Merge branch 'compose'
This commit is contained in:
commit
8771ac9828
3
.gitmodules
vendored
3
.gitmodules
vendored
@ -1,3 +1,6 @@
|
||||
[submodule "app-vmmgr"]
|
||||
path = apk/vmmgr
|
||||
url = ssh://git@git.spotter.cz:2222/Spotter-Cluster/vmmgr.git
|
||||
[submodule "spoc"]
|
||||
path = apk/spoc
|
||||
url = ssh://git@git.spotter.cz:2222/Spotter-Cluster/spoc.git
|
||||
|
@ -1,28 +0,0 @@
|
||||
# Contributor: Disassembler <disassembler@dasm.cz>
|
||||
# Maintainer: Disassembler <disassembler@dasm.cz>
|
||||
pkgname=acme-sh
|
||||
pkgver=2.8.1
|
||||
pkgrel=0
|
||||
pkgdesc="A pure Unix shell ACME protocol client"
|
||||
url="https://github.com/Neilpang/acme.sh"
|
||||
arch="noarch"
|
||||
license="GPL"
|
||||
_commit=09bce5e6d6be6b97b3c843b815087874e3e44a21
|
||||
source="${pkgname}-${pkgver}.tar.gz::https://github.com/Neilpang/acme.sh/archive/${_commit}.tar.gz"
|
||||
builddir="${srcdir}/acme.sh-${_commit}"
|
||||
options="!check"
|
||||
|
||||
build() {
|
||||
return 0
|
||||
}
|
||||
|
||||
package() {
|
||||
mkdir -p ${pkgdir}/usr/bin
|
||||
mkdir -p ${pkgdir}/etc/acme.sh.d
|
||||
mkdir -p ${pkgdir}/etc/periodic/daily
|
||||
sed 's|$HOME/.$PROJECT_NAME|/etc/acme.sh.d|' ${builddir}/acme.sh > ${pkgdir}/usr/bin/acme.sh
|
||||
chmod +x ${pkgdir}/usr/bin/acme.sh
|
||||
cp ${startdir}/source/acme-sh ${pkgdir}/etc/periodic/daily/
|
||||
}
|
||||
|
||||
sha512sums="b2d3d1c3f0ba1d57f40373aa430f53b8398e3798cadb4ab6bc376c9c70edda08cda4380bc8fe9fd272b9e02bd9f763de0a399aeeb5ea8d1a2e8ff5b1d8cef86a acme-sh-2.8.1.tar.gz"
|
@ -1,5 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Sleep randomly up to 1hr to avoid peak on ACME server
|
||||
/bin/sleep $(/usr/bin/shuf -i 60-3600 -n 1)
|
||||
/usr/bin/acme.sh --cron >/dev/null
|
@ -1,76 +0,0 @@
|
||||
# Contributor: Trevor R.H. Clarke <trevor@notcows.com>
|
||||
# Maintainer: Trevor R.H. Clarke <trevor@notcows.com>
|
||||
pkgname=gdal
|
||||
pkgver=2.4.0
|
||||
pkgrel=1
|
||||
pkgdesc="A translator library for raster and vector geospatial data formats"
|
||||
url="http://gdal.org"
|
||||
arch="x86 x86_64"
|
||||
license="MIT"
|
||||
depends=""
|
||||
depends_dev="gdal"
|
||||
makedepends="
|
||||
curl-dev
|
||||
geos-dev
|
||||
giflib-dev
|
||||
jpeg-dev
|
||||
