Initial commit

This commit is contained in:
Adam Štrauch 2020-02-02 22:06:11 +01:00
commit dc73712554
Signed by: cx
GPG Key ID: 018304FFA8988F8D
39 changed files with 2727 additions and 0 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
.history/
.vscode/

101
Dockerfile Normal file
View File

@ -0,0 +1,101 @@
FROM debian:buster
RUN DEBIAN_FRONTEND=noninteractive apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y locales libffi-dev \
libssl-dev default-libmysqlclient-dev ca-certificates libpq-dev libjpeg62 libjpeg-dev \
libpng-dev libpng-dev build-essential git mercurial build-essential \
libbz2-dev libsqlite3-dev libreadline-dev zlib1g-dev libncurses5-dev \
libssl-dev libgdbm-dev cron git mercurial subversion vim nano mc htop procps \
subversion dropbear gettext wget redis-server memcached supervisor curl ssh \
mariadb-client postgresql-client bind9-host dnsutils nginx \
libxml2-dev libxslt1-dev openssh-sftp-server links2 lynx \
imagemagick libmagickwand-dev ncdu \
libcurl4-openssl-dev python3 python3-pip python3-virtualenv \
libcurl4-openssl-dev python-dev libproj-dev gdal-bin libmemcached-dev swig mutt \
imagemagick ffmpeg libyaml-dev libc-client2007e-dev libonig-dev libkrb5-dev dialog \
whiptail tmux
WORKDIR /srv
RUN useradd -d /srv app -s /bin/bash
RUN usermod -G crontab -a app
RUN rm /etc/localtime
RUN ln -s /usr/share/zoneinfo/Europe/Prague /etc/localtime
ADD /etc/locale.gen /etc/
RUN locale-gen
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV TERM xterm
#############
# Techs
#############
## Node.js
WORKDIR /usr/src
ADD build_node.sh /usr/local/bin/build_node.sh
# 2020/01
RUN build_node.sh 13.7.0
# 2020/01
RUN build_node.sh 12.14.1
## Python
WORKDIR /usr/src
ADD build_python.sh /usr/local/bin/build_python.sh
# 2020/01
RUN build_python.sh 3.8.1
## PHP
WORKDIR /usr/src
ADD build_php.sh /usr/local/bin/build_php.sh
# 2020/01
RUN build_php.sh 7.4.2
## Roští script
ADD rosti.sh /usr/local/bin/rosti
#############
## Support tools and miscellaneous stuff
ADD /start.sh /start.sh
RUN chmod 755 /start.sh
RUN rm -f /etc/cron.d/* /etc/cron.daily/* /etc/cron.hourly/* /etc/cron.monthly/* /etc/cron.weekly/*
ADD /scripts/enable_redis.sh /usr/local/bin/enable-redis
ADD /scripts/enable_memcached.sh /usr/local/bin/enable-memcached
RUN chmod 755 /usr/local/bin/*
ADD /etc/supervisord.conf /etc/supervisor/supervisord.conf
ADD /examples /opt/examples
ADD /etc/bashrc_local /opt/etc/bashrc_local
ADD /etc/bash_profile /opt/etc/bash_profile
ADD /etc/vimrc /opt/etc/vimrc
RUN mkdir -p /opt/etc/bashrc
RUN mkdir -p /opt/etc/appinit
ADD /etc/bashrc/common.sh /opt/etc/bashrc/
ADD /etc/nginx.conf /etc/nginx/nginx.conf
RUN rmdir /var/lib/nginx
RUN ln -s /srv/var/nginx /var/lib/nginx
RUN chown app:app /var/log/nginx -R
RUN chown app:app /home -R
## Cleaning
RUN apt-get clean && rm -rf /usr/src/*
VOLUME /srv
WORKDIR /srv
EXPOSE 8000 22
ENTRYPOINT ["/start.sh"]

17
Makefile Normal file
View File

@ -0,0 +1,17 @@
DOCKER=docker
VERSION=2020.01-beta-1
all: build
build:
$(DOCKER) build -t rosti/runtime:dev .
test: build
DOCKER=$(DOCKER) ./tests.sh
squashed:
$(DOCKER) build --squash -t rosti/runtime:dev-squashed .
push: squashed
$(DOCKER) tag rosti/runtime:dev-squashed rosti/runtime:$(VERSION)
$(DOCKER) push rosti/runtime:$(VERSION)

53
README.md Normal file
View File

@ -0,0 +1,53 @@
# Roští.cz Runtime
Runtime image designed for our hosting service. It's designed for multiple versions of Node.js, PHP and Python interpreters. It runs SSH, cron daemon and supervisord as process manager.
The goal of the image is to deliver versatile environment different kind of applications.
* [Documentation (czech)](https://docs.rosti.cz/runtime/main/).
The image is based on Debian 10 Buster and it's size is around 2.5 GB when it's squashed.
** Supported languages **
* Python 3.8.1
* Node.js 13.7.0
* Node.js 12.14.1
* PHP 7.4.2
** Additional tools **
* Memcached
* Redis
* crond
* Supervisord
* Nginx
* Dropbear
## Test
To run tests you can check integrated workflow, but all you need are those two commands:
make test
If you prefer Podman, use this command to build the image:
make DOCKER=podman test
This is useful in Fedora.
## Additional info
### Default user
Image uses system user *app* to run the application code.
### SSH password
The image runs dropbear at start along crond and supervisord. If you want to set password for next start of the container, save it into this file:
/srv/.rosti
Dynamically it can be set like this:
echo "app:PASSWORD" | chpasswd

14
build_node.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
set -e
mkdir -p /opt/techs
VERSION=$1
cd /usr/src
wget http://nodejs.org/dist/v$VERSION/node-v$VERSION-linux-x64.tar.gz
tar xf node-v$VERSION-linux-x64.tar.gz
mv node-v$VERSION-linux-x64 /opt/techs/node-$VERSION
rm node-v$VERSION-linux-x64.tar.gz

