -h /srv/ushahidi -s /bin/false -g ushahidi -G ushahidi ushahidi + addgroup -S -g 8080 ushahidi + adduser -S -u 8080 -h /srv/ushahidi -s /bin/false -g ushahidi -G ushahidi ushahidi chown -R ushahidi:ushahidi /srv/ushahidi/platform/application/logs /srv/ushahidi/platform/application/cache /srv/ushahidi/platform/application/media/uploads # Cleanup From 4458be27635485a6e452e2fda43a375d50f43451 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 14 Oct 2019 08:15:31 +0200 Subject: [PATCH 059/228] Fix postgis version and replace with postgres in appropriate composes --- lxc-apps/ckan/meta | 2 +- lxc-apps/crisiscleanup/meta | 2 +- lxc-apps/cts/meta | 2 +- lxc-apps/ecogis/meta | 2 +- lxc-apps/gnuhealth/meta | 2 +- lxc-apps/kanboard/meta | 2 +- lxc-apps/motech/meta | 2 +- lxc-apps/odoo/meta | 2 +- lxc-apps/opendatakit/meta | 2 +- lxc-apps/pandora/meta | 2 +- lxc-apps/sahana-demo/meta | 2 +- lxc-apps/sahana/meta | 2 +- lxc-apps/sambro/meta | 2 +- lxc-apps/seeddms/meta | 2 +- lxc-apps/sigmah/meta | 2 +- lxc-services/postgis/lxcfile | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lxc-apps/ckan/meta b/lxc-apps/ckan/meta index 3985edb..9854cf2 100644 --- a/lxc-apps/ckan/meta +++ b/lxc-apps/ckan/meta @@ -42,7 +42,7 @@ ] }, "ckan-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgis_2.5.1-190620", "mounts": [ ["DIR", "/srv/ckan/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/crisiscleanup/meta b/lxc-apps/crisiscleanup/meta index ef5618f..244f595 100644 --- a/lxc-apps/crisiscleanup/meta +++ b/lxc-apps/crisiscleanup/meta @@ -17,7 +17,7 @@ ] }, "crisiscleanup-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/crisiscleanup/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/cts/meta b/lxc-apps/cts/meta index de3cd36..eb4d9f2 100644 --- a/lxc-apps/cts/meta +++ b/lxc-apps/cts/meta @@ -17,7 +17,7 @@ ] }, "cts-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgis_2.5.1-190620", "mounts": [ ["DIR", "/srv/cts/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/ecogis/meta b/lxc-apps/ecogis/meta index afbbef5..2bb7fbd 100644 --- a/lxc-apps/ecogis/meta +++ b/lxc-apps/ecogis/meta @@ -18,7 +18,7 @@ ] }, "ecogis-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/ecogis/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/gnuhealth/meta b/lxc-apps/gnuhealth/meta index 49607f8..4beadab 100644 --- a/lxc-apps/gnuhealth/meta +++ b/lxc-apps/gnuhealth/meta @@ -17,7 +17,7 @@ ] }, "gnuhealth-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/gnuhealth/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/kanboard/meta b/lxc-apps/kanboard/meta index c844238..377465b 100644 --- a/lxc-apps/kanboard/meta +++ b/lxc-apps/kanboard/meta @@ -18,7 +18,7 @@ ] }, "kanboard-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/kanboard/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/motech/meta b/lxc-apps/motech/meta index 43e46e7..2eb5311 100644 --- a/lxc-apps/motech/meta +++ b/lxc-apps/motech/meta @@ -25,7 +25,7 @@ ] }, "motech-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/motech/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/odoo/meta b/lxc-apps/odoo/meta index 0c2b60e..671739d 100644 --- a/lxc-apps/odoo/meta +++ b/lxc-apps/odoo/meta @@ -18,7 +18,7 @@ ] }, "odoo-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/odoo/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/opendatakit/meta b/lxc-apps/opendatakit/meta index 440e4dc..a79775c 100644 --- a/lxc-apps/opendatakit/meta +++ b/lxc-apps/opendatakit/meta @@ -29,7 +29,7 @@ ] }, "opendatakit-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/opendatakit/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/pandora/meta b/lxc-apps/pandora/meta index c416f74..b5324e3 100644 --- a/lxc-apps/pandora/meta +++ b/lxc-apps/pandora/meta @@ -19,7 +19,7 @@ ] }, "pandora-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/pandora/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/sahana-demo/meta b/lxc-apps/sahana-demo/meta index f761794..804d122 100644 --- a/lxc-apps/sahana-demo/meta +++ b/lxc-apps/sahana-demo/meta @@ -20,7 +20,7 @@ ] }, "sahana-demo-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgis_2.5.1-190620", "mounts": [ ["DIR", "/srv/sahana-demo/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/sahana/meta b/lxc-apps/sahana/meta index 303ee12..c6939e5 100644 --- a/lxc-apps/sahana/meta +++ b/lxc-apps/sahana/meta @@ -20,7 +20,7 @@ ] }, "sahana-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgis_2.5.1-190620", "mounts": [ ["DIR", "/srv/sahana/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/sambro/meta b/lxc-apps/sambro/meta index be46534..d004160 100644 --- a/lxc-apps/sambro/meta +++ b/lxc-apps/sambro/meta @@ -20,7 +20,7 @@ ] }, "sambro-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgis_2.5.1-190620", "mounts": [ ["DIR", "/srv/sambro/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/seeddms/meta b/lxc-apps/seeddms/meta index eccb9aa..a189348 100644 --- a/lxc-apps/seeddms/meta +++ b/lxc-apps/seeddms/meta @@ -18,7 +18,7 @@ ] }, "seeddms-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/seeddms/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-apps/sigmah/meta b/lxc-apps/sigmah/meta index 2460b98..17fa7d3 100644 --- a/lxc-apps/sigmah/meta +++ b/lxc-apps/sigmah/meta @@ -18,7 +18,7 @@ ] }, "sigmah-postgres": { - "image": "postgis_11.3.0-190620", + "image": "postgres_11.3.0-190620", "mounts": [ ["DIR", "/srv/sigmah/postgres_data", "/var/lib/postgresql"] ] diff --git a/lxc-services/postgis/lxcfile b/lxc-services/postgis/lxcfile index abce578..786130f 100644 --- a/lxc-services/postgis/lxcfile +++ b/lxc-services/postgis/lxcfile @@ -1,4 +1,4 @@ -IMAGE postgis_11.3.0-190620 +IMAGE postgis_2.5.1-190620 LAYER alpine3.9_3.9.4-190620 LAYER postgres_11.3.0-190620 From 5a43c23b830f40d3ca859a023510bc4f6d1e27ce Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 14 Oct 2019 08:29:55 +0200 Subject: [PATCH 060/228] Remove cwd magic as it's pkgmgr's responsibility now --- apk/vmmgr | 2 +- lxc-apps/ckan/install.sh | 2 -- lxc-apps/crisiscleanup/install.sh | 2 -- lxc-apps/cts/install.sh | 2 -- lxc-apps/ecogis/install.sh | 2 -- lxc-apps/frontlinesms/install.sh | 2 -- lxc-apps/gnuhealth/install.sh | 2 -- lxc-apps/kanboard/install.sh | 2 -- lxc-apps/mifosx/install.sh | 2 -- lxc-apps/motech/install.sh | 2 -- lxc-apps/odoo/install.sh | 2 -- lxc-apps/opendatakit/install.sh | 2 -- lxc-apps/openmapkit/install.sh | 2 -- lxc-apps/pandora/install.sh | 2 -- lxc-apps/sahana-demo/install.sh | 2 -- lxc-apps/sahana/install.sh | 2 -- lxc-apps/sambro/install.sh | 2 -- lxc-apps/seeddms/install.sh | 2 -- lxc-apps/seeddms/lxc/srv/seeddms/seeddms/utils/seeddms-indexer | 3 ++- lxc-apps/sigmah/install.sh | 2 -- lxc-apps/ushahidi/install.sh | 2 -- 21 files changed, 3 insertions(+), 40 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index ecfa225..ecb0900 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit ecfa2251877abd38e681b0faa35fc4c246723e11 +Subproject commit ecb09001d49ddd160580a1f1de72bb7e06c4179c diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index d380064..a5c2b22 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/ckan/postgres_data chown -R 105432:105432 /srv/ckan/postgres_data diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh index 92e4e00..69271da 100755 --- a/lxc-apps/crisiscleanup/install.sh +++ b/lxc-apps/crisiscleanup/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/crisiscleanup/postgres_data chown -R 105432:105432 /srv/crisiscleanup/postgres_data diff --git a/lxc-apps/cts/install.sh b/lxc-apps/cts/install.sh index bd3f383..bd24524 100755 --- a/lxc-apps/cts/install.sh +++ b/lxc-apps/cts/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/cts/postgres_data chown -R 105432:105432 /srv/cts/postgres_data diff --git a/lxc-apps/ecogis/install.sh b/lxc-apps/ecogis/install.sh index d459745..6e38e9b 100755 --- a/lxc-apps/ecogis/install.sh +++ b/lxc-apps/ecogis/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/ecogis/postgres_data chown -R 105432:105432 /srv/ecogis/postgres_data diff --git a/lxc-apps/frontlinesms/install.sh b/lxc-apps/frontlinesms/install.sh index 969b28f..c9cb6f5 100755 --- a/lxc-apps/frontlinesms/install.sh +++ b/lxc-apps/frontlinesms/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Configure FrontlineSMS mkdir -p /srv/frontlinesms/flsms_data export FRONTLINESMS_ADMIN_USER="admin" diff --git a/lxc-apps/gnuhealth/install.sh b/lxc-apps/gnuhealth/install.sh index d76a5c5..b711540 100755 --- a/lxc-apps/gnuhealth/install.sh +++ b/lxc-apps/gnuhealth/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/gnuhealth/postgres_data chown -R 105432:105432 /srv/gnuhealth/postgres_data diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh index b13abe3..b926e20 100755 --- a/lxc-apps/kanboard/install.sh +++ b/lxc-apps/kanboard/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/kanboard/postgres_data chown -R 105432:105432 /srv/kanboard/postgres_data diff --git a/lxc-apps/mifosx/install.sh b/lxc-apps/mifosx/install.sh index 2a2a869..4ea9e87 100755 --- a/lxc-apps/mifosx/install.sh +++ b/lxc-apps/mifosx/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create MariaDB instance mkdir -p /srv/mifosx/mariadb_conf /srv/mifosx/mariadb_data chown 103306:103306 /srv/mifosx/mariadb_data diff --git a/lxc-apps/motech/install.sh b/lxc-apps/motech/install.sh index f44f984..3e35951 100755 --- a/lxc-apps/motech/install.sh +++ b/lxc-apps/motech/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/motech/postgres_data chown -R 105432:105432 /srv/motech/postgres_data diff --git a/lxc-apps/odoo/install.sh b/lxc-apps/odoo/install.sh index 3971251..b27773d 100755 --- a/lxc-apps/odoo/install.sh +++ b/lxc-apps/odoo/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/odoo/postgres_data chown -R 105432:105432 /srv/odoo/postgres_data diff --git a/lxc-apps/opendatakit/install.sh b/lxc-apps/opendatakit/install.sh index 5def99e..b9dc088 100755 --- a/lxc-apps/opendatakit/install.sh +++ b/lxc-apps/opendatakit/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/opendatakit/postgres_data chown -R 105432:105432 /srv/opendatakit/postgres_data diff --git a/lxc-apps/openmapkit/install.sh b/lxc-apps/openmapkit/install.sh index 5964b39..d39c8c1 100755 --- a/lxc-apps/openmapkit/install.sh +++ b/lxc-apps/openmapkit/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Configure OpenMapKit export OPENMAPKIT_ADMIN_USER="admin" export OPENMAPKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') diff --git a/lxc-apps/pandora/install.sh b/lxc-apps/pandora/install.sh index 1a4484c..b995190 100755 --- a/lxc-apps/pandora/install.sh +++ b/lxc-apps/pandora/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/pandora/postgres_data chown -R 105432:105432 /srv/pandora/postgres_data diff --git a/lxc-apps/sahana-demo/install.sh b/lxc-apps/sahana-demo/install.sh index 9b3d42d..c07c74a 100755 --- a/lxc-apps/sahana-demo/install.sh +++ b/lxc-apps/sahana-demo/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/sahana-demo/postgres_data chown -R 105432:105432 /srv/sahana-demo/postgres_data diff --git a/lxc-apps/sahana/install.sh b/lxc-apps/sahana/install.sh index 6f0ae05..3abbd14 100755 --- a/lxc-apps/sahana/install.sh +++ b/lxc-apps/sahana/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/sahana/postgres_data chown -R 105432:105432 /srv/sahana/postgres_data diff --git a/lxc-apps/sambro/install.sh b/lxc-apps/sambro/install.sh index 6fa21f7..4597da2 100755 --- a/lxc-apps/sambro/install.sh +++ b/lxc-apps/sambro/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/sambro/postgres_data chown -R 105432:105432 /srv/sambro/postgres_data diff --git a/lxc-apps/seeddms/install.sh b/lxc-apps/seeddms/install.sh index b77c141..732b2cb 100755 --- a/lxc-apps/seeddms/install.sh +++ b/lxc-apps/seeddms/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/seeddms/postgres_data chown -R 105432:105432 /srv/seeddms/postgres_data diff --git a/lxc-apps/seeddms/lxc/srv/seeddms/seeddms/utils/seeddms-indexer b/lxc-apps/seeddms/lxc/srv/seeddms/seeddms/utils/seeddms-indexer index 42bc537..80e7616 100755 --- a/lxc-apps/seeddms/lxc/srv/seeddms/seeddms/utils/seeddms-indexer +++ b/lxc-apps/seeddms/lxc/srv/seeddms/seeddms/utils/seeddms-indexer @@ -1,6 +1,7 @@ #!/bin/sh -cd $(realpath $(dirname "${0}")) +# Prevent indexer jobs to run simultaneously by using a file lock +cd /srv/seeddms/seeddms/utils/ ( if ! flock -n 3; then echo "Indexer is still running" diff --git a/lxc-apps/sigmah/install.sh b/lxc-apps/sigmah/install.sh index 165c1fd..fa513a1 100755 --- a/lxc-apps/sigmah/install.sh +++ b/lxc-apps/sigmah/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create Postgres instance mkdir -p /srv/sigmah/postgres_data chown -R 105432:105432 /srv/sigmah/postgres_data diff --git a/lxc-apps/ushahidi/install.sh b/lxc-apps/ushahidi/install.sh index ae68bca..5b5178c 100755 --- a/lxc-apps/ushahidi/install.sh +++ b/lxc-apps/ushahidi/install.sh @@ -1,8 +1,6 @@ #!/bin/sh set -ev -cd $(realpath $(dirname "${0}"))/install - # Create MariaDB instance mkdir -p /srv/ushahidi/mariadb_conf /srv/ushahidi/mariadb_data chown 103306:103306 /srv/ushahidi/mariadb_data From de80024445c966c16cc3181223b64cb927559346 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 13 Nov 2019 19:46:38 +0100 Subject: [PATCH 061/228] Properly identify Odoo 13 --- apk/vmmgr | 2 +- lxc-apps/odoo/lxcfile | 4 ++-- lxc-apps/odoo/meta | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index ecb0900..be36199 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit ecb09001d49ddd160580a1f1de72bb7e06c4179c +Subproject commit be361996402ae104baf45b21c918cc145b763d16 diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/lxcfile index 58e2146..21bc8af 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/lxcfile @@ -1,4 +1,4 @@ -IMAGE odoo_12.0.0-190620 +IMAGE odoo_13.0.0-191113 LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python3.6_3.6.8-190620 @@ -14,7 +14,7 @@ RUN EOF apk --no-cache add --virtual .deps build-base git libjpeg-turbo-dev libxml2-dev libxslt-dev linux-headers openldap-dev postgresql-dev python3-dev # Clone Odoo repository - git clone --depth 1 https://github.com/odoo/odoo.git /srv/odoo + git clone -b 13.0 --depth 1 https://github.com/odoo/odoo.git /srv/odoo # Install Odoo cd /srv/odoo diff --git a/lxc-apps/odoo/meta b/lxc-apps/odoo/meta index 671739d..6db40a4 100644 --- a/lxc-apps/odoo/meta +++ b/lxc-apps/odoo/meta @@ -1,5 +1,5 @@ { - "version": "12.0.0-190620", + "version": "13.0.0-191113", "meta": { "title": "Odoo", "desc-cs": "Sada aplikací pro správu organizace", @@ -8,7 +8,7 @@ }, "containers": { "odoo": { - "image": "odoo_12.0.0-190620", + "image": "odoo_13.0.0-191113", "depends": [ "odoo-postgres" ], From 9c50b29d22efcb37ba37105e6994e43c2be02415 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 13 Nov 2019 21:01:27 +0100 Subject: [PATCH 062/228] Start Odoo Postgres in install.sh --- apk/vmmgr | 2 +- lxc-apps/odoo/install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index be36199..41156fe 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit be361996402ae104baf45b21c918cc145b763d16 +Subproject commit 41156fe4243b15b4b233b618082aae8ce32e5a2b diff --git a/lxc-apps/odoo/install.sh b/lxc-apps/odoo/install.sh index b27773d..100d09e 100755 --- a/lxc-apps/odoo/install.sh +++ b/lxc-apps/odoo/install.sh @@ -13,6 +13,7 @@ cp postgres_data/pg_hba.conf /srv/odoo/postgres_data/pg_hba.conf # Create databases export ODOO_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +service odoo-postgres start envsubst Date: Wed, 13 Nov 2019 22:07:59 +0100 Subject: [PATCH 063/228] Add Alpine3.9-Ruby2.6 --- lxc-shared/alpine3.9-ruby2.6/lxcfile | 33 ++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 lxc-shared/alpine3.9-ruby2.6/lxcfile diff --git a/lxc-shared/alpine3.9-ruby2.6/lxcfile b/lxc-shared/alpine3.9-ruby2.6/lxcfile new file mode 100644 index 0000000..f7bb12b --- /dev/null +++ b/lxc-shared/alpine3.9-ruby2.6/lxcfile @@ -0,0 +1,33 @@ +IMAGE alpine3.9-ruby2.6_2.6.3-190620 + +LAYER alpine3.9_3.9.4-190620 + +RUN EOF + # Install Ruby runtime dependencies + apk --no-cache add gdbm libressl readline zlib + + # Install Ruby build dependencies + apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev + + # Download and unpack Ruby + mkdir -p /usr/src/ruby + wget http://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.3.tar.xz -O - | tar xJf - -C /usr/src/ruby --strip-components=1 + + # Compile and install Ruby + cd /usr/src/ruby + autoconf + ./configure --build=x86_64-linux-musl --disable-install-doc --enable-shared + make -j $(getconf _NPROCESSORS_ONLN) + make install + + # Install RubyGems and Bundler + mkdir -p /usr/local/etc + echo -e 'install: --no-document\nupdate: --no-document' >/usr/local/etc/gemrc + gem update --system + + # Cleanup + apk --no-cache del .deps + cd /root + rm -r /usr/src/ruby + rm -rf /root/.gem +EOF From 692897c9bfd3fd5924eb28fe5ddff6c3d6a806bc Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 15 Nov 2019 17:45:34 +0100 Subject: [PATCH 064/228] Introduce separate nginx layer --- lxc-apps/cts/lxcfile | 5 ++++- lxc-apps/kanboard/lxcfile | 1 + lxc-apps/pandora/lxcfile | 5 ++++- lxc-apps/sahana/lxcfile | 5 ++++- lxc-apps/seeddms/lxcfile | 1 + lxc-apps/ushahidi/lxcfile | 1 + lxc-shared/alpine3.9-nginx/lxcfile | 9 +++++++++ lxc-shared/alpine3.9-php7.2/lxcfile | 3 ++- 8 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 lxc-shared/alpine3.9-nginx/lxcfile diff --git a/lxc-apps/cts/lxcfile b/lxc-apps/cts/lxcfile index d866058..7e99e9a 100644 --- a/lxc-apps/cts/lxcfile +++ b/lxc-apps/cts/lxcfile @@ -2,10 +2,13 @@ IMAGE cts_0.8.0-190620 LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python2.7_2.7.16-190620 +LAYER alpine3.9-nginx_1.14.2-191115 + +FIXLAYER /usr/bin/fix-apk RUN EOF # Install runtime dependencies - apk --no-cache add geos@vm libpq nginx zlib + apk --no-cache add geos@vm libpq zlib # Install build dependencies apk --no-cache add --virtual .deps build-base git postgresql-dev python2-dev py2-pip zlib-dev diff --git a/lxc-apps/kanboard/lxcfile b/lxc-apps/kanboard/lxcfile index 45f7870..52b5875 100644 --- a/lxc-apps/kanboard/lxcfile +++ b/lxc-apps/kanboard/lxcfile @@ -1,6 +1,7 @@ IMAGE kanboard_1.2.9-190620 LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-nginx_1.14.2-191115 LAYER alpine3.9-php7.2_7.2.19-190620 RUN EOF diff --git a/lxc-apps/pandora/lxcfile b/lxc-apps/pandora/lxcfile index 3f757e3..ce920d3 100644 --- a/lxc-apps/pandora/lxcfile +++ b/lxc-apps/pandora/lxcfile @@ -2,10 +2,13 @@ IMAGE pandora_0.0.1-190620 LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python3.6_3.6.8-190620 +LAYER alpine3.9-nginx_1.14.2-191115 + +FIXLAYER /usr/bin/fix-apk RUN EOF # Install runtime dependencies - apk --no-cache add ffmpeg imagemagick imlib2 libogg libtheora libvpx mkvtoolnix nginx poppler-utils py3-geoip py3-lxml py3-numpy py3-pillow py3-psycopg2 + apk --no-cache add ffmpeg imagemagick imlib2 libogg libtheora libvpx mkvtoolnix poppler-utils py3-geoip py3-lxml py3-numpy py3-pillow py3-psycopg2 pip3 install pyinotify # Install build dependencies diff --git a/lxc-apps/sahana/lxcfile b/lxc-apps/sahana/lxcfile index fba0ac2..c92402c 100644 --- a/lxc-apps/sahana/lxcfile +++ b/lxc-apps/sahana/lxcfile @@ -2,10 +2,13 @@ IMAGE sahana_0.0.1-190620 LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python2.7_2.7.16-190620 +LAYER alpine3.9-nginx_1.14.2-191115 + +FIXLAYER /usr/bin/fix-apk RUN EOF # Install runtime dependencies - apk --no-cache add geos@vm nginx py-gdal@vm py2-dateutil py2-lxml py2-numpy py2-pillow py2-psycopg2 py2-requests uwsgi-python + apk --no-cache add geos@vm py-gdal@vm py2-dateutil py2-lxml py2-numpy py2-pillow py2-psycopg2 py2-requests uwsgi-python # Install build dependencies apk --no-cache add --virtual .deps build-base git freetype-dev libpng-dev py-numpy-dev py2-pip python2-dev ttf-dejavu diff --git a/lxc-apps/seeddms/lxcfile b/lxc-apps/seeddms/lxcfile index 98c4c60..52ea6d6 100644 --- a/lxc-apps/seeddms/lxcfile +++ b/lxc-apps/seeddms/lxcfile @@ -1,6 +1,7 @@ IMAGE seeddms_5.1.9-190620 LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-nginx_1.14.2-191115 LAYER alpine3.9-php7.2_7.2.19-190620 LAYER alpine3.9-python3.6_3.6.8-190620 diff --git a/lxc-apps/ushahidi/lxcfile b/lxc-apps/ushahidi/lxcfile index 4f36744..ead789e 100644 --- a/lxc-apps/ushahidi/lxcfile +++ b/lxc-apps/ushahidi/lxcfile @@ -1,6 +1,7 @@ IMAGE ushahidi_3.12.3-190620 LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-nginx_1.14.2-191115 LAYER alpine3.9-php7.2_7.2.19-190620 RUN EOF diff --git a/lxc-shared/alpine3.9-nginx/lxcfile b/lxc-shared/alpine3.9-nginx/lxcfile new file mode 100644 index 0000000..097d36b --- /dev/null +++ b/lxc-shared/alpine3.9-nginx/lxcfile @@ -0,0 +1,9 @@ +IMAGE alpine3.9-nginx_1.14.2-191115 + +LAYER alpine3.9_3.9.4-190620 + +RUN EOF + apk --no-cache add nginx +EOF + +CMD nginx -g "daemon off;" diff --git a/lxc-shared/alpine3.9-php7.2/lxcfile b/lxc-shared/alpine3.9-php7.2/lxcfile index 0e935b4..810051c 100644 --- a/lxc-shared/alpine3.9-php7.2/lxcfile +++ b/lxc-shared/alpine3.9-php7.2/lxcfile @@ -1,9 +1,10 @@ IMAGE alpine3.9-php7.2_7.2.19-190620 LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-nginx_1.14.2-191115 RUN EOF - apk --no-cache add nginx php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session + apk --no-cache add php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session EOF CMD php -a From fe9fb27679488901dd3ee7cd5d197962aa1659d2 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 15 Nov 2019 18:00:26 +0100 Subject: [PATCH 065/228] Add Decidim LXC app --- lxc-apps/decidim/install.sh | 47 ++ lxc-apps/decidim/install/createdb.sql | 7 + .../install/decidim_conf/application.yml | 7 + .../decidim_conf/environments/production.rb | 104 +++ .../decidim_conf/initializers/decidim.rb | 128 ++++ .../decidim/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ lxc-apps/decidim/lxc/etc/nginx/nginx.conf | 29 + .../lxc/etc/services.d/.s6-svscan/finish | 4 + .../lxc/etc/services.d/delayed_job/run | 6 + lxc-apps/decidim/lxc/etc/services.d/nginx/run | 3 + lxc-apps/decidim/lxc/srv/decidim-app/Gemfile | 37 + lxc-apps/decidim/lxcfile | 49 ++ 13 files changed, 1082 insertions(+) create mode 100755 lxc-apps/decidim/install.sh create mode 100644 lxc-apps/decidim/install/createdb.sql create mode 100644 lxc-apps/decidim/install/decidim_conf/application.yml create mode 100644 lxc-apps/decidim/install/decidim_conf/environments/production.rb create mode 100644 lxc-apps/decidim/install/decidim_conf/initializers/decidim.rb create mode 100644 lxc-apps/decidim/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/decidim/install/postgres_data/postgresql.conf create mode 100644 lxc-apps/decidim/lxc/etc/nginx/nginx.conf create mode 100755 lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish create mode 100755 lxc-apps/decidim/lxc/etc/services.d/delayed_job/run create mode 100755 lxc-apps/decidim/lxc/etc/services.d/nginx/run create mode 100644 lxc-apps/decidim/lxc/srv/decidim-app/Gemfile create mode 100644 lxc-apps/decidim/lxcfile diff --git a/lxc-apps/decidim/install.sh b/lxc-apps/decidim/install.sh new file mode 100755 index 0000000..97b2e63 --- /dev/null +++ b/lxc-apps/decidim/install.sh @@ -0,0 +1,47 @@ +#!/bin/sh +set -ev + +# Create Postgres instance +mkdir -p /srv/decidim/postgres_data +chown -R 105432:105432 /srv/decidim/postgres_data +chmod 700 /srv/decidim/postgres_data +lxc-execute -n decidim-postgres -- initdb -D /var/lib/postgresql + +# Configure Postgres +cp postgres_data/postgresql.conf /srv/decidim/postgres_data/postgresql.conf +cp postgres_data/pg_hba.conf /srv/decidim/postgres_data/pg_hba.conf + +# Create database +export DECIDIM_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') +service decidim-postgres start +envsubst /srv/decidim/decidim_conf/application.yml + +# Populate database +lxc-execute decidim -- RAILS_ENV=production bin/rails db:create db:migrate + +# Create admin account +export DECIDIM_ADMIN_EMAIL=admin@example.com +export DECIDIM_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') +#lxc-execute decidim -- bin/rails console -e production +#user = Decidim::System::Admin.new(email: "admin@example.org", password: "P8vDKAc3FdEte9Hw", password_confirmation: "P8vDKAc3FdEte9Hw") +#user.save! + +# Install config update script +cp update-conf.sh /srv/decidim/update-conf.sh + +# Stop services required for setup +service decidim-postgres stop + +# Register application +vmmgr register-app decidim decidim "${DECIDIM_ADMIN_EMAIL}" "${DECIDIM_ADMIN_PWD}" diff --git a/lxc-apps/decidim/install/createdb.sql b/lxc-apps/decidim/install/createdb.sql new file mode 100644 index 0000000..ca6112c --- /dev/null +++ b/lxc-apps/decidim/install/createdb.sql @@ -0,0 +1,7 @@ +CREATE ROLE decidim NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${DECIDIM_PWD}'; +CREATE DATABASE decidim; +REVOKE ALL ON DATABASE decidim FROM public; +ALTER DATABASE decidim OWNER TO decidim; +\c decidim; +CREATE EXTENSION ltree; +CREATE EXTENSION pg_trgm; diff --git a/lxc-apps/decidim/install/decidim_conf/application.yml b/lxc-apps/decidim/install/decidim_conf/application.yml new file mode 100644 index 0000000..e72713d --- /dev/null +++ b/lxc-apps/decidim/install/decidim_conf/application.yml @@ -0,0 +1,7 @@ +DATABASE_URL: "postgres://decidim:${DECIDIM_PWD}@decidim-postgres/decidim" +SECRET_KEY_BASE: "${DECIDIM_SECRET}" +SMTP_USERNAME: "admin@example.com" +SMTP_PASSWORD: "" +SMTP_ADDRESS: "decidim-smtp" +SMTP_DOMAIN: "example.com" +RAILS_LOG_TO_STDOUT: "1" diff --git a/lxc-apps/decidim/install/decidim_conf/environments/production.rb b/lxc-apps/decidim/install/decidim_conf/environments/production.rb new file mode 100644 index 0000000..f380efd --- /dev/null +++ b/lxc-apps/decidim/install/decidim_conf/environments/production.rb @@ -0,0 +1,104 @@ +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. + + # Code is not reloaded between requests. + config.cache_classes = true + + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both threaded web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + config.eager_load = true + + # Full error reports are disabled and caching is turned on. + config.consider_all_requests_local = false + config.action_controller.perform_caching = true + + # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] + # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). + # config.require_master_key = true + + # Disable serving static files from the `/public` folder by default since + # Apache or NGINX already handles this. + config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? + + # Compress JavaScripts and CSS. + config.assets.js_compressor = Uglifier.new(:harmony => true) + # config.assets.css_compressor = :sass + + # Do not fallback to assets pipeline if a precompiled asset is missed. + config.assets.compile = false + + # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb + + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.action_controller.asset_host = 'http://assets.example.com' + + # Specifies the header that your server uses for sending files. + # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX + + # Store uploaded files on the local file system (see config/storage.yml for options) + config.active_storage.service = :local + + # Mount Action Cable outside main process or domain + # config.action_cable.mount_path = nil + # config.action_cable.url = 'wss://example.com/cable' + # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + config.force_ssl = true + + # Use the lowest log level to ensure availability of diagnostic information + # when problems arise. + config.log_level = :info + + # Prepend all log lines with the following tags. + config.log_tags = [ :request_id ] + + # Use a different cache store in production. + # config.cache_store = :mem_cache_store + + # Use a real queuing backend for Active Job (and separate queues per environment) + # config.active_job.queue_adapter = :resque + # config.active_job.queue_name_prefix = "decidim-app_#{Rails.env}" + + config.action_mailer.perform_caching = false + + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. + # config.action_mailer.raise_delivery_errors = false + + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation cannot be found). + config.i18n.fallbacks = true + + # Send deprecation notices to registered listeners. + config.active_support.deprecation = :notify + + # Use default logging formatter so that PID and timestamp are not suppressed. + config.log_formatter = ::Logger::Formatter.new + config.action_mailer.smtp_settings = { + :address => Rails.application.secrets.smtp_address, + :port => Rails.application.secrets.smtp_port, + :authentication => Rails.application.secrets.smtp_authentication, + :user_name => Rails.application.secrets.smtp_username, + :password => Rails.application.secrets.smtp_password, + :domain => Rails.application.secrets.smtp_domain, + :enable_starttls_auto => Rails.application.secrets.smtp_starttls_auto, + :openssl_verify_mode => 'none' + } + + # Use a different logger for distributed setups. + # require 'syslog/logger' + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') + + if ENV["RAILS_LOG_TO_STDOUT"].present? + logger = ActiveSupport::Logger.new(STDOUT) + logger.formatter = config.log_formatter + config.logger = ActiveSupport::TaggedLogging.new(logger) + end + + # Do not dump schema after migrations. + config.active_record.dump_schema_after_migration = false + end diff --git a/lxc-apps/decidim/install/decidim_conf/initializers/decidim.rb b/lxc-apps/decidim/install/decidim_conf/initializers/decidim.rb new file mode 100644 index 0000000..178c78b --- /dev/null +++ b/lxc-apps/decidim/install/decidim_conf/initializers/decidim.rb @@ -0,0 +1,128 @@ +# frozen_string_literal: true + +Decidim.configure do |config| + config.application_name = "Decidim" + config.mailer_sender = "admin@example.com" + + # Change these lines to set your preferred locales + config.default_locale = :cs + config.available_locales = [:cs, :sk, :en, :de, :fr, :es] + + # Geocoder configuration + # config.geocoder = { + # static_map_url: "https://image.maps.cit.api.here.com/mia/1.6/mapview", + # here_app_id: Rails.application.secrets.geocoder[:here_app_id], + # here_app_code: Rails.application.secrets.geocoder[:here_app_code] + # } + + # Custom resource reference generator method + # config.reference_generator = lambda do |resource, component| + # # Implement your custom method to generate resources references + # "1234-#{resource.id}" + # end + + # Currency unit + # config.currency_unit = "€" + + # The number of reports which an object can receive before hiding it + # config.max_reports_before_hiding = 3 + + # Custom HTML Header snippets + # + # The most common use is to integrate third-party services that require some + # extra JavaScript or CSS. Also, you can use it to add extra meta tags to the + # HTML. Note that this will only be rendered in public pages, not in the admin + # section. + # + # Before enabling this you should ensure that any tracking that might be done + # is in accordance with the rules and regulations that apply to your + # environment and usage scenarios. This component also comes with the risk + # that an organization's administrator injects malicious scripts to spy on or + # take over user accounts. + # + config.enable_html_header_snippets = false + + # SMS gateway configuration + # + # If you want to verify your users by sending a verification code via + # SMS you need to provide a SMS gateway service class. + # + # An example class would be something like: + # + # class MySMSGatewayService + # attr_reader :mobile_phone_number, :code + # + # def initialize(mobile_phone_number, code) + # @mobile_phone_number = mobile_phone_number + # @code = code + # end + # + # def deliver_code + # # Actual code to deliver the code + # true + # end + # end + # + # config.sms_gateway_service = "MySMSGatewayService" + + # Timestamp service configuration + # + # Provide a class to generate a timestamp for a document. The instances of + # this class are initialized with a hash containing the :document key with + # the document to be timestamped as value. The istances respond to a + # timestamp public method with the timestamp + # + # An example class would be something like: + # + # class MyTimestampService + # attr_accessor :document + # + # def initialize(args = {}) + # @document = args.fetch(:document) + # end + # + # def timestamp + # # Code to generate timestamp + # "My timestamp" + # end + # end + # + # config.timestamp_service = "MyTimestampService" + + # PDF signature service configuration + # + # Provide a class to process a pdf and return the document including a + # digital signature. The instances of this class are initialized with a hash + # containing the :pdf key with the pdf file content as value. The instances + # respond to a signed_pdf method containing the pdf with the signature + # + # An example class would be something like: + # + # class MyPDFSignatureService + # attr_accessor :pdf + # + # def initialize(args = {}) + # @pdf = args.fetch(:pdf) + # end + # + # def signed_pdf + # # Code to return the pdf signed + # end + # end + # + # config.pdf_signature_service = "MyPDFSignatureService" + + # Etherpad configuration + # + # Only needed if you want to have Etherpad integration with Decidim. See + # Decidim docs at docs/services/etherpad.md in order to set it up. + # + # config.etherpad = { + # server: Rails.application.secrets.etherpad[:server], + # api_key: Rails.application.secrets.etherpad[:api_key], + # api_version: Rails.application.secrets.etherpad[:api_version] + # } + end + + Rails.application.config.i18n.available_locales = Decidim.available_locales + Rails.application.config.i18n.default_locale = Decidim.default_locale diff --git a/lxc-apps/decidim/install/postgres_data/pg_hba.conf b/lxc-apps/decidim/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/decidim/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/decidim/install/postgres_data/postgresql.conf b/lxc-apps/decidim/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/decidim/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/decidim/lxc/etc/nginx/nginx.conf b/lxc-apps/decidim/lxc/etc/nginx/nginx.conf new file mode 100644 index 0000000..0807999 --- /dev/null +++ b/lxc-apps/decidim/lxc/etc/nginx/nginx.conf @@ -0,0 +1,29 @@ +user nginx; +pid /run/nginx.pid; +worker_processes 1; +error_log /dev/stderr warn; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + access_log off; + server_tokens off; + client_max_body_size 100m; + sendfile on; + send_timeout 300; + + server { + listen 8080; + server_name localhost; + + passenger_enabled on; + rails_env production; + + root /srv/decidim-app/public; + } +} diff --git a/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish new file mode 100755 index 0000000..4da043c --- /dev/null +++ b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +foreground { s6-svwait -d -t 3000 cts } +foreground { s6-svwait -d -t 3000 nginx } diff --git a/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run b/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run new file mode 100755 index 0000000..2a20bcd --- /dev/null +++ b/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run @@ -0,0 +1,6 @@ +#!/bin/execlineb -P + +export RAILS_ENV production +fdmove -c 2 1 +s6-setuidgid www-data +/srv/decidim-app/bin/delayed_job start diff --git a/lxc-apps/decidim/lxc/etc/services.d/nginx/run b/lxc-apps/decidim/lxc/etc/services.d/nginx/run new file mode 100755 index 0000000..dff57ac --- /dev/null +++ b/lxc-apps/decidim/lxc/etc/services.d/nginx/run @@ -0,0 +1,3 @@ +#!/bin/execlineb -P + +nginx -g "daemon off;" diff --git a/lxc-apps/decidim/lxc/srv/decidim-app/Gemfile b/lxc-apps/decidim/lxc/srv/decidim-app/Gemfile new file mode 100644 index 0000000..226430c --- /dev/null +++ b/lxc-apps/decidim/lxc/srv/decidim-app/Gemfile @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +ruby RUBY_VERSION + +gem "decidim", "0.19.0" +# gem "decidim-consultations", "0.19.0" +# gem "decidim-initiatives", "0.19.0" + +gem "bootsnap", "~> 1.3" + +gem "puma", "~> 3.12" +gem "uglifier", "~> 4.1" + +gem "faker", "~> 1.9" + +group :development, :test do + gem "byebug", "~> 11.0", platform: :mri + + gem "decidim-dev", "0.19.0" +end + +group :development do + gem "letter_opener_web", "~> 1.3" + gem "listen", "~> 3.1" + gem "spring", "~> 2.0" + gem "spring-watcher-listen", "~> 2.0" + gem "web-console", "~> 3.5" +end + +gem "figaro" +group :production do + gem "passenger" + gem "delayed_job_active_record" + gem "daemons" +end diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile new file mode 100644 index 0000000..a92d29a --- /dev/null +++ b/lxc-apps/decidim/lxcfile @@ -0,0 +1,49 @@ +IMAGE decidim_0.0.1-191113 + +LAYER alpine3.9_3.9.4-190620 +LAYER alpine3.9-ruby2.6_2.6.3-190620 +LAYER alpine3.9-nodejs10_10.14.2-190620 +LAYER alpine3.9-nginx_1.14.2-191115 + +FIXLAYER /usr/bin/fix-apk + +ENV RAILS_ENV production + +RUN EOF + # Install runtime dependencies + apk --no-cache add libpq tzdata + + # Install build dependencies + apk --no-cache add --virtual .deps build-base icu-dev libxml2-dev libxslt-dev postgresql-dev zlib-dev + + # Install passenger + gem install passenger --no-rdoc --no-ri + + # Install Decidim + bundle config build.nokogiri --use-system-libraries + gem install decidim + cd /srv + decidim decidim-app +EOF + +COPY lxc + +RUN EOF + # Install gems required by decidim + cd /srv/decidim-app + bundle install + + # Setup delayed job for mail sending + bin/rails generate delayed_job:active_record + + # Precompile static assets + bin/rails assets:precompile + + # Change ownership + chown -R www-data:www-data /srv/decidim-app + + # Cleanup + apk --no-cache del .deps +EOF + +CMD s6-svscan /etc/services.d From e8138099cb1b1d4617c14b9fc81753c8b297b810 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 14:48:16 +0100 Subject: [PATCH 066/228] Move libressl to basic alpine image --- lxc-apps/ckan/ckan-datapusher.lxcfile | 2 +- lxc-shared/alpine3.8-ruby2.4/lxcfile | 2 +- lxc-shared/alpine3.8/lxcfile | 2 +- lxc-shared/alpine3.9-ruby2.4/lxcfile | 2 +- lxc-shared/alpine3.9-ruby2.6/lxcfile | 2 +- lxc-shared/alpine3.9/lxcfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lxc-apps/ckan/ckan-datapusher.lxcfile b/lxc-apps/ckan/ckan-datapusher.lxcfile index db6a1bc..e9e94a3 100644 --- a/lxc-apps/ckan/ckan-datapusher.lxcfile +++ b/lxc-apps/ckan/ckan-datapusher.lxcfile @@ -5,7 +5,7 @@ LAYER alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies - apk --no-cache add libffi libressl uwsgi-python + apk --no-cache add libffi uwsgi-python # Install build dependencies apk --no-cache add --virtual .deps build-base git libffi-dev libressl-dev libxml2-dev libxslt-dev py2-pip python2-dev diff --git a/lxc-shared/alpine3.8-ruby2.4/lxcfile b/lxc-shared/alpine3.8-ruby2.4/lxcfile index 893bb75..9992ee4 100644 --- a/lxc-shared/alpine3.8-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.8-ruby2.4/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.8_3.8.4-190620 RUN EOF # Install Ruby runtime dependencies - apk --no-cache add gdbm libressl readline zlib + apk --no-cache add gdbm readline zlib # Install Ruby build dependencies apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev diff --git a/lxc-shared/alpine3.8/lxcfile b/lxc-shared/alpine3.8/lxcfile index 0696876..19f0865 100644 --- a/lxc-shared/alpine3.8/lxcfile +++ b/lxc-shared/alpine3.8/lxcfile @@ -7,7 +7,7 @@ RUN EOF apk --no-cache upgrade # Install s6 supervisor - apk --no-cache add libxml2 libxslt ncurses-libs s6 + apk --no-cache add libressl libxml2 libxslt ncurses-libs s6 # Cleanup rm -rf /etc/crontabs/root /etc/periodic diff --git a/lxc-shared/alpine3.9-ruby2.4/lxcfile b/lxc-shared/alpine3.9-ruby2.4/lxcfile index a908b1f..d448049 100644 --- a/lxc-shared/alpine3.9-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.4/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 RUN EOF # Install Ruby runtime dependencies - apk --no-cache add gdbm libressl readline zlib + apk --no-cache add gdbm readline zlib # Install Ruby build dependencies apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev diff --git a/lxc-shared/alpine3.9-ruby2.6/lxcfile b/lxc-shared/alpine3.9-ruby2.6/lxcfile index f7bb12b..dd3c2e8 100644 --- a/lxc-shared/alpine3.9-ruby2.6/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.6/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 RUN EOF # Install Ruby runtime dependencies - apk --no-cache add gdbm libressl readline zlib + apk --no-cache add gdbm readline zlib # Install Ruby build dependencies apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev diff --git a/lxc-shared/alpine3.9/lxcfile b/lxc-shared/alpine3.9/lxcfile index d86f9e6..ad7faaa 100644 --- a/lxc-shared/alpine3.9/lxcfile +++ b/lxc-shared/alpine3.9/lxcfile @@ -8,7 +8,7 @@ RUN EOF apk --no-cache upgrade # Install s6 supervisor - apk --no-cache add libxml2 libxslt ncurses-libs s6 + apk --no-cache add libressl libxml2 libxslt ncurses-libs s6 # Cleanup rm -rf /etc/crontabs/root /etc/periodic From d3129d81abc53df9a69bc04a2a77efa3bb7bce15 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 14:53:05 +0100 Subject: [PATCH 067/228] Move readline to basic alpine image --- lxc-shared/alpine3.8-ruby2.4/lxcfile | 2 +- lxc-shared/alpine3.8/lxcfile | 2 +- lxc-shared/alpine3.9-ruby2.4/lxcfile | 2 +- lxc-shared/alpine3.9-ruby2.6/lxcfile | 2 +- lxc-shared/alpine3.9/lxcfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lxc-shared/alpine3.8-ruby2.4/lxcfile b/lxc-shared/alpine3.8-ruby2.4/lxcfile index 9992ee4..1327a28 100644 --- a/lxc-shared/alpine3.8-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.8-ruby2.4/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.8_3.8.4-190620 RUN EOF # Install Ruby runtime dependencies - apk --no-cache add gdbm readline zlib + apk --no-cache add gdbm zlib # Install Ruby build dependencies apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev diff --git a/lxc-shared/alpine3.8/lxcfile b/lxc-shared/alpine3.8/lxcfile index 19f0865..07e1476 100644 --- a/lxc-shared/alpine3.8/lxcfile +++ b/lxc-shared/alpine3.8/lxcfile @@ -7,7 +7,7 @@ RUN EOF apk --no-cache upgrade # Install s6 supervisor - apk --no-cache add libressl libxml2 libxslt ncurses-libs s6 + apk --no-cache add libressl libxml2 libxslt ncurses-libs readline s6 # Cleanup rm -rf /etc/crontabs/root /etc/periodic diff --git a/lxc-shared/alpine3.9-ruby2.4/lxcfile b/lxc-shared/alpine3.9-ruby2.4/lxcfile index d448049..aa37e4e 100644 --- a/lxc-shared/alpine3.9-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.4/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 RUN EOF # Install Ruby runtime dependencies - apk --no-cache add gdbm readline zlib + apk --no-cache add gdbm zlib # Install Ruby build dependencies apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev diff --git a/lxc-shared/alpine3.9-ruby2.6/lxcfile b/lxc-shared/alpine3.9-ruby2.6/lxcfile index dd3c2e8..00b3148 100644 --- a/lxc-shared/alpine3.9-ruby2.6/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.6/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 RUN EOF # Install Ruby runtime dependencies - apk --no-cache add gdbm readline zlib + apk --no-cache add gdbm zlib # Install Ruby build dependencies apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev diff --git a/lxc-shared/alpine3.9/lxcfile b/lxc-shared/alpine3.9/lxcfile index ad7faaa..8972ab0 100644 --- a/lxc-shared/alpine3.9/lxcfile +++ b/lxc-shared/alpine3.9/lxcfile @@ -8,7 +8,7 @@ RUN EOF apk --no-cache upgrade # Install s6 supervisor - apk --no-cache add libressl libxml2 libxslt ncurses-libs s6 + apk --no-cache add libressl libxml2 libxslt ncurses-libs readline s6 # Cleanup rm -rf /etc/crontabs/root /etc/periodic From 5084dc1579f7a5465bfc99a46d35f6e3fb39fb20 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 15:04:34 +0100 Subject: [PATCH 068/228] Rename FIXLAYER to MERGE and update for merging passwd/group/shadow --- build/install-toolchain.sh | 4 +- build/usr/bin/fix-apk | 94 ---------- build/usr/bin/lxcmerge | 175 ++++++++++++++++++ .../lib/python3.6/lxcbuild/imagebuilder.py | 6 +- lxc-apps/crisiscleanup/lxcfile | 2 +- lxc-apps/cts/lxcfile | 2 +- lxc-apps/decidim/lxcfile | 2 +- lxc-apps/gnuhealth/lxcfile | 2 +- lxc-apps/odoo/lxcfile | 2 +- .../opendatakit/opendatakit-build.lxcfile | 2 +- lxc-apps/openmapkit/lxcfile | 2 +- lxc-apps/pandora/lxcfile | 2 +- lxc-apps/sahana/lxcfile | 2 +- lxc-apps/seeddms/lxcfile | 2 +- 14 files changed, 190 insertions(+), 109 deletions(-) delete mode 100755 build/usr/bin/fix-apk create mode 100755 build/usr/bin/lxcmerge diff --git a/build/install-toolchain.sh b/build/install-toolchain.sh index 1530203..7bf2762 100755 --- a/build/install-toolchain.sh +++ b/build/install-toolchain.sh @@ -22,8 +22,8 @@ adduser root abuild cp etc/abuild.conf /etc/abuild.conf # Prepare LXC build toolchain -cp usr/bin/fix-apk /usr/bin/fix-apk -cp usr/bin/lxc-build /usr/bin/lxc-build +cp usr/bin/lxcbuild /usr/bin/lxcbuild +cp usr/bin/lxcmerge /usr/bin/lxcmerge mkdir -p /srv/build/lxc/apps /srv/build/lxc/images # Prepare local APK repository diff --git a/build/usr/bin/fix-apk b/build/usr/bin/fix-apk deleted file mode 100755 index 20f1570..0000000 --- a/build/usr/bin/fix-apk +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- - -import argparse -import os -import shutil -import sys -import tarfile -import tempfile - -parser = argparse.ArgumentParser(description='APK database merge script') -parser.add_argument('layers', help='Path to LXC layers to be merged', nargs=argparse.REMAINDER) - -if len(sys.argv) < 2: - parser.print_usage() - sys.exit(1) -args = parser.parse_args() -layers = args.layers[::-1] - -# /etc/apk/world -world = [] -for layer in layers: - try: - with open(os.path.join(layer, 'etc/apk/world'), 'r') as f: - for line in f: - if line not in world: - world.append(line) - except: - continue -os.makedirs(os.path.join(layers[-1], 'etc/apk'), 0o755, True) -with open(os.path.join(layers[-1], 'etc/apk/world'), 'w') as f: - f.writelines(world) -os.chown(os.path.join(layers[-1], 'etc'), 100000, 100000) -os.chown(os.path.join(layers[-1], 'etc/apk'), 100000, 100000) -os.chown(os.path.join(layers[-1], 'etc/apk/world'), 100000, 100000) - -# /lib/apk/db/installed -installed = [] -for layer in layers: - try: - with open(os.path.join(layer, 'lib/apk/db/installed'), 'r') as f: - buffer = [] - for line in f: - if line.startswith('C:'): - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - buffer = [] - buffer.append(line) - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - except: - continue -os.makedirs(os.path.join(layers[-1], 'lib/apk/db'), 0o755, True) -with open(os.path.join(layers[-1], 'lib/apk/db/installed'), 'w') as f: - f.writelines(installed) -os.chown(os.path.join(layers[-1], 'lib'), 100000, 100000) -os.chown(os.path.join(layers[-1], 'lib/apk'), 100000, 100000) -os.chown(os.path.join(layers[-1], 'lib/apk/db'), 100000, 100000) -os.chown(os.path.join(layers[-1], 'lib/apk/db/installed'), 100000, 100000) - -# /lib/apk/db/scripts.tar -tmp_tar_path = tempfile.mkstemp()[1] -files_in_tar = [] -with tarfile.open(tmp_tar_path, 'w:') as tmp_tar: - for layer in layers: - tar_path = os.path.join(layer, 'lib/apk/db/scripts.tar') - if os.path.exists(tar_path): - with tarfile.open(tar_path, 'r:') as tar: - for member in tar.getmembers(): - if member.name not in files_in_tar: - buffer = tar.extractfile(member) - tmp_tar.addfile(member, buffer) - files_in_tar.append(member.name) -if files_in_tar: - shutil.move(tmp_tar_path, os.path.join(layers[-1], 'lib/apk/db/scripts.tar')) - os.chown(os.path.join(layers[-1], 'lib/apk/db/scripts.tar'), 100000, 100000) -else: - os.unlink(tmp_tar_path) - -# /lib/apk/db/triggers -triggers = [] -for layer in layers: - try: - with open(os.path.join(layer, 'lib/apk/db/triggers'), 'r') as f: - for line in f: - if line not in triggers: - triggers.append(line) - except: - continue -with open(os.path.join(layers[-1], 'lib/apk/db/triggers'), 'w') as f: - f.writelines(triggers) -os.chown(os.path.join(layers[-1], 'lib/apk/db/triggers'), 100000, 100000) diff --git a/build/usr/bin/lxcmerge b/build/usr/bin/lxcmerge new file mode 100755 index 0000000..234bb04 --- /dev/null +++ b/build/usr/bin/lxcmerge @@ -0,0 +1,175 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- + +import argparse +import os +import shutil +import sys +import tarfile +import tempfile + +APK_WORLD = 'etc/apk/world' +APK_INSTALLED = 'lib/apk/db/installed' +APK_SCRIPTS = 'lib/apk/db/scripts.tar' +APK_TRIGGERS = 'lib/apk/db/triggers' + +ETC_PASSWD = 'etc/passwd' +ETC_GROUP = 'etc/groups' +ETC_SHADOW = 'etc/shadow' + +def makedirs(path, mode=0o755, uid=100000, gid=100000): + try: + os.mkdir(path, mode) + os.chown(path, uid, gid) + except FileNotFoundError: + makedirs(os.path.dirname(path), mode, uid, gid) + os.mkdir(path, mode) + os.chown(path, uid, gid) + except FileExistsError: + pass + +def merge_apk_world(): + world = [] + for layer in layers: + try: + with open(os.path.join(layer, APK_WORLD), 'r') as f: + for line in f: + if line not in world: + world.append(line) + except: + continue + makedirs(os.path.join(layers[-1], os.path.dirname(APK_WORLD))) + with open(os.path.join(layers[-1], APK_WORLD), 'w') as f: + f.writelines(world) + os.chown(os.path.join(layers[-1], APK_WORLD), 100000, 100000) + +def merge_apk_installed(): + installed = [] + for layer in layers: + try: + with open(os.path.join(layer, APK_INSTALLED), 'r') as f: + buffer = [] + for line in f: + if line.startswith('C:'): + buffer = ''.join(buffer) + if buffer not in installed: + installed.append(buffer) + buffer = [] + buffer.append(line) + buffer = ''.join(buffer) + if buffer not in installed: + installed.append(buffer) + except: + continue + makedirs(os.path.join(layers[-1], os.path.dirname(APK_INSTALLED))) + with open(os.path.join(layers[-1], APK_INSTALLED), 'w') as f: + f.writelines(installed) + os.chown(os.path.join(layers[-1], APK_INSTALLED), 100000, 100000) + +def merge_apk_scripts(): + tmp_tar_path = tempfile.mkstemp()[1] + files_in_tar = [] + with tarfile.open(tmp_tar_path, 'w:') as tmp_tar: + for layer in layers: + tar_path = os.path.join(layer, APK_SCRIPTS) + if os.path.exists(tar_path): + with tarfile.open(tar_path, 'r:') as tar: + for member in tar.getmembers(): + if member.name not in files_in_tar: + buffer = tar.extractfile(member) + tmp_tar.addfile(member, buffer) + files_in_tar.append(member.name) + if files_in_tar: + makedirs(os.path.join(layers[-1], os.path.dirname(APK_SCRIPTS))) + shutil.move(tmp_tar_path, os.path.join(layers[-1], APK_SCRIPTS)) + os.chown(os.path.join(layers[-1], APK_SCRIPTS), 100000, 100000) + else: + os.unlink(tmp_tar_path) + +def merge_apk_triggers(): + triggers = [] + for layer in layers: + try: + with open(os.path.join(layer, APK_TRIGGERS), 'r') as f: + for line in f: + if line not in triggers: + triggers.append(line) + except: + continue + makedirs(os.path.join(layers[-1], os.path.dirname(APK_TRIGGERS))) + with open(os.path.join(layers[-1], APK_TRIGGERS), 'w') as f: + f.writelines(triggers) + os.chown(os.path.join(layers[-1], APK_TRIGGERS), 100000, 100000) + +def merge_etc_passwd(): + passwd = {} + for layer in layers: + try: + with open(os.path.join(layer, ETC_PASSWD), 'r') as f: + for line in f: + passwd[line.split(':')[0]] = line + except: + continue + makedirs(os.path.join(layers[-1], os.path.dirname(ETC_PASSWD))) + with open(os.path.join(layers[-1], ETC_PASSWD), 'w') as f: + f.writelines(passwd.values()) + os.chown(os.path.join(layers[-1], ETC_PASSWD), 100000, 100000) + +def merge_etc_group(): + groups = {} + for layer in layers: + try: + with open(os.path.join(layer, ETC_GROUP), 'r') as f: + for line in f: + name,pwd,gid,users = line.split(':') + name = splitline[0] + users = splitline[3].strip().split(',') + if name not in groups: + groups[name] = [name,pwd,gid,users] + else: + groups[name][1] = pwd + groups[name][2] = gid + for user in users: + if user not in groups[name][3]: + groups[name][3].append(user) + except: + continue + for group in groups.values(): + group[3] = '{}\n'.format(','.join(group[3])) + makedirs(os.path.join(layers[-1], os.path.dirname(ETC_GROUP))) + with open(os.path.join(layers[-1], ETC_GROUP), 'w') as f: + f.writelines([':'.join(group) for group in groups.values()]) + os.chown(os.path.join(layers[-1], ETC_GROUP), 100000, 100000) + +def merge_etc_shadow(): + shadow = {} + for layer in layers: + try: + with open(os.path.join(layer, ETC_SHADOW), 'r') as f: + for line in f: + shadow[line.split(':')[0]] = line + except: + continue + makedirs(os.path.join(layers[-1], os.path.dirname(ETC_SHADOW))) + with open(os.path.join(layers[-1], ETC_SHADOW), 'w') as f: + f.writelines(shadow.values()) + os.chown(os.path.join(layers[-1], ETC_SHADOW), 100000, 100042) + + +parser = argparse.ArgumentParser(description='APK database merge script') +parser.add_argument('layers', help='Path to LXC layers to be merged', nargs=argparse.REMAINDER) + +if len(sys.argv) < 2: + parser.print_usage() + sys.exit(1) +args = parser.parse_args() +layers = args.layers[::-1] + +merge_apk_world() +merge_apk_installed() +merge_apk_scripts() +merge_apk_triggers() + +merge_etc_passwd() +merge_etc_group() +merge_etc_shadow() diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index 337a9c5..8681437 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -41,8 +41,8 @@ class ImageBuilder: self.set_name(args) elif 'LAYER' == directive: self.add_layer(args) - elif 'FIXLAYER' == directive: - self.fix_layer(args.split()) + elif 'MERGE' == directive: + self.merge_layers(args.split()) elif 'COPY' == directive: srcdst = args.split() self.copy_files(srcdst[0], srcdst[1] if len(srcdst) == 2 else '') @@ -92,7 +92,7 @@ class ImageBuilder: raise ImageNotFoundError(layer_path) self.image.conf['layers'].insert(1, name) - def fix_layer(self, cmd): + def merge_layers(self, cmd): layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']] subprocess.run(cmd + layers, check=True) diff --git a/lxc-apps/crisiscleanup/lxcfile b/lxc-apps/crisiscleanup/lxcfile index 9556e2f..373d7ac 100644 --- a/lxc-apps/crisiscleanup/lxcfile +++ b/lxc-apps/crisiscleanup/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.8_3.8.4-190620 LAYER alpine3.8-ruby2.4_2.4.5-190620 LAYER alpine3.8-nodejs8_8.14.0-190620 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge ENV RAILS_ENV production diff --git a/lxc-apps/cts/lxcfile b/lxc-apps/cts/lxcfile index 7e99e9a..c8163a0 100644 --- a/lxc-apps/cts/lxcfile +++ b/lxc-apps/cts/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python2.7_2.7.16-190620 LAYER alpine3.9-nginx_1.14.2-191115 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install runtime dependencies diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile index a92d29a..21fbff3 100644 --- a/lxc-apps/decidim/lxcfile +++ b/lxc-apps/decidim/lxcfile @@ -5,7 +5,7 @@ LAYER alpine3.9-ruby2.6_2.6.3-190620 LAYER alpine3.9-nodejs10_10.14.2-190620 LAYER alpine3.9-nginx_1.14.2-191115 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge ENV RAILS_ENV production diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile index cde9b09..0ed42c1 100644 --- a/lxc-apps/gnuhealth/lxcfile +++ b/lxc-apps/gnuhealth/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python3.6_3.6.8-190620 LAYER alpine3.9-nodejs10_10.14.2-190620 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install runtime dependencies diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/lxcfile index 21bc8af..bc9eff2 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python3.6_3.6.8-190620 LAYER alpine3.9-nodejs10_10.14.2-190620 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install runtime dependencies diff --git a/lxc-apps/opendatakit/opendatakit-build.lxcfile b/lxc-apps/opendatakit/opendatakit-build.lxcfile index 492e6d9..1353a09 100644 --- a/lxc-apps/opendatakit/opendatakit-build.lxcfile +++ b/lxc-apps/opendatakit/opendatakit-build.lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-ruby2.4_2.4.5-190620 LAYER alpine3.9-nodejs10_10.14.2-190620 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install