├── .github
└── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── LICENSE
├── README.md
├── Vagrantfile
├── ci
├── smoke-test-linux
│ ├── Jenkinsfile
│ └── benchmark.patch
└── smoke-test-windows
│ └── Jenkinsfile
├── cronicle
├── cronicle_env_variables.sh
└── cronicle_setup.sh
├── pillar
├── README.md
├── dev
│ ├── app
│ │ └── init.sls
│ ├── elasticsearch
│ │ └── init.sls
│ ├── elk
│ │ └── init.sls
│ ├── hosting
│ │ └── init.sls
│ ├── mysql
│ │ └── init.sls
│ ├── postfix
│ │ └── init.sls
│ ├── postgresql
│ │ └── init.sls
│ ├── rabbitmq
│ │ └── init.sls
│ ├── top.sls
│ └── user
│ │ └── init.sls
├── prod
│ └── .gitkeep
├── qa
│ └── .gitkeep
└── stag
│ └── .gitkeep
├── post_up_message.txt
├── salt_minion
├── saltstack
├── README.md
├── base
│ ├── chromedriver
│ │ └── init.sls
│ ├── docker
│ │ ├── init.sls
│ │ └── install.sls
│ ├── elasticsearch
│ │ ├── environments.sls
│ │ ├── files
│ │ │ ├── elasticsearch_instance
│ │ │ │ ├── etc
│ │ │ │ │ ├── default
│ │ │ │ │ │ └── elasticsearch
│ │ │ │ │ ├── elasticsearch
│ │ │ │ │ │ ├── elasticsearch.yml
│ │ │ │ │ │ ├── jvm.options
│ │ │ │ │ │ └── log4j2.properties
│ │ │ │ │ ├── init.d
│ │ │ │ │ │ └── elasticsearch
│ │ │ │ │ └── systemd
│ │ │ │ │ │ └── system
│ │ │ │ │ │ └── elasticsearch.service
│ │ │ │ └── usr
│ │ │ │ │ └── lib
│ │ │ │ │ └── systemd
│ │ │ │ │ └── system
│ │ │ │ │ └── elasticsearch.service.d
│ │ │ │ │ └── 10-limits.conf
│ │ │ └── etc
│ │ │ │ └── logrotate.d
│ │ │ │ └── elasticsearch-instances
│ │ ├── init.sls
│ │ ├── install.sls
│ │ ├── macros
│ │ │ └── elasticsearch_instance.sls
│ │ └── update.sls
│ ├── elk
│ │ ├── filebeat.sls
│ │ ├── files
│ │ │ ├── etc
│ │ │ │ ├── filebeat
│ │ │ │ │ └── filebeat.yml
│ │ │ │ └── systemd
│ │ │ │ │ └── system
│ │ │ │ │ └── kibana.service
│ │ │ └── opt
│ │ │ │ └── kibana
│ │ │ │ └── config
│ │ │ │ └── kibana.yml
│ │ ├── init.sls
│ │ └── kibana.sls
│ ├── hosting
│ │ ├── claranet.sls
│ │ ├── files
│ │ │ ├── rackspace
│ │ │ │ └── etc
│ │ │ │ │ └── sudoers.d
│ │ │ │ │ └── rackspace-support
│ │ │ ├── simple
│ │ │ │ └── etc
│ │ │ │ │ ├── hosts
│ │ │ │ │ └── resolv.conf
│ │ │ └── vagrant
│ │ │ │ └── etc
│ │ │ │ ├── hosts
│ │ │ │ └── resolv.conf
│ │ ├── filesystem.sls
│ │ ├── firewall.sls
│ │ ├── init.sls
│ │ ├── macros
│ │ │ └── firewall
│ │ │ │ └── ufw.sls
│ │ ├── rackspace.sls
│ │ ├── simple.sls
│ │ └── vagrant.sls
│ ├── java
│ │ └── init.sls
│ ├── jenkins
│ │ ├── init.sls
│ │ ├── install.sls
│ │ └── update.sls
│ ├── mysql-server
│ │ ├── credentials.sls
│ │ ├── dependencies.sls
│ │ ├── files
│ │ │ └── etc
│ │ │ │ └── mysql
│ │ │ │ ├── conf.d
│ │ │ │ ├── binlog.cnf
│ │ │ │ └── strict.cnf
│ │ │ │ └── my.cnf
│ │ ├── init.sls
│ │ ├── setup.sls
│ │ └── update.sls
│ ├── newrelic
│ │ ├── init.sls
│ │ └── php.sls
│ ├── nginx
│ │ ├── files
│ │ │ └── etc
│ │ │ │ └── nginx
│ │ │ │ ├── conf.d
│ │ │ │ ├── allow-ip.conf
│ │ │ │ ├── logformat.conf
│ │ │ │ └── real-ip.conf
│ │ │ │ ├── fastcgi_params
│ │ │ │ └── nginx.conf
│ │ └── init.sls
│ ├── nodejs
│ │ ├── init.sls
│ │ ├── nvm.sls
│ │ └── update.sls
│ ├── php
│ │ ├── composer.sls
│ │ ├── config.sls
│ │ ├── dependencies.sls
│ │ ├── extensions.sls
│ │ ├── files
│ │ │ └── etc
│ │ │ │ ├── php
│ │ │ │ └── 8.0
│ │ │ │ │ ├── fpm
│ │ │ │ │ └── php-fpm.conf
│ │ │ │ │ ├── mods-available
│ │ │ │ │ ├── opcache.ini
│ │ │ │ │ └── xdebug.ini
│ │ │ │ │ └── php.ini
│ │ │ │ └── systemd
│ │ │ │ └── system
│ │ │ │ └── php8.0-fpm.service.d
│ │ │ │ └── spryker-env.conf
│ │ ├── fpm.sls
│ │ ├── init.sls
│ │ ├── install.sls
│ │ ├── macros
│ │ │ └── php_module.sls
│ │ └── update.sls
│ ├── postfix
│ │ ├── config.sls
│ │ ├── files
│ │ │ └── etc
│ │ │ │ ├── mailname
│ │ │ │ └── postfix
│ │ │ │ ├── main.cf
│ │ │ │ └── sasl_passwd
│ │ ├── init.sls
│ │ └── install.sls
│ ├── postgresql
│ │ ├── credentials.sls
│ │ ├── files
│ │ │ └── etc
│ │ │ │ └── postgresql
│ │ │ │ ├── pg_hba.conf
│ │ │ │ └── postgresql.conf
│ │ ├── init.sls
│ │ ├── setup.sls
│ │ └── update.sls
│ ├── pound
│ │ ├── files
│ │ │ └── etc
│ │ │ │ ├── default
│ │ │ │ └── pound
│ │ │ │ └── pound
│ │ │ │ ├── certs
│ │ │ │ ├── 1star_local
│ │ │ │ ├── 2star_local
│ │ │ │ ├── 3star_local
│ │ │ │ ├── 4star_local
│ │ │ │ └── star_spryker_dev
│ │ │ │ └── pound.cfg
│ │ └── init.sls
│ ├── rabbitmq
│ │ ├── credentials.sls
│ │ ├── init.sls
│ │ ├── setup.sls
│ │ └── update.sls
│ ├── redis
│ │ ├── environments.sls
│ │ ├── files
│ │ │ ├── etc
│ │ │ │ ├── init.d
│ │ │ │ │ └── redis-server
│ │ │ │ ├── logrotate.d
│ │ │ │ │ └── redis-instances
│ │ │ │ └── systemd
│ │ │ │ │ └── system
│ │ │ │ │ └── redis-server.service
│ │ │ └── redis_instance
│ │ │ │ └── etc
│ │ │ │ └── redis
│ │ │ │ └── redis.conf
│ │ ├── init.sls
│ │ ├── install.sls
│ │ └── macros
│ │ │ └── redis_instance.sls
│ ├── ruby
│ │ └── init.sls
│ ├── samba
│ │ ├── files
│ │ │ └── etc
│ │ │ │ └── samba
│ │ │ │ └── smb.conf
│ │ └── init.sls
│ ├── serverspec
│ │ └── init.sls
│ ├── settings
│ │ ├── environments.sls
│ │ ├── hosts.sls
│ │ ├── init.sls
│ │ └── port_numbering.sls
│ ├── spryker
│ │ ├── cleanup-cronjobs.sls
│ │ ├── deployment.sls
│ │ ├── environments.sls
│ │ ├── files
│ │ │ ├── config
│ │ │ │ ├── config_local.php
│ │ │ │ ├── config_local_XX.php
│ │ │ │ └── console_env_local.php
│ │ │ ├── etc
│ │ │ │ ├── cron.d
│ │ │ │ │ └── yves-zed-cleanup
│ │ │ │ ├── deploy
│ │ │ │ │ ├── config.rb
│ │ │ │ │ ├── deploy.key
│ │ │ │ │ ├── deploy.rb
│ │ │ │ │ ├── functions.rb
│ │ │ │ │ └── ssh_wrapper.sh
│ │ │ │ ├── nginx
│ │ │ │ │ ├── conf.d
│ │ │ │ │ │ ├── backend.conf
│ │ │ │ │ │ └── env.conf
│ │ │ │ │ ├── htpasswd-staging
│ │ │ │ │ ├── htpasswd-zed
│ │ │ │ │ ├── sites-available
│ │ │ │ │ │ ├── XX-backendapi.conf
│ │ │ │ │ │ ├── XX-backendgateway.conf
│ │ │ │ │ │ ├── XX-backoffice.conf
│ │ │ │ │ │ ├── XX-gateway.conf
│ │ │ │ │ │ ├── XX-glue.conf
│ │ │ │ │ │ ├── XX-yves.conf
│ │ │ │ │ │ ├── XX-zed.conf
│ │ │ │ │ │ ├── configurator.conf
│ │ │ │ │ │ └── static.conf
│ │ │ │ │ └── spryker
│ │ │ │ │ │ ├── backendapi.conf
│ │ │ │ │ │ ├── backendgateway.conf
│ │ │ │ │ │ ├── backoffice.conf
│ │ │ │ │ │ ├── configurator.conf
│ │ │ │ │ │ ├── gateway.conf
│ │ │ │ │ │ ├── glue.conf
│ │ │ │ │ │ ├── static.conf
│ │ │ │ │ │ ├── yves.conf
│ │ │ │ │ │ └── zed.conf
│ │ │ │ └── php
│ │ │ │ │ ├── 7.1
│ │ │ │ │ └── fpm
│ │ │ │ │ │ └── pool.d
│ │ │ │ │ │ ├── backendapi.conf
│ │ │ │ │ │ ├── backendgateway.conf
│ │ │ │ │ │ ├── backoffice.conf
│ │ │ │ │ │ ├── configurator.conf
│ │ │ │ │ │ ├── gateway.conf
│ │ │ │ │ │ ├── glue.conf
│ │ │ │ │ │ ├── yves.conf
│ │ │ │ │ │ └── zed.conf
│ │ │ │ │ ├── 7.2
│ │ │ │ │ └── fpm
│ │ │ │ │ │ └── pool.d
│ │ │ │ │ │ ├── backendapi.conf
│ │ │ │ │ │ ├── backendgateway.conf
│ │ │ │ │ │ ├── backoffice.conf
│ │ │ │ │ │ ├── configurator.conf
│ │ │ │ │ │ ├── gateway.conf
│ │ │ │ │ │ ├── glue.conf
│ │ │ │ │ │ ├── yves.conf
│ │ │ │ │ │ └── zed.conf
│ │ │ │ │ ├── 7.4
│ │ │ │ │ └── fpm
│ │ │ │ │ │ └── pool.d
│ │ │ │ │ │ ├── backendapi.conf
│ │ │ │ │ │ ├── backendgateway.conf
│ │ │ │ │ │ ├── backoffice.conf
│ │ │ │ │ │ ├── configurator.conf
│ │ │ │ │ │ ├── gateway.conf
│ │ │ │ │ │ ├── glue.conf
│ │ │ │ │ │ ├── yves.conf
│ │ │ │ │ │ └── zed.conf
│ │ │ │ │ └── 8.0
│ │ │ │ │ └── fpm
│ │ │ │ │ └── pool.d
│ │ │ │ │ ├── backendapi.conf
│ │ │ │ │ ├── backendgateway.conf
│ │ │ │ │ ├── backoffice.conf
│ │ │ │ │ ├── configurator.conf
│ │ │ │ │ ├── gateway.conf
│ │ │ │ │ ├── glue.conf
│ │ │ │ │ ├── yves.conf
│ │ │ │ │ └── zed.conf
│ │ │ └── jenkins_instance
│ │ │ │ ├── config.xml
│ │ │ │ └── etc
│ │ │ │ ├── default
│ │ │ │ └── jenkins
│ │ │ │ └── init.d
│ │ │ │ └── jenkins
│ │ ├── htpasswd.sls
│ │ ├── init.sls
│ │ ├── install.sls
│ │ ├── macros
│ │ │ └── jenkins_instance.sls
│ │ ├── nginx.sls
│ │ ├── stores.sls
│ │ └── tools.sls
│ ├── system
│ │ ├── charset.sls
│ │ ├── files
│ │ │ └── etc
│ │ │ │ ├── apt
│ │ │ │ └── sources.list
│ │ │ │ ├── motd
│ │ │ │ ├── profile.d
│ │ │ │ └── fix_charset.sh
│ │ │ │ ├── salt
│ │ │ │ └── minion.d
│ │ │ │ │ └── mine.conf
│ │ │ │ └── sudoers
│ │ ├── filesystems.sls
│ │ ├── init.sls
│ │ ├── minion.sls
│ │ ├── motd.sls
│ │ ├── repositories.sls
│ │ ├── sudoers.sls
│ │ ├── sysctl.sls
│ │ ├── systemd.sls
│ │ ├── time.sls
│ │ └── utils.sls
│ ├── top.sls
│ └── user
│ │ └── init.sls
├── dev
│ ├── .gitkeep
│ ├── avahi
│ │ ├── files
│ │ │ └── etc
│ │ │ │ └── avahi
│ │ │ │ ├── avahi-daemon.conf
│ │ │ │ └── services
│ │ │ │ └── smb.service
│ │ └── init.sls
│ ├── cachefilesd
│ │ ├── files
│ │ │ └── etc
│ │ │ │ └── default
│ │ │ │ └── cachefilesd
│ │ └── init.sls
│ ├── development
│ │ ├── files
│ │ │ ├── etc
│ │ │ │ ├── cron.d
│ │ │ │ │ └── vagrant-ntpdate
│ │ │ │ └── modprobe.d
│ │ │ │ │ └── cifs.conf
│ │ │ └── home
│ │ │ │ └── vagrant
│ │ │ │ └── bin
│ │ │ │ └── xdebug
│ │ └── init.sls
│ └── mailcatcher
│ │ ├── files
│ │ └── etc
│ │ │ ├── init.d
│ │ │ └── mailcatcher
│ │ │ └── systemd
│ │ │ └── system
│ │ │ └── mailcatcher.service
│ │ └── init.sls
├── prod
│ └── .gitkeep
├── qa
│ └── .gitkeep
├── stag
│ └── .gitkeep
└── test
│ ├── .rspec
│ ├── Gemfile
│ ├── Gemfile.lock
│ ├── README.md
│ ├── Rakefile
│ └── spec
│ ├── server
│ ├── elasticsearch_spec.rb
│ ├── filesystem_spec.rb
│ ├── jenkins_spec.rb
│ ├── kibana_spec.rb
│ ├── mysql_spec.rb
│ ├── nginx_spec.rb
│ ├── nodejs_spec.rb
│ ├── packages_spec.rb
│ ├── pgsql_spec.rb
│ ├── php_spec.rb
│ ├── pound_spec.rb
│ ├── rabbitmq_spec.rb
│ └── services_spec.rb
│ └── spec_helper.rb
├── utility
└── vbg-installer.rb
└── vagrant-ci
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | ## PR Description
2 | Add a meaningful description here that will let us know what you want to fix with this PR or what functionality you want to add.
3 |
4 | ## Steps before you submit a PR
5 | - Please add tests for the code you add if it's possible.
6 | - Please check out our contribution guide: https://docs.spryker.com/docs/dg/dev/code-contribution-guide.html
7 | - Add a `contribution-license-agreement.txt` file with the following content:
8 | `I hereby agree to Spryker\'s Contribution License Agreement in https://github.com/spryker/devvm/blob/HASH_OF_COMMIT_YOU_ARE_BASING_YOUR_BRANCH_FROM_MASTER_BRANCH/CONTRIBUTING.md.`
9 |
10 | This is a mandatory step to make sure you are aware of the license agreement and agree to it. `HASH_OF_COMMIT_YOU_ARE_BASING_YOUR_BRANCH_FROM_MASTER_BRANCH` is a hash of the commit you are basing your branch from the master branch. You can take it from commits list of master branch before you submit a PR.
11 |
12 | ## Checklist
13 | - [x] I agree with the Code Contribution License Agreement in CONTRIBUTING.md
14 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /mkmf.log
2 | /.vagrant
3 | /spryker
4 | /.idea
5 | /demoshop
6 | /project
7 | .vm
8 | Vagrantfile-quick
9 | .DS_Store
10 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2016, Spryker Systems GmbH in cooperation with KoreKontrol Germany GmbH
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # devvm
2 |
3 | **DEPRECATED**
4 |
5 | We will soon deprecate the DevVM and stop supporting it. Therefore, we highly recommend [Docker SDK](https://docs.spryker.com/docs/scos/dev/the-docker-sdk/202204.0/the-docker-sdk.html#docker-sdk-repository-structure). To install Spryker, refer to [Installing Spryker with Docker](https://docs.spryker.com//docs/scos/dev/setup/installing-spryker-with-docker/installing-spryker-with-docker.html)
6 |
7 |
8 | Spryker DevVM (development vm)
9 | This repository contains the Vagrantfile for setting up initial state of the DevVM. Provisioning of the machine is done using SaltStack.
10 | For more information:
11 |
12 | Please take a look at docs for more information:
13 | [docs](https://docs.spryker.com/docs/scos/dev/setup/installing-spryker-with-vagrant/b2b-or-b2c-demo-shop-installation-mac-os-or-linux-with-development-virtual-machine.html#install-prerequisites)
14 | [Internal docs](https://spryker.atlassian.net/wiki/spaces/DIO/pages/2836660432/DevVM+-+v4.1.0)
15 |
16 |
17 |
18 | ## Changelog
19 | - Using Spryker mirror of Jenkins repository
20 | - Update outdated Bintray repository
21 | - PHP 8.0
22 | - Build optimal variables_hash
23 | - Release new endpoints
24 | - Initial support for Cronicle
25 | - Bug fixes and other minor improvements
--------------------------------------------------------------------------------
/cronicle/cronicle_env_variables.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | export SPRYKER_CRONICLE_BASE_PATH=/data/shop/development/current
4 | export SPRYKER_PROJECT_ROOT=/data/shop/development/current
5 | export SPRYKER_ENABLED_SCHEDULERS="{\"cronicle\":{\"base_url\":\"http:\\/\\/localhost:3012\",\"api_key\":\"secure-string\"}}"
6 | export SPRYKER_ENABLED_SCHEDULER_STORES="[\"DE\",\"AT\",\"US\"]"
7 | export SPRYKER_STORE_SPECIFIC="{\"DE\":{\"APPLICATION_STORE\":\"DE\",\"SPRYKER_SEARCH_NAMESPACE\":\"de_search\",\"SPRYKER_KEY_VALUE_STORE_NAMESPACE\":1,\"SPRYKER_BROKER_NAMESPACE\":\"DE_development_zed\",\"SPRYKER_SESSION_BE_NAMESPACE\":2},\"AT\":{\"APPLICATION_STORE\":\"AT\",\"SPRYKER_SEARCH_NAMESPACE\":\"at_search\",\"SPRYKER_KEY_VALUE_STORE_NAMESPACE\":1,\"SPRYKER_BROKER_NAMESPACE\":\"AT_development_zed\",\"SPRYKER_SESSION_BE_NAMESPACE\":2},\"US\":{\"APPLICATION_STORE\":\"US\",\"SPRYKER_SEARCH_NAMESPACE\":\"us_search\",\"SPRYKER_KEY_VALUE_STORE_NAMESPACE\":1,\"SPRYKER_BROKER_NAMESPACE\":\"DE_development_zed\",\"SPRYKER_SESSION_BE_NAMESPACE\":2}}"
8 | export SPRYKER_CURRENT_SCHEDULER="cronicle"
9 | export SPRYKER_SCHEDULER_API_KEY="secure-string"
10 | export SPRYKER_SCHEDULER_ADMIN_USERNAME="spryker"
11 | export SPRYKER_SCHEDULER_ADMIN_PASSWORD="secret"
12 | export SPRYKER_SCHEDULER_ADMIN_EMAIL="admin@spryker.local"
13 |
--------------------------------------------------------------------------------
/cronicle/cronicle_setup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | cd ${SPRYKER_CRONICLE_BASE_PATH}/cronicle
4 | node bin/build.js dist
5 | ./bin/control.sh setup
6 | node bin/hook.js before-start
7 | ./bin/control.sh start
8 |
--------------------------------------------------------------------------------
/pillar/README.md:
--------------------------------------------------------------------------------
1 | # Reference pillar repository for Spryker SaltStack
2 |
3 | This repository contains pillar values (settings) for Spryker SaltStack. It is
4 | a reference repository, which should be cloned and used as a base for specific
5 | projects.
6 |
7 | > Pillars are tree-like structures of data defined on the Salt Master and
8 | > passed through to minions. They allow confidential, targeted data to be
9 | > securely sent only to the relevant minion.
10 |
11 | ## Documentation
12 | * Spryker [reference salstack](https://github.com/spryker/saltstack) repository
13 | * Official [pillar walkthrough](http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html)
14 |
--------------------------------------------------------------------------------
/pillar/dev/elasticsearch/init.sls:
--------------------------------------------------------------------------------
1 | # Note: Elasticsearch plugins should have version, which fits installed elasticsearch version
2 |
3 | elasticsearch:
4 | version: 7.8.1
5 | # plugins:
6 | # head:
7 | # name: mobz/elasticsearch-head
8 |
--------------------------------------------------------------------------------
/pillar/dev/elk/init.sls:
--------------------------------------------------------------------------------
1 | elk:
2 | # Location of Elasticsearch for logs. Note that SaltStack will not setup this ES,
3 | # so it should be either a seperate, dedicated Elasticsearch cluster for logs (production),
4 | # or it could be shared Elasticsearch cluster with spryker shop catalog (this is not live-ready
5 | # solution, but it works fine on DevVM where we need to optimize resources).
6 |
7 | elasticsearch:
8 | host: localhost
9 | port: 10005
10 |
11 | kibana:
12 | version: 7.8.1
13 |
--------------------------------------------------------------------------------
/pillar/dev/hosting/init.sls:
--------------------------------------------------------------------------------
1 | # Values for hosting scenarios
2 |
3 |
4 | hosting:
5 |
6 | # Name of the sls file in hosting state (the hosting state must have
7 | # the substate with the same name, as specified here).
8 | # Mandatory, no default value
9 | provider: vagrant
10 |
11 | # Country of debian mirror to use for installing packages
12 | # Optional, default: cloudfront.debian.net
13 | debian_mirror: ftp.de.debian.org
14 |
15 | # Network part of created MySQL users
16 | # Optional, default: %
17 | mysql_network: "%"
18 |
19 | # Network allowed for PostgreSQL access (in pg_hba.conf)
20 | # Optional, default: none
21 | postgresql_network: 10.0.0.0/8
22 |
23 | # Network interface used for communication between spryker components
24 | # Mandatory, default: lo (works on localhost only)
25 | #project_network_interface: eth0
26 |
27 | # List of whitelisted IP's for HTTP authorization
28 | # It should include local IP addresses or networks of Yves/Zed servers
29 | # HTTP API requests between Yves and Zed must be whitelisted!