libjpeg-turbo-dev
|
||||
libpng-dev
|
||||
linux-headers
|
||||
postgresql-dev
|
||||
python2-dev
|
||||
sqlite-dev
|
||||
swig
|
||||
tiff-dev
|
||||
zlib-dev
|
||||
"
|
||||
subpackages="
|
||||
$pkgname-dev
|
||||
py-$pkgname:py
|
||||
"
|
||||
|
||||
source="http://download.osgeo.org/$pkgname/$pkgver/$pkgname-$pkgver.tar.xz"
|
||||
builddir="$srcdir/$pkgname-$pkgver"
|
||||
|
||||
build() {
|
||||
cd "$builddir"
|
||||
|
||||
./configure --prefix=/usr \
|
||||
--with-curl=/usr/bin/curl-config
|
||||
make
|
||||
|
||||
cd swig/python
|
||||
python2 setup.py build
|
||||
}
|
||||
|
||||
package() {
|
||||
cd "$builddir"
|
||||
|
||||
make DESTDIR="$pkgdir" install
|
||||
chmod -x "$pkgdir"/usr/include/*.h
|
||||
}
|
||||
|
||||
py() {
|
||||
pkgdesc="$pkgname (python bindings)"
|
||||
|
||||
cd "$builddir"/swig/python
|
||||
python2 setup.py install --prefix=/usr --root="$subpkgdir"
|
||||
|
||||
chmod a+x scripts/*
|
||||
install -d "$subpkgdir"/usr/bin
|
||||
install -m755 scripts/*.py "$subpkgdir"/usr/bin/
|
||||
}
|
||||
|
||||
check() {
|
||||
# TODO: https://trac.osgeo.org/gdal/wiki/TestingNotes
|
||||
|
||||
cd "$builddir"
|
||||
apps/gdal-config --version | grep "$pkgver"
|
||||
|
||||
# confirms MBTiles support
|
||||
apps/gdal_translate --formats | grep "MBTiles -raster,vector- (rw+v): MBTiles"
|
||||
|
||||
# confirms PostgreSQL/PostGIS support
|
||||
apps/ogr2ogr --formats | grep "PostgreSQL -vector- (rw+): PostgreSQL/PostGIS"
|
||||
}
|
||||
sha512sums="d4eb6535043b1495f691ab96aa8087d9254aa01efbc57a4051f8b9f4f6b2537719d7bf03ff82c3f6cfd0499a973c491fa9da9f5854dbd9863a0ec9796d3642bb gdal-2.4.0.tar.xz"
|
@ -1,55 +0,0 @@
|
||||
# Contributor: Eric Kidd <git@randomhacks.net>
|
||||
# Maintainer:
|
||||
pkgname=geos
|
||||
pkgver=3.7.1
|
||||
pkgrel=0
|
||||
pkgdesc="GEOS is a library providing OpenGIS and JTS spatial operations in C++."
|
||||
url="https://trac.osgeo.org/geos/"
|
||||
# test fails on other archs
|
||||
arch="x86 x86_64"
|
||||
license="LGPL-2.1"
|
||||
makedepends="swig python2-dev"
|
||||
subpackages="py-$pkgname:py $pkgname-dev"
|
||||
source="http://download.osgeo.org/geos/geos-$pkgver.tar.bz2"
|
||||
builddir="$srcdir/$pkgname-$pkgver"
|
||||
|
||||
build() {
|
||||
cd "$builddir"
