├── README.md
├── gcloud scripts
├── create_apps.yml
├── create_apps_service.yml
├── fresh_db_server.sh
├── nfs-pv.yaml
├── nfs-pvc.yaml
├── podsync.sh
├── remote_cloud_launch.pl
└── setup_apps_in_cloud.sh
├── generic-dockerhub-dev
├── Dockerfile
├── build_syslog-ng.sh
├── db_switcher.pl
├── evergreen_restart_services.yml
├── hosts
├── install_evergreen.yml
├── logrotate_evergreen.txt
├── plprofiler.yml
├── restart_post_boot.yml
├── run_tests.yml
├── syslog-ng.sh
├── test_vars.yml
└── vars.yml
├── generic-dockerhub
├── .env
├── Dockerfile
├── build_syslog-ng.sh
├── docker-compose.yml
├── ejabberd_bionic.yml
├── ejabberd_focal.yml
├── ejabberd_jammy.yml
├── ejabberd_xenial.yml
├── evergreen_restart_services.yml
├── hosts
├── install_evergreen.yml
├── logrotate_evergreen.txt
├── restart_post_boot.yml
├── run_tests.yml
├── self_check_bash_example.sh
├── syslog-ng.sh
├── test_vars.yml
└── vars.yml
└── generic-tarball
├── Dockerfile
├── build_syslog-ng.sh
├── ejabberd_bionic.yml
├── ejabberd_focal.yml
├── ejabberd_jammy.yml
├── ejabberd_xenial.yml
├── evergreen_restart_services.yml
├── hosts
├── install_evergreen.yml
├── logrotate_evergreen.txt
├── restart_post_boot.yml
├── run_tests.yml
├── syslog-ng.sh
├── test.yml
├── test_vars.yml
└── vars.yml
/README.md:
--------------------------------------------------------------------------------
1 | # MOBIUS Evergreen Docker example set
2 |
3 | ## Recommended Hardware
4 |
5 | - I recommend at least 4 CPU's and 4GB of memory, but 8CPU, 8GB would be better :)
6 |
7 | - You might find the 2017 presentation helpful [Evergreen conference 2017 presentation](http://slides.mobiusconsortium.org/blake/evergreengoogledocker/)
8 |
9 | ## First steps
10 |
11 | - Make sure your host machine is not using the following ports
12 | - 32
13 | - 80
14 | - 443
15 |
16 | - Clone this repo
17 |
18 | `git clone https://github.com/mcoia/eg-docker.git`
19 |
20 |
21 | ### Maybe customize vars.yml and Dockerfile
22 |
23 | - Set your desired ubuntu version (xenial, bionic, focal)
24 | - Keep in mind that certain versions of Evergreen are only compatible with certain versions of ubuntu
25 |
26 | - Set your desired Evergreen version
27 | - This installation is "best effort". install_evergreen.yml makes a best effort to install different versions of Evergreen that you choose. Mileage will vary because of the Node dependency stack as time goes on.
28 |
29 | ### Build the container
30 |
31 | `cd generic-dockerhub && docker build --add-host public.localhost:127.0.1.2 --add-host public:127.0.1.2 --add-host private.localhost:127.0.1.3 --add-host private:127.0.1.3 .`
32 |
33 | ### Run the container
34 |
35 | `docker run -it -p 80:80 -p 443:443 -p 32:22 -h app.brick.com 51d5369e7d89`
36 |
37 | - NOTE: replace the image hash with yours
38 |
39 | ### _Optionally_ use docker-compose
40 |
41 | `HOST=app.brick.com IMAGE=evergreen docker-compose up -d`
42 |
43 | - NOTE: Default VARS are defined in .env and docker-compose.yml
44 |
45 | ### Look for the container finish line
46 |
47 | - When the container is ready, you should see something that looks like
48 |
49 | `PLAY RECAP *******************************************************************************************************************************`
50 |
51 | And it will be apparently hanging. You need to issue this command:
52 |
53 | ctrl+pq
54 |
55 | which will escape out of the console of the Docker container without killing the container
56 |
57 | ### Open a web browser
58 |
59 | Attempt to connect to the server on your web browser:
60 |
61 | http://127.0.0.1
62 |
63 | Use your specific IP as needed.
64 |
65 | ### Certificates
66 |
67 | This build will create a self-signed SSL certificate. Your browser will give you an error. As long as you connect to the server by IP address (not domain name), your browser will allow you to make an exception.
68 |
69 | ### SSH
70 |
71 | This build creates a linux user in the Docker container. The user is "user" and the password is: "password"
72 |
73 | This allows you to SSH into the Docker container to make changes if you'd like.
74 |
75 | `ssh -p 32 user@localhost`
76 |
77 | ### Troubleshooting
78 |
79 | If you find that this build won't finish. Then you need to break the process down. Do the following:
80 |
81 | - Edit Dockerfile. Comment out these two lines:
82 |
83 | `#RUN cd /egconfigs && ansible-playbook install_evergreen.yml -v -e "hosts=127.0.0.1"`
84 |
85 | `#ENTRYPOINT cd /egconfigs && ansible-playbook evergreen_restart_services.yml -vvvv -e "hosts=127.0.0.1" && while true; do sleep 1; done`
86 |
87 | - UNCOMMENT this line:
88 |
89 | `ENTRYPOINT while true; do sleep 1; done`
90 |
91 |
92 | - Then perform the docker build again. This time, it should finish.
93 | - Run the container
94 | - ctrl+pq to escape out of the container
95 | - Get to a shell in the container
96 |
97 | ``docker exec `docker ps --format "{{.ID}}"` /bin/bash``
98 |
99 | - Manually execute the command:
100 |
101 | `cd /egconfigs && ansible-playbook install_evergreen.yml -v -e "hosts=127.0.0.1"`
102 |
103 | - Watch and see where it errors out, and track down that command in the ansible script. Make tweaks and try again.
104 |
105 |
106 | Everything in this repository is open and free to use under the GNU.
107 |
108 |
109 | This program is free software: you can redistribute it and/or modify
110 | it under the terms of the GNU General Public License as published by
111 | the Free Software Foundation, either version 3 of the License, or
112 | (at your option) any later version.
113 |
114 | This program is distributed in the hope that it will be useful,
115 | but WITHOUT ANY WARRANTY; without even the implied warranty of
116 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
117 | GNU General Public License for more details.
118 |
119 | You should have received a copy of the GNU General Public License
120 | along with this program. If not, see .
121 |
122 |
123 |
--------------------------------------------------------------------------------
/gcloud scripts/create_apps.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ReplicationController
3 | metadata:
4 | name: apps
5 | spec:
6 | replicas: 1
7 | selector:
8 | role: apps
9 | template:
10 | metadata:
11 | labels:
12 | role: apps
13 | spec:
14 | containers:
15 | - name: apps
16 | livenessProbe:
17 | httpGet:
18 | path: /ping.txt
19 | port: 80
20 | initialDelaySeconds: 600
21 | timeoutSeconds: 30
22 | image: gcr.io/evergreen-ksl/egapp
23 | imagePullPolicy: Always
24 | ports:
25 | # - name: ssh
26 | # containerPort: 22
27 | - name: web
28 | containerPort: 80
29 | - name: z3950
30 | containerPort: 210
31 | - name: ssl
32 | containerPort: 443
33 | - name: sip
34 | containerPort: 6001
35 | - name: stunnel
36 | containerPort: 6443
37 | volumeMounts:
38 | # name must match the volume name below
39 | - name: nfs
40 | mountPath: "/mnt/evergreen"
41 | volumes:
42 | - name: nfs
43 | persistentVolumeClaim:
44 | claimName: evergreen-share-nfs
--------------------------------------------------------------------------------
/gcloud scripts/create_apps_service.yml:
--------------------------------------------------------------------------------
1 | kind: Service
2 | apiVersion: v1
3 | metadata:
4 | name: apps
5 | spec:
6 | ports:
7 | # - name: ssh
8 | # port: 22
9 | - name: web
10 | port: 80
11 | - name: z3950
12 | port: 210
13 | - name: ssl
14 | port: 443
15 | - name: sip
16 | port: 6001
17 | - name: stunnel
18 | port: 6443
19 | selector:
20 | role: apps
21 | type: LoadBalancer
22 | externalTrafficPolicy: Local
--------------------------------------------------------------------------------
/gcloud scripts/fresh_db_server.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | useradd user -m -s /bin/bash
3 | useradd opensrf -m -s /bin/bash
4 | useradd evergreen -m -s /bin/bash
5 | mkdir /home/user/.ssh
6 | cp authorized_keys /home/blake/.ssh/authorized_keys
7 | chmod 700 /home/*/.ssh
8 | chmod 600 /home/*/.ssh/*
9 | chown user:user -R /home/user
10 | apt-get update
11 | apt-get -y install ssh net-tools iputils-ping sudo nano make autoconf libtool git mlocate ansible git-core ntp cron
12 | mkdir /egconfigs
13 | mkdir -p /mnt/evergreen
14 | cp syslog-ng.sh /egconfigs/
15 | /egconfigs/syslog-ng.sh
16 | mkdir -p /etc/service/syslog-ng/run/
17 | cp build_syslog-ng.sh /etc/service/syslog-ng/run/syslog-ng.sh
18 | sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
19 | sed -i 's/^#\(SYSLOGNG_OPTS="--no-caps"\)/\1/g' /etc/default/syslog-ng
20 | cp eg.conf /egconfigs/eg.conf
21 | cp eg_vhost.conf /egconfigs/eg_vhost.conf
22 | cp hosts /egconfigs/hosts
23 | cp oils_sip.xml /egconfigs/oils_sip.xml
24 | cp ejabberd.yml /egconfigs/ejabberd.yml
25 | cp opensrf.xml /egconfigs/opensrf.xml
26 | cp crontab_utility_root /egconfigs/crontab_utility_root
27 | cp crontab_utility_opensrf /egconfigs/crontab_utility_opensrf
28 | cp startup_base_services.yml /egconfigs/startup_base_services.yml
29 | cp install_evergreen.yml /egconfigs/install_evergreen.yml
30 | cp install_evergreen_database.yml /egconfigs/install_evergreen_database.yml
31 | cp evergreen_restart_services.yml /egconfigs/evergreen_restart_services.yml
32 | cp 16.04_master_cloud.yml /egconfigs/16.04_master_cloud.yml
33 | cd /egconfigs && ansible-playbook install_evergreen_database.yml -v -e "hosts=127.0.0.1"
34 |
35 |
36 |
--------------------------------------------------------------------------------
/gcloud scripts/nfs-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: evergreen-share-nfs
5 | spec:
6 | capacity:
7 | storage: 500Mi
8 | volumeMode: Filesystem
9 | accessModes:
10 | - ReadWriteMany
11 | nfs:
12 | # FIXME: use the right IP
13 | server: 10.128.0.2
14 | path: "/mnt/evergreen"
15 |
--------------------------------------------------------------------------------
/gcloud scripts/nfs-pvc.yaml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: evergreen-share-nfs
5 | spec:
6 | accessModes:
7 | - ReadWriteMany
8 | storageClassName: ""
9 | resources:
10 | requests:
11 | storage: 1Mi
12 |
--------------------------------------------------------------------------------
/gcloud scripts/podsync.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | export GOOGLE_APPLICATION_CREDENTIALS="/path/to/key.json"
4 |
5 | PATH_TO_KUBECTL="/root/google-cloud-sdk/bin/kubectl"
6 | PATH_TO_GCLOUD="/root/google-cloud-sdk/bin/gcloud"
7 | DOCKER_CONTAINER_NAME=meapps
8 | PODNUM=`$PATH_TO_KUBECTL get po|grep -v "RESTARTS" | wc -l`
9 | PROJECT_ID=evergreen-1470164758084
10 |
11 | $PATH_TO_GCLOUD container clusters get-credentials $DOCKER_CONTAINER_NAME --zone us-central1-c --project $PROJECT_ID
12 |
13 | INSTANCENUM=`$PATH_TO_GCLOUD compute instance-groups list|grep -v "INSTANCES" | awk '{print $6}'`
14 |
15 | echo PODNUM = $PODNUM
16 | echo INSTANCENUM = $INSTANCENUM
17 |
18 | if [ "$INSTANCENUM" -gt "$PODNUM" ];
19 | then
20 | echo "less pods"
21 | echo "going up to $INSTANCENUM"
22 | $PATH_TO_KUBECTL scale rc $DOCKER_CONTAINER_NAME --replicas=$INSTANCENUM
23 | rm /tmp/podsync_date
24 | exit;
25 | elif [ "$PODNUM" -gt "$INSTANCENUM" ];
26 | then
27 | if [ $INSTANCENUM == 1 ];
28 | then
29 | echo "Winding down to 1 pod"
30 | if [ -a /tmp/podsync_date ];
31 | then
32 | while read -r line
33 | do
34 | recordeddate="$line"
35 | done < "/tmp/podsync_date"
36 | echo "Read date $line from /tmp/podsync_date"
37 | CURRENTDATE=`date +%s`
38 | SECONDS=`expr $CURRENTDATE - $recordeddate`
39 | echo "Current date is $SECONDS seconds later than $line"
40 | if [ "$SECONDS" -gt "599" ]
41 | then
42 | echo "Ok - it's been 10 minutes, decreasing the pods to 1"
43 | $PATH_TO_KUBECTL scale rc $DOCKER_CONTAINER_NAME --replicas=1
44 | rm /tmp/podsync_date
45 | fi
46 | else
47 | echo "recording the exact date to /tmp/podsync_date"
48 | date +%s > /tmp/podsync_date
49 | fi
50 | else
51 | echo "going down to $INSTANCENUM"
52 | $PATH_TO_KUBECTL scale rc $DOCKER_CONTAINER_NAME --replicas=$INSTANCENUM
53 | rm /tmp/podsync_date
54 | fi
55 |
56 | else
57 | echo "Perfect match"
58 | rm /tmp/podsync_date
59 | fi
60 |
--------------------------------------------------------------------------------
/gcloud scripts/remote_cloud_launch.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 | use lib qw(../);
3 | use Loghandler;
4 | use Getopt::Long;
5 | use Data::Dumper;
6 |
7 | my $dbname='';
8 | my $localusername='';
9 | my $clustername='';
10 |
11 | GetOptions (
12 | "dbname=s" => \$dbname,
13 | "localusername=s" => \$localusername,
14 | "clustername=s" => \$clustername
15 | )
16 | or die("Error in command line arguments\n");
17 |
18 | print "dbname = $dbname\nlocalusername=$localusername\nclustername=$clustername\n";
19 |
20 |
21 | # gather up pod IPs
22 | system("kubectl get po|grep -v NAME | awk '{print \$1}'|while read line ; do kubectl describe po/\$line ; done |grep IP | awk '{print \$2}'| tr '\\n' ' ' > /tmp/pods");
23 | my $podfile = new Loghandler("/tmp/pods");
24 | my @pods = @{$podfile->readFile()};
25 |
26 | my @pod_IPS = split('\s',@pods[0]);
27 | print Dumper(@pod_IPS);
28 |
29 | my $sshconfig = new Loghandler("/home/$localusername/.ssh/config");
30 | my $clusterconfig = new Loghandler("/home/$localusername/.clusterssh/clusters");
31 |
32 | my $hostsFile = new Loghandler("/etc/hosts");
33 | my @hostlines = @{$hostsFile->readFile()};
34 | my @clusterconfiglines = @{$clusterconfig->readFile()};
35 |
36 | $sshconfig->truncFile("");
37 | my $loop = 0;
38 | my $podNames='';
39 | foreach(@pod_IPS)
40 | {
41 | my $thisIP = $_;
42 | $sshconfig->addLine("Host $clustername"."-$loop");
43 | $sshconfig->addLine(" ProxyCommand ssh -q $dbname nc -q0 $thisIP 22");
44 | $podNames.=$clustername."-".$loop." ";
45 | for my $i (0..$#hostlines)
46 | {
47 | if(@hostlines[$i] =~ m/$clustername-$loop/)
48 | {
49 | @hostlines[$i]=$thisIP." ".$clustername."-".$loop."\n";
50 | print "found $clustername-$loop in hosts file";
51 | }
52 | }
53 | for my $i (0..$#clusterconfiglines)
54 | {
55 | if(@clusterconfiglines[$i] =~ m/$clustername = /)
56 | {
57 | @clusterconfiglines[$i]='';
58 | }
59 | }
60 | $loop++;
61 | }
62 | print $podNames."'\n";
63 | $podNames=substr($podNames,0,-1);
64 | print $podNames."'\n";
65 | my $hostsfile = "";
66 | $hostsfile.=$_ foreach @hostlines;
67 | print $hostsfile;
68 | $hostsFile->truncFile($hostsfile);
69 |
70 | my $clusterlines = "";
71 | $clusterlines.=$_ foreach @clusterconfiglines;
72 | $clusterlines.="$clustername $podNames\n";
73 | print $clusterlines;
74 | $clusterconfig->truncFile($clusterlines);
75 |
76 |
77 |
78 | exit;
--------------------------------------------------------------------------------
/gcloud scripts/setup_apps_in_cloud.sh:
--------------------------------------------------------------------------------
1 | # First create a single-zone cluster:
2 | # https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-cluster
3 | #
4 | # Then get list of app servers
5 | echo `kubectl get po|grep -v NAME | awk '{print $1}'|while read line ; do kubectl describe po/$line ; done |grep IP | awk '{print $2}'| tr '\n' ' '`
6 | kubectl create -f nfs-pv.yaml
7 | kubectl create -f nfs-pvc.yaml
8 | kubectl create -f create_apps_service.yml
9 | kubectl create -f create_apps.yml
10 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu:22.04
2 | ARG os=jammy
3 | # For reference: xenial = 16.04, bionic = 18.04, focal = 20.04, jammy = 22.04
4 |
5 | EXPOSE 22
6 | EXPOSE 80
7 | EXPOSE 210
8 | EXPOSE 443
9 | EXPOSE 6001
10 |
11 | RUN useradd user -m -s /bin/bash
12 | RUN useradd opensrf -m -s /bin/bash
13 | RUN useradd evergreen -m -s /bin/bash
14 | RUN apt-get update
15 | ENV DEBIAN_FRONTEND noninteractive
16 | ENV TZ=America/New_York
17 | RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
18 | RUN apt-get update && apt-get install -y --no-install-recommends apt-utils
19 |
20 | RUN apt-get -y install ansible
21 | RUN mkdir /egconfigs
22 | ADD vars.yml /egconfigs/vars.yml
23 | ADD test_vars.yml /egconfigs/test_vars.yml
24 | RUN cd /egconfigs && ansible-playbook test_vars.yml -v
25 |
26 | RUN apt-get -y install syslog-ng-core sendmail mailutils sendmail-bin logrotate ssh net-tools iputils-ping sudo nano make autoconf libtool git mlocate git-core ntp cron screen rsync curl vim
27 | RUN if [ $os != "xenial"] ; then dpkg-reconfigure --frontend noninteractive tzdata ; fi
28 |
29 | RUN mkdir -p /mnt/evergreen
30 |
31 | # Run dockerbase script
32 | ADD syslog-ng.sh /egconfigs/
33 | RUN chmod a+xrw /egconfigs/syslog-ng.sh
34 | RUN /egconfigs/syslog-ng.sh
35 |
36 | # Add syslog-ng into runit
37 | ADD build_syslog-ng.sh /etc/service/syslog-ng/run/syslog-ng.sh
38 | # Replace the system() source because inside Docker we can't access /proc/kmsg.
39 | # https://groups.google.com/forum/#!topic/docker-user/446yoB0Vx6w
40 | RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
41 | # Uncomment 'SYSLOGNG_OPTS="--no-caps"' to avoid the following warning:
42 | # syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'
43 | # http://serverfault.com/questions/524518/error-setting-capabilities-capability-management-disabled#
44 | RUN sed -i 's/^#\(SYSLOGNG_OPTS="--no-caps"\)/\1/g' /etc/default/syslog-ng
45 |
46 | ADD hosts /egconfigs/hosts
47 |
48 | ADD logrotate_evergreen.txt /egconfigs/logrotate_evergreen.txt
49 | ADD db_switcher.pl /egconfigs/db_switcher.pl
50 | RUN chmod a+x /egconfigs/db_switcher.pl
51 |
52 | ADD install_evergreen.yml /egconfigs/install_evergreen.yml
53 | ADD evergreen_restart_services.yml /egconfigs/evergreen_restart_services.yml
54 | ADD restart_post_boot.yml /egconfigs/restart_post_boot.yml
55 | ADD run_tests.yml /egconfigs/run_tests.yml
56 | ADD plprofiler.yml /egconfigs/plprofiler.yml
57 | RUN cd /egconfigs && ansible-playbook install_evergreen.yml -v
58 | ENTRYPOINT cd /egconfigs && ansible-playbook evergreen_restart_services.yml -vvvv && while true; do sleep 1; done
59 | #ENTRYPOINT while true; do sleep 1; done
60 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/build_syslog-ng.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 |
4 | # If /dev/log is either a named pipe or it was placed there accidentally,
5 | # e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25,
6 | # then we remove it.
7 | if [ ! -S /dev/log ]; then rm -f /dev/log; fi
8 | if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi
9 |
10 | SYSLOGNG_OPTS=""
11 |
12 | [ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng
13 |
14 | case "x$CONSOLE_LOG_LEVEL" in
15 | x[1-8])
16 | dmesg -n $CONSOLE_LOG_LEVEL
17 | ;;
18 | x)
19 | ;;
20 | *)
21 | echo "CONSOLE_LOG_LEVEL is of unaccepted value."
22 | ;;
23 | esac
24 |
25 | if [ ! -e /dev/xconsole ]
26 | then
27 | mknod -m 640 /dev/xconsole p
28 | chown root:adm /dev/xconsole
29 | [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE
30 | fi
31 |
32 | exec syslog-ng -F -p /var/run/syslog-ng.pid $SYSLOGNG_OPTS
--------------------------------------------------------------------------------
/generic-dockerhub-dev/db_switcher.pl:
--------------------------------------------------------------------------------
1 | #!/usr/bin/perl
2 |
3 | use XML::Simple;
4 | use Data::Dumper;
5 | use DBD::Pg;
6 | use DateTime;
7 |
8 | our $dbHandler;
9 | our %dbconf = %{getDBconnects()};
10 | our @dbfile = ();
11 | our $currentDB = $dbconf{"db"};
12 | our $wantDB = 'evergreen';
13 | our $debug = 0;
14 | our $nonInteractive = 0;
15 | our $egPath = shift || '/home/opensrf/repos/Evergreen';
16 | our $dbControlFile = shift || '/home/opensrf/repos/Evergreen/db_control.txt';
17 | our $egRepoPath = shift || '/home/opensrf/repos/Evergreen-build';
18 | our $egRestartTriggerFile = '/home/opensrf/repos/Evergreen/eg_restart_go';
19 | our @currentDBs = ();
20 |
21 | printHelp if($egPath eq 'help');
22 |
23 | $egPath =~ s/\/$//g;
24 | $egRepoPath =~ s/\/$//g;
25 |
26 | $ENV{'PGUSER'} = $dbconf{"dbuser"};
27 | $ENV{'PGPASSWORD'} = $dbconf{"dbpass"};
28 | $ENV{'PGPORT'} = $dbconf{"port"};
29 | $ENV{'PGHOST'} = $dbconf{"dbhost"};
30 | $ENV{'PGDATABASE'} = $dbconf{"db"};;
31 |
32 | execSystemCMD('touch ' . $dbControlFile) if(!(-e $dbControlFile));
33 |
34 | parseControlFile($dbControlFile);
35 |
36 | getCurrentDatabases();
37 |
38 | makeControlFileReality();
39 |
40 | printOut("Current: [$currentDB]") if $debug;
41 | printOut("Wanted: [$wantDB]") if $debug;
42 | if($currentDB ne $wantDB) {
43 | printOut("Switching Evergreen to use database: [$wantDB]");
44 | populateDBFromCurrentGitBranch($wantDB, 1, 0);
45 | execSystemCMD("touch '$egRestartTriggerFile'", 1);
46 | }
47 |
48 | sub makeControlFileReality {
49 | my $synced = 0;
50 | foreach(@dbfile) {
51 | my %thisDatabase = %{$_};
52 | my $exists = 0;
53 | my $looking = $thisDatabase{'dbname'};
54 | foreach(@currentDBs)
55 | {
56 | printOut("database '$looking' exists") if($debug && lc $_ eq lc $looking);
57 | $exists = 1 if(lc $_ eq lc $looking);
58 | }
59 | if(!$exists)
60 | {
61 | rsyncEvergreenRepo() if !$synced;
62 | $synced = 1;
63 | my $type = '--load-all-sample';
64 | $type = '--load-concerto-enhanced' if($thisDatabase{'type'} eq 'enhanced');
65 | printOut("Creating database '" . $thisDatabase{'dbname'} . "' loaded with: '$type'");
66 | populateDBFromCurrentGitBranch($thisDatabase{'dbname'}, 0, $type);
67 | }
68 | }
69 | }
70 |
71 | sub parseControlFile {
72 | my $file = shift;
73 | my @lines = @{readFile($file)};
74 | @dbfile = ();
75 | foreach(@lines) {
76 | my @splits = split(/[\t\s]+/, $_);
77 | printOut(Dumper(\@splits)) if $debug;
78 | # allow the last column to be missing or null
79 | if( ($#splits == 2) || ($#splits == 1))
80 | {
81 | my %newob = (
82 | 'dbname' => lc @splits[0],
83 | 'type' => lc @splits[1],
84 | 'selected' => @splits[2],
85 | );
86 | # little sanity checking
87 | if ($newob{'type'} eq 'standard' || $newob{'type'} eq 'enhanced')
88 | {
89 | $wantDB = $newob{'dbname'} if(@splits[2] && @splits[2] eq '*');
90 | push(@dbfile, \%newob)
91 | }
92 | }
93 | }
94 | printOut(Dumper(\@dbfile) )if $debug;
95 | }
96 |
97 | sub readFile {
98 | my $file = shift;
99 | my $trys = 0;
100 | my $failed = 0;
101 | my @lines;
102 |
103 | if ( -e $file ) {
104 | my $worked = open( inputfile, '< ' . $file );
105 | if ( !$worked ) {
106 | printOut("******************Failed to read file*************");
107 | }
108 | binmode( inputfile, ":utf8" );
109 | while ( !( open( inputfile, '< ' . $file ) ) && $trys < 100 ) {
110 | printOut("Trying again attempt $trys");
111 | $trys++;
112 | sleep(1);
113 | }
114 | if ( $trys < 100 ) {
115 | @lines = ;
116 | close(inputfile);
117 | }
118 | else {
119 | printOut("Attempted $trys times. COULD NOT READ FILE: $file");
120 | }
121 | close(inputfile);
122 | }
123 | else {
124 | printOut("File does not exist: $file");
125 | }
126 | return \@lines;
127 | }
128 |
129 | sub populateDBFromCurrentGitBranch {
130 | my $db = shift;
131 | my $doConfig = shift;
132 | my $dbLoadSwitch = shift;
133 | my $eg_db_config_stock = "Open-ILS/src/support-scripts/eg_db_config.in";
134 | my $eg_db_config_temp = "Open-ILS/src/support-scripts/eg_db_config";
135 | my $eg_config_stock = "Open-ILS/src/extras/eg_config.in";
136 | my $eg_config_temp = "Open-ILS/src/extras/eg_config";
137 | fix_eg_config( $egRepoPath . "/$eg_db_config_stock", $egRepoPath . "/$eg_db_config_temp" );
138 | fix_eg_config( $egRepoPath . "/$eg_config_stock", $egRepoPath . "/$eg_config_temp" );
139 | my $exec = "cd '$egRepoPath' && perl '$eg_db_config_temp'";
140 | $exec .= " --create-database --create-schema" if($dbLoadSwitch);
141 | $exec .= " --user " . $dbconf{"dbuser"};
142 | $exec .= " --password " . $dbconf{"dbpass"};
143 | $exec .= " --hostname " . $dbconf{"dbhost"};
144 | $exec .= " --port " . $dbconf{"port"};
145 | $exec .= " --database $db";
146 | $exec .= " --admin-user admin";
147 | $exec .= " --admin-pass demo123";
148 | $exec .= " --service all --update-config" if($doConfig);
149 | $exec .= " $dbLoadSwitch" if($dbLoadSwitch);
150 | execSystemCMD($exec);
151 | }
152 |
153 | sub fix_eg_config {
154 | my $inFile = shift;
155 | my $outputFile = shift;
156 |
157 | unlink $outputFile if -e $outputFile;
158 | my $outHandle;
159 | open( $outHandle, '>> ' . $outputFile );
160 | binmode( $outHandle, ":utf8" );
161 |
162 | my @lines = @{ readFile($inFile) };
163 | my %replaceMap = (
164 | '\@prefix\@' => '/openils',
165 | '\@datarootdir\@' => '${prefix}/share',
166 | '\@BUILDILSCORE_TRUE\@' => '',
167 | '\@BUILDILSWEB_TRUE\@' => '',
168 | '\@BUILDILSREPORTER_TRUE\@' => '',
169 | '\@BUILDILSCLIENT_TRUE\@' => '',
170 | '\@PACKAGE_STRING\@' => '',
171 | '\@bindir\@' => '${exec_prefix}/bin',
172 | '\@libdir\@' => '${exec_prefix}/lib',
173 | '\@TMP\@' => '/tmp',
174 | '\@includedir\@' => '${prefix}/include',
175 | '\@APXS2\@' => '',
176 | '\@sysconfdir\@' => '/openils/conf',
177 | '\@LIBXML2_HEADERS\@' => '',
178 | '\@APR_HEADERS\@' => '',
179 | '\@APACHE2_HEADERS\@' => '',
180 | '\@localstatedir\@' => '',
181 | '\@docdir\@' => '',
182 | );
183 |
184 | foreach (@lines) {
185 | my $line = $_;
186 |
187 | # this file has some placeholders. We're not going to make use of
188 | # this feature in the script, but it won't run unless those are populated
189 | while ( ( my $key, my $value ) = each(%replaceMap) ) {
190 | $line =~ s/$key/$value/g;
191 | }
192 | print $outHandle $line;
193 | }
194 | chmod( 0755, $outHandle );
195 | close($outHandle);
196 | }
197 |
198 | sub rsyncEvergreenRepo {
199 | # get the current branch so we can switch back
200 | my $exec = "rsync -a --exclude '.git' --exclude 'node_modules' --no-owner --no-perms --size-only --chown 0:0 $egPath/ $egRepoPath";
201 | execSystemCMD( $exec, 1 );
202 | $exec = "cd $egRepoPath/Open-ILS/src/sql/Pg && rm 000.english.pg1* 000.english.pg95.fts-config.sql 000.english.pg96.fts-config.sql";
203 | execSystemCMD( $exec, 1 );
204 | $exec = "cd $egRepoPath/Open-ILS/src/sql/Pg && cp 000.english.pg94.fts-config.sql 000.english.pg10.fts-config.sql && cp 000.english.pg94.fts-config.sql 000.english.pg11.fts-config.sql && cp 000.english.pg94.fts-config.sql 000.english.pg12.fts-config.sql && cp 000.english.pg94.fts-config.sql 000.english.pg13.fts-config.sql && cp 000.english.pg94.fts-config.sql 000.english.pg14.fts-config.sql && cp 000.english.pg94.fts-config.sql 000.english.pg95.fts-config.sql && cp 000.english.pg94.fts-config.sql 000.english.pg96.fts-config.sql";
205 | execSystemCMD( $exec, 1 );
206 | }
207 |
208 | sub execSystemCMD {
209 | my $cmd = shift;
210 | my $ignoreErrors = shift;
211 | printOut("executing $cmd") if $debug;
212 | system($cmd) == 0;
213 | if ( !$ignoreErrors && ( $? == -1 ) ) {
214 | die "system '$cmd' failed: $?";
215 | }
216 | printOut("Done executing $cmd") if $debug;
217 | }
218 |
219 | sub execSystemCMDWithReturn {
220 | my $cmd = shift;
221 | my $dont_trim = shift;
222 | my $ret;
223 | printOut("executing $cmd") if $debug;
224 | open( DATA, $cmd . '|' );
225 | my $read;
226 | while ( $read = ) {
227 | $ret .= $read;
228 | }
229 | close(DATA);
230 | return 0 unless $ret;
231 | $ret = substr( $ret, 0, -1 ) unless $dont_trim; #remove the last character of output.