runtime dependencies diff --git a/lxc-apps/openmapkit/lxcfile b/lxc-apps/openmapkit/lxcfile index 563fd12..7b6db89 100644 --- a/lxc-apps/openmapkit/lxcfile +++ b/lxc-apps/openmapkit/lxcfile @@ -5,7 +5,7 @@ LAYER alpine3.9-java8_8.212.04-190620 LAYER alpine3.9-python2.7_2.7.16-190620 LAYER alpine3.9-nodejs10_10.14.2-190620 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install build dependencies diff --git a/lxc-apps/pandora/lxcfile b/lxc-apps/pandora/lxcfile index ce920d3..c0a3cd3 100644 --- a/lxc-apps/pandora/lxcfile +++ b/lxc-apps/pandora/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python3.6_3.6.8-190620 LAYER alpine3.9-nginx_1.14.2-191115 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install runtime dependencies diff --git a/lxc-apps/sahana/lxcfile b/lxc-apps/sahana/lxcfile index c92402c..10bfec2 100644 --- a/lxc-apps/sahana/lxcfile +++ b/lxc-apps/sahana/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-python2.7_2.7.16-190620 LAYER alpine3.9-nginx_1.14.2-191115 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install runtime dependencies diff --git a/lxc-apps/seeddms/lxcfile b/lxc-apps/seeddms/lxcfile index 52ea6d6..d1231bf 100644 --- a/lxc-apps/seeddms/lxcfile +++ b/lxc-apps/seeddms/lxcfile @@ -5,7 +5,7 @@ LAYER alpine3.9-nginx_1.14.2-191115 LAYER alpine3.9-php7.2_7.2.19-190620 LAYER alpine3.9-python3.6_3.6.8-190620 -FIXLAYER /usr/bin/fix-apk +MERGE /usr/bin/lxcmerge RUN EOF # Install runtime dependencies From d56afb17c25f60fd99cca55f6f5671367ea7de95 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 15:04:47 +0100 Subject: [PATCH 069/228] Update naming in docs --- doc/toolchain/index.rst | 2 +- doc/toolchain/lxc-build.md | 12 ++++++------ doc/toolchain/lxc-overview.md | 2 +- doc/toolchain/lxc-pack.md | 2 +- doc/toolchain/vm-creation.md | 2 +- doc/toolchain/vmmgr-hooks.md | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/doc/toolchain/index.rst b/doc/toolchain/index.rst index c12be6e..b158571 100644 --- a/doc/toolchain/index.rst +++ b/doc/toolchain/index.rst @@ -7,7 +7,7 @@ VM building and packaging vm-creation abuild lxc-overview - lxc-build + lxcbuild lxc-pack pkgmgr vmmgr-hooks diff --git a/doc/toolchain/lxc-build.md b/doc/toolchain/lxc-build.md index 835d38d..37b64c7 100644 --- a/doc/toolchain/lxc-build.md +++ b/doc/toolchain/lxc-build.md @@ -2,18 +2,18 @@ ## Overview -`lxc-build` utility creates a LXC container based on its build recipe and build context path given in command line parameter. If a filename is given, the build recipe is loaded from the file and the directory in which the file resides is taken as build context, ie. all relative paths are resolved from it. In case a directory path is passed as parameter, the directory is then used as build context and a file called `lxcfile` from the given directory is used as build recipe. +`lxcbuild` utility creates a LXC container based on its build recipe and build context path given in command line parameter. If a filename is given, the build recipe is loaded from the file and the directory in which the file resides is taken as build context, ie. all relative paths are resolved from it. In case a directory path is passed as parameter, the directory is then used as build context and a file called `lxcfile` from the given directory is used as build recipe. ### Usage ```bash -lxc-build +lxcbuild where the buildpath can be either specific lxcfile or a directory containing one ``` ## Directives used in lxcfile -The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to ease the potential transition. Since LXC operates on much lower level of abstraction than Docker, some principles are applied more explicitly and verbosely. Major difference between Docker and *lxc-build* is that every directive in *Dockerfile* creates a new filesystem layer whereas layers in *lxc-build* are managed manually. +The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to ease the potential transition. Since LXC operates on much lower level of abstraction than Docker, some principles are applied more explicitly and verbosely. Major difference between Docker and *lxcbuild* is that every directive in *Dockerfile* creates a new filesystem layer whereas layers in *lxcbuild* are managed manually. ### IMAGE @@ -29,9 +29,9 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas - **Docker equivalent:** `FROM` - **Populates LXC field:** `lxc.rootfs.path` -### FIXLAYER +### MERGE -- **Usage:** `FIXLAYER ` +- **Usage:** `MERGE ` - **Description:** Runs `` on LXC host and passes all layer paths as parameter to this script. This helps you to resolve the conflicts in cases where you mix multiple OverlayFS layers with overlapping files, ie. package manager cache. The idea is that all layers are read separately by the `` script and the fixed result is written back to the uppermost layer. - **Docker equivalent:** None - **Populates LXC field:** None @@ -119,7 +119,7 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas ## LXC config -Although *lxcfile* populates some LXC config fields, there are lot of defaults with remain unchanged. The template file to which *lxc-build* fills in the values looks as follows: +Although *lxcfile* populates some LXC config fields, there are lot of defaults with remain unchanged. The template file to which *lxcbuild* fills in the values looks as follows: ```bash # Image name diff --git a/doc/toolchain/lxc-overview.md b/doc/toolchain/lxc-overview.md index ad6909d..e561bc9 100644 --- a/doc/toolchain/lxc-overview.md +++ b/doc/toolchain/lxc-overview.md @@ -28,7 +28,7 @@ Due to the Docker's approach, storage overlay layers cannot be easily managed by Finally, Docker maintainers explicitly refuse to implement a possibility to isolate the docker daemon to private Docker repositories (registries) in the community edition of Docker. It is possible to have some custom and even private repositories, but it is not possible to deactivate the default public *Dockerhub*. -The downsides of using LXC is that its usage requires a bit more knowledge about how the linux containers actually work, and that most 3rd party applications are distributed using `Dockerfile`, which requires rewriting into LXC, however this is simplified by the [`lxc-build`](lxc-build) tool, which aims to automatize LXC container building using *Dockerfile*-like syntax. +The downsides of using LXC is that its usage requires a bit more knowledge about how the linux containers actually work, and that most 3rd party applications are distributed using `Dockerfile`, which requires rewriting into LXC, however this is simplified by the [`lxcbuild`](lxcbuild) tool, which aims to automatize LXC container building using *Dockerfile*-like syntax. ## Container interfaces diff --git a/doc/toolchain/lxc-pack.md b/doc/toolchain/lxc-pack.md index c337383..f188b30 100644 --- a/doc/toolchain/lxc-pack.md +++ b/doc/toolchain/lxc-pack.md @@ -4,7 +4,7 @@ The `lxc-pack` utility creates a `.tar.xz` archives based on package metadata and manages the `packages.json` repository metadata file. If a filename is passed as command line parameter to `lxc-pack`, the metadata are loaded from the file. In case a directory path is given, the metadata are loaded from a file called `pkg` from the directory. All metadata files are in JSON format. -The product of *lxc-build* command described in LXC building documentation can be used in its entirety, ie. both filesystem layer and configuration, or only as dependency, in which case the container configuration is omitted and only the filesystem layer is used. Apart from that, the package can contain installation, upgrade and uninstallation script and data, all of which are optional. Accepted names are +The product of *lxcbuild* command described in LXC building documentation can be used in its entirety, ie. both filesystem layer and configuration, or only as dependency, in which case the container configuration is omitted and only the filesystem layer is used. Apart from that, the package can contain installation, upgrade and uninstallation script and data, all of which are optional. Accepted names are - `install.sh` file and `install` directory for post-install scripts. - `upgrade.sh` file and `upgrade` directory for post-upgrade scripts. diff --git a/doc/toolchain/vm-creation.md b/doc/toolchain/vm-creation.md index 674cb33..1dca777 100644 --- a/doc/toolchain/vm-creation.md +++ b/doc/toolchain/vm-creation.md @@ -58,7 +58,7 @@ There are 3 distinct packaging systems. 1. Just a plain tar for basic OS setup used by `vm.sh` installation script. 2. [Abuild](abuild) for the native Alpine linux packages (APK) used for ACME client and VMMgr packaging. -3. [`lxc-build`](lxc-build) / [`lxc-pack`](lxc-pack) for LXC container building and packaging. +3. [`lxcbuild`](lxcbuild) / [`lxc-pack`](lxc-pack) for LXC container building and packaging. Before any building and packaging can be started, build toolchain including signing keys needs to be set up. This is done via `install-toolchain.sh` script. diff --git a/doc/toolchain/vmmgr-hooks.md b/doc/toolchain/vmmgr-hooks.md index 5654c7f..60c3845 100644 --- a/doc/toolchain/vmmgr-hooks.md +++ b/doc/toolchain/vmmgr-hooks.md @@ -26,7 +26,7 @@ Where the `application` is the internal application name, same as previously use ## LXC hooks -LXC hooks set various environment variables prior to calling the defined executables. For overview of native LXC hooks, see section *Container hooks* in the official [lxc.container.conf(5) documentation](https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html). All hooks mentioned in this chapter are hardcoded in the container configuration via a template used by[`lxc-build`](lxc-build). +LXC hooks set various environment variables prior to calling the defined executables. For overview of native LXC hooks, see section *Container hooks* in the official [lxc.container.conf(5) documentation](https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html). All hooks mentioned in this chapter are hardcoded in the container configuration via a template used by[`lxcbuild`](lxcbuild). ### prepare-container From 3d8154d87ff9f7233aee031968b728eb0c8dbecb Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 15:24:26 +0100 Subject: [PATCH 070/228] Add and use alpine3.8-nginx image --- build/build-all.sh | 5 ++++- doc/existing/list.md | 8 +++++--- lxc-apps/ecogis/lxcfile | 1 + lxc-shared/alpine3.8-nginx/lxcfile | 9 +++++++++ lxc-shared/alpine3.8-php5.6/lxcfile | 1 + 5 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 lxc-shared/alpine3.8-nginx/lxcfile diff --git a/build/build-all.sh b/build/build-all.sh index e3ac551..2b06896 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -7,7 +7,7 @@ ROOT=$(dirname $(dirname $(realpath "${0}"))) cd ${ROOT}/doc make html -# Build basic.tar +# Build basic tar cd ${ROOT}/vm tar cpf /srv/build/vm.tar * @@ -48,16 +48,19 @@ abuild -F # Build apd pack runtimes cd ${ROOT}/lxc-shared lxcbuild alpine3.8 +lxcbuild alpine3.8-nginx lxcbuild alpine3.8-php5.6 lxcbuild alpine3.8-nodejs8 lxcbuild alpine3.8-ruby2.4 lxcbuild alpine3.9 +lxcbuild alpine3.9-nginx lxcbuild alpine3.9-java8 lxcbuild alpine3.9-php7.2 lxcbuild alpine3.9-python2.7 lxcbuild alpine3.9-python3.6 lxcbuild alpine3.9-nodejs10 lxcbuild alpine3.9-ruby2.4 +lxcbuild alpine3.9-ruby2.6 lxcbuild alpine3.9-tomcat7 lxcbuild alpine3.9-tomcat8.5 diff --git a/doc/existing/list.md b/doc/existing/list.md index c731d7b..abc7323 100644 --- a/doc/existing/list.md +++ b/doc/existing/list.md @@ -5,31 +5,33 @@ | Layer | Container | |-------------------------|---------------------| | Alpine 3.8 | alpine3.8 | +| Alpine 3.8 - nginx | alpine3.8-nginx | | Alpine 3.8 - PHP 5.6 | alpine3.8-php5.6 | | Alpine 3.8 - NodeJS 8 | alpine3.8-nodejs8 | | Alpine 3.9 - Ruby 2.4 | alpine3.8-ruby2.4 | | Alpine 3.9 | alpine3.9 | +| Alpine 3.9 - nginx | alpine3.9-nginx | | Alpine 3.9 - Java 8 | alpine3.9-java8 | | Alpine 3.9 - PHP 7.2 | alpine3.9-php7.2 | | Alpine 3.9 - Python 2.7 | alpine3.9-python2.7 | | Alpine 3.9 - Python 3.6 | alpine3.9-python3.6 | | Alpine 3.9 - NodeJS 10 | alpine3.9-nodejs10 | | Alpine 3.9 - Ruby 2.4 | alpine3.9-ruby2.4 | +| Alpine 3.9 - Ruby 2.6 | alpine3.9-ruby2.6 | | Alpine 3.9 - Tomcat 7 | alpine3.9-tomcat7 | | Alpine 3.9 - Tomcat 8.5 | alpine3.9-tomcat8.5 | -| Sahana - Shared | sahana-shared | ## List of service containers | Service | Container | UID/GID | Internal Port | |-----------------|-----------------|---------|------------------| | ActiveMQ | activemq | 61616 | 61616 (ActiveMQ) | -| CKAN Datapusher | ckan-datapusher | 8080 | 8080 (HTTP) | | MariaDB | mariadb | 3306 | 3306 (MySQL) | | Postgres | postgres | 5432 | 5432 (Postgres) | +| PostGIS | postgis | 5432 | 5432 (Postgres) | | RabbitMQ | rabbitmq | 5672 | 5672 (AMQP) | | Redis | redis | 6379 | 6379 (Redis) | -| Solr | solr | 8983 | 8983 (HTTP) | +| Solr 6 | solr6 | 8983 | 8983 (HTTP) | ## List of application containers diff --git a/lxc-apps/ecogis/lxcfile b/lxc-apps/ecogis/lxcfile index 692f084..a496843 100644 --- a/lxc-apps/ecogis/lxcfile +++ b/lxc-apps/ecogis/lxcfile @@ -1,6 +1,7 @@ IMAGE ecogis_0.0.1-190620 LAYER alpine3.8_3.8.4-190620 +LAYER alpine3.8-nginx_1.14.2-191115 LAYER alpine3.8-php5.6_5.6.40-190620 RUN EOF diff --git a/lxc-shared/alpine3.8-nginx/lxcfile b/lxc-shared/alpine3.8-nginx/lxcfile new file mode 100644 index 0000000..4e629d1 --- /dev/null +++ b/lxc-shared/alpine3.8-nginx/lxcfile @@ -0,0 +1,9 @@ +IMAGE alpine3.8-nginx_1.14.2-191115 + +LAYER alpine3.8_3.8.4-190620 + +RUN EOF + apk --no-cache add nginx +EOF + +CMD nginx -g "daemon off;" diff --git a/lxc-shared/alpine3.8-php5.6/lxcfile b/lxc-shared/alpine3.8-php5.6/lxcfile index 6b71f73..5e99292 100644 --- a/lxc-shared/alpine3.8-php5.6/lxcfile +++ b/lxc-shared/alpine3.8-php5.6/lxcfile @@ -1,6 +1,7 @@ IMAGE alpine3.8-php5.6_5.6.40-190620 LAYER alpine3.8_3.8.4-190620 +LAYER alpine3.8-nginx_1.14.2-191115 RUN EOF apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache From 56af4a0b660843a8249e69fdbf21cfe3a146b6ea Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 16:01:04 +0100 Subject: [PATCH 071/228] Leave ActiveMQ heap settings in default --- lxc-services/activemq/lxcfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/lxc-services/activemq/lxcfile b/lxc-services/activemq/lxcfile index 4584249..7a76154 100644 --- a/lxc-services/activemq/lxcfile +++ b/lxc-services/activemq/lxcfile @@ -13,9 +13,6 @@ RUN EOF adduser -S -u 61616 -h /srv/activemq -s /bin/false -g activemq -G activemq activemq mkdir /srv/activemq/tmp chown activemq:activemq /srv/activemq/tmp - - # Configure Java heap size - sed -i "s/-Xms64M -Xmx1G/-Xms32M -Xmx256M/" /srv/activemq/bin/env EOF COPY lxc From 827991d7ace690313e0107e833f0a0bdc48c74a8 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 16:28:49 +0100 Subject: [PATCH 072/228] Revert order of layers for MERGE --- build/usr/bin/lxcmerge | 31 +++++++++---------- .../lib/python3.6/lxcbuild/imagebuilder.py | 2 +- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/build/usr/bin/lxcmerge b/build/usr/bin/lxcmerge index 234bb04..e3bdb29 100755 --- a/build/usr/bin/lxcmerge +++ b/build/usr/bin/lxcmerge @@ -28,7 +28,7 @@ def makedirs(path, mode=0o755, uid=100000, gid=100000): except FileExistsError: pass -def merge_apk_world(): +def merge_apk_world(layers): world = [] for layer in layers: try: @@ -43,7 +43,7 @@ def merge_apk_world(): f.writelines(world) os.chown(os.path.join(layers[-1], APK_WORLD), 100000, 100000) -def merge_apk_installed(): +def merge_apk_installed(layers): installed = [] for layer in layers: try: @@ -66,7 +66,7 @@ def merge_apk_installed(): f.writelines(installed) os.chown(os.path.join(layers[-1], APK_INSTALLED), 100000, 100000) -def merge_apk_scripts(): +def merge_apk_scripts(layers): tmp_tar_path = tempfile.mkstemp()[1] files_in_tar = [] with tarfile.open(tmp_tar_path, 'w:') as tmp_tar: @@ -86,7 +86,7 @@ def merge_apk_scripts(): else: os.unlink(tmp_tar_path) -def merge_apk_triggers(): +def merge_apk_triggers(layers): triggers = [] for layer in layers: try: @@ -101,7 +101,7 @@ def merge_apk_triggers(): f.writelines(triggers) os.chown(os.path.join(layers[-1], APK_TRIGGERS), 100000, 100000) -def merge_etc_passwd(): +def merge_etc_passwd(layers): passwd = {} for layer in layers: try: @@ -115,7 +115,7 @@ def merge_etc_passwd(): f.writelines(passwd.values()) os.chown(os.path.join(layers[-1], ETC_PASSWD), 100000, 100000) -def merge_etc_group(): +def merge_etc_group(layers): groups = {} for layer in layers: try: @@ -141,7 +141,7 @@ def merge_etc_group(): f.writelines([':'.join(group) for group in groups.values()]) os.chown(os.path.join(layers[-1], ETC_GROUP), 100000, 100000) -def merge_etc_shadow(): +def merge_etc_shadow(layers): shadow = {} for layer in layers: try: @@ -159,17 +159,16 @@ def merge_etc_shadow(): parser = argparse.ArgumentParser(description='APK database merge script') parser.add_argument('layers', help='Path to LXC layers to be merged', nargs=argparse.REMAINDER) -if len(sys.argv) < 2: +if len(sys.argv) < 3: parser.print_usage() sys.exit(1) args = parser.parse_args() -layers = args.layers[::-1] -merge_apk_world() -merge_apk_installed() -merge_apk_scripts() -merge_apk_triggers() +merge_apk_world(args.layers) +merge_apk_installed(args.layers) +merge_apk_scripts(args.layers) +merge_apk_triggers(args.layers) -merge_etc_passwd() -merge_etc_group() -merge_etc_shadow() +merge_etc_passwd(args.layers) +merge_etc_group(args.layers) +merge_etc_shadow(args.layers) diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index 8681437..e77c782 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -94,7 +94,7 @@ class ImageBuilder: def merge_layers(self, cmd): layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']] - subprocess.run(cmd + layers, check=True) + subprocess.run(cmd + layers[::-1], check=True) def copy_files(self, src, dst): dst = os.path.join(LXC_STORAGE_DIR, self.image.name, dst) From 7ed462859783839e6ccbd21a82ef1c831bf4b66a Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 17:36:25 +0100 Subject: [PATCH 073/228] Add meta for Decidim --- build/build-all.sh | 1 + lxc-apps/decidim/lxcfile | 5 ++++- lxc-apps/decidim/meta | 26 ++++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 lxc-apps/decidim/meta diff --git a/build/build-all.sh b/build/build-all.sh index 2b06896..9b33cd3 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -79,6 +79,7 @@ cd ${ROOT}/lxc-apps lxcbuild ckan lxcbuild crisiscleanup lxcbuild cts +lxcbuild decidim lxcbuild ecogis lxcbuild frontlinesms lxcbuild gnuhealth diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile index 21fbff3..2df927e 100644 --- a/lxc-apps/decidim/lxcfile +++ b/lxc-apps/decidim/lxcfile @@ -7,6 +7,9 @@ LAYER alpine3.9-nginx_1.14.2-191115 MERGE /usr/bin/lxcmerge +# https://github.com/Platoniq/decidim-install/blob/master/decidim-bionic.md +# https://github.com/Platoniq/decidim-install/blob/master/basic-config.md + ENV RAILS_ENV production RUN EOF @@ -17,7 +20,7 @@ RUN EOF apk --no-cache add --virtual .deps build-base icu-dev libxml2-dev libxslt-dev postgresql-dev zlib-dev # Install passenger - gem install passenger --no-rdoc --no-ri + gem install passenger --no-document # Install Decidim bundle config build.nokogiri --use-system-libraries diff --git a/lxc-apps/decidim/meta b/lxc-apps/decidim/meta new file mode 100644 index 0000000..8164d80 --- /dev/null +++ b/lxc-apps/decidim/meta @@ -0,0 +1,26 @@ +{ + "version": "0.0.1-191113", + "meta": { + "title": "Decidim", + "desc-cs": "Platforma pro účast občanů", + "desc-en": "Platform for citizen participation", + "license": "GPL" + }, + "containers": { + "decidim": { + "image": "decidim_0.0.1-191113", + "depends": [ + "decidim-postgres" + ], + "mounts": [ + ["DIR", "/srv/decidim/decidim_conf", "/srv/decidim-app/config"] + ] + }, + "decidim-postgres": { + "image": "postgres_11.3.0-190620", + "mounts": [ + ["DIR", "/srv/cts/postgres_data", "/var/lib/postgresql"] + ] + } + } +} From b5eabcb3111f3a28dcce0179b69d6b82f04e4a43 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 21:28:21 +0100 Subject: [PATCH 074/228] Create nginx user and group beforehand --- lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish | 2 +- lxc-apps/decidim/lxcfile | 2 +- lxc-shared/alpine3.8-nginx/lxcfile | 5 +++++ lxc-shared/alpine3.8-php5.6/lxcfile | 2 +- lxc-shared/alpine3.9-nginx/lxcfile | 5 +++++ 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish index 4da043c..db0b00c 100755 --- a/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish @@ -1,4 +1,4 @@ #!/bin/execlineb -P -foreground { s6-svwait -d -t 3000 cts } +foreground { s6-svwait -d -t 3000 delayed_job } foreground { s6-svwait -d -t 3000 nginx } diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile index 2df927e..ce345a2 100644 --- a/lxc-apps/decidim/lxcfile +++ b/lxc-apps/decidim/lxcfile @@ -43,7 +43,7 @@ RUN EOF bin/rails assets:precompile # Change ownership - chown -R www-data:www-data /srv/decidim-app + chown -R nginx:www-data /srv/decidim-app # Cleanup apk --no-cache del .deps diff --git a/lxc-shared/alpine3.8-nginx/lxcfile b/lxc-shared/alpine3.8-nginx/lxcfile index 4e629d1..77d9d4a 100644 --- a/lxc-shared/alpine3.8-nginx/lxcfile +++ b/lxc-shared/alpine3.8-nginx/lxcfile @@ -3,6 +3,11 @@ IMAGE alpine3.8-nginx_1.14.2-191115 LAYER alpine3.8_3.8.4-190620 RUN EOF + # Add nginx user (which will be picked up later by apk add) + addgroup -Sg 1080 nginx 2>/dev/null + adduser -Su 1080 -D -H -h /var/lib/nginx -s /sbin/nologin -G nginx -g nginx nginx 2>/dev/null + + # Install nginx apk --no-cache add nginx EOF diff --git a/lxc-shared/alpine3.8-php5.6/lxcfile b/lxc-shared/alpine3.8-php5.6/lxcfile index 5e99292..4446fad 100644 --- a/lxc-shared/alpine3.8-php5.6/lxcfile +++ b/lxc-shared/alpine3.8-php5.6/lxcfile @@ -4,7 +4,7 @@ LAYER alpine3.8_3.8.4-190620 LAYER alpine3.8-nginx_1.14.2-191115 RUN EOF - apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache + apk --no-cache add php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache ln -s /usr/bin/php5 /usr/bin/php EOF diff --git a/lxc-shared/alpine3.9-nginx/lxcfile b/lxc-shared/alpine3.9-nginx/lxcfile index 097d36b..6f1df3d 100644 --- a/lxc-shared/alpine3.9-nginx/lxcfile +++ b/lxc-shared/alpine3.9-nginx/lxcfile @@ -3,6 +3,11 @@ IMAGE alpine3.9-nginx_1.14.2-191115 LAYER alpine3.9_3.9.4-190620 RUN EOF + # Add nginx user (which will be picked up later by apk add) + addgroup -Sg 1080 nginx 2>/dev/null + adduser -Su 1080 -D -H -h /var/lib/nginx -s /sbin/nologin -G nginx -g nginx nginx 2>/dev/null + + # Install nginx apk --no-cache add nginx EOF From a9a930b37b0c5a0dba3a39ea2ca6d4175e9ebf42 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 17 Nov 2019 21:40:14 +0100 Subject: [PATCH 075/228] Add more common libs to basic Alpine image --- lxc-shared/alpine3.8/lxcfile | 4 ++-- lxc-shared/alpine3.9/lxcfile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lxc-shared/alpine3.8/lxcfile b/lxc-shared/alpine3.8/lxcfile index 07e1476..4f5ecb9 100644 --- a/lxc-shared/alpine3.8/lxcfile +++ b/lxc-shared/alpine3.8/lxcfile @@ -6,8 +6,8 @@ RUN EOF # Update packages apk --no-cache upgrade - # Install s6 supervisor - apk --no-cache add libressl libxml2 libxslt ncurses-libs readline s6 + # Install common packages + apk --no-cache add libbz2 libgcc libressl libstdc++ libxml2 libxslt ncurses-libs pcre readline s6 xz-libs # Cleanup rm -rf /etc/crontabs/root /etc/periodic diff --git a/lxc-shared/alpine3.9/lxcfile b/lxc-shared/alpine3.9/lxcfile index 8972ab0..6f3a04c 100644 --- a/lxc-shared/alpine3.9/lxcfile +++ b/lxc-shared/alpine3.9/lxcfile @@ -7,8 +7,8 @@ RUN EOF # Update packages apk --no-cache upgrade - # Install s6 supervisor - apk --no-cache add libressl libxml2 libxslt ncurses-libs readline s6 + # Install common packages + apk --no-cache add libbz2 libgcc libressl libstdc++ libxml2 libxslt ncurses-libs pcre readline s6 xz-libs # Cleanup rm -rf /etc/crontabs/root /etc/periodic From ebbbab71fba1113443eded9a195b75ca2063e669 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 18 Nov 2019 00:15:08 +0100 Subject: [PATCH 076/228] Fix Sigmah version --- lxc-apps/sigmah/meta | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxc-apps/sigmah/meta b/lxc-apps/sigmah/meta index 17fa7d3..2e5d132 100644 --- a/lxc-apps/sigmah/meta +++ b/lxc-apps/sigmah/meta @@ -1,5 +1,5 @@ { - "version": "5.1.9-190620", + "version": "2.0.2-190620", "meta": { "title": "Sigmah", "desc-cs": "Finanční řízení sbírek", @@ -8,7 +8,7 @@ }, "containers": { "sigmah": { - "image": "sigmah_5.1.9-190620", + "image": "sigmah_2.0.2-190620", "depends": [ "sigmah-postgres" ], From a41d270743d95191fe67b0f7130621755054ba17 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 18 Nov 2019 20:48:45 +0100 Subject: [PATCH 077/228] Replace single quotes with double quotes in solr ready command --- lxc-services/solr6/lxcfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-services/solr6/lxcfile b/lxc-services/solr6/lxcfile index e5d5f25..3acd37b 100644 --- a/lxc-services/solr6/lxcfile +++ b/lxc-services/solr6/lxcfile @@ -24,4 +24,4 @@ COPY lxc USER 8983 8983 CMD /usr/bin/solr start -f -READY /bin/grep -q 'o.e.j.s.Server Started' /opt/solr/server/logs/solr.log +READY /bin/grep -q "o.e.j.s.Server Started" /opt/solr/server/logs/solr.log From 9c3cee22a679257a5023646382710f66b75e1015 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 18 Nov 2019 22:12:01 +0100 Subject: [PATCH 078/228] Bunch of install script fixes --- .../install/cc_conf/{conf => }/boot.rb | 0 .../install/cc_conf/{conf => }/database.yml | 0 .../crisiscleanup/install/cc_conf/db/seeds.rb | 23 - .../{conf => }/environments/production.rb | 0 .../cc_conf/{conf => }/initializers/devise.rb | 0 lxc-apps/decidim/meta | 2 +- lxc-apps/gnuhealth/install.sh | 2 +- lxc-apps/kanboard/install.sh | 2 +- lxc-apps/motech/install.sh | 2 +- lxc-apps/openmapkit/install.sh | 2 +- lxc-apps/sahana-demo/install.sh | 2 +- lxc-apps/sahana/install.sh | 2 +- .../sambro/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../seeddms/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ .../sigmah/install/postgres_data/pg_hba.conf | 3 + .../install/postgres_data/postgresql.conf | 658 ++++++++++++++++++ 18 files changed, 1990 insertions(+), 30 deletions(-) rename lxc-apps/crisiscleanup/install/cc_conf/{conf => }/boot.rb (100%) rename lxc-apps/crisiscleanup/install/cc_conf/{conf => }/database.yml (100%) delete mode 100644 lxc-apps/crisiscleanup/install/cc_conf/db/seeds.rb rename lxc-apps/crisiscleanup/install/cc_conf/{conf => }/environments/production.rb (100%) rename lxc-apps/crisiscleanup/install/cc_conf/{conf => }/initializers/devise.rb (100%) create mode 100644 lxc-apps/sambro/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/sambro/install/postgres_data/postgresql.conf create mode 100644 lxc-apps/seeddms/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/seeddms/install/postgres_data/postgresql.conf create mode 100644 lxc-apps/sigmah/install/postgres_data/pg_hba.conf create mode 100644 lxc-apps/sigmah/install/postgres_data/postgresql.conf diff --git a/lxc-apps/crisiscleanup/install/cc_conf/conf/boot.rb b/lxc-apps/crisiscleanup/install/cc_conf/boot.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/cc_conf/conf/boot.rb rename to lxc-apps/crisiscleanup/install/cc_conf/boot.rb diff --git a/lxc-apps/crisiscleanup/install/cc_conf/conf/database.yml b/lxc-apps/crisiscleanup/install/cc_conf/database.yml similarity index 100% rename from lxc-apps/crisiscleanup/install/cc_conf/conf/database.yml rename to lxc-apps/crisiscleanup/install/cc_conf/database.yml diff --git a/lxc-apps/crisiscleanup/install/cc_conf/db/seeds.rb b/lxc-apps/crisiscleanup/install/cc_conf/db/seeds.rb deleted file mode 100644 index 6332e0b..0000000 --- a/lxc-apps/crisiscleanup/install/cc_conf/db/seeds.rb +++ /dev/null @@ -1,23 +0,0 @@ -Form.create!([ - {legacy_event_id: 1, html: "\r\n

Demo Waiting List: Enter property damage and needs. No sensitive information! Tell the client this information will be shared with many organizations to provide service as fast as possible, which may be several weeks. Service is not guaranteed.