|
||||
|
||||
./configure \
|
||||
--build=$CBUILD \
|
||||
--host=$CHOST \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
--mandir=/usr/share/man \
|
||||
--localstatedir=/var \
|
||||
--enable-python
|
||||
|
||||
# --enable-ruby produces a gem which crashes, and which seems to
|
||||
# mostly ignored in favor of the rgeo and ffi-geos modules, anyway.
|
||||
|
||||
make
|
||||
}
|
||||
|
||||
check() {
|
||||
cd "$builddir"
|
||||
|
||||
make check
|
||||
}
|
||||
|
||||
package() {
|
||||
cd "$builddir"
|
||||
|
||||
make DESTDIR="$pkgdir" install
|
||||
install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
|
||||
}
|
||||
|
||||
py() {
|
||||
pkgdesc="$pkgname Python bindings"
|
||||
|
||||
cd "$builddir"
|
||||
install -d "$subpkgdir"/usr/lib
|
||||
mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
|
||||
}
|
||||
|
||||
sha512sums="01e8087bcd3cb8f873adb7b56910e1575ccb3336badfdd3f13bc6792095b7010e5ab109ea0d0cd3d1459e2e526e83bcf64d6ee3f7eb47be75639becdaacd2a87 geos-3.7.1.tar.bz2"
|
178
apk/lxc/APKBUILD
Normal file
178
apk/lxc/APKBUILD
Normal file
@ -0,0 +1,178 @@
|
||||
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
|
||||
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
|
||||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=lxc
|
||||
pkgver=3.2.1
|
||||
_pkgver=${pkgver/_rc/.rc}
|
||||
pkgrel=2
|
||||
pkgdesc="Userspace interface for the Linux kernel containment features"
|
||||
url="https://linuxcontainers.org/lxc/"
|
||||
arch="all"
|
||||
license="GPL-2.0-only"
|
||||
makedepends="
|
||||
libcap-dev
|
||||
libcap-static
|
||||
libseccomp-dev
|
||||
linux-pam-dev
|
||||
linux-headers
|
||||
bsd-compat-headers
|
||||
docbook2x
|
||||
|
||||
automake
|
||||
autoconf
|
||||
libtool
|
||||
"
|
||||
|
||||
options="suid"
|
||||
subpackages="
|
||||
$pkgname-dev
|
||||
$pkgname-doc
|
||||
$pkgname-openrc
|
||||
$pkgname-lvm::noarch
|
||||
$pkgname-libs
|
||||
$pkgname-bridge::noarch
|
||||
$pkgname-bash-completion:bashcomp:noarch
|
||||
$pkgname-pam
|
||||
$pkgname-download:_download:noarch
|
||||
$pkgname-templates-oci:templates_oci:noarch
|
||||
$pkgname-templates::noarch
|
||||
"
|
||||
|
||||
source="https://linuxcontainers.org/downloads/lxc/lxc-$_pkgver.tar.gz
|
||||
cgroups-initialize-cpuset-properly.patch
|
||||
network-restore-ability-to-move-nl80211-devices.patch
|
||||
execute-attach-user-group.patch
|
||||
attach-returncode.patch
|
||||
lxc.initd
|
||||
lxc.confd
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 3.1.0-r1:
|
||||
# - CVE-2019-5736
|
||||
# 2.1.1-r9:
|
||||
# - CVE-2018-6556
|
||||
#
|
||||
|
||||
_tmpldir="usr/share/lxc/templates"
|
||||
|
||||
build() {
|
||||
./configure \
|
||||
--build=$CBUILD \
|
||||
--host=$CHOST \
|
||||
--prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
--localstatedir=/var \
|
||||
--disable-apparmor \
|
||||
--enable-pam \
|
||||
--with-distro=alpine \
|
||||
--disable-werror \
|
||||
--enable-doc
|
||||
make
|
||||
}
|
||||
|
||||
check() {
|
||||
make check
|
||||
}
|
||||
|
||||
package() {
|
||||
make DESTDIR="$pkgdir" install
|
||||
|
||||
install -Dm755 "$srcdir"/lxc.initd "$pkgdir"/etc/init.d/lxc
|
||||
install -Dm644 "$srcdir"/lxc.confd "$pkgdir"/etc/conf.d/lxc
|
||||
install -d "$pkgdir"/var/lib/lxc
|
||||
|
||||
# Remove useless config for SysVinit.
|
||||
rm -r "$pkgdir"/etc/default
|
||||
}
|
||||
|
||||
lvm() {
|
||||
pkgdesc="LVM support for LXC"
|
||||
depends="$pkgname=$pkgver-r$pkgrel lvm2 util-linux"
|
||||