232 | printOut("Done executing $cmd") if $debug;
233 | return $ret;
234 | }
235 |
236 | sub getCurrentDatabases {
237 | @currentDBs = ();
238 | my $cmd = "psql -c '\\l'";
239 | my $answer = execSystemCMDWithReturn($cmd);
240 | my @lines = split(/\n/, $answer);
241 | # first three lines are headers
242 | shift @lines;
243 | shift @lines;
244 | shift @lines;
245 | # last row is summary
246 | pop @lines;
247 | foreach(@lines)
248 | {
249 | my @cols = split(/\|/, $_);
250 | # first column is the database name
251 | my $database = shift @cols;
252 | $database =~ s/[\s|\t]//g;
253 | push(@currentDBs, $database)
254 | if($database ne 'template0' && $database ne 'template1' && $database ne '' && $database ne 'postgres');
255 | }
256 | }
257 |
258 | sub printOut {
259 | my $line = shift;
260 | my $dt = DateTime->now(time_zone => "local");
261 | my $date = $dt->ymd;
262 | my $time = $dt->hms;
263 | my $datetime = makeEvenWidth($dt->ymd . " ". $dt->hms, 20);
264 | print $datetime .": $line\n";
265 | }
266 |
267 | sub makeEvenWidth {
268 | my $ret;
269 |
270 | if($#_ != 1)
271 | {
272 | return;
273 | }
274 | $line = shift;
275 | $width = shift;
276 | $ret=$line;
277 | if(length($line)>=$width)
278 | {
279 | $ret=substr($ret,0,$width);
280 | }
281 | else
282 | {
283 | while(length($ret)<$width)
284 | {
285 | $ret=$ret." ";
286 | }
287 | }
288 | return $ret;
289 | }
290 |
291 | sub getDBconnects
292 | {
293 | my $openilsfile = shift || '/openils/conf/opensrf.xml';
294 | my $xml = new XML::Simple;
295 | my $data = $xml->XMLin($openilsfile);
296 | my %conf;
297 | $conf{"dbhost"}=$data->{default}->{apps}->{"open-ils.storage"}->{app_settings}->{databases}->{database}->{host};
298 | $conf{"db"}=$data->{default}->{apps}->{"open-ils.storage"}->{app_settings}->{databases}->{database}->{db};
299 | $conf{"dbuser"}=$data->{default}->{apps}->{"open-ils.storage"}->{app_settings}->{databases}->{database}->{user};
300 | $conf{"dbpass"}=$data->{default}->{apps}->{"open-ils.storage"}->{app_settings}->{databases}->{database}->{pw};
301 | $conf{"port"}=$data->{default}->{apps}->{"open-ils.storage"}->{app_settings}->{databases}->{database}->{port};
302 | return \%conf;
303 |
304 | }
305 |
306 | sub printHelp {
307 | print "Usage: ./db_switcher.pl /path/to/Evergreen_git_repo /path/to/db_control_file
308 |
309 | This program automates the process of hot swapping a running Evergreen machine from
310 | one database to another. It will also create the database from the requested branch
311 | if the database doesn't exist.
312 |
313 | The db_control_file is a simple text file. Each line in the file represents a database
314 | We expect a tab or space delimited file that looks like this:
315 | db_name\t[standard/enhanced]\t* (astricks symbol to indicate the current/wanted database)
316 |
317 | ";
318 | exit 0;
319 | }
320 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/hosts:
--------------------------------------------------------------------------------
1 | 127.0.0.1 localhost
2 | ::1 localhost ip6-localhost ip6-loopback
3 | fe00::0 ip6-localnet
4 | ff00::0 ip6-mcastprefix
5 | ff02::1 ip6-allnodes
6 | ff02::2 ip6-allrouters
7 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/logrotate_evergreen.txt:
--------------------------------------------------------------------------------
1 | replacemewith_path_and_curly_brace
2 | rotate 14
3 | compress
4 | size 1M
5 | notifempty
6 | }
7 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/plprofiler.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # A playbook that you can use to performance profile a single pl/pgsql function
3 | #
4 | # Usage:
5 | # ansible-playbook /egconfigs/plprofiler.yml -e="command='SELECT * FROM asset.opac_ou_record_copy_count(7, 244)'" -e iterations=500
6 | # ansible-playbook /egconfigs/plprofiler.yml -e="command='SELECT unapi.memoize( \'bre\', 1,\'mods32\',\'\',\'{holdings_xml,acp}\'::TEXT[], \'SYS1\')'" # note that the single quotes in your query need to be escaped
7 | #
8 | # You can then ls /home/evergreen/profile* and docker cp the profile file to your host machine,
9 | # then open it in your favorite browser
10 |
11 | - hosts: localhost
12 | connection: local
13 | remote_user: user
14 | become_method: sudo
15 | vars:
16 | command: "SELECT unapi.bre(216,'holdings_xml','record','{}'::TEXT[], 'BR1')"
17 | iterations: 100
18 | vars_files:
19 | - vars.yml
20 | tasks:
21 | - name: Install | install pip
22 | become: true
23 | apt:
24 | name: python3-pip
25 | - name: Install | install client
26 | become: true
27 | environment:
28 | PATH: "/usr/lib/postgresql/{{ postgres_version }}/bin:{{ lookup('env', 'PATH') }}"
29 | pip:
30 | name:
31 | - plprofiler-client
32 | - psycopg2-binary
33 | - name: Install | clone repo
34 | become: true
35 | become_user: opensrf
36 | git:
37 | repo: 'https://github.com/bigsql/plprofiler.git'
38 | dest: /home/opensrf/repos/plprofiler
39 | - name: Install | make install
40 | become: true
41 | environment:
42 | USE_PGXS: 1
43 | PATH: "/usr/lib/postgresql/{{ postgres_version }}/bin:{{ lookup('env', 'PATH') }}"
44 | shell:
45 | cmd: make install
46 | chdir: /home/opensrf/repos/plprofiler
47 | - name: Install | Create extension
48 | become: true
49 | become_user: evergreen
50 | shell: 'psql -c "CREATE EXTENSION IF NOT EXISTS plprofiler"'
51 | - name: Profile | Profile command
52 | become: true
53 | become_user: evergreen
54 | shell:
55 | cmd: >
56 | plprofiler run --command "{% for number in range(0, iterations|int) %}{{ command }};{% endfor %}" --output="profile-$(date +'%Y-%m-%d:%H:%M:%S')" --name="My profile" --title="My profile" --desc="Profile"
57 | chdir: /home/evergreen
58 | ...
59 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/restart_post_boot.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: ma
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Remove ping.txt file
11 | become: true
12 | file: path="{{openils_path}}/var/web/ping.txt" state=absent
13 | - name: Stop Web services
14 | ignore_errors: yes
15 | become: true
16 | service:
17 | name: apache2
18 | state: stopped
19 | # service module is broken for ansible/jammy/docker
20 | - name: Stopping apache2 manually
21 | ignore_errors: yes
22 | shell: /etc/init.d/apache2 stop
23 | when: ubuntu_version|lower == 'jammy'
24 |
25 | - name: Kill z39.50
26 | become: true
27 | ignore_errors: yes
28 | shell: ps aux | grep simple[2]zoom | awk '{print $2}' | xargs kill
29 | - name: Stop Websocketd
30 | become: true
31 | ignore_errors: yes
32 | shell: "/bin/ps -ef | /bin/grep osrf-websocket-stdio | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
33 | - name: Stop nginx Websockets proxy
34 | ignore_errors: yes
35 | become: true
36 | service:
37 | name: nginx
38 | state: stopped
39 | # service module is broken for ansible/jammy/docker
40 | - name: Starting nginx manually
41 | ignore_errors: yes
42 | shell: /etc/init.d/nginx stop
43 | when: ubuntu_version|lower == 'jammy'
44 | - name: Stop OpenSRF
45 | become: true
46 | become_user: opensrf
47 | environment:
48 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
49 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
50 | - name: Stop SIP
51 | become: true
52 | become_user: opensrf
53 | environment:
54 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
55 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/oils_ctl.sh -a stop_sip
56 | - name: Kill OpenSRF
57 | ignore_errors: yes
58 | shell: "/bin/ps -ef | /bin/grep OpenSRF | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
59 | - name: Kill SIP
60 | ignore_errors: yes
61 | shell: /bin/ps -ef | /bin/grep -i sip | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
62 | - name: Stop redis-server
63 | become: true
64 | ignore_errors: yes
65 | service:
66 | name: redis-server
67 | state: stopped
68 | - name: Kill redis-server
69 | ignore_errors: yes
70 | shell: /bin/ps -ef | /bin/grep -i redis | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
71 | - name: Start redis-server
72 | ignore_errors: yes
73 | become: true
74 | service:
75 | name: redis-server
76 | state: started
77 | # service module is broken for ansible/jammy/docker
78 | - name: Starting redis-server manually
79 | ignore_errors: yes
80 | shell: /etc/init.d/redis-server start
81 | when: ubuntu_version|lower == 'jammy'
82 | - name: Pausing for redis-server to start
83 | pause: seconds=5
84 | - name: Reset redis config
85 | become: true
86 | become_user: opensrf
87 | environment:
88 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
89 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control -l --reset-message-bus
90 |
91 | ## we need to copy the incoming Evergreen repo into a local folder because Windows/Linux symlinks don't work together
92 | - name: Delete folder /home/opensrf/repos/Evergreen-build/Open-ILS/src/perlmods/lib/OpenILS
93 | file:
94 | path: /home/opensrf/repos/Evergreen-build/Open-ILS/src/perlmods/lib/OpenILS
95 | state: absent
96 | - name: rsync /home/opensrf/repos/Evergreen/Open-ILS/src/perlmods/lib/OpenILS -> /home/opensrf/repos/Evergreen-build/Open-ILS/src/perlmods/lib/OpenILS
97 | become: true
98 | ignore_errors: yes
99 | shell: rsync -a --exclude ".git" --exclude "node_modules" --no-owner --no-perms --size-only --chown 0:0 /home/opensrf/repos/Evergreen/Open-ILS/src/perlmods/lib/OpenILS/ /home/opensrf/repos/Evergreen-build/Open-ILS/src/perlmods/lib/OpenILS
100 |
101 | - name: rsync /home/opensrf/repos/Evergreen/Open-ILS/src/c-apps -> /home/opensrf/repos/Evergreen-build/Open-ILS/src/c-apps
102 | become: true
103 | ignore_errors: yes
104 | shell: rsync -a --exclude "Makefile" --no-owner --no-perms --size-only --chown 0:0 /home/opensrf/repos/Evergreen/Open-ILS/src/c-apps/ /home/opensrf/repos/Evergreen-build/Open-ILS/src/c-apps
105 |
106 | - name: Put the fm_IDL.xml in conf folder
107 | become: true
108 | ignore_errors: yes
109 | copy:
110 | owner: opensrf
111 | group: opensrf
112 | mode: 0644
113 | src: /home/opensrf/repos/Evergreen/Open-ILS/examples/fm_IDL.xml
114 | dest: /openils/conf/fm_IDL.xml
115 |
116 | - name: Put the fm_IDL.xml in reports folder
117 | become: true
118 | ignore_errors: yes
119 | copy:
120 | owner: opensrf
121 | group: opensrf
122 | mode: 0644
123 | src: /home/opensrf/repos/Evergreen/Open-ILS/examples/fm_IDL.xml
124 | dest: /openils/var/web/reports/fm_IDL.xml
125 |
126 | - name: Autoreconf
127 | become: true
128 | shell: cd /home/opensrf/repos/Evergreen-build && autoreconf -i
129 |
130 | - name: Configuring Evergreen code and make (for perl and C changes)
131 | become: true
132 | shell: cd /home/opensrf/repos/Evergreen-build && PATH={{openils_path}}/bin:$PATH ./configure --prefix={{openils_path}} --sysconfdir={{openils_path}}/conf && make
133 |
134 | - name: make install C changes
135 | become: true
136 | shell: cd /home/opensrf/repos/Evergreen-build/Open-ILS/src/c-apps && make install
137 |
138 | - name: Start OpenSRF
139 | become: true
140 | become_user: opensrf
141 | environment:
142 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
143 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
144 | - name: Pausing for OpenSRF to spawn Drones
145 | pause: seconds=5
146 | - name: Run autogen
147 | become: true
148 | become_user: opensrf
149 | environment:
150 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
151 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/autogen.sh
152 | - name: Start SIP
153 | become: true
154 | become_user: opensrf
155 | environment:
156 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
157 | shell: "{{openils_path}}/bin/oils_ctl.sh -a start_sip"
158 | ### ## Start z39.50
159 | - name: Start z39.50 stuff
160 | become: true
161 | shell: /usr/bin/perl -w /usr/bin/simple2zoom -c {{openils_path}}/conf/dgo.conf -- -f {{openils_path}}/conf/xml2marc-yaz.cfg localhost:2210 localhost.org:210 -v all,sessiondetail,requestdetail,zoom,zoomdetails &
162 | - name: restarting cron
163 | ignore_errors: yes
164 | service:
165 | name: cron
166 | state: restarted
167 | - name: restarting cron
168 | ignore_errors: yes
169 | shell: /etc/init.d/cron stop
170 | when: ubuntu_version|lower == 'jammy'
171 |
172 | - name: Start Web services
173 | become: true
174 | ignore_errors: yes
175 | service:
176 | name: apache2
177 | state: started
178 |
179 | - name: Start Web services
180 | become: true
181 | ignore_errors: yes
182 | shell: /etc/init.d/apache2 start
183 | when: ubuntu_version|lower == 'jammy'
184 |
185 | - name: Starting websocketd
186 | become: true
187 | become_user: opensrf
188 | shell: '/egconfigs/start_websocketd'
189 | - name: Start nginx Websockets proxy
190 | become: true
191 | ignore_errors: yes
192 | service:
193 | name: nginx
194 | state: started
195 |
196 | - name: Start nginx Websockets proxy manually
197 | become: true
198 | ignore_errors: yes
199 | shell: /etc/init.d/nginx start
200 | when: ubuntu_version|lower == 'jammy'
201 |
202 | - name: starting cron
203 | ignore_errors: yes
204 | service:
205 | name: cron
206 | state: started
207 | # service module is broken for ansible/jammy/docker
208 | - name: Starting cron manually
209 | ignore_errors: yes
210 | shell: /etc/init.d/cron restart
211 | when: ubuntu_version|lower == 'jammy'
212 |
213 | - name: Setup ping.txt
214 | remote_user: opensrf
215 | shell: echo pong > {{openils_path}}/var/web/ping.txt && chown opensrf:opensrf {{openils_path}}/var/web/ping.txt
216 |
217 | ...
218 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/run_tests.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Setup | Stop OpenSRF
11 | become: true
12 | become_user: opensrf
13 | environment:
14 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
15 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
16 | tags: angular,angular-e2e,pgtap
17 | - name: Setup | Reload a fresh copy of the concerto dataset
18 | become: true
19 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
20 | tags: angular,angular-e2e,pgtap
21 | - name: Setup | Start OpenSRF
22 | become: true
23 | become_user: opensrf
24 | environment:
25 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
26 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
27 | tags: angular,angular-e2e,pgtap
28 | - name: Setup | Install Firefox
29 | become: true
30 | apt:
31 | name: firefox-nightly
32 | update_cache: true
33 | tags: angularjs,angular,angular-unit,angular-e2e,opac
34 | - name: Setup | Symlink firefox to the firefox-nightly we got from mozilla
35 | become: true
36 | file:
37 | state: link
38 | src: /usr/bin/firefox-nightly
39 | dest: /usr/bin/firefox
40 | tags: angularjs,angular,angular-unit,angular-e2e,opac
41 | - name: Setup | Give evergreen user access to opensrf directories
42 | user:
43 | name: evergreen
44 | groups: opensrf
45 | append: yes
46 | tags: pgtap
47 | - name: Setup | Activate pgtap extension
48 | become: true
49 | become_user: evergreen
50 | shell: psql -c "CREATE EXTENSION pgtap;"
51 | tags: pgtap
52 | - name: Test | Run pgTAP tests
53 | become: true
54 | become_user: evergreen
55 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove t
56 | ignore_errors: true
57 | tags: pgtap
58 | - name: Test | Run pgTAP regression tests
59 | become: true
60 | become_user: evergreen
61 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove t/regress
62 | ignore_errors: true
63 | tags: pgtap
64 | - name: Test | Run pgTAP live tests
65 | become: true
66 | become_user: evergreen
67 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove live_t
68 | ignore_errors: true
69 | tags: pgtap
70 | - name: Test | Run AngularJS unit tests
71 | become: true
72 | shell: cd /home/opensrf/repos/Evergreen-build/Open-ILS/web/js/ui/default/staff && npm run test
73 | ignore_errors: true
74 | tags: angularjs
75 | - name: Test | Run Angular unit tests
76 | become: true
77 | shell: cd /home/opensrf/repos/Evergreen-build/Open-ILS/src/eg2 && npm run test
78 | ignore_errors: true
79 | tags: angular,angular-unit
80 | - name: Test | Run Angular e2e tests
81 | become: true
82 | become_user: opensrf
83 | environment:
84 | MOZ_HEADLESS: 1
85 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/eg2 && ng e2e
86 | ignore_errors: true
87 | tags: angular,angular-e2e
88 | - name: Test | Run OPAC js unit tests
89 | become: true
90 | become_user: opensrf
91 | shell: cd /home/opensrf/repos/Evergreen-build/Open-ILS/web/opac/deps && npm run test
92 | ignore_errors: true
93 | tags: opac
94 | - name: Perl Live Test Setup | Stop OpenSRF
95 | become: true
96 | become_user: opensrf
97 | environment:
98 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
99 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
100 | tags: perl
101 | - name: Perl Live Test Setup | Reload a fresh copy of the concerto dataset
102 | become: true
103 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
104 | tags: perl
105 | - name: Perl Live Test Setup | Start OpenSRF
106 | become: true
107 | become_user: opensrf
108 | environment:
109 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
110 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
111 | tags: perl
112 | - name: Test | Run Perl unit tests
113 | become: true
114 | shell: cd /home/opensrf/repos/Evergreen && make check
115 | ignore_errors: true
116 | tags: perl
117 | - name: Test | Run Perl live tests
118 | become: true
119 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/perlmods && make livecheck
120 | ignore_errors: true
121 | tags: perl
122 | - name: Test | Run C unit tests
123 | become: true
124 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/c-apps && make check
125 | ignore_errors: true
126 | tags: c
127 | - name: Teardown | Stop OpenSRF
128 | become: true
129 | become_user: opensrf
130 | environment:
131 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
132 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
133 | tags: perl,angular,angular-e2e,pgtap
134 | - name: Teardown | Reload a fresh copy of the concerto dataset
135 | become: true
136 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
137 | tags: perl,angular,angular-e2e,pgtap
138 | - name: Teardown | Start OpenSRF
139 | become: true
140 | become_user: opensrf
141 | environment:
142 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
143 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
144 | tags: perl,angular,angular-e2e,pgtap
145 | ...
146 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/syslog-ng.sh:
--------------------------------------------------------------------------------
1 | # Run the build scripts
2 | apt-get update
3 |
4 | # Install syslog-ng.
5 | apt-get install -y --no-install-recommends syslog-ng-core
6 |
7 | # Clean up system
8 | apt-get clean
9 | rm -rf /tmp/* /var/tmp/*
10 | rm -rf /var/lib/apt/lists/*
--------------------------------------------------------------------------------
/generic-dockerhub-dev/test_vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Test ubuntu_version
11 | fail:
12 | msg: ubuntu_version is undefined
13 | when: ubuntu_version is not defined
14 |
15 | - name: Test add_evergreen_language_support
16 | fail:
17 | msg: add_evergreen_language_support is undefined
18 | when: add_evergreen_language_support is not defined
19 |
20 | - name: Test evergreen_git_branch
21 | fail:
22 | msg: evergreen_git_branch is undefined
23 | when: evergreen_git_branch is not defined
24 |
25 | - name: Test evergreen_major_version
26 | fail:
27 | msg: evergreen_major_version is undefined
28 | when: evergreen_major_version is not defined
29 |
30 | - name: Test evergreen_minor_version
31 | fail:
32 | msg: evergreen_minor_version is undefined
33 | when: evergreen_minor_version is not defined
34 |
35 | - name: Test evergreen_bug_version
36 | fail:
37 | msg: evergreen_bug_version is undefined
38 | when: evergreen_bug_version is not defined
39 |
40 | - name: Test install_xul_client
41 | fail:
42 | msg: install_xul_client is undefined
43 | when: install_xul_client is not defined
44 |
45 | - name: Test evergreen_stamp_id
46 | fail:
47 | msg: evergreen_stamp_id is undefined
48 | when: evergreen_stamp_id is not defined
49 |
50 | - name: Test postgres_version
51 | fail:
52 | msg: postgres_version is undefined
53 | when: postgres_version is not defined
54 |
55 | - name: Test websocketd_version
56 | fail:
57 | msg: websocketd_version is undefined
58 | when: websocketd_version is not defined
59 |
60 | - name: Test websocketd_filename
61 | fail:
62 | msg: websocketd_filename is undefined
63 | when: websocketd_filename is not defined
64 |
65 | - name: Test angular_build_command
66 | fail:
67 | msg: angular_build_command is undefined
68 | when: angular_build_command is not defined
69 |
70 | - name: Test opensrf_git_branch
71 | fail:
72 | msg: opensrf_git_branch is undefined
73 | when: opensrf_git_branch is not defined
74 |
75 | - name: Test lets_encrypt_shared_web_folder
76 | fail:
77 | msg: lets_encrypt_shared_web_folder is undefined
78 | when: lets_encrypt_shared_web_folder is not defined
79 |
80 | - name: Test shared_reports_folder
81 | fail:
82 | msg: shared_reports_folder is undefined
83 | when: shared_reports_folder is not defined
84 |
85 | - name: Test shared_circ_notices_folder
86 | fail:
87 | msg: shared_circ_notices_folder is undefined
88 | when: shared_circ_notices_folder is not defined
89 |
90 | - name: Test sync_openils_sub_folders_cmd
91 | fail:
92 | msg: sync_openils_sub_folders_cmd is undefined
93 | when: sync_openils_sub_folders_cmd is not defined
94 |
95 | - name: Test os_user_password
96 | fail:
97 | msg: os_user_password is undefined
98 | when: os_user_password is not defined
99 |
100 | - name: Test openils_path
101 | fail:
102 | msg: openils_path is undefined
103 | when: openils_path is not defined
104 |
105 | - name: Test domain_name
106 | fail:
107 | msg: domain_name is undefined
108 | when: domain_name is not defined
109 |
110 | - name: Test database_host
111 | fail:
112 | msg: database_host is undefined
113 | when: database_host is not defined
114 |
115 | - name: Test database_database
116 | fail:
117 | msg: database_database is undefined
118 | when: database_database is not defined
119 |
120 | - name: Test database_port
121 | fail:
122 | msg: database_port is undefined
123 | when: database_port is not defined
124 |
125 | - name: Test database_user
126 | fail:
127 | msg: database_user is undefined
128 | when: database_user is not defined
129 |
130 | - name: Test database_password
131 | fail:
132 | msg: database_password is undefined
133 | when: database_password is not defined
134 |
135 | - name: Test evergreen_global_admin
136 | fail:
137 | msg: evergreen_global_admin is undefined
138 | when: evergreen_global_admin is not defined
139 |
140 | - name: Test evergreen_global_admin_password
141 | fail:
142 | msg: evergreen_global_admin_password is undefined
143 | when: evergreen_global_admin_password is not defined
144 |
145 | - name: Test sender_address
146 | fail:
147 | msg: sender_address is undefined
148 | when: sender_address is not defined
149 |
150 | - name: Test base_reporter_uri
151 | fail:
152 | msg: base_reporter_uri is undefined
153 | when: base_reporter_uri is not defined
154 |
155 | - name: Test reporter_output_folder
156 | fail:
157 | msg: reporter_output_folder is undefined
158 | when: reporter_output_folder is not defined
159 |
160 | - name: Test opensrf_zip_file_line
161 | fail:
162 | msg: opensrf_zip_file_line is undefined
163 | when: opensrf_zip_file_line is not defined
164 |
165 | - name: Test opensrf_memcached_server
166 | fail:
167 | msg: opensrf_memcached_server is undefined
168 | when: opensrf_memcached_server is not defined
169 |
170 | - name: Test opensrf_memcached_port
171 | fail:
172 | msg: opensrf_memcached_port is undefined
173 | when: opensrf_memcached_port is not defined
174 |
175 | - name: Test use_custom_opensrf_xml
176 | fail:
177 | msg: use_custom_opensrf_xml is undefined
178 | when: use_custom_opensrf_xml is not defined
179 |
180 | - name: Test Evergreen_cherry_picks
181 | fail:
182 | msg: Evergreen_cherry_picks is undefined
183 | when: Evergreen_cherry_picks is not defined
184 |
185 | - name: Test OpenSRF_cherry_picks
186 | fail:
187 | msg: OpenSRF_cherry_picks is undefined
188 | when: OpenSRF_cherry_picks is not defined
189 |
190 | - name: Test SIPServer_cherry_picks
191 | fail:
192 | msg: SIPServer_cherry_picks is undefined
193 | when: SIPServer_cherry_picks is not defined
194 |
195 | - name: Test install_pg_tap
196 | fail:
197 | msg: install_pg_tap is undefined
198 | when: install_pg_tap is not defined
199 |
200 | ...