30 | # Optional, default: - 127.0.0.1
31 | http_auth_whitelist:
32 | - 127.0.0.1/32
33 | - 10.10.0.0/24
34 |
35 | # Support for managed services:
36 | # If the values for external_* keys are non-empty, then the setup of service
37 | # will be omitted and endpoints specified below will be used. It can be used
38 | # if the service is provided by datacenter as-a-service.
39 | #
40 | # Those settings do not have effect on dev environment!
41 | # Optional, default: no value
42 |
43 | #external_mysql: 127.0.0.1
44 | #external_elasticsearch:
45 | # - 127.0.0.1
46 | # - 127.0.0.2
47 | #external_redis: 127.0.0.4
48 |
--------------------------------------------------------------------------------
/pillar/dev/mysql/init.sls:
--------------------------------------------------------------------------------
1 | # Configuration of MySQL database server.
2 | #
3 | # Parameters and values from this file are placed in my.cnf file
4 | # For the documentation of the parameters, please check MySQL documentation
5 |
6 | mysql:
7 | superuser:
8 | username: root
9 | password: mate20mg
10 |
--------------------------------------------------------------------------------
/pillar/dev/postfix/init.sls:
--------------------------------------------------------------------------------
1 | # Postfix configuration. We should use a reliable mail relay (with SPF / DKIM)
2 | # on production system.
3 | #
4 | # On dev - we redirect everything to mailcatcher, which runs on localhost, port 1025
5 |
6 | postfix:
7 | relay:
8 |
9 | # Location of the relay host
10 | # Optional, default: no value
11 | host: "127.0.0.1:1025"
12 |
13 | # Username for relay host SMTP authorization
14 | # Optional, default: no value
15 | user:
16 |
17 | # Password for relay host SMTP authorization
18 | # Optional, default: no value
19 | api_key:
--------------------------------------------------------------------------------
/pillar/dev/postgresql/init.sls:
--------------------------------------------------------------------------------
1 | # Configuration of PostgreSQL database server.
2 | #
3 | # Parameters and values from this file are placed in postgresql.conf file
4 | # For the documentation of the parameters, please check PostgreSQL documentation
5 |
6 | postgresql:
7 | # Optional, default: 64MB
8 | shared_buffers: 64MB
9 |
10 | # Optional, default: 8MB
11 | temp_buffers: 8MB
12 |
13 | # Optional, default: 8MB
14 | work_mem: 8MB
15 |
16 | # Optional, default: 128MB
17 | maintenance_work_mem: 128MB
18 |
19 | # Optional, default: 64MB
20 | effective_cache_size: 64MB
21 |
22 | # Optional, default: 1024
23 | max_connections: 32
24 |
25 | # Optional, if not present - additional admin account will not be created
26 | superuser:
27 | username: admin
28 | password: mate20mg
29 |
--------------------------------------------------------------------------------
/pillar/dev/rabbitmq/init.sls:
--------------------------------------------------------------------------------
1 | # RabbitMQ queue configuration
2 |
3 | rabbitmq:
4 | # Enable RabbitMQ service?
5 | # Optional, default: True
6 | enabled: True
7 | node_name: rabbit@localhost
8 |
9 | # Parameters for administrator user for rabbitmq web GUI
10 | # If the section below is not specified, admin user for web interface will not be created
11 | # Optional, default: no value
12 | admin_user:
13 | username: admin
14 | password: mate20mg
15 |
--------------------------------------------------------------------------------
/pillar/dev/top.sls:
--------------------------------------------------------------------------------
1 | dev:
2 | 'G@environment:dev':
3 | - match: compound
4 | - hosting
5 | - app
6 | - user
7 | - postfix
8 | - postgresql
9 | - mysql
10 | - rabbitmq
11 | - elasticsearch
12 | - elk
--------------------------------------------------------------------------------
/pillar/dev/user/init.sls:
--------------------------------------------------------------------------------
1 | user:
2 | # Name of user
3 | # Mandatory, no default value
4 | vagrant:
5 |
6 | # Full name of the user
7 | # Mandatory, no default value
8 | fullname: Vagrant User
9 |
10 | # Allow the user to run "sudo" command?
11 | # Optional, default: False
12 | admin: True
13 |
14 | # Shell for the user
15 | # Optional, default: /bin/bash
16 | shell: /bin/bash
17 |
18 | # Public SSH key for the user
19 | # Optional, no default value
20 | #ssh_key: |
21 | # ssh-rsa xxxxxxxxxxxx user@host
22 |
23 |
--------------------------------------------------------------------------------
/pillar/prod/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/pillar/prod/.gitkeep
--------------------------------------------------------------------------------
/pillar/qa/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/pillar/qa/.gitkeep
--------------------------------------------------------------------------------
/pillar/stag/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/pillar/stag/.gitkeep
--------------------------------------------------------------------------------
/post_up_message.txt:
--------------------------------------------------------------------------------
1 | DevVM is depricated.
2 |
3 | Please use the Docker environment.
4 | Read more follow: https://docs.spryker.com/docs/scos/dev/setup/installing-spryker-with-docker/installing-spryker-with-docker.html
--------------------------------------------------------------------------------
/salt_minion:
--------------------------------------------------------------------------------
1 | master: localhost
2 | file_client: local
3 | state_events: false
4 | id: spryker-vm
5 | saltenv: dev
6 | postgres.bins_dir: "/usr/lib/postgresql/9.6/bin/"
7 | grains:
8 | environment: dev
9 | roles:
10 | - app
11 | - web
12 | - cronjobs
13 | - elasticsearch
14 | - dev
15 | - queue
16 | - redis
17 | - postgresql
18 | file_roots:
19 | dev:
20 | - /srv/salt/dev
21 | - /srv/salt/base
22 | pillar_roots:
23 | dev:
24 | - /srv/pillar/dev
25 |
26 |
--------------------------------------------------------------------------------
/saltstack/base/chromedriver/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install Chromedriver dependencies
3 | #
4 |
5 | chromedriver-dependencies:
6 | pkg.installed:
7 | - pkgs:
8 | - unzip
9 | - gnupg
10 | - libnss3-dev
11 | - ca-certificates
12 | - fonts-liberation
13 | - libappindicator3-1
14 | - libasound2
15 | - libatk-bridge2.0-0
16 | - libatk1.0-0
17 | - libc6
18 | - libcairo2
19 | - libcups2
20 | - libdbus-1-3
21 | - libexpat1
22 | - libfontconfig1
23 | - libgbm1
24 | - libgcc1
25 | - libglib2.0-0
26 | - libgtk-3-0
27 | - libnspr4
28 | - libnss3
29 | - libpango-1.0-0
30 | - libpangocairo-1.0-0
31 | - libstdc++6
32 | - libx11-6
33 | - libx11-xcb1
34 | - libxcb1
35 | - libxcomposite1
36 | - libxcursor1
37 | - libxdamage1
38 | - libxext6
39 | - libxfixes3
40 | - libxi6
41 | - libxrandr2
42 | - libxrender1
43 | - libxss1
44 | - libxtst6
45 | - lsb-release
46 | - wget
47 | - xdg-utils
48 | - require:
49 | - cmd: apt-get-update
50 |
51 | # Create Chromedriver symlink
52 | /usr/local/bin/chrome:
53 | file.symlink:
54 | - target: /data/shop/development/current/vendor/bin/chrome
55 | - force: true
56 |
--------------------------------------------------------------------------------
/saltstack/base/docker/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup docker
3 | #
4 |
5 | include:
6 | - .install
7 |
--------------------------------------------------------------------------------
/saltstack/base/docker/install.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install docker-engine, docker-compose
3 | #
4 |
5 | docker.io:
6 | pkg.removed
7 |
8 | install-docker:
9 | pkg.installed:
10 | - name: docker-ce
11 |
12 | docker:
13 | service.dead:
14 | - enable: False
15 | - require:
16 | - pkg: install-docker
17 |
18 | # At the moment we need to get docker compose directly from github. If the release version is changed here,
19 | # the source_hash value must be updated as well.
20 | /usr/local/bin/docker-compose:
21 | file.managed:
22 | - source: https://github.com/docker/compose/releases/download/1.17.0/docker-compose-Linux-x86_64
23 | - source_hash: md5=9eeb33c3a8fc2ad7c1a6458e7e51403d
24 | - mode: 755
25 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/environments.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup for multiple environments of Spryker
3 | #
4 | # This implementation is Spryker-specific and it takes data from Spryker pillars
5 | # Instances created here are used by Spryker and are required for production use.
6 | # Each environment works on seperate elasticsearch instance.
7 | #
8 | {% from 'settings/init.sls' import settings with context %}
9 | {% from 'elasticsearch/macros/elasticsearch_instance.sls' import elasticsearch_instance with context %}
10 |
11 |
12 | /etc/logrotate.d/elasticsearch-instances:
13 | file.managed:
14 | - source: salt://elasticsearch/files/etc/logrotate.d/elasticsearch-instances
15 |
16 | {%- for environment, environment_details in pillar.environments.items() %}
17 | {{ elasticsearch_instance(environment, environment_details, settings) }}
18 | {%- endfor %}
19 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/files/elasticsearch_instance/etc/default/elasticsearch:
--------------------------------------------------------------------------------
1 | ES_HOME=/usr/share/elasticsearch
2 | PID_DIR=/var/run/elasticsearch
3 | ES_PATH_CONF=/etc/elasticsearch-{{ environment }}
4 | RESTART_ON_UPGRADE=true
5 | LOG_PATH=/data/logs/{{ environment }}/elasticsearch
6 | ES_JAVA_OPTS="-Des.path.logs/${LOG_PATH}"
7 | JAVA_HOME="/usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/jre"
8 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/files/elasticsearch_instance/etc/systemd/system/elasticsearch.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Elasticsearch ({{ environment }})
3 | Documentation=http://www.elastic.co
4 | Wants=network-online.target
5 | After=network-online.target
6 |
7 | [Service]
8 | EnvironmentFile=-/etc/default/elasticsearch-{{ environment }}
9 | WorkingDirectory=/usr/share/elasticsearch
10 | User=elasticsearch
11 | Group=elasticsearch
12 |
13 | #ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec
14 | ExecStartPre=/usr/bin/install -d ${PID_DIR} -m 755 -o elasticsearch -g elasticsearch
15 | ExecStart=/usr/share/elasticsearch/bin/elasticsearch \
16 | -p ${PID_DIR}/elasticsearch-{{ environment }}.pid \
17 | --quiet
18 |
19 | StandardOutput=journal
20 | StandardError=inherit
21 |
22 | LimitNOFILE=65535
23 | LimitNPROC=16384
24 | LimitMEMLOCK=infinity
25 | LimitAS=infinity
26 | LimitFSIZE=infinity
27 |
28 | TimeoutStopSec=0
29 | KillSignal=SIGTERM
30 | KillMode=process
31 | SendSIGKILL=no
32 | SuccessExitStatus=143
33 |
34 | [Install]
35 | WantedBy=multi-user.target
36 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/files/elasticsearch_instance/usr/lib/systemd/system/elasticsearch.service.d/10-limits.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | LimitNPROC=16384
3 | LimitMEMLOCK=infinity
4 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/files/etc/logrotate.d/elasticsearch-instances:
--------------------------------------------------------------------------------
1 | /data/logs/*/elasticsearch/*.log {
2 | daily
3 | missingok
4 | compress
5 | rotate 7
6 | dateext
7 | notifempty
8 | sharedscripts
9 | extension gz
10 | copytruncate
11 | }
12 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Elasticsearch - install
3 | #
4 | # This state performs elasticsearch installation and prepares instances for
5 | # spryker environments.
6 | #
7 |
8 | {%- if salt['pillar.get']('hosting:external_elasticsearch', '') == '' %}
9 | include:
10 | - .install
11 | - .environments
12 | # Include autoupdate if configured to do so
13 | {%- if salt['pillar.get']('autoupdate:elasticsearch', False) %}
14 | - .update
15 | {%- endif %}
16 | {%- endif %}
17 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/install.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install Elasticsearch and plugins configured in pillar
3 | #
4 |
5 | elasticsearch-requirements:
6 | pkg.installed:
7 | - pkgs:
8 | - adoptopenjdk-8-hotspot
9 | - policykit-1
10 |
11 | elasticsearch:
12 | pkg.installed:
13 | - version: {{ pillar.elasticsearch.version }}
14 | - require:
15 | - pkg: elasticsearch-requirements
16 |
17 | # Disable default elasticsearch service
18 | # Each environment will get its own ES instance running.
19 | #disable-elasticsearch-service:
20 | # service.dead:
21 | # - name: elasticsearch
22 | # - enable: False
23 |
24 | # For each plugin - we need to restart Elasticsearch service on each environment
25 | # This is not maintained anymore since elasticsearch 5.x
26 | #
27 | # {%- for shortname, plugin in salt['pillar.get']('elasticsearch:plugins', {}).items() %}
28 | # /usr/share/elasticsearch/bin/plugin install {% if plugin.url is defined %}{{ plugin.url }}{% else %}{{ plugin.name }}{% endif %}:
29 | # cmd.run:
30 | # - unless: test -d /usr/share/elasticsearch/plugins/{{ shortname }}
31 | # - require:
32 | # - pkg: elasticsearch
33 | # - watch_in:
34 | {%- for environment, environment_details in pillar.environments.items() %}
35 | {%- if 'skip_instance_setup' not in environment_details.elasticsearch %}
36 | - service: elasticsearch-{{ environment }}
37 | {%- endif %}
38 | {%- endfor %}
39 | # {%- endfor %}
40 |
--------------------------------------------------------------------------------
/saltstack/base/elasticsearch/update.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Update elasticsearch package
3 | #
4 | # Note: this state is included only if pillar setting autoupdate:elasticsearch is true
5 |
6 | update-elasticsearch:
7 | pkg.latest:
8 | - name: elasticsearch
9 |
--------------------------------------------------------------------------------
/saltstack/base/elk/filebeat.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install and configure filebeat log shipper
3 | #
4 |
5 | filebeat-install:
6 | pkg.installed:
7 | - name: filebeat
8 |
9 | filebeat-service:
10 | service.dead:
11 | - name: filebeat
12 | - enable: False
13 |
14 | /etc/filebeat/filebeat.yml:
15 | file.managed:
16 | - source: salt://elk/files/etc/filebeat/filebeat.yml
17 | - template: jinja
18 | - watch_in:
19 | - service: filebeat-service
20 |
--------------------------------------------------------------------------------
/saltstack/base/elk/files/etc/filebeat/filebeat.yml:
--------------------------------------------------------------------------------
1 | filebeat:
2 | registry_file: /var/lib/filebeat/registry
3 | prospectors:
4 | -
5 | paths:
6 | - "/data/shop/development/current/data/*/logs/YVES/*.log"
7 | input_type: "log"
8 | fields:
9 | application: "YVES"
10 | -
11 | paths:
12 | - "/data/shop/development/current/data/*/logs/ZED/*.log"
13 | input_type: "log"
14 | fields:
15 | application: "ZED"
16 | -
17 | paths:
18 | - "/data/shop/development/current/data/*/logs/application.log"
19 | input_type: "log"
20 |
21 | output:
22 | elasticsearch:
23 | hosts: ["localhost:10005"]
24 | protocol: "http"
25 | index: "logstash"
26 |
27 | shipper:
28 |
29 | logging:
30 | files:
31 | rotateeverybytes: 10485760 # = 10MB
32 |
--------------------------------------------------------------------------------
/saltstack/base/elk/files/etc/systemd/system/kibana.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Kibana
3 |
4 | [Service]
5 | Type=simple
6 | User=www-data
7 | Environment=NODE_ENV=production
8 | Environment=CONFIG_PATH=/opt/kibana/config/kibana.yml
9 | ExecStart=/opt/kibana/node/bin/node /opt/kibana/src/cli
10 |
11 | [Install]
12 | WantedBy=multi-user.target
13 |
--------------------------------------------------------------------------------
/saltstack/base/elk/files/opt/kibana/config/kibana.yml:
--------------------------------------------------------------------------------
1 | #
2 | # This file is maintained by salt!
3 | #
4 |
5 | server.host: "0.0.0.0"
6 | server.port: 5601
7 | #elasticsearch.url: "http://{{ pillar.elk.elasticsearch.host }}:{{ pillar.elk.elasticsearch.port }}"
8 | elasticsearch.hosts: ["http://{{ pillar.elk.elasticsearch.host }}:{{ pillar.elk.elasticsearch.port }}"]
9 | elasticsearch.ssl.verificationMode: none
10 | elasticsearch.preserveHost: true
11 | elasticsearch.requestTimeout: 300000
12 | elasticsearch.shardTimeout: 0
13 | kibana.index: ".kibana"
14 | kibana.defaultAppId: "discover"
15 |
--------------------------------------------------------------------------------
/saltstack/base/elk/init.sls:
--------------------------------------------------------------------------------
1 | include:
2 | - .filebeat
3 | - .kibana
4 |
5 |
--------------------------------------------------------------------------------
/saltstack/base/elk/kibana.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install Kibana
3 | #
4 |
5 | install-kibana:
6 | cmd.run:
7 | - name: cd /opt && wget -q https://artifacts.elastic.co/downloads/kibana/kibana-{{ pillar.elk.kibana.version }}-linux-x86_64.tar.gz && tar zxf kibana-{{ pillar.elk.kibana.version }}-*.tar.gz && rm -f kibana-{{ pillar.elk.kibana.version }}-*.tar.gz && chown -R www-data. /opt/kibana-{{ pillar.elk.kibana.version }}-linux-x86_64
8 | - unless: test -d /opt/kibana-{{ pillar.elk.kibana.version }}-linux-x86_64
9 |
10 | /opt/kibana:
11 | file.symlink:
12 | - target: /opt/kibana-{{ pillar.elk.kibana.version }}-linux-x86_64
13 | - require:
14 | - cmd: install-kibana
15 |
16 | /opt/kibana/config/kibana.yml:
17 | file.managed:
18 | - source: salt://elk/files/opt/kibana/config/kibana.yml
19 | - template: jinja
20 | - require:
21 | - file: /opt/kibana
22 | - watch_in:
23 | - service: kibana
24 |
25 | /etc/systemd/system/kibana.service:
26 | file.managed:
27 | - source: salt://elk/files/etc/systemd/system/kibana.service
28 | - template: jinja
29 |
30 | kibana:
31 | service.running:
32 | - enable: True
33 | - require:
34 | - file: /etc/systemd/system/kibana.service
35 | - file: /opt/kibana/config/kibana.yml
36 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/claranet.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Provider-specific configuration for hoster: Claranet
3 | #
4 | # Vagrant actually does not need any hoster-specific configuration.
5 | # This file can be used as an empty placeholder for creating another hoster
6 | # configurations.
7 |
8 | # Firewall: we don't use it, but let's install UFW package
9 | ufw:
10 | pkg.installed
11 |
12 | # Networking configuration: setup /etc/hosts, dns configuration
13 | /etc/resolv.conf:
14 | file.managed:
15 | - source: salt://hosting/files/vagrant/etc/resolv.conf
16 |
17 | #/etc/hosts:
18 | # file.managed:
19 | # - source: salt://hosting/files/vagrant/etc/hosts
20 | # - template: jinja
21 |
22 | # Disk drives: nothing to do, we're just using easy vagrant setup
23 |
24 | # Monitoring: nothing to do
25 |
26 | # Backup: nothing to do
27 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/files/rackspace/etc/sudoers.d/rackspace-support:
--------------------------------------------------------------------------------
1 | # Rackspace support user - allow to execute any command without password authentication
2 | rack ALL=(ALL) NOPASSWD: ALL
3 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/files/simple/etc/hosts:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt
2 |
3 | # IPv4 loopback
4 | 127.0.0.1 localhost
5 |
6 | {%- for environment, environment_details in pillar.environments.items() %}{%- if loop.first %}
7 | {%- for store in pillar.stores %}
8 | 127.0.0.1 {{ settings.environments[environment].stores[store].zed.hostname }}
9 | {%- endfor %}
10 | {%- endif %}{%- endfor %}
11 |
12 | # The following lines are desirable for IPv6 capable hosts
13 | ::1 localhost ip6-localhost ip6-loopback
14 | ff02::1 ip6-allnodes
15 | ff02::2 ip6-allrouters
--------------------------------------------------------------------------------
/saltstack/base/hosting/files/simple/etc/resolv.conf:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt
2 | nameserver 8.8.8.8
3 | nameserver 8.8.4.4
4 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/files/vagrant/etc/hosts:
--------------------------------------------------------------------------------
1 | {% from 'settings/init.sls' import settings with context %}
2 | # This file is managed by Salt
3 |
4 | # IPv4 loopback
5 | 127.0.0.1 localhost
6 | 127.0.0.2 spryker-vagrant
7 |
8 | {%- for environment, environment_details in pillar.environments.items() %}{%- if loop.first %}
9 | {%- for store in pillar.stores %}
10 | 127.0.0.1 {{ settings.environments[environment].stores[store].zed.hostname }}
11 | {%- endfor %}
12 | {%- endif %}{%- endfor %}
13 |
14 | # The following lines are desirable for IPv6 capable hosts
15 | ::1 localhost ip6-localhost ip6-loopback
16 | ff02::1 ip6-allnodes
17 | ff02::2 ip6-allrouters
18 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/files/vagrant/etc/resolv.conf:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt
2 | nameserver 8.8.8.8
3 | nameserver 8.8.4.4
4 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/filesystem.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup filesystems
3 | #
4 | # This salt state can be useful in cloud setup, where we have several block
5 | # devices attached to the machines and need to format them.