\r\n\r\n
\r\n
\r\n

Property and Personal Information Crisis Cleanup is about property, not people.
Never include SSNs, FEMA numbers, dates of birth, detailed medical information, etc.\">

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Work help@crisiscleanup.org to request another question. Be sure to include the incident name.\">

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Debris
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Structural Issues
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Tree Work
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n
Feeding Unit
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Hazards

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Claim, Status and Report

\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n\r\n
\r\n
\r\n

Other Information

\r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n \r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n"} -]) -Legacy::LegacyContact.create!([ - {email: "demo@crisiscleanup.org", first_name: "Demo", last_name: "User", legacy_organization_id: 2, is_primary: false, phone: "(555) 555-5555", appengine_key: nil, title: nil, organizational_title: nil} -]) -Legacy::LegacyEvent.create!([ - {case_label: "A", counties: [], name: "Demo Incident", short_name: "demo", created_date: "2016-05-31", start_date: "2016-05-31", end_date: nil, num_sites: nil, reminder_contents: "", reminder_days: nil, timestamp_last_login: nil, appengine_key: nil} -]) -Legacy::LegacyOrganization.create!([ - {activate_by: nil, activated_at: nil, activation_code: nil, address: "", admin_notes: nil, city: "", deprecated: false, email: "", facebook: "", is_active: true, is_admin: true, latitude: nil, longitude: nil, name: "Admin Org", not_an_org: false, only_session_authentication: false, org_verified: true, password: nil, permissions: nil, phone: nil, physical_presence: nil, publish: nil, reputable: nil, state: "", terms_privacy: nil, timestamp_login: nil, timestamp_signup: nil, twitter: "", url: "", voad_referral: nil, work_area: nil, zip_code: "", voad_member: nil, mold_treatment: nil, tree_removal: nil, design: nil, replace_appliances: nil, canvass: nil, sanitizing: nil, exterior_debris: nil, water_pumping: nil, appropriate_work: nil, reconstruction: nil, interior_debris: nil, assessment: nil, muck_out: nil, permission: nil, refurbishing: nil, clean_up: nil, mold_abatement: nil, permits: nil, replace_furniture: nil, gutting: nil, number_volunteers: nil, primary_contact_email: nil, voad_member_url: nil, appengine_key: nil, referral: "", publishable: false, _password_hash_list: nil, does_damage_assessment: false, does_intake_assessment: nil, does_cleanup: false, does_follow_up: false, does_minor_repairs: false, does_rebuilding: false, does_coordination: false, government: false, does_other_activity: false, where_are_you_working: "", accepted_terms: true, accepted_terms_timestamp: "2017-09-18 20:46:30", review_other_organizations: false, situational_awareness: nil, does_recovery: nil, does_only_coordination: nil, does_only_sit_aware: nil, does_something_else: nil}, - {activate_by: nil, activated_at: nil, activation_code: nil, address: "", admin_notes: nil, city: "", deprecated: false, email: "", facebook: "", is_active: false, is_admin: false, latitude: nil, longitude: nil, name: "Demo Org", not_an_org: true, only_session_authentication: false, org_verified: false, password: nil, permissions: nil, phone: nil, physical_presence: nil, publish: nil, reputable: nil, state: "", terms_privacy: nil, timestamp_login: nil, timestamp_signup: nil, twitter: "", url: "", voad_referral: nil, work_area: nil, zip_code: "", voad_member: nil, mold_treatment: nil, tree_removal: nil, design: nil, replace_appliances: nil, canvass: nil, sanitizing: nil, exterior_debris: nil, water_pumping: nil, appropriate_work: nil, reconstruction: nil, interior_debris: nil, assessment: nil, muck_out: nil, permission: nil, refurbishing: nil, clean_up: nil, mold_abatement: nil, permits: nil, replace_furniture: nil, gutting: nil, number_volunteers: nil, primary_contact_email: nil, voad_member_url: nil, appengine_key: nil, referral: "", publishable: false, _password_hash_list: nil, does_damage_assessment: true, does_intake_assessment: nil, does_cleanup: true, does_follow_up: true, does_minor_repairs: true, does_rebuilding: true, does_coordination: true, government: true, does_other_activity: true, where_are_you_working: "Houston", accepted_terms: true, accepted_terms_timestamp: "2017-09-18 20:46:30", review_other_organizations: true, situational_awareness: nil, does_recovery: nil, does_only_coordination: nil, does_only_sit_aware: nil, does_something_else: nil} -]) -Legacy::LegacyOrganizationEvent.create!([ - {legacy_organization_id: 1, legacy_event_id: 1}, - {legacy_organization_id: 2, legacy_event_id: 1} -]) -Legacy::LegacySite.create!([ - {address: "200 Epcot Center Drive", blurred_latitude: 28.3849506927356, blurred_longitude: -81.5443968549352, case_number: "A7", city: "Orlando", claimed_by: 2, legacy_event_id: 1, latitude: 28.383045, longitude: -81.5485919, name: "Timothy Schmidt", phone1: "1234567890", reported_by: 2, requested_at: nil, state: "Florida", status: "Open, unassigned", work_type: "Debris", data: {"email"=>"", "notes"=>"", "habitable"=>"n", "assigned_to"=>"", "electricity"=>"n", "prepared_by"=>"", "rent_or_own"=>"", "unsafe_roof"=>"n", "cross_street"=>"", "status_notes"=>"", "time_to_call"=>"", "older_than_60"=>"n", "other_hazards"=>"", "roof_collapse"=>"n", "special_needs"=>"", "num_trees_down"=>"0", "num_wide_trees"=>"0", "chainsaw_needed"=>"n", "first_responder"=>"n", "autofill_disable"=>"", "electrical_lines"=>"n", "total_volunteers"=>"", "destruction_level"=>"", "meal_location_poc"=>"", "do_not_work_before"=>"", "meal_serving_times"=>"", "structural_problems"=>"n", "required_daily_meals"=>"", "work_without_resident"=>"n", "interior_debris_removal"=>"n", "unsalvageable_structure"=>"n", "heavy_machinary_required"=>"n", "vegitative_debris_removal"=>"n", "hours_worked_per_volunteer"=>"", "initials_of_resident_present"=>"", "nonvegitative_debris_removal"=>"n", "member_of_assessing_organization"=>"n"}, request_date: "2017-09-18", appengine_key: nil, zip_code: "32821", county: "Orange County", phone2: "", work_requested: "", name_metaphone: "TM0 SXMTT", city_metaphone: "ORLNT", county_metaphone: "ORNJ KNT", address_metaphone: " EPKT SNTR TRF", user_id: 2} -]) -User.create!([ - {email: "${CRISISCLEANUP_ADMIN_EMAIL}", password: "${CRISISCLEANUP_ADMIN_PWD}", name: "${CRISISCLEANUP_ADMIN_USER}", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, sign_in_count: 1, legacy_organization_id: 1, current_sign_in_at: "2016-07-15 03:45:59", last_sign_in_at: "2016-06-08 16:56:37", current_sign_in_ip: "1.1.1.1", last_sign_in_ip: "173.164.56.105", referring_user_id: nil, admin: true, role: nil, mobile: nil, accepted_terms: true, accepted_terms_timestamp: "2017-09-18 20:46:31", title: nil} -]) diff --git a/lxc-apps/crisiscleanup/install/cc_conf/conf/environments/production.rb b/lxc-apps/crisiscleanup/install/cc_conf/environments/production.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/cc_conf/conf/environments/production.rb rename to lxc-apps/crisiscleanup/install/cc_conf/environments/production.rb diff --git a/lxc-apps/crisiscleanup/install/cc_conf/conf/initializers/devise.rb b/lxc-apps/crisiscleanup/install/cc_conf/initializers/devise.rb similarity index 100% rename from lxc-apps/crisiscleanup/install/cc_conf/conf/initializers/devise.rb rename to lxc-apps/crisiscleanup/install/cc_conf/initializers/devise.rb diff --git a/lxc-apps/decidim/meta b/lxc-apps/decidim/meta index 8164d80..13ac249 100644 --- a/lxc-apps/decidim/meta +++ b/lxc-apps/decidim/meta @@ -19,7 +19,7 @@ "decidim-postgres": { "image": "postgres_11.3.0-190620", "mounts": [ - ["DIR", "/srv/cts/postgres_data", "/var/lib/postgresql"] + ["DIR", "/srv/decidim/postgres_data", "/var/lib/postgresql"] ] } } diff --git a/lxc-apps/gnuhealth/install.sh b/lxc-apps/gnuhealth/install.sh index b711540..dd58030 100755 --- a/lxc-apps/gnuhealth/install.sh +++ b/lxc-apps/gnuhealth/install.sh @@ -13,7 +13,7 @@ cp postgres_data/pg_hba.conf /srv/gnuhealth/postgres_data/pg_hba.conf # Create databases export GNUHEALTH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -service start gnuhealth-postgres +service gnuhealth-postgres start envsubst /srv/kanboard/kanboard_conf/config.php export KANBOARD_ADMIN_USER=admin export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') diff --git a/lxc-apps/motech/install.sh b/lxc-apps/motech/install.sh index 3e35951..8008e3d 100755 --- a/lxc-apps/motech/install.sh +++ b/lxc-apps/motech/install.sh @@ -29,7 +29,7 @@ cp motech_conf/config/org.motechproject.motech-platform-email/motech-email.prope chown -R 108080:108080 /srv/motech/motech_conf # Populate database and create admin account -service activemq start +service motech-activemq start service motech start until curl -s "http://motech:8080/module/server/startup/" | grep -q adminLogin; do sleep 1 diff --git a/lxc-apps/openmapkit/install.sh b/lxc-apps/openmapkit/install.sh index d39c8c1..27c9406 100755 --- a/lxc-apps/openmapkit/install.sh +++ b/lxc-apps/openmapkit/install.sh @@ -5,7 +5,7 @@ set -ev export OPENMAPKIT_ADMIN_USER="admin" export OPENMAPKIT_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') mkdir -p /srv/openmapkit/omk_conf /srv/openmapkit/omk_data -chown -R 108080:108080 /srv/openmapkit/omk_data +chown -R 108080:108080 /srv/openmapkit/omk_conf /srv/openmapkit/omk_data lxc-execute openmapkit -- tar -cC /srv/openmapkit/data . | tar -xC /srv/openmapkit/omk_data envsubst /srv/openmapkit/omk_conf/settings.js diff --git a/lxc-apps/sahana-demo/install.sh b/lxc-apps/sahana-demo/install.sh index c07c74a..47a7378 100755 --- a/lxc-apps/sahana-demo/install.sh +++ b/lxc-apps/sahana-demo/install.sh @@ -26,7 +26,7 @@ lxc-execute sahana-demo -- tar -cC /srv/web2py/applications/eden/modules/templat export SAHANADEMO_HMAC=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') export SAHANADEMO_ADMIN_USER=admin@example.com export SAHANADEMO_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -envsubst /srv/sahana-demo/sahana_conf/000_config.py +envsubst /srv/sahana-demo/sahana_conf/000_config.py envsubst /srv/sahana-demo/sahana_data/default/users/masterUsers.csv chown -R 108080:108080 /srv/sahana/sahana_conf /srv/sahana/sahana_data diff --git a/lxc-apps/sahana/install.sh b/lxc-apps/sahana/install.sh index 3abbd14..99aa060 100755 --- a/lxc-apps/sahana/install.sh +++ b/lxc-apps/sahana/install.sh @@ -18,7 +18,7 @@ envsubst 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/seeddms/install/postgres_data/pg_hba.conf b/lxc-apps/seeddms/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/seeddms/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/seeddms/install/postgres_data/postgresql.conf b/lxc-apps/seeddms/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/seeddms/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/lxc-apps/sigmah/install/postgres_data/pg_hba.conf b/lxc-apps/sigmah/install/postgres_data/pg_hba.conf new file mode 100644 index 0000000..ab93832 --- /dev/null +++ b/lxc-apps/sigmah/install/postgres_data/pg_hba.conf @@ -0,0 +1,3 @@ +local all postgres peer +local all all md5 +host all all 0.0.0.0/0 md5 diff --git a/lxc-apps/sigmah/install/postgres_data/postgresql.conf b/lxc-apps/sigmah/install/postgres_data/postgresql.conf new file mode 100644 index 0000000..e5327ef --- /dev/null +++ b/lxc-apps/sigmah/install/postgres_data/postgresql.conf @@ -0,0 +1,658 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_cert_file = 'server.crt' +#ssl_key_file = 'server.key' +#ssl_ca_file = '' +#ssl_crl_file = '' +#password_encryption = md5 # md5 or scram-sha-256 +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 192MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel queries +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 0 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%m [%p] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'all' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Prague' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Prague' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here From c10b1a7920016a42005b4a99a92bd2be31477dc7 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 20 Nov 2019 22:23:48 +0100 Subject: [PATCH 079/228] Wait for cron service on exit --- lxc-apps/kanboard/lxc/etc/services.d/.s6-svscan/finish | 1 + lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish | 1 + lxc-apps/ushahidi/lxc/etc/services.d/.s6-svscan/finish | 1 + 3 files changed, 3 insertions(+) diff --git a/lxc-apps/kanboard/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/kanboard/lxc/etc/services.d/.s6-svscan/finish index c9e7add..d4ff9d9 100755 --- a/lxc-apps/kanboard/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/kanboard/lxc/etc/services.d/.s6-svscan/finish @@ -1,4 +1,5 @@ #!/bin/execlineb -P +foreground { s6-svwait -d -t 3000 cron } foreground { s6-svwait -d -t 3000 nginx } foreground { s6-svwait -d -t 3000 php-fpm } diff --git a/lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish index c9e7add..d4ff9d9 100755 --- a/lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/seeddms/lxc/etc/services.d/.s6-svscan/finish @@ -1,4 +1,5 @@ #!/bin/execlineb -P +foreground { s6-svwait -d -t 3000 cron } foreground { s6-svwait -d -t 3000 nginx } foreground { s6-svwait -d -t 3000 php-fpm } diff --git a/lxc-apps/ushahidi/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/ushahidi/lxc/etc/services.d/.s6-svscan/finish index c9e7add..d4ff9d9 100755 --- a/lxc-apps/ushahidi/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/ushahidi/lxc/etc/services.d/.s6-svscan/finish @@ -1,4 +1,5 @@ #!/bin/execlineb -P +foreground { s6-svwait -d -t 3000 cron } foreground { s6-svwait -d -t 3000 nginx } foreground { s6-svwait -d -t 3000 php-fpm } From b6c3949d413b3b664ed700c9b7d45392d12545c2 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 20 Nov 2019 23:05:31 +0100 Subject: [PATCH 080/228] Correctly rename crontabs dir --- lxc-apps/kanboard/lxc/etc/{crontab => crontabs}/kanboard | 0 lxc-apps/seeddms/lxc/etc/{crontab => crontabs}/seeddms | 0 lxc-apps/ushahidi/lxc/etc/{crontab => crontabs}/ushahidi | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename lxc-apps/kanboard/lxc/etc/{crontab => crontabs}/kanboard (100%) mode change 100755 => 100644 rename lxc-apps/seeddms/lxc/etc/{crontab => crontabs}/seeddms (100%) mode change 100755 => 100644 rename lxc-apps/ushahidi/lxc/etc/{crontab => crontabs}/ushahidi (100%) mode change 100755 => 100644 diff --git a/lxc-apps/kanboard/lxc/etc/crontab/kanboard b/lxc-apps/kanboard/lxc/etc/crontabs/kanboard old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/kanboard/lxc/etc/crontab/kanboard rename to lxc-apps/kanboard/lxc/etc/crontabs/kanboard diff --git a/lxc-apps/seeddms/lxc/etc/crontab/seeddms b/lxc-apps/seeddms/lxc/etc/crontabs/seeddms old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/seeddms/lxc/etc/crontab/seeddms rename to lxc-apps/seeddms/lxc/etc/crontabs/seeddms diff --git a/lxc-apps/ushahidi/lxc/etc/crontab/ushahidi b/lxc-apps/ushahidi/lxc/etc/crontabs/ushahidi old mode 100755 new mode 100644 similarity index 100% rename from lxc-apps/ushahidi/lxc/etc/crontab/ushahidi rename to lxc-apps/ushahidi/lxc/etc/crontabs/ushahidi From 4d579ef8c17d04611ec545c115c0d027d42d5816 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 23 Nov 2019 18:11:18 +0100 Subject: [PATCH 081/228] Compile nginx+passenger for Decidim and finalize install script --- lxc-apps/decidim/install.sh | 10 ++--- lxc-apps/decidim/install/adminpwd.rb | 3 ++ lxc-apps/decidim/lxc/etc/crontabs/decidim | 1 + lxc-apps/decidim/lxc/etc/nginx/nginx.conf | 5 ++- .../lxc/etc/services.d/.s6-svscan/finish | 2 +- lxc-apps/decidim/lxc/etc/services.d/cron/run | 4 ++ .../lxc/etc/services.d/delayed_job/run | 6 --- lxc-apps/decidim/lxcfile | 41 +++++++++++++++++-- lxc-apps/decidim/meta | 2 + 9 files changed, 57 insertions(+), 17 deletions(-) create mode 100644 lxc-apps/decidim/install/adminpwd.rb create mode 100644 lxc-apps/decidim/lxc/etc/crontabs/decidim create mode 100755 lxc-apps/decidim/lxc/etc/services.d/cron/run delete mode 100755 lxc-apps/decidim/lxc/etc/services.d/delayed_job/run diff --git a/lxc-apps/decidim/install.sh b/lxc-apps/decidim/install.sh index 97b2e63..414ec64 100755 --- a/lxc-apps/decidim/install.sh +++ b/lxc-apps/decidim/install.sh @@ -22,20 +22,20 @@ chown 108080:108080 /srv/decidim/decidim_conf lxc-execute decidim -- tar -cC /srv/decidim-app/config . | tar -xC /srv/decidim/decidim_conf # Configure Decidim -export DECIDIM_SECRET=$(rake secret) +export DECIDIM_SECRET=$(lxc-execute decidim -- rake secret) +mkdir -p /srv/decidim/decidim_data/storage /srv/decidim/decidim_data/uploads +chown 108080:108080 /srv/decidim/decidim_data/storage /srv/decidim/decidim_data/uploads cp decidim_conf/environments/production.rb /srv/decidim/decidim_conf/environments/production.rb cp decidim_conf/initializers/decidim.rb /srv/decidim/decidim_conf/initializers/decidim.rb envsubst /srv/decidim/decidim_conf/application.yml # Populate database -lxc-execute decidim -- RAILS_ENV=production bin/rails db:create db:migrate +lxc-execute decidim -- sh -c 'cd /srv/decidim-app; bin/rails db:migrate' # Create admin account export DECIDIM_ADMIN_EMAIL=admin@example.com export DECIDIM_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -#lxc-execute decidim -- bin/rails console -e production -#user = Decidim::System::Admin.new(email: "admin@example.org", password: "P8vDKAc3FdEte9Hw", password_confirmation: "P8vDKAc3FdEte9Hw") -#user.save! +envsubst /dev/null diff --git a/lxc-apps/decidim/lxc/etc/nginx/nginx.conf b/lxc-apps/decidim/lxc/etc/nginx/nginx.conf index 0807999..323bc72 100644 --- a/lxc-apps/decidim/lxc/etc/nginx/nginx.conf +++ b/lxc-apps/decidim/lxc/etc/nginx/nginx.conf @@ -1,4 +1,4 @@ -user nginx; +user decidim; pid /run/nginx.pid; worker_processes 1; error_log /dev/stderr warn; @@ -17,6 +17,9 @@ http { sendfile on; send_timeout 300; + passenger_root /usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4; + passenger_ruby /usr/local/bin/ruby; + server { listen 8080; server_name localhost; diff --git a/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish index db0b00c..d042464 100755 --- a/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/decidim/lxc/etc/services.d/.s6-svscan/finish @@ -1,4 +1,4 @@ #!/bin/execlineb -P -foreground { s6-svwait -d -t 3000 delayed_job } +foreground { s6-svwait -d -t 3000 cron } foreground { s6-svwait -d -t 3000 nginx } diff --git a/lxc-apps/decidim/lxc/etc/services.d/cron/run b/lxc-apps/decidim/lxc/etc/services.d/cron/run new file mode 100755 index 0000000..d75300e --- /dev/null +++ b/lxc-apps/decidim/lxc/etc/services.d/cron/run @@ -0,0 +1,4 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +crond -f -d 8 diff --git a/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run b/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run deleted file mode 100755 index 2a20bcd..0000000 --- a/lxc-apps/decidim/lxc/etc/services.d/delayed_job/run +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/execlineb -P - -export RAILS_ENV production -fdmove -c 2 1 -s6-setuidgid www-data -/srv/decidim-app/bin/delayed_job start diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile index ce345a2..de24a54 100644 --- a/lxc-apps/decidim/lxcfile +++ b/lxc-apps/decidim/lxcfile @@ -3,7 +3,6 @@ IMAGE decidim_0.0.1-191113 LAYER alpine3.9_3.9.4-190620 LAYER alpine3.9-ruby2.6_2.6.3-190620 LAYER alpine3.9-nodejs10_10.14.2-190620 -LAYER alpine3.9-nginx_1.14.2-191115 MERGE /usr/bin/lxcmerge @@ -14,14 +13,46 @@ ENV RAILS_ENV production RUN EOF # Install runtime dependencies - apk --no-cache add libpq tzdata + apk --no-cache add curl libpq pcre procps tzdata # Install build dependencies - apk --no-cache add --virtual .deps build-base icu-dev libxml2-dev libxslt-dev postgresql-dev zlib-dev + apk --no-cache add --virtual .deps build-base curl-dev icu-dev libxml2-dev libxslt-dev linux-headers pcre-dev postgresql-dev zlib-dev # Install passenger gem install passenger --no-document + # Create OS user + addgroup -S decidim + adduser -S -h /srv/decidim-app -s /sbin/nologin -G decidim -g decidim decidim + + # Compile nginx + # taken from passenger-install-nginx-module + cd /tmp + wget https://nginx.org/download/nginx-1.17.3.tar.gz + tar xf nginx-1.17.3.tar.gz + cd nginx-1.17.3 + ./configure \ + --prefix=/var/lib/nginx \ + --sbin-path=/usr/sbin/nginx \ + --conf-path=/etc/nginx/nginx.conf \ + --pid-path=/run/nginx.pid \ + --lock-path=/run/nginx.lock \ + --user=decidim \ + --group=decidim \ + --with-threads \ + --with-file-aio \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_realip_module \ + --with-http_gzip_static_module \ + --with-http_stub_status_module \ + --with-http_addition_module \ + --with-cc-opt=-Wno-error \ + --add-module=/usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4/src/nginx_module + make -j $(getconf _NPROCESSORS_ONLN) + make install + rm -f /etc/nginx/*.default + # Install Decidim bundle config build.nokogiri --use-system-libraries gem install decidim @@ -43,10 +74,12 @@ RUN EOF bin/rails assets:precompile # Change ownership - chown -R nginx:www-data /srv/decidim-app + chown -R decidim:decidim /srv/decidim-app # Cleanup apk --no-cache del .deps + rm -rf /tmp/* + rm -rf /root/.bundle /root/.gem EOF CMD s6-svscan /etc/services.d diff --git a/lxc-apps/decidim/meta b/lxc-apps/decidim/meta index 13ac249..d4b2006 100644 --- a/lxc-apps/decidim/meta +++ b/lxc-apps/decidim/meta @@ -14,6 +14,8 @@ ], "mounts": [ ["DIR", "/srv/decidim/decidim_conf", "/srv/decidim-app/config"] + ["DIR", "/srv/decidim/decidim_data/storage", "/srv/decidim-app/storage"] + ["DIR", "/srv/decidim/decidim_data/uploads", "/srv/decidim-app/public/uploads"] ] }, "decidim-postgres": { From f8403c5f42d6f65c3d42defb7b382ed7018af87e Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 09:59:11 +0100 Subject: [PATCH 082/228] Remove MERGE capability, add FROM layer inheritance is now linear --- apk/vmmgr | 2 +- build/usr/bin/lxcmerge | 174 ------------------ build/usr/lib/python3.6/lxcbuild/image.py | 2 +- .../lib/python3.6/lxcbuild/imagebuilder.py | 56 +++--- .../usr/lib/python3.6/lxcbuild/imagepacker.py | 9 +- doc/toolchain/lxc-build.md | 7 - 6 files changed, 41 insertions(+), 209 deletions(-) delete mode 100755 build/usr/bin/lxcmerge diff --git a/apk/vmmgr b/apk/vmmgr index 41156fe..7c25d22 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 41156fe4243b15b4b233b618082aae8ce32e5a2b +Subproject commit 7c25d22d4146033cfb1e0775d06912b5c8f77e73 diff --git a/build/usr/bin/lxcmerge b/build/usr/bin/lxcmerge deleted file mode 100755 index e3bdb29..0000000 --- a/build/usr/bin/lxcmerge +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- - -import argparse -import os -import shutil -import sys -import tarfile -import tempfile - -APK_WORLD = 'etc/apk/world' -APK_INSTALLED = 'lib/apk/db/installed' -APK_SCRIPTS = 'lib/apk/db/scripts.tar' -APK_TRIGGERS = 'lib/apk/db/triggers' - -ETC_PASSWD = 'etc/passwd' -ETC_GROUP = 'etc/groups' -ETC_SHADOW = 'etc/shadow' - -def makedirs(path, mode=0o755, uid=100000, gid=100000): - try: - os.mkdir(path, mode) - os.chown(path, uid, gid) - except FileNotFoundError: - makedirs(os.path.dirname(path), mode, uid, gid) - os.mkdir(path, mode) - os.chown(path, uid, gid) - except FileExistsError: - pass - -def merge_apk_world(layers): - world = [] - for layer in layers: - try: - with open(os.path.join(layer, APK_WORLD), 'r') as f: - for line in f: - if line not in world: - world.append(line) - except: - continue - makedirs(os.path.join(layers[-1], os.path.dirname(APK_WORLD))) - with open(os.path.join(layers[-1], APK_WORLD), 'w') as f: - f.writelines(world) - os.chown(os.path.join(layers[-1], APK_WORLD), 100000, 100000) - -def merge_apk_installed(layers): - installed = [] - for layer in layers: - try: - with open(os.path.join(layer, APK_INSTALLED), 'r') as f: - buffer = [] - for line in f: - if line.startswith('C:'): - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - buffer = [] - buffer.append(line) - buffer = ''.join(buffer) - if buffer not in installed: - installed.append(buffer) - except: - continue - makedirs(os.path.join(layers[-1], os.path.dirname(APK_INSTALLED))) - with open(os.path.join(layers[-1], APK_INSTALLED), 'w') as f: - f.writelines(installed) - os.chown(os.path.join(layers[-1], APK_INSTALLED), 100000, 100000) - -def merge_apk_scripts(layers): - tmp_tar_path = tempfile.mkstemp()[1] - files_in_tar = [] - with tarfile.open(tmp_tar_path, 'w:') as tmp_tar: - for layer in layers: - tar_path = os.path.join(layer, APK_SCRIPTS) - if os.path.exists(tar_path): - with tarfile.open(tar_path, 'r:') as tar: - for member in tar.getmembers(): - if member.name not in files_in_tar: - buffer = tar.extractfile(member) - tmp_tar.addfile(member, buffer) - files_in_tar.append(member.name) - if files_in_tar: - makedirs(os.path.join(layers[-1], os.path.dirname(APK_SCRIPTS))) - shutil.move(tmp_tar_path, os.path.join(layers[-1], APK_SCRIPTS)) - os.chown(os.path.join(layers[-1], APK_SCRIPTS), 100000, 100000) - else: - os.unlink(tmp_tar_path) - -def merge_apk_triggers(layers): - triggers = [] - for layer in layers: - try: - with open(os.path.join(layer, APK_TRIGGERS), 'r') as f: - for line in f: - if line not in triggers: - triggers.append(line) - except: - continue - makedirs(os.path.join(layers[-1], os.path.dirname(APK_TRIGGERS))) - with open(os.path.join(layers[-1], APK_TRIGGERS), 'w') as f: - f.writelines(triggers) - os.chown(os.path.join(layers[-1], APK_TRIGGERS), 100000, 100000) - -def merge_etc_passwd(layers): - passwd = {} - for layer in layers: - try: - with open(os.path.join(layer, ETC_PASSWD), 'r') as f: - for line in f: - passwd[line.split(':')[0]] = line - except: - continue - makedirs(os.path.join(layers[-1], os.path.dirname(ETC_PASSWD))) - with open(os.path.join(layers[-1], ETC_PASSWD), 'w') as f: - f.writelines(passwd.values()) - os.chown(os.path.join(layers[-1], ETC_PASSWD), 100000, 100000) - -def merge_etc_group(layers): - groups = {} - for layer in layers: - try: - with open(os.path.join(layer, ETC_GROUP), 'r') as f: - for line in f: - name,pwd,gid,users = line.split(':') - name = splitline[0] - users = splitline[3].strip().split(',') - if name not in groups: - groups[name] = [name,pwd,gid,users] - else: - groups[name][1] = pwd - groups[name][2] = gid - for user in users: - if user not in groups[name][3]: - groups[name][3].append(user) - except: - continue - for group in groups.values(): - group[3] = '{}\n'.format(','.join(group[3])) - makedirs(os.path.join(layers[-1], os.path.dirname(ETC_GROUP))) - with open(os.path.join(layers[-1], ETC_GROUP), 'w') as f: - f.writelines([':'.join(group) for group in groups.values()]) - os.chown(os.path.join(layers[-1], ETC_GROUP), 100000, 100000) - -def merge_etc_shadow(layers): - shadow = {} - for layer in layers: - try: - with open(os.path.join(layer, ETC_SHADOW), 'r') as f: - for line in f: - shadow[line.split(':')[0]] = line - except: - continue - makedirs(os.path.join(layers[-1], os.path.dirname(ETC_SHADOW))) - with open(os.path.join(layers[-1], ETC_SHADOW), 'w') as f: - f.writelines(shadow.values()) - os.chown(os.path.join(layers[-1], ETC_SHADOW), 100000, 100042) - - -parser = argparse.ArgumentParser(description='APK database merge script') -parser.add_argument('layers', help='Path to LXC layers to be merged', nargs=argparse.REMAINDER) - -if len(sys.argv) < 3: - parser.print_usage() - sys.exit(1) -args = parser.parse_args() - -merge_apk_world(args.layers) -merge_apk_installed(args.layers) -merge_apk_scripts(args.layers) -merge_apk_triggers(args.layers) - -merge_etc_passwd(args.layers) -merge_etc_group(args.layers) -merge_etc_shadow(args.layers) diff --git a/build/usr/lib/python3.6/lxcbuild/image.py b/build/usr/lib/python3.6/lxcbuild/image.py index 0bc3260..838914a 100644 --- a/build/usr/lib/python3.6/lxcbuild/image.py +++ b/build/usr/lib/python3.6/lxcbuild/image.py @@ -25,7 +25,7 @@ class Image: try: builder = ImageBuilder(self) builder.build() - # In case of successful build, packaging needs to happen in all cases to prevent outdated packages + # Packaging needs to happen in any case after a successful build in order to prevent outdated packages self.force_build = True except ImageExistsError as e: print('Image {} already exists, skipping build tasks'.format(e)) diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index e77c782..b2a20e0 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -7,6 +7,7 @@ import sys from lxcmgr import lxcmgr from lxcmgr.paths import LXC_STORAGE_DIR +from lxcmgr.pkgmgr import PkgMgr class ImageExistsError(Exception): pass @@ -21,6 +22,7 @@ class ImageBuilder: self.script_eof = None def build(self): + # Read and process lines from lxcfile with open(self.image.lxcfile, 'r') as f: for line in f: line = line.strip() @@ -34,15 +36,14 @@ class ImageBuilder: self.process_line(*line.split(None, 1)) def process_line(self, directive, args): + # Process directives from lxcfile if 'RUN' == directive: self.script = [] self.script_eof = args elif 'IMAGE' == directive: self.set_name(args) - elif 'LAYER' == directive: - self.add_layer(args) - elif 'MERGE' == directive: - self.merge_layers(args.split()) + elif 'FROM' == directive: + self.set_layers(args) elif 'COPY' == directive: srcdst = args.split() self.copy_files(srcdst[0], srcdst[1] if len(srcdst) == 2 else '') @@ -63,6 +64,7 @@ class ImageBuilder: return os.path.join(LXC_STORAGE_DIR, layer) def run_script(self, script): + # Creates a temporary container, runs a script in its namespace, and stores the modifications as part of the image lxcmgr.create_container(self.image.name, self.image.conf) sh = os.path.join(LXC_STORAGE_DIR, self.image.name, 'run.sh') with open(sh, 'w') as f: @@ -75,6 +77,7 @@ class ImageBuilder: lxcmgr.destroy_container(self.image.name) def set_name(self, name): + # Set name and first (topmost) layer of the image self.image.name = name self.image.conf['layers'] = [name] image_path = self.get_layer_path(name) @@ -86,43 +89,47 @@ class ImageBuilder: os.makedirs(image_path, 0o755, True) os.chown(image_path, 100000, 100000) - def add_layer(self, name): - layer_path = self.get_layer_path(name) - if not os.path.exists(layer_path): - raise ImageNotFoundError(layer_path) - self.image.conf['layers'].insert(1, name) - - def merge_layers(self, cmd): - layers = [self.get_layer_path(layer) for layer in self.image.conf['layers']] - subprocess.run(cmd + layers[::-1], check=True) + def set_layers(self, image): + # Extend list of layers with the list of layers from parent image + # Raies an exception when IMAGE has no name + pkgmgr = PkgMgr() + self.image.conf['layers'].extend(pkgmgr.installed_packages[image]['layers']) def copy_files(self, src, dst): + # Copy files from the host or download them from a http(s) URL dst = os.path.join(LXC_STORAGE_DIR, self.image.name, dst) if src.startswith('http://') or src.startswith('https://'): unpack_http_archive(src, dst) else: copy_tree(os.path.join(self.image.build_dir, src), dst) + # Shift UID/GID of the files to the unprivileged range shift_uid(dst) def add_env(self, key, value): + # Sets lxc.environment records for the image if 'env' not in self.image.conf: self.image.conf['env'] = [] self.image.conf['env'].append([key, value]) def set_user(self, uid, gid): + # Sets lxc.init.uid/gid for the image self.image.conf['uid'] = uid self.image.conf['gid'] = gid def set_cmd(self, cmd): + # Sets lxc.init.cmd for the image self.image.conf['cmd'] = cmd def set_cwd(self, cwd): + # Sets lxc.init.cwd for the image self.image.conf['cwd'] = cwd def set_halt(self, halt): + # Sets lxc.signal.halt for the image self.image.conf['halt'] = halt def set_ready(self, cmd): + # Sets a command performed in OpenRC start_post to check readiness of the container self.image.conf['ready'] = cmd def clean(self): @@ -130,17 +137,19 @@ class ImageBuilder: shutil.rmtree(self.get_layer_path(self.image.name)) def unpack_http_archive(src, dst): - xf = 'xzf' - if src.endswith('.bz2'): - xf = 'xjf' - elif src.endswith('.xz'): - xf = 'xJf' - with subprocess.Popen(['wget', src, '-O', '-'], stdout=subprocess.PIPE) as wget: - with subprocess.Popen(['tar', xf, '-', '-C', dst], stdin=wget.stdout) as tar: - wget.stdout.close() - tar.wait() + # Decompress an archive downloaded via http(s) + xf = 'xzf' + if src.endswith('.bz2'): + xf = 'xjf' + elif src.endswith('.xz'): + xf = 'xJf' + with subprocess.Popen(['wget', src, '-O', '-'], stdout=subprocess.PIPE) as wget: + with subprocess.Popen(['tar', xf, '-', '-C', dst], stdin=wget.stdout) as tar: + wget.stdout.close() + tar.wait() def copy_tree(src, dst): + # Copies files from the host if not os.path.isdir(src): shutil.copy2(src, dst) else: @@ -150,16 +159,19 @@ def copy_tree(src, dst): shutil.copystat(src, dst) def shift_uid(dir): + # Shifts UID/GID of a file or a directory and its contents to the unprivileged range shift_uid_entry(dir, os.stat(dir, follow_symlinks=True)) shift_uid_recursively(dir) def shift_uid_recursively(dir): + # Shifts UID/GID of a directory and its contents to the unprivileged range for entry in os.scandir(dir): shift_uid_entry(entry.path, entry.stat(follow_symlinks=False)) if entry.is_dir(): shift_uid_recursively(entry.path) def shift_uid_entry(path, stat): + # Shifts UID/GID of a file or a directory to the unprivileged range uid = stat.st_uid gid = stat.st_gid do_chown = False diff --git a/build/usr/lib/python3.6/lxcbuild/imagepacker.py b/build/usr/lib/python3.6/lxcbuild/imagepacker.py index f423dfa..072c707 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagepacker.py +++ b/build/usr/lib/python3.6/lxcbuild/imagepacker.py @@ -47,10 +47,11 @@ class ImagePacker(Packer): def register(self): # Register image in global repository metadata file print('Registering image package', self.image.name) - self.packages['images'][self.image.name] = self.image.conf.copy() - self.packages['images'][self.image.name]['size'] = self.tar_size - self.packages['images'][self.image.name]['pkgsize'] = self.xz_size - self.packages['images'][self.image.name]['sha512'] = crypto.hash_file(self.xz_path) + image_conf = self.image.conf.copy() + image_conf['size'] = self.tar_size + image_conf['pkgsize'] = self.xz_size + image_conf['sha512'] = crypto.hash_file(self.xz_path) + self.packages['images'][self.image.name] = image_conf self.save_repo_meta() # Register the image also to locally installed images for package manager pm = PkgMgr() diff --git a/doc/toolchain/lxc-build.md b/doc/toolchain/lxc-build.md index 37b64c7..29d0172 100644 --- a/doc/toolchain/lxc-build.md +++ b/doc/toolchain/lxc-build.md @@ -29,13 +29,6 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas - **Docker equivalent:** `FROM` - **Populates LXC field:** `lxc.rootfs.path` -### MERGE - -- **Usage:** `MERGE ` -- **Description:** Runs `` on LXC host and passes all layer paths as parameter to this script. This helps you to resolve the conflicts in cases where you mix multiple OverlayFS layers with overlapping files, ie. package manager cache. The idea is that all layers are read separately by the `` script and the fixed result is written back to the uppermost layer. -- **Docker equivalent:** None -- **Populates LXC field:** None - ### RUN - **Usage:** From f82ad15689ed04ddd4d9a0003b882e66f2a49c0d Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 09:59:32 +0100 Subject: [PATCH 083/228] Remove nginx layers, convert to FROM --- lxc-apps/ckan/ckan-datapusher.lxcfile | 4 +--- lxc-apps/ckan/ckan.lxcfile | 4 +--- lxc-apps/crisiscleanup/lxcfile | 9 ++------- lxc-apps/cts/lxcfile | 9 ++------- lxc-apps/decidim/lxcfile | 9 ++------- lxc-apps/ecogis/lxcfile | 5 +---- lxc-apps/frontlinesms/lxcfile | 4 +--- lxc-apps/gnuhealth/lxcfile | 9 ++------- lxc-apps/kanboard/lxcfile | 5 +---- lxc-apps/mifosx/lxcfile | 5 +---- lxc-apps/motech/lxcfile | 5 +---- lxc-apps/odoo/lxcfile | 9 ++------- lxc-apps/opendatakit/opendatakit-build.lxcfile | 9 ++------- lxc-apps/opendatakit/opendatakit.lxcfile | 5 +---- lxc-apps/openmapkit/lxcfile | 11 ++++------- lxc-apps/pandora/lxcfile | 9 ++------- lxc-apps/sahana/lxcfile | 9 ++------- lxc-apps/seeddms/lxcfile | 11 +++-------- lxc-apps/sigmah/lxcfile | 5 +---- lxc-apps/ushahidi/lxcfile | 5 +---- lxc-services/activemq/lxcfile | 4 +--- lxc-services/mariadb/lxcfile | 3 +-- lxc-services/postgis/lxcfile | 4 +--- lxc-services/postgres/lxcfile | 3 +-- lxc-services/rabbitmq/lxcfile | 3 +-- lxc-services/redis/lxcfile | 3 +-- lxc-services/solr6/lxcfile | 4 +--- lxc-shared/alpine3.8-nginx/lxcfile | 14 -------------- lxc-shared/alpine3.8-nodejs8/lxcfile | 3 +-- lxc-shared/alpine3.8-php5.6/lxcfile | 6 ++---- lxc-shared/alpine3.8-ruby2.4/lxcfile | 3 +-- lxc-shared/alpine3.9-java8/lxcfile | 3 +-- lxc-shared/alpine3.9-nginx/lxcfile | 14 -------------- lxc-shared/alpine3.9-nodejs10/lxcfile | 3 +-- lxc-shared/alpine3.9-php7.2/lxcfile | 6 ++---- lxc-shared/alpine3.9-python2.7/lxcfile | 3 +-- lxc-shared/alpine3.9-python3.6/lxcfile | 3 +-- lxc-shared/alpine3.9-ruby2.4/lxcfile | 3 +-- lxc-shared/alpine3.9-ruby2.6/lxcfile | 3 +-- lxc-shared/alpine3.9-tomcat7/lxcfile | 4 +--- lxc-shared/alpine3.9-tomcat8.5/lxcfile | 4 +--- 41 files changed, 54 insertions(+), 183 deletions(-) delete mode 100644 lxc-shared/alpine3.8-nginx/lxcfile delete mode 100644 lxc-shared/alpine3.9-nginx/lxcfile diff --git a/lxc-apps/ckan/ckan-datapusher.lxcfile b/lxc-apps/ckan/ckan-datapusher.lxcfile index e9e94a3..6eee49f 100644 --- a/lxc-apps/ckan/ckan-datapusher.lxcfile +++ b/lxc-apps/ckan/ckan-datapusher.lxcfile @@ -1,7 +1,5 @@ IMAGE ckan-datapusher_0.0.13-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 +FROM alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/ckan/ckan.lxcfile b/lxc-apps/ckan/ckan.lxcfile index 087b01c..6d120b0 100644 --- a/lxc-apps/ckan/ckan.lxcfile +++ b/lxc-apps/ckan/ckan.lxcfile @@ -1,7 +1,5 @@ IMAGE ckan_2.8.2-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 +FROM alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/crisiscleanup/lxcfile b/lxc-apps/crisiscleanup/lxcfile index 373d7ac..7a2239f 100644 --- a/lxc-apps/crisiscleanup/lxcfile +++ b/lxc-apps/crisiscleanup/lxcfile @@ -1,16 +1,11 @@ IMAGE crisiscleanup_2.2.0-190620 - -LAYER alpine3.8_3.8.4-190620 -LAYER alpine3.8-ruby2.4_2.4.5-190620 -LAYER alpine3.8-nodejs8_8.14.0-190620 - -MERGE /usr/bin/lxcmerge +FROM alpine3.8-ruby2.4_2.4.5-190620 ENV RAILS_ENV production RUN EOF # Install runtime dependencies - apk --no-cache add libpq tzdata + apk --no-cache add libpq nodejs tzdata # Install build dependencies apk --no-cache add --virtual .deps build-base git libxml2-dev libxslt-dev linux-headers npm postgresql-dev yarn zlib-dev diff --git a/lxc-apps/cts/lxcfile b/lxc-apps/cts/lxcfile index c8163a0..a4ed6ef 100644 --- a/lxc-apps/cts/lxcfile +++ b/lxc-apps/cts/lxcfile @@ -1,14 +1,9 @@ IMAGE cts_0.8.0-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 -LAYER alpine3.9-nginx_1.14.2-191115 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies - apk --no-cache add geos@vm libpq zlib + apk --no-cache add geos@vm libpq nginx zlib # Install build dependencies apk --no-cache add --virtual .deps build-base git postgresql-dev python2-dev py2-pip zlib-dev diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile index de24a54..10ad503 100644 --- a/lxc-apps/decidim/lxcfile +++ b/lxc-apps/decidim/lxcfile @@ -1,10 +1,5 @@ IMAGE decidim_0.0.1-191113 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-ruby2.6_2.6.3-190620 -LAYER alpine3.9-nodejs10_10.14.2-190620 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-ruby2.6_2.6.3-190620 # https://github.com/Platoniq/decidim-install/blob/master/decidim-bionic.md # https://github.com/Platoniq/decidim-install/blob/master/basic-config.md @@ -13,7 +8,7 @@ ENV RAILS_ENV production RUN EOF # Install runtime dependencies - apk --no-cache add curl libpq pcre procps tzdata + apk --no-cache add curl libpq nodejs pcre procps tzdata # Install build dependencies apk --no-cache add --virtual .deps build-base curl-dev icu-dev libxml2-dev libxslt-dev linux-headers pcre-dev postgresql-dev zlib-dev diff --git a/lxc-apps/ecogis/lxcfile b/lxc-apps/ecogis/lxcfile index a496843..5094408 100644 --- a/lxc-apps/ecogis/lxcfile +++ b/lxc-apps/ecogis/lxcfile @@ -1,8 +1,5 @@ IMAGE ecogis_0.0.1-190620 - -LAYER alpine3.8_3.8.4-190620 -LAYER alpine3.8-nginx_1.14.2-191115 -LAYER alpine3.8-php5.6_5.6.40-190620 +FROM alpine3.8-php5.6_5.6.40-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/frontlinesms/lxcfile b/lxc-apps/frontlinesms/lxcfile index 35a0818..4cf1b18 100644 --- a/lxc-apps/frontlinesms/lxcfile +++ b/lxc-apps/frontlinesms/lxcfile @@ -1,7 +1,5 @@ IMAGE frontlinesms_2.6.5-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 +FROM alpine3.9-java8_8.212.04-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/gnuhealth/lxcfile b/lxc-apps/gnuhealth/lxcfile index 0ed42c1..b849fc1 100644 --- a/lxc-apps/gnuhealth/lxcfile +++ b/lxc-apps/gnuhealth/lxcfile @@ -1,14 +1,9 @@ IMAGE gnuhealth_3.4.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python3.6_3.6.8-190620 -LAYER alpine3.9-nodejs10_10.14.2-190620 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-python3.6_3.6.8-190620 RUN EOF # Install runtime dependencies - apk --no-cache add bash coreutils libffi libjpeg-turbo libpq + apk --no-cache add bash coreutils libffi libjpeg-turbo libpq nodejs # Install build dependencies apk --no-cache add --virtual .deps build-base git libffi-dev libjpeg-turbo-dev libxml2-dev libxslt-dev ncurses npm patch postgresql-dev python3-dev sudo diff --git a/lxc-apps/kanboard/lxcfile b/lxc-apps/kanboard/lxcfile index 52b5875..8e8bc9c 100644 --- a/lxc-apps/kanboard/lxcfile +++ b/lxc-apps/kanboard/lxcfile @@ -1,8 +1,5 @@ IMAGE kanboard_1.2.9-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-nginx_1.14.2-191115 -LAYER alpine3.9-php7.2_7.2.19-190620 +FROM alpine3.9-php7.2_7.2.19-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-apps/mifosx/lxcfile b/lxc-apps/mifosx/lxcfile index cdd15e8..ed41b0d 100644 --- a/lxc-apps/mifosx/lxcfile +++ b/lxc-apps/mifosx/lxcfile @@ -1,8 +1,5 @@ IMAGE mifosx_18.03.01-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 -LAYER alpine3.9-tomcat8.5_8.5.41-190620 +FROM alpine3.9-tomcat8.5_8.5.41-190620 RUN EOF # Install full-featured wget to work around sourceforge bugs diff --git a/lxc-apps/motech/lxcfile b/lxc-apps/motech/lxcfile index bbf3728..73933d2 100644 --- a/lxc-apps/motech/lxcfile +++ b/lxc-apps/motech/lxcfile @@ -1,8 +1,5 @@ IMAGE motech_1.3.0-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 -LAYER alpine3.9-tomcat7_7.0.94-190620 +FROM alpine3.9-tomcat7_7.0.94-190620 RUN EOF # Download Motech diff --git a/lxc-apps/odoo/lxcfile b/lxc-apps/odoo/lxcfile index bc9eff2..2eba772 100644 --- a/lxc-apps/odoo/lxcfile +++ b/lxc-apps/odoo/lxcfile @@ -1,14 +1,9 @@ IMAGE odoo_13.0.0-191113 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python3.6_3.6.8-190620 -LAYER alpine3.9-nodejs10_10.14.2-190620 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-python3.6_3.6.8-190620 RUN EOF # Install runtime dependencies - apk --no-cache add libjpeg-turbo libpq + apk --no-cache add libjpeg-turbo libpq nodejs # Install build dependencies apk --no-cache add --virtual .deps build-base git libjpeg-turbo-dev libxml2-dev libxslt-dev linux-headers openldap-dev postgresql-dev python3-dev diff --git a/lxc-apps/opendatakit/opendatakit-build.lxcfile b/lxc-apps/opendatakit/opendatakit-build.lxcfile index 1353a09..a2f53ff 100644 --- a/lxc-apps/opendatakit/opendatakit-build.lxcfile +++ b/lxc-apps/opendatakit/opendatakit-build.lxcfile @@ -1,14 +1,9 @@ IMAGE opendatakit-build_0.3.5-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-ruby2.4_2.4.5-190620 -LAYER alpine3.9-nodejs10_10.14.2-190620 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-ruby2.4_2.4.5-190620 RUN EOF # Install runtime dependencies - apk --no-cache add libpq + apk --no-cache add libpq nodejs # Install build dependencies apk --no-cache add --virtual .deps build-base git linux-headers make npm openjdk8-jre-base postgresql-dev diff --git a/lxc-apps/opendatakit/opendatakit.lxcfile b/lxc-apps/opendatakit/opendatakit.lxcfile index 931c494..bd4b181 100644 --- a/lxc-apps/opendatakit/opendatakit.lxcfile +++ b/lxc-apps/opendatakit/opendatakit.lxcfile @@ -1,8 +1,5 @@ IMAGE opendatakit_2.0.3-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 -LAYER alpine3.9-tomcat8.5_8.5.41-190620 +FROM alpine3.9-tomcat8.5_8.5.41-190620 RUN EOF # Download OpenDataKit diff --git a/lxc-apps/openmapkit/lxcfile b/lxc-apps/openmapkit/lxcfile index 7b6db89..d30734e 100644 --- a/lxc-apps/openmapkit/lxcfile +++ b/lxc-apps/openmapkit/lxcfile @@ -1,13 +1,10 @@ IMAGE openmapkit_0.12.0-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 -LAYER alpine3.9-nodejs10_10.14.2-190620 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-java8_8.212.04-190620 RUN EOF + # Install runtime dependencies + apk --no-cache add python2 nodejs + # Install build dependencies apk --no-cache add --virtual .deps build-base git py2-pip yarn diff --git a/lxc-apps/pandora/lxcfile b/lxc-apps/pandora/lxcfile index c0a3cd3..1abeff5 100644 --- a/lxc-apps/pandora/lxcfile +++ b/lxc-apps/pandora/lxcfile @@ -1,14 +1,9 @@ IMAGE pandora_0.0.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python3.6_3.6.8-190620 -LAYER alpine3.9-nginx_1.14.2-191115 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-python3.6_3.6.8-190620 RUN EOF # Install runtime dependencies - apk --no-cache add ffmpeg imagemagick imlib2 libogg libtheora libvpx mkvtoolnix poppler-utils py3-geoip py3-lxml py3-numpy py3-pillow py3-psycopg2 + apk --no-cache add ffmpeg imagemagick imlib2 libogg libtheora libvpx mkvtoolnix nginx poppler-utils py3-geoip py3-lxml py3-numpy py3-pillow py3-psycopg2 pip3 install pyinotify # Install build dependencies diff --git a/lxc-apps/sahana/lxcfile b/lxc-apps/sahana/lxcfile index 10bfec2..36c937f 100644 --- a/lxc-apps/sahana/lxcfile +++ b/lxc-apps/sahana/lxcfile @@ -1,14 +1,9 @@ IMAGE sahana_0.0.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-python2.7_2.7.16-190620 -LAYER alpine3.9-nginx_1.14.2-191115 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-python2.7_2.7.16-190620 RUN EOF # Install runtime dependencies - apk --no-cache add geos@vm py-gdal@vm py2-dateutil py2-lxml py2-numpy py2-pillow py2-psycopg2 py2-requests uwsgi-python + apk --no-cache add geos@vm nginx py-gdal@vm py2-dateutil py2-lxml py2-numpy py2-pillow py2-psycopg2 py2-requests uwsgi-python # Install build dependencies apk --no-cache add --virtual .deps build-base git freetype-dev libpng-dev py-numpy-dev py2-pip python2-dev ttf-dejavu diff --git a/lxc-apps/seeddms/lxcfile b/lxc-apps/seeddms/lxcfile index d1231bf..6fb8219 100644 --- a/lxc-apps/seeddms/lxcfile +++ b/lxc-apps/seeddms/lxcfile @@ -1,15 +1,10 @@ IMAGE seeddms_5.1.9-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-nginx_1.14.2-191115 -LAYER alpine3.9-php7.2_7.2.19-190620 -LAYER alpine3.9-python3.6_3.6.8-190620 - -MERGE /usr/bin/lxcmerge +FROM alpine3.9-php7.2_7.2.19-190620 RUN EOF # Install runtime dependencies - apk --no-cache add ghostscript imagemagick libreoffice-calc libreoffice-impress libreoffice-writer php7-fileinfo php7-iconv php7-openssl php7-pear php7-pdo_pgsql php7-simplexml php7-xml poppler-utils ttf-opensans + apk --no-cache add ghostscript imagemagick libreoffice-calc libreoffice-impress libreoffice-writer php7-fileinfo php7-iconv php7-openssl php7-pear php7-pdo_pgsql php7-simplexml php7-xml poppler-utils python3 ttf-opensans + ln -s /usr/bin/python3 /usr/bin/python # Install unoconv wget https://raw.githubusercontent.com/dagwieers/unoconv/master/unoconv -O /usr/bin/unoconv diff --git a/lxc-apps/sigmah/lxcfile b/lxc-apps/sigmah/lxcfile index 15692a2..f581169 100644 --- a/lxc-apps/sigmah/lxcfile +++ b/lxc-apps/sigmah/lxcfile @@ -1,8 +1,5 @@ IMAGE sigmah_2.0.2-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 -LAYER alpine3.9-tomcat8.5_8.5.41-190620 +FROM alpine3.9-tomcat8.5_8.5.41-190620 RUN EOF # Download Sigmah diff --git a/lxc-apps/ushahidi/lxcfile b/lxc-apps/ushahidi/lxcfile index ead789e..a6e81bc 100644 --- a/lxc-apps/ushahidi/lxcfile +++ b/lxc-apps/ushahidi/lxcfile @@ -1,8 +1,5 @@ IMAGE ushahidi_3.12.3-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-nginx_1.14.2-191115 -LAYER alpine3.9-php7.2_7.2.19-190620 +FROM alpine3.9-php7.2_7.2.19-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-services/activemq/lxcfile b/lxc-services/activemq/lxcfile index 7a76154..717c741 100644 --- a/lxc-services/activemq/lxcfile +++ b/lxc-services/activemq/lxcfile @@ -1,7 +1,5 @@ IMAGE activemq_5.15.9-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 +FROM alpine3.9-java8_8.212.04-190620 RUN EOF # Download and install ActiveMQ diff --git a/lxc-services/mariadb/lxcfile b/lxc-services/mariadb/lxcfile index 40835e1..cbeccd8 100644 --- a/lxc-services/mariadb/lxcfile +++ b/lxc-services/mariadb/lxcfile @@ -1,6 +1,5 @@ IMAGE mariadb_10.3.15-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) diff --git a/lxc-services/postgis/lxcfile b/lxc-services/postgis/lxcfile index 786130f..5da3e3a 100644 --- a/lxc-services/postgis/lxcfile +++ b/lxc-services/postgis/lxcfile @@ -1,7 +1,5 @@ IMAGE postgis_2.5.