201 |
--------------------------------------------------------------------------------
/generic-dockerhub-dev/vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Allowed values: xenial, bionic, focal, jammy
3 | # Be sure and update Dockerfile to match the version that you are calling here
4 | # For reference: xenial = 16.04, bionic = 18.04, focal = 20.04, jammy = 22.04
5 | # NOTE: xenial is not supported due to the nodejs stack issues, but left here for reference in case you want to hack it
6 | # Evergreen didn't support ubuntu bionic until version 3.3
7 | ubuntu_version: jammy
8 | evergreen_version: 3.13.4
9 | # This is tempermental. If you turn this setting on, you might end up having to manually edit the resulting installation
10 | # Particularly eg_vhost.conf
11 | add_evergreen_language_support: no
12 | # You can manually assign the Evergreen git branch, or let this regular expression figure it out based on evergreen_version
13 | evergreen_git_branch: main
14 |
15 | evergreen_major_version: "{{evergreen_version|regex_replace('^(\\d*)\\..*$', '\\1') }}"
16 | evergreen_minor_version: "{{evergreen_version|regex_replace('^\\d*\\.(\\d*)\\.?.*$', '\\1') }}"
17 | evergreen_bug_version: "{{evergreen_version|regex_replace('^\\d*\\.\\d*\\.?(\\d*).*$', '\\1') }}"
18 | install_xul_client: "{% if (evergreen_major_version|int > 2 and evergreen_minor_version|int < 3) or evergreen_major_version|int == 2 %}yes{% else %}no{% endif %}"
19 | evergreen_stamp_id: "{{ 'rel_' + (evergreen_version|regex_replace('\\.', '_')) }}"
20 | postgres_version: "{% if ubuntu_version|lower == 'jammy' or ubuntu_version|lower == 'focal' %}15{% elif ubuntu_version|lower == 'bionic' %}9.6{% else %}9.5{% endif %}"
21 | websocketd_version: 0.3.0
22 | websocketd_filename: "websocketd-{{ websocketd_version }}-linux_{% if ansible_architecture == 'aarch64' %}arm64{% else %}amd64{% endif %}.zip"
23 | angular_build_command: "ng build {% if (evergreen_major_version|int == 3 and evergreen_minor_version|int < 9) %}--prod{% else %}--configuration=production{% endif %}"
24 |
25 | # The latest version of OpenSRF seems to work with all versions of Evergreen.
26 | opensrf_git_branch: main
27 |
28 | # This directory will be linked to /openilspath/var/web/.well-known
29 | lets_encrypt_shared_web_folder: /mnt/evergreen/letsencrypt_shared_web_directory/.well-known
30 |
31 | # This variable will create a sym link to /openilspath/var/web/reporter
32 | shared_reports_folder: /mnt/evergreen/reports
33 |
34 | # This variable will create a sym link to /openilspath/var/web/notices
35 | shared_circ_notices_folder: /mnt/evergreen/circ_notices
36 | # Custom script to call during boot time. It needs to be exposed to the container
37 | # errors are ignored, but this variable needs to exist. Set it to something regardless
38 | # This is a mechanism for you to do something custom to the OS upon boot. Anything you can
39 | # do with a shell script. Setting SSL certificates, putting in place custom tt2 files, etc.
40 | sync_openils_sub_folders_cmd: /mnt/evergreen/apps/syncope
41 |
42 |
43 | os_user_password: password
44 | openils_path: /openils
45 |
46 | domain_name: localhost.localdomain.org
47 | database_host: localhost
48 | database_database: evergreen
49 | database_port: 5432
50 | database_user: evergreen
51 | database_password: databasepassword
52 | evergreen_global_admin: admin
53 | evergreen_global_admin_password: demo123
54 | sender_address: no-reply@localhost.com
55 | base_reporter_uri: https://localhost/reporter/
56 | reporter_output_folder: /openils/var/web/reporter
57 | opensrf_zip_file_line: /openils/conf/zips.txt
58 | opensrf_memcached_server: 127.0.0.1
59 | opensrf_memcached_port: 11211
60 | use_custom_opensrf_xml: no
61 | Evergreen_cherry_picks: []
62 | OpenSRF_cherry_picks: []
63 | SIPServer_cherry_picks: []
64 | install_pg_tap: yes
65 | # Also install the Evergreen Universe Rust project
66 | # see https://github.com/kcls/evergreen-universe-rs
67 | install_rust: no
68 | ...
69 |
--------------------------------------------------------------------------------
/generic-dockerhub/.env:
--------------------------------------------------------------------------------
1 |
2 | HOST='app.brick.com'
3 | IMAGE='evergreen'
4 | SSL_PORT='32'
5 | HTTP_PORT='80'
6 | HTTPS_PORT='443'
7 |
--------------------------------------------------------------------------------
/generic-dockerhub/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu:22.04
2 | ARG os=jammy
3 | # For reference: xenial = 16.04, bionic = 18.04, focal = 20.04, jammy = 22.04
4 |
5 | EXPOSE 22
6 | EXPOSE 80
7 | EXPOSE 210
8 | EXPOSE 443
9 | EXPOSE 6001
10 |
11 | RUN useradd user -m -s /bin/bash
12 | RUN useradd opensrf -m -s /bin/bash
13 | RUN useradd evergreen -m -s /bin/bash
14 | RUN apt-get update -qq
15 | ENV DEBIAN_FRONTEND noninteractive
16 | ENV TZ=America/New_York
17 | RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
18 | RUN apt-get update -qq && apt-get install -qq -y --no-install-recommends apt-utils
19 |
20 | RUN apt-get -qq -y install ansible
21 | RUN mkdir /egconfigs
22 | ADD vars.yml /egconfigs/vars.yml
23 | ADD test_vars.yml /egconfigs/test_vars.yml
24 | RUN cd /egconfigs && ansible-playbook test_vars.yml -v
25 |
26 | RUN apt-get -qq -y install syslog-ng-core sendmail mailutils sendmail-bin logrotate ssh net-tools iputils-ping sudo nano make autoconf libtool git mlocate git-core ntp cron screen rsync curl vim
27 | RUN if [ $os != "xenial"] ; then dpkg-reconfigure --frontend noninteractive tzdata ; fi
28 |
29 | RUN mkdir -p /mnt/evergreen
30 |
31 | # Run dockerbase script
32 | ADD syslog-ng.sh /egconfigs/
33 | RUN chmod a+xrw /egconfigs/syslog-ng.sh
34 | RUN /egconfigs/syslog-ng.sh
35 |
36 | # Add syslog-ng into runit
37 | ADD build_syslog-ng.sh /etc/service/syslog-ng/run/syslog-ng.sh
38 | # Replace the system() source because inside Docker we can't access /proc/kmsg.
39 | # https://groups.google.com/forum/#!topic/docker-user/446yoB0Vx6w
40 | RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
41 | # Uncomment 'SYSLOGNG_OPTS="--no-caps"' to avoid the following warning:
42 | # syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'
43 | # http://serverfault.com/questions/524518/error-setting-capabilities-capability-management-disabled#
44 | RUN sed -i 's/^#\(SYSLOGNG_OPTS="--no-caps"\)/\1/g' /etc/default/syslog-ng
45 |
46 | ADD hosts /egconfigs/hosts
47 | ADD ejabberd_jammy.yml /egconfigs/ejabberd_jammy.yml
48 | ADD ejabberd_focal.yml /egconfigs/ejabberd_focal.yml
49 | ADD ejabberd_bionic.yml /egconfigs/ejabberd_bionic.yml
50 | ADD ejabberd_xenial.yml /egconfigs/ejabberd_xenial.yml
51 |
52 | ADD logrotate_evergreen.txt /egconfigs/logrotate_evergreen.txt
53 |
54 | ADD install_evergreen.yml /egconfigs/install_evergreen.yml
55 | ADD evergreen_restart_services.yml /egconfigs/evergreen_restart_services.yml
56 | ADD restart_post_boot.yml /egconfigs/restart_post_boot.yml
57 | ADD run_tests.yml /egconfigs/run_tests.yml
58 | RUN cd /egconfigs && ansible-playbook install_evergreen.yml -v && rm -rf /home/opensrf/repos /home/opensrf/*.tar.gz
59 | ENTRYPOINT cd /egconfigs && ansible-playbook evergreen_restart_services.yml -vvvv && while true; do sleep 1; done
60 | #ENTRYPOINT while true; do sleep 1; done
61 |
--------------------------------------------------------------------------------
/generic-dockerhub/build_syslog-ng.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 |
4 | # If /dev/log is either a named pipe or it was placed there accidentally,
5 | # e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25,
6 | # then we remove it.
7 | if [ ! -S /dev/log ]; then rm -f /dev/log; fi
8 | if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi
9 |
10 | SYSLOGNG_OPTS=""
11 |
12 | [ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng
13 |
14 | case "x$CONSOLE_LOG_LEVEL" in
15 | x[1-8])
16 | dmesg -n $CONSOLE_LOG_LEVEL
17 | ;;
18 | x)
19 | ;;
20 | *)
21 | echo "CONSOLE_LOG_LEVEL is of unaccepted value."
22 | ;;
23 | esac
24 |
25 | if [ ! -e /dev/xconsole ]
26 | then
27 | mknod -m 640 /dev/xconsole p
28 | chown root:adm /dev/xconsole
29 | [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE
30 | fi
31 |
32 | exec syslog-ng -F -p /var/run/syslog-ng.pid $SYSLOGNG_OPTS
--------------------------------------------------------------------------------
/generic-dockerhub/docker-compose.yml:
--------------------------------------------------------------------------------
1 | # docker-compose.yml
2 | #
3 | # vars defined in .env
4 | #
5 | services:
6 | web:
7 | build:
8 | context: .
9 | extra_hosts:
10 | - "public.localhost:127.0.1.2"
11 | - "public:127.0.1.2"
12 | - "private.localhost:127.0.1.3"
13 | - "private:127.0.1.3"
14 | image: '${IMAGE}'
15 | restart: 'no'
16 | hostname: '${HOST}'
17 | container_name: 'eg-${HOST}'
18 | ports:
19 | - '${SSL_PORT}:22'
20 | - '${HTTP_PORT}:80'
21 | - '${HTTPS_PORT}:443'
22 | - '210:210'
23 | - '6001:6001'
24 | volumes:
25 | - '/mnt/evergreen:/mnt/evergreen'
26 |
--------------------------------------------------------------------------------
/generic-dockerhub/ejabberd_focal.yml:
--------------------------------------------------------------------------------
1 | ###
2 | ### ejabberd configuration file
3 | ###
4 | ### The parameters used in this configuration file are explained at
5 | ###
6 | ### https://docs.ejabberd.im/admin/configuration
7 | ###
8 | ### The configuration file is written in YAML.
9 | ### *******************************************************
10 | ### ******* !!! WARNING !!! *******
11 | ### ******* YAML IS INDENTATION SENSITIVE *******
12 | ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
13 | ### *******************************************************
14 | ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
15 | ###
16 | #
17 | ---
18 | ## loglevel: Verbosity of log files generated by ejabberd
19 | ## 0: No ejabberd log at all (not recommended)
20 | ## 1: Critical
21 | ## 2: Error
22 | ## 3: Warning
23 | ## 4: Info
24 | ## 5: Debug
25 | loglevel: 4
26 |
27 | ## rotation: Disable ejabberd's internal log rotation, as the Debian package
28 | ## uses logrotate(8).
29 | log_rotate_count: 0
30 | log_rotate_date: ""
31 |
32 | ## hosts: Domains served by ejabberd.
33 | ## You can define one or several, for example:
34 | ## hosts:
35 | ## - "example.net"
36 | ## - "example.com"
37 | ## - "example.org"
38 |
39 | hosts:
40 | - localhost
41 | - private.localhost
42 | - public.localhost
43 |
44 | certfiles:
45 | - "/etc/ejabberd/ejabberd.pem"
46 | ## - /etc/letsencrypt/live/localhost/fullchain.pem
47 | ## - /etc/letsencrypt/live/localhost/privkey.pem
48 |
49 | ## TLS configuration
50 | define_macro:
51 | 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
52 | 'TLS_OPTIONS':
53 | - "no_sslv3"
54 | - "no_tlsv1"
55 | - "no_tlsv1_1"
56 | - "cipher_server_preference"
57 | - "no_compression"
58 | ## 'DH_FILE': "/path/to/dhparams.pem"
59 | ## generated with: openssl dhparam -out dhparams.pem 2048
60 |
61 | c2s_ciphers: 'TLS_CIPHERS'
62 | s2s_ciphers: 'TLS_CIPHERS'
63 | c2s_protocol_options: 'TLS_OPTIONS'
64 | s2s_protocol_options: 'TLS_OPTIONS'
65 | ## c2s_dhfile: 'DH_FILE'
66 | ## s2s_dhfile: 'DH_FILE'
67 |
68 | listen:
69 | -
70 | port: 5222
71 | ip: "::"
72 | module: ejabberd_c2s
73 | max_stanza_size: 10485760
74 | shaper: c2s_shaper
75 | access: c2s
76 | starttls_required: false
77 | protocol_options: 'TLS_OPTIONS'
78 | -
79 | port: 5223
80 | ip: "::"
81 | module: ejabberd_c2s
82 | max_stanza_size: 10485760
83 | shaper: c2s_shaper
84 | access: c2s
85 | tls: true
86 | protocol_options: 'TLS_OPTIONS'
87 | -
88 | port: 5269
89 | ip: "::"
90 | module: ejabberd_s2s_in
91 | max_stanza_size: 10485760
92 | -
93 | port: 5443
94 | ip: "::"
95 | module: ejabberd_http
96 | tls: true
97 | protocol_options: 'TLS_OPTIONS'
98 | request_handlers:
99 | /api: mod_http_api
100 | /bosh: mod_bosh
101 | ## /captcha: ejabberd_captcha
102 | ## /upload: mod_http_upload
103 | /ws: ejabberd_http_ws
104 | -
105 | port: 5280
106 | ip: "::"
107 | module: ejabberd_http
108 | tls: true
109 | protocol_options: 'TLS_OPTIONS'
110 | request_handlers:
111 | /admin: ejabberd_web_admin
112 | /.well-known/acme-challenge: ejabberd_acme
113 | -
114 | port: 1883
115 | ip: "::"
116 | module: mod_mqtt
117 | backlog: 1000
118 |
119 |
120 | ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
121 | ## password storage (see auth_password_format option).
122 | disable_sasl_mechanisms:
123 | - "digest-md5"
124 | - "X-OAUTH2"
125 |
126 | s2s_use_starttls: required
127 |
128 | ## Store the plain passwords or hashed for SCRAM:
129 | auth_password_format: plain
130 |
131 | ## Full path to a script that generates the image.
132 | ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
133 |
134 | acl:
135 | admin:
136 | user:
137 | - ""
138 |
139 | local:
140 | user_regexp: ""
141 | loopback:
142 | ip:
143 | - 127.0.0.0/8
144 | - ::1/128
145 |
146 | access_rules:
147 | local:
148 | allow: local
149 | c2s:
150 | deny: blocked
151 | allow: all
152 | announce:
153 | allow: admin
154 | configure:
155 | allow: admin
156 | muc_create:
157 | allow: local
158 | pubsub_createnode:
159 | allow: local
160 | trusted_network:
161 | allow: loopback
162 |
163 | api_permissions:
164 | "console commands":
165 | from:
166 | - ejabberd_ctl
167 | who: all
168 | what: "*"
169 | "admin access":
170 | who:
171 | access:
172 | allow:
173 | acl: loopback
174 | acl: admin
175 | oauth:
176 | scope: "ejabberd:admin"
177 | access:
178 | allow:
179 | acl: loopback
180 | acl: admin
181 | what:
182 | - "*"
183 | - "!stop"
184 | - "!start"
185 | "public commands":
186 | who:
187 | ip: 127.0.0.1/8
188 | what:
189 | - status
190 | - connected_users_number
191 |
192 | shaper:
193 | normal: 500000
194 | fast: 500000
195 |
196 | shaper_rules:
197 | max_user_sessions: 10000
198 | ## max_user_offline_messages:
199 | ## 5000: admin
200 | ## 100: all
201 | c2s_shaper:
202 | none: admin
203 | normal: all
204 | s2s_shaper: fast
205 |
206 | modules:
207 | mod_legacy_auth: {}
208 | mod_adhoc: {}
209 | mod_admin_extra: {}
210 | mod_announce:
211 | access: announce
212 | mod_avatar: {}
213 | mod_blocking: {}
214 | mod_bosh: {}
215 | mod_caps: {}
216 | mod_carboncopy: {}
217 | mod_client_state: {}
218 | mod_configure: {}
219 | ## mod_delegation: {} # for xep0356
220 | mod_disco: {}
221 | mod_echo: {}
222 | mod_fail2ban: {}
223 | mod_http_api: {}
224 | ## mod_http_upload:
225 | ## put_url: https://@HOST@:5443/upload
226 | mod_last: {}
227 | ## mod_mam:
228 | ## ## Mnesia is limited to 2GB, better to use an SQL backend
229 | ## ## For small servers SQLite is a good fit and is very easy
230 | ## ## to configure. Uncomment this when you have SQL configured:
231 | ## ## db_type: sql
232 | ## assume_mam_usage: true
233 | ## default: always
234 | mod_mqtt: {}
235 | mod_muc:
236 | access:
237 | - allow
238 | access_admin:
239 | - allow: admin
240 | access_create: muc_create
241 | access_persistent: muc_create
242 | access_mam:
243 | - allow
244 | default_room_options:
245 | mam: true
246 | mod_muc_admin: {}
247 | ## mod_offline:
248 | ## access_max_user_messages: max_user_offline_messages
249 | mod_ping: {}
250 | mod_pres_counter:
251 | count: 5
252 | interval: 60
253 | mod_privacy: {}
254 | mod_private: {}
255 | ## mod_proxy65:
256 | ## access: local
257 | ## max_connections: 5
258 | mod_pubsub:
259 | access_createnode: pubsub_createnode
260 | plugins:
261 | - flat
262 | - pep
263 | force_node_config:
264 | "eu.siacs.conversations.axolotl.*":
265 | access_model: open
266 | ## Avoid buggy clients to make their bookmarks public
267 | storage:bookmarks:
268 | access_model: whitelist
269 | mod_push: {}
270 | mod_push_keepalive: {}
271 | ## mod_register:
272 | ## ## Only accept registration requests from the "trusted"
273 | ## ## network (see access_rules section above).
274 | ## ## Think twice before enabling registration from any
275 | ## ## address. See the Jabber SPAM Manifesto for details:
276 | ## ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
277 | ## ip_access: trusted_network
278 | mod_roster:
279 | versioning: true
280 | mod_s2s_dialback: {}
281 | mod_shared_roster: {}
282 | mod_sic: {}
283 | mod_stream_mgmt:
284 | resend_on_timeout: if_offline
285 | mod_vcard:
286 | search: false
287 | mod_vcard_xupdate: {}
288 | mod_version: {}
289 |
290 | ### Local Variables:
291 | ### mode: yaml
292 | ### End:
293 | ### vim: set filetype=yaml tabstop=8
294 |
--------------------------------------------------------------------------------
/generic-dockerhub/ejabberd_jammy.yml:
--------------------------------------------------------------------------------
1 | ###
2 | ### ejabberd configuration file
3 | ###
4 | ### The parameters used in this configuration file are explained at
5 | ###
6 | ### https://docs.ejabberd.im/admin/configuration
7 | ###
8 | ### The configuration file is written in YAML.
9 | ### *******************************************************
10 | ### ******* !!! WARNING !!! *******
11 | ### ******* YAML IS INDENTATION SENSITIVE *******
12 | ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
13 | ### *******************************************************
14 | ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
15 | ###
16 |
17 |
18 | # loglevel: Verbosity of log files generated by ejabberd
19 | loglevel: info
20 |
21 | # rotation: Disable ejabberd's internal log rotation, as the Debian package
22 | # uses logrotate(8).
23 | log_rotate_count: 0
24 |
25 | # hosts: Domains served by ejabberd.
26 | # You can define one or several, for example:
27 | # hosts:
28 | # - "example.net"
29 | # - "example.com"
30 | # - "example.org"
31 |
32 | hosts:
33 | - localhost
34 | - private.localhost
35 | - public.localhost
36 |
37 | certfiles:
38 | - "/etc/ejabberd/ejabberd.pem"
39 | # - /etc/letsencrypt/live/localhost/fullchain.pem
40 | # - /etc/letsencrypt/live/localhost/privkey.pem
41 |
42 | # TLS configuration
43 | define_macro:
44 | 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
45 | 'TLS_OPTIONS':
46 | - "no_sslv3"
47 | - "no_tlsv1"
48 | - "no_tlsv1_1"
49 | - "cipher_server_preference"
50 | - "no_compression"
51 | # 'DH_FILE': "/path/to/dhparams.pem"
52 | # generated with: openssl dhparam -out dhparams.pem 2048
53 |
54 | c2s_ciphers: 'TLS_CIPHERS'
55 | s2s_ciphers: 'TLS_CIPHERS'
56 | c2s_protocol_options: 'TLS_OPTIONS'
57 | s2s_protocol_options: 'TLS_OPTIONS'
58 | # c2s_dhfile: 'DH_FILE'
59 | # s2s_dhfile: 'DH_FILE'
60 |
61 | listen:
62 | -
63 | port: 5222
64 | ip: "::"
65 | module: ejabberd_c2s
66 | max_stanza_size: 10485760
67 | shaper: c2s_shaper
68 | access: c2s
69 | starttls_required: false
70 | protocol_options: 'TLS_OPTIONS'
71 | -
72 | port: 5223
73 | ip: "::"
74 | module: ejabberd_c2s
75 | max_stanza_size: 10485760
76 | shaper: c2s_shaper
77 | access: c2s
78 | tls: true
79 | protocol_options: 'TLS_OPTIONS'
80 | -
81 | port: 5269
82 | ip: "::"
83 | module: ejabberd_s2s_in
84 | max_stanza_size: 10485760
85 | -
86 | port: 5443
87 | ip: "::"
88 | module: ejabberd_http
89 | tls: true
90 | protocol_options: 'TLS_OPTIONS'
91 | request_handlers:
92 | /api: mod_http_api
93 | /bosh: mod_bosh
94 | ## /captcha: ejabberd_captcha
95 | ## /upload: mod_http_upload
96 | /ws: ejabberd_http_ws
97 | -
98 | port: 5280
99 | ip: "::"
100 | module: ejabberd_http
101 | tls: true
102 | protocol_options: 'TLS_OPTIONS'
103 | request_handlers:
104 | /admin: ejabberd_web_admin
105 | /.well-known/acme-challenge: ejabberd_acme
106 | -
107 | port: 3478
108 | ip: "::"
109 | transport: udp
110 | module: ejabberd_stun
111 | use_turn: true
112 | ## The server's public IPv4 address:
113 | # turn_ipv4_address: "203.0.113.3"
114 | ## The server's public IPv6 address:
115 | # turn_ipv6_address: "2001:db8::3"
116 | -
117 | port: 1883
118 | ip: "::"
119 | module: mod_mqtt
120 | backlog: 1000
121 |
122 |
123 | ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
124 | ## password storage (see auth_password_format option).
125 | disable_sasl_mechanisms:
126 | - "digest-md5"
127 | - "X-OAUTH2"
128 |
129 | s2s_use_starttls: required
130 |
131 | ## Store the plain passwords or hashed for SCRAM:
132 | auth_password_format: plain
133 |
134 | ## Full path to a script that generates the image.
135 | ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
136 |
137 | acl:
138 | admin:
139 | user:
140 | - ""
141 |
142 | local:
143 | user_regexp: ""
144 | loopback:
145 | ip:
146 | - 127.0.0.0/8
147 | - ::1/128
148 |
149 | access_rules:
150 | local:
151 | allow: local
152 | c2s:
153 | deny: blocked
154 | allow: all
155 | announce:
156 | allow: admin
157 | configure:
158 | allow: admin
159 | muc_create:
160 | allow: local
161 | pubsub_createnode:
162 | allow: local
163 | trusted_network:
164 | allow: loopback
165 |
166 | api_permissions:
167 | "console commands":
168 | from:
169 | - ejabberd_ctl
170 | who: all
171 | what: "*"
172 | "admin access":
173 | who:
174 | access:
175 | allow:
176 | - acl: loopback
177 | - acl: admin
178 | oauth:
179 | scope: "ejabberd:admin"
180 | access:
181 | allow:
182 | - acl: loopback
183 | - acl: admin
184 | what:
185 | - "*"
186 | - "!stop"
187 | - "!start"
188 | "public commands":
189 | who:
190 | ip: 127.0.0.1/8
191 | what:
192 | - status
193 | - connected_users_number
194 |
195 | shaper:
196 | normal:
197 | rate: 500000
198 | burst_size: 600000
199 | fast: 500000
200 |
201 | shaper_rules:
202 | max_user_sessions: 10000
203 | ## max_user_offline_messages:
204 | ## 5000: admin
205 | ## 100: all
206 | c2s_shaper:
207 | none: admin
208 | normal: all
209 | s2s_shaper: fast
210 |
211 | modules:
212 | mod_legacy_auth: {}
213 | mod_adhoc: {}
214 | mod_admin_extra: {}
215 | mod_announce:
216 | access: announce
217 | mod_avatar: {}
218 | mod_blocking: {}
219 | mod_bosh: {}
220 | mod_caps: {}
221 | mod_carboncopy: {}
222 | mod_client_state: {}
223 | mod_configure: {}
224 | ## mod_delegation: {} # for xep0356
225 | mod_disco: {}
226 | mod_fail2ban: {}
227 | mod_http_api: {}
228 | ## mod_http_upload:
229 | ## put_url: https://@HOST@:5443/upload
230 | ## custom_headers:
231 | ## "Access-Control-Allow-Origin": "https://@HOST@"
232 | ## "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
233 | ## "Access-Control-Allow-Headers": "Content-Type"
234 | mod_last: {}
235 | ## mod_mam:
236 | ## ## Mnesia is limited to 2GB, better to use an SQL backend
237 | ## ## For small servers SQLite is a good fit and is very easy
238 | ## ## to configure. Uncomment this when you have SQL configured:
239 | ## ## db_type: sql
240 | ## assume_mam_usage: true
241 | ## default: always
242 | mod_mqtt: {}
243 | mod_muc:
244 | access:
245 | - allow
246 | access_admin:
247 | - allow: admin
248 | access_create: muc_create
249 | access_persistent: muc_create
250 | access_mam:
251 | - allow
252 | default_room_options:
253 | mam: true
254 | mod_muc_admin: {}
255 | ## mod_offline:
256 | ## access_max_user_messages: max_user_offline_messages
257 | mod_ping: {}
258 | mod_pres_counter:
259 | count: 5
260 | interval: 60
261 | mod_privacy: {}
262 | mod_private: {}
263 | ## mod_proxy65:
264 | ## access: local
265 | ## max_connections: 5
266 | mod_pubsub:
267 | access_createnode: pubsub_createnode
268 | plugins:
269 | - flat
270 | - pep
271 | force_node_config:
272 | "eu.siacs.conversations.axolotl.*":
273 | access_model: open
274 | ## Avoid buggy clients to make their bookmarks public
275 | storage:bookmarks:
276 | access_model: whitelist
277 | mod_push: {}
278 | mod_push_keepalive: {}
279 | ## mod_register:
280 | ## ## Only accept registration requests from the "trusted"
281 | ## ## network (see access_rules section above).