69
build_php.sh Executable file
View File

@ -0,0 +1,69 @@
#!/bin/bash
set -e
VERSION=$1
mkdir -p /opt/techs
cd /usr/src
wget https://www.php.net/distributions/php-$VERSION.tar.bz2
tar xf php-$VERSION.tar.bz2
rm php-$VERSION.tar.bz2
test -e /usr/lib/x86_64-linux-gnu/libc-client.a || ln -s /usr/lib/libc-client.a /usr/lib/x86_64-linux-gnu/libc-client.a
cd php-$VERSION
./configure --enable-fpm --with-mysqli --prefix=/opt/techs/php-$VERSION \
--with-config-file-path=/opt/techs/php-$VERSION/etc \
--with-config-file-scan-dir=/opt/techs/php-$VERSION/etc/conf.d/ \
--sbindir=/opt/techs/php-$VERSION/bin \
--with-pdo-pgsql \
--with-zlib-dir \
--with-freetype-dir \
--enable-mbstring \
--with-libxml-dir=/usr \
--enable-soap \
--enable-calendar \
--with-curl \
--with-mcrypt \
--with-zlib \
--with-gd \
--with-pgsql \
--disable-rpath \
--enable-inline-optimization \
--with-bz2 \
--with-zlib \
--enable-sockets \
--enable-sysvsem \
--enable-sysvshm \
--enable-pcntl \
--enable-mbregex \
--enable-exif \
--enable-bcmath \
--with-mhash \
--enable-zip \
--with-pcre-regex \
--with-mysql \
--with-pdo-mysql \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--enable-gd-native-ttf \
--with-openssl \
--with-fpm-user=app\
--with-fpm-group=app\
--with-libdir=/lib/x86_64-linux-gnu \
--enable-ftp \
--with-gettext \
--with-xmlrpc \
--with-xsl \
--enable-opcache \
--with-imap \
--with-imap-ssl \
--with-kerberos
make -j
make install
mkdir -p /opt/techs/php-$VERSION/etc/conf.d/
ln -s /srv/conf/php-fpm/php.ini /opt/techs/php-$VERSION/etc/conf.d/app.ini

17
build_python.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
set -e
mkdir -p /opt/techs
VERSION=$1
wget https://www.python.org/ftp/python/`echo $VERSION | sed s/[a-z][0-9]\$//`/Python-$VERSION.tar.xz
tar xf Python-$VERSION.tar.xz
cd /usr/src/Python-$VERSION
./configure --prefix=/opt/techs/python-$VERSION
make -j
make install
test -e /opt/techs/python-$VERSION/bin/python || ln -s /opt/techs/python-$VERSION/bin/python3 /opt/techs/python-$VERSION/bin/python
test -e /opt/techs/python-$VERSION/bin/pip || ln -s /opt/techs/python-$VERSION/bin/pip3 /opt/techs/python-$VERSION/bin/pip

3
etc/bash_profile Normal file
View File

@ -0,0 +1,3 @@
if [ -f ~/.bashrc ]; then
source ~/.bashrc
fi

29
etc/bashrc/common.sh Normal file
View File

@ -0,0 +1,29 @@
export PATH=$PATH:~/bin:/srv/.npm-packages/bin
export TERM=xterm
# Use only if the shell is opened via SSH
if [ -n "$SSH_TTY" ]; then
GREEN="\e[32m"
YELLOW="\e[93m"
RED="\e[91m"
NC='\033[0m'
echo ""
echo -e " >> ${GREEN}Before you start, check our documentation at ${YELLOW}https://docs.rosti.cz${NC}"
echo -e " >> ${GREEN}and if you encounter a problem let us know at ${YELLOW}podpora@rosti.cz${GREEN}.${NC}"
echo ""
if [ ! -e /srv/app ]; then
echo ""
echo -e "${RED}WARNING: ${YELLOW}No technology (Python/Node/PHP/..) has been selected yet, please run command:"
echo ""
echo -e "${NC} rosti"
echo ""
echo -e "${RED}to fix it."
echo ""
fi
if [ -e /srv/venv ]; then
. /srv/venv/bin/activate
fi
fi

18
etc/bashrc_local Normal file
View File

@ -0,0 +1,18 @@
export PATH=/srv/bin/primary_tech:/srv/bin/primary_tech/sbin:$PATH:/usr/sbin:/sbin
# Use only if the shell is opened via SSH
if [ -n "$SSH_TTY" ]; then
export PS1="\[\033[38;5;2m\]\u@\[$(tput sgr0)\]\[\033[38;5;3m\]\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[$(tput sgr0)\]\[\033[38;5;67m\]\w\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;40m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"
alias ll='ls -alh'
if [ -e /opt/etc/bashrc/ ]; then
. /opt/etc/bashrc/*
fi
fi
# Default path
cd /srv
# DO NOT REWRITE ME
# This is information for initialization script. If it finds the line above, you can edit this file as you wish and changes remain

2
etc/locale.gen Normal file
View File

@ -0,0 +1,2 @@
en_US.UTF-8 UTF-8
cs_CZ.UTF-8 UTF-8

84
etc/nginx.conf Normal file
View File

@ -0,0 +1,84 @@
worker_processes 1;
error_log stderr;
pid /srv/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log off;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# spool uploads to disk instead of clobbering downstream servers
client_body_temp_path /srv/var/nginx/client-body 1 2;
client_max_body_size 2g;
client_body_buffer_size 128k;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 512;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 5;
## Compression
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_types text/xml text/plain text/css application/x-javascript application/xml application/xml+rss text/javascript application/json;#text/html
# Some version of IE 6 don't handle compression well on some mime-types,
# so just disable for them
gzip_disable "MSIE [1-6].(?!.*SV1)";
# Set a vary header so downstream proxies don't send cached gzipped
# content to IE6
gzip_vary on;
# proxy settings
set_real_ip_from 83.167.253.64/27;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 2a01:430:225::/64;
real_ip_header X-Real-IP;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_buffer_size 512k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
proxy_temp_file_write_size 512k;
proxy_temp_path /srv/var/nginx/cache/;
map $http_x_forwarded_proto $thescheme {
default $scheme;
https https;
}
proxy_set_header X-Forwarded-Proto $thescheme;
include /srv/conf/nginx.d/*;
}