install_if="$pkgname=$pkgver-r$pkgrel lvm2"
|
||||
mkdir "$subpkgdir"
|
||||
}
|
||||
|
||||
_py3() {
|
||||
pkgdesc="Python3 module for LXC"
|
||||
depends="python3"
|
||||
mkdir -p "$subpkgdir"/usr/lib
|
||||
mv "$pkgdir"/usr/lib/python3.* "$subpkgdir"/usr/lib
|
||||
}
|
||||
|
||||
_download() {
|
||||
pkgdesc="LXC container image downloader template"
|
||||
depends="$pkgname gnupg1 tar wget"
|
||||
|
||||
mkdir -p "$subpkgdir"/$_tmpldir
|
||||
mv "$pkgdir"/$_tmpldir/lxc-download "$subpkgdir"/$_tmpldir/
|
||||
}
|
||||
|
||||
templates() {
|
||||
pkgdesc="Templates for LXC (except alpine and download)"
|
||||
depends="tar"
|
||||
mkdir -p "$subpkgdir"/$_tmpldir
|
||||
mv "$pkgdir"/$_tmpldir/* "$subpkgdir"/$_tmpldir/
|
||||
}
|
||||
|
||||
templates_oci() {
|
||||
pkgdesc="OCI Template for LXC"
|
||||
depends="bash jq"
|
||||
mkdir -p "$subpkgdir"/usr/share/lxc/templates
|
||||
mv "$pkgdir"/usr/share/lxc/templates/lxc-oci \
|
||||
"$subpkgdir"/usr/share/lxc/templates/
|
||||
}
|
||||
|
||||
pam() {
|
||||
pkgdesc="PAM module for LXC"
|
||||
mkdir -p "$subpkgdir"/lib/security
|
||||
mv "$pkgdir"/lib/security/pam_cgfs.so "$subpkgdir"/lib/security/
|
||||
}
|
||||
|
||||
dev() {
|
||||
default_dev
|
||||
# fix abuild smartness
|
||||
mv "$subpkgdir"/usr/bin/lxc-config "$pkgdir"/usr/bin/
|
||||
mv "$subpkgdir"/usr/bin/lxc-update-config "$pkgdir"/usr/bin/
|
||||
}
|
||||
|
||||
bridge() {
|
||||
depends="dnsmasq"
|
||||
pkgdesc="Bridge interface for LXC with dhcp"
|
||||
mkdir -p "$subpkgdir"/etc/conf.d \
|
||||
"$subpkgdir"/etc/init.d \
|
||||
"$subpkgdir"/etc/lxc
|
||||
|
||||
ln -s dnsmasq "$subpkgdir"/etc/init.d/dnsmasq.lxcbr0
|
||||
cat >>"$subpkgdir"/etc/conf.d/dnsmasq.lxcbr0 <<- EOF
|
||||
rc_before="lxc"
|
||||
BRIDGE_ADDR="10.0.3.1"
|
||||
BRIDGE_NETMASK="255.255.255.0"
|
||||
BRIDGE_NETWORK="10.0.3.0/24"
|
||||
BRIDGE_DHCP_RANGE="10.0.3.2,10.0.3.254"
|
||||
BRIDGE_DHCP_MAX="253"
|
||||
BRIDGE_MAC="00:16:3e:00:00:00"
|
||||
DNSMASQ_CONFFILE="/etc/lxc/dnsmasq.conf"
|
||||
EOF
|
||||
cat >>"$subpkgdir"/etc/lxc/dnsmasq.conf <<- EOF
|
||||
#dhcp-host=somehost,10.0.3.3
|
||||
#dhcp-host=otherhost,10.0.3.4
|
||||
EOF
|
||||
}
|
||||
|
||||
bashcomp() {
|
||||
depends=""
|
||||
pkgdesc="Bash completions for $pkgname"
|
||||
install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
|
||||
mkdir -p "$subpkgdir"/usr/share/bash-completion/completions
|
||||
mv "$pkgdir"/etc/bash_completion.d/$pkgname "$subpkgdir"/usr/share/bash-completion/completions
|
||||
rmdir "$pkgdir"/etc/bash_completion.d
|
||||
}
|
||||
|
||||
sha512sums="4b3046fc6c4aa497fb26bd45839e60de503184af86d3966e796d14e619203536b9a9ed67bdcd8a108cf1a548f8d095fb46dff53094a08abd8d268c866db685c0 lxc-3.2.1.tar.gz
|
||||
2bebe6cc24987354b6e7dc9003c3a4df450ca10263e6dc0e9313977fdfc2eb57c0d68560da4d1071c8de2f8e3e394ed3ca17af445bea524daa5f8ae8955b3ba6 cgroups-initialize-cpuset-properly.patch
|
||||
d302b7296918680901d034dc12ae0687dbbc65766800a9f7256e661f638d3dcad66bcc737aec2c6de8c27d3b9c08833e00420c2064f356d6d73efda9ae9bd707 network-restore-ability-to-move-nl80211-devices.patch
|
||||
a26cd718760e73309a686242b03c5de5ceff17ab9c348438cd19d2d875696e5c788f0e04d66dd01e08449754c14ce2b7cc1dfc1bac2a64429ccf4462f8aa93a5 execute-attach-user-group.patch
|
||||
565b7c1774b19f66cc3435557325b75c85203bae4e53db1677580f4b93c4fb2db7f9bd9dd02b956b18bc2730b8645984e790f27162510d642ce7647df21febc0 attach-returncode.patch
|
||||
b74ffe7c3e8f193265a90ffeb6e5743b1212bc1416b898e5a7e59ddd7f06fc77dc34e2dcbb3614038ac6222a95e2b9beb9f03ab734c991837203ab626b1b091f lxc.initd