282 | ## ## Think twice before enabling registration from any
283 | ## ## address. See the Jabber SPAM Manifesto for details:
284 | ## ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
285 | ## ip_access: trusted_network
286 | mod_roster:
287 | versioning: true
288 | mod_s2s_dialback: {}
289 | mod_shared_roster: {}
290 | mod_sic: {}
291 | mod_stream_mgmt:
292 | resend_on_timeout: if_offline
293 | mod_stun_disco: {}
294 | mod_vcard:
295 | search: false
296 | mod_vcard_xupdate: {}
297 | mod_version: {}
298 |
299 | ### Local Variables:
300 | ### mode: yaml
301 | ### End:
302 | ### vim: set filetype=yaml tabstop=8
303 |
--------------------------------------------------------------------------------
/generic-dockerhub/ejabberd_xenial.yml:
--------------------------------------------------------------------------------
1 | ###
2 | ###' ejabberd configuration file
3 | ###
4 | ###
5 |
6 | ### The parameters used in this configuration file are explained in more detail
7 | ### in the ejabberd Installation and Operation Guide.
8 | ### Please consult the Guide in case of doubts, it is included with
9 | ### your copy of ejabberd, and is also available online at
10 | ### http://www.process-one.net/en/ejabberd/docs/
11 |
12 | ### The configuration file is written in YAML.
13 | ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
14 | ### However, ejabberd treats different literals as different types:
15 | ###
16 | ### - unquoted or single-quoted strings. They are called "atoms".
17 | ### Example: dog, 'Jupiter', '3.14159', YELLOW
18 | ###
19 | ### - numeric literals. Example: 3, -45.0, .0
20 | ###
21 | ### - quoted or folded strings.
22 | ### Examples of quoted string: "Lizzard", "orange".
23 | ### Example of folded string:
24 | ### > Art thou not Romeo,
25 | ### and a Montague?
26 |
27 | ###. =======
28 | ###' LOGGING
29 |
30 | ##
31 | ## loglevel: Verbosity of log files generated by ejabberd.
32 | ## 0: No ejabberd log at all (not recommended)
33 | ## 1: Critical
34 | ## 2: Error
35 | ## 3: Warning
36 | ## 4: Info
37 | ## 5: Debug
38 | ##
39 | loglevel: 4
40 |
41 | ##
42 | ## rotation: Disable ejabberd's internal log rotation, as the Debian package
43 | ## uses logrotate(8).
44 | log_rotate_size: 0
45 | log_rotate_date: ""
46 |
47 | ##
48 | ## overload protection: If you want to limit the number of messages per second
49 | ## allowed from error_logger, which is a good idea if you want to avoid a flood
50 | ## of messages when system is overloaded, you can set a limit.
51 | ## 100 is ejabberd's default.
52 | log_rate_limit: 100
53 |
54 | ##
55 | ## watchdog_admins: Only useful for developers: if an ejabberd process
56 | ## consumes a lot of memory, send live notifications to these XMPP
57 | ## accounts.
58 | ##
59 | ## watchdog_admins:
60 | ## - "bob@example.com"
61 |
62 | ###. ===============
63 | ###' NODE PARAMETERS
64 |
65 | ##
66 | ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
67 | ## identical value on all nodes, and in most cases shouldn't be changed at all from
68 | ## default value.
69 | ##
70 | ## net_ticktime: 60
71 |
72 | ###. ================
73 | ###' SERVED HOSTNAMES
74 |
75 | ##
76 | ## hosts: Domains served by ejabberd.
77 | ## You can define one or several, for example:
78 | ## hosts:
79 | ## - "example.net"
80 | ## - "example.com"
81 | ## - "example.org"
82 | ##
83 | hosts:
84 | - "localhost"
85 | - "private.localhost"
86 | - "public.localhost"
87 |
88 | ##
89 | ## route_subdomains: Delegate subdomains to other XMPP servers.
90 | ## For example, if this ejabberd serves example.org and you want
91 | ## to allow communication with an XMPP server called im.example.org.
92 | ##
93 | ## route_subdomains: s2s
94 |
95 | ###. ===============
96 | ###' LISTENING PORTS
97 |
98 | ##
99 | ## listen: The ports ejabberd will listen on, which service each is handled
100 | ## by and what options to start it with.
101 | ##
102 | listen:
103 | -
104 | port: 5222
105 | ip: "::"
106 | module: ejabberd_c2s
107 | ##
108 | ## If TLS is compiled in and you installed a SSL
109 | ## certificate, specify the full path to the
110 | ## file and uncomment these lines:
111 | ##
112 | certfile: "/etc/ejabberd/ejabberd.pem"
113 | starttls: true
114 | ##
115 | ## To enforce TLS encryption for client connections,
116 | ## use this instead of the "starttls" option:
117 | ##
118 | ## starttls_required: true
119 | ##
120 | ## Custom OpenSSL options
121 | ##
122 | protocol_options:
123 | - "no_sslv3"
124 | ## - "no_tlsv1"
125 | max_stanza_size: 2000000
126 | shaper: c2s_shaper
127 | access: c2s
128 | zlib: true
129 | resend_on_timeout: if_offline
130 | -
131 | port: 5269
132 | ip: "::"
133 | module: ejabberd_s2s_in
134 | ##
135 | ## ejabberd_service: Interact with external components (transports, ...)
136 | ##
137 | ## -
138 | ## port: 8888
139 | ## module: ejabberd_service
140 | ## access: all
141 | ## shaper_rule: fast
142 | ## ip: "127.0.0.1"
143 | ## hosts:
144 | ## "icq.example.org":
145 | ## password: "secret"
146 | ## "sms.example.org":
147 | ## password: "secret"
148 |
149 | ##
150 | ## ejabberd_stun: Handles STUN Binding requests
151 | ##
152 | ## -
153 | ## port: 3478
154 | ## transport: udp
155 | ## module: ejabberd_stun
156 |
157 | ##
158 | ## To handle XML-RPC requests that provide admin credentials:
159 | ##
160 | ## -
161 | ## port: 4560
162 | ## module: ejabberd_xmlrpc
163 | ## access_commands: {}
164 | -
165 | port: 5280
166 | ip: "::"
167 | module: ejabberd_http
168 | request_handlers:
169 | "/websocket": ejabberd_http_ws
170 | ## "/pub/archive": mod_http_fileserver
171 | web_admin: true
172 | http_bind: true
173 | ## register: true
174 | captcha: true
175 | tls: true
176 | certfile: "/etc/ejabberd/ejabberd.pem"
177 |
178 | ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
179 | ## password storage (see auth_password_format option).
180 | disable_sasl_mechanisms: "digest-md5"
181 |
182 | ###. ==================
183 | ###' S2S GLOBAL OPTIONS
184 |
185 | ##
186 | ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
187 | ## Allowed values are: false optional required required_trusted
188 | ## You must specify a certificate file.
189 | ##
190 | s2s_use_starttls: optional
191 |
192 | ##
193 | ## s2s_certfile: Specify a certificate file.
194 | ##
195 | s2s_certfile: "/etc/ejabberd/ejabberd.pem"
196 |
197 | ## Custom OpenSSL options
198 | ##
199 | s2s_protocol_options:
200 | - "no_sslv3"
201 | ## - "no_tlsv1"
202 |
203 | ##
204 | ## domain_certfile: Specify a different certificate for each served hostname.
205 | ##
206 | ## host_config:
207 | ## "example.org":
208 | ## domain_certfile: "/path/to/example_org.pem"
209 | ## "example.com":
210 | ## domain_certfile: "/path/to/example_com.pem"
211 |
212 | ##
213 | ## S2S whitelist or blacklist
214 | ##
215 | ## Default s2s policy for undefined hosts.
216 | ##
217 | ## s2s_access: s2s
218 |
219 | ##
220 | ## Outgoing S2S options
221 | ##
222 | ## Preferred address families (which to try first) and connect timeout
223 | ## in milliseconds.
224 | ##
225 | ## outgoing_s2s_families:
226 | ## - ipv4
227 | ## - ipv6
228 | ## outgoing_s2s_timeout: 10000
229 |
230 | ###. ==============
231 | ###' AUTHENTICATION
232 |
233 | ##
234 | ## auth_method: Method used to authenticate the users.
235 | ## The default method is the internal.
236 | ## If you want to use a different method,
237 | ## comment this line and enable the correct ones.
238 | ##
239 | auth_method: internal
240 |
241 | ##
242 | ## Store the plain passwords or hashed for SCRAM:
243 | ## auth_password_format: plain
244 | auth_password_format: plain
245 | ##
246 | ## Define the FQDN if ejabberd doesn't detect it:
247 | ## fqdn: "server3.example.com"
248 |
249 | ##
250 | ## Authentication using external script
251 | ## Make sure the script is executable by ejabberd.
252 | ##
253 | ## auth_method: external
254 | ## extauth_program: "/path/to/authentication/script"
255 |
256 | ##
257 | ## Authentication using ODBC
258 | ## Remember to setup a database in the next section.
259 | ##
260 | ## auth_method: odbc
261 |
262 | ##
263 | ## Authentication using PAM
264 | ##
265 | ## auth_method: pam
266 | ## pam_service: "pamservicename"
267 |
268 | ##
269 | ## Authentication using LDAP
270 | ##
271 | ## auth_method: ldap
272 | ##
273 | ## List of LDAP servers:
274 | ## ldap_servers:
275 | ## - "localhost"
276 | ##
277 | ## Encryption of connection to LDAP servers:
278 | ## ldap_encrypt: none
279 | ## ldap_encrypt: tls
280 | ##
281 | ## Port to connect to on LDAP servers:
282 | ## ldap_port: 389
283 | ## ldap_port: 636
284 | ##
285 | ## LDAP manager:
286 | ## ldap_rootdn: "dc=example,dc=com"
287 | ##
288 | ## Password of LDAP manager:
289 | ## ldap_password: "******"
290 | ##
291 | ## Search base of LDAP directory:
292 | ## ldap_base: "dc=example,dc=com"
293 | ##
294 | ## LDAP attribute that holds user ID:
295 | ## ldap_uids:
296 | ## - "mail": "%u@mail.example.org"
297 | ##
298 | ## LDAP filter:
299 | ## ldap_filter: "(objectClass=shadowAccount)"
300 |
301 | ##
302 | ## Anonymous login support:
303 | ## auth_method: anonymous
304 | ## anonymous_protocol: sasl_anon | login_anon | both
305 | ## allow_multiple_connections: true | false
306 | ##
307 | ## host_config:
308 | ## "public.example.org":
309 | ## auth_method: anonymous
310 | ## allow_multiple_connections: false
311 | ## anonymous_protocol: sasl_anon
312 | ##
313 | ## To use both anonymous and internal authentication:
314 | ##
315 | ## host_config:
316 | ## "public.example.org":
317 | ## auth_method:
318 | ## - internal
319 | ## - anonymous
320 |
321 | ###. ==============
322 | ###' DATABASE SETUP
323 |
324 | ## ejabberd by default uses the internal Mnesia database,
325 | ## so you do not necessarily need this section.
326 | ## This section provides configuration examples in case
327 | ## you want to use other database backends.
328 | ## Please consult the ejabberd Guide for details on database creation.
329 |
330 | ##
331 | ## MySQL server:
332 | ##
333 | ## odbc_type: mysql
334 | ## odbc_server: "server"
335 | ## odbc_database: "database"
336 | ## odbc_username: "username"
337 | ## odbc_password: "password"
338 | ##
339 | ## If you want to specify the port:
340 | ## odbc_port: 1234
341 |
342 | ##
343 | ## PostgreSQL server:
344 | ##
345 | ## odbc_type: pgsql
346 | ## odbc_server: "server"
347 | ## odbc_database: "database"
348 | ## odbc_username: "username"
349 | ## odbc_password: "password"
350 | ##
351 | ## If you want to specify the port:
352 | ## odbc_port: 1234
353 | ##
354 | ## If you use PostgreSQL, have a large database, and need a
355 | ## faster but inexact replacement for "select count(*) from users"
356 | ##
357 | ## pgsql_users_number_estimate: true
358 |
359 | ##
360 | ## SQLite:
361 | ##
362 | ## odbc_type: sqlite
363 | ## odbc_database: "/path/to/database.db"
364 |
365 | ##
366 | ## ODBC compatible or MSSQL server:
367 | ##
368 | ## odbc_type: odbc
369 | ## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
370 |
371 | ##
372 | ## Number of connections to open to the database for each virtual host
373 | ##
374 | ## odbc_pool_size: 10
375 |
376 | ##
377 | ## Interval to make a dummy SQL request to keep the connections to the
378 | ## database alive. Specify in seconds: for example 28800 means 8 hours
379 | ##
380 | ## odbc_keepalive_interval: undefined
381 |
382 | ###. ===============
383 | ###' TRAFFIC SHAPERS
384 |
385 | shaper:
386 | ##
387 | ## The "normal" shaper limits traffic speed to 1000 B/s
388 | ##
389 | normal: 500000
390 |
391 | ##
392 | ## The "fast" shaper limits traffic speed to 50000 B/s
393 | ##
394 | fast: 500000
395 |
396 | ##
397 | ## This option specifies the maximum number of elements in the queue
398 | ## of the FSM. Refer to the documentation for details.
399 | ##
400 | max_fsm_queue: 1000
401 |
402 | ###. ====================
403 | ###' ACCESS CONTROL LISTS
404 | acl:
405 | ##
406 | ## The 'admin' ACL grants administrative privileges to XMPP accounts.
407 | ## You can put here as many accounts as you want.
408 | ##
409 | admin:
410 | user:
411 | - "": "localhost"
412 |
413 | ##
414 | ## Blocked users
415 | ##
416 | ## blocked:
417 | ## user:
418 | ## - "baduser": "example.org"
419 | ## - "test"
420 |
421 | ## Local users: don't modify this.
422 | ##
423 | local:
424 | user_regexp: ""
425 |
426 | ##
427 | ## More examples of ACLs
428 | ##
429 | ## jabberorg:
430 | ## server:
431 | ## - "jabber.org"
432 | ## aleksey:
433 | ## user:
434 | ## - "aleksey": "jabber.ru"
435 | ## test:
436 | ## user_regexp: "^test"
437 | ## user_glob: "test*"
438 |
439 | ##
440 | ## Loopback network
441 | ##
442 | loopback:
443 | ip:
444 | - "127.0.0.0/8"
445 |
446 | ##
447 | ## Bad XMPP servers
448 | ##
449 | ## bad_servers:
450 | ## server:
451 | ## - "xmpp.zombie.org"
452 | ## - "xmpp.spam.com"
453 |
454 | ##
455 | ## Define specific ACLs in a virtual host.
456 | ##
457 | ## host_config:
458 | ## "localhost":
459 | ## acl:
460 | ## admin:
461 | ## user:
462 | ## - "bob-local": "localhost"
463 |
464 | ###. ============
465 | ###' ACCESS RULES
466 | access:
467 | ## Maximum number of simultaneous sessions allowed for a single user:
468 | max_user_sessions:
469 | all: 10000
470 | ## Maximum number of offline messages that users can have:
471 | max_user_offline_messages:
472 | admin: 5000
473 | all: 100
474 | ## This rule allows access only for local users:
475 | local:
476 | local: allow
477 | ## Only non-blocked users can use c2s connections:
478 | c2s:
479 | blocked: deny
480 | all: allow
481 | ## For C2S connections, all users except admins use the "normal" shaper
482 | c2s_shaper:
483 | admin: none
484 | all: normal
485 | ## All S2S connections use the "fast" shaper
486 | s2s_shaper:
487 | all: fast
488 | ## Only admins can send announcement messages:
489 | announce:
490 | admin: allow
491 | ## Only admins can use the configuration interface:
492 | configure:
493 | admin: allow
494 | ## Admins of this server are also admins of the MUC service:
495 | muc_admin:
496 | admin: allow
497 | ## Only accounts of the local ejabberd server can create rooms:
498 | muc_create:
499 | local: allow
500 | ## All users are allowed to use the MUC service:
501 | muc:
502 | all: allow
503 | ## Only accounts on the local ejabberd server can create Pubsub nodes:
504 | pubsub_createnode:
505 | local: allow
506 | ## In-band registration allows registration of any possible username.
507 | ## To disable in-band registration, replace 'allow' with 'deny'.
508 | register:
509 | all: allow
510 | ## Only allow to register from localhost
511 | trusted_network:
512 | loopback: allow
513 | ## Do not establish S2S connections with bad servers
514 | ## s2s:
515 | ## bad_servers: deny
516 | ## all: allow
517 |
518 | ## By default the frequency of account registrations from the same IP
519 | ## is limited to 1 account every 10 minutes. To disable, specify: infinity
520 | ## registration_timeout: 600
521 |
522 | ##
523 | ## Define specific Access Rules in a virtual host.
524 | ##
525 | ## host_config:
526 | ## "localhost":
527 | ## access:
528 | ## c2s:
529 | ## admin: allow
530 | ## all: deny
531 | ## register:
532 | ## all: deny
533 |
534 | ###. ================
535 | ###' DEFAULT LANGUAGE
536 |
537 | ##
538 | ## language: Default language used for server messages.
539 | ##
540 | language: "en"
541 |
542 | ##
543 | ## Set a different default language in a virtual host.
544 | ##
545 | ## host_config:
546 | ## "localhost":
547 | ## language: "ru"
548 |
549 | ###. =======
550 | ###' CAPTCHA
551 |
552 | ##
553 | ## Full path to a script that generates the image.
554 | ##
555 | ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
556 |
557 | ##
558 | ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
559 | ##
560 | ## captcha_host: "example.org:5280"
561 |
562 | ##
563 | ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
564 | ##
565 | ## captcha_limit: 5
566 |
567 | ###. =======
568 | ###' MODULES
569 |
570 | ##
571 | ## Modules enabled in all ejabberd virtual hosts.
572 | ##
573 | modules:
574 | mod_adhoc: {}
575 | mod_admin_extra: {}
576 | mod_announce: # recommends mod_adhoc
577 | access: announce
578 | mod_blocking: {} # requires mod_privacy
579 | mod_caps: {}
580 | mod_carboncopy: {}
581 | mod_client_state: {}
582 | mod_configure: {} # requires mod_adhoc
583 | mod_disco: {}
584 | mod_echo: {}
585 | mod_irc: {}
586 | mod_http_bind: {}
587 | ## mod_http_fileserver:
588 | ## docroot: "/var/www"
589 | ## accesslog: "/var/log/ejabberd/access.log"
590 | mod_last: {}
591 | mod_muc:
592 | ## host: "conference.@HOST@"
593 | access: muc
594 | access_create: muc_create
595 | access_persistent: muc_create
596 | access_admin: muc_admin
597 | ## mod_muc_log: {}
598 | mod_muc_admin: {}
599 | ## mod_multicast: {}
600 | ##mod_offline:
601 | ## access_max_user_messages: max_user_offline_messages
602 | mod_ping: {}
603 | ## mod_pres_counter:
604 | ## count: 5
605 | ## interval: 60
606 | mod_privacy: {}
607 | mod_private: {}
608 | ## mod_proxy65: {}
609 | mod_pubsub:
610 | access_createnode: pubsub_createnode
611 | ## reduces resource comsumption, but XEP incompliant
612 | ignore_pep_from_offline: true
613 | ## XEP compliant, but increases resource comsumption
614 | ## ignore_pep_from_offline: false
615 | last_item_cache: false
616 | plugins:
617 | - "flat"
618 | - "hometree"
619 | - "pep" # pep requires mod_caps
620 | mod_register:
621 | ##
622 | ## Protect In-Band account registrations with CAPTCHA.
623 | ##
624 | ## captcha_protected: true
625 |
626 | ##
627 | ## Set the minimum informational entropy for passwords.
628 | ##
629 | ## password_strength: 32
630 |
631 | ##
632 | ## After successful registration, the user receives
633 | ## a message with this subject and body.
634 | ##
635 | welcome_message:
636 | subject: "Welcome!"
637 | body: |-
638 | Hi.
639 | Welcome to this XMPP server.
640 |
641 | ##
642 | ## When a user registers, send a notification to
643 | ## these XMPP accounts.
644 | ##
645 | ## registration_watchers:
646 | ## - "admin1@example.org"
647 |
648 | ##
649 | ## Only clients in the server machine can register accounts
650 | ##
651 | ip_access: trusted_network
652 |
653 | ##
654 | ## Local c2s or remote s2s users cannot register accounts
655 | ##
656 | ## access_from: deny
657 |
658 | access: register
659 | mod_roster: {}
660 | mod_shared_roster: {}
661 | mod_stats: {}
662 | mod_time: {}
663 | mod_vcard:
664 | search: false
665 | mod_version: {}
666 |
667 | ##
668 | ## Enable modules with custom options in a specific virtual host
669 | ##
670 | ## host_config:
671 | ## "localhost":
672 | ## modules:
673 | ## mod_echo:
674 | ## host: "mirror.localhost"
675 |
676 | ##
677 | ## Enable modules management via ejabberdctl for installation and
678 | ## uninstallation of public/private contributed modules
679 | ## (enabled by default)
680 | ##
681 |
682 | allow_contrib_modules: true
683 |
684 | ###.
685 | ###'
686 | ### Local Variables:
687 | ### mode: yaml
688 | ### End:
689 | ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
690 |
--------------------------------------------------------------------------------
/generic-dockerhub/evergreen_restart_services.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Setup host file
11 | become: true
12 | shell: cp /egconfigs/hosts /etc/hosts
13 | ignore_errors: yes
14 | - user: name=user groups=sudo
15 | - name: Ensure ejabberd private/public networks are accounted for in hosts file 1
16 | become: true
17 | shell: echo 127.0.1.2 public.localhost public >> /etc/hosts
18 | - name: Ensure ejabberd private/public networks are accounted for in hosts file 2
19 | become: true
20 | shell: echo 127.0.1.3 private.localhost private >> /etc/hosts
21 | - name: Add local IP to hosts
22 | ignore_errors: yes
23 | become: true
24 | shell: echo {{ansible_all_ipv4_addresses.0}} {{ansible_fqdn}}.{{domain_name}} {{ansible_hostname}} >> /etc/hosts
25 | - name: starting ssh
26 | ignore_errors: yes
27 | service:
28 | name: ssh
29 | state: started
30 | # service module is broken for ansible/jammy/docker
31 | - name: Starting ssh manually
32 | ignore_errors: yes
33 | shell: /etc/init.d/ssh restart
34 | when: ubuntu_version|lower == 'jammy'
35 |
36 | - name: stopping syslog-ng
37 | ignore_errors: yes
38 | service:
39 | name: syslog-ng
40 | state: stopped
41 | - name: starting syslog-ng
42 | ignore_errors: yes
43 | service:
44 | name: syslog-ng
45 | state: started
46 | # service module is broken for ansible/jammy/docker
47 | - name: Starting syslog-ng manually
48 | ignore_errors: yes
49 | shell: /etc/init.d/syslog-ng restart
50 | when: ubuntu_version|lower == 'jammy'
51 |
52 | - name: starting memcached
53 | ignore_errors: yes
54 | service:
55 | name: memcached
56 | state: started
57 | # service module is broken for ansible/jammy/docker
58 | - name: Starting memcache manually
59 | ignore_errors: yes
60 | shell: /etc/init.d/memcached restart
61 | when: ubuntu_version|lower == 'jammy'
62 |
63 | - name: starting postgres
64 | ignore_errors: yes
65 | service:
66 | name: postgresql
67 | state: started
68 | # service module is broken for ansible/jammy/docker
69 | - name: Starting postgresql manually
70 | ignore_errors: yes
71 | shell: /etc/init.d/postgresql restart
72 | when: ubuntu_version|lower == 'jammy'
73 |
74 | - name: Set Timezone Environment Var
75 | become: true
76 | lineinfile: "dest=/root/.bashrc state=present line='export TZ=America/Chicago'"
77 | - name: Set Timezone Environment Var opensrf
78 | become: true
79 | lineinfile: "dest=/home/opensrf/.bashrc state=present line='export TZ=America/Chicago'"
80 | - name: Set Timezone Environment Var for cron
81 | become: true
82 | lineinfile: "dest=/etc/crontab state=present line='TZ=America/Chicago' insertafter='PATH'"
83 | - name: Remove Timezone file
84 | become: true
85 | file: path=/etc/localtime state=absent
86 | - name: Setup System Timezone
87 | become: true
88 | ignore_errors: yes
89 | shell: ln -s /usr/share/zoneinfo/US/Central /etc/localtime
90 | - stat: path=/egconfigs/logrotate_evergreen.txt
91 | register: logrotate_template
92 | - name: Setup Logrotate for opensrf logs
93 | when: logrotate_template.stat.isdir is defined
94 | ignore_errors: yes
95 | become: true
96 | shell: cp /egconfigs/logrotate_evergreen.txt /etc/logrotate.d/evergreen
97 | - name: Editing evergreen logrotate for opensrf logs
98 | when: logrotate_template.stat.isdir is defined
99 | ignore_errors: yes
100 | become: true
101 | lineinfile: "dest=/etc/logrotate.d/evergreen state=present regexp='replacemewith_path_and_curly_brace' line='{{openils_path}}/var/log/*.log {'"
102 | - name: Changing evergreen logrotate file permissions
103 | when: logrotate_template.stat.isdir is defined
104 | ignore_errors: yes
105 | become: true
106 | file: "path=/etc/logrotate.d/evergreen state=file mode=0644"
107 | - name: Fix Logrotate configuration
108 | become: true
109 | lineinfile: "dest=/etc/logrotate.conf state=present regexp='^su root' line='su root adm'"
110 | - user: name=user groups=sudo
111 | - lineinfile: "dest=/etc/sudoers state=present regexp='^%sudo' line='%sudo ALL=(ALL) NOPASSWD: ALL'"
112 | - file: path=/root/ejabberd.yml state=absent
113 | ## ejabberd remove and reinstall to get fresh database for current brick name
114 | - name: Stopping ejabberd 1
115 | ignore_errors: yes
116 | service:
117 | name: ejabberd
118 | state: stopped
119 |
120 | - name: Kill ejabberd 1
121 | ignore_errors: yes
122 | shell: "/bin/ps -ef | /bin/grep ejabber | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
123 | - name: Delete ejabberd
124 | become: true
125 | shell: updatedb && cp /etc/ejabberd/ejabberd.yml ~/ && apt-get -y --purge remove ejabberd && locate ejabberd|xargs rm -Rf
126 | - name: Install ejabberd fresh
127 | become: true
128 | shell: apt-get -y install ejabberd && cp /root/ejabberd.yml /etc/ejabberd/ejabberd.yml && cp /root/ejabberd.yml /egconfigs
129 | - name: Kill ejabberd 2
130 | ignore_errors: yes
131 | shell: "/bin/ps -ef | /bin/grep ejabber | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
132 | - name: Starting ejabberd 1
133 | ignore_errors: yes
134 | service:
135 | name: ejabberd
136 | state: started
137 | # service module is broken for ansible/jammy/docker
138 | - name: Starting ejabberd manually 1
139 | ignore_errors: yes
140 | shell: /etc/init.d/ejabberd start
141 | when: ubuntu_version|lower == 'jammy'
142 |
143 | - name: Pausing for ejabberd 1
144 | pause: seconds=5
145 | - name: Setup ejabberd users 1
146 | become: true
147 | become_user: ejabberd
148 | shell: ejabberdctl unregister router private.localhost && ejabberdctl unregister opensrf private.localhost && ejabberdctl unregister router public.localhost && ejabberdctl unregister opensrf public.localhost
149 | - name: Setup ejabberd users 2
150 | become: true
151 | become_user: ejabberd
152 | shell: ejabberdctl register router private.localhost {{ejabberd_password}} && ejabberdctl register opensrf private.localhost {{ejabberd_password}} && ejabberdctl register router public.localhost {{ejabberd_password}} && ejabberdctl register opensrf public.localhost {{ejabberd_password}}
153 | ## Evergreen services restart
154 | - name: Disable the default apache sites
155 | become: true
156 | ignore_errors: yes
157 | shell: /usr/sbin/a2dissite default-ssl && /usr/sbin/a2dissite 000-default
158 | - name: Stop Web services
159 | ignore_errors: yes
160 | become: true
161 | service:
162 | name: apache2
163 | state: stopped
164 | # service module is broken for ansible/jammy/docker
165 | - name: Starting apache2 manually 1
166 | ignore_errors: yes
167 | shell: /etc/init.d/apache2 stop
168 | when: ubuntu_version|lower == 'jammy'
169 |
170 | - name: Stop Websocketd
171 | become: true
172 | ignore_errors: yes
173 | shell: "/bin/ps -ef | /bin/grep osrf-websocket-stdio | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
174 | - name: Stop nginx Websockets proxy
175 | ignore_errors: yes
176 | become: true
177 | service:
178 | name: nginx
179 | state: stopped
180 | # service module is broken for ansible/jammy/docker
181 | - name: Starting nginx manually 1
182 | ignore_errors: yes
183 | shell: /etc/init.d/nginx stop
184 | when: ubuntu_version|lower == 'jammy'
185 | - name: Stop OpenSRF
186 | become: true
187 | become_user: opensrf
188 | environment:
189 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
190 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
191 | - name: Stop SIP
192 | become: true
193 | become_user: opensrf
194 | environment:
195 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
196 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/oils_ctl.sh -a stop_sip
197 | - name: Kill OpenSRF
198 | ignore_errors: yes
199 | shell: "/bin/ps -ef | /bin/grep OpenSRF | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
200 | - name: Stopping ejabberd 2
201 | ignore_errors: yes
202 | service:
203 | name: ejabberd
204 | state: stopped
205 | - name: Kill ejabberd 3
206 | ignore_errors: yes
207 | shell: "/bin/ps -ef | /bin/grep ejabber | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
208 | - name: Kill Clark
209 | ignore_errors: yes
210 | shell: /bin/ps -ef | /bin/grep Clark | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
211 | - name: Kill webrick
212 | ignore_errors: yes
213 | shell: /bin/ps -ef | /bin/grep edi_webrick.rb | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
214 | - name: Kill SIP
215 | ignore_errors: yes
216 | shell: /bin/ps -ef | /bin/grep -i sip | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
217 | - name: Starting ejabberd 2
218 | ignore_errors: yes
219 | service:
220 | name: ejabberd
221 | state: started
222 | # service module is broken for ansible/jammy/docker
223 | - name: Starting ejabberd manually 2
224 | ignore_errors: yes
225 | shell: /etc/init.d/ejabberd start
226 | when: ubuntu_version|lower == 'jammy'
227 |
228 | - name: Pausing for ejabberd 2
229 | pause: seconds=10
230 | - name: Setup external domain name in hosts
231 | become: true
232 | ignore_errors: yes
233 | shell: echo {{ansible_all_ipv4_addresses.0}} {{domain_name}} >> /etc/hosts
234 | - name: Sync up the {{openils_path}} directories
235 | become: true
236 | shell: "{{ sync_openils_sub_folders_cmd }}"
237 | ignore_errors: yes
238 | - name: Start OpenSRF
239 | become: true
240 | become_user: opensrf
241 | environment:
242 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
243 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
244 | - name: Pausing for OpenSRF to spawn Drones
245 | pause: seconds=5
246 | - name: Run autogen
247 | become: true
248 | become_user: opensrf
249 | environment:
250 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
251 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/autogen.sh -u
252 | - name: Setup Lets encrypt folder link
253 | become: true
254 | become_user: opensrf
255 | ignore_errors: yes
256 | file:
257 | force: yes
258 | state: link
259 | src: "{{lets_encrypt_shared_web_folder}}"
260 | dest: "{{openils_path}}/var/web/.well-known"
261 | - name: Setup shared reports folder link
262 | become: true
263 | become_user: opensrf
264 | ignore_errors: yes
265 | file:
266 | force: yes
267 | state: link
268 | src: "{{shared_reports_folder}}"
269 | dest: "{{openils_path}}/var/web/reporter"
270 | - name: Setup circ_notices link
271 | become: true
272 | become_user: opensrf
273 | ignore_errors: yes
274 | file:
275 | force: yes
276 | state: link
277 | src: "{{shared_circ_notices_folder}}"
278 | dest: "{{openils_path}}/var/web/notices"
279 |
280 | - name: Clear out the jackets folder when it's not a symlink
281 | become: true
282 | shell: rm -Rf {{openils_path}}/var/web/opac/extras/ac
283 | when: shared_jackets_folder is defined and (jacketsym.stat.islnk is not defined or jacketsym.stat.islnk == false)
284 |
285 | - name: Create Jackets Symlink
286 | become: true
287 | become_user: opensrf
288 | ignore_errors: yes
289 | file:
290 | force: yes
291 | state: link
292 | src: "{{shared_jackets_folder}}"
293 | dest: "{{openils_path}}/var/web/opac/extras/ac"
294 | when: shared_jackets_folder is defined
295 |
296 | - name: Copy fm_IDL
297 | become: true
298 | become_user: opensrf
299 | shell: cp {{ openils_path }}/conf/fm_IDL.xml {{ openils_path }}/var/web/reports/fm_IDL.xml
300 | - name: Start Web services
301 | ignore_errors: yes
302 | become: true
303 | service:
304 | name: apache2
305 | state: started
306 | # service module is broken for ansible/jammy/docker
307 | - name: Starting apache2 manually 2
308 | ignore_errors: yes
309 | shell: /etc/init.d/apache2 start
310 | when: ubuntu_version|lower == 'jammy'
311 |
312 | - name: create websocketd start script
313 | file:
314 | path: /egconfigs/start_websocketd
315 | state: touch
316 | owner: root
317 | group: root
318 | mode: '0755'
319 | - name: Building /egconfigs/start_websocketd 1
320 | become: true
321 | lineinfile: 'dest=/egconfigs/start_websocketd state=present regexp="#!/bin/bas" line="#!/bin/bash"'
322 | - name: Building /egconfigs/start_websocketd 2
323 | become: true
324 | lineinfile: 'dest=/egconfigs/start_websocketd state=present regexp="websocketd" line="/usr/local/bin/websocketd --loglevel error --port 7682 {{openils_path}}/bin/osrf-websocket-stdio >& /dev/null &"'
325 | - name: Starting websocketd
326 | become: true
327 | become_user: opensrf
328 | shell: '/egconfigs/start_websocketd'
329 | - name: Concat the Certificates for nginx
330 | become: true
331 | shell: cat /etc/apache2/ssl/server.crt > /etc/apache2/ssl/nginx.crt
332 | - name: Fix nginx certificate config 1
333 | become: true
334 | lineinfile: 'dest=/etc/nginx/sites-available/osrf-ws-http-proxy state=present regexp="ssl_certificate \/" line="ssl_certificate /etc/apache2/ssl/nginx.crt;"'
335 | - name: Fix nginx certificate config 2
336 | become: true
337 | lineinfile: 'dest=/etc/nginx/sites-available/osrf-ws-http-proxy state=present regexp="ssl_certificate_key\s" line="ssl_certificate_key /etc/apache2/ssl/server.key;"'
338 | - name: Start nginx Websockets proxy
339 | ignore_errors: yes
340 | become: true
341 | service:
342 | name: nginx
343 | state: started
344 | # service module is broken for ansible/jammy/docker
345 | - name: Starting nginx manually 2
346 | ignore_errors: yes
347 | shell: /etc/init.d/nginx start
348 | when: ubuntu_version|lower == 'jammy'
349 |
350 | - name: copy the oils_sip.xml
351 | become: true
352 | shell: cp {{ openils_path }}/conf/oils_sip.xml.example {{ openils_path }}/conf/oils_sip.xml && chown opensrf:opensrf -R {{ openils_path }}
353 | - lineinfile: dest={{ openils_path }}/conf/oils_sip.xml state=present regexp=' {{openils_path}}/var/web/ping.txt && chown opensrf:opensrf {{openils_path}}/var/web/ping.txt
420 | - name: chowning openils
421 | become: true
422 | shell: chown -R opensrf:opensrf {{openils_path}}
423 |
424 | ...