6 | #
7 | #
8 |
9 | {% for fs, fs_details in pillar.get('filesystems', {}).items() %}
10 | create-fs-{{ fs }}:
11 | cmd.run:
12 | - name: mkfs -t {{ fs_details.filesystem }} {{ fs_details.disk }}{{ fs_details.partition }}
13 | - onlyif: test -b {{ fs_details.disk }} && parted {{ fs_details.disk }} print | grep '^ *{{ fs_details.partition }}.*GB' | grep -v '{{ fs_details.filesystem }}'
14 | - requires:
15 | - pkg: filesystem-tools
16 |
17 | {{ fs_details.mount_point }}:
18 | file.directory
19 |
20 | fstab-for-{{ fs }}:
21 | file.append:
22 | - name: /etc/fstab
23 | - text: {{ fs_details.disk }}{{ fs_details.partition }} {{ fs_details.mount_point }} {{ fs_details.filesystem }} {{ fs_details.mount_options }} 0 1
24 | - require:
25 | - file: {{ fs_details.mount_point }}
26 | - cmd: create-fs-{{ fs }}
27 |
28 | mount-fs-{{ fs }}:
29 | cmd.wait:
30 | - name: mount {{ fs_details.mount_point }}
31 | - watch:
32 | - file: fstab-for-{{ fs }}
33 | - requires:
34 | - file: {{ fs_details.mount_point }}
35 | {% endfor %}
36 |
37 | {% for path, details in pillar.get('swap', {}).items() %}
38 | init-swap-{{ path }}:
39 | cmd.run:
40 | - name: dd if=/dev/zero of={{ path }} bs=1048576 count={{ details.size }} && mkswap {{ path }}
41 | - unless: test -f {{ path }}
42 |
43 | fstab-for-swap-{{ path }}:
44 | file.append:
45 | - name: /etc/fstab
46 | - text: {{ path }} none swap sw 0 0
47 | - require:
48 | - cmd: init-swap-{{ path }}
49 |
50 | mount-swap-{{ path }}:
51 | cmd.wait:
52 | - name: swapon {{ path }}
53 | - watch:
54 | - file: fstab-for-swap-{{ path }}
55 | {% endfor %}
56 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/firewall.sls:
--------------------------------------------------------------------------------
1 | ufw:
2 | pkg.installed
3 |
4 | {% from 'hosting/macros/firewall/ufw.sls' import ufw_rule with context %}
5 |
6 | ufw enable:
7 | cmd.run:
8 | - unless: "ufw status| grep 'Status: active'"
9 |
10 | ufw default deny:
11 | cmd.run:
12 | - name: "ufw default deny"
13 | # firewall rules
14 | {{ ufw_rule('allow proto tcp from any to any port 2200', '2200/tcp')}}
15 | {{ ufw_rule('allow 4505/tcp', '4505/tcp') }}
16 | {{ ufw_rule('allow 4506/tcp', '4506/tcp') }}
17 | {{ ufw_rule('allow from 127.0.0.1', '127.0.0.1') }}
18 | {{ ufw_rule('allow 443/tcp', '443/tcp') }}
19 | {{ ufw_rule('allow 80/tcp', '80/tcp') }}
20 | {{ ufw_rule('allow proto tcp from any to any port 22', '22/tcp')}}
21 |
22 | force --force enable:
23 | cmd.run:
24 | - name: "ufw --force enable"
--------------------------------------------------------------------------------
/saltstack/base/hosting/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Hoster-dependant settings
3 | # If we have a hosting pillar item set up, then we include the state here
4 | #
5 |
6 | include:
7 | - .{{ pillar.hosting.provider }}
8 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/macros/firewall/ufw.sls:
--------------------------------------------------------------------------------
1 | {% macro ufw_rule(rule, grep_pattern) -%}
2 | ufw {{ rule }}:
3 | cmd.run:
4 | - unless: "ufw status | grep {{ grep_pattern }}"
5 | {%- endmacro %}
--------------------------------------------------------------------------------
/saltstack/base/hosting/rackspace.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Rackspace-specific hoster packages (monitoring and backup)
3 | #
4 |
5 | # Firewall: UFW package
6 | ufw:
7 | pkg.installed
8 |
9 | # Networking configuration: nothing to do
10 |
11 | # Disk drives: if machines have grains with list of filesystems, those will be prepared by the included state
12 | include:
13 | - .filesystem
14 |
15 |
16 | # Monitoring
17 | rackspace-monitoring:
18 | pkgrepo.managed:
19 | - humanname: Rackspace monitoring tools
20 | - name: deb http://stable.packages.cloudmonitoring.rackspace.com/debian-{{ grains.lsb_distrib_codename }}-x86_64 cloudmonitoring main
21 | - file: /etc/apt/sources.list.d/rackspace-monitoring.list
22 | - key_url: https://monitoring.api.rackspacecloud.com/pki/agent/linux.asc
23 | - require_in:
24 | - pkg: rackspace-monitoring-agent
25 |
26 | rackspace-monitoring-agent:
27 | pkg.installed
28 |
29 | setup-rackspace-monitoring-agent:
30 | cmd.run:
31 | - name: rackspace-monitoring-agent --setup --username {{ pillar.rackspace.username }} --apikey {{ pillar.rackspace.apikey }} && service rackspace-monitoring-agent restart
32 | - unless: test -f /etc/rackspace-monitoring-agent.cfg
33 | - requires:
34 | - pkg: rackspace-monitoring-agent
35 |
36 | # Backup
37 | rackspace-backup:
38 | pkgrepo.managed:
39 | - humanname: Rackspace backup agent
40 | - name: deb [arch=amd64] http://agentrepo.drivesrvr.com/debian/ serveragent main
41 | - file: /etc/apt/sources.list.d/rackspace-backup.list
42 | - key_url: http://agentrepo.drivesrvr.com/debian/agentrepo.key
43 | - require_in:
44 | - pkg: driveclient
45 |
46 | driveclient:
47 | pkg.installed
48 |
49 | setup-rackspace-backup-agent:
50 | cmd.run:
51 | - name: /usr/local/bin/driveclient --configure -u {{ pillar.rackspace.username }} -k {{ pillar.rackspace.apikey }} -t LON && service driveclient restart && update-rc.d driveclient defaults
52 | - unless: test -f /var/run/driveclient.pid
53 | - requires:
54 | - pkg: driveclient
55 |
56 | # Support access
57 | /etc/sudoers.d/rackspace-support:
58 | file.managed:
59 | - source: salt://hosting/files/rackspace/etc/sudoers.d/rackspace-support
60 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/simple.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Provider-specific configuration for hoster: simple
3 | #
4 | # This provider provide a basic setup for a single machine setup which comes wit a pre configured image as provided by
5 | # managed servers
6 |
7 | include:
8 | - .firewall
9 |
10 | # Networking configuration: setup /etc/hosts, dns configuration
11 | /etc/resolv.conf:
12 | file.managed:
13 | - source: salt://hosting/files/simple/etc/resolv.conf
14 |
15 | /etc/hosts:
16 | file.managed:
17 | - source: salt://hosting/files/simple/etc/hosts
18 | - template: jinja
19 |
20 | # Monitoring: nothing to do
21 |
22 | # Backup: nothing to do
23 |
--------------------------------------------------------------------------------
/saltstack/base/hosting/vagrant.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Provider-specific configuration for hoster: Vagrant
3 | #
4 | # Vagrant actually does not need any hoster-specific configuration.
5 | # This file can be used as an empty placeholder for creating another hoster
6 | # configurations.
7 |
8 | # Firewall: we don't use it, but let's install UFW package
9 | ufw:
10 | pkg.installed
11 |
12 | # Networking configuration: setup /etc/hosts, dns configuration
13 | ##/etc/resolv.conf:
14 | ## file.managed:
15 | ## - source: salt://hosting/files/vagrant/etc/resolv.conf
16 |
17 | # Hosts file: nothing to do, we rely on vagrant-hostmanager
18 |
19 | # Disk drives: nothing to do, we're just using easy vagrant setup
20 |
21 | # Monitoring: nothing to do
22 |
23 | # Backup: nothing to do
24 |
--------------------------------------------------------------------------------
/saltstack/base/java/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install Java Runtime Environment - OpenJDK version 8
3 | #
4 |
5 | java:
6 | pkg.installed:
7 | - name: adoptopenjdk-8-hotspot
8 |
--------------------------------------------------------------------------------
/saltstack/base/jenkins/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # This state downloads and prepares to run jenkins.
3 | #
4 |
5 | include:
6 | - .install
7 | # Include autoupdate if configured to do so
8 | {% if salt['pillar.get']('autoupdate:jenkins', False) %}
9 | - .update
10 | {% endif %}
11 |
--------------------------------------------------------------------------------
/saltstack/base/jenkins/install.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install package, remove default service
3 | #
4 |
5 | # Here we use specific version of the package to avoid auth issues with Jenkins 2.0
6 | # The original repository seems to be very slow... Therefore using Spryker mirror of:
7 | # http://pkg.jenkins-ci.org/debian-stable/binary/jenkins_1.651.3_all.deb
8 | jenkins:
9 | pkg.installed:
10 | - hold: True
11 | - sources:
12 | - jenkins: https://u220427-sub1:PpiiHzuF2OIUzmcH@u220427-sub1.your-storagebox.de/jenkins_1.651.3_all.deb
13 |
14 | disable-jenkins-service:
15 | service.dead:
16 | - name: jenkins
17 | - enable: False
18 | - require:
19 | - pkg: jenkins
20 |
21 | # Make sure that www-data can unpack jenkins war file
22 | /var/cache/jenkins:
23 | file.directory:
24 | - user: www-data
25 | - group: www-data
26 | - mode: 775
27 | - recurse:
28 | - user
29 | - group
30 | - require:
31 | - pkg: jenkins
32 |
--------------------------------------------------------------------------------
/saltstack/base/jenkins/update.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Update jenkins package
3 | #
4 | # Note: this state is included only if pillar setting autoupdate:jenkins is true
5 |
6 | update-jenkins:
7 | pkg.latest:
8 | - name: jenkins
9 |
--------------------------------------------------------------------------------
/saltstack/base/mysql-server/dependencies.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Dependencies for salt for managing mysql resources
3 | #
4 |
5 | python3-mysqldb:
6 | pkg.installed
7 |
8 |
--------------------------------------------------------------------------------
/saltstack/base/mysql-server/files/etc/mysql/conf.d/binlog.cnf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | [mysqld]
6 | # log_bin = /data/mysql/logs/binlogs
7 | expire_logs_days = 3
8 | sync_binlog = 1
9 | max_binlog_size = 512M
10 | binlog_ignore_db = mysql
11 | log_slave_updates
12 | binlog_format = mixed
13 |
--------------------------------------------------------------------------------
/saltstack/base/mysql-server/files/etc/mysql/conf.d/strict.cnf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | [mysqld]
6 | sql_mode = STRICT_ALL_TABLES
7 |
--------------------------------------------------------------------------------
/saltstack/base/mysql-server/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Prepare local development MySQL server
3 | #
4 |
5 | include:
6 | {%- if salt['pillar.get']('hosting:external_mysql', '') == '' %}
7 | - .setup
8 | {%- endif %}
9 | - .dependencies
10 | - .credentials
11 | # Include autoupdate if configured to do so
12 | {%- if salt['pillar.get']('hosting:external_mysql', '') == '' %}
13 | {%- if salt['pillar.get']('autoupdate:mysql', False) %}
14 | - .update
15 | {%- endif %}
16 | {%- endif %}
17 |
--------------------------------------------------------------------------------
/saltstack/base/mysql-server/setup.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install and configure local MySQL server for development / QA
3 | # For production setup, a high-available solution or DBaaS (database-as-a-service) should be used
4 | #
5 |
6 | mysql-server:
7 | pkg.installed:
8 | - pkgs:
9 | - mariadb-server
10 | - mariadb-client
11 | - mariadb-backup
12 | - software-properties-common
13 | - dirmngr
14 |
15 | mysqld:
16 | service.running:
17 | - enable: True
18 | - watch:
19 | - pkg: mysql-server
20 | - file: /etc/mysql/my.cnf
21 |
22 | /etc/mysql/my.cnf:
23 | file.managed:
24 | - source: salt://mysql-server/files/etc/mysql/my.cnf
25 | - template: jinja
26 |
27 | /etc/mysql/conf.d/strict.cnf:
28 | file.managed:
29 | - source: salt://mysql-server/files/etc/mysql/conf.d/strict.cnf
30 |
--------------------------------------------------------------------------------
/saltstack/base/mysql-server/update.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Update mysql package
3 | #
4 | # Note: this state is included only if pillar setting autoupdate:mysql is true
5 |
6 | update-mysql:
7 | pkg.latest:
8 | - name: mariadb-server
9 |
--------------------------------------------------------------------------------
/saltstack/base/newrelic/init.sls:
--------------------------------------------------------------------------------
1 | # Todo implement me
2 |
3 |
--------------------------------------------------------------------------------
/saltstack/base/newrelic/php.sls:
--------------------------------------------------------------------------------
1 | # Todo: implement me
2 |
3 |
--------------------------------------------------------------------------------
/saltstack/base/nginx/files/etc/nginx/conf.d/allow-ip.conf:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt!
2 | #
3 | # The list of IP addresses allowed to access services directly (without http auth).
4 | # This is required for internal Yves -> Zed communication and Load Balancers health checks.
5 | # Please include all server IP's or networks.
6 |
7 | satisfy any;
8 |
9 | {%- for network in salt['pillar.get']("hosting:http_auth_whitelist", ["127.0.0.1/32"]) %}
10 | allow {{ network }};
11 | {%- endfor %}
12 |
--------------------------------------------------------------------------------
/saltstack/base/nginx/files/etc/nginx/conf.d/logformat.conf:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt!
2 | # Custom logging format with X-Forwarded-For header handling
3 |
4 | log_format extended '$remote_addr $http_x_forwarded_for $http_host $remote_user [$time_local] '
5 | '"$request" $status $body_bytes_sent '
6 | '"$http_referer" "$http_user_agent"';
7 |
--------------------------------------------------------------------------------
/saltstack/base/nginx/files/etc/nginx/conf.d/real-ip.conf:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt!
2 | # For requsts coming from loadbalancers (IP's below),
3 | # use X-Forwarded-For header value to determine real client's IP
4 |
5 | set_real_ip_from 127.0.0.1;
6 | set_real_ip_from 10.0.0.0/8;
7 | set_real_ip_from 172.16.0.0/12;
8 | set_real_ip_from 192.168.0.0/16;
9 | real_ip_header "X-Forwarded-For";
10 |
--------------------------------------------------------------------------------
/saltstack/base/nginx/files/etc/nginx/fastcgi_params:
--------------------------------------------------------------------------------
1 | ###
2 | ### This file is maintained by salt
3 | ###
4 |
5 | fastcgi_param QUERY_STRING $query_string;
6 | fastcgi_param REQUEST_METHOD $request_method;
7 | fastcgi_param CONTENT_TYPE $content_type;
8 | fastcgi_param CONTENT_LENGTH $content_length;
9 |
10 | fastcgi_param SCRIPT_FILENAME $request_filename;
11 | fastcgi_param SCRIPT_NAME $fastcgi_script_name;
12 | fastcgi_param REQUEST_URI $request_uri;
13 | fastcgi_param DOCUMENT_URI $document_uri;
14 | fastcgi_param DOCUMENT_ROOT $document_root;
15 | fastcgi_param SERVER_PROTOCOL $server_protocol;
16 |
17 | fastcgi_param GATEWAY_INTERFACE CGI/1.1;
18 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
19 |
20 | fastcgi_param REMOTE_ADDR $remote_addr;
21 | fastcgi_param REMOTE_PORT $remote_port;
22 | fastcgi_param SERVER_ADDR $server_addr;
23 | fastcgi_param SERVER_PORT $server_port;
24 | fastcgi_param SERVER_NAME $server_name;
25 |
26 | # PHP only, required if PHP was built with --enable-force-cgi-redirect
27 | fastcgi_param REDIRECT_STATUS 200;
28 |
29 | # Are we using ssl? Backward compatibility env, to emulate Apache.
30 | # According to RFC, app should take a look at "X-Forwarded-Proto" header to deterimine if SSL is on.
31 | if ($http_x_forwarded_proto = "https") {
32 | set $have_https on;
33 | }
34 | fastcgi_param HTTPS $have_https;
35 |
36 | # Pass request start time to CGI script - NewRelic uses this to monitor queue wait time
37 | fastcgi_param HTTP_X_REQUEST_START "t=${msec}";
38 |
--------------------------------------------------------------------------------
/saltstack/base/nginx/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install NginX webserver, setup global configuration
3 | #
4 |
5 | # Install package and setup service
6 | install-nginx:
7 | pkg.installed:
8 | - pkgs:
9 | - nginx-extras
10 | - libnginx-mod-http-headers-more-filter
11 |
12 | # Apache Utilities - for tools like ab, htpasswd
13 | apache2-utils:
14 | pkg.installed
15 |
16 | # Main nginx configurationf file
17 | /etc/nginx/nginx.conf:
18 | file.managed:
19 | - source: salt://nginx/files/etc/nginx/nginx.conf
20 | - template: jinja
21 | - require:
22 | - pkg: install-nginx
23 | - watch_in:
24 | - service: nginx
25 |
26 | # Global includes
27 | /etc/nginx/conf.d:
28 | file.recurse:
29 | - source: salt://nginx/files/etc/nginx/conf.d
30 | - template: jinja
31 | - require:
32 | - pkg: install-nginx
33 | - watch_in:
34 | - service: nginx
35 |
36 | # FastCGI parameters
37 | /etc/nginx/fastcgi_params:
38 | file.managed:
39 | - source: salt://nginx/files/etc/nginx/fastcgi_params
40 | - require:
41 | - pkg: install-nginx
42 | - watch_in:
43 | - service: nginx
44 |
45 | # Create directory for SSL certificates
46 | /etc/nginx/ssl:
47 | file.directory:
48 | - user: root
49 | - group: www-data
50 | - mode: 640
51 | - require:
52 | - pkg: install-nginx
53 |
54 | # Delete default vhost
55 | /etc/nginx/sites-enabled/default:
56 | file.absent:
57 | - require:
58 | - pkg: install-nginx
59 | - watch_in:
60 | - service: nginx
61 |
62 | # service
63 | nginx:
64 | service.running:
65 | - require:
66 | - pkg: install-nginx
67 | - file: /etc/nginx/nginx.conf
68 |
--------------------------------------------------------------------------------
/saltstack/base/nodejs/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install NodeJS and Yarn package manager
3 | #
4 |
5 | python3-psutil:
6 | pkg.installed
7 |
8 | nodejs:
9 | pkg.installed:
10 | - require:
11 | - pkg: python3-psutil
12 |
13 | yarn:
14 | pkg.installed
15 |
16 | include:
17 | - .nvm
18 | # Include autoupdate if configured to do so
19 | {% if salt['pillar.get']('autoupdate:nodejs', False) %}
20 | - .update
21 | {% endif %}
22 |
--------------------------------------------------------------------------------
/saltstack/base/nodejs/nvm.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install NVM
3 | #
4 |
5 | /opt/nvm:
6 | file.directory:
7 | - user: vagrant
8 | - group: vagrant
9 |
10 | # Run git manually because of a bug: https://github.com/saltstack/salt/issues/54817
11 | clone-nvm:
12 | cmd.run:
13 | - name: git clone https://github.com/nvm-sh/nvm.git /opt/nvm
14 | - unless: test -d /opt/nvm
15 | - runas: vagrant
16 |
17 | nvm_profile:
18 | file.blockreplace:
19 | - name: /etc/profile
20 | - marker_start: "#> Saltstack Managed Configuration NVM START <#"
21 | - marker_end: "#> Saltstack Managed Configuration NVM END <#"
22 | - append_if_not_found: true
23 | - content: |
24 | if [ -f "/opt/nvm/nvm.sh" ]; then
25 | source /opt/nvm/nvm.sh
26 | fi
27 |
--------------------------------------------------------------------------------
/saltstack/base/nodejs/update.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Update nodejs package
3 | #
4 | # Note: this state is included only if pillar setting autoupdate:nodejs is true
5 |
6 | update-nodejs:
7 | pkg.latest:
8 | - name: nodejs
9 |
--------------------------------------------------------------------------------
/saltstack/base/php/composer.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Download composer
3 | #
4 |
5 | download-composer:
6 | cmd.run:
7 | - name: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
8 | - unless: test -f /usr/local/bin/composer
9 | - require:
10 | - pkg: php
11 |
--------------------------------------------------------------------------------
/saltstack/base/php/config.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Set php.ini configuration files
3 | #
4 |
5 | # Web apps (FPM)
6 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/fpm/php.ini:
7 | file.managed:
8 | - source: salt://php/files/etc/php/{{ salt['pillar.get']('php:major_version') }}/php.ini
9 | - require:
10 | - pkg: php
11 |
12 | # CLI
13 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/cli/php.ini:
14 | file.managed:
15 | - source: salt://php/files/etc/php/{{ salt['pillar.get']('php:major_version') }}/php.ini
16 | - require:
17 | - pkg: php
18 |
--------------------------------------------------------------------------------
/saltstack/base/php/dependencies.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Dependency packages for php extensions
3 | #
4 |
5 | {% set mysql_client_libs_package_name = {
6 | 'buster': 'libmariadbclient18',
7 | 'stretch': 'libmariadbclient18',
8 | 'wheezy': 'libmysqlclient18',
9 | 'jessie': 'libmysqlclient18',
10 | }.get(grains.lsb_distrib_codename) %}
11 |
12 | php-extension-dependencies:
13 | pkg.installed:
14 | - pkgs:
15 | - pkg-config
16 | - mariadb-common
17 | - {{ mysql_client_libs_package_name }}
18 |
--------------------------------------------------------------------------------
/saltstack/base/php/extensions.sls:
--------------------------------------------------------------------------------
1 | #
2 | # PHP Extensions:
3 | # - install extensions not provided by deb repositories
4 | # - configure extensions
5 | #
6 | {% from 'php/macros/php_module.sls' import php_module with context %}
7 |
8 | #
9 | # If pillar enables xdebug - install and configure it
10 | #
11 | {% if salt['pillar.get']('php:install_xdebug', False) %}
12 | xdebug:
13 | pkg.installed:
14 | - name: php-xdebug
15 |