|
||||
91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467 lxc.confd"
|
15
apk/lxc/attach-returncode.patch
Normal file
15
apk/lxc/attach-returncode.patch
Normal file
@ -0,0 +1,15 @@
|
||||
--- a/src/lxc/tools/lxc_attach.c
|
||||
+++ b/src/lxc/tools/lxc_attach.c
|
||||
@@ -385,10 +385,9 @@
|
||||
ret = lxc_wait_for_pid_status(pid);
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
-
|
||||
- if (WIFEXITED(ret))
|
||||
- wexit = WEXITSTATUS(ret);
|
||||
}
|
||||
+ if (WIFEXITED(ret))
|
||||
+ wexit = WEXITSTATUS(ret);
|
||||
|
||||
out:
|
||||
lxc_container_put(c);
|
33
apk/lxc/cgroups-initialize-cpuset-properly.patch
Normal file
33
apk/lxc/cgroups-initialize-cpuset-properly.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From b31d62b847a3ee013613795094cce4acc12345ef Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Sun, 28 Jul 2019 23:13:26 +0200
|
||||
Subject: [PATCH] cgroups: initialize cpuset properly
|
||||
|
||||
Closes #3108.
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/cgroups/cgfsng.c | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
|
||||
index 7b8fe6736f..c29c0958e9 100644
|
||||
--- a/src/lxc/cgroups/cgfsng.c
|
||||
+++ b/src/lxc/cgroups/cgfsng.c
|
||||
@@ -496,12 +496,12 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
|
||||
}
|
||||
|
||||
if (!flipped_bit) {
|
||||
- DEBUG("No isolated or offline cpus present in cpuset");
|
||||
- return true;
|
||||
+ cpulist = lxc_cpumask_to_cpulist(possmask, maxposs);
|
||||
+ TRACE("No isolated or offline cpus present in cpuset");
|
||||
+ } else {
|
||||
+ cpulist = move_ptr(posscpus);
|
||||
+ TRACE("Removed isolated or offline cpus from cpuset");
|
||||
}
|
||||
- DEBUG("Removed isolated or offline cpus from cpuset");
|
||||
-
|
||||
- cpulist = lxc_cpumask_to_cpulist(possmask, maxposs);
|
||||
if (!cpulist) {
|
||||
ERROR("Failed to create cpu list");
|
||||
return false;
|
53
apk/lxc/execute-attach-user-group.patch
Normal file
53
apk/lxc/execute-attach-user-group.patch
Normal file
@ -0,0 +1,53 @@
|
||||
--- a/src/lxc/tools/lxc_attach.c
|
||||
+++ b/src/lxc/tools/lxc_attach.c
|
||||
@@ -153,6 +153,8 @@
|
||||
.checker = NULL,
|
||||
.log_priority = "ERROR",
|
||||
.log_file = "none",
|
||||
+ .uid = LXC_INVALID_UID,
|
||||
+ .gid = LXC_INVALID_GID,
|
||||
};
|
||||
|
||||
static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
||||
@@ -366,10 +368,10 @@
|
||||
goto out;
|
||||
}
|
||||
|
||||
- if (my_args.uid)
|
||||
+ if (my_args.uid != LXC_INVALID_UID)
|
||||
attach_options.uid = my_args.uid;
|
||||
|
||||
- if (my_args.gid)
|
||||
+ if (my_args.gid != LXC_INVALID_GID)
|
||||
attach_options.gid = my_args.gid;
|
||||
|
||||
if (command.program) {
|
||||
--- a/src/lxc/tools/lxc_execute.c
|
||||
+++ b/src/lxc/tools/lxc_execute.c
|
||||
@@ -84,6 +84,8 @@
|
||||
.log_priority = "ERROR",
|
||||
.log_file = "none",
|
||||
.daemonize = 0,
|
||||
+ .uid = LXC_INVALID_UID,
|
||||
+ .gid = LXC_INVALID_GID,
|
||||
};
|
||||
|
||||
static int my_parser(struct lxc_arguments *args, int c, char *arg)
|
||||
@@ -211,7 +213,7 @@
|
||||
if (!bret)
|
||||
goto out;
|
||||
|
||||
- if (my_args.uid) {
|
||||
+ if (my_args.uid != LXC_INVALID_UID) {
|
||||
char buf[256];
|
||||
|
||||
ret = snprintf(buf, 256, "%d", my_args.uid);
|
||||
@@ -223,7 +225,7 @@
|
||||
goto out;
|
||||
}
|
||||
|
||||
- if (my_args.gid) {
|
||||
+ if (my_args.gid != LXC_INVALID_GID) {
|
||||
char buf[256];
|
||||
|
||||
ret = snprintf(buf, 256, "%d", my_args.gid);