425 |
--------------------------------------------------------------------------------
/generic-dockerhub/hosts:
--------------------------------------------------------------------------------
1 | 127.0.0.1 localhost
2 | ::1 localhost ip6-localhost ip6-loopback
3 | fe00::0 ip6-localnet
4 | ff00::0 ip6-mcastprefix
5 | ff02::1 ip6-allnodes
6 | ff02::2 ip6-allrouters
7 |
--------------------------------------------------------------------------------
/generic-dockerhub/logrotate_evergreen.txt:
--------------------------------------------------------------------------------
1 | replacemewith_path_and_curly_brace
2 | rotate 14
3 | compress
4 | size 1M
5 | notifempty
6 | }
7 |
--------------------------------------------------------------------------------
/generic-dockerhub/restart_post_boot.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: ma
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Remove ping.txt file
11 | become: true
12 | file: path="{{openils_path}}/var/web/ping.txt" state=absent
13 | - name: Stop Web services
14 | ignore_errors: yes
15 | become: true
16 | service:
17 | name: apache2
18 | state: stopped
19 | # service module is broken for ansible/jammy/docker
20 | - name: Stopping apache2 manually
21 | ignore_errors: yes
22 | shell: /etc/init.d/apache2 stop
23 | when: ubuntu_version|lower == 'jammy'
24 |
25 | - name: Kill z39.50
26 | become: true
27 | ignore_errors: yes
28 | shell: ps aux | grep simple[2]zoom | awk '{print $2}' | xargs kill
29 | - name: Stop Websocketd
30 | become: true
31 | ignore_errors: yes
32 | shell: "/bin/ps -ef | /bin/grep osrf-websocket-stdio | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
33 | - name: Stop nginx Websockets proxy
34 | ignore_errors: yes
35 | become: true
36 | service:
37 | name: nginx
38 | state: stopped
39 | # service module is broken for ansible/jammy/docker
40 | - name: Starting nginx manually
41 | ignore_errors: yes
42 | shell: /etc/init.d/nginx stop
43 | when: ubuntu_version|lower == 'jammy'
44 | - name: Stop OpenSRF
45 | become: true
46 | become_user: opensrf
47 | environment:
48 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
49 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
50 | - name: Stop SIP
51 | become: true
52 | become_user: opensrf
53 | environment:
54 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
55 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/oils_ctl.sh -a stop_sip
56 | - name: Kill OpenSRF
57 | ignore_errors: yes
58 | shell: "/bin/ps -ef | /bin/grep OpenSRF | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
59 | - name: Kill SIP
60 | ignore_errors: yes
61 | shell: /bin/ps -ef | /bin/grep -i sip | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
62 | - name: Stop ejabberd
63 | become: true
64 | ignore_errors: yes
65 | service:
66 | name: ejabberd
67 | state: stopped
68 | - name: Kill ejabberd
69 | ignore_errors: yes
70 | shell: /bin/ps -ef | /bin/grep -i ejabberd | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
71 | - name: Start ejabberd
72 | ignore_errors: yes
73 | become: true
74 | service:
75 | name: ejabberd
76 | state: started
77 | # service module is broken for ansible/jammy/docker
78 | - name: Starting ejabberd manually
79 | ignore_errors: yes
80 | shell: /etc/init.d/ejabberd start
81 | when: ubuntu_version|lower == 'jammy'
82 | - name: Pausing for ejabberd to start
83 | pause: seconds=10
84 | - name: Start OpenSRF
85 | become: true
86 | become_user: opensrf
87 | environment:
88 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
89 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
90 | - name: Pausing for OpenSRF to spawn Drones
91 | pause: seconds=5
92 | - name: Run autogen
93 | become: true
94 | become_user: opensrf
95 | environment:
96 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
97 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/autogen.sh
98 | - name: Start SIP
99 | become: true
100 | become_user: opensrf
101 | environment:
102 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
103 | shell: "{{openils_path}}/bin/oils_ctl.sh -a start_sip"
104 | ### ## Start z39.50
105 | - name: Start z39.50 stuff
106 | become: true
107 | shell: /usr/bin/perl -w /usr/bin/simple2zoom -c {{openils_path}}/conf/dgo.conf -- -f {{openils_path}}/conf/xml2marc-yaz.cfg localhost:2210 localhost.org:210 -v all,sessiondetail,requestdetail,zoom,zoomdetails &
108 | - name: restarting cron
109 | ignore_errors: yes
110 | service:
111 | name: cron
112 | state: restarted
113 | - name: restarting cron
114 | ignore_errors: yes
115 | shell: /etc/init.d/cron stop
116 | when: ubuntu_version|lower == 'jammy'
117 |
118 | - name: Start Web services
119 | become: true
120 | ignore_errors: yes
121 | service:
122 | name: apache2
123 | state: started
124 |
125 | - name: Start Web services
126 | become: true
127 | ignore_errors: yes
128 | shell: /etc/init.d/apache2 start
129 | when: ubuntu_version|lower == 'jammy'
130 |
131 | - name: Starting websocketd
132 | become: true
133 | become_user: opensrf
134 | shell: '/egconfigs/start_websocketd'
135 | - name: Start nginx Websockets proxy
136 | become: true
137 | ignore_errors: yes
138 | service:
139 | name: nginx
140 | state: started
141 |
142 | - name: Start nginx Websockets proxy manually
143 | become: true
144 | ignore_errors: yes
145 | shell: /etc/init.d/nginx start
146 | when: ubuntu_version|lower == 'jammy'
147 |
148 | - name: starting cron
149 | ignore_errors: yes
150 | service:
151 | name: cron
152 | state: started
153 | # service module is broken for ansible/jammy/docker
154 | - name: Starting cron manually
155 | ignore_errors: yes
156 | shell: /etc/init.d/cron restart
157 | when: ubuntu_version|lower == 'jammy'
158 |
159 | - name: Setup ping.txt
160 | remote_user: opensrf
161 | shell: echo pong > {{openils_path}}/var/web/ping.txt && chown opensrf:opensrf {{openils_path}}/var/web/ping.txt
162 |
163 | ...
--------------------------------------------------------------------------------
/generic-dockerhub/run_tests.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Setup | Stop OpenSRF
11 | become: true
12 | become_user: opensrf
13 | environment:
14 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
15 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
16 | tags: angular,angular-e2e,pgtap
17 | - name: Setup | Reload a fresh copy of the concerto dataset
18 | become: true
19 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
20 | tags: angular,angular-e2e,pgtap
21 | - name: Setup | Start OpenSRF
22 | become: true
23 | become_user: opensrf
24 | environment:
25 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
26 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
27 | tags: angular,angular-e2e,pgtap
28 | - name: Setup | Install Firefox
29 | become: true
30 | apt:
31 | name: firefox-nightly
32 | update_cache: true
33 | tags: angularjs,angular,angular-e2e,angular-unit,opac
34 | - name: Setup | Symlink firefox to the firefox-nightly we got from mozilla
35 | become: true
36 | file:
37 | state: link
38 | src: /usr/bin/firefox-nightly
39 | dest: /usr/bin/firefox
40 | tags: angularjs,angular,angular-e2e,angular-unit,opac
41 | - name: Setup | Give evergreen user access to opensrf directories
42 | user:
43 | name: evergreen
44 | groups: opensrf
45 | append: yes
46 | tags: pgtap
47 | - name: Setup | Activate pgtap extension
48 | become: true
49 | become_user: evergreen
50 | shell: psql -c "CREATE EXTENSION pgtap;"
51 | tags: pgtap
52 | - name: Test | Run pgTAP tests
53 | become: true
54 | become_user: evergreen
55 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove t
56 | ignore_errors: true
57 | tags: pgtap
58 | - name: Test | Run pgTAP regression tests
59 | become: true
60 | become_user: evergreen
61 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove t/regress
62 | ignore_errors: true
63 | tags: pgtap
64 | - name: Test | Run pgTAP live tests
65 | become: true
66 | become_user: evergreen
67 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove live_t
68 | ignore_errors: true
69 | tags: pgtap
70 | - name: Test | Run AngularJS unit tests
71 | become: true
72 | become_user: opensrf
73 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/web/js/ui/default/staff && npm run test
74 | ignore_errors: true
75 | tags: angularjs
76 | - name: Test | Run Angular unit tests
77 | become: true
78 | become_user: opensrf
79 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/eg2 && npm run test
80 | ignore_errors: true
81 | tags: angular,angular-unit
82 | - name: Test | Run Angular e2e tests
83 | become: true
84 | become_user: opensrf
85 | environment:
86 | MOZ_HEADLESS: 1
87 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/eg2 && ng e2e
88 | ignore_errors: true
89 | tags: angular,angular-e2e
90 | - name: Test | Run OPAC js unit tests
91 | become: true
92 | become_user: opensrf
93 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/web/opac/deps && npm run test
94 | ignore_errors: true
95 | tags: opac
96 | - name: Perl Live Test Setup | Stop OpenSRF
97 | become: true
98 | become_user: opensrf
99 | environment:
100 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
101 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
102 | tags: perl
103 | - name: Perl Live Test Setup | Reload a fresh copy of the concerto dataset
104 | become: true
105 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
106 | tags: perl
107 | - name: Perl Live Test Setup | Start OpenSRF
108 | become: true
109 | become_user: opensrf
110 | environment:
111 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
112 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
113 | tags: perl
114 | - name: Test | Run Perl unit tests
115 | become: true
116 | become_user: opensrf
117 | shell: cd /home/opensrf/repos/Evergreen && make check
118 | ignore_errors: true
119 | tags: perl
120 | - name: Test | Run Perl live tests
121 | become: true
122 | become_user: opensrf
123 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/perlmods && make livecheck
124 | ignore_errors: true
125 | tags: perl
126 | - name: Test | Run C unit tests
127 | become: true
128 | become_user: opensrf
129 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/c-apps/tests && make check
130 | ignore_errors: true
131 | tags: c
132 | - name: Teardown | Stop OpenSRF
133 | become: true
134 | become_user: opensrf
135 | environment:
136 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
137 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
138 | tags: perl,angular,angular-e2e,pgtap
139 | - name: Teardown | Reload a fresh copy of the concerto dataset
140 | become: true
141 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
142 | tags: perl,angular,angular-e2e,pgtap
143 | - name: Teardown | Start OpenSRF
144 | become: true
145 | become_user: opensrf
146 | environment:
147 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
148 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
149 | tags: perl,angular,angular-e2e,pgtap
150 | ...
151 |
--------------------------------------------------------------------------------
/generic-dockerhub/self_check_bash_example.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | LOCALURL="https://YOURDOMAIN/eg/opac/home"
4 |
5 | AOK=`curl -Ik $LOCALURL|grep "2 200"|wc -l`
6 |
7 | date > check.log
8 | # echo $AOK
9 |
10 | EGFL=/tmp/EGFL
11 | if [ -f $EGFL ]; then
12 | echo "EG restart lock found - aborting."
13 | exit
14 | fi
15 |
16 | #TENMINUTES=/tmp/tenminutes
17 | #touch $TENMINUTES
18 | #touch -r $TENMINUTES -d '-10 minutes' $TENMINUTES
19 | #RECENTBOOT=$(find /proc/1/ -maxdepth 1 -name "cmdline" -not -newer ${TENMINUTES} -exec ls -1Atr {} \+ | tail -1)
20 | #if [[ -z "${RECENTBOOT}" ]]; then
21 | # exit
22 | #fi
23 |
24 | if [ "$AOK" -gt "0" ]; then
25 | echo "System OK"
26 | else
27 | echo "creating new EG restart lock file" >> lock.log; touch $EGFL
28 | date >> restart.log
29 | echo "system down... restarting...." >> restart.log
30 | ansible-playbook -vvvv -e "hosts=127.0.0.1" restart_post_boot.yml
31 | date >> lock.log; echo "removing EG restart lock file" >> lock.log; rm -f $EGFL
32 | fi
33 |
34 |
--------------------------------------------------------------------------------
/generic-dockerhub/syslog-ng.sh:
--------------------------------------------------------------------------------
1 | # Run the build scripts
2 | apt-get -qq update
3 |
4 | # Install syslog-ng.
5 | apt-get -qq install -y --no-install-recommends syslog-ng-core
6 |
7 | # Clean up system
8 | apt-get clean
9 | rm -rf /tmp/* /var/tmp/*
10 | rm -rf /var/lib/apt/lists/*
11 |
--------------------------------------------------------------------------------
/generic-dockerhub/test_vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Test ubuntu_version
11 | fail:
12 | msg: ubuntu_version is undefined
13 | when: ubuntu_version is not defined
14 |
15 | - name: Test add_evergreen_language_support
16 | fail:
17 | msg: add_evergreen_language_support is undefined
18 | when: add_evergreen_language_support is not defined
19 |
20 | - name: Test evergreen_git_branch
21 | fail:
22 | msg: evergreen_git_branch is undefined
23 | when: evergreen_git_branch is not defined
24 |
25 | - name: Test evergreen_major_version
26 | fail:
27 | msg: evergreen_major_version is undefined
28 | when: evergreen_major_version is not defined
29 |
30 | - name: Test evergreen_minor_version
31 | fail:
32 | msg: evergreen_minor_version is undefined
33 | when: evergreen_minor_version is not defined
34 |
35 | - name: Test evergreen_bug_version
36 | fail:
37 | msg: evergreen_bug_version is undefined
38 | when: evergreen_bug_version is not defined
39 |
40 | - name: Test install_xul_client
41 | fail:
42 | msg: install_xul_client is undefined
43 | when: install_xul_client is not defined
44 |
45 | - name: Test evergreen_stamp_id
46 | fail:
47 | msg: evergreen_stamp_id is undefined
48 | when: evergreen_stamp_id is not defined
49 |
50 | - name: Test postgres_version
51 | fail:
52 | msg: postgres_version is undefined
53 | when: postgres_version is not defined
54 |
55 | - name: Test websocketd_version
56 | fail:
57 | msg: websocketd_version is undefined
58 | when: websocketd_version is not defined
59 |
60 | - name: Test websocketd_filename
61 | fail:
62 | msg: websocketd_filename is undefined
63 | when: websocketd_filename is not defined
64 |
65 | - name: Test angular_build_command
66 | fail:
67 | msg: angular_build_command is undefined
68 | when: angular_build_command is not defined
69 |
70 | - name: Test opensrf_git_branch
71 | fail:
72 | msg: opensrf_git_branch is undefined
73 | when: opensrf_git_branch is not defined
74 |
75 | - name: Test lets_encrypt_shared_web_folder
76 | fail:
77 | msg: lets_encrypt_shared_web_folder is undefined
78 | when: lets_encrypt_shared_web_folder is not defined
79 |
80 | - name: Test shared_reports_folder
81 | fail:
82 | msg: shared_reports_folder is undefined
83 | when: shared_reports_folder is not defined
84 |
85 | - name: Test shared_circ_notices_folder
86 | fail:
87 | msg: shared_circ_notices_folder is undefined
88 | when: shared_circ_notices_folder is not defined
89 |
90 | - name: Test sync_openils_sub_folders_cmd
91 | fail:
92 | msg: sync_openils_sub_folders_cmd is undefined
93 | when: sync_openils_sub_folders_cmd is not defined
94 |
95 | - name: Test ejabberd_password
96 | fail:
97 | msg: ejabberd_password is undefined
98 | when: ejabberd_password is not defined
99 |
100 | - name: Test os_user_password
101 | fail:
102 | msg: os_user_password is undefined
103 | when: os_user_password is not defined
104 |
105 | - name: Test openils_path
106 | fail:
107 | msg: openils_path is undefined
108 | when: openils_path is not defined
109 |
110 | - name: Test domain_name
111 | fail:
112 | msg: domain_name is undefined
113 | when: domain_name is not defined
114 |
115 | - name: Test database_host
116 | fail:
117 | msg: database_host is undefined
118 | when: database_host is not defined
119 |
120 | - name: Test database_database
121 | fail:
122 | msg: database_database is undefined
123 | when: database_database is not defined
124 |
125 | - name: Test database_port
126 | fail:
127 | msg: database_port is undefined
128 | when: database_port is not defined
129 |
130 | - name: Test database_user
131 | fail:
132 | msg: database_user is undefined
133 | when: database_user is not defined
134 |
135 | - name: Test database_password
136 | fail:
137 | msg: database_password is undefined
138 | when: database_password is not defined
139 |
140 | - name: Test database_sample_data_set
141 | fail:
142 | msg: database_sample_data_set is undefined
143 | when: database_sample_data_set is not defined
144 |
145 | - name: Test evergreen_global_admin
146 | fail:
147 | msg: evergreen_global_admin is undefined
148 | when: evergreen_global_admin is not defined
149 |
150 | - name: Test evergreen_global_admin_password
151 | fail:
152 | msg: evergreen_global_admin_password is undefined
153 | when: evergreen_global_admin_password is not defined
154 |
155 | - name: Test sender_address
156 | fail:
157 | msg: sender_address is undefined
158 | when: sender_address is not defined
159 |
160 | - name: Test base_reporter_uri
161 | fail:
162 | msg: base_reporter_uri is undefined
163 | when: base_reporter_uri is not defined
164 |
165 | - name: Test reporter_output_folder
166 | fail:
167 | msg: reporter_output_folder is undefined
168 | when: reporter_output_folder is not defined
169 |
170 | - name: Test opensrf_zip_file_line
171 | fail:
172 | msg: opensrf_zip_file_line is undefined
173 | when: opensrf_zip_file_line is not defined
174 |
175 | - name: Test opensrf_memcached_server
176 | fail:
177 | msg: opensrf_memcached_server is undefined
178 | when: opensrf_memcached_server is not defined
179 |
180 | - name: Test opensrf_memcached_port
181 | fail:
182 | msg: opensrf_memcached_port is undefined
183 | when: opensrf_memcached_port is not defined
184 |
185 | - name: Test use_custom_opensrf_xml
186 | fail:
187 | msg: use_custom_opensrf_xml is undefined
188 | when: use_custom_opensrf_xml is not defined
189 |
190 | - name: Test Evergreen_cherry_picks
191 | fail:
192 | msg: Evergreen_cherry_picks is undefined
193 | when: Evergreen_cherry_picks is not defined
194 |
195 | - name: Test OpenSRF_cherry_picks
196 | fail:
197 | msg: OpenSRF_cherry_picks is undefined
198 | when: OpenSRF_cherry_picks is not defined
199 |
200 | - name: Test SIPServer_cherry_picks
201 | fail:
202 | msg: SIPServer_cherry_picks is undefined
203 | when: SIPServer_cherry_picks is not defined
204 |
205 | - name: Test install_pg_tap
206 | fail:
207 | msg: install_pg_tap is undefined
208 | when: install_pg_tap is not defined
209 |
210 | ...
211 |
--------------------------------------------------------------------------------
/generic-dockerhub/vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Allowed values: xenial, bionic, focal, jammy
3 | # Be sure and update Dockerfile to match the version that you are calling here
4 | # For reference: xenial = 16.04, bionic = 18.04, focal = 20.04, jammy = 22.04
5 | # NOTE: xenial is not supported due to the nodejs stack issues, but left here for reference in case you want to hack it
6 | # Evergreen didn't support ubuntu bionic until version 3.3
7 | ubuntu_version: jammy
8 | evergreen_version: 3.14.0
9 | # This is tempermental. If you turn this setting on, you might end up having to manually edit the resulting installation
10 | # Particularly eg_vhost.conf
11 | add_evergreen_language_support: no
12 | # You can manually assign the Evergreen git branch, or let this regular expression figure it out based on evergreen_version
13 | evergreen_git_branch: "{{ 'tags/rel_' + (evergreen_version|regex_replace('\\.', '_')) }}"
14 |
15 | evergreen_major_version: "{{evergreen_version|regex_replace('^(\\d*)\\..*$', '\\1') }}"
16 | evergreen_minor_version: "{{evergreen_version|regex_replace('^\\d*\\.(\\d*)\\.?.*$', '\\1') }}"
17 | evergreen_bug_version: "{{evergreen_version|regex_replace('^\\d*\\.\\d*\\.?(\\d*).*$', '\\1') }}"
18 | install_xul_client: "{% if (evergreen_major_version|int > 2 and evergreen_minor_version|int < 3) or evergreen_major_version|int == 2 %}yes{% else %}no{% endif %}"
19 | evergreen_stamp_id: "{{ 'rel_' + (evergreen_version|regex_replace('\\.', '_')) }}"
20 | postgres_version: "{% if evergreen_major_version|int == 3 and evergreen_minor_version|int > 13 %}15{% elif ubuntu_version|lower == 'jammy' or ubuntu_version|lower == 'focal' %}10{% elif ubuntu_version|lower == 'bionic' %}9.6{% else %}9.5{% endif %}"
21 | websocketd_version: 0.3.0
22 | websocketd_filename: "websocketd-{{ websocketd_version }}-linux_{% if ansible_architecture == 'aarch64' %}arm64{% else %}amd64{% endif %}.zip"
23 | angular_build_command: "ng build {% if (evergreen_major_version|int == 3 and evergreen_minor_version|int < 9) %}--prod{% else %}--configuration=production{% endif %}"
24 |
25 | # The latest version of OpenSRF seems to work with all versions of Evergreen.