16 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/mods-available/xdebug.ini:
17 | file.managed:
18 | - source: salt://php/files/etc/php/{{ salt['pillar.get']('php:major_version') }}/mods-available/xdebug.ini
19 | - user: root
20 | - group: root
21 | - mode: 644
22 | - require:
23 | - pkg: xdebug
24 |
25 | {{ php_module('xdebug', salt['pillar.get']('php:enable_xdebug', False), 'fpm') }}
26 | {{ php_module('xdebug', salt['pillar.get']('php:enable_xdebug', True), 'cli') }}
27 | {% endif %}
28 |
29 | #
30 | # Configure Zend OpCache extension
31 | #
32 |
33 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/mods-available/opcache.ini:
34 | file.managed:
35 | - source: salt://php/files/etc/php/{{ salt['pillar.get']('php:major_version') }}/mods-available/opcache.ini
36 | - template: jinja
37 | - user: root
38 | - group: root
39 | - mode: 644
40 |
41 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/cli/conf.d/05-opcache.ini:
42 | file.absent
43 |
44 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/fpm/conf.d/05-opcache.ini:
45 | file.absent
46 |
47 | /var/lib/php/modules/{{ salt['pillar.get']('php:major_version') }}/cli/enabled_by_maint/opcache:
48 | file.absent
49 |
50 | /var/lib/php/modules/{{ salt['pillar.get']('php:major_version') }}/fpm/enabled_by_maint/opcache:
51 | file.absent
52 |
53 | /var/tmp/opcache:
54 | file.directory:
55 | - user: root
56 | - group: root
57 | - mode: 1777
58 |
59 | {{ php_module('opcache', salt['pillar.get']('php:enable_opcache', False), 'fpm') }}
60 | {{ php_module('opcache', salt['pillar.get']('php:enable_opcache', False), 'cli') }}
61 |
--------------------------------------------------------------------------------
/saltstack/base/php/files/etc/php/8.0/fpm/php-fpm.conf:
--------------------------------------------------------------------------------
1 | ;;;
2 | ;;; This file is maintained by salt
3 | ;;;
4 |
5 | [global]
6 | pid = /var/run/php8.0-fpm.pid
7 | error_log = /data/logs/php8.0-fpm.log
8 | log_level = notice
9 | include=/etc/php/8.0/fpm/pool.d/*.conf
10 |
--------------------------------------------------------------------------------
/saltstack/base/php/files/etc/php/8.0/mods-available/opcache.ini:
--------------------------------------------------------------------------------
1 | ; configuration for php opcache module
2 | ; priority=10
3 | zend_extension=opcache.so
4 | {%- if salt['pillar.get']('php:enable_opcache', True) %}
5 | opcache.enable=1
6 | {%- else %}
7 | opcache.enable=0
8 | {%- endif %}
9 | opcache.enable_cli=0
10 | opcache.file_cache=/var/tmp/opcache
11 | opcache.max_accelerated_files=8192
12 | opcache.memory_consumption=256
13 | opcache.interned_strings_buffer=16
14 | opcache.fast_shutdown=1
15 | {% if 'dev' in salt['grains.get']('roles', []) %}
16 | ; Check if file updated each 2 seconds - for development
17 | opcache.revalidate_freq=2
18 | {% else -%}
19 | ; Check if file updated each 60 seconds - for production
20 | ; To force file reload (e.g. on deployment) - restart php7.4-fpm
21 | opcache.revalidate_freq=60
22 | {%- endif -%}
23 |
24 | ; Workaround for PHP 7.4 bug
25 | ; https://bugs.php.net/bug.php?id=76029
26 | opcache.optimization_level=0
27 |
--------------------------------------------------------------------------------
/saltstack/base/php/files/etc/php/8.0/mods-available/xdebug.ini:
--------------------------------------------------------------------------------
1 | zend_extension=xdebug.so
2 | xdebug.mode=debug
3 | xdebug.client_host=10.0.240.1
4 | xdebug.client_port=9000
5 | # This is needed to prevent max recursion exeception when Twig templates are very complicated
6 | # xdebug.max_nesting_level=1000
--------------------------------------------------------------------------------
/saltstack/base/php/files/etc/systemd/system/php8.0-fpm.service.d/spryker-env.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | ExecStartPre=/bin/mkdir -p /data/logs
3 | EnvironmentFile=/etc/spryker-vm-env
4 |
--------------------------------------------------------------------------------
/saltstack/base/php/fpm.sls:
--------------------------------------------------------------------------------
1 | #
2 | # General PHP-FPM configuration
3 | #
4 |
5 | # FPM global configuration file
6 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/fpm/php-fpm.conf:
7 | file.managed:
8 | - source: salt://php/files/etc/php/{{ salt['pillar.get']('php:major_version') }}/fpm/php-fpm.conf
9 |
10 | # Remove the default pool
11 | /etc/php/{{ salt['pillar.get']('php:major_version') }}/fpm/pool.d/www.conf:
12 | file.absent
13 |
14 | # VM-specific environments via systemd dropin via EnvironmentFile
15 | /etc/systemd/system/php{{ salt['pillar.get']('php:major_version') }}-fpm.service.d/spryker-env.conf:
16 | file.managed:
17 | - makedirs: True
18 | - source: salt://php/files/etc/systemd/system/php{{ salt['pillar.get']('php:major_version') }}-fpm.service.d/spryker-env.conf
19 | - watch_in:
20 | - cmd: fpm-reload-systemd
21 |
22 | # Make sure that the vm environment file exists (is at least empty) for systemd EnvironmentFile
23 | /etc/spryker-vm-env:
24 | file.managed:
25 | - replace: False
26 | - content: ''
27 | - require_in:
28 | - cmd: fpm-reload-systemd
29 |
30 | # Reload service on changes
31 | fpm-reload-systemd:
32 | cmd.wait:
33 | - name: systemctl daemon-reload
34 |
35 | # Enable or disable FPM service
36 | php{{ salt['pillar.get']('php:major_version') }}-fpm:
37 | service:
38 | {#% if 'web' in grains.roles %#}
39 | - running
40 | - enable: True
41 | {#% else %#}
42 | # - dead
43 | # - enable: False
44 | {#% endif %#}
45 |
--------------------------------------------------------------------------------
/saltstack/base/php/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup PHP environment
3 | #
4 |
5 | include:
6 | - .dependencies
7 | - .install
8 | - .config
9 | - .extensions
10 | - .composer
11 | - .fpm
12 | # Include autoupdate if configured to do so
13 | {% if salt['pillar.get']('autoupdate:php', False) %}
14 | - .update
15 | {% endif %}
16 |
--------------------------------------------------------------------------------
/saltstack/base/php/install.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install PHP and modules available from operating system distribution
3 | #
4 |
5 | php:
6 | pkg.installed:
7 | - pkgs:
8 | - php{{ salt['pillar.get']('php:major_version') }}-dev
9 | - php{{ salt['pillar.get']('php:major_version') }}-bcmath
10 | - php{{ salt['pillar.get']('php:major_version') }}-bz2
11 | - php{{ salt['pillar.get']('php:major_version') }}-cli
12 | - php{{ salt['pillar.get']('php:major_version') }}-fpm
13 | - php{{ salt['pillar.get']('php:major_version') }}-curl
14 | - php{{ salt['pillar.get']('php:major_version') }}-gd
15 | - php{{ salt['pillar.get']('php:major_version') }}-gmp
16 | - php{{ salt['pillar.get']('php:major_version') }}-intl
17 | - php{{ salt['pillar.get']('php:major_version') }}-mbstring
18 | - php{{ salt['pillar.get']('php:major_version') }}-mysql
19 | - php{{ salt['pillar.get']('php:major_version') }}-pgsql
20 | - php{{ salt['pillar.get']('php:major_version') }}-sqlite3
21 | - php{{ salt['pillar.get']('php:major_version') }}-xml
22 | - php{{ salt['pillar.get']('php:major_version') }}-zip
23 | - php{{ salt['pillar.get']('php:major_version') }}-opcache
24 | - php-igbinary
25 | - php-imagick
26 | - php-memcached
27 | - php-msgpack
28 | - php-redis
29 | - php-ssh2
30 |
--------------------------------------------------------------------------------
/saltstack/base/php/macros/php_module.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Macro: Enable or disable PHP module
3 | #
4 |
5 | {% macro php_module(name, enable, sapi) -%}
6 | {% if enable %}
7 | enable-php-module-{{ name }}-for-{{ sapi }}:
8 | cmd.run:
9 | - name: phpenmod -v {{ salt['pillar.get']('php:major_version') }} -s {{ sapi }} {{ name }}
10 | - unless: phpquery -v {{ salt['pillar.get']('php:major_version') }} -s {{ sapi }} -m {{ name }}
11 | - require:
12 | - file: /etc/php/{{ salt['pillar.get']('php:major_version') }}/mods-available/{{ name }}.ini
13 | {% else %}
14 | disable-php-module-{{ name }}-for-{{ sapi }}:
15 | cmd.run:
16 | - name: phpdismod -v {{ salt['pillar.get']('php:major_version') }} -s {{ sapi }} {{ name }}
17 | - onlyif: phpquery -v {{ salt['pillar.get']('php:major_version') }} -s {{ sapi }} -m {{ name }}
18 | {% endif %}
19 |
20 | {% endmacro %}
21 |
--------------------------------------------------------------------------------
/saltstack/base/php/update.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Update PHP package
3 | #
4 | # Note: this state is included only if pillar setting autoupdate:php is true
5 |
6 | # Update php packages. We have to specify here phpX.X, phpX.X-common (to force
7 | # upgrading php extensions installed via debian packages) and phpX.X-fpm
8 | # (to workaround debian package system installing libapache2-mod-phpX.X)
9 | update-php:
10 | pkg.latest:
11 | - pkgs:
12 | - php{{ salt['pillar.get']('php:major_version') }}-fpm
13 | - php{{ salt['pillar.get']('php:major_version') }}-common
14 | - php{{ salt['pillar.get']('php:major_version') }}-dev
15 |
--------------------------------------------------------------------------------
/saltstack/base/postfix/config.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Configuratiuon files for local postfix server
3 | #
4 |
5 | # Main configuration file
6 | /etc/postfix/main.cf:
7 | file.managed:
8 | - source: salt://postfix/files/etc/postfix/main.cf
9 | - template: jinja
10 | - user: root
11 | - group: root
12 | - mode: 644
13 | - require:
14 | - pkg: postfix
15 | - watch_in:
16 | - service: postfix
17 |
18 | # Hostname for outgoing mails
19 | /etc/mailname:
20 | file.managed:
21 | - source: salt://postfix/files/etc/mailname
22 | - template: jinja
23 | - user: root
24 | - group: root
25 | - mode: 644
26 |
27 | # SASL authentication for using third-party relays with authentication
28 | /etc/postfix/sasl_passwd:
29 | file.managed:
30 | - source: salt://postfix/files/etc/postfix/sasl_passwd
31 | - template: jinja
32 | - user: root
33 | - group: root
34 | - mode: 644
35 |
36 | run-postmap:
37 | cmd.wait:
38 | - name: /usr/sbin/postmap /etc/postfix/sasl_passwd
39 | - cwd: /
40 | - watch:
41 | - file: /etc/postfix/sasl_passwd
42 | - require:
43 | - file: /etc/postfix/sasl_passwd
44 |
--------------------------------------------------------------------------------
/saltstack/base/postfix/files/etc/mailname:
--------------------------------------------------------------------------------
1 | {{ grains.nodename }}
2 |
--------------------------------------------------------------------------------
/saltstack/base/postfix/files/etc/postfix/main.cf:
--------------------------------------------------------------------------------
1 | # This file is managed by salt!
2 |
3 | smtpd_banner = $myhostname ESMTP $mail_name (unix)
4 | biff = no
5 | append_dot_mydomain = no
6 | readme_directory = no
7 |
8 | # TLS parameters (dummy cert)
9 | smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
10 | smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
11 | smtpd_use_tls=yes
12 | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
13 | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
14 | smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains, reject_unauth_destination, reject
15 |
16 | # Local settings
17 | myhostname = {{ grains.nodename }}
18 | alias_maps = hash:/etc/aliases
19 | alias_database = hash:/etc/aliases
20 | myorigin = /etc/mailname
21 | mydestination = {{ grains.nodename }}, localhost
22 | relayhost = {{ salt['pillar.get']('postfix:relay:host', '') }}
23 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
24 | mailbox_command = procmail -a "$EXTENSION"
25 | mailbox_size_limit = 0
26 | recipient_delimiter = +
27 | inet_interfaces = all
28 |
29 | # SASL auth
30 | smtp_sasl_auth_enable = yes
31 | smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
32 | smtp_sasl_security_options =
33 |
--------------------------------------------------------------------------------
/saltstack/base/postfix/files/etc/postfix/sasl_passwd:
--------------------------------------------------------------------------------
1 | # This file is managed by salt!
2 |
3 | {{ salt['pillar.get']('postfix:relay:host', '') }} {%- if salt['pillar.get']('postfix:relay:user', False) -%} {{ pillar/postfix.relay.user }}:{{ pillar.postfix.relay.api_key}} {%- endif -%}
4 |
--------------------------------------------------------------------------------
/saltstack/base/postfix/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install and configure local SMTP server using postfix
3 | #
4 |
5 | include:
6 | - .install
7 | - .config
8 |
--------------------------------------------------------------------------------
/saltstack/base/postfix/install.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install postfix and its dependencies
3 | #
4 |
5 | postfix:
6 | pkg:
7 | - installed
8 | service.running:
9 | - require:
10 | - pkg: postfix
11 |
12 | procmail:
13 | pkg.installed
14 |
--------------------------------------------------------------------------------
/saltstack/base/postgresql/files/etc/postgresql/pg_hba.conf:
--------------------------------------------------------------------------------
1 | # TYPE DATABASE USER ADDRESS METHOD
2 | local all postgres trust
3 | local all all peer
4 | host all all 127.0.0.1/32 md5
5 | {%- if 'postgresql_network' in pillar.hosting %}
6 | host all all {{ pillar.hosting.postgresql_network }} md5
7 | {%- endif %}
8 |
--------------------------------------------------------------------------------
/saltstack/base/postgresql/files/etc/postgresql/postgresql.conf:
--------------------------------------------------------------------------------
1 | # server
2 | data_directory = '/data/pgsql'
3 | listen_addresses = '0.0.0.0'
4 | port = 5432
5 | max_connections = {{ salt['pillar.get']('postgresql:max_connections', '1024') }}
6 |
7 | # memory
8 | shared_buffers = {{ salt['pillar.get']('postgresql:shared_buffers', '64MB') }}
9 | temp_buffers = {{ salt['pillar.get']('postgresql:temp_buffers', '8MB') }}
10 | work_mem = {{ salt['pillar.get']('postgresql:work_mem', '8MB') }}
11 | maintenance_work_mem = {{ salt['pillar.get']('postgresql:maintenance_work_mem', '128MB') }}
12 |
13 | # planner
14 | seq_page_cost = 1.0
15 | random_page_cost = 4.0
16 | effective_cache_size = {{ salt['pillar.get']('postgresql:effective_cache_size', '64MB') }}
17 |
18 | # io
19 | wal_level = minimal
20 | max_wal_senders = 0
21 | fsync = on
22 | synchronous_commit = off
23 | full_page_writes = off
24 | wal_buffers = -1
25 |
26 | # query log
27 | logging_collector = on
28 | log_directory = '/var/log/postgresql/'
29 | log_filename = 'query.log'
30 |
31 | log_min_duration_statement = 200
32 | debug_pretty_print = on
33 |
34 |
35 | # l10n
36 | lc_messages = 'C'
37 | lc_monetary = 'C'
38 | lc_numeric = 'C'
39 | lc_time = 'C'
40 | timezone = 'Etc/UTC'
41 |
42 | # vacuum
43 | track_counts = on
44 | autovacuum = on
45 | autovacuum_max_workers = 3
46 |
--------------------------------------------------------------------------------
/saltstack/base/postgresql/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install and configure PostgreSQL database
3 | #
4 | # This state manages the configuration of PostgreSQL database, creates
5 | # data directory in /data and sets up default cluster (main).
6 | # Note that this configuration does not include any failover and/or replication.
7 | # It is suitable to run on development and QA environments.
8 | #
9 | # To deploy Spryker in production, a stable and secure PostgreSQL setup is
10 | # recommended, which includes:
11 | # - backup
12 | # - replication
13 | # - hot-standby slave
14 | # - failover mechanism
15 | # - appropiate hardware
16 |
17 | include:
18 | - .setup
19 | - .credentials
20 | # Include autoupdate if configured to do so
21 | {% if salt['pillar.get']('autoupdate:postgresql', False) %}
22 | - .update
23 | {% endif %}
24 |
--------------------------------------------------------------------------------
/saltstack/base/postgresql/setup.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install and configure PostgreSQL database
3 | #
4 | # This state manages the configuration of PostgreSQL database, creates
5 | # data directory in /data and sets up default cluster (main).
6 | # Note that this configuration does not include any failover and/or replication.
7 | # It is suitable to run on development and QA environments.
8 | #
9 | # To deploy Spryker in production, a stable and secure PostgreSQL setup is
10 | # recommended, which includes:
11 | # - backup
12 | # - replication
13 | # - hot-standby slave
14 | # - failover mechanism
15 | # - appropiate hardware
16 |
17 | postgresql:
18 | pkg.installed:
19 | - name: postgresql-12
20 | service.running:
21 | - enable: true
22 | - reload: true
23 | - watch:
24 | - file: /etc/postgresql/12/main/pg_hba.conf
25 | - file: /etc/postgresql/12/main/postgresql.conf
26 | - require:
27 | - file: /etc/postgresql/12/main/pg_hba.conf
28 | - file: /etc/postgresql/12/main/postgresql.conf
29 | - cmd: data-dir
30 |
31 | data-dir:
32 | file.directory:
33 | - name: /data/pgsql
34 | - makedirs: true
35 | - user: postgres
36 | - group: postgres
37 | - require:
38 | - pkg: postgresql
39 | cmd.run:
40 | - name: /etc/init.d/postgresql stop && rm -rf /etc/postgresql/12/main/* && pg_createcluster --datadir /data/pgsql 12 main
41 | - unless: test -d /data/pgsql/base
42 | - cwd: /data/pgsql
43 | - require:
44 | - file: data-dir
45 |
46 | /etc/postgresql/12/main/pg_hba.conf:
47 | file.managed:
48 | - source: salt://postgresql/files/etc/postgresql/pg_hba.conf
49 | - template: jinja
50 | - require:
51 | - pkg: postgresql
52 | - cmd: data-dir
53 | - watch_in:
54 | - service: postgresql
55 |
56 | /etc/postgresql/12/main/postgresql.conf:
57 | file.managed:
58 | - source: salt://postgresql/files/etc/postgresql/postgresql.conf
59 | - template: jinja
60 | - require:
61 | - pkg: postgresql
62 | - cmd: data-dir
63 | - watch_in:
64 | - service: postgresql
65 |
66 | root:
67 | postgres_user.present:
68 | - login: true
69 | - superuser: true
70 | - require:
71 | - service: postgresql
72 |
73 | # Include autoupdate if configured to do so
74 | {% if salt['pillar.get']('autoupdate:postgresql', False) %}
75 | include:
76 | - .update
77 | {% endif %}
78 |
--------------------------------------------------------------------------------
/saltstack/base/postgresql/update.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Update postgresql package
3 | #
4 | # Note: this state is included only if pillar setting autoupdate:postgresql is true
5 |
6 | update-postgresql:
7 | pkg.latest:
8 | - name: postgresql-12
9 |
--------------------------------------------------------------------------------
/saltstack/base/pound/files/etc/default/pound:
--------------------------------------------------------------------------------
1 | startup=1
2 |
--------------------------------------------------------------------------------
/saltstack/base/pound/files/etc/pound/certs/1star_local:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXQIBAAKBgQCgFhzHOuwsfaSLznqz1xtUoxG/0wLBsaeoGQ21vyTX4GvOJ392
3 | 2gTG3D6PSFKjeHkMLTpTaI4oeti2et5NmxPLuy54gXnW/EiHQkH08onqbsUbHuN4
4 | wb9ObCVX9y36LVQCR6B5VQxe/Gs/62Cxf9skZ8Uf7PDpXw9eKiO/yDZj6QIDAQAB
5 | AoGALeDocniCguWnKKIOLEgzfvgU+CKjIZumbthvQ2z6RBv/CV/secVVpSAtlaam
6 | eE7ocgLsOkc2poc+YF2qJBeTflWdvJd1PXEH0jhTg9g8i6BzJaSwj8JhgIXXRVtb
7 | go3lDUt/m7Raj+OeL9j9Is6ISYW+SAiV8hlRhUi+y0D+CtkCQQDPv1jZ29xTfQfi
8 | icgoAXgiyX9nvmLz1XxRFmzHn+kHI13KuA8MzvnQLOi8X8BLV34Mc+ms9hPT9JYd
9 | k9+zbDNnAkEAxUTXIGG/zQ+aheMidoMNAwYvFgHi3ptMmC9lflMvsEuWKzljfrOz
10 | byqHm94GVhV2raVCCq/AGYRMF/Sn9JrsLwJAcpO0/ErPJFiz7ZRSCQZubLk3BE+z
11 | oYmfy9UTX7HpQp+VzgVff4/zpYXvQl2I38S8Zz/SpCr/2olt9Zgl634EhwJBAIOr
12 | z2vt0vgs0hdL5FT2ZFkAZ61o1OWBAz8RY81N+SbTTQjM5XxMthgdaya+q7wJ141Q
13 | ISTA6pgdliznQLQkNEECQQCTpIV0tUmgT13v9cna9v/DYw0ETaYYZGtHbhtr6b6x
14 | CFYhmrtljL9G+82BMZXtups/sqrkgMyDVITauiknlF7r
15 | -----END RSA PRIVATE KEY-----
16 | -----BEGIN CERTIFICATE-----
17 | MIICYzCCAcwCCQDyfJXR+5kUXDANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJE
18 | RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xGDAWBgNVBAoTD1Nw
19 | cnlrZXIgU3lzdGVtczEZMBcGA1UECxMQRGV2ZWxvcG1lbnQgVGVhbTEQMA4GA1UE
20 | AxQHKi5sb2NhbDAeFw0xNjA5MTQxMzQ4NTVaFw0yNjA5MTIxMzQ4NTVaMHYxCzAJ
21 | BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEYMBYG
22 | A1UEChMPU3ByeWtlciBTeXN0ZW1zMRkwFwYDVQQLExBEZXZlbG9wbWVudCBUZWFt
23 | MRAwDgYDVQQDFAcqLmxvY2FsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg
24 | FhzHOuwsfaSLznqz1xtUoxG/0wLBsaeoGQ21vyTX4GvOJ3922gTG3D6PSFKjeHkM
25 | LTpTaI4oeti2et5NmxPLuy54gXnW/EiHQkH08onqbsUbHuN4wb9ObCVX9y36LVQC
26 | R6B5VQxe/Gs/62Cxf9skZ8Uf7PDpXw9eKiO/yDZj6QIDAQABMA0GCSqGSIb3DQEB
27 | BQUAA4GBAEZf+5XBkYJD1PFv+Ic+RgJpIEd18xYn6W/m2jNHvdoWje3dcckIN3ZG
28 | dJRhit5v/ayltACFGFq2krprgvXgpQOoEP8+qVjkA/gOEjPgTGo2v5coRJEf34GX
29 | +mL/j6vI4zmZ7BWXttOk3d5pSZT6KxFtRsIFW79z/aErznjtosUp
30 | -----END CERTIFICATE-----
31 |
--------------------------------------------------------------------------------
/saltstack/base/pound/files/etc/pound/certs/2star_local:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXQIBAAKBgQCgFhzHOuwsfaSLznqz1xtUoxG/0wLBsaeoGQ21vyTX4GvOJ392