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER postgres_11.3.0-190620 +FROM postgres_11.3.0-190620 RUN EOF # Install PostGIS diff --git a/lxc-services/postgres/lxcfile b/lxc-services/postgres/lxcfile index 96b0976..9ffe4c2 100644 --- a/lxc-services/postgres/lxcfile +++ b/lxc-services/postgres/lxcfile @@ -1,6 +1,5 @@ IMAGE postgres_11.3.0-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF # Modify OS user (which will be picked up later by apk add) diff --git a/lxc-services/rabbitmq/lxcfile b/lxc-services/rabbitmq/lxcfile index 187e594..7b64bbb 100644 --- a/lxc-services/rabbitmq/lxcfile +++ b/lxc-services/rabbitmq/lxcfile @@ -1,6 +1,5 @@ IMAGE rabbitmq_3.7.11-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) diff --git a/lxc-services/redis/lxcfile b/lxc-services/redis/lxcfile index 15cb56c..2d70ce2 100644 --- a/lxc-services/redis/lxcfile +++ b/lxc-services/redis/lxcfile @@ -1,6 +1,5 @@ IMAGE redis_4.0.12-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF # Create OS user (which will be picked up later by apk add) diff --git a/lxc-services/solr6/lxcfile b/lxc-services/solr6/lxcfile index 3acd37b..8f797d6 100644 --- a/lxc-services/solr6/lxcfile +++ b/lxc-services/solr6/lxcfile @@ -1,7 +1,5 @@ IMAGE solr6_6.5.1-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 +FROM alpine3.9-java8_8.212.04-190620 RUN EOF # Install runtime dependencies diff --git a/lxc-shared/alpine3.8-nginx/lxcfile b/lxc-shared/alpine3.8-nginx/lxcfile deleted file mode 100644 index 77d9d4a..0000000 --- a/lxc-shared/alpine3.8-nginx/lxcfile +++ /dev/null @@ -1,14 +0,0 @@ -IMAGE alpine3.8-nginx_1.14.2-191115 - -LAYER alpine3.8_3.8.4-190620 - -RUN EOF - # Add nginx user (which will be picked up later by apk add) - addgroup -Sg 1080 nginx 2>/dev/null - adduser -Su 1080 -D -H -h /var/lib/nginx -s /sbin/nologin -G nginx -g nginx nginx 2>/dev/null - - # Install nginx - apk --no-cache add nginx -EOF - -CMD nginx -g "daemon off;" diff --git a/lxc-shared/alpine3.8-nodejs8/lxcfile b/lxc-shared/alpine3.8-nodejs8/lxcfile index c169d26..7ba3495 100644 --- a/lxc-shared/alpine3.8-nodejs8/lxcfile +++ b/lxc-shared/alpine3.8-nodejs8/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.8-nodejs8_8.14.0-190620 - -LAYER alpine3.8_3.8.4-190620 +FROM alpine3.8_3.8.4-190620 RUN EOF apk --no-cache add nodejs diff --git a/lxc-shared/alpine3.8-php5.6/lxcfile b/lxc-shared/alpine3.8-php5.6/lxcfile index 4446fad..340a927 100644 --- a/lxc-shared/alpine3.8-php5.6/lxcfile +++ b/lxc-shared/alpine3.8-php5.6/lxcfile @@ -1,10 +1,8 @@ IMAGE alpine3.8-php5.6_5.6.40-190620 - -LAYER alpine3.8_3.8.4-190620 -LAYER alpine3.8-nginx_1.14.2-191115 +FROM alpine3.8_3.8.4-190620 RUN EOF - apk --no-cache add php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache + apk --no-cache add nginx php5 php5-ctype php5-fpm php5-gd php5-json php5-mcrypt php5-opcache ln -s /usr/bin/php5 /usr/bin/php EOF diff --git a/lxc-shared/alpine3.8-ruby2.4/lxcfile b/lxc-shared/alpine3.8-ruby2.4/lxcfile index 1327a28..092737a 100644 --- a/lxc-shared/alpine3.8-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.8-ruby2.4/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.8-ruby2.4_2.4.5-190620 - -LAYER alpine3.8_3.8.4-190620 +FROM alpine3.8_3.8.4-190620 RUN EOF # Install Ruby runtime dependencies diff --git a/lxc-shared/alpine3.9-java8/lxcfile b/lxc-shared/alpine3.9-java8/lxcfile index 8aa0376..01a0f8b 100644 --- a/lxc-shared/alpine3.9-java8/lxcfile +++ b/lxc-shared/alpine3.9-java8/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.9-java8_8.212.04-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF # nss needed due to https://github.com/docker-library/openjdk/issues/289 , https://bugs.alpinelinux.org/issues/10126 diff --git a/lxc-shared/alpine3.9-nginx/lxcfile b/lxc-shared/alpine3.9-nginx/lxcfile deleted file mode 100644 index 6f1df3d..0000000 --- a/lxc-shared/alpine3.9-nginx/lxcfile +++ /dev/null @@ -1,14 +0,0 @@ -IMAGE alpine3.9-nginx_1.14.2-191115 - -LAYER alpine3.9_3.9.4-190620 - -RUN EOF - # Add nginx user (which will be picked up later by apk add) - addgroup -Sg 1080 nginx 2>/dev/null - adduser -Su 1080 -D -H -h /var/lib/nginx -s /sbin/nologin -G nginx -g nginx nginx 2>/dev/null - - # Install nginx - apk --no-cache add nginx -EOF - -CMD nginx -g "daemon off;" diff --git a/lxc-shared/alpine3.9-nodejs10/lxcfile b/lxc-shared/alpine3.9-nodejs10/lxcfile index 6d7b5db..8b4a0ce 100644 --- a/lxc-shared/alpine3.9-nodejs10/lxcfile +++ b/lxc-shared/alpine3.9-nodejs10/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.9-nodejs10_10.14.2-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF apk --no-cache add nodejs diff --git a/lxc-shared/alpine3.9-php7.2/lxcfile b/lxc-shared/alpine3.9-php7.2/lxcfile index 810051c..8c8108f 100644 --- a/lxc-shared/alpine3.9-php7.2/lxcfile +++ b/lxc-shared/alpine3.9-php7.2/lxcfile @@ -1,10 +1,8 @@ IMAGE alpine3.9-php7.2_7.2.19-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-nginx_1.14.2-191115 +FROM alpine3.9_3.9.4-190620 RUN EOF - apk --no-cache add php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session + apk --no-cache add nginx php7 php7-ctype php7-fpm php7-gd php7-json php7-mbstring php7-mcrypt php7-opcache php7-session EOF CMD php -a diff --git a/lxc-shared/alpine3.9-python2.7/lxcfile b/lxc-shared/alpine3.9-python2.7/lxcfile index e37b81e..247782f 100644 --- a/lxc-shared/alpine3.9-python2.7/lxcfile +++ b/lxc-shared/alpine3.9-python2.7/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.9-python2.7_2.7.16-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF apk --no-cache add python2 diff --git a/lxc-shared/alpine3.9-python3.6/lxcfile b/lxc-shared/alpine3.9-python3.6/lxcfile index a8b3f3d..6e4f217 100644 --- a/lxc-shared/alpine3.9-python3.6/lxcfile +++ b/lxc-shared/alpine3.9-python3.6/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.9-python3.6_3.6.8-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF apk --no-cache add python3 diff --git a/lxc-shared/alpine3.9-ruby2.4/lxcfile b/lxc-shared/alpine3.9-ruby2.4/lxcfile index aa37e4e..e466e16 100644 --- a/lxc-shared/alpine3.9-ruby2.4/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.4/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.9-ruby2.4_2.4.5-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF # Install Ruby runtime dependencies diff --git a/lxc-shared/alpine3.9-ruby2.6/lxcfile b/lxc-shared/alpine3.9-ruby2.6/lxcfile index 00b3148..b1309a1 100644 --- a/lxc-shared/alpine3.9-ruby2.6/lxcfile +++ b/lxc-shared/alpine3.9-ruby2.6/lxcfile @@ -1,6 +1,5 @@ IMAGE alpine3.9-ruby2.6_2.6.3-190620 - -LAYER alpine3.9_3.9.4-190620 +FROM alpine3.9_3.9.4-190620 RUN EOF # Install Ruby runtime dependencies diff --git a/lxc-shared/alpine3.9-tomcat7/lxcfile b/lxc-shared/alpine3.9-tomcat7/lxcfile index da4cb3b..b07e933 100644 --- a/lxc-shared/alpine3.9-tomcat7/lxcfile +++ b/lxc-shared/alpine3.9-tomcat7/lxcfile @@ -1,7 +1,5 @@ IMAGE alpine3.9-tomcat7_7.0.94-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 +FROM alpine3.9-java8_8.212.04-190620 RUN EOF # Install Tomcat 7 diff --git a/lxc-shared/alpine3.9-tomcat8.5/lxcfile b/lxc-shared/alpine3.9-tomcat8.5/lxcfile index 9010118..757cc45 100644 --- a/lxc-shared/alpine3.9-tomcat8.5/lxcfile +++ b/lxc-shared/alpine3.9-tomcat8.5/lxcfile @@ -1,7 +1,5 @@ IMAGE alpine3.9-tomcat8.5_8.5.41-190620 - -LAYER alpine3.9_3.9.4-190620 -LAYER alpine3.9-java8_8.212.04-190620 +FROM alpine3.9-java8_8.212.04-190620 RUN EOF # Install Tomcat 8.5 From e1b7ba1204c6bb2e19b08fcecae336caf288cc79 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 15:54:09 +0100 Subject: [PATCH 084/228] Remove unused nginx and nodejs images --- build/build-all.sh | 4 ---- doc/existing/list.md | 4 ---- lxc-shared/alpine3.8-nodejs8/lxcfile | 6 ------ lxc-shared/alpine3.9-nodejs10/lxcfile | 6 ------ 4 files changed, 20 deletions(-) delete mode 100644 lxc-shared/alpine3.8-nodejs8/lxcfile delete mode 100644 lxc-shared/alpine3.9-nodejs10/lxcfile diff --git a/build/build-all.sh b/build/build-all.sh index 9b33cd3..a3bfdc4 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -48,17 +48,13 @@ abuild -F # Build apd pack runtimes cd ${ROOT}/lxc-shared lxcbuild alpine3.8 -lxcbuild alpine3.8-nginx lxcbuild alpine3.8-php5.6 -lxcbuild alpine3.8-nodejs8 lxcbuild alpine3.8-ruby2.4 lxcbuild alpine3.9 -lxcbuild alpine3.9-nginx lxcbuild alpine3.9-java8 lxcbuild alpine3.9-php7.2 lxcbuild alpine3.9-python2.7 lxcbuild alpine3.9-python3.6 -lxcbuild alpine3.9-nodejs10 lxcbuild alpine3.9-ruby2.4 lxcbuild alpine3.9-ruby2.6 lxcbuild alpine3.9-tomcat7 diff --git a/doc/existing/list.md b/doc/existing/list.md index abc7323..66d0c69 100644 --- a/doc/existing/list.md +++ b/doc/existing/list.md @@ -5,17 +5,13 @@ | Layer | Container | |-------------------------|---------------------| | Alpine 3.8 | alpine3.8 | -| Alpine 3.8 - nginx | alpine3.8-nginx | | Alpine 3.8 - PHP 5.6 | alpine3.8-php5.6 | -| Alpine 3.8 - NodeJS 8 | alpine3.8-nodejs8 | | Alpine 3.9 - Ruby 2.4 | alpine3.8-ruby2.4 | | Alpine 3.9 | alpine3.9 | -| Alpine 3.9 - nginx | alpine3.9-nginx | | Alpine 3.9 - Java 8 | alpine3.9-java8 | | Alpine 3.9 - PHP 7.2 | alpine3.9-php7.2 | | Alpine 3.9 - Python 2.7 | alpine3.9-python2.7 | | Alpine 3.9 - Python 3.6 | alpine3.9-python3.6 | -| Alpine 3.9 - NodeJS 10 | alpine3.9-nodejs10 | | Alpine 3.9 - Ruby 2.4 | alpine3.9-ruby2.4 | | Alpine 3.9 - Ruby 2.6 | alpine3.9-ruby2.6 | | Alpine 3.9 - Tomcat 7 | alpine3.9-tomcat7 | diff --git a/lxc-shared/alpine3.8-nodejs8/lxcfile b/lxc-shared/alpine3.8-nodejs8/lxcfile deleted file mode 100644 index 7ba3495..0000000 --- a/lxc-shared/alpine3.8-nodejs8/lxcfile +++ /dev/null @@ -1,6 +0,0 @@ -IMAGE alpine3.8-nodejs8_8.14.0-190620 -FROM alpine3.8_3.8.4-190620 - -RUN EOF - apk --no-cache add nodejs -EOF diff --git a/lxc-shared/alpine3.9-nodejs10/lxcfile b/lxc-shared/alpine3.9-nodejs10/lxcfile deleted file mode 100644 index 8b4a0ce..0000000 --- a/lxc-shared/alpine3.9-nodejs10/lxcfile +++ /dev/null @@ -1,6 +0,0 @@ -IMAGE alpine3.9-nodejs10_10.14.2-190620 -FROM alpine3.9_3.9.4-190620 - -RUN EOF - apk --no-cache add nodejs -EOF From e794ced82a0d35ac4a20ed2d1ed7c486726a0e1c Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 15:56:29 +0100 Subject: [PATCH 085/228] Introduce BuildType for normal, force, scratch and metadata builds --- build/usr/bin/lxcbuild | 8 ++++--- build/usr/lib/python3.6/lxcbuild/image.py | 24 ++++++++++++++----- .../lib/python3.6/lxcbuild/imagebuilder.py | 15 +++++++++--- .../usr/lib/python3.6/lxcbuild/imagepacker.py | 2 +- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild index e15b61b..437d59e 100755 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -5,7 +5,7 @@ import argparse import os import sys from lxcbuild.app import App -from lxcbuild.image import Image +from lxcbuild.image import BuildType, Image parser = argparse.ArgumentParser(description='VM application builder and packager') group = parser.add_mutually_exclusive_group() @@ -22,8 +22,10 @@ args = parser.parse_args() def build_and_pack_image(path, args): image = Image() - image.force_build = args.force or args.scratch - image.scratch_build = args.scratch + if args.scratch: + image.build_type = BuildType.SCRATCH + elif args.force: + image.build_type = BuildType.FORCE image.build_and_pack(path) def pack_app(path): diff --git a/build/usr/lib/python3.6/lxcbuild/image.py b/build/usr/lib/python3.6/lxcbuild/image.py index 838914a..d903e63 100644 --- a/build/usr/lib/python3.6/lxcbuild/image.py +++ b/build/usr/lib/python3.6/lxcbuild/image.py @@ -3,43 +3,55 @@ import os import sys +from enum import Enum from lxcmgr import lxcmgr from .imagebuilder import ImageBuilder, ImageExistsError, ImageNotFoundError from .imagepacker import ImagePacker from .packer import PackageExistsError +class BuildType(Enum): + NORMAL = 1 + FORCE = 2 + SCRATCH = 3 + METADATA = 4 + class Image: def __init__(self): self.name = None self.conf = {} self.lxcfile = None self.build_dir = None - self.force_build = False - self.scratch_build = False + self.build_type = BuildType.NORMAL + self.pack = False def build_and_pack(self, lxcfile): self.lxcfile = lxcfile self.build_dir = os.path.dirname(lxcfile) self.conf['build'] = True + builder = ImageBuilder(self) try: - builder = ImageBuilder(self) builder.build() # Packaging needs to happen in any case after a successful build in order to prevent outdated packages - self.force_build = True + self.pack = True except ImageExistsError as e: + # If container already exists and build hasn't been forced, rerun the build just for metadata which are still needed for packaging print('Image {} already exists, skipping build tasks'.format(e)) + self.build_type = BuildType.METADATA + builder.build() except ImageNotFoundError as e: + # If one of the layers is missing, cleanup and die print('Image {} not found, can\'t build {}'.format(e, self.name)) builder.clean() sys.exit(1) except: - if not self.scratch_build: + # If build fails with another exception, cleanup (unless we were doing scratch build) and re-raise + if not self.build_type == BuildType.SCRATCH: builder.clean() raise del self.conf['build'] # If we're doing a scratch build, regenerate the final LXC container configuration including ephemeral layer - if self.scratch_build: + if self.build_type == BuildType.SCRATCH: lxcmgr.create_container(self.name, self.conf) else: try: diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index b2a20e0..ba65188 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -9,6 +9,8 @@ from lxcmgr import lxcmgr from lxcmgr.paths import LXC_STORAGE_DIR from lxcmgr.pkgmgr import PkgMgr +from .image import BuildType + class ImageExistsError(Exception): pass @@ -65,6 +67,9 @@ class ImageBuilder: def run_script(self, script): # Creates a temporary container, runs a script in its namespace, and stores the modifications as part of the image + if self.image.build_type == BuildType.METADATA: + # Don't run anything if we're building just metadata + return lxcmgr.create_container(self.image.name, self.image.conf) sh = os.path.join(LXC_STORAGE_DIR, self.image.name, 'run.sh') with open(sh, 'w') as f: @@ -73,7 +78,8 @@ class ImageBuilder: os.chown(sh, 100000, 100000) subprocess.run(['lxc-execute', self.image.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True) os.unlink(sh) - if not self.image.scratch_build: + if not self.image.build_type == BuildType.SCRATCH: + # Don't delete the temporary container if we're doing scratch build lxcmgr.destroy_container(self.image.name) def set_name(self, name): @@ -82,7 +88,7 @@ class ImageBuilder: self.image.conf['layers'] = [name] image_path = self.get_layer_path(name) if os.path.exists(image_path): - if self.image.force_build: + if self.image.build_type in (BuildType.FORCE, BuildType.SCRATCH): self.clean() else: raise ImageExistsError(image_path) @@ -93,10 +99,13 @@ class ImageBuilder: # Extend list of layers with the list of layers from parent image # Raies an exception when IMAGE has no name pkgmgr = PkgMgr() - self.image.conf['layers'].extend(pkgmgr.installed_packages[image]['layers']) + self.image.conf['layers'].extend(pkgmgr.installed_packages['images'][image]['layers']) def copy_files(self, src, dst): # Copy files from the host or download them from a http(s) URL + if self.image.build_type == BuildType.METADATA: + # Don't copy anything if we're building just metadata + return dst = os.path.join(LXC_STORAGE_DIR, self.image.name, dst) if src.startswith('http://') or src.startswith('https://'): unpack_http_archive(src, dst) diff --git a/build/usr/lib/python3.6/lxcbuild/imagepacker.py b/build/usr/lib/python3.6/lxcbuild/imagepacker.py index 072c707..4ba2655 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagepacker.py +++ b/build/usr/lib/python3.6/lxcbuild/imagepacker.py @@ -19,7 +19,7 @@ class ImagePacker(Packer): self.xz_path = '{}.xz'.format(self.tar_path) def pack(self): - if self.image.force_build: + if self.image.pack: self.unregister() try: os.unlink(self.xz_path) From c22d2c73935f6aa110acf9f533288cdfe3c03d19 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 16:02:31 +0100 Subject: [PATCH 086/228] Move BuildType to imagebuilder to prevent dependency conflicts --- build/usr/bin/lxcbuild | 3 ++- build/usr/lib/python3.6/lxcbuild/image.py | 9 +-------- build/usr/lib/python3.6/lxcbuild/imagebuilder.py | 12 ++++++++++-- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild index 437d59e..06b00e1 100755 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -5,7 +5,8 @@ import argparse import os import sys from lxcbuild.app import App -from lxcbuild.image import BuildType, Image +from lxcbuild.image import Image +from lxcbuild.imagebuilder import BuildType parser = argparse.ArgumentParser(description='VM application builder and packager') group = parser.add_mutually_exclusive_group() diff --git a/build/usr/lib/python3.6/lxcbuild/image.py b/build/usr/lib/python3.6/lxcbuild/image.py index d903e63..c07e293 100644 --- a/build/usr/lib/python3.6/lxcbuild/image.py +++ b/build/usr/lib/python3.6/lxcbuild/image.py @@ -3,19 +3,12 @@ import os import sys -from enum import Enum from lxcmgr import lxcmgr -from .imagebuilder import ImageBuilder, ImageExistsError, ImageNotFoundError +from .imagebuilder import BuildType, ImageBuilder, ImageExistsError, ImageNotFoundError from .imagepacker import ImagePacker from .packer import PackageExistsError -class BuildType(Enum): - NORMAL = 1 - FORCE = 2 - SCRATCH = 3 - METADATA = 4 - class Image: def __init__(self): self.name = None diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index ba65188..d368adc 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -5,18 +5,23 @@ import shutil import subprocess import sys +from enum import Enum from lxcmgr import lxcmgr from lxcmgr.paths import LXC_STORAGE_DIR from lxcmgr.pkgmgr import PkgMgr -from .image import BuildType - class ImageExistsError(Exception): pass class ImageNotFoundError(Exception): pass +class BuildType(Enum): + NORMAL = 1 + FORCE = 2 + SCRATCH = 3 + METADATA = 4 + class ImageBuilder: def __init__(self, image): self.image = image @@ -86,6 +91,9 @@ class ImageBuilder: # Set name and first (topmost) layer of the image self.image.name = name self.image.conf['layers'] = [name] + if self.image.build_type == BuildType.METADATA: + # Don't check or create any directories if we're building just metadata + return image_path = self.get_layer_path(name) if os.path.exists(image_path): if self.image.build_type in (BuildType.FORCE, BuildType.SCRATCH): From c71817c2e88793c9f2b99e3c9e3c7c8fbaf45962 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 16:17:20 +0100 Subject: [PATCH 087/228] Don't fail if image dir doesn't exist during build cleanup --- build/usr/lib/python3.6/lxcbuild/imagebuilder.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index d368adc..8d5300b 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -151,7 +151,10 @@ class ImageBuilder: def clean(self): lxcmgr.destroy_container(self.image.name) - shutil.rmtree(self.get_layer_path(self.image.name)) + try: + shutil.rmtree(self.get_layer_path(self.image.name)) + except FileNotFoundError: + pass def unpack_http_archive(src, dst): # Decompress an archive downloaded via http(s) From bdf4a01b3b9ee605372b6023f45f2cf34519e345 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 19:00:03 +0100 Subject: [PATCH 088/228] Create OS user for tomcat directly instead of individual apps using it --- apk/vmmgr | 2 +- build/usr/lib/python3.6/lxcbuild/imagebuilder.py | 3 +-- .../mifosx/lxc/etc/services.d/.s6-svscan/finish | 2 +- .../lxc/etc/services.d/{mifosx => tomcat}/run | 2 +- lxc-apps/mifosx/lxcfile | 8 +++----- lxc-apps/motech/lxcfile | 6 ++---- lxc-apps/opendatakit/opendatakit.lxcfile | 6 ++---- lxc-apps/sigmah/lxcfile | 6 ++---- lxc-shared/alpine3.9-tomcat7/lxcfile | 12 +++++++++--- lxc-shared/alpine3.9-tomcat8.5/lxcfile | 14 ++++++++++---- 10 files changed, 32 insertions(+), 29 deletions(-) rename lxc-apps/mifosx/lxc/etc/services.d/{mifosx => tomcat}/run (76%) diff --git a/apk/vmmgr b/apk/vmmgr index 7c25d22..2d3890f 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 7c25d22d4146033cfb1e0775d06912b5c8f77e73 +Subproject commit 2d3890fd51bdaedb09c3d3742e7a58545f370244 diff --git a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py index 8d5300b..eba6b29 100644 --- a/build/usr/lib/python3.6/lxcbuild/imagebuilder.py +++ b/build/usr/lib/python3.6/lxcbuild/imagebuilder.py @@ -5,7 +5,6 @@ import shutil import subprocess import sys -from enum import Enum from lxcmgr import lxcmgr from lxcmgr.paths import LXC_STORAGE_DIR from lxcmgr.pkgmgr import PkgMgr @@ -16,7 +15,7 @@ class ImageExistsError(Exception): class ImageNotFoundError(Exception): pass -class BuildType(Enum): +class BuildType: NORMAL = 1 FORCE = 2 SCRATCH = 3 diff --git a/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish b/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish index a78e381..8f35248 100755 --- a/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish +++ b/lxc-apps/mifosx/lxc/etc/services.d/.s6-svscan/finish @@ -1,3 +1,3 @@ #!/bin/execlineb -P -foreground { s6-svwait -d -t 3000 mifosx } +foreground { s6-svwait -d -t 3000 tomcat } diff --git a/lxc-apps/mifosx/lxc/etc/services.d/mifosx/run b/lxc-apps/mifosx/lxc/etc/services.d/tomcat/run similarity index 76% rename from lxc-apps/mifosx/lxc/etc/services.d/mifosx/run rename to lxc-apps/mifosx/lxc/etc/services.d/tomcat/run index 62728af..35cee30 100755 --- a/lxc-apps/mifosx/lxc/etc/services.d/mifosx/run +++ b/lxc-apps/mifosx/lxc/etc/services.d/tomcat/run @@ -2,5 +2,5 @@ cd /srv/tomcat fdmove -c 2 1 -s6-setuidgid mifosx +s6-setuidgid tomcat catalina.sh run diff --git a/lxc-apps/mifosx/lxcfile b/lxc-apps/mifosx/lxcfile index ed41b0d..4923bbb 100644 --- a/lxc-apps/mifosx/lxcfile +++ b/lxc-apps/mifosx/lxcfile @@ -16,11 +16,6 @@ RUN EOF # Download Java library dependencies wget http://central.maven.org/maven2/org/drizzle/jdbc/drizzle-jdbc/1.4/drizzle-jdbc-1.4.jar -O /srv/tomcat/lib/drizzle-jdbc-1.4.jar - # Create OS user - addgroup -S -g 8080 mifosx - adduser -S -u 8080 -h /srv/tomcat -s /bin/false -g mifosx -G mifosx mifosx - chown -R mifosx:mifosx /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work - # Cleanup apk --no-cache del wget rm -rf /tmp/fineractplatform-18.03.01.RELEASE /tmp/mifosx.zip @@ -35,6 +30,9 @@ RUN EOF cd /srv/tomcat/webapps/ROOT/scripts/ patch -p0 Date: Sat, 30 Nov 2019 19:05:14 +0100 Subject: [PATCH 089/228] Add logrotate to basic setup --- build/build-all.sh | 2 +- vm.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/build-all.sh b/build/build-all.sh index a3bfdc4..e2f9d15 100755 --- a/build/build-all.sh +++ b/build/build-all.sh @@ -27,7 +27,7 @@ cd ${ROOT}/apk/proj4 abuild -F cd ${ROOT}/apk/rabbitmq-server -apk add -U elixir erlang-compiler erlang-dev erlang-edoc erlang-eldap erlang-erl-docgen erlang-mnesia erlang-os-mon erlang-runtime-tools erlang-tools erlang-xmerl gawk grep libxslt logrotate py2-simplejson python2 rsync socat xmlto zip +apk add -U elixir erlang-compiler erlang-dev erlang-edoc erlang-eldap erlang-erl-docgen erlang-mnesia erlang-os-mon erlang-runtime-tools erlang-tools erlang-xmerl gawk grep libxslt py2-simplejson python2 rsync socat xmlto zip abuild -F cd ${ROOT}/apk/postgis diff --git a/vm.sh b/vm.sh index 8c1faa8..be71927 100755 --- a/vm.sh +++ b/vm.sh @@ -88,7 +88,7 @@ chroot /mnt setup-timezone -z Europe/Prague apk --no-cache add apache2-utils gettext wget https://repo.spotter.cz/vm.tar -O - | tar xf - -C /mnt envsubst /mnt/boot/extlinux.conf -chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt@vm wireguard-tools-wg@vm acme-sh@vm vmmgr@vm +chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl logrotate lxc postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt@vm wireguard-tools-wg@vm acme-sh@vm vmmgr@vm chroot /mnt newaliases mkdir -p /mnt/var/log/lxc for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix swap urandom vmmgr; do From 22d10b5a695db19cb95c937a6212bc0733b3343c Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 21:51:54 +0100 Subject: [PATCH 090/228] Reflect recent change in CKAN python requirements --- lxc-apps/ckan/ckan.lxcfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/ckan/ckan.lxcfile b/lxc-apps/ckan/ckan.lxcfile index 6d120b0..954386d 100644 --- a/lxc-apps/ckan/ckan.lxcfile +++ b/lxc-apps/ckan/ckan.lxcfile @@ -17,7 +17,7 @@ RUN EOF pip install -U setuptools pip install flask-debugtoolbar pip install -e 'git+https://github.com/ckan/ckan.git#egg=ckan' - pip install -r /srv/ckan/src/ckan/requirements.txt + pip install -r /srv/ckan/src/ckan/requirements-py2.txt # Install CKAN extensions pip install -e 'git+https://github.com/ckan/ckanext-basiccharts#egg=ckanext_basiccharts' From a7a4004f53c7c9dad2dd84ca392502456288b82e Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 22:11:38 +0100 Subject: [PATCH 091/228] Introduce lxc- prefix for services --- apk/vmmgr | 2 +- lxc-apps/ckan/install.sh | 16 ++++++++-------- lxc-apps/crisiscleanup/install.sh | 4 ++-- lxc-apps/cts/install.sh | 4 ++-- lxc-apps/decidim/install.sh | 4 ++-- lxc-apps/ecogis/install.sh | 4 ++-- lxc-apps/gnuhealth/install.sh | 4 ++-- lxc-apps/kanboard/install.sh | 4 ++-- lxc-apps/mifosx/install.sh | 4 ++-- lxc-apps/motech/install.sh | 12 ++++++------ lxc-apps/odoo/install.sh | 4 ++-- lxc-apps/opendatakit/install.sh | 8 ++++---- lxc-apps/pandora/install.sh | 8 ++++---- lxc-apps/sahana-demo/install.sh | 4 ++-- lxc-apps/sahana/install.sh | 4 ++-- lxc-apps/sambro/install.sh | 4 ++-- lxc-apps/seeddms/install.sh | 4 ++-- lxc-apps/sigmah/install.sh | 4 ++-- lxc-apps/ushahidi/install.sh | 4 ++-- 19 files changed, 51 insertions(+), 51 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index 2d3890f..539a616 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 2d3890fd51bdaedb09c3d3742e7a58545f370244 +Subproject commit 539a61662de6278f7841c7e9b86d9d17d5e5b492 diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index a5c2b22..d831e6d 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -14,7 +14,7 @@ cp postgres_data/pg_hba.conf /srv/ckan/postgres_data/pg_hba.conf # Create database export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -service ckan-postgres start +service lxc-ckan-postgres start envsubst /srv/ckan/solr_data/solr.xml chown -R 108983:108983 /srv/ckan/solr_data -service ckan-solr start +service lxc-ckan-solr start # Configure CKAN Solr core lxc-attach -u 8983 -g 8983 ckan-solr -- solr create -p 8983 -c ckan -service ckan-solr stop +service lxc-ckan-solr stop cp solr_data/ckan/conf/schema.xml /srv/ckan/solr_data/ckan/conf/schema.xml cp solr_data/ckan/conf/solrconfig.xml /srv/ckan/solr_data/ckan/conf/solrconfig.xml chown -R 108983:108983 /srv/ckan/solr_data -service ckan-solr start +service lxc-ckan-solr start # Configure CKAN DataPusher mkdir -p /srv/ckan/datapusher_conf /srv/ckan/datapusher_data @@ -72,9 +72,9 @@ envsubst /srv/ecogis/conf/config.php chown -R 108080:108080 /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data # Stop services required for setup -service ecogis-postgres stop +service lxc-ecogis-postgres stop # Register application vmmgr register-app ecogis ecogis diff --git a/lxc-apps/gnuhealth/install.sh b/lxc-apps/gnuhealth/install.sh index dd58030..6d10a17 100755 --- a/lxc-apps/gnuhealth/install.sh +++ b/lxc-apps/gnuhealth/install.sh @@ -13,7 +13,7 @@ cp postgres_data/pg_hba.conf /srv/gnuhealth/postgres_data/pg_hba.conf # Create databases export GNUHEALTH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') -service gnuhealth-postgres start +service lxc-gnuhealth-postgres start envsubst Date: Sat, 30 Nov 2019 22:12:15 +0100 Subject: [PATCH 092/228] Add clean-all build script --- build/clean-all.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100755 build/clean-all.sh diff --git a/build/clean-all.sh b/build/clean-all.sh new file mode 100755 index 0000000..242888a --- /dev/null +++ b/build/clean-all.sh @@ -0,0 +1,58 @@ +#!