26 | opensrf_git_branch: osrf_rel_3_3_2
27 |
28 | # This directory will be linked to /openilspath/var/web/.well-known
29 | lets_encrypt_shared_web_folder: /mnt/evergreen/letsencrypt_shared_web_directory/.well-known
30 |
31 | # This variable will create a sym link to /openilspath/var/web/reporter
32 | shared_reports_folder: /mnt/evergreen/reports
33 |
34 | # This variable will create a sym link to /openilspath/var/web/notices
35 | shared_circ_notices_folder: /mnt/evergreen/circ_notices
36 | # Custom script to call during boot time. It needs to be exposed to the container
37 | # errors are ignored, but this variable needs to exist. Set it to something regardless
38 | # This is a mechanism for you to do something custom to the OS upon boot. Anything you can
39 | # do with a shell script. Setting SSL certificates, putting in place custom tt2 files, etc.
40 | sync_openils_sub_folders_cmd: /mnt/evergreen/apps/syncope
41 |
42 | ejabberd_password: ejabberdpassword
43 | os_user_password: password
44 | openils_path: /openils
45 |
46 | domain_name: localhost.localdomain.org
47 | database_host: localhost
48 | database_database: evergreen
49 | database_port: 5432
50 | database_user: evergreen
51 | database_password: databasepassword
52 | # Enhanced concerto: --load-concerto-enhanced
53 | # Smaller concerto: --load-all-sample
54 | database_sample_data_set: --load-concerto-enhanced
55 | evergreen_global_admin: admin
56 | evergreen_global_admin_password: demo123
57 | sender_address: no-reply@localhost.com
58 | base_reporter_uri: https://localhost/reporter/
59 | reporter_output_folder: /openils/var/web/reporter
60 | opensrf_zip_file_line: /openils/conf/zips.txt
61 | opensrf_memcached_server: 127.0.0.1
62 | opensrf_memcached_port: 11211
63 | use_custom_opensrf_xml: no
64 | Evergreen_cherry_picks: ['0311de0825084499642407f09e08f63a93b46e6f']
65 | OpenSRF_cherry_picks: []
66 | SIPServer_cherry_picks: []
67 | install_pg_tap: yes
68 | ...
69 |
--------------------------------------------------------------------------------
/generic-tarball/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu:22.04
2 | ARG os=jammy
3 | # For reference: xenial = 16.04, bionic = 18.04, focal = 20.04, jammy = 22.04
4 |
5 | EXPOSE 22
6 | EXPOSE 80
7 | EXPOSE 210
8 | EXPOSE 443
9 | EXPOSE 6001
10 |
11 | RUN useradd user -m -s /bin/bash
12 | RUN useradd opensrf -m -s /bin/bash
13 | RUN useradd evergreen -m -s /bin/bash
14 | RUN apt-get -qq update
15 | ENV DEBIAN_FRONTEND noninteractive
16 | ENV TZ=America/New_York
17 | RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
18 | RUN apt-get update -qq && apt-get install -qq -y --no-install-recommends apt-utils
19 |
20 | RUN apt-get install -qq -y ansible
21 | RUN mkdir /egconfigs
22 | ADD vars.yml /egconfigs/vars.yml
23 | ADD test_vars.yml /egconfigs/test_vars.yml
24 | RUN cd /egconfigs && ansible-playbook test_vars.yml -v
25 |
26 | RUN apt-get -qq -y install syslog-ng-core sendmail mailutils sendmail-bin logrotate ssh net-tools iputils-ping sudo nano make autoconf libtool git mlocate git-core ntp cron screen rsync curl vim
27 | RUN if [ $os != "xenial"] ; then dpkg-reconfigure --frontend noninteractive tzdata ; fi
28 |
29 | RUN mkdir -p /mnt/evergreen
30 |
31 | # Run dockerbase script
32 | ADD syslog-ng.sh /egconfigs/
33 | RUN chmod a+xrw /egconfigs/syslog-ng.sh
34 | RUN /egconfigs/syslog-ng.sh
35 |
36 | # Add syslog-ng into runit
37 | ADD build_syslog-ng.sh /etc/service/syslog-ng/run/syslog-ng.sh
38 | # Replace the system() source because inside Docker we can't access /proc/kmsg.
39 | # https://groups.google.com/forum/#!topic/docker-user/446yoB0Vx6w
40 | RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
41 | # Uncomment 'SYSLOGNG_OPTS="--no-caps"' to avoid the following warning:
42 | # syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'
43 | # http://serverfault.com/questions/524518/error-setting-capabilities-capability-management-disabled#
44 | RUN sed -i 's/^#\(SYSLOGNG_OPTS="--no-caps"\)/\1/g' /etc/default/syslog-ng
45 |
46 | ADD hosts /egconfigs/hosts
47 | ADD ejabberd_jammy.yml /egconfigs/ejabberd_jammy.yml
48 | ADD ejabberd_focal.yml /egconfigs/ejabberd_focal.yml
49 | ADD ejabberd_bionic.yml /egconfigs/ejabberd_bionic.yml
50 | ADD ejabberd_xenial.yml /egconfigs/ejabberd_xenial.yml
51 |
52 | ADD logrotate_evergreen.txt /egconfigs/logrotate_evergreen.txt
53 | COPY *.tar.gz /egconfigs/
54 | ADD install_evergreen.yml /egconfigs/install_evergreen.yml
55 | ADD evergreen_restart_services.yml /egconfigs/evergreen_restart_services.yml
56 | ADD restart_post_boot.yml /egconfigs/restart_post_boot.yml
57 | ADD run_tests.yml /egconfigs/run_tests.yml
58 |
59 | RUN cd /egconfigs && ansible-playbook install_evergreen.yml -v && rm -rf /home/opensrf/repos /home/opensrf/*.tar.gz
60 | ENTRYPOINT cd /egconfigs && ansible-playbook evergreen_restart_services.yml -vvvv && while true; do sleep 1; done
61 | #ENTRYPOINT while true; do sleep 1; done
62 |
--------------------------------------------------------------------------------
/generic-tarball/build_syslog-ng.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 |
4 | # If /dev/log is either a named pipe or it was placed there accidentally,
5 | # e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25,
6 | # then we remove it.
7 | if [ ! -S /dev/log ]; then rm -f /dev/log; fi
8 | if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi
9 |
10 | SYSLOGNG_OPTS=""
11 |
12 | [ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng
13 |
14 | case "x$CONSOLE_LOG_LEVEL" in
15 | x[1-8])
16 | dmesg -n $CONSOLE_LOG_LEVEL
17 | ;;
18 | x)
19 | ;;
20 | *)
21 | echo "CONSOLE_LOG_LEVEL is of unaccepted value."
22 | ;;
23 | esac
24 |
25 | if [ ! -e /dev/xconsole ]
26 | then
27 | mknod -m 640 /dev/xconsole p
28 | chown root:adm /dev/xconsole
29 | [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE
30 | fi
31 |
32 | exec syslog-ng -F -p /var/run/syslog-ng.pid $SYSLOGNG_OPTS
--------------------------------------------------------------------------------
/generic-tarball/ejabberd_focal.yml:
--------------------------------------------------------------------------------
1 | ###
2 | ### ejabberd configuration file
3 | ###
4 | ### The parameters used in this configuration file are explained at
5 | ###
6 | ### https://docs.ejabberd.im/admin/configuration
7 | ###
8 | ### The configuration file is written in YAML.
9 | ### *******************************************************
10 | ### ******* !!! WARNING !!! *******
11 | ### ******* YAML IS INDENTATION SENSITIVE *******
12 | ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
13 | ### *******************************************************
14 | ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
15 | ###
16 | #
17 | ---
18 | ## loglevel: Verbosity of log files generated by ejabberd
19 | ## 0: No ejabberd log at all (not recommended)
20 | ## 1: Critical
21 | ## 2: Error
22 | ## 3: Warning
23 | ## 4: Info
24 | ## 5: Debug
25 | loglevel: 4
26 |
27 | ## rotation: Disable ejabberd's internal log rotation, as the Debian package
28 | ## uses logrotate(8).
29 | log_rotate_count: 0
30 | log_rotate_date: ""
31 |
32 | ## hosts: Domains served by ejabberd.
33 | ## You can define one or several, for example:
34 | ## hosts:
35 | ## - "example.net"
36 | ## - "example.com"
37 | ## - "example.org"
38 |
39 | hosts:
40 | - localhost
41 | - private.localhost
42 | - public.localhost
43 |
44 | certfiles:
45 | - "/etc/ejabberd/ejabberd.pem"
46 | ## - /etc/letsencrypt/live/localhost/fullchain.pem
47 | ## - /etc/letsencrypt/live/localhost/privkey.pem
48 |
49 | ## TLS configuration
50 | define_macro:
51 | 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
52 | 'TLS_OPTIONS':
53 | - "no_sslv3"
54 | - "no_tlsv1"
55 | - "no_tlsv1_1"
56 | - "cipher_server_preference"
57 | - "no_compression"
58 | ## 'DH_FILE': "/path/to/dhparams.pem"
59 | ## generated with: openssl dhparam -out dhparams.pem 2048
60 |
61 | c2s_ciphers: 'TLS_CIPHERS'
62 | s2s_ciphers: 'TLS_CIPHERS'
63 | c2s_protocol_options: 'TLS_OPTIONS'
64 | s2s_protocol_options: 'TLS_OPTIONS'
65 | ## c2s_dhfile: 'DH_FILE'
66 | ## s2s_dhfile: 'DH_FILE'
67 |
68 | listen:
69 | -
70 | port: 5222
71 | ip: "::"
72 | module: ejabberd_c2s
73 | max_stanza_size: 10485760
74 | shaper: c2s_shaper
75 | access: c2s
76 | starttls_required: false
77 | protocol_options: 'TLS_OPTIONS'
78 | -
79 | port: 5223
80 | ip: "::"
81 | module: ejabberd_c2s
82 | max_stanza_size: 10485760
83 | shaper: c2s_shaper
84 | access: c2s
85 | tls: true
86 | protocol_options: 'TLS_OPTIONS'
87 | -
88 | port: 5269
89 | ip: "::"
90 | module: ejabberd_s2s_in
91 | max_stanza_size: 10485760
92 | -
93 | port: 5443
94 | ip: "::"
95 | module: ejabberd_http
96 | tls: true
97 | protocol_options: 'TLS_OPTIONS'
98 | request_handlers:
99 | /api: mod_http_api
100 | /bosh: mod_bosh
101 | ## /captcha: ejabberd_captcha
102 | ## /upload: mod_http_upload
103 | /ws: ejabberd_http_ws
104 | -
105 | port: 5280
106 | ip: "::"
107 | module: ejabberd_http
108 | tls: true
109 | protocol_options: 'TLS_OPTIONS'
110 | request_handlers:
111 | /admin: ejabberd_web_admin
112 | /.well-known/acme-challenge: ejabberd_acme
113 | -
114 | port: 1883
115 | ip: "::"
116 | module: mod_mqtt
117 | backlog: 1000
118 |
119 |
120 | ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
121 | ## password storage (see auth_password_format option).
122 | disable_sasl_mechanisms:
123 | - "digest-md5"
124 | - "X-OAUTH2"
125 |
126 | s2s_use_starttls: required
127 |
128 | ## Store the plain passwords or hashed for SCRAM:
129 | auth_password_format: plain
130 |
131 | ## Full path to a script that generates the image.
132 | ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
133 |
134 | acl:
135 | admin:
136 | user:
137 | - ""
138 |
139 | local:
140 | user_regexp: ""
141 | loopback:
142 | ip:
143 | - 127.0.0.0/8
144 | - ::1/128
145 |
146 | access_rules:
147 | local:
148 | allow: local
149 | c2s:
150 | deny: blocked
151 | allow: all
152 | announce:
153 | allow: admin
154 | configure:
155 | allow: admin
156 | muc_create:
157 | allow: local
158 | pubsub_createnode:
159 | allow: local
160 | trusted_network:
161 | allow: loopback
162 |
163 | api_permissions:
164 | "console commands":
165 | from:
166 | - ejabberd_ctl
167 | who: all
168 | what: "*"
169 | "admin access":
170 | who:
171 | access:
172 | allow:
173 | acl: loopback
174 | acl: admin
175 | oauth:
176 | scope: "ejabberd:admin"
177 | access:
178 | allow:
179 | acl: loopback
180 | acl: admin
181 | what:
182 | - "*"
183 | - "!stop"
184 | - "!start"
185 | "public commands":
186 | who:
187 | ip: 127.0.0.1/8
188 | what:
189 | - status
190 | - connected_users_number
191 |
192 | shaper:
193 | normal: 500000
194 | fast: 500000
195 |
196 | shaper_rules:
197 | max_user_sessions: 10000
198 | ## max_user_offline_messages:
199 | ## 5000: admin
200 | ## 100: all
201 | c2s_shaper:
202 | none: admin
203 | normal: all
204 | s2s_shaper: fast
205 |
206 | modules:
207 | mod_legacy_auth: {}
208 | mod_adhoc: {}
209 | mod_admin_extra: {}
210 | mod_announce:
211 | access: announce
212 | mod_avatar: {}
213 | mod_blocking: {}
214 | mod_bosh: {}
215 | mod_caps: {}
216 | mod_carboncopy: {}
217 | mod_client_state: {}
218 | mod_configure: {}
219 | ## mod_delegation: {} # for xep0356
220 | mod_disco: {}
221 | mod_echo: {}
222 | mod_fail2ban: {}
223 | mod_http_api: {}
224 | ## mod_http_upload:
225 | ## put_url: https://@HOST@:5443/upload
226 | mod_last: {}
227 | ## mod_mam:
228 | ## ## Mnesia is limited to 2GB, better to use an SQL backend
229 | ## ## For small servers SQLite is a good fit and is very easy
230 | ## ## to configure. Uncomment this when you have SQL configured:
231 | ## ## db_type: sql
232 | ## assume_mam_usage: true
233 | ## default: always
234 | mod_mqtt: {}
235 | mod_muc:
236 | access:
237 | - allow
238 | access_admin:
239 | - allow: admin
240 | access_create: muc_create
241 | access_persistent: muc_create
242 | access_mam:
243 | - allow
244 | default_room_options:
245 | mam: true
246 | mod_muc_admin: {}
247 | ## mod_offline:
248 | ## access_max_user_messages: max_user_offline_messages
249 | mod_ping: {}
250 | mod_pres_counter:
251 | count: 5
252 | interval: 60
253 | mod_privacy: {}
254 | mod_private: {}
255 | ## mod_proxy65:
256 | ## access: local
257 | ## max_connections: 5
258 | mod_pubsub:
259 | access_createnode: pubsub_createnode
260 | plugins:
261 | - flat
262 | - pep
263 | force_node_config:
264 | "eu.siacs.conversations.axolotl.*":
265 | access_model: open
266 | ## Avoid buggy clients to make their bookmarks public
267 | storage:bookmarks:
268 | access_model: whitelist
269 | mod_push: {}
270 | mod_push_keepalive: {}
271 | ## mod_register:
272 | ## ## Only accept registration requests from the "trusted"
273 | ## ## network (see access_rules section above).
274 | ## ## Think twice before enabling registration from any
275 | ## ## address. See the Jabber SPAM Manifesto for details:
276 | ## ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
277 | ## ip_access: trusted_network
278 | mod_roster:
279 | versioning: true
280 | mod_s2s_dialback: {}
281 | mod_shared_roster: {}
282 | mod_sic: {}
283 | mod_stream_mgmt:
284 | resend_on_timeout: if_offline
285 | mod_vcard:
286 | search: false
287 | mod_vcard_xupdate: {}
288 | mod_version: {}
289 |
290 | ### Local Variables:
291 | ### mode: yaml
292 | ### End:
293 | ### vim: set filetype=yaml tabstop=8
294 |
--------------------------------------------------------------------------------
/generic-tarball/ejabberd_jammy.yml:
--------------------------------------------------------------------------------
1 | ###
2 | ### ejabberd configuration file
3 | ###
4 | ### The parameters used in this configuration file are explained at
5 | ###
6 | ### https://docs.ejabberd.im/admin/configuration
7 | ###
8 | ### The configuration file is written in YAML.
9 | ### *******************************************************
10 | ### ******* !!! WARNING !!! *******
11 | ### ******* YAML IS INDENTATION SENSITIVE *******
12 | ### ******* MAKE SURE YOU INDENT SECTIONS CORRECTLY *******
13 | ### *******************************************************
14 | ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
15 | ###
16 |
17 |
18 | # loglevel: Verbosity of log files generated by ejabberd
19 | loglevel: info
20 |
21 | # rotation: Disable ejabberd's internal log rotation, as the Debian package
22 | # uses logrotate(8).
23 | log_rotate_count: 0
24 |
25 | # hosts: Domains served by ejabberd.
26 | # You can define one or several, for example:
27 | # hosts:
28 | # - "example.net"
29 | # - "example.com"
30 | # - "example.org"
31 |
32 | hosts:
33 | - localhost
34 | - private.localhost
35 | - public.localhost
36 |
37 | certfiles:
38 | - "/etc/ejabberd/ejabberd.pem"
39 | # - /etc/letsencrypt/live/localhost/fullchain.pem
40 | # - /etc/letsencrypt/live/localhost/privkey.pem
41 |
42 | # TLS configuration
43 | define_macro:
44 | 'TLS_CIPHERS': "HIGH:!aNULL:!eNULL:!3DES:@STRENGTH"
45 | 'TLS_OPTIONS':
46 | - "no_sslv3"
47 | - "no_tlsv1"
48 | - "no_tlsv1_1"
49 | - "cipher_server_preference"
50 | - "no_compression"
51 | # 'DH_FILE': "/path/to/dhparams.pem"
52 | # generated with: openssl dhparam -out dhparams.pem 2048
53 |
54 | c2s_ciphers: 'TLS_CIPHERS'
55 | s2s_ciphers: 'TLS_CIPHERS'
56 | c2s_protocol_options: 'TLS_OPTIONS'
57 | s2s_protocol_options: 'TLS_OPTIONS'
58 | # c2s_dhfile: 'DH_FILE'
59 | # s2s_dhfile: 'DH_FILE'
60 |
61 | listen:
62 | -
63 | port: 5222
64 | ip: "::"
65 | module: ejabberd_c2s
66 | max_stanza_size: 10485760
67 | shaper: c2s_shaper
68 | access: c2s
69 | starttls_required: false
70 | protocol_options: 'TLS_OPTIONS'
71 | -
72 | port: 5223
73 | ip: "::"
74 | module: ejabberd_c2s
75 | max_stanza_size: 10485760
76 | shaper: c2s_shaper
77 | access: c2s
78 | tls: true
79 | protocol_options: 'TLS_OPTIONS'
80 | -
81 | port: 5269
82 | ip: "::"
83 | module: ejabberd_s2s_in
84 | max_stanza_size: 10485760
85 | -
86 | port: 5443
87 | ip: "::"
88 | module: ejabberd_http
89 | tls: true
90 | protocol_options: 'TLS_OPTIONS'
91 | request_handlers:
92 | /api: mod_http_api
93 | /bosh: mod_bosh
94 | ## /captcha: ejabberd_captcha
95 | ## /upload: mod_http_upload
96 | /ws: ejabberd_http_ws
97 | -
98 | port: 5280
99 | ip: "::"
100 | module: ejabberd_http
101 | tls: true
102 | protocol_options: 'TLS_OPTIONS'
103 | request_handlers:
104 | /admin: ejabberd_web_admin
105 | /.well-known/acme-challenge: ejabberd_acme
106 | -
107 | port: 3478
108 | ip: "::"
109 | transport: udp
110 | module: ejabberd_stun
111 | use_turn: true
112 | ## The server's public IPv4 address:
113 | # turn_ipv4_address: "203.0.113.3"
114 | ## The server's public IPv6 address:
115 | # turn_ipv6_address: "2001:db8::3"
116 | -
117 | port: 1883
118 | ip: "::"
119 | module: mod_mqtt
120 | backlog: 1000
121 |
122 |
123 | ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
124 | ## password storage (see auth_password_format option).
125 | disable_sasl_mechanisms:
126 | - "digest-md5"
127 | - "X-OAUTH2"
128 |
129 | s2s_use_starttls: required
130 |
131 | ## Store the plain passwords or hashed for SCRAM:
132 | auth_password_format: plain
133 |
134 | ## Full path to a script that generates the image.
135 | ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
136 |
137 | acl:
138 | admin:
139 | user:
140 | - ""
141 |
142 | local:
143 | user_regexp: ""
144 | loopback:
145 | ip:
146 | - 127.0.0.0/8
147 | - ::1/128
148 |
149 | access_rules:
150 | local:
151 | allow: local
152 | c2s:
153 | deny: blocked
154 | allow: all
155 | announce:
156 | allow: admin
157 | configure:
158 | allow: admin
159 | muc_create:
160 | allow: local
161 | pubsub_createnode:
162 | allow: local
163 | trusted_network:
164 | allow: loopback
165 |
166 | api_permissions:
167 | "console commands":
168 | from:
169 | - ejabberd_ctl
170 | who: all
171 | what: "*"
172 | "admin access":
173 | who:
174 | access:
175 | allow:
176 | - acl: loopback
177 | - acl: admin
178 | oauth:
179 | scope: "ejabberd:admin"
180 | access:
181 | allow:
182 | - acl: loopback
183 | - acl: admin
184 | what:
185 | - "*"
186 | - "!stop"
187 | - "!start"
188 | "public commands":
189 | who:
190 | ip: 127.0.0.1/8
191 | what:
192 | - status
193 | - connected_users_number
194 |
195 | shaper:
196 | normal:
197 | rate: 500000
198 | burst_size: 600000
199 | fast: 500000
200 |
201 | shaper_rules:
202 | max_user_sessions: 10000
203 | ## max_user_offline_messages:
204 | ## 5000: admin
205 | ## 100: all
206 | c2s_shaper:
207 | none: admin
208 | normal: all
209 | s2s_shaper: fast
210 |
211 | modules:
212 | mod_legacy_auth: {}
213 | mod_adhoc: {}
214 | mod_admin_extra: {}
215 | mod_announce:
216 | access: announce
217 | mod_avatar: {}
218 | mod_blocking: {}
219 | mod_bosh: {}
220 | mod_caps: {}
221 | mod_carboncopy: {}
222 | mod_client_state: {}
223 | mod_configure: {}
224 | ## mod_delegation: {} # for xep0356
225 | mod_disco: {}
226 | mod_fail2ban: {}
227 | mod_http_api: {}
228 | ## mod_http_upload:
229 | ## put_url: https://@HOST@:5443/upload
230 | ## custom_headers:
231 | ## "Access-Control-Allow-Origin": "https://@HOST@"
232 | ## "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
233 | ## "Access-Control-Allow-Headers": "Content-Type"
234 | mod_last: {}
235 | ## mod_mam:
236 | ## ## Mnesia is limited to 2GB, better to use an SQL backend
237 | ## ## For small servers SQLite is a good fit and is very easy
238 | ## ## to configure. Uncomment this when you have SQL configured:
239 | ## ## db_type: sql
240 | ## assume_mam_usage: true
241 | ## default: always
242 | mod_mqtt: {}
243 | mod_muc:
244 | access:
245 | - allow
246 | access_admin:
247 | - allow: admin
248 | access_create: muc_create
249 | access_persistent: muc_create
250 | access_mam:
251 | - allow
252 | default_room_options:
253 | mam: true
254 | mod_muc_admin: {}
255 | ## mod_offline:
256 | ## access_max_user_messages: max_user_offline_messages
257 | mod_ping: {}
258 | mod_pres_counter:
259 | count: 5
260 | interval: 60
261 | mod_privacy: {}
262 | mod_private: {}
263 | ## mod_proxy65:
264 | ## access: local
265 | ## max_connections: 5
266 | mod_pubsub:
267 | access_createnode: pubsub_createnode
268 | plugins:
269 | - flat
270 | - pep
271 | force_node_config:
272 | "eu.siacs.conversations.axolotl.*":
273 | access_model: open
274 | ## Avoid buggy clients to make their bookmarks public
275 | storage:bookmarks:
276 | access_model: whitelist
277 | mod_push: {}
278 | mod_push_keepalive: {}
279 | ## mod_register:
280 | ## ## Only accept registration requests from the "trusted"
281 | ## ## network (see access_rules section above).
282 | ## ## Think twice before enabling registration from any
283 | ## ## address. See the Jabber SPAM Manifesto for details:
284 | ## ## https://github.com/ge0rg/jabber-spam-fighting-manifesto
285 | ## ip_access: trusted_network
286 | mod_roster:
287 | versioning: true
288 | mod_s2s_dialback: {}
289 | mod_shared_roster: {}
290 | mod_sic: {}
291 | mod_stream_mgmt:
292 | resend_on_timeout: if_offline
293 | mod_stun_disco: {}
294 | mod_vcard:
295 | search: false
296 | mod_vcard_xupdate: {}
297 | mod_version: {}
298 |
299 | ### Local Variables:
300 | ### mode: yaml
301 | ### End:
302 | ### vim: set filetype=yaml tabstop=8
303 |
--------------------------------------------------------------------------------
/generic-tarball/ejabberd_xenial.yml:
--------------------------------------------------------------------------------
1 | ###
2 | ###' ejabberd configuration file
3 | ###
4 | ###
5 |
6 | ### The parameters used in this configuration file are explained in more detail
7 | ### in the ejabberd Installation and Operation Guide.
8 | ### Please consult the Guide in case of doubts, it is included with
9 | ### your copy of ejabberd, and is also available online at
10 | ### http://www.process-one.net/en/ejabberd/docs/
11 |
12 | ### The configuration file is written in YAML.
13 | ### Refer to http://en.wikipedia.org/wiki/YAML for the brief description.
14 | ### However, ejabberd treats different literals as different types:
15 | ###
16 | ### - unquoted or single-quoted strings. They are called "atoms".
17 | ### Example: dog, 'Jupiter', '3.14159', YELLOW
18 | ###
19 | ### - numeric literals. Example: 3, -45.0, .0
20 | ###
21 | ### - quoted or folded strings.
22 | ### Examples of quoted string: "Lizzard", "orange".
23 | ### Example of folded string:
24 | ### > Art thou not Romeo,
25 | ### and a Montague?
26 |
27 | ###. =======
28 | ###' LOGGING
29 |
30 | ##
31 | ## loglevel: Verbosity of log files generated by ejabberd.
32 | ## 0: No ejabberd log at all (not recommended)
33 | ## 1: Critical
34 | ## 2: Error
35 | ## 3: Warning
36 | ## 4: Info
37 | ## 5: Debug
38 | ##
39 | loglevel: 4
40 |
41 | ##
42 | ## rotation: Disable ejabberd's internal log rotation, as the Debian package
43 | ## uses logrotate(8).
44 | log_rotate_size: 0
45 | log_rotate_date: ""
46 |
47 | ##
48 | ## overload protection: If you want to limit the number of messages per second
49 | ## allowed from error_logger, which is a good idea if you want to avoid a flood
50 | ## of messages when system is overloaded, you can set a limit.
51 | ## 100 is ejabberd's default.
52 | log_rate_limit: 100
53 |
54 | ##
55 | ## watchdog_admins: Only useful for developers: if an ejabberd process
56 | ## consumes a lot of memory, send live notifications to these XMPP
57 | ## accounts.
58 | ##
59 | ## watchdog_admins:
60 | ## - "bob@example.com"
61 |
62 | ###. ===============
63 | ###' NODE PARAMETERS
64 |
65 | ##
66 | ## net_ticktime: Specifies net_kernel tick time in seconds. This options must have
67 | ## identical value on all nodes, and in most cases shouldn't be changed at all from
68 | ## default value.
69 | ##
70 | ## net_ticktime: 60
71 |
72 | ###. ================
73 | ###' SERVED HOSTNAMES
74 |
75 | ##
76 | ## hosts: Domains served by ejabberd.
77 | ## You can define one or several, for example:
78 | ## hosts:
79 | ## - "example.net"
80 | ## - "example.com"
81 | ## - "example.org"
82 | ##
83 | hosts:
84 | - "localhost"
85 | - "private.localhost"
86 | - "public.localhost"
87 |
88 | ##
89 | ## route_subdomains: Delegate subdomains to other XMPP servers.
90 | ## For example, if this ejabberd serves example.org and you want
91 | ## to allow communication with an XMPP server called im.example.org.
92 | ##
93 | ## route_subdomains: s2s
94 |
95 | ###. ===============
96 | ###' LISTENING PORTS
97 |
98 | ##
99 | ## listen: The ports ejabberd will listen on, which service each is handled
100 | ## by and what options to start it with.