3 | 2gTG3D6PSFKjeHkMLTpTaI4oeti2et5NmxPLuy54gXnW/EiHQkH08onqbsUbHuN4
4 | wb9ObCVX9y36LVQCR6B5VQxe/Gs/62Cxf9skZ8Uf7PDpXw9eKiO/yDZj6QIDAQAB
5 | AoGALeDocniCguWnKKIOLEgzfvgU+CKjIZumbthvQ2z6RBv/CV/secVVpSAtlaam
6 | eE7ocgLsOkc2poc+YF2qJBeTflWdvJd1PXEH0jhTg9g8i6BzJaSwj8JhgIXXRVtb
7 | go3lDUt/m7Raj+OeL9j9Is6ISYW+SAiV8hlRhUi+y0D+CtkCQQDPv1jZ29xTfQfi
8 | icgoAXgiyX9nvmLz1XxRFmzHn+kHI13KuA8MzvnQLOi8X8BLV34Mc+ms9hPT9JYd
9 | k9+zbDNnAkEAxUTXIGG/zQ+aheMidoMNAwYvFgHi3ptMmC9lflMvsEuWKzljfrOz
10 | byqHm94GVhV2raVCCq/AGYRMF/Sn9JrsLwJAcpO0/ErPJFiz7ZRSCQZubLk3BE+z
11 | oYmfy9UTX7HpQp+VzgVff4/zpYXvQl2I38S8Zz/SpCr/2olt9Zgl634EhwJBAIOr
12 | z2vt0vgs0hdL5FT2ZFkAZ61o1OWBAz8RY81N+SbTTQjM5XxMthgdaya+q7wJ141Q
13 | ISTA6pgdliznQLQkNEECQQCTpIV0tUmgT13v9cna9v/DYw0ETaYYZGtHbhtr6b6x
14 | CFYhmrtljL9G+82BMZXtups/sqrkgMyDVITauiknlF7r
15 | -----END RSA PRIVATE KEY-----
16 | -----BEGIN CERTIFICATE-----
17 | MIICZzCCAdACCQCixzCogcXlYTANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJE
18 | RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xGDAWBgNVBAoTD1Nw
19 | cnlrZXIgU3lzdGVtczEZMBcGA1UECxMQRGV2ZWxvcG1lbnQgVGVhbTESMBAGA1UE
20 | AxQJKi4qLmxvY2FsMB4XDTE2MDkxNDEzNDg1NVoXDTI2MDkxMjEzNDg1NVoweDEL
21 | MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMRgw
22 | FgYDVQQKEw9TcHJ5a2VyIFN5c3RlbXMxGTAXBgNVBAsTEERldmVsb3BtZW50IFRl
23 | YW0xEjAQBgNVBAMUCSouKi5sb2NhbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
24 | gYEAoBYcxzrsLH2ki856s9cbVKMRv9MCwbGnqBkNtb8k1+Brzid/dtoExtw+j0hS
25 | o3h5DC06U2iOKHrYtnreTZsTy7sueIF51vxIh0JB9PKJ6m7FGx7jeMG/TmwlV/ct
26 | +i1UAkegeVUMXvxrP+tgsX/bJGfFH+zw6V8PXiojv8g2Y+kCAwEAATANBgkqhkiG
27 | 9w0BAQUFAAOBgQAafRlhofKD9SLY7WeoSpYrWReJ9vV9gIPsduPF0DIHOkkN+9Bd
28 | XghsFkm1O+yUrHR9+/yhZA/kv8HXU0CmLd1i1naDXoXsaxXEo4g25rtwh/6Pp3yT
29 | ZD65Q4xBrSUzrTyR/LE/Tz8AMYopHpX4rWNxeS6SMD9ZCaBHsUqCG1Fryw==
30 | -----END CERTIFICATE-----
31 |
--------------------------------------------------------------------------------
/saltstack/base/pound/files/etc/pound/certs/3star_local:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXQIBAAKBgQCgFhzHOuwsfaSLznqz1xtUoxG/0wLBsaeoGQ21vyTX4GvOJ392
3 | 2gTG3D6PSFKjeHkMLTpTaI4oeti2et5NmxPLuy54gXnW/EiHQkH08onqbsUbHuN4
4 | wb9ObCVX9y36LVQCR6B5VQxe/Gs/62Cxf9skZ8Uf7PDpXw9eKiO/yDZj6QIDAQAB
5 | AoGALeDocniCguWnKKIOLEgzfvgU+CKjIZumbthvQ2z6RBv/CV/secVVpSAtlaam
6 | eE7ocgLsOkc2poc+YF2qJBeTflWdvJd1PXEH0jhTg9g8i6BzJaSwj8JhgIXXRVtb
7 | go3lDUt/m7Raj+OeL9j9Is6ISYW+SAiV8hlRhUi+y0D+CtkCQQDPv1jZ29xTfQfi
8 | icgoAXgiyX9nvmLz1XxRFmzHn+kHI13KuA8MzvnQLOi8X8BLV34Mc+ms9hPT9JYd
9 | k9+zbDNnAkEAxUTXIGG/zQ+aheMidoMNAwYvFgHi3ptMmC9lflMvsEuWKzljfrOz
10 | byqHm94GVhV2raVCCq/AGYRMF/Sn9JrsLwJAcpO0/ErPJFiz7ZRSCQZubLk3BE+z
11 | oYmfy9UTX7HpQp+VzgVff4/zpYXvQl2I38S8Zz/SpCr/2olt9Zgl634EhwJBAIOr
12 | z2vt0vgs0hdL5FT2ZFkAZ61o1OWBAz8RY81N+SbTTQjM5XxMthgdaya+q7wJ141Q
13 | ISTA6pgdliznQLQkNEECQQCTpIV0tUmgT13v9cna9v/DYw0ETaYYZGtHbhtr6b6x
14 | CFYhmrtljL9G+82BMZXtups/sqrkgMyDVITauiknlF7r
15 | -----END RSA PRIVATE KEY-----
16 | -----BEGIN CERTIFICATE-----
17 | MIICazCCAdQCCQDVQQlPKhW1RjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJE
18 | RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xGDAWBgNVBAoTD1Nw
19 | cnlrZXIgU3lzdGVtczEZMBcGA1UECxMQRGV2ZWxvcG1lbnQgVGVhbTEUMBIGA1UE
20 | AxQLKi4qLioubG9jYWwwHhcNMTYwOTE0MTM0ODU1WhcNMjYwOTEyMTM0ODU1WjB6
21 | MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4x
22 | GDAWBgNVBAoTD1NwcnlrZXIgU3lzdGVtczEZMBcGA1UECxMQRGV2ZWxvcG1lbnQg
23 | VGVhbTEUMBIGA1UEAxQLKi4qLioubG9jYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
24 | MIGJAoGBAKAWHMc67Cx9pIvOerPXG1SjEb/TAsGxp6gZDbW/JNfga84nf3baBMbc
25 | Po9IUqN4eQwtOlNojih62LZ63k2bE8u7LniBedb8SIdCQfTyiepuxRse43jBv05s
26 | JVf3LfotVAJHoHlVDF78az/rYLF/2yRnxR/s8OlfD14qI7/INmPpAgMBAAEwDQYJ
27 | KoZIhvcNAQEFBQADgYEAPsXU8GQtf48S82BCt3vJibKty1CX3ROJKI3u4CQYCste
28 | +vXEacnxMr6CD5MMC1QASYya/vz4VxwhLIJD8rJiJI35qSwASczNhhhd3hJCpm8S
29 | yavHR4TJI4c5ZpZtJZFmxyy0/+BDq8Z4Q0a6JSU2mlqOagYylWZnJXYqZ10Fgvo=
30 | -----END CERTIFICATE-----
31 |
--------------------------------------------------------------------------------
/saltstack/base/pound/files/etc/pound/certs/4star_local:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXQIBAAKBgQCgFhzHOuwsfaSLznqz1xtUoxG/0wLBsaeoGQ21vyTX4GvOJ392
3 | 2gTG3D6PSFKjeHkMLTpTaI4oeti2et5NmxPLuy54gXnW/EiHQkH08onqbsUbHuN4
4 | wb9ObCVX9y36LVQCR6B5VQxe/Gs/62Cxf9skZ8Uf7PDpXw9eKiO/yDZj6QIDAQAB
5 | AoGALeDocniCguWnKKIOLEgzfvgU+CKjIZumbthvQ2z6RBv/CV/secVVpSAtlaam
6 | eE7ocgLsOkc2poc+YF2qJBeTflWdvJd1PXEH0jhTg9g8i6BzJaSwj8JhgIXXRVtb
7 | go3lDUt/m7Raj+OeL9j9Is6ISYW+SAiV8hlRhUi+y0D+CtkCQQDPv1jZ29xTfQfi
8 | icgoAXgiyX9nvmLz1XxRFmzHn+kHI13KuA8MzvnQLOi8X8BLV34Mc+ms9hPT9JYd
9 | k9+zbDNnAkEAxUTXIGG/zQ+aheMidoMNAwYvFgHi3ptMmC9lflMvsEuWKzljfrOz
10 | byqHm94GVhV2raVCCq/AGYRMF/Sn9JrsLwJAcpO0/ErPJFiz7ZRSCQZubLk3BE+z
11 | oYmfy9UTX7HpQp+VzgVff4/zpYXvQl2I38S8Zz/SpCr/2olt9Zgl634EhwJBAIOr
12 | z2vt0vgs0hdL5FT2ZFkAZ61o1OWBAz8RY81N+SbTTQjM5XxMthgdaya+q7wJ141Q
13 | ISTA6pgdliznQLQkNEECQQCTpIV0tUmgT13v9cna9v/DYw0ETaYYZGtHbhtr6b6x
14 | CFYhmrtljL9G+82BMZXtups/sqrkgMyDVITauiknlF7r
15 | -----END RSA PRIVATE KEY-----
16 | -----BEGIN CERTIFICATE-----
17 | MIICbzCCAdgCCQD3TdbFnIs3JjANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJE
18 | RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xGDAWBgNVBAoTD1Nw
19 | cnlrZXIgU3lzdGVtczEZMBcGA1UECxMQRGV2ZWxvcG1lbnQgVGVhbTEWMBQGA1UE
20 | AxQNKi4qLiouKi5sb2NhbDAeFw0xNjA5MTQxMzQ4NTVaFw0yNjA5MTIxMzQ4NTVa
21 | MHwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
22 | bjEYMBYGA1UEChMPU3ByeWtlciBTeXN0ZW1zMRkwFwYDVQQLExBEZXZlbG9wbWVu
23 | dCBUZWFtMRYwFAYDVQQDFA0qLiouKi4qLmxvY2FsMIGfMA0GCSqGSIb3DQEBAQUA
24 | A4GNADCBiQKBgQCgFhzHOuwsfaSLznqz1xtUoxG/0wLBsaeoGQ21vyTX4GvOJ392
25 | 2gTG3D6PSFKjeHkMLTpTaI4oeti2et5NmxPLuy54gXnW/EiHQkH08onqbsUbHuN4
26 | wb9ObCVX9y36LVQCR6B5VQxe/Gs/62Cxf9skZ8Uf7PDpXw9eKiO/yDZj6QIDAQAB
27 | MA0GCSqGSIb3DQEBBQUAA4GBAInu8HNLC9YkzC9oI/+ojeM5FnNzEYNm7oc/bp2m
28 | OM+JpEDP3wte4s7OdQZKtcYmP0MCLjJSjTl8t0Fm5wyrz5Vn1I+HYlV3gdwWZvcu
29 | ICR4V/g+/xPDwlfLce6pzwkAG5JOuRvQBRZsnnJFf860ZpKLoRXf0WbG5AVAypO3
30 | lqBe
31 | -----END CERTIFICATE-----
32 |
--------------------------------------------------------------------------------
/saltstack/base/pound/files/etc/pound/pound.cfg:
--------------------------------------------------------------------------------
1 | User "www-data"
2 | Group "www-data"
3 | LogLevel 2
4 | Alive 30
5 | Control "/var/run/pound/poundctl.socket"
6 |
7 | ListenHTTPS
8 | Address 0.0.0.0
9 | Port 443
10 | RewriteLocation 0
11 |
12 | xHTTP 1
13 | Service
14 | BackEnd
15 | Address 0.0.0.0
16 | Port 80
17 | End
18 | End
19 |
20 | # Certs must contain file with key, cert and complete ca-bundle of CA
21 | Cert "/etc/pound/certs/star_spryker_dev"
22 | #Cert "/etc/pound/certs/1star_local"
23 | #Cert "/etc/pound/certs/2star_local"
24 | #Cert "/etc/pound/certs/3star_local"
25 | #Cert "/etc/pound/certs/4star_local"
26 |
27 | Ciphers "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
28 | AddHeader "X-Forwarded-Proto: https"
29 | End
30 |
--------------------------------------------------------------------------------
/saltstack/base/pound/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install and configure pound, and SSL-Termination proxy
3 | #
4 |
5 | pound-depth:
6 | pkg.installed:
7 | - pkgs:
8 | - sysuser-helper
9 | - libmbedcrypto3
10 | - libmbedtls12
11 | - libmbedx509-0
12 | - libnanomsg5
13 |
14 | pound:
15 | pkg.installed:
16 | - hold: True
17 | - sources:
18 | - pound: http://archive.ubuntu.com/ubuntu/pool/universe/p/pound/pound_2.8-2_amd64.deb
19 | - require:
20 | - pkg: pound-depth
21 | service.running:
22 | - enable: True
23 | - require:
24 | - pkg: pound
25 | - file: /etc/default/pound
26 | - file: /etc/pound/certs/1star_local
27 | - file: /etc/pound/certs/2star_local
28 | - file: /etc/pound/certs/3star_local
29 | - file: /etc/pound/certs/4star_local
30 | - file: /etc/pound/certs/star_spryker_dev
31 | - watch:
32 | - file: /etc/pound/pound.cfg
33 | - pkg: pound
34 |
35 | /etc/pound/pound.cfg:
36 | file.managed:
37 | - source: salt://pound/files/etc/pound/pound.cfg
38 | - require:
39 | - pkg: pound
40 |
41 | /etc/default/pound:
42 | file.managed:
43 | - source: salt://pound/files/etc/default/pound
44 | - require:
45 | - pkg: pound
46 |
47 | /etc/pound/certs:
48 | file.directory:
49 | - user: root
50 | - group: root
51 | - mode: 755
52 | - require:
53 | - pkg: pound
54 |
55 | /etc/pound/certs/1star_local:
56 | file.managed:
57 | - source: salt://pound/files/etc/pound/certs/1star_local
58 | - require:
59 | - file: /etc/pound/certs
60 |
61 | /etc/pound/certs/2star_local:
62 | file.managed:
63 | - source: salt://pound/files/etc/pound/certs/2star_local
64 | - require:
65 | - file: /etc/pound/certs
66 |
67 | /etc/pound/certs/3star_local:
68 | file.managed:
69 | - source: salt://pound/files/etc/pound/certs/3star_local
70 | - require:
71 | - file: /etc/pound/certs
72 |
73 | /etc/pound/certs/4star_local:
74 | file.managed:
75 | - source: salt://pound/files/etc/pound/certs/4star_local
76 | - require:
77 | - file: /etc/pound/certs
78 |
79 | /etc/pound/certs/star_spryker_dev:
80 | file.managed:
81 | - source: salt://pound/files/etc/pound/certs/star_spryker_dev
82 | - require:
83 | - file: /etc/pound/certs
84 |
--------------------------------------------------------------------------------
/saltstack/base/rabbitmq/credentials.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Manage RabbitMQ credentials
3 | #
4 |
5 | # Delete default guest user
6 | rabbitmq_user_guest:
7 | rabbitmq_user.absent:
8 | - name: guest
9 |
10 | # Create rabbitmq user and vhost for each environment/store
11 | {%- from 'settings/init.sls' import settings with context %}
12 | {%- for environment, environment_details in settings.environments.items() %}
13 | {%- for store in pillar.stores %}
14 |
15 | rabbitmq_vhost_{{ store }}_{{ environment }}_zed:
16 | rabbitmq_vhost.present:
17 | - name: {{ settings.environments[environment].stores[store].rabbitmq.vhost }}
18 |
19 | rabbitmq_user_{{ store }}_{{ environment }}_zed:
20 | rabbitmq_user.present:
21 | - name: {{ settings.environments[environment].stores[store].rabbitmq.username }}
22 | - password: {{ settings.environments[environment].stores[store].rabbitmq.password }}
23 | - perms:
24 | - {{ settings.environments[environment].stores[store].rabbitmq.vhost }}:
25 | - '.*'
26 | - '.*'
27 | - '.*'
28 | - require:
29 | - rabbitmq_vhost: rabbitmq_vhost_{{ store }}_{{ environment }}_zed
30 |
31 | {% endfor %}
32 | {% endfor %}
33 |
34 | # Create admin username for GUI
35 | {%- set admin_user = salt['pillar.get']('rabbitmq:admin_user', False) %}
36 | {%- if admin_user %}
37 | rabbitmq_admin_user:
38 | rabbitmq_user.present:
39 | - name: {{ pillar.rabbitmq.admin_user.username }}
40 | - password: {{ pillar.rabbitmq.admin_user.password }}
41 | - tags:
42 | - administrator
43 | {%- endif %}
44 |
--------------------------------------------------------------------------------
/saltstack/base/rabbitmq/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install RabbitMQ (Message Queue)
3 | #
4 |
5 | include:
6 | - .setup
7 |
8 | # Create users only if service is enabled
9 | {% if salt['pillar.get']('rabbitmq:enabled', False) %}
10 | - .credentials
11 | {% endif %}
12 |
13 | # Include autoupdate if configured to do so
14 | {% if salt['pillar.get']('autoupdate:rabbitmq', False) %}
15 | - .update
16 | {% endif %}
17 |
--------------------------------------------------------------------------------
/saltstack/base/rabbitmq/setup.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install RabbitMQ (message queue broker)
3 | #
4 |
5 | rabbitmq-server:
6 | pkg.installed:
7 | - name: rabbitmq-server
8 |
9 | {% if salt['pillar.get']('rabbitmq:node_name', False) %}
10 | /etc/rabbitmq/rabbitmq-env.conf:
11 | file.managed:
12 | - contents:
13 | - NODENAME={{ salt['pillar.get']('rabbitmq:node_name') }}
14 | - require:
15 | - pkg: rabbitmq-server
16 | - require_in:
17 | - service: rabbitmq-service
18 | - watch_in:
19 | - service: rabbitmq-service
20 | {% endif %}
21 |
22 |
23 | rabbitmq-service:
24 | service.running:
25 | - name: rabbitmq-server
26 | - enable: {{ salt['pillar.get']('rabbitmq:enabled', True) }}
27 | - require:
28 | - pkg: rabbitmq-server
29 |
30 | enable-rabbitmq-management:
31 | cmd.run:
32 | - name: rabbitmq-plugins enable rabbitmq_management --offline
33 | - unless: rabbitmq-plugins list | grep '\[[eE]\*\] rabbitmq_management '
34 | - require:
35 | - service: rabbitmq-server
36 |
--------------------------------------------------------------------------------
/saltstack/base/rabbitmq/update.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Update rabbitmq-server package
3 | #
4 | # Note: this state is included only if pillar setting autoupdate:rabbitmq is true
5 |
6 | update-rabbitmq:
7 | pkg.latest:
8 | - name: rabbitmq-server
9 |
--------------------------------------------------------------------------------
/saltstack/base/redis/environments.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup for multiple environments of Spryker
3 | #
4 | # This implementation is Spryker-specific and it takes data from Spryker pillars
5 | # Instances created here are used by Spryker and are required for production use.
6 | # Each environment works on seperate redis instance.
7 | #
8 | {% from 'settings/init.sls' import settings with context %}
9 | {% from 'redis/macros/redis_instance.sls' import redis_instance with context %}
10 |
11 | /etc/logrotate.d/redis-instances:
12 | file.managed:
13 | - source: salt://redis/files/etc/logrotate.d/redis-instances
14 |
15 | {%- for environment, environment_details in pillar.environments.items() %}
16 | {{ redis_instance(environment, environment_details, settings) }}
17 | {%- endfor %}
18 |
--------------------------------------------------------------------------------
/saltstack/base/redis/files/etc/logrotate.d/redis-instances:
--------------------------------------------------------------------------------
1 | /data/logs/*/redis/*.log {
2 | daily
3 | missingok
4 | compress
5 | rotate 7
6 | dateext
7 | notifempty
8 | sharedscripts
9 | extension gz
10 | copytruncate
11 | }
12 |
--------------------------------------------------------------------------------
/saltstack/base/redis/files/etc/systemd/system/redis-server.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Spryker key-value store: {{ environment }}
3 | After=network.target
4 |
5 | [Service]
6 | Type=forking
7 | ExecStart=/usr/bin/redis-server /etc/redis/redis_{{ environment }}.conf
8 | TimeoutStopSec=0
9 | Restart=always
10 | User=redis
11 | Group=redis
12 |
13 | [Install]
14 | WantedBy=multi-user.target
15 |
--------------------------------------------------------------------------------
/saltstack/base/redis/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # This state downloads and prepares to run Redis-server
3 | #
4 | # Note that this state should be used only in non-production environments,
5 | # as we do not setup any replication/failover mechanism via salt.
6 | # Production environments should run either master-slave replication with failover,
7 | # redis cluster or managed redis (e.g. ObjectRocket at Rackspace or ElastiCache at AWS)
8 |
9 | {%- if salt['pillar.get']('hosting:external_redis', '') == '' %}
10 | include:
11 | - .install
12 | - .environments
13 | {%- endif %}
14 |
--------------------------------------------------------------------------------
/saltstack/base/redis/install.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install package, remove default service
3 | #
4 |
5 | redis-server:
6 | pkg.installed:
7 | - fromrepo: {{ grains.lsb_distrib_codename }}-backports
8 |
9 | # Make sure that redis bgsave can overcommit virtual memory
10 | vm.overcommit_memory:
11 | sysctl.present:
12 | - value: 1
13 |
14 | # Setup init script(s) for OS without systemd
15 | {%- if "systemd" not in grains %}
16 | # Init script for multiple instances
17 | /etc/init.d/redis-server:
18 | file.managed:
19 | - source: salt://redis/files/etc/init.d/redis-server
20 | - watch_in:
21 | - service: redis-services
22 |
23 | # Remove default redis instance
24 | /etc/redis/redis.conf:
25 | file.absent:
26 | - watch_in:
27 | - service: redis-services
28 |
29 | redis-services:
30 | service.running:
31 | - name: redis-server
32 | - enable: True
33 | - require:
34 | - pkg: redis-server
35 | - file: /etc/init.d/redis-server
36 | - file: /etc/redis/redis.conf
37 |
38 | {%- else %}
39 | redis-service-disable:
40 | service.disabled:
41 | - name: redis-server
42 |
43 | redis-service-dead:
44 | service.dead:
45 | - name: redis-server
46 |
47 | # Try harder, because service.disabled doesn't seem to be good enough
48 | redis-service-disable-really:
49 | cmd.run:
50 | - name: systemctl disable redis-server
51 | - onlyif: systemctl is-enabled redis-server
52 | {%- endif %}
53 |
--------------------------------------------------------------------------------
/saltstack/base/redis/macros/redis_instance.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Macro: Setup one Elasticsearch instance
3 | #
4 |
5 | {% macro redis_instance(environment, environment_details, settings) -%}
6 |
7 | {% if 'skip_instance_setup' not in environment_details.redis %}
8 | /tmp/b-{{ environment }}:
9 | file.managed:
10 | - contents: {{ environment_details }}
11 |
12 | /data/shop/{{ environment }}/shared/redis:
13 | file.directory:
14 | - user: redis
15 | - group: redis
16 | - mode: 700
17 | - require:
18 | - file: /data/shop/{{ environment }}/shared
19 |
20 | /data/logs/{{ environment }}/redis:
21 | file.directory:
22 | - user: redis
23 | - group: redis
24 | - mode: 755
25 | - require:
26 | - file: /data/logs/{{ environment }}
27 |
28 | {%- if 'systemd' in grains %}
29 | {%- set service_name = 'redis-server-' + environment %}
30 | /etc/systemd/system/redis-server-{{ environment }}.service:
31 | file.managed:
32 | - template: jinja
33 | - source: salt://redis/files/etc/systemd/system/redis-server.service
34 | - context:
35 | environment: {{ environment }}
36 |
37 | redis-server-{{ environment }}:
38 | service.running:
39 | - enable: True
40 | - require:
41 | - file: /etc/systemd/system/redis-server-{{ environment }}.service
42 |
43 | {%- else %}
44 | {%- set service_name = 'redis-services' %}
45 | {%- endif %}
46 |
47 | /etc/redis/redis_{{ environment }}.conf:
48 | file.managed:
49 | - user: root
50 | - group: root
51 | - mode: 644
52 | - template: jinja
53 | - source: salt://redis/files/redis_instance/etc/redis/redis.conf
54 | - context:
55 | environment: {{ environment }}
56 | environment_details: {{ environment_details|tojson }}
57 | settings: {{ settings|tojson }}
58 | - require:
59 | - file: /data/shop/{{ environment }}/shared/redis
60 | - file: /data/logs/{{ environment }}/redis
61 | - watch_in:
62 | - service: {{ service_name }}
63 |
64 | {%- endif %}
65 | {%- endmacro %}
66 |
--------------------------------------------------------------------------------
/saltstack/base/ruby/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install Ruby and used gems
3 | #
4 |
5 | {% set ruby_package_name = {
6 | 'buster': 'ruby',
7 | 'stretch': 'ruby',
8 | 'wheezy': 'ruby1.9.1',
9 | 'jessie': 'ruby',
10 | }.get(grains.lsb_distrib_codename) %}
11 |
12 | ruby:
13 | pkg.installed:
14 | - pkgs:
15 | - {{ ruby_package_name }}
16 | - ruby-dev
17 | - libncurses5-dev
18 | - build-essential
19 |
20 | psych:
21 | gem.installed
22 |
23 | highline:
24 | gem.installed:
25 | - require:
26 | - gem: psych
27 |
28 |
29 | # Install fixed versions, as the 2.8.0+ had problems with changed packet sizes
30 | net-ssh:
31 | gem.installed:
32 | - version: 2.7.0
33 |
34 | net-scp:
35 | gem.installed:
36 | - version: 1.1.2
37 |
38 | net-ssh-multi:
39 | gem.installed:
40 | - version: 1.2.0
41 |
--------------------------------------------------------------------------------
/saltstack/base/samba/files/etc/samba/smb.conf:
--------------------------------------------------------------------------------
1 | [global]
2 | workgroup = WORKGROUP
3 | dns proxy = no
4 | interfaces = 127.0.0.0/8 eth0 eth1 enp0s3 enp0s8
5 | log file = /var/log/samba/log.%m
6 | max log size = 1000
7 | syslog = 0
8 | panic action = /usr/share/samba/panic-action %d
9 | server role = standalone server
10 | passdb backend = tdbsam
11 | obey pam restrictions = yes
12 | unix password sync = yes
13 | passwd program = /usr/bin/passwd %u
14 | passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
15 | pam password change = yes
16 | map to guest = bad user
17 | usershare allow guests = yes
18 |
19 | [project]
20 | comment = Project directory
21 | path = /data/shop/development/
22 | public = yes
23 | browsable = yes
24 | writable = yes
25 | guest ok = yes
26 | read only = no
27 | create mask = 0777
28 | directory mask = 0777
29 | force user = vagrant
30 | force group = www-data
31 | inherit owner = yes
32 | inherit acls = yes
33 | inherit permissions = yes
34 | map acl inherit = yes
35 |
36 |
--------------------------------------------------------------------------------
/saltstack/base/samba/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup samba for reversed option of sharing. This is optional.