|
10
apk/lxc/lxc.confd
Normal file
10
apk/lxc/lxc.confd
Normal file
@ -0,0 +1,10 @@
|
||||
# Configuration for /etc/init.d/lxc[.*]
|
||||
|
||||
# Enable cgroup for systemd-based containers.
|
||||
#systemd_container=no
|
||||
|
||||
# autostart groups (comma separated)
|
||||
#lxc_group="onboot"
|
||||
|
||||
# Directory for containers' logs (used for symlinked runscripts lxc.*).
|
||||
#logdir="/var/log/lxc"
|
157
apk/lxc/lxc.initd
Normal file
157
apk/lxc/lxc.initd
Normal file
@ -0,0 +1,157 @@
|
||||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-emulation/lxc/files/lxc.initd.2,v 1.5 2012/07/21 05:07:15 flameeyes Exp $
|
||||
|
||||
extra_started_commands="reboot"
|
||||
|
||||
description="Linux Containers (LXC)"
|
||||
description_reboot="Reboot containers"
|
||||
|
||||
CONTAINER=${SVCNAME#*.}
|
||||
: ${lxc_group:=$LXC_GROUP}
|
||||
: ${systemd_container:=no}
|
||||
: ${logdir:=/var/log/lxc}
|
||||
|
||||
command="/usr/bin/lxc-start"
|
||||
pidfile="/var/run/lxc/$CONTAINER.pid"
|
||||
|
||||
depend() {
|
||||
need localmount sysfs cgroups
|
||||
after firewall net
|
||||
}
|
||||
|
||||
lxc_get_configfile() {
|
||||
local i
|
||||
for i in /var/lib/lxc/${CONTAINER}/config \
|
||||
/etc/lxc/${CONTAINER}.conf \
|
||||
/etc/lxc/${CONTAINER}/config; do
|
||||
if [ -f "$i" ]; then
|
||||
echo "$i"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
eerror "Unable to find a suitable configuration file."
|
||||
eerror "If you set up the container in a non-standard"
|
||||
eerror "location, please set the CONFIGFILE variable."
|
||||
return 1
|
||||
}
|
||||
|
||||
lxc_get_var() {
|
||||
awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE} | cut -d: -f2
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
if [ ${CONTAINER} = ${SVCNAME} ]; then
|
||||
CONTAINER=
|
||||
return 0
|
||||
fi
|
||||
CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
|
||||
|
||||
# no need to output anything, the function takes care of that.
|
||||
[ -z "${CONFIGFILE}" ] && return 1
|
||||
|
||||
utsname=$(lxc_get_var lxc.uts.name)
|
||||
if [ "${CONTAINER}" != "${utsname}" ]; then
|
||||
eerror "You should use the same name for the service and the"
|
||||
eerror "lxc.uts.name : Right now the lxc.uts.name is set to : ${utsname}"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
systemd_ctr() {
|
||||
local cmd="$1"
|
||||
# Required for lxc-console and services inside systemd containers.
|
||||
local cgroup=/sys/fs/cgroup/systemd
|
||||
local mnt_opts='rw,nosuid,nodev,noexec,relatime,none,name=systemd'
|
||||
|
||||
case "$cmd" in
|
||||
mount)
|
||||
checkpath -d $cgroup
|
||||
if ! mount | grep $cgroup >/dev/null; then
|
||||
mount -t cgroup -o $mnt_opts cgroup $cgroup
|
||||
fi
|
||||
;;
|
||||
unmount)
|
||||
if mount | grep $cgroup >/dev/null; then
|
||||
umount $cgroup
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
_autostart() {
|
||||
ebegin "$1 LXC containers"
|
||||
shift
|
||||
lxc-autostart --group "$lxc_group" "$@"
|
||||
eend $?