101 | ##
102 | listen:
103 | -
104 | port: 5222
105 | ip: "::"
106 | module: ejabberd_c2s
107 | ##
108 | ## If TLS is compiled in and you installed a SSL
109 | ## certificate, specify the full path to the
110 | ## file and uncomment these lines:
111 | ##
112 | certfile: "/etc/ejabberd/ejabberd.pem"
113 | starttls: true
114 | ##
115 | ## To enforce TLS encryption for client connections,
116 | ## use this instead of the "starttls" option:
117 | ##
118 | ## starttls_required: true
119 | ##
120 | ## Custom OpenSSL options
121 | ##
122 | protocol_options:
123 | - "no_sslv3"
124 | ## - "no_tlsv1"
125 | max_stanza_size: 2000000
126 | shaper: c2s_shaper
127 | access: c2s
128 | zlib: true
129 | resend_on_timeout: if_offline
130 | -
131 | port: 5269
132 | ip: "::"
133 | module: ejabberd_s2s_in
134 | ##
135 | ## ejabberd_service: Interact with external components (transports, ...)
136 | ##
137 | ## -
138 | ## port: 8888
139 | ## module: ejabberd_service
140 | ## access: all
141 | ## shaper_rule: fast
142 | ## ip: "127.0.0.1"
143 | ## hosts:
144 | ## "icq.example.org":
145 | ## password: "secret"
146 | ## "sms.example.org":
147 | ## password: "secret"
148 |
149 | ##
150 | ## ejabberd_stun: Handles STUN Binding requests
151 | ##
152 | ## -
153 | ## port: 3478
154 | ## transport: udp
155 | ## module: ejabberd_stun
156 |
157 | ##
158 | ## To handle XML-RPC requests that provide admin credentials:
159 | ##
160 | ## -
161 | ## port: 4560
162 | ## module: ejabberd_xmlrpc
163 | ## access_commands: {}
164 | -
165 | port: 5280
166 | ip: "::"
167 | module: ejabberd_http
168 | request_handlers:
169 | "/websocket": ejabberd_http_ws
170 | ## "/pub/archive": mod_http_fileserver
171 | web_admin: true
172 | http_bind: true
173 | ## register: true
174 | captcha: true
175 | tls: true
176 | certfile: "/etc/ejabberd/ejabberd.pem"
177 |
178 | ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
179 | ## password storage (see auth_password_format option).
180 | disable_sasl_mechanisms: "digest-md5"
181 |
182 | ###. ==================
183 | ###' S2S GLOBAL OPTIONS
184 |
185 | ##
186 | ## s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
187 | ## Allowed values are: false optional required required_trusted
188 | ## You must specify a certificate file.
189 | ##
190 | s2s_use_starttls: optional
191 |
192 | ##
193 | ## s2s_certfile: Specify a certificate file.
194 | ##
195 | s2s_certfile: "/etc/ejabberd/ejabberd.pem"
196 |
197 | ## Custom OpenSSL options
198 | ##
199 | s2s_protocol_options:
200 | - "no_sslv3"
201 | ## - "no_tlsv1"
202 |
203 | ##
204 | ## domain_certfile: Specify a different certificate for each served hostname.
205 | ##
206 | ## host_config:
207 | ## "example.org":
208 | ## domain_certfile: "/path/to/example_org.pem"
209 | ## "example.com":
210 | ## domain_certfile: "/path/to/example_com.pem"
211 |
212 | ##
213 | ## S2S whitelist or blacklist
214 | ##
215 | ## Default s2s policy for undefined hosts.
216 | ##
217 | ## s2s_access: s2s
218 |
219 | ##
220 | ## Outgoing S2S options
221 | ##
222 | ## Preferred address families (which to try first) and connect timeout
223 | ## in milliseconds.
224 | ##
225 | ## outgoing_s2s_families:
226 | ## - ipv4
227 | ## - ipv6
228 | ## outgoing_s2s_timeout: 10000
229 |
230 | ###. ==============
231 | ###' AUTHENTICATION
232 |
233 | ##
234 | ## auth_method: Method used to authenticate the users.
235 | ## The default method is the internal.
236 | ## If you want to use a different method,
237 | ## comment this line and enable the correct ones.
238 | ##
239 | auth_method: internal
240 |
241 | ##
242 | ## Store the plain passwords or hashed for SCRAM:
243 | ## auth_password_format: plain
244 | auth_password_format: plain
245 | ##
246 | ## Define the FQDN if ejabberd doesn't detect it:
247 | ## fqdn: "server3.example.com"
248 |
249 | ##
250 | ## Authentication using external script
251 | ## Make sure the script is executable by ejabberd.
252 | ##
253 | ## auth_method: external
254 | ## extauth_program: "/path/to/authentication/script"
255 |
256 | ##
257 | ## Authentication using ODBC
258 | ## Remember to setup a database in the next section.
259 | ##
260 | ## auth_method: odbc
261 |
262 | ##
263 | ## Authentication using PAM
264 | ##
265 | ## auth_method: pam
266 | ## pam_service: "pamservicename"
267 |
268 | ##
269 | ## Authentication using LDAP
270 | ##
271 | ## auth_method: ldap
272 | ##
273 | ## List of LDAP servers:
274 | ## ldap_servers:
275 | ## - "localhost"
276 | ##
277 | ## Encryption of connection to LDAP servers:
278 | ## ldap_encrypt: none
279 | ## ldap_encrypt: tls
280 | ##
281 | ## Port to connect to on LDAP servers:
282 | ## ldap_port: 389
283 | ## ldap_port: 636
284 | ##
285 | ## LDAP manager:
286 | ## ldap_rootdn: "dc=example,dc=com"
287 | ##
288 | ## Password of LDAP manager:
289 | ## ldap_password: "******"
290 | ##
291 | ## Search base of LDAP directory:
292 | ## ldap_base: "dc=example,dc=com"
293 | ##
294 | ## LDAP attribute that holds user ID:
295 | ## ldap_uids:
296 | ## - "mail": "%u@mail.example.org"
297 | ##
298 | ## LDAP filter:
299 | ## ldap_filter: "(objectClass=shadowAccount)"
300 |
301 | ##
302 | ## Anonymous login support:
303 | ## auth_method: anonymous
304 | ## anonymous_protocol: sasl_anon | login_anon | both
305 | ## allow_multiple_connections: true | false
306 | ##
307 | ## host_config:
308 | ## "public.example.org":
309 | ## auth_method: anonymous
310 | ## allow_multiple_connections: false
311 | ## anonymous_protocol: sasl_anon
312 | ##
313 | ## To use both anonymous and internal authentication:
314 | ##
315 | ## host_config:
316 | ## "public.example.org":
317 | ## auth_method:
318 | ## - internal
319 | ## - anonymous
320 |
321 | ###. ==============
322 | ###' DATABASE SETUP
323 |
324 | ## ejabberd by default uses the internal Mnesia database,
325 | ## so you do not necessarily need this section.
326 | ## This section provides configuration examples in case
327 | ## you want to use other database backends.
328 | ## Please consult the ejabberd Guide for details on database creation.
329 |
330 | ##
331 | ## MySQL server:
332 | ##
333 | ## odbc_type: mysql
334 | ## odbc_server: "server"
335 | ## odbc_database: "database"
336 | ## odbc_username: "username"
337 | ## odbc_password: "password"
338 | ##
339 | ## If you want to specify the port:
340 | ## odbc_port: 1234
341 |
342 | ##
343 | ## PostgreSQL server:
344 | ##
345 | ## odbc_type: pgsql
346 | ## odbc_server: "server"
347 | ## odbc_database: "database"
348 | ## odbc_username: "username"
349 | ## odbc_password: "password"
350 | ##
351 | ## If you want to specify the port:
352 | ## odbc_port: 1234
353 | ##
354 | ## If you use PostgreSQL, have a large database, and need a
355 | ## faster but inexact replacement for "select count(*) from users"
356 | ##
357 | ## pgsql_users_number_estimate: true
358 |
359 | ##
360 | ## SQLite:
361 | ##
362 | ## odbc_type: sqlite
363 | ## odbc_database: "/path/to/database.db"
364 |
365 | ##
366 | ## ODBC compatible or MSSQL server:
367 | ##
368 | ## odbc_type: odbc
369 | ## odbc_server: "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"
370 |
371 | ##
372 | ## Number of connections to open to the database for each virtual host
373 | ##
374 | ## odbc_pool_size: 10
375 |
376 | ##
377 | ## Interval to make a dummy SQL request to keep the connections to the
378 | ## database alive. Specify in seconds: for example 28800 means 8 hours
379 | ##
380 | ## odbc_keepalive_interval: undefined
381 |
382 | ###. ===============
383 | ###' TRAFFIC SHAPERS
384 |
385 | shaper:
386 | ##
387 | ## The "normal" shaper limits traffic speed to 1000 B/s
388 | ##
389 | normal: 500000
390 |
391 | ##
392 | ## The "fast" shaper limits traffic speed to 50000 B/s
393 | ##
394 | fast: 500000
395 |
396 | ##
397 | ## This option specifies the maximum number of elements in the queue
398 | ## of the FSM. Refer to the documentation for details.
399 | ##
400 | max_fsm_queue: 1000
401 |
402 | ###. ====================
403 | ###' ACCESS CONTROL LISTS
404 | acl:
405 | ##
406 | ## The 'admin' ACL grants administrative privileges to XMPP accounts.
407 | ## You can put here as many accounts as you want.
408 | ##
409 | admin:
410 | user:
411 | - "": "localhost"
412 |
413 | ##
414 | ## Blocked users
415 | ##
416 | ## blocked:
417 | ## user:
418 | ## - "baduser": "example.org"
419 | ## - "test"
420 |
421 | ## Local users: don't modify this.
422 | ##
423 | local:
424 | user_regexp: ""
425 |
426 | ##
427 | ## More examples of ACLs
428 | ##
429 | ## jabberorg:
430 | ## server:
431 | ## - "jabber.org"
432 | ## aleksey:
433 | ## user:
434 | ## - "aleksey": "jabber.ru"
435 | ## test:
436 | ## user_regexp: "^test"
437 | ## user_glob: "test*"
438 |
439 | ##
440 | ## Loopback network
441 | ##
442 | loopback:
443 | ip:
444 | - "127.0.0.0/8"
445 |
446 | ##
447 | ## Bad XMPP servers
448 | ##
449 | ## bad_servers:
450 | ## server:
451 | ## - "xmpp.zombie.org"
452 | ## - "xmpp.spam.com"
453 |
454 | ##
455 | ## Define specific ACLs in a virtual host.
456 | ##
457 | ## host_config:
458 | ## "localhost":
459 | ## acl:
460 | ## admin:
461 | ## user:
462 | ## - "bob-local": "localhost"
463 |
464 | ###. ============
465 | ###' ACCESS RULES
466 | access:
467 | ## Maximum number of simultaneous sessions allowed for a single user:
468 | max_user_sessions:
469 | all: 10000
470 | ## Maximum number of offline messages that users can have:
471 | max_user_offline_messages:
472 | admin: 5000
473 | all: 100
474 | ## This rule allows access only for local users:
475 | local:
476 | local: allow
477 | ## Only non-blocked users can use c2s connections:
478 | c2s:
479 | blocked: deny
480 | all: allow
481 | ## For C2S connections, all users except admins use the "normal" shaper
482 | c2s_shaper:
483 | admin: none
484 | all: normal
485 | ## All S2S connections use the "fast" shaper
486 | s2s_shaper:
487 | all: fast
488 | ## Only admins can send announcement messages:
489 | announce:
490 | admin: allow
491 | ## Only admins can use the configuration interface:
492 | configure:
493 | admin: allow
494 | ## Admins of this server are also admins of the MUC service:
495 | muc_admin:
496 | admin: allow
497 | ## Only accounts of the local ejabberd server can create rooms:
498 | muc_create:
499 | local: allow
500 | ## All users are allowed to use the MUC service:
501 | muc:
502 | all: allow
503 | ## Only accounts on the local ejabberd server can create Pubsub nodes:
504 | pubsub_createnode:
505 | local: allow
506 | ## In-band registration allows registration of any possible username.
507 | ## To disable in-band registration, replace 'allow' with 'deny'.
508 | register:
509 | all: allow
510 | ## Only allow to register from localhost
511 | trusted_network:
512 | loopback: allow
513 | ## Do not establish S2S connections with bad servers
514 | ## s2s:
515 | ## bad_servers: deny
516 | ## all: allow
517 |
518 | ## By default the frequency of account registrations from the same IP
519 | ## is limited to 1 account every 10 minutes. To disable, specify: infinity
520 | ## registration_timeout: 600
521 |
522 | ##
523 | ## Define specific Access Rules in a virtual host.
524 | ##
525 | ## host_config:
526 | ## "localhost":
527 | ## access:
528 | ## c2s:
529 | ## admin: allow
530 | ## all: deny
531 | ## register:
532 | ## all: deny
533 |
534 | ###. ================
535 | ###' DEFAULT LANGUAGE
536 |
537 | ##
538 | ## language: Default language used for server messages.
539 | ##
540 | language: "en"
541 |
542 | ##
543 | ## Set a different default language in a virtual host.
544 | ##
545 | ## host_config:
546 | ## "localhost":
547 | ## language: "ru"
548 |
549 | ###. =======
550 | ###' CAPTCHA
551 |
552 | ##
553 | ## Full path to a script that generates the image.
554 | ##
555 | ## captcha_cmd: "/usr/share/ejabberd/captcha.sh"
556 |
557 | ##
558 | ## Host for the URL and port where ejabberd listens for CAPTCHA requests.
559 | ##
560 | ## captcha_host: "example.org:5280"
561 |
562 | ##
563 | ## Limit CAPTCHA calls per minute for JID/IP to avoid DoS.
564 | ##
565 | ## captcha_limit: 5
566 |
567 | ###. =======
568 | ###' MODULES
569 |
570 | ##
571 | ## Modules enabled in all ejabberd virtual hosts.
572 | ##
573 | modules:
574 | mod_adhoc: {}
575 | mod_admin_extra: {}
576 | mod_announce: # recommends mod_adhoc
577 | access: announce
578 | mod_blocking: {} # requires mod_privacy
579 | mod_caps: {}
580 | mod_carboncopy: {}
581 | mod_client_state: {}
582 | mod_configure: {} # requires mod_adhoc
583 | mod_disco: {}
584 | mod_echo: {}
585 | mod_irc: {}
586 | mod_http_bind: {}
587 | ## mod_http_fileserver:
588 | ## docroot: "/var/www"
589 | ## accesslog: "/var/log/ejabberd/access.log"
590 | mod_last: {}
591 | mod_muc:
592 | ## host: "conference.@HOST@"
593 | access: muc
594 | access_create: muc_create
595 | access_persistent: muc_create
596 | access_admin: muc_admin
597 | ## mod_muc_log: {}
598 | mod_muc_admin: {}
599 | ## mod_multicast: {}
600 | ##mod_offline:
601 | ## access_max_user_messages: max_user_offline_messages
602 | mod_ping: {}
603 | ## mod_pres_counter:
604 | ## count: 5
605 | ## interval: 60
606 | mod_privacy: {}
607 | mod_private: {}
608 | ## mod_proxy65: {}
609 | mod_pubsub:
610 | access_createnode: pubsub_createnode
611 | ## reduces resource comsumption, but XEP incompliant
612 | ignore_pep_from_offline: true
613 | ## XEP compliant, but increases resource comsumption
614 | ## ignore_pep_from_offline: false
615 | last_item_cache: false
616 | plugins:
617 | - "flat"
618 | - "hometree"
619 | - "pep" # pep requires mod_caps
620 | mod_register:
621 | ##
622 | ## Protect In-Band account registrations with CAPTCHA.
623 | ##
624 | ## captcha_protected: true
625 |
626 | ##
627 | ## Set the minimum informational entropy for passwords.
628 | ##
629 | ## password_strength: 32
630 |
631 | ##
632 | ## After successful registration, the user receives
633 | ## a message with this subject and body.
634 | ##
635 | welcome_message:
636 | subject: "Welcome!"
637 | body: |-
638 | Hi.
639 | Welcome to this XMPP server.
640 |
641 | ##
642 | ## When a user registers, send a notification to
643 | ## these XMPP accounts.
644 | ##
645 | ## registration_watchers:
646 | ## - "admin1@example.org"
647 |
648 | ##
649 | ## Only clients in the server machine can register accounts
650 | ##
651 | ip_access: trusted_network
652 |
653 | ##
654 | ## Local c2s or remote s2s users cannot register accounts
655 | ##
656 | ## access_from: deny
657 |
658 | access: register
659 | mod_roster: {}
660 | mod_shared_roster: {}
661 | mod_stats: {}
662 | mod_time: {}
663 | mod_vcard:
664 | search: false
665 | mod_version: {}
666 |
667 | ##
668 | ## Enable modules with custom options in a specific virtual host
669 | ##
670 | ## host_config:
671 | ## "localhost":
672 | ## modules:
673 | ## mod_echo:
674 | ## host: "mirror.localhost"
675 |
676 | ##
677 | ## Enable modules management via ejabberdctl for installation and
678 | ## uninstallation of public/private contributed modules
679 | ## (enabled by default)
680 | ##
681 |
682 | allow_contrib_modules: true
683 |
684 | ###.
685 | ###'
686 | ### Local Variables:
687 | ### mode: yaml
688 | ### End:
689 | ### vim: set filetype=yaml tabstop=8 foldmarker=###',###. foldmethod=marker:
690 |
--------------------------------------------------------------------------------
/generic-tarball/evergreen_restart_services.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Setup host file
11 | become: true
12 | shell: cp /egconfigs/hosts /etc/hosts
13 | ignore_errors: yes
14 | - user: name=user groups=sudo
15 | - name: Ensure ejabberd private/public networks are accounted for in hosts file 1
16 | become: true
17 | shell: echo 127.0.1.2 public.localhost public >> /etc/hosts
18 | - name: Ensure ejabberd private/public networks are accounted for in hosts file 2
19 | become: true
20 | shell: echo 127.0.1.3 private.localhost private >> /etc/hosts
21 | - name: Add local IP to hosts
22 | ignore_errors: yes
23 | become: true
24 | shell: echo {{ansible_all_ipv4_addresses.0}} {{ansible_fqdn}}.{{domain_name}} {{ansible_hostname}} >> /etc/hosts
25 | - name: starting ssh
26 | ignore_errors: yes
27 | service:
28 | name: ssh
29 | state: started
30 | # service module is broken for ansible/jammy/docker
31 | - name: Starting ssh manually
32 | ignore_errors: yes
33 | shell: /etc/init.d/ssh restart
34 | when: ubuntu_version|lower == 'jammy'
35 |
36 | - name: stopping syslog-ng
37 | ignore_errors: yes
38 | service:
39 | name: syslog-ng
40 | state: stopped
41 | - name: starting syslog-ng
42 | ignore_errors: yes
43 | service:
44 | name: syslog-ng
45 | state: started
46 | # service module is broken for ansible/jammy/docker
47 | - name: Starting syslog-ng manually
48 | ignore_errors: yes
49 | shell: /etc/init.d/syslog-ng restart
50 | when: ubuntu_version|lower == 'jammy'
51 |
52 | - name: starting memcached
53 | ignore_errors: yes
54 | service:
55 | name: memcached
56 | state: started
57 | # service module is broken for ansible/jammy/docker
58 | - name: Starting memcache manually
59 | ignore_errors: yes
60 | shell: /etc/init.d/memcached restart
61 | when: ubuntu_version|lower == 'jammy'
62 |
63 | - name: starting postgres
64 | ignore_errors: yes
65 | service:
66 | name: postgresql
67 | state: started
68 | # service module is broken for ansible/jammy/docker
69 | - name: Starting postgresql manually
70 | ignore_errors: yes
71 | shell: /etc/init.d/postgresql restart
72 | when: ubuntu_version|lower == 'jammy'
73 |
74 | - name: Set Timezone Environment Var
75 | become: true
76 | lineinfile: "dest=/root/.bashrc state=present line='export TZ=America/Chicago'"
77 | - name: Set Timezone Environment Var opensrf
78 | become: true
79 | lineinfile: "dest=/home/opensrf/.bashrc state=present line='export TZ=America/Chicago'"
80 | - name: Set Timezone Environment Var for cron
81 | become: true
82 | lineinfile: "dest=/etc/crontab state=present line='TZ=America/Chicago' insertafter='PATH'"
83 | - name: Remove Timezone file
84 | become: true
85 | file: path=/etc/localtime state=absent
86 | - name: Setup System Timezone
87 | become: true
88 | ignore_errors: yes
89 | shell: ln -s /usr/share/zoneinfo/US/Central /etc/localtime
90 | - stat: path=/egconfigs/logrotate_evergreen.txt
91 | register: logrotate_template
92 | - name: Setup Logrotate for opensrf logs
93 | when: logrotate_template.stat.isdir is defined
94 | ignore_errors: yes
95 | become: true
96 | shell: cp /egconfigs/logrotate_evergreen.txt /etc/logrotate.d/evergreen
97 | - name: Editing evergreen logrotate for opensrf logs
98 | when: logrotate_template.stat.isdir is defined
99 | ignore_errors: yes
100 | become: true
101 | lineinfile: "dest=/etc/logrotate.d/evergreen state=present regexp='replacemewith_path_and_curly_brace' line='{{openils_path}}/var/log/*.log {'"
102 | - name: Changing evergreen logrotate file permissions
103 | when: logrotate_template.stat.isdir is defined
104 | ignore_errors: yes
105 | become: true
106 | file: "path=/etc/logrotate.d/evergreen state=file mode=0644"
107 | - name: Fix Logrotate configuration
108 | become: true
109 | lineinfile: "dest=/etc/logrotate.conf state=present regexp='^su root' line='su root adm'"
110 | - user: name=user groups=sudo
111 | - lineinfile: "dest=/etc/sudoers state=present regexp='^%sudo' line='%sudo ALL=(ALL) NOPASSWD: ALL'"
112 | - file: path=/root/ejabberd.yml state=absent
113 | ## ejabberd remove and reinstall to get fresh database for current brick name
114 | - name: Stopping ejabberd 1
115 | ignore_errors: yes
116 | service:
117 | name: ejabberd
118 | state: stopped
119 |
120 | - name: Kill ejabberd 1
121 | ignore_errors: yes
122 | shell: "/bin/ps -ef | /bin/grep ejabber | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
123 | - name: Delete ejabberd
124 | become: true
125 | shell: updatedb && cp /etc/ejabberd/ejabberd.yml ~/ && apt-get -y --purge remove ejabberd && locate ejabberd|xargs rm -Rf
126 | - name: Install ejabberd fresh
127 | become: true
128 | shell: apt-get -y install ejabberd && cp /root/ejabberd.yml /etc/ejabberd/ejabberd.yml && cp /root/ejabberd.yml /egconfigs
129 | - name: Kill ejabberd 2
130 | ignore_errors: yes
131 | shell: "/bin/ps -ef | /bin/grep ejabber | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
132 | - name: Starting ejabberd 1
133 | ignore_errors: yes
134 | service:
135 | name: ejabberd
136 | state: started
137 | # service module is broken for ansible/jammy/docker
138 | - name: Starting ejabberd manually 1
139 | ignore_errors: yes
140 | shell: /etc/init.d/ejabberd start
141 | when: ubuntu_version|lower == 'jammy'
142 |
143 | - name: Pausing for ejabberd 1
144 | pause: seconds=5
145 | - name: Setup ejabberd users 1
146 | become: true
147 | become_user: ejabberd
148 | shell: ejabberdctl unregister router private.localhost && ejabberdctl unregister opensrf private.localhost && ejabberdctl unregister router public.localhost && ejabberdctl unregister opensrf public.localhost
149 | - name: Setup ejabberd users 2
150 | become: true
151 | become_user: ejabberd
152 | shell: ejabberdctl register router private.localhost {{ejabberd_password}} && ejabberdctl register opensrf private.localhost {{ejabberd_password}} && ejabberdctl register router public.localhost {{ejabberd_password}} && ejabberdctl register opensrf public.localhost {{ejabberd_password}}
153 | ## Evergreen services restart
154 | - name: Disable the default apache sites
155 | become: true
156 | ignore_errors: yes
157 | shell: /usr/sbin/a2dissite default-ssl && /usr/sbin/a2dissite 000-default
158 | - name: Stop Web services
159 | ignore_errors: yes
160 | become: true
161 | service:
162 | name: apache2
163 | state: stopped
164 | # service module is broken for ansible/jammy/docker
165 | - name: Starting apache2 manually 1
166 | ignore_errors: yes
167 | shell: /etc/init.d/apache2 stop
168 | when: ubuntu_version|lower == 'jammy'
169 |
170 | - name: Stop Websocketd
171 | become: true
172 | ignore_errors: yes
173 | shell: "/bin/ps -ef | /bin/grep osrf-websocket-stdio | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
174 | - name: Stop nginx Websockets proxy
175 | ignore_errors: yes
176 | become: true
177 | service:
178 | name: nginx
179 | state: stopped
180 | # service module is broken for ansible/jammy/docker
181 | - name: Starting nginx manually 1
182 | ignore_errors: yes
183 | shell: /etc/init.d/nginx stop
184 | when: ubuntu_version|lower == 'jammy'
185 | - name: Stop OpenSRF
186 | become: true
187 | become_user: opensrf
188 | environment:
189 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
190 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
191 | - name: Stop SIP
192 | become: true
193 | become_user: opensrf
194 | environment:
195 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
196 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/oils_ctl.sh -a stop_sip
197 | - name: Kill OpenSRF
198 | ignore_errors: yes
199 | shell: "/bin/ps -ef | /bin/grep OpenSRF | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
200 | - name: Stopping ejabberd 2
201 | ignore_errors: yes
202 | service:
203 | name: ejabberd
204 | state: stopped
205 | - name: Kill ejabberd 3
206 | ignore_errors: yes
207 | shell: "/bin/ps -ef | /bin/grep ejabber | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
208 | - name: Kill Clark
209 | ignore_errors: yes
210 | shell: /bin/ps -ef | /bin/grep Clark | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
211 | - name: Kill webrick
212 | ignore_errors: yes
213 | shell: /bin/ps -ef | /bin/grep edi_webrick.rb | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
214 | - name: Kill SIP
215 | ignore_errors: yes
216 | shell: /bin/ps -ef | /bin/grep -i sip | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
217 | - name: Starting ejabberd 2
218 | ignore_errors: yes
219 | service:
220 | name: ejabberd
221 | state: started
222 | # service module is broken for ansible/jammy/docker
223 | - name: Starting ejabberd manually 2
224 | ignore_errors: yes
225 | shell: /etc/init.d/ejabberd start
226 | when: ubuntu_version|lower == 'jammy'
227 |
228 | - name: Pausing for ejabberd 2
229 | pause: seconds=10
230 | - name: Setup external domain name in hosts
231 | become: true
232 | ignore_errors: yes
233 | shell: echo {{ansible_all_ipv4_addresses.0}} {{domain_name}} >> /etc/hosts
234 | - name: Sync up the {{openils_path}} directories
235 | become: true
236 | shell: "{{ sync_openils_sub_folders_cmd }}"
237 | ignore_errors: yes
238 | - name: Start OpenSRF
239 | become: true
240 | become_user: opensrf
241 | environment:
242 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
243 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
244 | - name: Pausing for OpenSRF to spawn Drones
245 | pause: seconds=5
246 | - name: Run autogen
247 | become: true
248 | become_user: opensrf
249 | environment:
250 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
251 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/autogen.sh -u
252 | - name: Setup Lets encrypt folder link
253 | become: true
254 | become_user: opensrf
255 | ignore_errors: yes
256 | file:
257 | force: yes
258 | state: link
259 | src: "{{lets_encrypt_shared_web_folder}}"
260 | dest: "{{openils_path}}/var/web/.well-known"
261 | - name: Setup shared reports folder link
262 | become: true
263 | become_user: opensrf
264 | ignore_errors: yes
265 | file:
266 | force: yes
267 | state: link
268 | src: "{{shared_reports_folder}}"
269 | dest: "{{openils_path}}/var/web/reporter"
270 | - name: Setup circ_notices link
271 | become: true
272 | become_user: opensrf
273 | ignore_errors: yes
274 | file:
275 | force: yes
276 | state: link
277 | src: "{{shared_circ_notices_folder}}"
278 | dest: "{{openils_path}}/var/web/notices"
279 |
280 | - name: Clear out the jackets folder when it's not a symlink
281 | become: true
282 | shell: rm -Rf {{openils_path}}/var/web/opac/extras/ac
283 | when: shared_jackets_folder is defined and (jacketsym.stat.islnk is not defined or jacketsym.stat.islnk == false)
284 |
285 | - name: Create Jackets Symlink
286 | become: true
287 | become_user: opensrf
288 | ignore_errors: yes
289 | file:
290 | force: yes
291 | state: link
292 | src: "{{shared_jackets_folder}}"
293 | dest: "{{openils_path}}/var/web/opac/extras/ac"
294 | when: shared_jackets_folder is defined
295 |
296 | - name: Copy fm_IDL
297 | become: true
298 | become_user: opensrf
299 | shell: cp {{ openils_path }}/conf/fm_IDL.xml {{ openils_path }}/var/web/reports/fm_IDL.xml
300 | - name: Start Web services
301 | ignore_errors: yes
302 | become: true
303 | service:
304 | name: apache2
305 | state: started
306 | # service module is broken for ansible/jammy/docker
307 | - name: Starting apache2 manually 2
308 | ignore_errors: yes
309 | shell: /etc/init.d/apache2 start
310 | when: ubuntu_version|lower == 'jammy'
311 |
312 | - name: create websocketd start script
313 | file:
314 | path: /egconfigs/start_websocketd
315 | state: touch
316 | owner: root
317 | group: root
318 | mode: '0755'
319 | - name: Building /egconfigs/start_websocketd 1
320 | become: true
321 | lineinfile: 'dest=/egconfigs/start_websocketd state=present regexp="#!/bin/bas" line="#!/bin/bash"'
322 | - name: Building /egconfigs/start_websocketd 2
323 | become: true
324 | lineinfile: 'dest=/egconfigs/start_websocketd state=present regexp="websocketd" line="/usr/local/bin/websocketd --loglevel error --port 7682 {{openils_path}}/bin/osrf-websocket-stdio >& /dev/null &"'
325 | - name: Starting websocketd
326 | become: true
327 | become_user: opensrf
328 | shell: '/egconfigs/start_websocketd'
329 | - name: Concat the Certificates for nginx
330 | become: true
331 | shell: cat /etc/apache2/ssl/server.crt > /etc/apache2/ssl/nginx.crt
332 | - name: Fix nginx certificate config 1
333 | become: true
334 | lineinfile: 'dest=/etc/nginx/sites-available/osrf-ws-http-proxy state=present regexp="ssl_certificate \/" line="ssl_certificate /etc/apache2/ssl/nginx.crt;"'
335 | - name: Fix nginx certificate config 2
336 | become: true
337 | lineinfile: 'dest=/etc/nginx/sites-available/osrf-ws-http-proxy state=present regexp="ssl_certificate_key\s" line="ssl_certificate_key /etc/apache2/ssl/server.key;"'
338 | - name: Start nginx Websockets proxy
339 | ignore_errors: yes
340 | become: true
341 | service:
342 | name: nginx
343 | state: started
344 | # service module is broken for ansible/jammy/docker
345 | - name: Starting nginx manually 2
346 | ignore_errors: yes
347 | shell: /etc/init.d/nginx start
348 | when: ubuntu_version|lower == 'jammy'
349 |
350 | - name: copy the oils_sip.xml
351 | become: true
352 | shell: cp {{ openils_path }}/conf/oils_sip.xml.example {{ openils_path }}/conf/oils_sip.xml && chown opensrf:opensrf -R {{ openils_path }}
353 | - lineinfile: dest={{ openils_path }}/conf/oils_sip.xml state=present regexp=' {{openils_path}}/var/web/ping.txt && chown opensrf:opensrf {{openils_path}}/var/web/ping.txt
413 | - name: chowning openils
414 | become: true
415 | shell: chown -R opensrf:opensrf {{openils_path}}
416 |
417 | ...