3 | #
4 |
5 | install-smb-server:
6 | pkg.installed:
7 | - name: samba
8 |
9 | /etc/samba/smb.conf:
10 | file.managed:
11 | - source: salt://samba/files/etc/samba/smb.conf
12 | - require:
13 | - pkg: install-smb-server
14 |
15 | smbd:
16 | service.running:
17 | - enable: True
18 | - require:
19 | - pkg: install-smb-server
20 | - file: /etc/samba/smb.conf
21 | - watch:
22 | - file: /etc/samba/smb.conf
23 |
24 | nmbd:
25 | service.dead:
26 | - enable: False
27 | - require:
28 | - pkg: install-smb-server
29 | - file: /etc/samba/smb.conf
30 | - watch:
31 | - file: /etc/samba/smb.conf
32 |
--------------------------------------------------------------------------------
/saltstack/base/serverspec/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install serverspec and its dependencies
3 | #
4 |
5 | rake:
6 | gem.installed
7 |
8 | serverspec:
9 | gem.installed
10 |
11 | serverspec-extended-types:
12 | gem.installed
13 |
--------------------------------------------------------------------------------
/saltstack/base/settings/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # This state holds centrally parsed settings, which are taken from grains, pillars and mine
3 | # This state does not perform any operations, but is included in many other states
4 | #
5 |
6 | {% from 'settings/hosts.sls' import host, hosts, elasticsearch, publish_ip with context %}
7 | {% from 'settings/environments.sls' import environments with context %}
8 |
9 | {%- set settings = {} %}
10 | {%- do settings.update ({
11 | 'environments' : environments,
12 | 'host' : host,
13 | 'hosts' : hosts,
14 | 'publish_ip' : publish_ip,
15 | 'elasticsearch' : elasticsearch,
16 | }) %}
17 |
--------------------------------------------------------------------------------
/saltstack/base/settings/port_numbering.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Constants for port numbering scheme (see README.md file)
3 | #
4 |
5 | environment:
6 | production:
7 | port: '5'
8 | staging:
9 | port: '3'
10 | testing:
11 | port: '1'
12 | devtest:
13 | port: '0'
14 | development:
15 | port: '0'
16 |
17 | store:
18 | DE:
19 | locale: de_DE
20 | appdomain: '49'
21 | PL:
22 | locale: pl_PL
23 | appdomain: '01'
24 | FR:
25 | locale: fr_FR
26 | appdomain: '02'
27 | AT:
28 | locale: de_AT
29 | appdomain: '03'
30 | NL:
31 | locale: nl_NL
32 | appdomain: '04'
33 | CH:
34 | locale: de_CH
35 | appdomain: '05'
36 | BR:
37 | locale: pt_BR
38 | appdomain: '06'
39 | UK:
40 | locale: en_UK
41 | appdomain: '07'
42 | SE:
43 | locale: sv_SE
44 | appdomain: '08'
45 | BE:
46 | locale: nl_BE
47 | appdomain: '09'
48 | US:
49 | locale: en_US
50 | appdomain: '10'
51 | MX:
52 | locale: es_MX
53 | appdomain: '11'
54 | AR:
55 | locale: es_AR
56 | appdomain: '12'
57 | CL:
58 | locale: es_CL
59 | appdomain: '13'
60 | CO:
61 | locale: es_CO
62 | appdomain: '14'
63 | COM:
64 | locale: en_US
65 | appdomain: '98'
66 | EU:
67 | locale: en_UK
68 | appdomain: '99'
69 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/cleanup-cronjobs.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Cronjobs for cleanups of temporary / unused files
3 | #
4 |
5 | /etc/cron.d:
6 | file.recurse:
7 | - source: salt://spryker/files/etc/cron.d
8 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/config/config_local.php:
--------------------------------------------------------------------------------
1 | /dev/null | sort -r | tail -n+6`; done
5 |
6 | # Remove tomcat logs older than 4 days
7 | 9 1 * * * root nice rm -rf `find /data/logs/*/tomcat/ -maxdepth 1 -mindepth 1 -mtime +4 2>/dev/null`
8 |
9 | # Remove jenkins builds older than 7 days
10 | 10 1 * * * root nice rm -rf `find /data/shop/*/shared/data/jenkins/jobs/*/builds/ -maxdepth 1 -mindepth 1 -ctime +7 2>/dev/null`
11 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/deploy/deploy.key:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/saltstack/base/spryker/files/etc/deploy/deploy.key
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/deploy/ssh_wrapper.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # SSH wrapper script
3 | # The path to this script is passed as GIT_SSH environmental variable during deployment.
4 | # It forces ssh to use custom private key, it this case - /etc/deploy/deploy.key
5 | # The appropiate public key has to be allowed in git repository.
6 |
7 |
8 | [ -O /tmp/ssh_agent ] && eval `cat /tmp/ssh_agent` &> /dev/null
9 | ssh -i /etc/deploy/deploy.key $1 $2
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/conf.d/backend.conf:
--------------------------------------------------------------------------------
1 | upstream backend-{{ environment }}-yves {
2 | server unix:/tmp/.fpm.{{ environment }}-yves.sock;
3 | }
4 | upstream backend-{{ environment }}-zed {
5 | server unix:/tmp/.fpm.{{ environment }}-zed.sock;
6 | }
7 | upstream backend-{{ environment }}-glue {
8 | server unix:/tmp/.fpm.{{ environment }}-glue.sock;
9 | }
10 | upstream backend-{{ environment }}-gateway {
11 | server unix:/tmp/.fpm.{{ environment }}-gateway.sock;
12 | }
13 | upstream backend-{{ environment }}-backoffice {
14 | server unix:/tmp/.fpm.{{ environment }}-backoffice.sock;
15 | }
16 | upstream backend-{{ environment }}-backendgateway {
17 | server unix:/tmp/.fpm.{{ environment }}-backendgateway.sock;
18 | }
19 | upstream backend-{{ environment }}-backendapi {
20 | server unix:/tmp/.fpm.{{ environment }}-backendapi.sock;
21 | }
22 | upstream backend-{{ environment }}-configurator {
23 | server unix:/tmp/.fpm.{{ environment }}-configurator.sock;
24 | }
25 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/conf.d/env.conf:
--------------------------------------------------------------------------------
1 | env VM_PROJECT
2 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/htpasswd-staging:
--------------------------------------------------------------------------------
1 | spryker:$apr1$QeNfhIRs$HyfdlKMTU./oA9nEGzYmv0
2 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/htpasswd-zed:
--------------------------------------------------------------------------------
1 | spryker:$apr1$QeNfhIRs$HyfdlKMTU./oA9nEGzYmv0
2 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/XX-backendapi.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].stores[store].backendapi.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].stores[store].backendapi.hostname }};
13 |
14 | keepalive_timeout 0;
15 | access_log /data/logs/{{ environment }}/backendapi-access.log extended;
16 |
17 | root /data/shop/{{ environment }}/current/public/BackendApi;
18 |
19 | {%- if settings.environments[environment].stores[store].backendapi.htpasswd_file is defined %}
20 | auth_basic "Restricted Files";
21 | auth_basic_user_file {{ settings.environments[environment].stores[store].backendapi.htpasswd_file }};
22 | {%- endif %}
23 |
24 | set $application_env {{ environment }};
25 | set $application_store {{ store }};
26 | include "spryker/backendapi.conf";
27 | }
28 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/XX-backendgateway.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].stores[store].backendgateway.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].stores[store].backendgateway.hostname }};
13 |
14 | keepalive_timeout 0;
15 | access_log /data/logs/{{ environment }}/backendgateway-access.log extended;
16 |
17 | root /data/shop/{{ environment }}/current/public/BackendGateway;
18 |
19 | {%- if settings.environments[environment].stores[store].backendgateway.htpasswd_file is defined %}
20 | auth_basic "Restricted Files";
21 | auth_basic_user_file {{ settings.environments[environment].stores[store].backendgateway.htpasswd_file }};
22 | {%- endif %}
23 |
24 | set $application_env {{ environment }};
25 | set $application_store {{ store }};
26 | include "spryker/backendgateway.conf";
27 | }
28 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/XX-backoffice.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].stores[store].backoffice.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].stores[store].backoffice.hostname }};
13 |
14 | keepalive_timeout 0;
15 | access_log /data/logs/{{ environment }}/backoffice-access.log extended;
16 |
17 | root /data/shop/{{ environment }}/current/public/Backoffice;
18 |
19 | {%- if settings.environments[environment].stores[store].backoffice.htpasswd_file is defined %}
20 | auth_basic "Restricted Files";
21 | auth_basic_user_file {{ settings.environments[environment].stores[store].backoffice.htpasswd_file }};
22 | {%- endif %}
23 |
24 | set $application_env {{ environment }};
25 | set $application_store {{ store }};
26 | include "spryker/backoffice.conf";
27 | }
28 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/XX-gateway.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].stores[store].gateway.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].stores[store].gateway.hostname }};
13 |
14 | keepalive_timeout 0;
15 | access_log /data/logs/{{ environment }}/gateway-access.log extended;
16 |
17 | root /data/shop/{{ environment }}/current/public/gateway;
18 |
19 | {%- if settings.environments[environment].stores[store].gateway.htpasswd_file is defined %}
20 | auth_basic "Restricted Files";
21 | auth_basic_user_file {{ settings.environments[environment].stores[store].gateway.htpasswd_file }};
22 | {%- endif %}
23 |
24 | set $application_env {{ environment }};
25 | set $application_store {{ store }};
26 | include "spryker/gateway.conf";
27 | }
28 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/XX-glue.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].stores[store].glue.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].stores[store].glue.hostname }};
13 |
14 | keepalive_timeout 0;
15 | access_log /data/logs/{{ environment }}/glue-access.log extended;
16 |
17 | root /data/shop/{{ environment }}/current/public/Glue;
18 |
19 | {%- if settings.environments[environment].stores[store].glue.htpasswd_file is defined %}
20 | auth_basic "Restricted Files";
21 | auth_basic_user_file {{ settings.environments[environment].stores[store].glue.htpasswd_file }};
22 | {%- endif %}
23 |
24 | set $application_env {{ environment }};
25 | set $application_store {{ store }};
26 | include "spryker/glue.conf";
27 | }
28 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/XX-yves.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].stores[store].yves.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].stores[store].yves.hostnames|join(' ') }};
13 | access_log /data/logs/{{ environment }}/yves-access.log extended;
14 |
15 | {%- if settings.environments[environment].stores[store].yves.htpasswd_file is defined %}
16 | auth_basic "Restricted Files";
17 | auth_basic_user_file {{ settings.environments[environment].stores[store].yves.htpasswd_file }};
18 | {%- endif %}
19 |
20 | root /data/shop/{{ environment }}/current/public/Yves;
21 |
22 | set $application_env {{ environment }};
23 | set $application_store {{ store }};
24 |
25 | include "spryker/yves.conf";
26 |
27 | ###
28 | ### Rewrite rules
29 | ###
30 | ### Beware of load balancer heartbeat check (/monitoring/heartbeat), it must stay not rewritten.
31 |
32 | {%- if settings.environments[environment].stores[store].yves.hostnames|count == 1 %}
33 | ## Allow only first (default) hostname
34 | ## This feature is disabled as it should clarify production requirements for each site
35 | #if ($host != $server_name) {
36 | # rewrite ^(.*)$ http://$server_name$1 permanent;
37 | #}
38 | {%- endif %}
39 |
40 | }
41 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/XX-zed.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].stores[store].zed.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].stores[store].zed.hostname }};
13 |
14 | keepalive_timeout 0;
15 | access_log /data/logs/{{ environment }}/zed-access.log extended;
16 |
17 | root /data/shop/{{ environment }}/current/public/Zed;
18 |
19 | {%- if settings.environments[environment].stores[store].zed.htpasswd_file is defined %}
20 | auth_basic "Restricted Files";
21 | auth_basic_user_file {{ settings.environments[environment].stores[store].zed.htpasswd_file }};
22 | {%- endif %}
23 |
24 | set $application_env {{ environment }};
25 | set $application_store {{ store }};
26 | include "spryker/zed.conf";
27 | }
28 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/configurator.conf:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | ## This file is managed by saltstack - DO NOT MANUALLY CHANGE IT ##
3 | ###############################################################################
4 |
5 | server {
6 | # Listener for production/staging - requires external LoadBalancer directing traffic to this port
7 | listen {{ settings.environments[environment].configurator.port }};
8 |
9 | # Listener for testing/development - one host only, doesn't require external LoadBalancer
10 | listen 80;
11 |
12 | server_name {{ settings.environments[environment].configurator.hostname }};
13 |
14 | keepalive_timeout 0;
15 | access_log /data/logs/{{ environment }}/configurator-access.log extended;
16 |
17 | root /data/shop/{{ environment }}/current/public/Configurator;
18 |
19 | {%- if settings.environments[environment].configurator.htpasswd_file is defined %}
20 | auth_basic "Restricted Files";
21 | auth_basic_user_file {{ settings.environments[environment].configurator.htpasswd_file }};
22 | {%- endif %}
23 |
24 | set $application_env {{ environment }};
25 | include "spryker/configurator.conf";
26 | }
27 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/sites-available/static.conf:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen {{ settings.environments[environment].static.port }};
4 | listen 80;
5 |
6 | server_name {{ settings.environments[environment].static.hostname }};
7 | access_log off;
8 |
9 | root /data/storage/{{ environment }}/static;
10 |
11 | include "spryker/static.conf";
12 | }
13 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/backendapi.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common backendapi settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Timeout for backendapi requests - 10 minutes
7 | # (longer requests should be converted to jobs and executed via jenkins)
8 | proxy_read_timeout 600s;
9 | proxy_send_timeout 600s;
10 | fastcgi_read_timeout 600s;
11 | client_body_timeout 600s;
12 | client_header_timeout 600s;
13 | send_timeout 600s;
14 |
15 | # Static files can be delivered directly
16 | location ~ (/assets/|/favicon.ico|/robots.txt) {
17 | access_log off;
18 | expires 30d;
19 | add_header Pragma public;
20 | add_header Cache-Control "public, must-revalidate, proxy-revalidate";
21 | try_files $uri =404;
22 | }
23 |
24 | # PHP application gets all other requests
25 | location / {
26 | add_header X-Server $hostname;
27 | fastcgi_pass backend-$application_env-backendapi;
28 | fastcgi_index index.php;
29 | include /etc/nginx/fastcgi_params;
30 | fastcgi_param SCRIPT_NAME /index.php;
31 | fastcgi_param APPLICATION_ENV $application_env;
32 | fastcgi_param APPLICATION_STORE $application_store;
33 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HOST demo-date-time-configurator.spryker.local;
34 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_PORT 80;
35 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_ENCRYPTION_KEY change123;
36 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HEX_INITIALIZATION_VECTOR 0c1ffefeebdab4a3d839d0e52590c9a2;
37 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
38 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
39 | }
40 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/backendgateway.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common gateway settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Timeout for gateway requests - 10 minutes
7 | # (longer requests should be converted to jobs and executed via jenkins)
8 | proxy_read_timeout 600s;
9 | proxy_send_timeout 600s;
10 | fastcgi_read_timeout 600s;
11 | client_body_timeout 600s;
12 | client_header_timeout 600s;
13 | send_timeout 600s;
14 |
15 | # Static files can be delivered directly
16 | location ~ (/assets/|/favicon.ico|/robots.txt) {
17 | access_log off;
18 | expires 30d;
19 | add_header Pragma public;
20 | add_header Cache-Control "public, must-revalidate, proxy-revalidate";
21 | try_files $uri =404;
22 | }
23 |
24 | # PHP application gets all other requests
25 | location / {
26 | add_header X-Server $hostname;
27 | fastcgi_pass backend-$application_env-backendgateway;
28 | fastcgi_index index.php;
29 | include /etc/nginx/fastcgi_params;
30 | fastcgi_param SCRIPT_NAME /index.php;
31 | fastcgi_param APPLICATION_ENV $application_env;
32 | fastcgi_param APPLICATION_STORE $application_store;
33 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HOST demo-date-time-configurator.spryker.local;
34 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_PORT 80;
35 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_ENCRYPTION_KEY change123;
36 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HEX_INITIALIZATION_VECTOR 0c1ffefeebdab4a3d839d0e52590c9a2;
37 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
38 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
39 | }
40 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/backoffice.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common gateway settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Timeout for gateway requests - 10 minutes
7 | # (longer requests should be converted to jobs and executed via jenkins)
8 | proxy_read_timeout 600s;
9 | proxy_send_timeout 600s;
10 | fastcgi_read_timeout 600s;
11 | client_body_timeout 600s;
12 | client_header_timeout 600s;
13 | send_timeout 600s;
14 |
15 | # Static files can be delivered directly
16 | location ~ (/assets/|/favicon.ico|/robots.txt) {
17 | access_log off;
18 | expires 30d;
19 | add_header Pragma public;
20 | add_header Cache-Control "public, must-revalidate, proxy-revalidate";
21 | try_files $uri =404;
22 | }
23 |
24 | # PHP application gets all other requests
25 | location / {
26 | add_header X-Server $hostname;
27 | fastcgi_pass backend-$application_env-backoffice;
28 | fastcgi_index index.php;
29 | include /etc/nginx/fastcgi_params;
30 | fastcgi_param SCRIPT_NAME /index.php;
31 | fastcgi_param APPLICATION_ENV $application_env;
32 | fastcgi_param APPLICATION_STORE $application_store;
33 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HOST demo-date-time-configurator.spryker.local;
34 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_PORT 80;
35 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_ENCRYPTION_KEY change123;
36 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HEX_INITIALIZATION_VECTOR 0c1ffefeebdab4a3d839d0e52590c9a2;
37 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
38 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
39 | }
40 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/configurator.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common Configurator settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Timeout for Glue requests - 10 minutes
7 | # (longer requests should be converted to jobs and executed via jenkins)
8 | proxy_read_timeout 600s;
9 | proxy_send_timeout 600s;
10 | fastcgi_read_timeout 600s;
11 | client_body_timeout 600s;
12 | client_header_timeout 600s;
13 | send_timeout 600s;
14 |
15 | # Static files can be delivered directly
16 | location ~ (/favicon.ico|/robots.txt) {
17 | access_log off;
18 | expires 4h;
19 | add_header Pragma public;
20 | add_header Cache-Control "public, must-revalidate, proxy-revalidate";
21 | try_files $uri =404;
22 | }
23 |
24 | location ~ \.(jpg|gif|png|css|js|html|xml|ico|txt|csv|map|json)$ {
25 | access_log off;
26 | expires 30d;
27 | add_header Pragma public;
28 | add_header Cache-Control "public";
29 | try_files $uri /index.php?$args;
30 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
31 | }
32 |
33 | # PHP application gets all other requests
34 | location / {
35 | add_header X-Server $hostname;
36 | fastcgi_pass backend-$application_env-configurator;
37 | fastcgi_index index.php;
38 | include /etc/nginx/fastcgi_params;
39 | fastcgi_param SCRIPT_NAME /index.php;
40 | fastcgi_param APPLICATION_ENV $application_env;
41 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HOST demo-date-time-configurator.spryker.local;
42 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_PORT 80;
43 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_ENCRYPTION_KEY change123;
44 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HEX_INITIALIZATION_VECTOR 0c1ffefeebdab4a3d839d0e52590c9a2;
45 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
46 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
47 | }
48 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/gateway.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common gateway settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Timeout for gateway requests - 10 minutes
7 | # (longer requests should be converted to jobs and executed via jenkins)
8 | proxy_read_timeout 600s;
9 | proxy_send_timeout 600s;
10 | fastcgi_read_timeout 600s;
11 | client_body_timeout 600s;
12 | client_header_timeout 600s;
13 | send_timeout 600s;
14 |
15 | # Static files can be delivered directly
16 | location ~ (/assets/|/favicon.ico|/robots.txt) {
17 | access_log off;
18 | expires 30d;
19 | add_header Pragma public;
20 | add_header Cache-Control "public, must-revalidate, proxy-revalidate";
21 | try_files $uri =404;
22 | }
23 |
24 | # PHP application gets all other requests
25 | location / {
26 | add_header X-Server $hostname;
27 | fastcgi_pass backend-$application_env-gateway;
28 | fastcgi_index index.php;
29 | include /etc/nginx/fastcgi_params;
30 | fastcgi_param SCRIPT_NAME /index.php;
31 | fastcgi_param APPLICATION_ENV $application_env;
32 | fastcgi_param APPLICATION_STORE $application_store;
33 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HOST demo-date-time-configurator.spryker.local;
34 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_PORT 80;
35 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_ENCRYPTION_KEY change123;
36 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HEX_INITIALIZATION_VECTOR 0c1ffefeebdab4a3d839d0e52590c9a2;
37 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
38 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
39 | }
40 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/glue.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common Glue settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Timeout for Glue requests - 10 minutes
7 | # (longer requests should be converted to jobs and executed via jenkins)
8 | proxy_read_timeout 600s;
9 | proxy_send_timeout 600s;
10 | fastcgi_read_timeout 600s;
11 | client_body_timeout 600s;
12 | client_header_timeout 600s;
13 | send_timeout 600s;
14 |
15 | # Static files can be delivered directly
16 | location ~ (/favicon.ico|/robots.txt) {
17 | access_log off;
18 | expires 4h;
19 | add_header Pragma public;
20 | add_header Cache-Control "public, must-revalidate, proxy-revalidate";
21 | try_files $uri =404;
22 | }
23 |
24 | # PHP application gets all other requests
25 | location / {
26 | add_header X-Server $hostname;
27 | fastcgi_pass backend-$application_env-glue;
28 | fastcgi_index index.php;
29 | include /etc/nginx/fastcgi_params;
30 | fastcgi_param SCRIPT_NAME /index.php;
31 | fastcgi_param APPLICATION_ENV $application_env;
32 | fastcgi_param APPLICATION_STORE $application_store;
33 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HOST demo-date-time-configurator.spryker.local;
34 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_PORT 80;
35 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_ENCRYPTION_KEY change123;
36 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HEX_INITIALIZATION_VECTOR 0c1ffefeebdab4a3d839d0e52590c9a2;
37 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
38 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
39 | }
40 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/static.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common Static settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Protected files - require password, no caching
7 | location ~ .*/protected/.* {
8 | expires off;
9 | add_header Cache-Control "no-cache";
10 | try_files $uri =404;
11 | add_header X-Server $hostname;
12 | auth_basic "Restricted Files";
13 | auth_basic_user_file /etc/nginx/htpasswd;
14 | satisfy all;
15 | }
16 |
17 | # Web fonts
18 | location ~ \.(eot|ttf|woff|svg|otf)$ {
19 | expires 365d;
20 | add_header Cache-Control "public";
21 | try_files $uri =404;
22 | add_header X-Server $hostname;
23 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
24 | add_header Access-Control-Allow-Origin *;
25 | }
26 |
27 |
28 | # Data files - no caching
29 | location ~ \.(xml|txt|csv)$ {
30 | expires off;
31 | add_header Cache-Control "no-cache";
32 | try_files $uri =404;
33 | add_header X-Server $hostname;
34 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
35 | }
36 |
37 | # Static files - default
38 | location / {
39 | expires 30d;
40 | add_header Cache-Control "public";
41 | try_files $uri $uri/ =404;
42 | add_header X-Server $hostname;
43 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
44 | add_header Access-Control-Allow-Origin *;
45 | }
46 |
47 | # SEO rewrite for product images (multi-store)
48 | rewrite "^/([A-Z]{2})/images/(.*)-([0-9]{3})([0-9]{1,})-(.*)-([a-zA-Z0-9]{2})(.*)$" /$1/images/products/processed/$3/$4/$5$7;
49 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/nginx/spryker/zed.conf:
--------------------------------------------------------------------------------
1 | ###
2 | ### Common Zed settings (to be included in vhost definition)
3 | ### This file is maintained by salt
4 | ###
5 |
6 | # Timeout for ZED requests - 10 minutes
7 | # (longer requests should be converted to jobs and executed via jenkins)
8 | proxy_read_timeout 600s;
9 | proxy_send_timeout 600s;
10 | fastcgi_read_timeout 600s;
11 | client_body_timeout 600s;
12 | client_header_timeout 600s;
13 | send_timeout 600s;
14 |
15 | # Static files can be delivered directly
16 | location ~ (/assets/|/favicon.ico|/robots.txt) {
17 | access_log off;
18 | expires 30d;
19 | add_header Pragma public;
20 | add_header Cache-Control "public, must-revalidate, proxy-revalidate";
21 | try_files $uri =404;
22 | }
23 |
24 | # Payone - PHP application gets all other requests without authorized
25 | location /payone/ {
26 | auth_basic off;
27 | add_header X-Server $hostname;
28 | fastcgi_pass backend-$application_env-zed;
29 | fastcgi_index index.php;
30 | include /etc/nginx/fastcgi_params;
31 | fastcgi_param SCRIPT_NAME /index.php;
32 | fastcgi_param APPLICATION_ENV $application_env;
33 | fastcgi_param APPLICATION_STORE $application_store;
34 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
35 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
36 | }
37 |
38 | # PHP application gets all other requests
39 | location / {
40 | add_header X-Server $hostname;
41 | fastcgi_pass backend-$application_env-zed;
42 | fastcgi_index index.php;
43 | include /etc/nginx/fastcgi_params;
44 | fastcgi_param SCRIPT_NAME /index.php;
45 | fastcgi_param APPLICATION_ENV $application_env;
46 | fastcgi_param APPLICATION_STORE $application_store;
47 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HOST demo-date-time-configurator.spryker.local;
48 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_PORT 80;
49 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_ENCRYPTION_KEY change123;
50 | fastcgi_param SPRYKER_PRODUCT_CONFIGURATOR_HEX_INITIALIZATION_VECTOR 0c1ffefeebdab4a3d839d0e52590c9a2;
51 | fastcgi_param SCRIPT_FILENAME $document_root/index.php;
52 | more_clear_headers 'X-Powered-By' 'X-Store' 'X-Locale' 'X-Env' 'Server';
53 | }