/bin/sh +set -ev + +# Clean documentation +rm -rf /srv/build/doc/* + +# Clean basic tar +rm -f /srv/build/vm.tar + +# Clean native apps +rm -rf /srv/build/alpine/* + +# Clean built LXC packages +rm -rf /srv/build/lxc/apps/* +rm -rf /srv/build/lxc/images/* +rm -f /srv/build/lxc/packages.sig +echo '{"apps":{},"images":{}}' >/srv/build/lxc/packages + +# Stop running containers +for SERVICE in $(ls -1 /run/openrc/started/lxc-*); do + service ${SERVICE} stop +done + +# Remove services +rm -f /etc/init.d/lxc-* +rc-update -u + +# Remove containers +rm -rf /var/lib/lxc/* + +# Remove application data +for DIR in $(ls -1 /srv | grep -v ^build$); do + rm -rf /srv/${DIR} +done + +# Remove nginx configs +for FILE in $(ls -1 /etc/nginx/conf.d | grep -Ev ^(apkrepo|default).conf$); do + rm -f /etc/nginx/conf.d/${FILE} +done +service nginx reload + +# Reset /etc/hosts +cat </etc/hosts +127.0.0.1 localhost +::1 localhost +172.17.0.1 host +172.17.0.1 repo.spotter.cz +EOF + +# Reset vmmgr config +export ADMINPWD=$(python3 -c "import json; f = open('/etc/vmmgr/config.json'); j = json.load(f); print(j['host']['adminpwd'])") +envsubst /etc/vmmgr/config.json + +# Clean locally installed LXC packages +rm -rf /var/lib/lxcmgr/storage/* +rm -rf /var/lib/lxcmgr/cache/apps/* +rm -rf /var/lib/lxcmgr/cache/images/* +echo '{"apps":{},"images":{}}' >/var/lib/lxcmgr/packages From 515672c170624c2ac1b3649d3a5cc8964a9a91da Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 30 Nov 2019 22:51:42 +0100 Subject: [PATCH 093/228] Update CKAN conf files to 2.9 --- .../ckan/ckan-datapusher.lxc/bin/add-ca-cert | 0 lxc-apps/ckan/install/ckan_conf/ckan.ini | 21 ++++++++++++------- lxc-apps/ckan/install/ckan_conf/who.ini | 9 ++------ 3 files changed, 16 insertions(+), 14 deletions(-) mode change 100644 => 100755 lxc-apps/ckan/ckan-datapusher.lxc/bin/add-ca-cert diff --git a/lxc-apps/ckan/ckan-datapusher.lxc/bin/add-ca-cert b/lxc-apps/ckan/ckan-datapusher.lxc/bin/add-ca-cert old mode 100644 new mode 100755 diff --git a/lxc-apps/ckan/install/ckan_conf/ckan.ini b/lxc-apps/ckan/install/ckan_conf/ckan.ini index ade7343..69a4c5b 100644 --- a/lxc-apps/ckan/install/ckan_conf/ckan.ini +++ b/lxc-apps/ckan/install/ckan_conf/ckan.ini @@ -13,8 +13,9 @@ [DEFAULT] -# WARNING: *THIS SETTING MUST BE SET TO FALSE ON A PRODUCTION ENVIRONMENT* -debug = true +# WARNING: *THIS SETTING MUST BE SET TO FALSE ON A PUBLIC ENVIRONMENT* +# With debug mode enabled, a visitor to your site could execute malicious commands. +debug = false [server:main] use = egg:Paste#http @@ -54,6 +55,7 @@ ckan.datastore.read_url = postgresql://ckan_datastore:${CKAN_DS_PWD}@ckan-postgr ckan.datastore.default_fts_lang = english ckan.datastore.default_fts_index_method = gist + ## Site Settings ckan.site_url = https://ckan.spotter.vm @@ -71,6 +73,8 @@ ckan.auth.user_delete_organizations = false ckan.auth.create_user_via_api = false ckan.auth.create_user_via_web = true ckan.auth.roles_that_cascade_to_sub_groups = admin +ckan.auth.public_user_details = true +ckan.auth.public_activity_stream_detail = true ## Search Settings @@ -130,10 +134,6 @@ ckan.datasetthumbnail.auto_generate = true ## Front-End Settings -# Uncomment following configuration to enable using of Bootstrap 2 -#ckan.base_public_folder = public-bs2 -#ckan.base_templates_folder = templates-bs2 - ckan.site_title = CKAN ckan.site_logo = /base/images/ckan-logo.png ckan.site_description = @@ -146,7 +146,6 @@ ckan.display_timezone = server # package_hide_extras = for_search_index_only #package_edit_return_url = http://another.frontend/dataset/ #package_new_return_url = http://another.frontend/dataset/ -#ckan.recaptcha.version = 1 #ckan.recaptcha.publickey = #ckan.recaptcha.privatekey = #licenses_group_url = http://licenses.opendefinition.org/licenses/groups/ckan.json @@ -172,6 +171,11 @@ ckan.storage_path = /srv/ckan/storage ckan.max_resource_size = 100 ckan.max_image_size = 10 +## Webassets Settings +#ckan.webassets.use_x_sendfile = false +#ckan.webassets.path = /var/lib/ckan/webassets + + ## Datapusher settings # Make sure you have set up the DataStore @@ -204,7 +208,10 @@ smtp.starttls = False #smtp.user = username@example.com #smtp.password = your_password smtp.mail_from = admin@example.com +#smtp.reply_to = +## Background Job Settings +ckan.jobs.timeout = 180 ## Logging configuration [loggers] diff --git a/lxc-apps/ckan/install/ckan_conf/who.ini b/lxc-apps/ckan/install/ckan_conf/who.ini index 885a497..eb2a5a5 100644 --- a/lxc-apps/ckan/install/ckan_conf/who.ini +++ b/lxc-apps/ckan/install/ckan_conf/who.ini @@ -1,10 +1,10 @@ [plugin:auth_tkt] -use = ckan.lib.auth_tkt:make_plugin +use = ckan.lib.repoze_plugins.auth_tkt:make_plugin # If no secret key is defined here, beaker.session.secret will be used #secret = somesecret [plugin:friendlyform] -use = repoze.who.plugins.friendlyform:FriendlyFormPlugin +use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin login_form_url= /user/login login_handler_path = /login_generic logout_handler_path = /user/logout @@ -13,10 +13,6 @@ post_login_url = /user/logged_in post_logout_url = /user/logged_out charset = utf-8 -#[plugin:basicauth] -#use = repoze.who.plugins.basicauth:make_plugin -#realm = 'CKAN' - [general] request_classifier = repoze.who.classifiers:default_request_classifier challenge_decider = repoze.who.classifiers:default_challenge_decider @@ -34,4 +30,3 @@ plugins = [challengers] plugins = friendlyform;browser -# basicauth From d94db1941019ef9633e384c81266edb69fb17ca4 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 1 Dec 2019 14:46:45 +0100 Subject: [PATCH 094/228] Fix CrisisCleanup admin user creation --- lxc-apps/crisiscleanup/install.sh | 3 +-- lxc-apps/crisiscleanup/install/adminpwd.rb | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 lxc-apps/crisiscleanup/install/adminpwd.rb diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh index d335deb..4419f82 100755 --- a/lxc-apps/crisiscleanup/install.sh +++ b/lxc-apps/crisiscleanup/install.sh @@ -31,9 +31,8 @@ cp cc_conf/initializers/devise.rb /srv/crisiscleanup/cc_conf/initializers/devise cp cc_conf/environments/production.rb /srv/crisiscleanup/cc_conf/environments/production.rb # Populate database -#envsubst /var/lib/lxc/crisiscleanup/crisiscleanup/srv/crisiscleanup/db/seeds.rb # TODO bud volat User.create! zvlast nebo vyresit jinak lxc-execute crisiscleanup -- rake db:schema:load -lxc-execute crisiscleanup -- rake db:seed +envsubst Date: Sat, 7 Dec 2019 15:52:09 +0100 Subject: [PATCH 095/228] Use lxchelper extract where appropriate --- apk/vmmgr | 2 +- lxc-apps/ckan/install.sh | 2 +- lxc-apps/crisiscleanup/install.sh | 4 +--- lxc-apps/cts/install.sh | 4 +--- lxc-apps/decidim/install.sh | 4 +--- lxc-apps/openmapkit/install.sh | 8 +++++--- lxc-apps/pandora/install.sh | 7 +------ lxc-apps/sahana-demo/install.sh | 8 ++++---- lxc-apps/sahana/install.sh | 6 +++--- lxc-apps/sambro/install.sh | 8 ++++---- lxc-apps/seeddms/install.sh | 7 ++----- lxc-apps/sigmah/install.sh | 28 ++++++++++++---------------- 12 files changed, 36 insertions(+), 52 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index 539a616..7794ada 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 539a61662de6278f7841c7e9b86d9d17d5e5b492 +Subproject commit 7794ada45e02d5f5ee698765ddb1a1bb6154bee2 diff --git a/lxc-apps/ckan/install.sh b/lxc-apps/ckan/install.sh index d831e6d..ce620bc 100755 --- a/lxc-apps/ckan/install.sh +++ b/lxc-apps/ckan/install.sh @@ -26,7 +26,7 @@ service lxc-ckan-redis start # Configure Solr mkdir -p /srv/ckan/solr_data -lxc-execute ckan-solr -- cat /opt/solr/server/solr/solr.xml >/srv/ckan/solr_data/solr.xml +lxchelper extract ckan-solr /opt/solr/server/solr/solr.xml /srv/ckan/solr_data/solr.xml chown -R 108983:108983 /srv/ckan/solr_data service lxc-ckan-solr start diff --git a/lxc-apps/crisiscleanup/install.sh b/lxc-apps/crisiscleanup/install.sh index 4419f82..c94929d 100755 --- a/lxc-apps/crisiscleanup/install.sh +++ b/lxc-apps/crisiscleanup/install.sh @@ -17,9 +17,7 @@ service lxc-crisiscleanup-postgres start envsubst /srv/openmapkit/omk_conf/settings.js +# Copy existing files into persistent storage +lxchelper extract openmapkit /srv/openmapkit/data /srv/openmapkit/omk_data + # Register application vmmgr register-app openmapkit omk "${OPENMAPKIT_ADMIN_USER}" "${OPENMAPKIT_ADMIN_PWD}" diff --git a/lxc-apps/pandora/install.sh b/lxc-apps/pandora/install.sh index b27dc9c..680a0e1 100755 --- a/lxc-apps/pandora/install.sh +++ b/lxc-apps/pandora/install.sh @@ -30,12 +30,7 @@ lxc-attach pandora-rabbitmq -- rabbitmqctl set_permissions -p /pandora pandora " # Configure Pandora mkdir -p /srv/pandora/pandora_conf /srv/pandora/pandora_data chown 108080:108080 /srv/pandora/pandora_data -# Copy customized configuration if VANILLA environment variable is not set, else use the default pandora config -if [ ${VANILLA:-0} -eq 0 ]; then - cp pandora_conf/config.jsonc /srv/pandora/pandora_conf/config.jsonc -else - lxc-execute pandora -- cat /srv/pandora/pandora/config.pandora.jsonc >/srv/pandora/pandora_conf/config.jsonc -fi +cp pandora_conf/config.jsonc /srv/pandora/pandora_conf/config.jsonc cp pandora_conf/gunicorn_config.py /srv/pandora/pandora_conf/gunicorn_config.py envsubst /srv/pandora/pandora_conf/local_settings.py chown -R 108080:108080 /srv/pandora/pandora_conf diff --git a/lxc-apps/sahana-demo/install.sh b/lxc-apps/sahana-demo/install.sh index 7329cf0..fc53d9e 100755 --- a/lxc-apps/sahana-demo/install.sh +++ b/lxc-apps/sahana-demo/install.sh @@ -17,10 +17,10 @@ service lxc-sahana-demo-postgres start envsubst /srv/seeddms/seeddms_conf/settings.xml diff --git a/lxc-apps/sigmah/install.sh b/lxc-apps/sigmah/install.sh index ac0b029..396d3fc 100755 --- a/lxc-apps/sigmah/install.sh +++ b/lxc-apps/sigmah/install.sh @@ -22,26 +22,24 @@ chown -R 108080:108080 /srv/sigmah/sigmah_data envsubst /srv/sigmah/sigmah_conf/persistence.xml cp sigmah_conf/sigmah.properties /srv/sigmah/sigmah_conf/sigmah.properties chown -R 108080:108080 /srv/sigmah/sigmah_conf -lxc-execute sigmah -- cat /srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png >/srv/sigmah/sigmah_data/files/logo.png +lxchelper extract sigmah /srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/sigmah_data/files/logo.png # Populate database -lxc-execute sigmah -- cat /srv/sigmah-MinimumDataKit.sql >/tmp/sigmah-MinimumDataKit.sql -lxc-execute sigmah -- cat /srv/sigmah-newOrganizationLaunchScript.sql >/tmp/sigmah-newOrganizationLaunchScript.sql export SIGMAH_ADMIN_USER=Admin export SIGMAH_ADMIN_EMAIL=admin@example.com export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export SIGMAH_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${SIGMAH_ADMIN_PWD}'.encode(), bcrypt.gensalt(prefix=b'2a')).decode())") -sed -i "s|§OrganizationName§|Demo organization|g" /tmp/sigmah-newOrganizationLaunchScript.sql -sed -i "s|§OrganizationLogoFilename§|logo.png|g" /tmp/sigmah-newOrganizationLaunchScript.sql -sed -i "s|§HeadquartersCountryCode§|CZ|g" /tmp/sigmah-newOrganizationLaunchScript.sql -sed -i "s|§UserEmail§|${SIGMAH_ADMIN_EMAIL}|g" /tmp/sigmah-newOrganizationLaunchScript.sql -sed -i "s|§UserName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql -sed -i "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql -sed -i "s|§UserLocale§|en|g" /tmp/sigmah-newOrganizationLaunchScript.sql -sed -i "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" /tmp/sigmah-newOrganizationLaunchScript.sql -cat /tmp/sigmah-MinimumDataKit.sql | lxc-attach sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" -cat /tmp/sigmah-newOrganizationLaunchScript.sql | lxc-attach sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" -rm -f /tmp/sigmah-MinimumDataKit.sql /tmp/sigmah-newOrganizationLaunchScript.sql +lxc-execute sigmah -- cat /srv/sigmah-MinimumDataKit.sql | lxc-attach sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" +lxc-execute sigmah -- cat /srv/sigmah-newOrganizationLaunchScript.sql | \ + sed -e "s|§OrganizationName§|Demo organization|g" \ + -e "s|§OrganizationLogoFilename§|logo.png|g" \ + -e "s|§HeadquartersCountryCode§|CZ|g" \ + -e "s|§UserEmail§|${SIGMAH_ADMIN_EMAIL}|g" \ + -e "s|§UserName§|${SIGMAH_ADMIN_USER}|g" \ + -e "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" \ + -e "s|§UserLocale§|en|g" \ + -e "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" \ + | lxc-attach sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah" # Install config update script cp update-conf.sh /srv/sigmah/update-conf.sh @@ -51,5 +49,3 @@ service lxc-sigmah-postgres stop # Register application vmmgr register-app sigmah sigmah "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}" - -# TODO: SQL skripty jako soucast installu? From f2176428bc2d262fae385630d58564b56f610c9b Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 7 Dec 2019 16:29:41 +0100 Subject: [PATCH 096/228] Use find in clean-all instead of ls --- build/clean-all.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/build/clean-all.sh b/build/clean-all.sh index 242888a..3980029 100755 --- a/build/clean-all.sh +++ b/build/clean-all.sh @@ -17,8 +17,8 @@ rm -f /srv/build/lxc/packages.sig echo '{"apps":{},"images":{}}' >/srv/build/lxc/packages # Stop running containers -for SERVICE in $(ls -1 /run/openrc/started/lxc-*); do - service ${SERVICE} stop +for SERVICE in $(find /run/openrc/started -name 'lxc-*'); do + service $(basename ${SERVICE}) stop done # Remove services @@ -29,13 +29,13 @@ rc-update -u rm -rf /var/lib/lxc/* # Remove application data -for DIR in $(ls -1 /srv | grep -v ^build$); do - rm -rf /srv/${DIR} +for DIR in $(find /srv ! -path /srv/build -maxdepth 1 -mindepth 1); do + rm -rf ${DIR} done # Remove nginx configs -for FILE in $(ls -1 /etc/nginx/conf.d | grep -Ev ^(apkrepo|default).conf$); do - rm -f /etc/nginx/conf.d/${FILE} +for CONF in $(find /etc/nginx/conf.d -name '*.conf' -a ! -name apkrepo.conf -a ! -name default.conf); do + rm -f ${CONF} done service nginx reload From a2605594d349ceff590794cb31350f97ebfe3c2a Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sat, 7 Dec 2019 19:46:22 +0100 Subject: [PATCH 097/228] Fix Decidim meta file --- apk/vmmgr | 2 +- lxc-apps/decidim/meta | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index 7794ada..ca10263 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 7794ada45e02d5f5ee698765ddb1a1bb6154bee2 +Subproject commit ca10263696d9488ee384430b2e2a0bc55e877b77 diff --git a/lxc-apps/decidim/meta b/lxc-apps/decidim/meta index d4b2006..c544bc9 100644 --- a/lxc-apps/decidim/meta +++ b/lxc-apps/decidim/meta @@ -13,8 +13,8 @@ "decidim-postgres" ], "mounts": [ - ["DIR", "/srv/decidim/decidim_conf", "/srv/decidim-app/config"] - ["DIR", "/srv/decidim/decidim_data/storage", "/srv/decidim-app/storage"] + ["DIR", "/srv/decidim/decidim_conf", "/srv/decidim-app/config"], + ["DIR", "/srv/decidim/decidim_data/storage", "/srv/decidim-app/storage"], ["DIR", "/srv/decidim/decidim_data/uploads", "/srv/decidim-app/public/uploads"] ] }, From 0351abcb921460dfbbf2dc166be354e127a82377 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 8 Dec 2019 14:54:00 +0100 Subject: [PATCH 098/228] Rename apkrepo.conf to repo.conf --- build/clean-all.sh | 5 ++++- build/etc/nginx/conf.d/{apkrepo.conf => repo.conf} | 0 2 files changed, 4 insertions(+), 1 deletion(-) rename build/etc/nginx/conf.d/{apkrepo.conf => repo.conf} (100%) diff --git a/build/clean-all.sh b/build/clean-all.sh index 3980029..95a8421 100755 --- a/build/clean-all.sh +++ b/build/clean-all.sh @@ -34,7 +34,7 @@ for DIR in $(find /srv ! -path /srv/build -maxdepth 1 -mindepth 1); do done # Remove nginx configs -for CONF in $(find /etc/nginx/conf.d -name '*.conf' -a ! -name apkrepo.conf -a ! -name default.conf); do +for CONF in $(find /etc/nginx/conf.d -name '*.conf' -a ! -name repo.conf -a ! -name default.conf); do rm -f ${CONF} done service nginx reload @@ -51,6 +51,9 @@ EOF export ADMINPWD=$(python3 -c "import json; f = open('/etc/vmmgr/config.json'); j = json.load(f); print(j['host']['adminpwd'])") envsubst /etc/vmmgr/config.json +# Reset lxcmgr config +echo '{"url":"https://repo.spotter.cz/lxc","user":"","pwd":""}' >/etc/lxcmgr/repo.json + # Clean locally installed LXC packages rm -rf /var/lib/lxcmgr/storage/* rm -rf /var/lib/lxcmgr/cache/apps/* diff --git a/build/etc/nginx/conf.d/apkrepo.conf b/build/etc/nginx/conf.d/repo.conf similarity index 100% rename from build/etc/nginx/conf.d/apkrepo.conf rename to build/etc/nginx/conf.d/repo.conf From 9532bc7405b4f4172935206fbd2e84d9269d1a0e Mon Sep 17 00:00:00 2001 From: Disassembler Date: Mon, 9 Dec 2019 21:41:04 +0100 Subject: [PATCH 099/228] Use repo.build.vm as local build host --- apk/vmmgr | 2 +- build/clean-all.sh | 5 +- build/etc/nginx/conf.d/repo.conf | 2 +- build/install-toolchain.sh | 5 +- build/usr/bin/lxcbuild | 102 +++++++++--------- doc/toolchain/vm-creation.md | 4 +- lxc-shared/alpine3.9/lxc/etc/apk/repositories | 2 +- vm/etc/apk/repositories | 2 +- 8 files changed, 63 insertions(+), 61 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index ca10263..ad1bfc8 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit ca10263696d9488ee384430b2e2a0bc55e877b77 +Subproject commit ad1bfc8860b84148794f26c437a42b932087495f diff --git a/build/clean-all.sh b/build/clean-all.sh index 95a8421..2918709 100755 --- a/build/clean-all.sh +++ b/build/clean-all.sh @@ -44,16 +44,13 @@ cat </etc/hosts 127.0.0.1 localhost ::1 localhost 172.17.0.1 host -172.17.0.1 repo.spotter.cz +172.17.0.1 repo.build.vm EOF # Reset vmmgr config export ADMINPWD=$(python3 -c "import json; f = open('/etc/vmmgr/config.json'); j = json.load(f); print(j['host']['adminpwd'])") envsubst /etc/vmmgr/config.json -# Reset lxcmgr config -echo '{"url":"https://repo.spotter.cz/lxc","user":"","pwd":""}' >/etc/lxcmgr/repo.json - # Clean locally installed LXC packages rm -rf /var/lib/lxcmgr/storage/* rm -rf /var/lib/lxcmgr/cache/apps/* diff --git a/build/etc/nginx/conf.d/repo.conf b/build/etc/nginx/conf.d/repo.conf index 1b91492..40e81ea 100644 --- a/build/etc/nginx/conf.d/repo.conf +++ b/build/etc/nginx/conf.d/repo.conf @@ -1,6 +1,6 @@ server { listen [::]:80; - server_name repo.spotter.cz; + server_name repo.build.vm; location / { root /srv/build; diff --git a/build/install-toolchain.sh b/build/install-toolchain.sh index 7bf2762..2e4390f 100755 --- a/build/install-toolchain.sh +++ b/build/install-toolchain.sh @@ -28,9 +28,12 @@ mkdir -p /srv/build/lxc/apps /srv/build/lxc/images # Prepare local APK repository cp etc/nginx/conf.d/apkrepo.conf /etc/nginx/conf.d/apkrepo.conf -echo "172.17.0.1 repo.spotter.cz" >>/etc/hosts +echo "172.17.0.1 repo.build.vm" >>/etc/hosts service nginx reload +# Change LXCMgr repository +echo '{"url":"http://repo.build.vm/lxc","user":"","pwd":""}' >/etc/lxcmgr/repo.json + # Supply abuild key # echo '/srv/build/repokey.rsa' | abuild-keygen diff --git a/build/usr/bin/lxcbuild b/build/usr/bin/lxcbuild index 06b00e1..114ca1f 100755 --- a/build/usr/bin/lxcbuild +++ b/build/usr/bin/lxcbuild @@ -8,19 +8,6 @@ from lxcbuild.app import App from lxcbuild.image import Image from lxcbuild.imagebuilder import BuildType -parser = argparse.ArgumentParser(description='VM application builder and packager') -group = parser.add_mutually_exclusive_group() -group.add_argument('-f', '--force', action='store_true', help='Force rebuild already built package') -group.add_argument('-s', '--scratch', action='store_true', help='Build container for testing purposes, i.e. without cleanup on failure and packaging') -group.add_argument('-r', '--remove-image', action='store_true', help='Delete image (including scratch) from build repository') -group.add_argument('-e', '--remove-app', action='store_true', help='Delete application from build repository') -parser.add_argument('buildarg', help='Either specific "lxcfile" or "meta" file or a directory containing at least one of them') - -if len(sys.argv) < 2: - parser.print_usage() - sys.exit(1) -args = parser.parse_args() - def build_and_pack_image(path, args): image = Image() if args.scratch: @@ -33,45 +20,60 @@ def pack_app(path): app = App() app.pack(path) -if args.remove_image: - image = Image() - image.name = args.buildarg - image.remove() -elif args.remove_app: - app = App() - app.name = args.buildarg - app.remove() -else: - buildpath = os.path.realpath(args.buildarg) - # If the buildpath is a file, determine type from filename - if os.path.isfile(buildpath): - basename = os.path.basename(buildpath) - if basename == 'lxcfile' or basename.endswith('.lxcfile'): - build_and_pack_image(buildpath, args) - # Compose files needs to be ignored when performing scratch builds - elif not args.scratch and basename == 'meta': - pack_app(buildpath) - else: - print('Unknown file {} given, expected "lxcfile"{}'.format(buildpath, '' if args.scratch else ' or "meta"')) - sys.exit(1) - # If the buildpath is a directory, build as much as possible, unless scratch build was requested, in which case don't build anything +def main(args): + if args.remove_image: + image = Image() + image.name = args.buildarg + image.remove() + elif args.remove_app: + app = App() + app.name = args.buildarg + app.remove() else: - if args.scratch: - lxcfile = os.path.join(buildpath, 'lxcfile') - if os.path.exists(lxcfile): - build_and_pack_image(lxcfile, args) + buildpath = os.path.realpath(args.buildarg) + # If the buildpath is a file, determine type from filename + if os.path.isfile(buildpath): + basename = os.path.basename(buildpath) + if basename == 'lxcfile' or basename.endswith('.lxcfile'): + build_and_pack_image(buildpath, args) + # Compose files needs to be ignored when performing scratch builds + elif not args.scratch and basename == 'meta': + pack_app(buildpath) else: - print('Please specify an lxcfile for scratch build') + print('Unknown file {} given, expected "lxcfile"{}'.format(buildpath, '' if args.scratch else ' or "meta"')) sys.exit(1) + # If the buildpath is a directory, build as much as possible, unless scratch build was requested, in which case don't build anything else: - valid_dir = False - for entry in os.scandir(buildpath): - if entry.is_file() and (entry.name == 'lxcfile' or entry.name.endswith('.lxcfile')): + if args.scratch: + lxcfile = os.path.join(buildpath, 'lxcfile') + if os.path.exists(lxcfile): + build_and_pack_image(lxcfile, args) + else: + print('Please specify an lxcfile for scratch build') + sys.exit(1) + else: + valid_dir = False + for entry in os.scandir(buildpath): + if entry.is_file() and (entry.name == 'lxcfile' or entry.name.endswith('.lxcfile')): + valid_dir = True + build_and_pack_image(entry.path, args) + meta = os.path.join(buildpath, 'meta') + if os.path.exists(meta): valid_dir = True - build_and_pack_image(entry.path, args) - meta = os.path.join(buildpath, 'meta') - if os.path.exists(meta): - valid_dir = True - pack_app(meta) - if not valid_dir: - print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) + pack_app(meta) + if not valid_dir: + print('Directory {} doesn\'t contain anything to build, skipping'.format(buildpath)) + +parser = argparse.ArgumentParser(description='VM application builder and packager') +group = parser.add_mutually_exclusive_group() +group.add_argument('-f', '--force', action='store_true', help='Force rebuild already built package') +group.add_argument('-s', '--scratch', action='store_true', help='Build container for testing purposes, i.e. without cleanup on failure and packaging') +group.add_argument('-r', '--remove-image', action='store_true', help='Delete image (including scratch) from build repository') +group.add_argument('-e', '--remove-app', action='store_true', help='Delete application from build repository') +parser.add_argument('buildarg', help='Either specific "lxcfile" or "meta" file or a directory containing at least one of them') + +args = parser.parse_args() +if hasattr(args, 'buildarg'): + main(args) +else: + parser.print_usage() diff --git a/doc/toolchain/vm-creation.md b/doc/toolchain/vm-creation.md index 1dca777..e9130c4 100644 --- a/doc/toolchain/vm-creation.md +++ b/doc/toolchain/vm-creation.md @@ -19,8 +19,8 @@ Download **Alpine Virtual 3.9.0 x86_64** from Date: Mon, 9 Dec 2019 22:28:11 +0100 Subject: [PATCH 100/228] Reorder KanBoard install script --- apk/vmmgr | 2 +- lxc-apps/kanboard/install.sh | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index ad1bfc8..e867ee7 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit ad1bfc8860b84148794f26c437a42b932087495f +Subproject commit e867ee7e64183b9391a68aeea8d1f9b0023d27be diff --git a/lxc-apps/kanboard/install.sh b/lxc-apps/kanboard/install.sh index c4c181a..8a237f6 100755 --- a/lxc-apps/kanboard/install.sh +++ b/lxc-apps/kanboard/install.sh @@ -11,16 +11,18 @@ lxc-execute -n kanboard-postgres -- initdb -D /var/lib/postgresql cp postgres_data/postgresql.conf /srv/kanboard/postgres_data/postgresql.conf cp postgres_data/pg_hba.conf /srv/kanboard/postgres_data/pg_hba.conf +# Configure Kanboard +mkdir -p /srv/kanboard/kanboard_conf /srv/kanboard/kanboard_data +chown -R 108080:108080 /srv/kanboard/kanboard_data +envsubst /srv/kanboard/kanboard_conf/config.php + # Populate database export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') service lxc-kanboard-postgres start envsubst /srv/kanboard/kanboard_conf/config.php +# Create admin account export KANBOARD_ADMIN_USER=admin export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') export KANBOARD_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${KANBOARD_ADMIN_PWD}'.encode(), bcrypt.gensalt()).decode().replace('2b', '2y'))") From 376a0f87ef9e45c53a03d6f8007f66bb80f50c09 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 10 Dec 2019 08:38:51 +0100 Subject: [PATCH 101/228] Fix Ecogis directory names --- apk/vmmgr | 2 +- lxc-apps/ecogis/install.