418 |
--------------------------------------------------------------------------------
/generic-tarball/hosts:
--------------------------------------------------------------------------------
1 | 127.0.0.1 localhost
2 | ::1 localhost ip6-localhost ip6-loopback
3 | fe00::0 ip6-localnet
4 | ff00::0 ip6-mcastprefix
5 | ff02::1 ip6-allnodes
6 | ff02::2 ip6-allrouters
7 |
--------------------------------------------------------------------------------
/generic-tarball/logrotate_evergreen.txt:
--------------------------------------------------------------------------------
1 | replacemewith_path_and_curly_brace
2 | rotate 14
3 | compress
4 | size 1M
5 | notifempty
6 | }
7 |
--------------------------------------------------------------------------------
/generic-tarball/restart_post_boot.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: ma
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Remove ping.txt file
11 | become: true
12 | file: path="{{openils_path}}/var/web/ping.txt" state=absent
13 | - name: Stop Web services
14 | ignore_errors: yes
15 | become: true
16 | service:
17 | name: apache2
18 | state: stopped
19 | # service module is broken for ansible/jammy/docker
20 | - name: Stopping apache2 manually
21 | ignore_errors: yes
22 | shell: /etc/init.d/apache2 stop
23 | when: ubuntu_version|lower == 'jammy'
24 |
25 | - name: Kill z39.50
26 | become: true
27 | ignore_errors: yes
28 | shell: ps aux | grep simple[2]zoom | awk '{print $2}' | xargs kill
29 | - name: Stop Websocketd
30 | become: true
31 | ignore_errors: yes
32 | shell: "/bin/ps -ef | /bin/grep osrf-websocket-stdio | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
33 | - name: Stop nginx Websockets proxy
34 | ignore_errors: yes
35 | become: true
36 | service:
37 | name: nginx
38 | state: stopped
39 | # service module is broken for ansible/jammy/docker
40 | - name: Starting nginx manually
41 | ignore_errors: yes
42 | shell: /etc/init.d/nginx stop
43 | when: ubuntu_version|lower == 'jammy'
44 | - name: Stop OpenSRF
45 | become: true
46 | become_user: opensrf
47 | environment:
48 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
49 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
50 | - name: Stop SIP
51 | become: true
52 | become_user: opensrf
53 | environment:
54 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
55 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/oils_ctl.sh -a stop_sip
56 | - name: Kill OpenSRF
57 | ignore_errors: yes
58 | shell: "/bin/ps -ef | /bin/grep OpenSRF | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9"
59 | - name: Kill SIP
60 | ignore_errors: yes
61 | shell: /bin/ps -ef | /bin/grep -i sip | /bin/grep -v apache | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
62 | - name: Stop ejabberd
63 | become: true
64 | ignore_errors: yes
65 | service:
66 | name: ejabberd
67 | state: stopped
68 | - name: Kill ejabberd
69 | ignore_errors: yes
70 | shell: /bin/ps -ef | /bin/grep -i ejabberd | /bin/grep -v grep | /usr/bin/awk '{print $2}' | /usr/bin/xargs sudo kill -9
71 | - name: Start ejabberd
72 | ignore_errors: yes
73 | become: true
74 | service:
75 | name: ejabberd
76 | state: started
77 | # service module is broken for ansible/jammy/docker
78 | - name: Starting ejabberd manually
79 | ignore_errors: yes
80 | shell: /etc/init.d/ejabberd start
81 | when: ubuntu_version|lower == 'jammy'
82 | - name: Pausing for ejabberd to start
83 | pause: seconds=10
84 | - name: Start OpenSRF
85 | become: true
86 | become_user: opensrf
87 | environment:
88 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
89 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
90 | - name: Pausing for OpenSRF to spawn Drones
91 | pause: seconds=5
92 | - name: Run autogen
93 | become: true
94 | become_user: opensrf
95 | environment:
96 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
97 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/autogen.sh
98 | - name: Start SIP
99 | become: true
100 | become_user: opensrf
101 | environment:
102 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
103 | shell: "{{openils_path}}/bin/oils_ctl.sh -a start_sip"
104 | ### ## Start z39.50
105 | - name: Start z39.50 stuff
106 | become: true
107 | shell: /usr/bin/perl -w /usr/bin/simple2zoom -c {{openils_path}}/conf/dgo.conf -- -f {{openils_path}}/conf/xml2marc-yaz.cfg localhost:2210 localhost.org:210 -v all,sessiondetail,requestdetail,zoom,zoomdetails &
108 | - name: restarting cron
109 | ignore_errors: yes
110 | service:
111 | name: cron
112 | state: restarted
113 | - name: restarting cron
114 | ignore_errors: yes
115 | shell: /etc/init.d/cron stop
116 | when: ubuntu_version|lower == 'jammy'
117 |
118 | - name: Start Web services
119 | become: true
120 | ignore_errors: yes
121 | service:
122 | name: apache2
123 | state: started
124 |
125 | - name: Start Web services
126 | become: true
127 | ignore_errors: yes
128 | shell: /etc/init.d/apache2 start
129 | when: ubuntu_version|lower == 'jammy'
130 |
131 | - name: Starting websocketd
132 | become: true
133 | become_user: opensrf
134 | shell: '/egconfigs/start_websocketd'
135 | - name: Start nginx Websockets proxy
136 | become: true
137 | ignore_errors: yes
138 | service:
139 | name: nginx
140 | state: started
141 |
142 | - name: Start nginx Websockets proxy manually
143 | become: true
144 | ignore_errors: yes
145 | shell: /etc/init.d/nginx start
146 | when: ubuntu_version|lower == 'jammy'
147 |
148 | - name: starting cron
149 | ignore_errors: yes
150 | service:
151 | name: cron
152 | state: started
153 | # service module is broken for ansible/jammy/docker
154 | - name: Starting cron manually
155 | ignore_errors: yes
156 | shell: /etc/init.d/cron restart
157 | when: ubuntu_version|lower == 'jammy'
158 |
159 | - name: Setup ping.txt
160 | remote_user: opensrf
161 | shell: echo pong > {{openils_path}}/var/web/ping.txt && chown opensrf:opensrf {{openils_path}}/var/web/ping.txt
162 |
163 | ...
--------------------------------------------------------------------------------
/generic-tarball/run_tests.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Setup | Stop OpenSRF
11 | become: true
12 | become_user: opensrf
13 | environment:
14 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
15 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
16 | tags: angular,angular-e2e,pgtap
17 | - name: Setup | Reload a fresh copy of the concerto dataset
18 | become: true
19 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
20 | tags: angular,angular-e2e,pgtap
21 | - name: Setup | Start OpenSRF
22 | become: true
23 | become_user: opensrf
24 | environment:
25 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
26 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
27 | tags: angular,angular-e2e,pgtap
28 | - name: Setup | Install Firefox
29 | become: true
30 | apt:
31 | name: firefox-nightly
32 | update_cache: true
33 | tags: angularjs,angular,angular-e2e,angular-unit,opac
34 | - name: Setup | Symlink firefox to the firefox-nightly we got from mozilla
35 | become: true
36 | file:
37 | state: link
38 | src: /usr/bin/firefox-nightly
39 | dest: /usr/bin/firefox
40 | tags: angularjs,angular,angular-e2e,angular-unit,opac
41 | - name: Setup | Give evergreen user access to opensrf directories
42 | user:
43 | name: evergreen
44 | groups: opensrf
45 | append: yes
46 | tags: pgtap
47 | - name: Setup | Activate pgtap extension
48 | become: true
49 | become_user: evergreen
50 | shell: psql -c "CREATE EXTENSION pgtap;"
51 | tags: pgtap
52 | - name: Test | Run pgTAP tests
53 | become: true
54 | become_user: evergreen
55 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove t
56 | ignore_errors: true
57 | tags: pgtap
58 | - name: Test | Run pgTAP regression tests
59 | become: true
60 | become_user: evergreen
61 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove t/regress
62 | ignore_errors: true
63 | tags: pgtap
64 | - name: Test | Run pgTAP live tests
65 | become: true
66 | become_user: evergreen
67 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/sql/Pg && pg_prove live_t
68 | ignore_errors: true
69 | tags: pgtap
70 | - name: Test | Run AngularJS unit tests
71 | become: true
72 | become_user: opensrf
73 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/web/js/ui/default/staff && npm run test
74 | ignore_errors: true
75 | tags: angularjs
76 | - name: Test | Run Angular unit tests
77 | become: true
78 | become_user: opensrf
79 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/eg2 && npm run test
80 | ignore_errors: true
81 | tags: angular,angular-unit
82 | - name: Test | Run Angular e2e tests
83 | become: true
84 | become_user: opensrf
85 | environment:
86 | MOZ_HEADLESS: 1
87 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/eg2 && ng e2e
88 | ignore_errors: true
89 | tags: angular,angular-e2e
90 | - name: Test | Run OPAC js unit tests
91 | become: true
92 | become_user: opensrf
93 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/web/opac/deps && npm run test
94 | ignore_errors: true
95 | tags: opac
96 | - name: Perl Live Test Setup | Stop OpenSRF
97 | become: true
98 | become_user: opensrf
99 | environment:
100 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
101 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
102 | tags: perl
103 | - name: Perl Live Test Setup | Reload a fresh copy of the concerto dataset
104 | become: true
105 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
106 | tags: perl
107 | - name: Perl Live Test Setup | Start OpenSRF
108 | become: true
109 | become_user: opensrf
110 | environment:
111 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
112 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
113 | tags: perl
114 | - name: Test | Run Perl unit tests
115 | become: true
116 | become_user: opensrf
117 | shell: cd /home/opensrf/repos/Evergreen && make check
118 | ignore_errors: true
119 | tags: perl
120 | - name: Test | Run Perl live tests
121 | become: true
122 | become_user: opensrf
123 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/perlmods && make livecheck
124 | ignore_errors: true
125 | tags: perl
126 | - name: Test | Run C unit tests
127 | become: true
128 | become_user: opensrf
129 | shell: cd /home/opensrf/repos/Evergreen/Open-ILS/src/c-apps/tests && make check
130 | ignore_errors: true
131 | tags: c
132 | - name: Teardown | Stop OpenSRF
133 | become: true
134 | become_user: opensrf
135 | environment:
136 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
137 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --stop-all
138 | tags: perl,angular,angular-e2e,pgtap
139 | - name: Teardown | Reload a fresh copy of the concerto dataset
140 | become: true
141 | shell: cd /home/opensrf/repos/Evergreen && perl Open-ILS/src/support-scripts/eg_db_config --update-config --service all --create-database --create-schema --create-offline --user {{ database_user }} --password {{ database_password }} --hostname {{ database_host }} --port {{ database_port }} --database {{ database_database }} --admin-user {{ evergreen_global_admin }} --admin-pass {{ evergreen_global_admin_password }} --load-all-sample
142 | tags: perl,angular,angular-e2e,pgtap
143 | - name: Teardown | Start OpenSRF
144 | become: true
145 | become_user: opensrf
146 | environment:
147 | PATH: "{{ ansible_env.PATH }}:{{openils_path}}/bin"
148 | shell: export PATH=$PATH:{{openils_path}}/bin && {{openils_path}}/bin/osrf_control --localhost --start-all
149 | tags: perl,angular,angular-e2e,pgtap
150 | ...
151 |
--------------------------------------------------------------------------------
/generic-tarball/syslog-ng.sh:
--------------------------------------------------------------------------------
1 | # Run the build scripts
2 | apt-get -qq update
3 |
4 | # Install syslog-ng.
5 | apt-get -qq install -y --no-install-recommends syslog-ng-core
6 |
7 | # Clean up system
8 | apt-get -qq clean
9 | rm -rf /tmp/* /var/tmp/*
10 | rm -rf /var/lib/apt/lists/*
11 |
--------------------------------------------------------------------------------
/generic-tarball/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | #ansible-playbook /mnt/evergreen/playbooks/restart_app_services.yml --private-key /home/user/.ssh/id_rsa -vvvv -e "hosts=192.168.12.49"
3 |
4 | - hosts: '{{hosts}}'
5 | connection: local
6 | remote_user: user
7 | become_method: sudo
8 | vars_files:
9 | - vars.yml
10 | tasks:
11 | - name: Show var
12 | debug: msg={{opensrf_git_branch}}
13 |
14 | - name: register opensrf_git_branch
15 | set_fact: opensrf_git_branch='test'
16 | when: ubuntu_version|lower == 'focal'
17 |
18 | - name: Show var
19 | debug: msg={{opensrf_git_branch}}
20 |
21 | - name: test evergreen version number manipulation
22 | set_fact:
23 | eg_compare: "{{evergreen_version|regex_replace('^(\\d*)\\..*$', '\\1') }}"
24 |
25 | - name: Show var
26 | debug: msg={{eg_compare}}
27 |
28 | - name: test evergreen version number manipulation
29 | set_fact:
30 | eg_compare: "{{evergreen_version|regex_replace('\\.', '_') }}"
31 |
32 | - name: Show var
33 | debug: msg={{evergreen_stamp_id}}
34 |
35 | - name: Show var
36 | debug: msg={{install_xul_client}}
37 |
38 | - name: test
39 | file:
40 | path: "{{openils_path}}/var/web/xul/server"
41 | state: absent
42 |
43 | - name: Show var
44 | debug: msg={{postgres_version}}
45 |
46 | ...
47 |
--------------------------------------------------------------------------------
/generic-tarball/test_vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts: localhost
4 | connection: local
5 | remote_user: user
6 | become_method: sudo
7 | vars_files:
8 | - vars.yml
9 | tasks:
10 | - name: Test ubuntu_version
11 | fail:
12 | msg: ubuntu_version is undefined
13 | when: ubuntu_version is not defined
14 |
15 | - name: Test add_evergreen_language_support
16 | fail:
17 | msg: add_evergreen_language_support is undefined
18 | when: add_evergreen_language_support is not defined
19 |
20 | - name: Test evergreen_git_branch
21 | fail:
22 | msg: evergreen_git_branch is undefined
23 | when: evergreen_git_branch is not defined
24 |
25 | - name: Test evergreen_major_version
26 | fail:
27 | msg: evergreen_major_version is undefined
28 | when: evergreen_major_version is not defined
29 |
30 | - name: Test evergreen_minor_version
31 | fail:
32 | msg: evergreen_minor_version is undefined
33 | when: evergreen_minor_version is not defined
34 |
35 | - name: Test evergreen_tarball
36 | fail:
37 | msg: evergreen_tarball is undefined
38 | when: evergreen_tarball is not defined
39 |
40 | - name: Test evergreen_server_filename
41 | fail:
42 | msg: evergreen_server_filename is undefined
43 | when: evergreen_server_filename is not defined
44 |
45 | - name: Test evergreen_bug_version
46 | fail:
47 | msg: evergreen_bug_version is undefined
48 | when: evergreen_bug_version is not defined
49 |
50 | - name: Test install_xul_client
51 | fail:
52 | msg: install_xul_client is undefined
53 | when: install_xul_client is not defined
54 |
55 | - name: Test evergreen_stamp_id
56 | fail:
57 | msg: evergreen_stamp_id is undefined
58 | when: evergreen_stamp_id is not defined
59 |
60 | - name: Test postgres_version
61 | fail:
62 | msg: postgres_version is undefined
63 | when: postgres_version is not defined
64 |
65 | - name: Test websocketd_version
66 | fail:
67 | msg: websocketd_version is undefined
68 | when: websocketd_version is not defined
69 |
70 | - name: Test websocketd_filename
71 | fail:
72 | msg: websocketd_filename is undefined
73 | when: websocketd_filename is not defined
74 |
75 | - name: Test angular_build_command
76 | fail:
77 | msg: angular_build_command is undefined
78 | when: angular_build_command is not defined
79 |
80 | - name: Test opensrf_git_branch
81 | fail:
82 | msg: opensrf_git_branch is undefined
83 | when: opensrf_git_branch is not defined
84 |
85 | - name: Test lets_encrypt_shared_web_folder
86 | fail:
87 | msg: lets_encrypt_shared_web_folder is undefined
88 | when: lets_encrypt_shared_web_folder is not defined
89 |
90 | - name: Test shared_reports_folder
91 | fail:
92 | msg: shared_reports_folder is undefined
93 | when: shared_reports_folder is not defined
94 |
95 | - name: Test shared_circ_notices_folder
96 | fail:
97 | msg: shared_circ_notices_folder is undefined
98 | when: shared_circ_notices_folder is not defined
99 |
100 | - name: Test sync_openils_sub_folders_cmd
101 | fail:
102 | msg: sync_openils_sub_folders_cmd is undefined
103 | when: sync_openils_sub_folders_cmd is not defined
104 |
105 | - name: Test ejabberd_password
106 | fail:
107 | msg: ejabberd_password is undefined
108 | when: ejabberd_password is not defined
109 |
110 | - name: Test os_user_password
111 | fail:
112 | msg: os_user_password is undefined
113 | when: os_user_password is not defined
114 |
115 | - name: Test openils_path
116 | fail:
117 | msg: openils_path is undefined
118 | when: openils_path is not defined
119 |
120 | - name: Test domain_name
121 | fail:
122 | msg: domain_name is undefined
123 | when: domain_name is not defined
124 |
125 | - name: Test database_host
126 | fail:
127 | msg: database_host is undefined
128 | when: database_host is not defined
129 |
130 | - name: Test database_database
131 | fail:
132 | msg: database_database is undefined
133 | when: database_database is not defined
134 |
135 | - name: Test database_port
136 | fail:
137 | msg: database_port is undefined
138 | when: database_port is not defined
139 |
140 | - name: Test database_user
141 | fail:
142 | msg: database_user is undefined
143 | when: database_user is not defined
144 |
145 | - name: Test database_password
146 | fail:
147 | msg: database_password is undefined
148 | when: database_password is not defined
149 |
150 | - name: Test database_sample_data_set
151 | fail:
152 | msg: database_sample_data_set is undefined
153 | when: database_sample_data_set is not defined
154 |
155 | - name: Test evergreen_global_admin
156 | fail:
157 | msg: evergreen_global_admin is undefined
158 | when: evergreen_global_admin is not defined
159 |
160 | - name: Test evergreen_global_admin_password
161 | fail:
162 | msg: evergreen_global_admin_password is undefined
163 | when: evergreen_global_admin_password is not defined
164 |
165 | - name: Test sender_address
166 | fail:
167 | msg: sender_address is undefined
168 | when: sender_address is not defined
169 |
170 | - name: Test base_reporter_uri
171 | fail:
172 | msg: base_reporter_uri is undefined
173 | when: base_reporter_uri is not defined
174 |
175 | - name: Test reporter_output_folder
176 | fail:
177 | msg: reporter_output_folder is undefined
178 | when: reporter_output_folder is not defined
179 |
180 | - name: Test opensrf_zip_file_line
181 | fail:
182 | msg: opensrf_zip_file_line is undefined
183 | when: opensrf_zip_file_line is not defined
184 |
185 | - name: Test opensrf_memcached_server
186 | fail:
187 | msg: opensrf_memcached_server is undefined
188 | when: opensrf_memcached_server is not defined
189 |
190 | - name: Test opensrf_memcached_port
191 | fail:
192 | msg: opensrf_memcached_port is undefined
193 | when: opensrf_memcached_port is not defined
194 |
195 | - name: Test use_custom_opensrf_xml
196 | fail:
197 | msg: use_custom_opensrf_xml is undefined
198 | when: use_custom_opensrf_xml is not defined
199 |
200 | - name: Test Evergreen_cherry_picks
201 | fail:
202 | msg: Evergreen_cherry_picks is undefined
203 | when: Evergreen_cherry_picks is not defined
204 |
205 | - name: Test OpenSRF_cherry_picks
206 | fail:
207 | msg: OpenSRF_cherry_picks is undefined
208 | when: OpenSRF_cherry_picks is not defined
209 |
210 | - name: Test SIPServer_cherry_picks
211 | fail:
212 | msg: SIPServer_cherry_picks is undefined
213 | when: SIPServer_cherry_picks is not defined
214 |
215 | - name: Test install_pg_tap
216 | fail:
217 | msg: install_pg_tap is undefined
218 | when: install_pg_tap is not defined
219 |
220 | ...
221 |
--------------------------------------------------------------------------------
/generic-tarball/vars.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Allowed values: xenial, bionic, focal, jammy
3 | # Be sure and update Dockerfile to match the version that you are calling here
4 | # For reference: xenial = 16.04, bionic = 18.04, focal = 20.04, jammy = 22.04
5 | # NOTE: xenial is not supported due to the nodejs stack issues, but left here for reference in case you want to hack it
6 | # Evergreen didn't support ubuntu bionic until version 3.3
7 | ubuntu_version: jammy
8 | evergreen_version: 3.13.5
9 | # This is tempermental. If you turn this setting on, you might end up having to manually edit the resulting installation
10 | # Particularly eg_vhost.conf
11 | add_evergreen_language_support: no
12 | # You can manually assign the Evergreen git branch, or let this regular expression figure it out based on evergreen_git_branch
13 | evergreen_git_branch: rel_3_12
14 |
15 | evergreen_major_version: "{{evergreen_version|regex_replace('^(\\d*)\\..*$', '\\1') }}"
16 | evergreen_minor_version: "{{evergreen_version|regex_replace('^\\d*\\.(\\d*)\\.?.*$', '\\1') }}"
17 | evergreen_bug_version: "{{evergreen_version|regex_replace('^\\d*\\.\\d*\\.?(\\d*).*$', '\\1') }}"
18 | install_xul_client: "{% if (evergreen_major_version|int > 2 and evergreen_minor_version|int < 3) or evergreen_major_version|int == 2 %}yes{% else %}no{% endif %}"
19 | evergreen_stamp_id: "{{ 'rel_' + (evergreen_version|regex_replace('\\.', '_')) }}"
20 | postgres_version: "{% if evergreen_major_version|int == 3 and evergreen_minor_version|int > 13 %}15{% elif ubuntu_version|lower == 'jammy' or ubuntu_version|lower == 'focal' %}10{% elif ubuntu_version|lower == 'bionic' %}9.6{% else %}9.5{% endif %}"
21 | websocketd_version: 0.3.0
22 | websocketd_filename: "websocketd-{{ websocketd_version }}-linux_{% if ansible_architecture == 'aarch64' %}arm64{% else %}amd64{% endif %}.zip"
23 | angular_build_command: "ng build {% if (evergreen_major_version|int == 3 and evergreen_minor_version|int < 9) %}--prod{% else %}--configuration=production{% endif %}"
24 | evergreen_server_filename: Evergreen-ILS-{{evergreen_major_version}}.{{evergreen_minor_version}}.{{evergreen_bug_version}}
25 |
26 | # The latest version of OpenSRF seems to work with all versions of Evergreen.
27 | opensrf_git_branch: osrf_rel_3_3_2
28 | evergreen_tarball: /egconfigs/{{evergreen_server_filename}}.tar.gz
29 | # This directory will be linked to /openilspath/var/web/.well-known
30 | lets_encrypt_shared_web_folder: /mnt/evergreen/letsencrypt_shared_web_directory/.well-known
31 |
32 | # This variable will create a sym link to /openilspath/var/web/reporter
33 | shared_reports_folder: /mnt/evergreen/reports
34 |
35 | # This variable will create a sym link to /openilspath/var/web/notices
36 | shared_circ_notices_folder: /mnt/evergreen/circ_notices
37 | # Custom script to call during boot time. It needs to be exposed to the container
38 | # errors are ignored, but this variable needs to exist. Set it to something regardless
39 | # This is a mechanism for you to do something custom to the OS upon boot. Anything you can
40 | # do with a shell script. Setting SSL certificates, putting in place custom tt2 files, etc.
41 | sync_openils_sub_folders_cmd: /mnt/evergreen/apps/syncope
42 |
43 | ejabberd_password: ejabberdpassword
44 | os_user_password: password
45 | openils_path: /openils
46 |
47 | domain_name: localhost.localdomain.org
48 | database_host: localhost
49 | database_database: evergreen
50 | database_port: 5432
51 | database_user: evergreen
52 | database_password: databasepassword
53 | # Enhanced concerto: --load-concerto-enhanced
54 | # Smaller concerto: --load-all-sample
55 | database_sample_data_set: --load-concerto-enhanced
56 | evergreen_global_admin: admin
57 | evergreen_global_admin_password: demo123
58 | sender_address: no-reply@localhost.com
59 | base_reporter_uri: https://localhost/reporter/
60 | reporter_output_folder: /openils/var/web/reporter
61 | opensrf_zip_file_line: /openils/conf/zips.txt
62 | opensrf_memcached_server: 127.0.0.1
63 | opensrf_memcached_port: 11211
64 | use_custom_opensrf_xml: no
65 | Evergreen_cherry_picks: []
66 | OpenSRF_cherry_picks: []
67 | SIPServer_cherry_picks: []
68 | install_pg_tap: yes
69 | ...
70 |
--------------------------------------------------------------------------------