54 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/backendapi.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendapi]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendapi
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendapi-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendapi({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendapi'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/backendgateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendgateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendgateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendgateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendgateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendgateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/backoffice.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backoffice]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backoffice
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backoffice-php-errors.log
35 | php_admin_value[newrelic.appname] = "backoffice({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backoffice'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/configurator.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-configurator]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-configurator
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/configurator-php-errors.log
36 | php_admin_value[newrelic.appname] = "Configurator({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'configurator'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/gateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-gateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-gateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/gateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "gateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'gateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/glue.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-glue]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-glue
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/glue-php-errors.log
36 | php_admin_value[newrelic.appname] = "Glue({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'glue'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/yves.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-yves]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-yves
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
36 | php_admin_value[newrelic.appname] = "Yves({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'yves'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.1/fpm/pool.d/zed.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-zed]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-zed
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
35 | php_admin_value[newrelic.appname] = "Zed({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'zed'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/backendapi.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendapi]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendapi
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendapi-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendapi({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendapi'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/backendgateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendgateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendgateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendgateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendgateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendgateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/backoffice.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backoffice]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backoffice
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backoffice-php-errors.log
35 | php_admin_value[newrelic.appname] = "backoffice({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backoffice'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/configurator.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-configurator]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-configurator
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/configurator-php-errors.log
36 | php_admin_value[newrelic.appname] = "Configurator({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'configurator'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/gateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-gateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-gateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/gateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "gateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'gateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/glue.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-glue]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-glue
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/glue-php-errors.log
36 | php_admin_value[newrelic.appname] = "Glue({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'glue'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/yves.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-yves]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-yves
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
36 | php_admin_value[newrelic.appname] = "Yves({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'yves'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.2/fpm/pool.d/zed.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-zed]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-zed
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
35 | php_admin_value[newrelic.appname] = "Zed({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'zed'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/backendapi.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendapi]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendapi
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendapi-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendapi({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendapi'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/backendgateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendgateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendgateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendgateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendgateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendgateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/backoffice.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backoffice]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backoffice
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backoffice-php-errors.log
35 | php_admin_value[newrelic.appname] = "backoffice({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backoffice'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/configurator.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-configurator]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-configurator
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/configurator-php-errors.log
36 | php_admin_value[newrelic.appname] = "Configurator({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'configurator'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/gateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-gateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-gateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/gateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "gateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'gateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/glue.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-glue]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-glue
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/glue-php-errors.log
36 | php_admin_value[newrelic.appname] = "Glue({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'glue'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/yves.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-yves]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-yves
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
36 | php_admin_value[newrelic.appname] = "Yves({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'yves'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/7.4/fpm/pool.d/zed.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-zed]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-zed
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
35 | php_admin_value[newrelic.appname] = "Zed({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'zed'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/backendapi.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendapi]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendapi
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendapi-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendapi({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendapi'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/backendgateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backendgateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backendgateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backendgateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "backendgateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backendgateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/backoffice.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-backoffice]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-backoffice
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/backoffice-php-errors.log
35 | php_admin_value[newrelic.appname] = "backoffice({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'backoffice'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/configurator.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-configurator]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-configurator
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/configurator-php-errors.log
36 | php_admin_value[newrelic.appname] = "Configurator({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'configurator'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/gateway.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-gateway]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-gateway
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/gateway-php-errors.log
35 | php_admin_value[newrelic.appname] = "gateway({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'gateway'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/glue.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-glue]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-glue
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/glue-php-errors.log
36 | php_admin_value[newrelic.appname] = "Glue({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'glue'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/yves.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-yves]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 500
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-yves
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 256M
31 | php_admin_value[expose_php] = off
32 | {%- if environment == "production" %}
33 | php_admin_value[display_errors] = no
34 | {%- endif %}
35 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
36 | php_admin_value[newrelic.appname] = "Yves({{ environment }})"
37 | php_admin_value[newrelic.framework] = "symfony2"
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'yves'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/etc/php/8.0/fpm/pool.d/zed.conf:
--------------------------------------------------------------------------------
1 | {%- if environment == "production" -%}
2 | {%- set number_of_processes = grains.num_cpus * 3 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 2 -%}
5 | {%- endif -%}
6 | [{{ environment }}-zed]
7 |
8 | listen = /tmp/.fpm.$pool.sock
9 | listen.backlog = 1000
10 | listen.allowed_clients = 127.0.0.1
11 | listen.mode=0666
12 | user = www-data
13 | group = www-data
14 | pm = dynamic
15 | pm.max_children = {{ number_of_processes }}
16 | pm.start_servers = {{ number_of_processes }}
17 | pm.min_spare_servers = {{ number_of_processes }}
18 | pm.max_spare_servers = {{ number_of_processes }}
19 | ; Avoid PHP memory leaks
20 | pm.max_requests = 50
21 |
22 | pm.status_path = /php-fpm-status-{{ environment }}-zed
23 | ping.path = /fpm-ping.php
24 | ping.response = OK
25 |
26 | request_terminate_timeout = 1800
27 |
28 | chdir = /
29 |
30 | php_admin_value[memory_limit] = 2048M
31 | {%- if environment == "production" %}
32 | php_admin_value[display_errors] = no
33 | {%- endif %}
34 | php_admin_value[error_log] = /data/logs/{{ environment }}/yves-php-errors.log
35 | php_admin_value[newrelic.appname] = "Zed({{ environment }})"
36 | php_admin_value[newrelic.framework] = "symfony2"
37 | php_admin_value[max_execution_time] = 600
38 | {%- if salt['pillar.get']('monitoring:appdynamics:php_agent:enabled', False) %}
39 | php_admin_value[agent.tierName] = 'zed'
40 | {%- endif %}
41 | env[VM_PROJECT] = $VM_PROJECT
42 | env[VM_DOMAIN] = $VM_DOMAIN
43 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/jenkins_instance/config.xml:
--------------------------------------------------------------------------------
1 | {%- if salt['grains.get']('role', '') in ["spryker_app","spryker_single_host"] -%}
2 | {%- set number_of_processes = grains.num_cpus * 4 -%}
3 | {%- else -%}
4 | {%- set number_of_processes = 8 -%}
5 | {%- endif -%}
6 |
7 |
8 | {{ number_of_processes }}
9 |
10 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/files/jenkins_instance/etc/default/jenkins:
--------------------------------------------------------------------------------
1 | NAME=jenkins-{{ environment }}
2 | JAVA=/usr/bin/java
3 | JAVA_ARGS="-Djava.awt.headless=true"
4 | PIDFILE=/var/run/jenkins/jenkins-{{ environment }}.pid
5 | JENKINS_USER=www-data
6 | JENKINS_GROUP=www-data
7 | JENKINS_WAR=/usr/share/jenkins/jenkins.war
8 | JENKINS_HOME=/data/shop/{{ environment }}/shared/data/common/jenkins
9 | RUN_STANDALONE=true
10 | JENKINS_LOG=/data/logs/{{ environment }}/jenkins.log
11 | MAXOPENFILES=8192
12 | HTTP_PORT={{ settings.environments[environment].jenkins.port }}
13 | AJP_PORT=-1
14 | # fixme: hmmm, the line below seems to be ignored.... /marek
15 | PREFIX=/jenkins
16 | JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT"
17 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/htpasswd.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Create initial .htpasswd files
3 | # Note - the paths here should be same as paths defined in pillar app config
4 | # Files have replace: False, which means that the contents of the files will
5 | # not be forced if the files will be changed manually on the servers. This
6 | # state will create the files only if they don't exist (setup initial password).
7 | #
8 |
9 | {% if 'web' in grains.roles %}
10 | # The default password for production-zed (yves remains open)
11 | /etc/nginx/htpasswd-zed:
12 | file.managed:
13 | - source: salt://spryker/files/etc/nginx/htpasswd-zed
14 | - user: www-data
15 | - group: www-data
16 | - mode: 640
17 | - replace: False
18 |
19 | # The default password for staging (both yves and zed)
20 | /etc/nginx/htpasswd-staging:
21 | file.managed:
22 | - source: salt://spryker/files/etc/nginx/htpasswd-staging
23 | - user: www-data
24 | - group: www-data
25 | - mode: 640
26 | - replace: False
27 | {% endif %}
28 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/init.sls:
--------------------------------------------------------------------------------
1 | include:
2 | - .tools
3 | - .install
4 | - .deployment
5 | - .cleanup-cronjobs
6 | - .environments
7 | - .nginx
8 | - .stores
9 | - .htpasswd
10 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/install.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Installation of spryker-specific packages
3 | # Setup of basic directory structure
4 | #
5 |
6 |
7 | install helper app utilities:
8 | pkg.installed:
9 | - pkgs:
10 | - graphviz
11 | - libjpeg-turbo-progs
12 | - libavahi-compat-libdnssd-dev
13 |
14 | /data/shop:
15 | file.directory:
16 | - makedirs: true
17 | - user: www-data
18 | - group: www-data
19 | - dir_mode: 755
20 | - requires:
21 | - file: /data
22 |
23 | /data/logs:
24 | file.directory:
25 | - makedirs: true
26 | - user: www-data
27 | - group: www-data
28 | - dir_mode: 755
29 | - requires:
30 | - file: /data
31 |
32 | /data/storage:
33 | file.directory:
34 | - makedirs: true
35 | - user: www-data
36 | - group: www-data
37 | - dir_mode: 755
38 | - requires:
39 | - file: /data
40 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/nginx.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Populate NginX configuration includes, used in VHost definitions.
3 | #
4 |
5 | {%- if ('web' in salt['grains.get']('roles', [])) or (salt['grains.get']('role', '') in ['spryker_single_host']) %}
6 | /etc/nginx/spryker:
7 | file.recurse:
8 | - source: salt://spryker/files/etc/nginx/spryker
9 | - watch_in:
10 | - cmd: reload-nginx
11 | {% endif %}
12 |
--------------------------------------------------------------------------------
/saltstack/base/spryker/tools.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Define service reload commands here, so that the state spryker does not depend
3 | # on the other states.
4 | #
5 | # The commands here are defined as "cmd.wait", so they only get called if they are
6 | # included in watch_in element and change is triggered.
7 |
8 |
9 | reload-php-fpm:
10 | cmd.wait:
11 | - name: service php{{ salt['pillar.get']('php:major_version') }}-fpm restart
12 |
13 | reload-nginx:
14 | cmd.wait:
15 | - name: service nginx reload
16 |
--------------------------------------------------------------------------------
/saltstack/base/system/charset.sls:
--------------------------------------------------------------------------------
1 | /etc/profile.d/fix_charset.sh:
2 | file.managed:
3 | - source: salt://system/files/etc/profile.d/fix_charset.sh
4 | - user: root
5 | - group: root
6 | - mode: 644
7 |
--------------------------------------------------------------------------------
/saltstack/base/system/files/etc/apt/sources.list:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt!
2 | {%- set mirror = salt['pillar.get']('hosting:debian_mirror_host', 'cloudfront.debian.net') %}
3 | {%- set distro = grains.lsb_distrib_codename %}
4 |
5 | deb http://{{ mirror }}/debian {{ distro }} main contrib non-free
6 | deb-src http://{{ mirror }}/debian {{ distro }} main contrib non-free
7 |
8 | deb http://security.debian.org/ {{ distro }}/updates main contrib non-free
9 | deb-src http://security.debian.org/ {{ distro }}/updates main contrib non-free
10 |
11 | deb http://{{ mirror }}/debian {{ distro }}-updates main
12 | deb-src http://{{ mirror }}/debian {{ distro }}-updates main
13 |
--------------------------------------------------------------------------------
/saltstack/base/system/files/etc/motd:
--------------------------------------------------------------------------------
1 | Welcome to
2 | ______ _
3 | / _____) | |
4 | ( (____ ____ ____ _ _| | _ _____ ____
5 | \____ \| _ \ / ___) | | | |_/ ) ___ |/ ___)
6 | _____) ) |_| | | | |_| | _ (| ____| |
7 | (______/| __/|_| \__ |_| \_)_____)_|
8 | |_| (____/
9 |
10 |
--------------------------------------------------------------------------------
/saltstack/base/system/files/etc/profile.d/fix_charset.sh:
--------------------------------------------------------------------------------
1 | if [ "$LC_CTYPE" == "UTF-8" ]; then
2 | export LC_CTYPE=C
3 | fi
4 |
--------------------------------------------------------------------------------
/saltstack/base/system/files/etc/salt/minion.d/mine.conf:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt!
2 | mine_interval: 5
3 | mine_functions:
4 | network.interfaces: []
5 | test.ping: []
6 |
--------------------------------------------------------------------------------
/saltstack/base/system/files/etc/sudoers:
--------------------------------------------------------------------------------
1 | # This file is managed by Salt!
2 |
3 | Defaults env_reset
4 | Defaults exempt_group=adm
5 | Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
6 | Defaults env_keep+=SSH_AUTH_SOCK
7 |
8 | # Host alias specification
9 |
10 | # User alias specification
11 |
12 | # Cmnd alias specification
13 | # Spryker application specific - allow: deployment, remove deployment locks, restart php
14 | Cmnd_Alias APP = /etc/deploy/deploy.rb *, \
15 | /bin/rm -f /data/deploy/.lock.production, \
16 | /bin/rm -f /data/deploy/.lock.staging, \
17 | /bin/rm -f /data/deploy/.lock.testing, \
18 | /etc/init.d/php{{ salt['pillar.get']('php:major_version') }}-fpm restart
19 |
20 | # User privilege specification
21 | root ALL=(ALL) ALL
22 |
23 | # Allow members of group adm to execute any command, without password authentication
24 | %adm ALL=(ALL) NOPASSWD:ALL
25 |
26 | # Allow members of group dev to execute specified APP commands, without password authentication
27 | %dev ALL=(root) NOPASSWD:APP
28 |
29 | # Allow members of group sudo to execute any command, with password authentication
30 | %sudo ALL=(ALL) ALL
31 |
32 | # Include further sudo settings - note that "#includedir" is a statement, not comment
33 | #includedir /etc/sudoers.d
34 |
--------------------------------------------------------------------------------
/saltstack/base/system/filesystems.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Automatically format and mount partitions given in grains.filesystems (ext4 filesystem)
3 | #
4 |
5 | {% for volume, mount_point in grains.get('filesystems', {}).items() %}
6 | create-fs-{{ volume }}:
7 | cmd.run:
8 | - name: mkfs -t ext4 {{ volume }} && tune2fs -o journal_data_writeback {{ volume }} && tune2fs -O ^has_journal {{ volume }} && e2fsck -f -y {{ volume }}
9 | - onlyif: test -b {{ volume }} && file -sL {{ volume }} | grep -v 'ext[234]'
10 |
11 | {{ mount_point }}:
12 | file.directory:
13 | - makedirs: True
14 |
15 | fstab-for-{{ volume }}:
16 | file.append:
17 | - name: /etc/fstab
18 | - text: {{ volume }} {{ mount_point }} ext4 rw,noatime,nodiratime,nobarrier 0 1
19 | - require:
20 | - file: {{ mount_point }}
21 | - cmd: create-fs-{{ volume }}
22 |
23 | mount-fs-{{ volume }}:
24 | cmd.wait:
25 | - name: mount {{ mount_point }}
26 | - watch:
27 | - file: fstab-for-{{ volume }}
28 | - requires:
29 | - file: {{ mount_point }}
30 |
31 | {% endfor %}
32 |
33 | #
34 | # Init and activate swap on devices given in grains
35 | #
36 |
37 | {% for path, size in grains.get('swap', {}).items() %}
38 | init-swap-{{ path }}:
39 | cmd.run:
40 | - name: dd if=/dev/zero of={{ path }} bs=1048576 count={{ size }} && mkswap {{ path }}
41 | - unless: test -f {{ path }}
42 |
43 | fstab-for-swap-{{ path }}:
44 | file.append:
45 | - name: /etc/fstab
46 | - text: {{ path }} none swap sw 0 0
47 | - require:
48 | - cmd: init-swap-{{ path }}
49 |
50 | mount-swap-{{ path }}:
51 | cmd.wait:
52 | - name: swapon {{ path }}
53 | - watch:
54 | - file: fstab-for-swap-{{ path }}
55 |
56 | {% endfor %}
57 |
--------------------------------------------------------------------------------
/saltstack/base/system/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # This is the first, base state, which is preparing basic operating system
3 | # setup, like debian repositories, time configuration, sudoers, install basic
4 | # utility packages/editors, configure salt minion.
5 | #
6 | # No spryker-specific logic should be included here.
7 | #
8 |
9 | include:
10 | - .filesystems
11 | {%- if 'systemd' in grains %}
12 | - .systemd
13 | {%- endif %}
14 | - .repositories
15 | - .minion
16 | - .utils
17 | - .sudoers
18 | - .time
19 | - .sysctl
20 | - .motd
21 | #- .charset
22 |
--------------------------------------------------------------------------------
/saltstack/base/system/minion.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup salt minion parameters to allow enable mine mechanism
3 | #
4 |
5 | salt-minion:
6 | service.running:
7 | - enable: True
8 | - watch:
9 | - file: /etc/salt/minion.d/mine.conf
10 | file.managed:
11 | - name: /etc/salt/minion.d/mine.conf
12 | - source: salt://system/files/etc/salt/minion.d/mine.conf
13 |
14 | sync-grains:
15 | module.run:
16 | - name: saltutil.sync_grains
17 | - refresh: True
18 |
--------------------------------------------------------------------------------
/saltstack/base/system/motd.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Display nice spryker message of the day
3 | #
4 | /etc/motd:
5 | file.managed:
6 | - source: salt://system/files/etc/motd
7 |
8 |
--------------------------------------------------------------------------------
/saltstack/base/system/sudoers.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup sudo configuration file
3 | #
4 |
5 | sudo:
6 | pkg.installed
7 |
8 | /etc/sudoers:
9 | file.managed:
10 | - source: salt://system/files/etc/sudoers
11 | - template: jinja
12 |
--------------------------------------------------------------------------------
/saltstack/base/system/sysctl.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Linux kernel tuning
3 | #
4 |
5 | # Unix socket connection backlog size
6 | net.core.somaxconn:
7 | sysctl.present:
8 | - value: 4096
9 |
10 | # Minimize disk swapping
11 | vm.swappiness:
12 | sysctl.present:
13 | - value: 5
14 |
--------------------------------------------------------------------------------
/saltstack/base/system/systemd.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup systemd and its utilities
3 | #
4 |
5 | # Install dbus service
6 | dbus:
7 | pkg.installed
8 |
--------------------------------------------------------------------------------
/saltstack/base/system/time.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Setup time-related parameters
3 | #
4 |
5 | # Set system timezone - we always run operating system in ETC
6 | # regardless of location and application settings
7 | Etc/UTC:
8 | timezone.system:
9 | - utc: True
10 |
11 | # NTP for time synchronization
12 | ntp:
13 | pkg:
14 | - installed
15 | service:
16 | - running
17 | - enable: True
18 | - require:
19 | - pkg: ntp
20 |
--------------------------------------------------------------------------------
/saltstack/base/system/utils.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install utility debian packages
3 | #
4 |
5 | base-utilities:
6 | pkg.installed:
7 | - pkgs:
8 | - git
9 | - unzip
10 | - pbzip2
11 | - screen
12 | - mc
13 | - curl
14 | - lsof
15 | - htop
16 | - iotop
17 | - dstat
18 | - telnet
19 | - make
20 | - vim
21 | - nano
22 | - require:
23 | - cmd: apt-get-update
24 |
25 | git:
26 | pkg.installed:
27 | - fromrepo: git-repo
28 |
--------------------------------------------------------------------------------
/saltstack/base/top.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Topfile - used by salt ... state.highstate
3 | #
4 |
5 | base:
6 | '*':
7 | - system
8 | - user
9 |
10 | dev:
11 | # apply all states on a single machine, don't divide by roles
12 | '*':
13 | - system
14 | - chromedriver
15 | - hosting
16 | - user
17 | - postfix
18 | - docker
19 | - cachefilesd
20 | - mysql-server
21 | - postgresql
22 | - rabbitmq
23 | - ruby
24 | - nodejs
25 | - php
26 | - java
27 | - development
28 | - mailcatcher
29 | - elk
30 | - nginx
31 | - pound
32 | - jenkins
33 | - redis
34 | - samba
35 | - avahi
36 | - elasticsearch
37 | - serverspec
38 | - spryker
39 |
40 | # Production-like setup - we apply specific states to machines, based on roles
41 | # the definitions above are just examples how to setup role-based environments.
42 | # It is not used to provision the dev vm.