|
||||
}
|
||||
|
||||
start() {
|
||||
checkconfig || return 1
|
||||
if yesno "$systemd_container"; then
|
||||
systemd_ctr mount
|
||||
fi
|
||||
if [ -z "$CONTAINER" ]; then
|
||||
_autostart "Starting"
|
||||
return
|
||||
fi
|
||||
|
||||
rm -f "$logdir"/${CONTAINER}.log
|
||||
|
||||
rootpath=$(lxc_get_var lxc.rootfs.path)
|
||||
# verify that container is not on tmpfs
|
||||
dev=$(df -P "${rootpath}" | awk '{d=$1}; END {print d}')
|
||||
type=$(awk -v dev="$dev" '$1 == dev {m=$3}; END {print m}' /proc/mounts)
|
||||
if [ "$type" = tmpfs ] && ! yesno "$ALLOW_TMPFS"; then
|
||||
eerror "${rootpath} is on tmpfs and ALLOW_TMPFS is not set"
|
||||
return 1
|
||||
fi
|
||||
|
||||
checkpath -d -m 750 -o root:wheel $logdir
|
||||
|
||||
checkpath -d ${pidfile%/*}
|
||||
ebegin "Starting container ${CONTAINER}"
|
||||
start-stop-daemon --start $command \
|
||||
--pidfile $pidfile \
|
||||
-- \
|
||||
--daemon \
|
||||
--pidfile $pidfile \
|
||||
--name ${CONTAINER} \
|
||||
--rcfile ${CONFIGFILE} \
|
||||
--logpriority WARN \
|
||||
--logfile $logdir/${CONTAINER}.log \
|
||||
|| eend $? || return $?
|
||||
lxc-wait -n ${CONTAINER} -t 5 -s RUNNING
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
checkconfig || return 1
|
||||
systemd_ctr unmount
|
||||
|
||||
if [ -z "$CONTAINER" ]; then
|
||||
_autostart "Stopping" --shutdown --timeout ${LXC_TIMEOUT:-30}
|
||||
return
|
||||
fi
|
||||
|
||||
ebegin "Stopping container ${CONTAINER}"
|
||||
start-stop-daemon --stop --pidfile ${pidfile} \
|
||||
--retry ${POWEROFF_SIGNAL:-SIGUSR2}/${TIMEOUT:-30} \
|
||||
--progress
|
||||
eend $?
|
||||
}
|
||||
|
||||
reboot() {
|
||||
checkconfig || return 1
|
||||
if [ -z "$CONTAINER" ]; then
|
||||
_autostart "Rebooting" --reboot
|
||||
return
|
||||
fi
|
||||
|
||||
ebegin "Sending reboot signal to container $CONTAINER"
|
||||
start-stop-daemon --signal ${RESTART_SIG:-SIGTERM} \
|
||||
--pidfile ${pidfile}
|
||||
eend $?
|
||||
}
|
||||
|
@ -0,0 +1,91 @@
|
||||
From 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Fri, 26 Jul 2019 08:20:02 +0200
|
||||
Subject: [PATCH] network: restore ability to move nl80211 devices
|
||||
|
||||
Closes #3105.