32
etc/supervisord.conf Normal file
View File

@ -0,0 +1,32 @@
; supervisor config file
[unix_http_server]
file=/srv/run//supervisor.sock
chmod=0700
[supervisord]
logfile=/srv/log/supervisord.log
logfile_maxbytes=2MB
logfile_backups=5
loglevel=error
pidfile=/srv/run/supervisord.pid
#childlogdir=
user=app
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///srv/run//supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /srv/conf/supervisor.d/*

26
etc/vimrc Normal file
View File

@ -0,0 +1,26 @@
set expandtab
set tabstop=4
set shiftwidth=4
set softtabstop=4
syn on
set noerrorbells
set number
set wildmenu
set pastetoggle=<F11>
set scrolloff=3
set smartindent
autocmd FileType make set noexpandtab shiftwidth=8 softtabstop=0
function! ResCur()
if line("'\"") <= line("$")
normal! g`"
return 1
endif
endfunction
augroup resCur
autocmd!
autocmd BufWinEnter * call ResCur()
augroup END

View File

@ -0,0 +1,11 @@
[program:cron]
command=/usr/sbin/cron -f
process_name=cron
autostart=true
autorestart=true
stdout_logfile=/srv/log/cron.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,11 @@
[program:dropbear]
command=/usr/sbin/dropbear -F -w -d /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_rsa_host_key -p 2222
autostart=true
autorestart=true
process_name=dropbear
stdout_logfile=/srv/log/dropbear.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true

View File

@ -0,0 +1,11 @@
[program:memcached]
command=memcached -m 32 -p 11211 -u app -l 127.0.0.1
process_name=memcached
autostart=true
autorestart=true
stdout_logfile=/srv/log/memcached.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true

View File

@ -0,0 +1,10 @@
server {
listen 8000;
root /opt/examples/default/;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}

13
examples/nginx/nginx.conf Normal file
View File

@ -0,0 +1,13 @@
server {
listen 0.0.0.0:8000;
listen [::]:8000;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
#location /static/ {
# alias /srv/static/;
#}
}

View File

@ -0,0 +1,11 @@
[program:nginx]
command=/usr/sbin/nginx -g "daemon off;"
autostart=true
autorestart=true
process_name=nginx
stdout_logfile=/srv/log/nginx.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true

81
examples/node/app.js Normal file

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,9 @@
{
"name": "welcome",
"version": "0.1.0",
"description": "Welcome page by Roští.cz",
"author": "Adam Štrauch <cx@initd.cz>",
"scripts": {
"start": "/srv/bin/primary_tech/node app.js"
}
}

View File

@ -0,0 +1,14 @@
[program:app]
command=/srv/bin/primary_tech/npm start
environment=PATH="/srv/bin/primary_tech:/usr/local/bin:/usr/bin:/bin:/srv/.npm-packages/bin"
stopasgroup=true
directory=/srv/app
process_name=app
autostart=true
autorestart=true
stdout_logfile=/srv/log/node.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true

65
examples/php/index.php Normal file

File diff suppressed because one or more lines are too long

28
examples/php/nginx.conf Normal file
View File

@ -0,0 +1,28 @@
server {
listen 0.0.0.0:8000;
listen [::]:8000;
root /srv/app;
index index.php index.html;
port_in_redirect off;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/srv/run/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
#location /static/ {
# alias /srv/static/;
#}
}

125
examples/php/php-fpm.conf Normal file
View File

@ -0,0 +1,125 @@
;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;
; All relative paths in this configuration file are relative to PHP's install
; prefix (/usr). This prefix can be dynamically changed by using the
; '-p' argument from the command line.
;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;
[global]
; Pid file
; Note: the default prefix is /var
; Default Value: none
pid = /srv/run/php-fpm.pid
; Error log file
; If it's set to "syslog", log is sent to syslogd instead of being written
; in a local file.
; Note: the default prefix is /var
; Default Value: log/php-fpm.log
error_log = /proc/self/fd/2
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
;log_level = notice
; If this number of child processes exit with SIGSEGV or SIGBUS within the time
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
;emergency_restart_threshold = 0
; Interval of time used by emergency_restart_interval to determine when
; a graceful restart will be initiated. This can be useful to work around
; accidental corruptions in an accelerator's shared memory.
; Available Units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;emergency_restart_interval = 0
; Time limit for child processes to wait for a reaction on signals from master.
; Available units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;process_control_timeout = 0
; The maximum number of processes FPM will fork. This has been design to control
; the global number of processes when using dynamic PM within a lot of pools.
; Use it with caution.
; Note: A value of 0 indicates no limit
; Default Value: 0
; process.max = 128
; Specify the nice(2) priority to apply to the master process (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool process will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
; Default Value: yes
;daemonize = yes
; Set open file descriptor rlimit for the master process.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit for the master process.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Specify the event mechanism FPM will use. The following is available:
; - select (any POSIX os)
; - poll (any POSIX os)
; - epoll (linux >= 2.5.44)
; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
; - /dev/poll (Solaris >= 7)
; - port (Solaris >= 10)
; Default Value: not set (auto detection)
;events.mechanism = epoll
; When FPM is build with systemd integration, specify the interval,
; in second, between health report notification to systemd.
; Set to 0 to disable.
; Available Units: s(econds), m(inutes), h(ours)
; Default Unit: seconds
; Default value: 10
;systemd_interval = 10
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
; Multiple pools of child processes may be started with different listening
; ports and different management options. The name of the pool will be
; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway :)
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p argument)
; - /usr otherwise
include=/srv/conf/php-fpm/pool.d/*.conf