43 | qa:
44 | # apply to all roles
45 | '*':
46 | - system
47 | - hosting
48 | - user
49 | - postfix
50 | - newrelic
51 | - ruby
52 |
53 | # php and application code
54 | 'roles:app':
55 | - match: grain
56 | - php
57 | - spryker
58 | - nodejs
59 |
60 | # nginx and web components
61 | 'roles:web':
62 | - match: grain
63 | - nginx
64 | - newrelic.php
65 | - nodejs
66 |
67 | # jenkins to run cronjob and indexers
68 | 'roles:cronjobs':
69 | - match: grain
70 | - spryker
71 | - java
72 | - jenkins
73 | - newrelic.php
74 |
75 | # elasticsearch (for spryker data)
76 | 'roles:elasticsearch':
77 | - match: grain
78 | - java
79 | - elasticsearch
80 |
81 | # Rabbit MQ
82 | 'roles:queue':
83 | - match: grain
84 | - rabbitmq
85 |
86 | # Redis
87 | 'roles:redis':
88 | - match: grain
89 | - redis
90 |
91 | # Database
92 | 'roles:postgresq':
93 | - match: grain
94 | - postgresql
95 | 'roles:mysql':
96 | - match: grain
97 | - mysql-server
98 |
--------------------------------------------------------------------------------
/saltstack/base/user/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Create operating system users and group
3 | #
4 |
5 | # Group for developers, to allow deployment with sudo
6 | dev:
7 | group.present:
8 | - system: true
9 |
10 | {% for username, user in pillar.get('user', {}).items() %}
11 |
12 | {{ username }}:
13 | user.present:
14 | - fullname: {{ user.fullname }}
15 | - groups:
16 | - dev
17 | {% if (user.admin is defined) and user.admin %}
18 | - adm
19 | {% endif %}
20 | - shell: {% if user.shell is defined %}{{ user.shell }}{% else %}/bin/bash{% endif %}
21 |
22 | {% if user.ssh_key is defined %}
23 | ssh_auth:
24 | - present
25 | - user: {{ username }}
26 | - name: {{ user.ssh_key }}
27 | - require:
28 | - user: {{ username }}
29 | {% endif %}
30 | {% endfor %}
31 |
--------------------------------------------------------------------------------
/saltstack/dev/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/saltstack/dev/.gitkeep
--------------------------------------------------------------------------------
/saltstack/dev/avahi/files/etc/avahi/avahi-daemon.conf:
--------------------------------------------------------------------------------
1 | [server]
2 | #host-name=foo
3 | #domain-name=local
4 | #browse-domains=0pointer.de, zeroconf.org
5 | use-ipv4=yes
6 | use-ipv6=yes
7 | allow-interfaces=eth0,eth1,enp0s3,enp0s8
8 | #deny-interfaces=eth1
9 | #check-response-ttl=no
10 | #use-iff-running=no
11 | enable-dbus=yes
12 | #disallow-other-stacks=no
13 | #allow-point-to-point=no
14 | #cache-entries-max=4096
15 | #clients-max=4096
16 | #objects-per-client-max=1024
17 | #entries-per-entry-group-max=32
18 | ratelimit-interval-usec=1000000
19 | ratelimit-burst=1000
20 |
21 | [wide-area]
22 | enable-wide-area=no
23 |
24 | [publish]
25 | #disable-publishing=no
26 | #disable-user-service-publishing=no
27 | #add-service-cookie=no
28 | publish-addresses=yes
29 | publish-hinfo=yes
30 | publish-workstation=yes
31 | #publish-domain=yes
32 | #publish-dns-servers=192.168.50.1, 192.168.50.2
33 | #publish-resolv-conf-dns-servers=yes
34 | #publish-aaaa-on-ipv4=yes
35 | #publish-a-on-ipv6=no
36 |
37 | [reflector]
38 | #enable-reflector=no
39 | #reflect-ipv=no
40 |
41 | [rlimits]
42 | #rlimit-as=
43 | rlimit-core=0
44 | rlimit-data=4194304
45 | rlimit-fsize=0
46 | rlimit-nofile=768
47 | rlimit-stack=4194304
48 | rlimit-nproc=3
49 |
--------------------------------------------------------------------------------
/saltstack/dev/avahi/files/etc/avahi/services/smb.service:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | %h
5 |
6 | _smb._tcp
7 | 445
8 |
9 |
10 | _device-info._tcp
11 | 0
12 | model=Macmini
13 |
14 |
15 |
--------------------------------------------------------------------------------
/saltstack/dev/avahi/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Tools and settings for local file sharing discovery on Mac
3 | #
4 |
5 | install-avahi:
6 | pkg.installed:
7 | - name: avahi-daemon
8 |
9 | /etc/avahi/avahi-daemon.conf:
10 | file.managed:
11 | - source: salt://avahi/files/etc/avahi/avahi-daemon.conf
12 | - require:
13 | - pkg: install-avahi
14 |
15 | /etc/avahi/services/smb.service:
16 | file.managed:
17 | - source: salt://avahi/files/etc/avahi/services/smb.service
18 | - require:
19 | - pkg: install-avahi
20 |
21 | avahi-daemon:
22 | service.running:
23 | - enable: True
24 | - require:
25 | - pkg: install-avahi
26 | - watch:
27 | - file: /etc/avahi/avahi-daemon.conf
28 | - file: /etc/avahi/services/smb.service
29 |
--------------------------------------------------------------------------------
/saltstack/dev/cachefilesd/files/etc/default/cachefilesd:
--------------------------------------------------------------------------------
1 | RUN=yes
2 |
3 |
--------------------------------------------------------------------------------
/saltstack/dev/cachefilesd/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Tools and settings for local development
3 | #
4 |
5 | install-cachefilesd:
6 | pkg.installed:
7 | - name: cachefilesd
8 |
9 | /etc/default/cachefilesd:
10 | file.managed:
11 | - source: salt://cachefilesd/files/etc/default/cachefilesd
12 | - require:
13 | - pkg: install-cachefilesd
14 |
15 | cachefilesd:
16 | service.running:
17 | - enable: True
18 | - require:
19 | - pkg: install-cachefilesd
20 | - file: /etc/default/cachefilesd
21 | - watch:
22 | - file: /etc/default/cachefilesd
23 | - check_cmd:
24 | - /bin/true
25 |
--------------------------------------------------------------------------------
/saltstack/dev/development/files/etc/cron.d/vagrant-ntpdate:
--------------------------------------------------------------------------------
1 | PATH=/usr/bin:/usr/sbin:/bin:/sbin
2 |
3 | 1 * * * * root service ntp stop; sleep 1s; service ntp start
4 |
--------------------------------------------------------------------------------
/saltstack/dev/development/files/etc/modprobe.d/cifs.conf:
--------------------------------------------------------------------------------
1 | options cifs CIFSMaxBufSize=65536
2 |
--------------------------------------------------------------------------------
/saltstack/dev/development/files/home/vagrant/bin/xdebug:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | PHP_VERSION=`php -v`
4 | PHP_ETC_DIR=/etc/php/{{ salt['pillar.get']('php:major_version') }}/
5 | PHP_VERSION_NUMBER=8
6 | PHP_FPM=/etc/init.d/php{{ salt['pillar.get']('php:major_version') }}-fpm
7 |
8 | if [[ $PHP_VERSION =~ "PHP 8" ]] ; then
9 | PHP_ETC_DIR=/etc/php/
10 | PHP_FPM=/etc/init.d/php5-fpm
11 | PHP_VERSION_NUMBER=5
12 | fi
13 |
14 | XDEBUG_INI=${PHP_ETC_DIR}mods-available/xdebug.ini
15 | PHP_CLI_DIR=${PHP_ETC_DIR}cli/conf.d/
16 | PHP_FPM_DIR=${PHP_ETC_DIR}fpm/conf.d/
17 |
18 | echo "Detected PHP version: ${PHP_VERSION_NUMBER}.x";
19 |
20 | function restartFPM {
21 | sudo $PHP_FPM restart
22 | }
23 |
24 | function xdebugOn {
25 | if [ ! -f "${PHP_CLI_DIR}30-xdebug.ini" ]; then
26 | echo "Enabling CLI Xdebug"
27 | sudo ln -s $XDEBUG_INI "${PHP_CLI_DIR}30-xdebug.ini"
28 | else
29 | echo " - CLI Xdebug already enabled"
30 | fi
31 |
32 | if [ ! -f "${PHP_FPM_DIR}30-xdebug.ini" ]; then
33 | echo "Enabling FPM Xdebug"
34 | sudo ln -s $XDEBUG_INI "${PHP_FPM_DIR}30-xdebug.ini"
35 | restartFPM
36 | else
37 | echo " - FPM Xdebug already enabled"
38 | fi
39 | }
40 |
41 | function xdebugOff {
42 | if [ -f "${PHP_CLI_DIR}30-xdebug.ini" ]; then
43 | echo "Disabling CLI Xdebug"
44 | sudo rm "${PHP_CLI_DIR}30-xdebug.ini"
45 | else
46 | echo " - CLI Xdebug is not enabled"
47 | fi
48 |
49 | if [ -f "${PHP_FPM_DIR}30-xdebug.ini" ]; then
50 | echo "Disabling FPM Xdebug"
51 | sudo rm "${PHP_FPM_DIR}30-xdebug.ini"
52 | restartFPM
53 | else
54 | echo " - FPM Xdebug is not enabled"
55 | fi
56 | }
57 |
58 | function reportStatus {
59 | if [ -f "${PHP_CLI_DIR}30-xdebug.ini" ]; then
60 | echo "CLI Xdebug is enabled"
61 | else
62 | echo "CLI Xdebug is disabled"
63 | fi
64 |
65 | if [ -f "${PHP_FPM_DIR}30-xdebug.ini" ]; then
66 | echo "FPM Xdebug is enabled"
67 | else
68 | echo "FPM Xdebug is disabled"
69 | fi
70 | }
71 |
72 | case $1 in
73 | --on)
74 | xdebugOn
75 | ;;
76 | --off)
77 | xdebugOff
78 | ;;
79 |
80 | *)
81 | reportStatus
82 | echo "Use --on or --off"
83 | ;;
84 | esac;
85 |
--------------------------------------------------------------------------------
/saltstack/dev/development/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Tools and settings for local development
3 | #
4 |
5 | # Performance tuning for samba client
6 | /etc/modprobe.d/cifs.conf:
7 | file.managed:
8 | - source: salt://development/files/etc/modprobe.d/cifs.conf
9 |
10 | # Pre-fetch SSH key for git repository
11 | get-github-ssh-hostkey:
12 | cmd.run:
13 | - name: ssh-keyscan -H {{ pillar.deploy.git_hostname }} >> /home/vagrant/.ssh/known_hosts
14 | - unless: test -f /home/vagrant/.ssh/known_hosts
15 | - runas: vagrant
16 |
17 | /home/vagrant/bin:
18 | file.recurse:
19 | - source: salt://development/files/home/vagrant/bin
20 | - user: vagrant
21 | - group: vagrant
22 | - template: jinja
23 | - file_mode: 755
24 | - dir_mode: 755
25 |
26 | # Manually sync host to Vagrant Host
27 | /etc/cron.d/vagrant-ntpdate:
28 | file.managed:
29 | - source: salt://development/files/etc/cron.d/vagrant-ntpdate
30 |
31 | # Assign user to www-data group
32 | vagrant-user:
33 | user.present:
34 | - name: vagrant
35 | - gid: www-data
36 | - allow_gid_change: True
37 |
--------------------------------------------------------------------------------
/saltstack/dev/mailcatcher/files/etc/systemd/system/mailcatcher.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Mailcatcher
3 | After=network.target
4 |
5 | [Service]
6 | Type=simple
7 | ExecStart=/usr/local/bin/mailcatcher --http-ip 0.0.0.0 --http-port 1080 --smtp-ip 0.0.0.0 --smtp-port 1025 -f
8 | TimeoutStopSec=0
9 | Restart=always
10 | User=www-data
11 | Group=www-data
12 |
13 | [Install]
14 | WantedBy=multi-user.target
15 |
--------------------------------------------------------------------------------
/saltstack/dev/mailcatcher/init.sls:
--------------------------------------------------------------------------------
1 | #
2 | # Install mailcatcher - http://mailcatcher.me/
3 | #
4 | # MailCatcher runs a super simple SMTP server which catches any message sent to it to display in a web interface.
5 | # Mails delivered via smtp to 127.0.0.1:1025 will be visible in web browser on http://127.0.0.1:1080
6 |
7 | libsqlite3-dev:
8 | pkg.installed:
9 | - require_in:
10 | - gem: mailcatcher
11 |
12 | mailcatcher:
13 | gem.installed
14 |
15 | mailcatcher-systemd-script:
16 | file.managed:
17 | - name: /etc/systemd/system/mailcatcher.service
18 | - mode: 0755
19 | - source: salt://mailcatcher/files/etc/systemd/system/mailcatcher.service
20 | - watch_in:
21 | - cmd: mailcatcher-systemd-reload
22 |
23 | mailcatcher-systemd-reload:
24 | cmd.wait:
25 | - name: systemctl daemon-reload
26 |
27 | mailcatcher-service:
28 | service.running:
29 | - name: mailcatcher
30 | - enable: True
31 | - require:
32 | - file: mailcatcher-systemd-script
33 | - gem: mailcatcher
34 | - cmd: mailcatcher-systemd-reload
35 |
--------------------------------------------------------------------------------
/saltstack/prod/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/saltstack/prod/.gitkeep
--------------------------------------------------------------------------------
/saltstack/qa/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/saltstack/qa/.gitkeep
--------------------------------------------------------------------------------
/saltstack/stag/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/spryker/devvm/883116af0f98c5cb8e335fa33fde136933aa06ef/saltstack/stag/.gitkeep
--------------------------------------------------------------------------------
/saltstack/test/.rspec:
--------------------------------------------------------------------------------
1 | --color
2 | --format documentation
3 |
--------------------------------------------------------------------------------
/saltstack/test/Gemfile:
--------------------------------------------------------------------------------
1 | gem 'rake'
2 | gem 'serverspec'
3 | gem 'serverspec-extended-types'
4 |
--------------------------------------------------------------------------------
/saltstack/test/Gemfile.lock:
--------------------------------------------------------------------------------
1 | GEM
2 | specs:
3 | diff-lcs (1.2.5)
4 | multi_json (1.12.1)
5 | net-scp (1.1.2)
6 | net-ssh (>= 2.6.5)
7 | net-ssh (2.7.0)
8 | net-telnet (0.1.1)
9 | rake (12.3.3)
10 | rspec (3.6.0.beta1)
11 | rspec-core (= 3.6.0.beta1)
12 | rspec-expectations (= 3.6.0.beta1)
13 | rspec-mocks (= 3.6.0.beta1)
14 | rspec-core (3.6.0.beta1)
15 | rspec-support (= 3.6.0.beta1)
16 | rspec-expectations (3.6.0.beta1)
17 | diff-lcs (>= 1.2.0, < 2.0)
18 | rspec-support (= 3.6.0.beta1)
19 | rspec-its (1.2.0)
20 | rspec-core (>= 3.0.0)
21 | rspec-expectations (>= 3.0.0)
22 | rspec-mocks (3.6.0.beta1)
23 | diff-lcs (>= 1.2.0, < 2.0)
24 | rspec-support (= 3.6.0.beta1)
25 | rspec-support (3.6.0.beta1)
26 | serverspec (2.37.2)
27 | multi_json
28 | rspec (~> 3.0)
29 | rspec-its
30 | specinfra (~> 2.53)
31 | sfl (2.3)
32 | specinfra (2.63.3)
33 | net-scp
34 | net-ssh (>= 2.7, < 4.0)
35 | net-telnet
36 | sfl
37 |
38 | PLATFORMS
39 | ruby
40 |
41 | DEPENDENCIES
42 | rake
43 | serverspec
44 |
45 | BUNDLED WITH
46 | 1.13.4
47 |
--------------------------------------------------------------------------------
/saltstack/test/README.md:
--------------------------------------------------------------------------------
1 | # ServerSpec tests
2 | Those tests check server provisioning - running services, etc. - all things
3 | that can be checked that do not depend on any code or data
4 |
5 | ## Running it
6 | To execute test suite: inside the VM, go to the directory with the testfiles
7 | (ie. `/srv/salt/test`) and run complete test suite:
8 | ```
9 | cd /srv/salt/test
10 | sudo rake2.1 spec:server
11 | ```
12 |
13 | ## Pre-requisities
14 | Packages required to run ServerSpec tests are installed by Saltstack. If you want
15 | to install them manually, make sure that system has installed ruby with gems
16 | `serverspec`, `serverspec-extended-types` and `rake`
17 |
--------------------------------------------------------------------------------
/saltstack/test/Rakefile:
--------------------------------------------------------------------------------
1 | require 'rake'
2 | require 'rspec/core/rake_task'
3 |
4 | SPEC_SUITES = [
5 | { id: 'server', pattern: 'spec/server/*_spec.rb' },
6 | ]
7 |
8 | task :spec => 'spec:all'
9 | task :default => :spec
10 |
11 | namespace :spec do
12 | targets = ['localhost']
13 |
14 | targets.each do |target|
15 | original_target = target == "_default" ? target[1..-1] : target
16 | ENV['TARGET_HOST'] = original_target
17 |
18 | desc "Run all tests to #{original_target}"
19 | RSpec::Core::RakeTask.new('all') do |t|
20 | t.pattern = "spec/*/*_spec.rb"
21 | t.verbose = false
22 | t.fail_on_error = true
23 | end
24 |
25 | SPEC_SUITES.each do |suite|
26 | desc "Run #{suite[:id]} tests to #{original_target}"
27 | RSpec::Core::RakeTask.new("#{suite[:id]}") do |t|
28 | t.pattern = suite[:pattern]
29 | t.verbose = true
30 | t.fail_on_error = true
31 | end
32 | end
33 | end
34 | end
35 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/elasticsearch_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'localhost:10005/' do
4 | describe http_get(10005, 'localhost', '/') do
5 | its(:status) { should eq 200 }
6 | its(:body) { should match /You Know, for Search/ }
7 | end
8 | end
9 |
10 | describe 'localhost:10005/_cluster/health' do
11 | describe http_get(10005, 'localhost', '/_cluster/health') do
12 | its(:status) { should eq 200 }
13 | its(:json) { should_not include('status' => /red/) }
14 | end
15 | end
16 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/filesystem_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'Filesystems' do
4 | describe file('/') do
5 | it { should be_mounted.with( :type => 'ext4' ) }
6 | end
7 |
8 | describe file('/data/shop/development/current') do
9 | it { should be_mounted }
10 | end
11 | end
12 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/jenkins_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'Jenkins' do
4 | describe service('jenkins') do
5 | it { should_not be_running }
6 | end
7 |
8 | describe service('jenkins-development') do
9 | it { should be_enabled }
10 | it { should be_running }
11 | end
12 |
13 | describe http_get(10007, 'localhost', '/') do
14 | its(:body) { should match /Jenkins ver. 1/ }
15 | its(:body) { should match /Manage Jenkins/ }
16 | end
17 | end
18 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/kibana_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'Kibana' do
4 | describe service('kibana') do
5 | it { should be_enabled }
6 | it { should be_running }
7 | end
8 |
9 | describe http_get(5601, 'localhost', '/app/kibana') do
10 | its(:body) { should match /Kibana/ }
11 | end
12 | end
13 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/mysql_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'MySQL' do
4 | credentials="-uroot --password='mate20mg'"
5 |
6 | describe command("/usr/sbin/mysqld --version") do
7 | its(:stdout) { should include('Ver 10.4') }
8 | end
9 |
10 | describe command("mysql #{credentials} -e 'show databases'") do
11 | its(:stdout) { should include('DE_development_zed') }
12 | its(:stdout) { should include('DE_devtest_zed') }
13 | its(:stdout) { should include('US_development_zed') }
14 | its(:stdout) { should include('US_devtest_zed') }
15 | end
16 | end
17 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/nginx_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'nginx' do
4 | # Check service status
5 | describe service('nginx') do
6 | it { should be_enabled }
7 | it { should be_running }
8 | end
9 |
10 | # Check if NginX is listening on HTTP port
11 | describe port(80) do
12 | it { should be_listening }
13 | end
14 |
15 | # Validate NginX configuration
16 | describe command('/usr/sbin/nginx -T') do
17 | its(:stderr) { should include('test is successful') }
18 | its(:stdout) { should match(/server_name.*www.*de.*local/) }
19 | its(:stdout) { should match(/server_name.*zed.*de.*local/) }
20 | its(:stdout) { should match(/server_name.*glue.*de.*local/) }
21 | its(:stdout) { should match(/server_name.*demo-date-time-configurator.*local/) }
22 | end
23 | end
24 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/nodejs_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'nodejs' do
4 | describe command('/usr/bin/node -v') do
5 | its(:stdout) { should include('v12.') }
6 | end
7 |
8 | describe command('/usr/bin/yarn --version') do
9 | its(:stdout) { should include('2.') }
10 | end
11 |
12 | # describe file('/opt/nvm/nvm.sh') do
13 | # it { should be_readable }
14 | # end
15 |
16 | end
17 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/packages_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe "Packages" do
4 | packages_absent = [
5 | 'exim4',
6 | 'apache2-bin',
7 | 'apache2.2-bin',
8 | 'php5-fpm',
9 | 'php5-cli',
10 | 'php5-common',
11 | ]
12 |
13 | packages_absent.each do |package|
14 | describe package(package) do
15 | it { should_not be_installed }
16 | end
17 | end
18 | end
19 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/pgsql_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'PostgreSQL' do
4 | ENV['PGPASSWORD'] = 'mate20mg'
5 |
6 | describe command("psql --user development --host 127.0.0.1 DE_development_zed -c \"SELECT * FROM pg_extension WHERE extname='citext'\"") do
7 | its(:stdout) { should include('1 row') }
8 | end
9 |
10 | describe command("psql --user development --host 127.0.0.1 DE_development_zed -c \"SELECT datname FROM pg_database WHERE datistemplate = false\"") do
11 | its(:stdout) { should include('DE_development_zed') }
12 | its(:stdout) { should include('DE_devtest_zed') }
13 | its(:stdout) { should include('US_development_zed') }
14 | its(:stdout) { should include('US_devtest_zed') }
15 | end
16 | end
17 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/pound_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'Pound' do
4 |
5 | describe service('pound') do
6 | it { should be_enabled }
7 | it { should be_running }
8 | end
9 |
10 | describe port(443) do
11 | it { should be_listening }
12 | end
13 |
14 | end
15 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/rabbitmq_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'rabbitmq' do
4 | # Check service status
5 | describe service('rabbitmq-server') do
6 | it { should be_enabled }
7 | it { should be_running }
8 | end
9 |
10 | # Check if service is listening on AMQP-0-9-1 port
11 | describe port(5672) do
12 | it { should be_listening }
13 | end
14 |
15 | # Check if service is listening on HTTP API port
16 | describe port(15672) do
17 | it { should be_listening }
18 | end
19 |
20 | # Validate configuration and node name
21 | describe command('/usr/sbin/rabbitmqctl node_health_check') do
22 | its(:stdout) { should include('Health check passed') }
23 | its(:stdout) { should include('rabbit@localhost') }
24 | end
25 |
26 | # Validate vhosts
27 | describe command('/usr/sbin/rabbitmqctl list_vhosts') do
28 | its(:stdout) { should include('/DE_development_zed') }
29 | its(:stdout) { should include('/DE_devtest_zed') }
30 | end
31 |
32 | # Validate users
33 | describe command('/usr/sbin/rabbitmqctl list_users') do
34 | its(:stdout) { should match(/admin.*administrator/) }
35 | its(:stdout) { should include('DE_development') }
36 | its(:stdout) { should include('DE_devtest') }
37 | end
38 | end
39 |
--------------------------------------------------------------------------------
/saltstack/test/spec/server/services_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | services = [
4 | # System Services
5 | 'vboxadd-service',
6 | 'cron',
7 | 'ntp',
8 | #'docker', # Temporarly disabled until docker containerd does not cause issues
9 | # App services
10 | 'postgresql',
11 | 'mysql',
12 | 'redis',
13 | 'elasticsearch',
14 | ]
15 |
16 | describe 'Active services' do
17 | services.each do |service|
18 | describe service(service) do
19 | it { should be_enabled }
20 | it { should be_running }
21 | end
22 | end
23 | end
24 |
25 | dead_services = [
26 | 'filebeat'
27 | ]
28 |
29 | describe 'Inactive services' do
30 | dead_services.each do |service|
31 | describe service(service) do
32 | it { should_not be_running }
33 | end
34 | end
35 | end
36 |
--------------------------------------------------------------------------------
/saltstack/test/spec/spec_helper.rb:
--------------------------------------------------------------------------------
1 | require 'serverspec'
2 | require 'serverspec_extended_types'
3 |
4 | set :backend, :exec
5 |
--------------------------------------------------------------------------------
/utility/vbg-installer.rb:
--------------------------------------------------------------------------------
1 | module Utility
2 |
3 | # Custom Debian installer for Vbguest
4 | class DebianCustom < VagrantVbguest::Installers::Debian
5 |
6 | # Adds snapshot archive repo to sources
7 | def install(opts=nil, &block)
8 |
9 | cmd = <<~SCRIPT
10 | cat < /etc/apt/sources.list.d/snapshot_archive.list
11 | deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20190812T140702Z/ buster main
12 | deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20190812T140702Z/ buster/updates main
13 | EOF
14 | SCRIPT
15 |
16 | communicate.sudo(cmd, opts, &block)
17 |
18 | super
19 | end
20 |
21 | def cleanup
22 | # Uncomment to remove the snapshot archive repo from sources
23 | # communicate.sudo('rm /etc/apt/sources.list.d/snapshot_archive.list')
24 |
25 | super
26 | end
27 | end
28 | end
--------------------------------------------------------------------------------