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index e867ee7..119636f 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit e867ee7e64183b9391a68aeea8d1f9b0023d27be +Subproject commit 119636f94ee6ca1c17bb9e9ffb6e924e79f8d476 diff --git a/lxc-apps/ecogis/install.sh b/lxc-apps/ecogis/install.sh index 92d5774..791ee92 100755 --- a/lxc-apps/ecogis/install.sh +++ b/lxc-apps/ecogis/install.sh @@ -18,7 +18,7 @@ envsubst /srv/ecogis/conf/config.php +envsubst /srv/ecogis/ecogis_conf/config.php chown -R 108080:108080 /srv/ecogis/ecogis_conf /srv/ecogis/ecogis_data # Stop services required for setup From ed997ab4176b992c1a9c7997bdeb9a5988be1a06 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 10 Dec 2019 11:22:46 +0100 Subject: [PATCH 102/228] Fix Motech install --- lxc-apps/motech/install.sh | 7 +++--- .../motech/install/activemq_conf/activemq.xml | 25 +++++++++++++++++++ lxc-apps/motech/meta | 4 +-- 3 files changed, 30 insertions(+), 6 deletions(-) create mode 100644 lxc-apps/motech/install/activemq_conf/activemq.xml diff --git a/lxc-apps/motech/install.sh b/lxc-apps/motech/install.sh index 16d49a9..a55e2f5 100755 --- a/lxc-apps/motech/install.sh +++ b/lxc-apps/motech/install.sh @@ -12,8 +12,9 @@ cp postgres_data/postgresql.conf /srv/motech/postgres_data/postgresql.conf cp postgres_data/pg_hba.conf /srv/motech/postgres_data/pg_hba.conf # Configure ActiveMQ -mkdir -p /srv/motech/activemq_data -chown -R 161616:161616 /srv/motech/activemq_data +mkdir -p /srv/motech/activemq_conf /srv/motech/activemq_data +cp activemq_conf/activemq.xml /srv/motech/activemq_conf/activemq.xml +chown -R 161616:161616 /srv/motech/activemq_conf /srv/motech/activemq_data # Create database export MOTECH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') @@ -49,5 +50,3 @@ service lxc-motech-postgres stop # Register application vmmgr register-app motech motech "${MOTECH_ADMIN_USER}" "${MOTECH_ADMIN_PWD}" - -TODO: move the activemq conf here diff --git a/lxc-apps/motech/install/activemq_conf/activemq.xml b/lxc-apps/motech/install/activemq_conf/activemq.xml new file mode 100644 index 0000000..7af3de0 --- /dev/null +++ b/lxc-apps/motech/install/activemq_conf/activemq.xml @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + diff --git a/lxc-apps/motech/meta b/lxc-apps/motech/meta index 2eb5311..07ae709 100644 --- a/lxc-apps/motech/meta +++ b/lxc-apps/motech/meta @@ -14,13 +14,13 @@ "motech-postgres" ], "mounts": [ - ["DIR", "/srv/motech/motech_data", "/srv/motech/data/files"], - ["FILE", "/srv/motech/motech_conf/config.php", "/srv/motech/config.php"] + ["DIR", "/srv/motech/motech_conf", "/srv/tomcat/.motech"] ] }, "motech-activemq": { "image": "activemq_5.15.9-190620", "mounts": [ + ["FILE", "/srv/motech/activemq_conf/activemq.xml", "/srv/activemq/conf/activemq.xml"], ["DIR", "/srv/motech/activemq_data", "/srv/activemq/data"] ] }, From 19b62a437010b06cce51836ba4722a7e0010f9d9 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 10 Dec 2019 18:56:15 +0100 Subject: [PATCH 103/228] Fix SeedDMS install --- lxc-apps/seeddms/install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lxc-apps/seeddms/install.sh b/lxc-apps/seeddms/install.sh index 2b7dc7b..646b920 100755 --- a/lxc-apps/seeddms/install.sh +++ b/lxc-apps/seeddms/install.sh @@ -11,6 +11,10 @@ lxc-execute -n seeddms-postgres -- initdb -D /var/lib/postgresql cp postgres_data/postgresql.conf /srv/seeddms/postgres_data/postgresql.conf cp postgres_data/pg_hba.conf /srv/seeddms/postgres_data/pg_hba.conf +# Copy existing files into persistent storage +lxchelper extract seeddms /srv/seeddms/conf /srv/seeddms/seeddms_conf +lxchelper extract seeddms /srv/seeddms/data /srv/seeddms/seeddms_data + # Populate database export SEEDDMS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') service lxc-seeddms-postgres start @@ -18,10 +22,6 @@ envsubst /srv/seeddms/seeddms_conf/settings.xml export SEEDDMS_ADMIN_USER=admin From 0e465b08209e92e116fb524d942fe202caf8b3b7 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 13 Dec 2019 21:28:55 +0100 Subject: [PATCH 104/228] Workaround for LXC root priv for mysql --- apk/vmmgr | 2 +- lxc-apps/mifosx/install.sh | 12 ++++++------ lxc-apps/mifosx/install/update-conf.sh | 2 +- lxc-apps/ushahidi/install.sh | 6 +++--- lxc-apps/ushahidi/install/update-conf.sh | 6 +++--- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index 119636f..e05ffc1 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit 119636f94ee6ca1c17bb9e9ffb6e924e79f8d476 +Subproject commit e05ffc194f95e9078d0bf8e9a1d2494b4a1ba3ca diff --git a/lxc-apps/mifosx/install.sh b/lxc-apps/mifosx/install.sh index c73284c..2ae8720 100755 --- a/lxc-apps/mifosx/install.sh +++ b/lxc-apps/mifosx/install.sh @@ -6,16 +6,16 @@ mkdir -p /srv/mifosx/mariadb_conf /srv/mifosx/mariadb_data chown 103306:103306 /srv/mifosx/mariadb_data cp mariadb_conf/my.cnf /srv/mifosx/mariadb_conf/my.cnf chown -R 100000:100000 /srv/mifosx/mariadb_conf -lxc-execute mifosx-mariadb -- mysql_install_db --user=mysql --datadir=/var/lib/mysql --auth-root-authentication-method=socket --skip-test-db +lxc-execute mifosx-mariadb -- mysql_install_db --user=mysql --datadir=/var/lib/mysql --auth-root-authentication-method=socket --auth-root-socket-user=mysql --skip-test-db # Create databases export MIFOSX_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') service lxc-mifosx-mariadb start -envsubst Date: Fri, 13 Dec 2019 21:40:27 +0100 Subject: [PATCH 105/228] Fix MifosX install script --- lxc-apps/mifosx/install.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lxc-apps/mifosx/install.sh b/lxc-apps/mifosx/install.sh index 2ae8720..e9a8d1f 100755 --- a/lxc-apps/mifosx/install.sh +++ b/lxc-apps/mifosx/install.sh @@ -13,21 +13,22 @@ export MIFOSX_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=') service lxc-mifosx-mariadb start envsubst /srv/mifosx/mifosx_conf/context.xml +cp mifosx_conf/server.xml /srv/mifosx/mifosx_conf/server.xml +chown -R 100000:100000 /srv/mifosx/mifosx_conf + # Populate database lxc-execute mifosx -- cat /tmp/mifospltaform-tenants-first-time-install.sql | lxc-attach mifosx-mariadb -- mysql -u mysql mifosplatform-tenants envsubst /srv/mifosx/mifosx_conf/context.xml -cp mifosx_conf/server.xml /srv/mifosx/mifosx_conf/server.xml - # Populate database -service start mifosx +service lxc-mifosx start until grep -q 'org.apache.catalina.startup.Catalina.start Server startup' /var/log/lxc/mifosx.log; do sleep 1 done -service stop mifosx +service lxc-mifosx stop # Fix missing previous_run_status column echo 'ALTER TABLE `scheduled_email_campaign` ADD `previous_run_status` VARCHAR(10) NULL;' | lxc-attach mifosx-mariadb -- mysql -u mysql mifostenant-default From c73c5f1eefac87a7e81c629932093f7aae688ae0 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Tue, 17 Dec 2019 21:31:05 +0100 Subject: [PATCH 106/228] Reorder Decidim rake secret generation --- lxc-apps/decidim/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/decidim/install.sh b/lxc-apps/decidim/install.sh index 79e5ddb..dab3faf 100755 --- a/lxc-apps/decidim/install.sh +++ b/lxc-apps/decidim/install.sh @@ -20,9 +20,9 @@ envsubst /srv/decidim/decidim_conf/application.yml From 2bd45fea0ded92182589c5ff3c7e0bb66c9d077d Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 18 Dec 2019 10:13:32 +0100 Subject: [PATCH 107/228] Fix a few build omissions --- apk/vmmgr | 2 +- build/clean-all.sh | 1 + build/install-toolchain.sh | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/apk/vmmgr b/apk/vmmgr index e05ffc1..bfd1b7c 160000 --- a/apk/vmmgr +++ b/apk/vmmgr @@ -1 +1 @@ -Subproject commit e05ffc194f95e9078d0bf8e9a1d2494b4a1ba3ca +Subproject commit bfd1b7cb2f4b87e7987b66a8c47069e2e06c74db diff --git a/build/clean-all.sh b/build/clean-all.sh index 2918709..6edf1d7 100755 --- a/build/clean-all.sh +++ b/build/clean-all.sh @@ -27,6 +27,7 @@ rc-update -u # Remove containers rm -rf /var/lib/lxc/* +rm -f /var/log/lxc/* # Remove application data for DIR in $(find /srv ! -path /srv/build -maxdepth 1 -mindepth 1); do diff --git a/build/install-toolchain.sh b/build/install-toolchain.sh index 2e4390f..5877d29 100755 --- a/build/install-toolchain.sh +++ b/build/install-toolchain.sh @@ -27,7 +27,7 @@ cp usr/bin/lxcmerge /usr/bin/lxcmerge mkdir -p /srv/build/lxc/apps /srv/build/lxc/images # Prepare local APK repository -cp etc/nginx/conf.d/apkrepo.conf /etc/nginx/conf.d/apkrepo.conf +cp etc/nginx/conf.d/repo.conf /etc/nginx/conf.d/repo.conf echo "172.17.0.1 repo.build.vm" >>/etc/hosts service nginx reload From 91c413ecbf1cf47c123f7de2c02896029bdf7d67 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 18 Dec 2019 10:14:14 +0100 Subject: [PATCH 108/228] Assign explicit UID/GID to decidim user --- lxc-apps/decidim/lxcfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxc-apps/decidim/lxcfile b/lxc-apps/decidim/lxcfile index 10ad503..3c12b5a 100644 --- a/lxc-apps/decidim/lxcfile +++ b/lxc-apps/decidim/lxcfile @@ -17,8 +17,8 @@ RUN EOF gem install passenger --no-document # Create OS user - addgroup -S decidim - adduser -S -h /srv/decidim-app -s /sbin/nologin -G decidim -g decidim decidim + addgroup -S -g 8080 decidim + adduser -S -u 8080 -h /srv/decidim-app -s /sbin/nologin -G decidim -g decidim decidim # Compile nginx # taken from passenger-install-nginx-module From b2b2c12cdf38fbbc0ce1854cfbd8859e1b8c38c7 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 18 Dec 2019 10:55:56 +0100 Subject: [PATCH 109/228] Fix Decidim rake secret --- lxc-apps/decidim/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxc-apps/decidim/install.sh b/lxc-apps/decidim/install.sh index dab3faf..58362b2 100755 --- a/lxc-apps/decidim/install.sh +++ b/lxc-apps/decidim/install.sh @@ -22,7 +22,7 @@ lxchelper extract decidim /srv/decidim-app/config /srv/decidim/decidim_conf # Configure Decidim mkdir -p /srv/decidim/decidim_data/storage /srv/decidim/decidim_data/uploads chown 108080:108080 /srv/decidim/decidim_data/storage /srv/decidim/decidim_data/uploads -export DECIDIM_SECRET=$(lxc-execute decidim -- rake secret) +export DECIDIM_SECRET=$(lxc-execute -u 8080 -g 8080 decidim -- sh -c 'cd /srv/decidim-app; rake secret') cp decidim_conf/environments/production.rb /srv/decidim/decidim_conf/environments/production.rb cp decidim_conf/initializers/decidim.rb /srv/decidim/decidim_conf/initializers/decidim.rb envsubst /srv/decidim/decidim_conf/application.yml @@ -36,7 +36,7 @@ export DECIDIM_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') envsubst Date: Wed, 18 Dec 2019 14:35:39 +0100 Subject: [PATCH 110/228] Fix MifosX schema creation --- lxc-apps/mifosx/install/schemapwd.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/mifosx/install/schemapwd.sql b/lxc-apps/mifosx/install/schemapwd.sql index c2ff1cc..9d81a75 100644 --- a/lxc-apps/mifosx/install/schemapwd.sql +++ b/lxc-apps/mifosx/install/schemapwd.sql @@ -1 +1 @@ -UPDATE `tenants` SET `timezone_id` = "Europe/Prague", `schema_server` = "mariadb", `schema_username` = "mifosx", `schema_password` = "${MIFOSX_PWD}" WHERE `identifier` = "default"; +UPDATE `tenants` SET `timezone_id` = "Europe/Prague", `schema_server` = "mifosx-mariadb", `schema_username` = "mifosx", `schema_password` = "${MIFOSX_PWD}" WHERE `identifier` = "default"; From 751afa6cf2fb6d75ac1a3f51e745d8126159b445 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 18 Dec 2019 14:37:37 +0100 Subject: [PATCH 111/228] Add Decidim uninstall script --- lxc-apps/decidim/uninstall.sh | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100755 lxc-apps/decidim/uninstall.sh diff --git a/lxc-apps/decidim/uninstall.sh b/lxc-apps/decidim/uninstall.sh new file mode 100755 index 0000000..4f0b6d4 --- /dev/null +++ b/lxc-apps/decidim/uninstall.sh @@ -0,0 +1,8 @@ +#!/bin/sh +set -ev + +# Remove persistent data +rm -rf /srv/decidim + +# Unregister application +vmmgr unregister-app decidim From 48510beb282451229c0a8784e67b9fe303bc46b2 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 20 Dec 2019 08:20:13 +0100 Subject: [PATCH 112/228] Update Pandora config to align with upstream --- .../pandora/install/pandora_conf/config.jsonc | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/lxc-apps/pandora/install/pandora_conf/config.jsonc b/lxc-apps/pandora/install/pandora_conf/config.jsonc index 11d8020..c7bd645 100644 --- a/lxc-apps/pandora/install/pandora_conf/config.jsonc +++ b/lxc-apps/pandora/install/pandora_conf/config.jsonc @@ -45,6 +45,7 @@ examples (config.SITENAME.jsonc) that are part of this pan.do/ra distribution. "canAddItems": {"member": true, "staff": true, "admin": true}, "canAddDocuments": {"member": true, "staff": true, "admin": true}, "canDownloadVideo": {"guest": 1, "member": 1, "staff": 4, "admin": 4}, + "canDownloadSource": {"member": 1, "staff": 4, "admin": 4}, "canEditAnnotations": {"staff": true, "admin": true}, "canEditDocuments": {"staff": true, "admin": true}, "canEditEntities": {"staff": true, "admin": true}, @@ -217,6 +218,7 @@ examples (config.SITENAME.jsonc) that are part of this pan.do/ra distribution. "type": "string", "columnWidth": 120, //"format": {"type": "date", "args": ["%a, %b %e, %Y"]}, + "filter": true, "sort": true }, { @@ -549,7 +551,7 @@ examples (config.SITENAME.jsonc) that are part of this pan.do/ra distribution. { "id": "country", "title": "Country", - "type": "string", + "type": ["string"], "autocomplete": true, "columnWidth": 180, "filter": true, @@ -1019,11 +1021,6 @@ examples (config.SITENAME.jsonc) that are part of this pan.do/ra distribution. {"name": "Private", "color": [255, 128, 128]} ], /* - "sendReferrer", if set to false, will cause all outgoing links to originate - from one single URL - */ - "sendReferrer": false, - /* "site" contains various settings for this instance. In "email", "contact" if the address in the contact form (to), "system" is the address used by the system (from). @@ -1152,11 +1149,19 @@ examples (config.SITENAME.jsonc) that are part of this pan.do/ra distribution. }, "document": "", "documents": {}, + "documentFiltersSize": 176, "documentSize": 256, "documentView": "view", "documentsSelection": {}, "documentsSort": [{"key": "title", "operator": "+"}], "documentsView": "grid", + "documentFilters": [ + {"id": "author", "sort": [{"key": "items", "operator": "-"}]}, + {"id": "place", "sort": [{"key": "items", "operator": "-"}]}, + {"id": "date", "sort": [{"key": "name", "operator": "-"}]}, + {"id": "publisher", "sort": [{"key": "items", "operator": "-"}]}, + {"id": "language", "sort": [{"key": "items", "operator": "-"}]} + ], "edit": "", "edits": {}, "editSelection": [], @@ -1221,6 +1226,7 @@ examples (config.SITENAME.jsonc) that are part of this pan.do/ra distribution. "showCalendarControls": false, "showClips": true, "showDocument": true, + "showDocumentFilters": false, "showFilters": true, "showIconBrowser": false, "showInfo": true, From d08848a4d0ee99e1e5fdffffb999c05d3d83e316 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 20 Dec 2019 08:54:31 +0100 Subject: [PATCH 113/228] Improve RabbitMQ ready command --- lxc-services/rabbitmq/lxcfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-services/rabbitmq/lxcfile b/lxc-services/rabbitmq/lxcfile index 7b64bbb..e8002c4 100644 --- a/lxc-services/rabbitmq/lxcfile +++ b/lxc-services/rabbitmq/lxcfile @@ -13,4 +13,4 @@ EOF USER 5672 5672 ENV HOME /usr/lib/rabbitmq CMD rabbitmq-server -READY grep -q "Server startup complete" /var/log/rabbitmq/rabbit@*.log +READY rabbitmqctl await_startup From 18698ef5d45c03473b5e76f408a8c3ab406b6191 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 20 Dec 2019 08:55:31 +0100 Subject: [PATCH 114/228] Fix Pandora password hash generation --- lxc-apps/pandora/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc-apps/pandora/install.sh b/lxc-apps/pandora/install.sh index 680a0e1..3636e59 100755 --- a/lxc-apps/pandora/install.sh +++ b/lxc-apps/pandora/install.sh @@ -45,7 +45,7 @@ lxc-execute pandora -- /srv/pandora/pandora/manage.py sync_documentsort export PANDORA_ADMIN_USER=admin export PANDORA_ADMIN_EMAIL=admin@example.com export PANDORA_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=') -export PANDORA_ADMIN_HASH=$(lxc-execute pandora -- sh -c "DJANGO_SETTINGS_MODULE=srv.pandora.pandora.settings python3 -c \"from django.contrib.auth.hashers import make_password; print(make_password('${PANDORA_ADMIN_PWD}'))\"") +export PANDORA_ADMIN_HASH=$(lxc-execute pandora -- sh -c "cd /srv/pandora && DJANGO_SETTINGS_MODULE=pandora.settings python3 -c \"from django.contrib.auth.hashers import make_password; print(make_password('${PANDORA_ADMIN_PWD}'))\"") envsubst Date: Fri, 20 Dec 2019 17:53:39 +0100 Subject: [PATCH 115/228] Bring Sahana config up-to-date --- .../install/sahana_conf/000_config.py | 16 +- .../sahana/install/sahana_conf/000_config.py | 14 +- .../sahana/install/sahana_conf/00_settings.py | 54 ++-- .../install/sahana_data/Spotter/config.py | 239 ++++++++++++--- .../sahana_data/Spotter/gis_hierarchy.csv | 3 + .../install/sahana_data/Spotter/monitor.py | 4 +- .../sahana_data/Spotter/organisation_type.csv | 2 +- .../install/sahana_data/Spotter/parser.py | 2 +- .../sahana_data/Spotter/views/layout.html | 6 +- .../sambro/install/sahana_conf/000_config.py | 24 +- .../sambro/install/sahana_conf/00_settings.py | 54 ++-- .../install/sahana_data/SAMBRO/config.py | 275 ++++++++++++------ 12 files changed, 483 insertions(+), 210 deletions(-) diff --git a/lxc-apps/sahana-demo/install/sahana_conf/000_config.py b/lxc-apps/sahana-demo/install/sahana_conf/000_config.py index ac2a261..0344a50 100644 --- a/lxc-apps/sahana-demo/install/sahana_conf/000_config.py +++ b/lxc-apps/sahana-demo/install/sahana_conf/000_config.py @@ -68,8 +68,8 @@ settings.base.debug = True # Uncomment this to prevent automated test runs from remote # settings.base.allow_testing = False -# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging -#settings.log.level = "WARNING" +# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging (default) +#settings.log.level = "ERROR" # DEBUG set automatically when base.debug is True # Uncomment to prevent writing log messages to the console (sys.stderr) #settings.log.console = False # Configure a log file (file name) @@ -87,6 +87,9 @@ settings.base.debug = True # - should happen automatically if installing using supported scripts settings.auth.hmac_key = "${SAHANADEMO_HMAC}" +# If using Masterkey Authentication, then set this to a deployment-specific 32 char string: +#settings.auth.masterkey_app_key = "randomstringrandomstringrandomstring" + # Minimum Password Length #settings.auth.password_min_length = 8 @@ -103,7 +106,7 @@ settings.mail.server = "host:25" settings.mail.sender = "admin@example.com" # Default email address to which requests to approve new user accounts gets sent # This can be overridden for specific domains/organisations via the auth_domain table -#settings.mail.approver = "useradmin@example.org" +settings.mail.approver = "admin@example.com" # Daily Limit on Sending of emails #settings.mail.limit = 1000 @@ -215,10 +218,8 @@ settings.base.session_db = True # See http://alerting.worldweather.org/ for oid # Country root oid. The oid for the organisation includes this base #settings.cap.identifier_oid = "2.49.0.0.608.0" -# Change this for the offset period in days that the alert will be effective for -# Expire Date = Effective Date + expire_offset -# Default is 2 days -#settings.cap.expire_offset = 2 +# Set the period (in days) after which alert info segments expire (default=2) +#settings.cap.info_effective_period = 2 # ============================================================================= # Import the settings from the Template @@ -238,6 +239,7 @@ settings.import_template() #settings.L10n.default_language = "en" #settings.security.policy = 7 # Organisation-ACLs # Enable Additional Module(s) +#from gluon.storage import Storage #settings.modules["delphi"] = Storage( # name_nice = T("Delphi Decision Maker"), # restricted = False, diff --git a/lxc-apps/sahana/install/sahana_conf/000_config.py b/lxc-apps/sahana/install/sahana_conf/000_config.py index 01dfa30..943356d 100644 --- a/lxc-apps/sahana/install/sahana_conf/000_config.py +++ b/lxc-apps/sahana/install/sahana_conf/000_config.py @@ -68,8 +68,8 @@ settings.base.debug = True # Uncomment this to prevent automated test runs from remote # settings.base.allow_testing = False -# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging -#settings.log.level = "WARNING" +# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging (default) +#settings.log.level = "ERROR" # DEBUG set automatically when base.debug is True # Uncomment to prevent writing log messages to the console (sys.stderr) #settings.log.console = False # Configure a log file (file name) @@ -87,6 +87,9 @@ settings.base.debug = True # - should happen automatically if installing using supported scripts settings.auth.hmac_key = "${SAHANA_HMAC}" +# If using Masterkey Authentication, then set this to a deployment-specific 32 char string: +#settings.auth.masterkey_app_key = "randomstringrandomstringrandomstring" + # Minimum Password Length #settings.auth.password_min_length = 8 @@ -219,10 +222,8 @@ settings.base.session_db = True # See http://alerting.worldweather.org/ for oid # Country root oid. The oid for the organisation includes this base #settings.cap.identifier_oid = "2.49.0.0.608.0" -# Change this for the offset period in days that the alert will be effective for -# Expire Date = Effective Date + expire_offset -# Default is 2 days -#settings.cap.expire_offset = 2 +# Set the period (in days) after which alert info segments expire (default=2) +#settings.cap.info_effective_period = 2 # ============================================================================= # Import the settings from the Template @@ -242,6 +243,7 @@ settings.import_template() #settings.L10n.default_language = "en" #settings.security.policy = 7 # Organisation-ACLs # Enable Additional Module(s) +#from gluon.storage import Storage #settings.modules["delphi"] = Storage( # name_nice = T("Delphi Decision Maker"), # restricted = False, diff --git a/lxc-apps/sahana/install/sahana_conf/00_settings.py b/lxc-apps/sahana/install/sahana_conf/00_settings.py index 009e3a7..5610291 100644 --- a/lxc-apps/sahana/install/sahana_conf/00_settings.py +++ b/lxc-apps/sahana/install/sahana_conf/00_settings.py @@ -88,6 +88,7 @@ s3.stylesheets = [] s3.external_stylesheets = [] # To get included at the end of s3.scripts = [] +s3.scripts_modules = [] s3.js_global = [] s3.jquery_ready = [] @@ -194,20 +195,23 @@ _settings.allow_basic_login = True _settings.logout_onlogout = s3_auth_on_logout _settings.login_onaccept = s3_auth_on_login -_settings.login_next = settings.get_auth_login_next() +# Now read in auth.login() to avoid setting unneccesarily in every request +#_settings.login_next = settings.get_auth_login_next() if settings.has_module("vol") and \ settings.get_auth_registration_volunteer(): _settings.register_next = URL(c="vol", f="person") # Languages available in User Profiles -if len(s3.l10n_languages) > 1: - _settings.table_user.language.requires = IS_IN_SET(s3.l10n_languages, - zero=None) -else: - field = _settings.table_user.language - field.default = s3.l10n_languages.keys()[0] - field.readable = False - field.writable = False +#if len(s3.l10n_languages) > 1: +# _settings.table_user.language.requires = s3base.IS_ISO639_2_LANGUAGE_CODE(sort = True, +# translate = True, +# zero = None, +# ) +#else: +# field = _settings.table_user.language +# field.default = s3.l10n_languages.keys()[0] +# field.readable = False +# field.writable = False _settings.lock_keys = True @@ -241,14 +245,14 @@ session.information = [] session.warning = [] # Shortcuts for system role IDs, see modules/s3aaa.py/AuthS3 -system_roles = auth.get_system_roles() -ADMIN = system_roles.ADMIN -AUTHENTICATED = system_roles.AUTHENTICATED -ANONYMOUS = system_roles.ANONYMOUS -EDITOR = system_roles.EDITOR -MAP_ADMIN = system_roles.MAP_ADMIN -ORG_ADMIN = system_roles.ORG_ADMIN -ORG_GROUP_ADMIN = system_roles.ORG_GROUP_ADMIN +#system_roles = auth.get_system_roles() +#ADMIN = system_roles.ADMIN +#AUTHENTICATED = system_roles.AUTHENTICATED +#ANONYMOUS = system_roles.ANONYMOUS +#EDITOR = system_roles.EDITOR +#MAP_ADMIN = system_roles.MAP_ADMIN +#ORG_ADMIN = system_roles.ORG_ADMIN +#ORG_GROUP_ADMIN = system_roles.ORG_GROUP_ADMIN if s3.debug: # Add the developer toolbar from modules/s3/s3utils.py @@ -261,15 +265,15 @@ s3_formstyle = settings.get_ui_formstyle() s3_formstyle_read = settings.get_ui_formstyle_read() s3_formstyle_mobile = s3_formstyle submit_button = T("Save") -_crud = s3.crud -_crud.formstyle = s3_formstyle -_crud.formstyle_read = s3_formstyle_read -_crud.submit_button = submit_button +s3_crud = s3.crud +s3_crud.formstyle = s3_formstyle +s3_crud.formstyle_read = s3_formstyle_read +s3_crud.submit_button = submit_button # Optional class for Submit buttons -#_crud.submit_style = "submit-button" -_crud.confirm_delete = T("Do you really want to delete these records?") -_crud.archive_not_delete = settings.get_security_archive_not_delete() -_crud.navigate_away_confirm = settings.get_ui_navigate_away_confirm() +#s3_crud.submit_style = "submit-button" +s3_crud.confirm_delete = T("Do you really want to delete these records?") +s3_crud.archive_not_delete = settings.get_security_archive_not_delete() +s3_crud.navigate_away_confirm = settings.get_ui_navigate_away_confirm() # Content Type Headers, default is application/xml for XML formats # and text/x-json for JSON formats, other content types must be diff --git a/lxc-apps/sahana/install/sahana_data/Spotter/config.py b/lxc-apps/sahana/install/sahana_data/Spotter/config.py index d952e3c..3bf808f 100644 --- a/lxc-apps/sahana/install/sahana_data/Spotter/config.py +++ b/lxc-apps/sahana/install/sahana_data/Spotter/config.py @@ -20,6 +20,9 @@ def config(settings): # In Production, prepopulate = 0 (to save 1x DAL hit every page) settings.base.prepopulate.append("Spotter") + # Uncomment this to prefer scalability-optimized strategies globally + #settings.base.bigtable = True + # Theme (folder to use for views/layout.html) #settings.base.theme = "default" @@ -35,6 +38,8 @@ def config(settings): #settings.auth.registration_requires_verification = True # Do new users need to be approved by an administrator prior to being able to login? #settings.auth.registration_requires_approval = True + # Disable welcome-emails to newly registered users + #settings.auth.registration_welcome_email = False # Allow a new user to be linked to a record (and a new record will be created if it doesn't already exist) settings.auth.registration_link_user_to = {"staff":T("Staff"), @@ -72,8 +77,6 @@ def config(settings): #settings.auth.registration_requests_site = True # Uncomment this to allow Admin to see Organisations in User Admin even if the Registration doesn't request this #settings.auth.admin_sees_organisation = True - # Uncomment to hide the UTC Offset in Registration/Profile - #settings.auth.show_utc_offset = False # Uncomment to set the default role UUIDs assigned to newly-registered users # This is a dictionary of lists, where the key is the realm that the list of roles applies to # The key 0 implies not realm restricted @@ -104,14 +107,20 @@ def config(settings): # https://termsfeed.com/terms-conditions/generator/ # uses