10
examples/php/php.ini Normal file
View File

@ -0,0 +1,10 @@
error_log = /proc/self/fd/2
memory_limit = 256M
post_max_size = 256M
upload_max_filesize = 256M
max_file_uploads = 20
max_execution_time = 30
allow_url_fopen = Off
display_errors = On
date.timezone = "Europe/Prague"
catch_workers_output = On

413
examples/php/pool_app.conf Normal file
View File

@ -0,0 +1,413 @@
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = app
group = app
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /srv/run/php-fpm.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = app
listen.group = app
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/7.0/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

View File

@ -0,0 +1,10 @@
[program:app]
command=/srv/bin/primary_tech/php-fpm -F -O -g /srv/run/php-fpm.pid -y /srv/conf/php-fpm/php-fpm.conf
directory=/srv/app
autostart=true
autorestart=true
stdout_logfile=/srv/log/app.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
redirect_stderr=true

95
examples/python/app.py Normal file

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,9 @@
[program:app]
command=/srv/venv/bin/gunicorn -u app -g app -b 0.0.0.0:8080 --access-logfile - --error-logfile - --reload app
directory=/srv/app
autostart=true
autorestart=true
stdout_logfile=/srv/log/python.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
redirect_stderr=true

761
examples/redis/redis.conf Normal file
View File

@ -0,0 +1,761 @@
# Redis configuration file example
# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.
################################## INCLUDES ###################################
# Include one or more other config files here. This is useful if you
# have a standard template that goes to all Redis server but also need
# to customize a few per-server settings. Include files can include
# other files, so use this wisely.
#
# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include /path/to/local.conf
# include /path/to/other.conf
################################ GENERAL #####################################
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
daemonize no
# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
# default. You can specify a custom pid file location here.
pidfile /srv/run/redis/redis-server.pid
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
# to avoid slow clients connections issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
# By default Redis listens for connections from all the network interfaces
# available on the server. It is possible to listen to just one or multiple
# interfaces using the "bind" configuration directive, followed by one or
# more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
bind 127.0.0.1
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
# TCP keepalive.
#
# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful for two reasons:
#
# 1) Detect dead peers.
# 2) Take the connection alive from the point of view of network
# equipment in the middle.
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
# On other kernels the period depends on the kernel configuration.
#
# A reasonable value for this option is 60 seconds.
tcp-keepalive 0
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel warning
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
# logfile
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
# Specify the syslog identity.
# syslog-ident redis
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# syslog-facility local0
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16
################################ SNAPSHOTTING ################################
#
# Save the DB on disk:
#
# save <seconds> <changes>
#
# Will save the DB if both the given number of seconds and the given
# number of write operations against the DB occurred.
#
# In the example below the behaviour will be to save:
# after 900 sec (15 min) if at least 1 key changed
# after 300 sec (5 min) if at least 10 keys changed
# after 60 sec if at least 10000 keys changed
#
# Note: you can disable saving at all commenting all the "save" lines.
#
# It is also possible to remove all the previously configured save
# points by adding a save directive with a single empty string argument
# like in the following example:
#
# save ""
save 900 1
save 300 10
save 60 10000
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
# Compress string objects using LZF when dump .rdb databases?
# For default that's set to 'yes' as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
# The filename where to dump the DB
dbfilename dump.rdb
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir /srv/var/redis
################################# REPLICATION #################################
# Master-Slave replication. Use slaveof to make a Redis instance a copy of
# another Redis server. A few things to understand ASAP about Redis replication.
#
# 1) Redis replication is asynchronous, but you can configure a master to
# stop accepting writes if it appears to be not connected with at least
# a given number of slaves.
# 2) Redis slaves are able to perform a partial resynchronization with the
# master if the replication link is lost for a relatively small amount of
# time. You may want to configure the replication backlog size (see the next
# sections of this file) with a sensible value depending on your needs.
# 3) Replication is automatic and does not need user intervention. After a
# network partition slaves automatically try to reconnect to masters
# and resynchronize with them.
#
# slaveof <masterip> <masterport>
# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>
# When a slave loses its connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
# an error "SYNC with master in progress" to all the kind of commands
# but to INFO and SLAVEOF.
#
slave-serve-stale-data yes
# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default slaves are read-only.
#
# Note: read only slaves are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only slave exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only slaves using 'rename-command' to shadow all the
# administrative / dangerous commands.
slave-read-only yes
# Slaves send PINGs to server in a predefined interval. It's possible to change
# this interval with the repl_ping_slave_period option. The default value is 10
# seconds.
#
# repl-ping-slave-period 10
# The following option sets the replication timeout for:
#
# 1) Bulk transfer I/O during SYNC, from the point of view of slave.
# 2) Master timeout from the point of view of slaves (data, pings).
# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-slave-period otherwise a timeout will be detected
# every time there is low traffic between the master and the slave.
#
# repl-timeout 60
# Disable TCP_NODELAY on the slave socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to slaves. But this can add a delay for
# the data to appear on the slave side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the slave side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and slaves are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# Set the replication backlog size. The backlog is a buffer that accumulates
# slave data when slaves are disconnected for some time, so that when a slave
# wants to reconnect again, often a full resync is not needed, but a partial
# resync is enough, just passing the portion of data the slave missed while
# disconnected.
#
# The biggest the replication backlog, the longer the time the slave can be
# disconnected and later be able to perform a partial resynchronization.
#
# The backlog is only allocated once there is at least a slave connected.
#
# repl-backlog-size 1mb
# After a master has no longer connected slaves for some time, the backlog
# will be freed. The following option configures the amount of seconds that
# need to elapse, starting from the time the last slave disconnected, for
# the backlog buffer to be freed.
#
# A value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600
# The slave priority is an integer number published by Redis in the INFO output.
# It is used by Redis Sentinel in order to select a slave to promote into a
# master if the master is no longer working correctly.
#
# A slave with a low priority number is considered better for promotion, so
# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
# pick the one with priority 10, that is the lowest.
#
# However a special priority of 0 marks the slave as not able to perform the
# role of master, so a slave with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
slave-priority 100
# It is possible for a master to stop accepting writes if there are less than
# N slaves connected, having a lag less or equal than M seconds.
#
# The N slaves need to be in "online" state.
#
# The lag in seconds, that must be <= the specified value, is calculated from
# the last ping received from the slave, that is usually sent every second.
#
# This option does not GUARANTEES that N replicas will accept the write, but
# will limit the window of exposure for lost writes in case not enough slaves
# are available, to the specified number of seconds.
#
# For example to require at least 3 slaves with a lag <= 10 seconds use:
#
# min-slaves-to-write 3
# min-slaves-max-lag 10
#
# Setting one or the other to 0 disables the feature.
#
# By default min-slaves-to-write is set to 0 (feature disabled) and
# min-slaves-max-lag is set to 10.
################################## SECURITY ###################################
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.
################################### LIMITS ####################################
# Set the max number of connected clients at the same time. By default
# this limit is set to 10000 clients, however if the Redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as Redis reserves a few file descriptors for internal uses).
#
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# maxclients 10000
# Don't use more memory than the specified amount of bytes.
# When the memory limit is reached Redis will try to remove keys
# according to the eviction policy selected (see maxmemory-policy).
#
# If Redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will start to reply with errors to commands
# that would use more memory, like SET, LPUSH, and so on, and will continue
# to reply to read-only commands like GET.
#
# This option is usually useful when using Redis as an LRU cache, or to set
# a hard memory limit for an instance (using the 'noeviction' policy).
#
# WARNING: If you have slaves attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the slaves are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of slaves is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# In short... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there is some free RAM on the system for slave
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory <bytes>
# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
# is reached. You can select among five behaviors:
#
# volatile-lru -> remove the key with an expire set using an LRU algorithm
# allkeys-lru -> remove any key accordingly to the LRU algorithm
# volatile-random -> remove a random key with an expire set
# allkeys-random -> remove a random key, any key
# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
# noeviction -> don't expire at all, just return an error on write operations
#
# Note: with any of the above policies, Redis will return an error on write
# operations, when there are not suitable keys for eviction.
#
# At the date of writing this commands are: set setnx setex append
# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
# getset mset msetnx exec sort
#
# The default is:
#
# maxmemory-policy volatile-lru
# LRU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can select as well the sample
# size to check. For instance for default Redis will check three keys and
# pick the one that was used less recently, you can change the sample size
# using the following configuration directive.
#
# maxmemory-samples 3
############################## APPEND ONLY MODE ###############################
# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check http://redis.io/topics/persistence for more information.
appendonly no
# The name of the append only file (default: "appendonly.aof")
appendfilename "appendonly.aof"
# The fsync() call tells the Operating System to actually write data on disk
# instead to wait for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
#
# Redis supports three different modes:
#
# no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to the append only log . Slow, Safest.
# everysec: fsync only one time every second. Compromise.
#
# The default is "everysec", as that's usually the right compromise between
# speed and data safety. It's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# More details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# If unsure, use "everysec".
# appendfsync always
appendfsync everysec
# appendfsync no
# When the AOF fsync policy is set to always or everysec, and a background
# saving process (a background save or AOF log background rewriting) is
# performing a lot of I/O against the disk, in some Linux configurations
# Redis may block too long on the fsync() call. Note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving, the durability of Redis is
# the same as "appendfsync none". In practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
# If you have latency problems turn this to "yes". Otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
no-appendfsync-on-rewrite no
# Automatic rewrite of the append only file.
# Redis is able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log size grows by the specified percentage.
#
# This is how it works: Redis remembers the size of the AOF file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the AOF at startup is used).
#
# This base size is compared to the current size. If the current size is
# bigger than the specified percentage, the rewrite is triggered. Also
# you need to specify a minimal size for the AOF file to be rewritten, this
# is useful to avoid rewriting the AOF file even if the percentage increase
# is reached but it is still pretty small.
#
# Specify a percentage of zero in order to disable the automatic AOF
# rewrite feature.
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
################################ LUA SCRIPTING ###############################
# Max execution time of a Lua script in milliseconds.
#
# If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# When a long running script exceed the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
# used to stop a script that did not yet called write commands. The second
# is the only way to shut down the server in the case a write commands was
# already issue by the script but the user don't want to wait for the natural
# termination of the script.
#
# Set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000
################################## SLOW LOG ###################################
# The Redis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time does not include the I/O operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# You can configure the slow log with two parameters: one tells Redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. When a new command is logged the oldest one is removed from the
# queue of logged commands.
# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128
################################ LATENCY MONITOR ##############################
# The Redis latency monitoring subsystem samples different operations
# at runtime in order to collect data related to possible sources of
# latency of a Redis instance.
#
# Via the LATENCY command this information is available to the user that can
# print graphs and obtain reports.
#
# The system only logs operations that were performed in a time equal or
# greater than the amount of milliseconds specified via the
# latency-monitor-threshold configuration directive. When its value is set
# to zero, the latency monitor is turned off.
#
# By default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. Latency
# monitoring can easily be enalbed at runtime using the command
# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0
############################# Event notification ##############################
# Redis can notify Pub/Sub clients about events happening in the key space.
# This feature is documented at http://redis.io/topics/notifications
#
# For instance if keyspace events notification is enabled, and a client
# performs a DEL operation on key "foo" stored in the Database 0, two
# messages will be published via Pub/Sub:
#
# PUBLISH __keyspace@0__:foo del
# PUBLISH __keyevent@0__:del foo
#
# It is possible to select the events that Redis will notify among a set
# of classes. Every class is identified by a single character:
#
# K Keyspace events, published with __keyspace@<db>__ prefix.
# E Keyevent events, published with __keyevent@<db>__ prefix.
# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
# $ String commands
# l List commands
# s Set commands
# h Hash commands
# z Sorted set commands
# x Expired events (events generated every time a key expires)
# e Evicted events (events generated when a key is evicted for maxmemory)
# A Alias for g$lshzxe, so that the "AKE" string means all the events.
#
# The "notify-keyspace-events" takes as argument a string that is composed
# by zero or multiple characters. The empty string means that notifications
# are disabled at all.
#
# Example: to enable list and generic events, from the point of view of the
# event name, use:
#
# notify-keyspace-events Elg
#
# Example 2: to get the stream of the expired keys subscribing to channel
# name __keyevent@0__:expired use:
#
# notify-keyspace-events Ex
#
# By default all notifications are disabled because most users don't need
# this feature and the feature has some overhead. Note that if you don't
# specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""
############################### ADVANCED CONFIG ###############################
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
# Similarly to hashes, small lists are also encoded in a special way in order
# to save a lot of space. The special representation is only used when
# you are under the following limits:
list-max-ziplist-entries 512
list-max-ziplist-value 64
# Sets have a special encoding in just one case: when a set is composed
# of just strings that happens to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# A value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# The suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much PFADD,
# which is O(N) with the sparse encoding. The value can be raised to
# ~ 10000 when CPU is not a concern, but space is, and the data set is
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# active rehashing the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply form time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including MONITOR clients
# slave -> slave clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# So for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# By default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# Instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are performed with the same frequency, but Redis checks for
# tasks to perform accordingly to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes

View File

@ -0,0 +1,11 @@
[program:redis]
command=redis-server /srv/conf/redis.conf
process_name=redis
autostart=true
autorestart=true
stdout_logfile=/srv/log/redis.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true

205
rosti.sh Executable file
View File

@ -0,0 +1,205 @@
#!/bin/bash
WIDTH=180
HEIGHT=25
TECHDIR=/opt/techs
PRIMARYDIR=/srv/bin/primary_tech
# These environment variables can be set for testing:
# TESTMODE - 1 if test mode is enabled, it skips whiptail
# MENUITEM - selected menu item
# TECH - selected tech
# SERVICE - selected service
# We will use EDITOR environment variables if possible
if [ "$EDITOR" = "" ]; then
export EDITOR=nano
fi
while /bin/true; do
if [ ! "$TESTMODE" = "1" ]; then
menuitem=$(whiptail --menu "Choose what to do" $HEIGHT $WIDTH 6 \
"tech" " Activaton of primary tech" \
"services" " Enable additional services (Redis, Memcached, ..)" \
"cron" " Update crontab" \
"exit" " Exit" \
3>&1 1>&2 2>&3)
else
menuitem=$MENUITEM
fi
case $menuitem in
# Activation of one of the available tech
# Only one tech can be enabled same time but it's possible to use any of them from /opt/techs
"tech")
if [ ! "$TESTMODE" = "1" ]; then
tech=$(whiptail --menu "Select tech" $HEIGHT $WIDTH 6 \
"python-3.8.1" " Python 3.8.1" \
"node-13.7.0" " Node 13.7.0" \
"node-12.14.1" " Node 12.14.1" \
"php-7.4.2" " PHP 7.4.2" \
"back" " Go back" \
3>&1 1>&2 2>&3)
else
tech=$TECH
fi
if [ "$tech" = "back" -o "$tech" = "" ]; then
continue
fi
# Activation of primary tech bin directory
test ! -e $PRIMARYDIR || unlink $PRIMARYDIR
ln -s $TECHDIR/$tech/bin $PRIMARYDIR
# Parse name of the tech - like python or node
name=`echo $tech | cut -d"-" -f 1`
# If /srv/app doesn't exist we will use examples files to create it
if [ ! -e /srv/app ]; then
mkdir -p /srv/conf/supervisor.d
echo "NOTE: /srv/app doesn't exists, creating from $tech example application"
mkdir -p /srv/app
cp -a /opt/examples/$name/* /srv/app/
mv /srv/app/supervisor.conf /srv/conf/supervisor.d/$name.conf
else
echo "IMPORTANT: /srv/app found so no configuration or files are copied, make sure the application is ok after its process is restarted"
fi
# Pythoon specific stuff
if [ "$name" = "python" ]; then
if [ -e /srv/venv ]; then
echo "IMPORTANT: /srv/venv exists, if you have changed python version, make sure to create or update the virtualenv:"
echo
echo " rm -rf /srv/venv"
echo " python3 -m venv /srv/venv)"
echo
echo "Don't forget to backup the old venv if necessary."
else
echo ".. creating new venv in /srv/venv"
test -e /srv/venv || $PRIMARYDIR/python3 -m venv /srv/venv
/srv/venv/bin/pip install gunicorn
/srv/venv/bin/pip install bottle
fi
fi
# PHP specific stuff
if [ "$name" = "php" ]; then
mkdir -p /srv/conf/php-fpm/pool.d/
# Copy config if needed
test -e /srv/conf/php-fpm/php-fpm.conf || mv /srv/app/php-fpm.conf /srv/conf/php-fpm/php-fpm.conf
test -e /srv/conf/php-fpm/pool.d/app.conf || mv /srv/app/pool_app.conf /srv/conf/php-fpm/pool.d/app.conf
test -e /srv/conf/php-fpm/php.ini || mv /srv/app/php.ini /srv/conf/php-fpm/php.ini
ln -s /srv/conf/php-fpm/php.ini /opt/techs/$tech/etc/conf.d/app.ini
# And remove unneeded ones
# TODO: not sure how good idea this is
rm -f /srv/app/php-fpm.conf /srv/app/pool_app.conf /srv/app/php.ini /srv/app/nginx.conf
fi
# Node specific stuff
if [ "$name" = "node" ]; then
/opt/techs/$tech/bin/npm config set prefix "/srv/.npm-packages"
/opt/techs/$tech/bin/npm install -g yarn@berry
fi
# Remove default config in Nginx
test -e /srv/conf/nginx.d/default.conf && rm -f /srv/conf/nginx.d/default.conf
# Same thing we do for nginx but if the file exist it's not rewritten.
if [ ! -e /srv/conf/nginx.d/app.conf ]; then
mkdir -p /srv/conf/nginx.d
if [ "$name" = "php" ]; then
cp /opt/examples/php/nginx.conf /srv/conf/nginx.d/app.conf
else
cp /opt/examples/nginx/nginx.conf /srv/conf/nginx.d/app.conf
fi
echo ".. app configuration for nginx not found, adding it - please check /srv/conf/nginx.d/app.conf and make sure it fits your code"
fi
# We load new configuration into supervisor and it's automatically started or restarted if needed
supervisorctl reread
supervisorctl update
nginx -s reload
echo "NOTE: this tool doesn't restart existing processes, if it's needed, please, do it manually"
echo
if [ ! "$TESTMODE" = "1" ]; then
read -p "Check the output and hit enter to continue"
else
exit 0
fi
;;
# Services like small tools, databases or so to support the running app
"services")
if [ ! "$TESTMODE" = "1" ]; then
service=$(whiptail --menu "Select service to be enabled" $HEIGHT $WIDTH 6 \
"memcached" " Memcached" \
"redis" " Redis" \
"back" " Go back" \
3>&1 1>&2 2>&3)
else
service=$SERVICE
fi
case $service in
"redis")
echo ".. adding redis into supervisor and copying config file into /srv/conf/redis.conf"
mkdir -p /srv/var/redis
cp /opt/examples/redis/supervisor.conf /srv/conf/supervisor.d/redis.conf
cp /opt/examples/redis/redis.conf /srv/conf/redis.conf
supervisorctl reread
supervisorctl update
echo "NOTE: please, check configuration file /srv/conf/redis.conf and update it if needed"
echo "NOTE: Redis server is available at localhost:6379"
echo
if [ ! "$TESTMODE" = "1" ]; then
read -p "Check the output and hit enter to continue"
else
exit 0
fi
;;
"memcached")
echo ".. adding memcached into supervisor"
cp /opt/examples/memcached/supervisor.conf /srv/conf/supervisor.d/memcached.conf
supervisorctl reread
supervisorctl update
echo "NOTE: Memcached server is available at localhost:11211"
echo
if [ ! "$TESTMODE" = "1" ]; then
read -p "Check the output and hit enter to continue"
else
exit 0
fi
;;
"*")
continue
;;
esac
;;
# Simpler crontab editor
"cron")
$EDITOR /srv/conf/crontab && \
crontab /srv/conf/crontab
echo
if [ ! "$TESTMODE" = "1" ]; then
read -p "Check the output and hit enter to continue"
else
exit 0
fi
;;
"exit")
echo "Bye bye!"
exit 0
;;
esac
done

View File

@ -0,0 +1,17 @@
#!/bin/sh
cat << EOF > /srv/conf/supervisor.d/memcached.conf
[program:memcached]
command=/usr/bin/memcached -m 64
autostart=true
autorestart=true
stdout_logfile=/srv/log/memcached.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true
EOF
supervisorctl reread
supervisorctl update

21
scripts/enable_redis.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/sh
mkdir -p /srv/var/redis
mkdir -p /srv/run
cp /opt/conf/redis.conf /srv/conf/
cat << EOF > /srv/conf/supervisor.d/redis.conf
[program:redis]
command=redis-server /srv/conf/redis.conf
autostart=true
autorestart=true
stdout_logfile=/srv/log/redis.log
stdout_logfile_maxbytes=2MB
stdout_logfile_backups=5
stdout_capture_maxbytes=2MB
stdout_events_enabled=false
redirect_stderr=true
EOF
supervisorctl reread
supervisorctl update

140
start.sh Executable file
View File

@ -0,0 +1,140 @@
#!/bin/sh
##################################
# Basic structure and purpose file
##################################
for d in /srv/log /srv/conf /srv/run /srv/conf/supervisor.d /srv/var; do
test ! -e $d && mkdir -p $d
done
# Bin directory where active tech is located along other tools
mkdir -p /srv/bin
# Directory where Nginx stored request bodies
mkdir -p /srv/var/nginx/
# Run directory where PID files, socket files a other runtime stuff is located
mkdir -p /srv/run
# Configuration store for Nginx
mkdir -p /srv/conf/nginx.d
###################
# Clear tmp files
###################
rm -f /srv/run/*.sock
rm -f /srv/run/*.pid
################
# Common things
################
# SSH password from file and from system env
if [ -e /srv/.rosti ]; then
echo "app:`cat /srv/.rosti`" | chpasswd
# file with ssh password has different owner
test chown root:root /srv/.rosti
chmod 600 /srv/.rosti
fi
if [ -n "$SSHPASS" ]; then
echo "app:$SSHPASS" | chpasswd
fi
# Dropbear settings and certificates
if [ ! -e /srv/conf/dropbear ]; then
mkdir -p /srv/conf/dropbear
chmod 700 /srv/conf/dropbear
chown root:root /srv/conf/dropbear
fi
#rm /etc/dropbear/dropbear_rsa_host_key /etc/dropbear/dropbear_dss_host_key
test -e /srv/conf/dropbear/dropbear_rsa_host_key || dropbearkey -t rsa -f /srv/conf/dropbear/dropbear_rsa_host_key
test -e /srv/conf/dropbear/dropbear_dss_host_key || dropbearkey -t dss -f /srv/conf/dropbear/dropbear_dss_host_key
chmod 700 /srv/conf/dropbear
chmod 600 /srv/conf/dropbear/*
chown -R root:root /srv/conf/dropbear
cp /srv/conf/dropbear/* /etc/dropbear/
# vimrc
if [ ! -e /srv/.vimrc ]; then
cp /opt/etc/vimrc /srv/.vimrc
fi
# Crontab
test ! -e /srv/conf/crontab && touch /srv/conf/crontab
if [ -e /srv/conf/crontab ]; then
crontab -u app /srv/conf/crontab
fi
chown app:app /srv/conf/crontab
# Start secondary daemons
echo "Starting cron .."
/usr/sbin/cron
echo "Starting dropbear .."
dropbear -w -d /srv/conf/dropbear/dropbear_dss_host_key -r /srv/conf/dropbear/dropbear_rsa_host_key
# BASHRC
if [ ! -e /srv/.bashrc ]; then
cp /opt/etc/bashrc_local /srv/.bashrc
chown app:app /srv/.bashrc
fi
if [ ! -e /srv/.bash_profile ]; then
cp /opt/etc/bash_profile /srv/.bash_profile
fi
cd /srv
#################
# Initialization
#################
# Install custom packages
if [ -e /srv/.extra_packages ]; then
apt-get update -y
apt-get install -y `cat /srv/.extra_packages | sed "s/;//g" | sed "s/\n/ /g"`
fi
# Init scripts runned under root
if [ -e /opt/etc/script.d/* ]; then
for f in `ls /opt/script.d`; do
/bin/sh /opt/etc/script.d/$f
done
fi
# Init scripts runned under app user
if [ -e /opt/etc/appinit/* ]; then
for f in `ls /opt/etc/appinit/*`; do
su app -c "/bin/sh $f"
done
fi
# Permissions for app on /srv
if [ ! -e /srv/.chowned ]; then
chown app:app /srv -R
touch /srv/.chowned
chown root:root /srv/.chowned
chmod 644 /srv/.chowned
fi
# User's init script
if [ -e /srv/app/init.sh ]; then
echo "Starting /srv/app/init.sh .."
chmod 755 /srv/app/init.sh
su app -c /srv/app/init.sh
fi
####################
# Default Nginx page
####################
if [ `ls /srv/conf/nginx.d | wc -l` -eq 0 ]; then
echo ".. no nginx configuration found, adding default page"
su app -c "mkdir -p /srv/conf/nginx.d"
su app -c "cp /opt/examples/nginx/default.conf /srv/conf/nginx.d/default.conf"
fi
if [ ! -e /srv/conf/supervisor.d/nginx.conf ]; then
echo ".. nginx configuration not found in supervisor, adding it now"
su app -c "cp /opt/examples/nginx/supervisor.conf /srv/conf/supervisor.d/nginx.conf"
fi
su app -c "supervisord -n -c /etc/supervisor/supervisord.conf"

113
tests.sh Executable file
View File

@ -0,0 +1,113 @@
#!/bin/bash
if [ -z "$DOCKER" ]; then
DOCKER=docker
fi
CONTAINER_NAME=runtime-test
I=1
COUNT=5
PROBLEM=0
function run() {
$DOCKER run -d --rm --name $CONTAINER_NAME rosti/runtime:dev > /dev/null
sleep 5
}
function stop() {
$DOCKER stop $CONTAINER_NAME > /dev/null
sleep 5
}
# Default page
run
$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep "<title>Roští.cz</title>" > /dev/null
if [ $? -eq 0 ]; then
echo "$I/$COUNT default response correct"
else
echo "$I/$COUNT default response incorrect"
PROBLEM=1
fi
I=$((I+1))
stop
###############
# Node.js 12.14.1
run
$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=node-12.14.1 $CONTAINER_NAME su app -c rosti > /dev/null
sleep 3
$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep package.json > /dev/null
if [ $? -eq 0 ]; then
echo "$I/$COUNT Node.js 12.14.1 response correct"
else
echo "$I/$COUNT Node.js 12.14.1 response incorrect"
PROBLEM=1
fi
I=$((I+1))
stop
###############
# Node.js 13.7.0
run
$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=node-13.7.0 $CONTAINER_NAME su app -c rosti > /dev/null
sleep 3
$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep package.json > /dev/null
if [ $? -eq 0 ]; then
echo "$I/$COUNT Node.js 13.7.0 response correct"
else
echo "$I/$COUNT Node.js 13.7.0 response incorrect"
PROBLEM=1
fi
I=$((I+1))
stop
###############
# Python 3.8.2
run
$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=python-3.8.1 $CONTAINER_NAME su app -c rosti > /dev/null
sleep 5
$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep "app.py" > /dev/null
if [ $? -eq 0 ]; then
echo "$I/$COUNT Python 3.8.1 response correct"
else
echo "$I/$COUNT Python 3.8.1 response incorrect"
PROBLEM=1
fi
I=$((I+1))
stop
###############
# PHP 7.4.2
run
$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=php-7.4.2 $CONTAINER_NAME su app -c rosti > /dev/null
sleep 5
$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep "PHP aplikaci" > /dev/null
if [ $? -eq 0 ]; then
echo "$I/$COUNT PHP 7.4.2 response correct"
else
echo "$I/$COUNT PHP 7.4.2 response incorrect"
PROBLEM=1
fi
I=$((I+1))
stop
###############
if [ "$PROBLEM" = "0" ]; then
echo
echo "All OK"
exit 0
else
echo
echo "Problem found"
exit 1
fi