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/network.c | 31 +++++++++++++++++--------------
|
||||
1 file changed, 17 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/network.c b/src/lxc/network.c
|
||||
index 9755116ba1..7684f95918 100644
|
||||
--- a/src/lxc/network.c
|
||||
+++ b/src/lxc/network.c
|
||||
@@ -1248,22 +1248,21 @@ static int lxc_netdev_rename_by_name_in_netns(pid_t pid, const char *old,
|
||||
static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid,
|
||||
const char *newname)
|
||||
{
|
||||
- char *cmd;
|
||||
+ __do_free char *cmd = NULL;
|
||||
pid_t fpid;
|
||||
- int err = -1;
|
||||
|
||||
/* Move phyN into the container. TODO - do this using netlink.
|
||||
* However, IIUC this involves a bit more complicated work to talk to
|
||||
* the 80211 module, so for now just call out to iw.
|
||||
*/
|
||||
cmd = on_path("iw", NULL);
|
||||
- if (!cmd)
|
||||
- goto out1;
|
||||
- free(cmd);
|
||||
+ if (!cmd) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
fpid = fork();
|
||||
if (fpid < 0)
|
||||
- goto out1;
|
||||
+ return -1;
|
||||
|
||||
if (fpid == 0) {
|
||||
char pidstr[30];
|
||||
@@ -1274,21 +1273,18 @@ static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid,
|
||||
}
|
||||
|
||||
if (wait_for_pid(fpid))
|
||||
- goto out1;
|
||||
+ return -1;
|
||||
|
||||
- err = 0;
|
||||
if (newname)
|
||||
- err = lxc_netdev_rename_by_name_in_netns(pid, ifname, newname);
|
||||
+ return lxc_netdev_rename_by_name_in_netns(pid, ifname, newname);
|
||||
|
||||
-out1:
|
||||
- free(physname);
|
||||
- return err;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
int lxc_netdev_move_by_name(const char *ifname, pid_t pid, const char* newname)
|
||||
{
|
||||
+ __do_free char *physname = NULL;
|
||||
int index;
|
||||
- char *physname;
|
||||
|
||||
if (!ifname)
|
||||
return -EINVAL;
|
||||
@@ -3279,13 +3275,20 @@ int lxc_network_move_created_netdev_priv(struct lxc_handler *handler)
|
||||
return 0;
|
||||
|
||||
lxc_list_for_each(iterator, network) {
|
||||
+ __do_free char *physname = NULL;
|
||||
int ret;
|
||||
struct lxc_netdev *netdev = iterator->elem;
|
||||
|
||||
if (!netdev->ifindex)
|
||||
continue;
|
||||
|
||||
- ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL);
|
||||
+ if (netdev->type == LXC_NET_PHYS)
|
||||
+ physname = is_wlan(netdev->link);
|
||||
+
|
||||
+ if (physname)
|
||||
+ ret = lxc_netdev_move_wlan(physname, netdev->link, pid, NULL);
|
||||
+ else
|
||||
+ ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL);
|
||||
if (ret) {
|
||||
errno = -ret;
|
||||
SYSERROR("Failed to move network device \"%s\" with ifindex %d to network namespace %d",
|
@ -1,38 +0,0 @@
|
||||
# Contributor: Bjoern Schilberg <bjoern@intevation.de>
|
||||
# Maintainer: Bjoern Schilberg <bjoern@intevation.de>
|
||||
pkgname=postgis
|
||||
pkgver=2.5.1
|
||||
pkgrel=1
|
||||
pkgdesc="PostGIS is a spatial database extender for PostgreSQL object-relational database."
|
||||
url="https://postgis.net/"
|
||||
# geos test fails on other archs
|
||||
arch="x86 x86_64" # fails on x86*
|
||||
license="GPL-2.0-or-later"
|
||||
depends="postgresql perl"
|
||||
makedepends="postgresql-dev geos-dev gdal-dev libxml2-dev proj4-dev perl-dev
|
||||
json-c-dev pcre-dev"
|
||||
subpackages="$pkgname-dev $pkgname-doc"
|
||||
source="http://download.osgeo.org/postgis/source/$pkgname-$pkgver.tar.gz"
|
||||
options="!check" # tests depends on a running PostgreSQL server
|
||||
|
||||
build() {
|
||||
cd "$builddir"
|
||||
|
||||
./configure \
|
||||
--build=$CBUILD \
|
||||
--host=$CHOST \
|
||||
--prefix=/usr \
|
||||
--disable-gtktest \
|
||||
--disable-nls \
|
||||
--disable-rpath \
|
||||
--without-protobuf
|
||||
make -j1
|
||||
}
|
||||
|
||||
package() {
|
||||
cd "$builddir"
|
||||
|
||||
make DESTDIR="$pkgdir" install
|
||||
}
|
||||
|
||||
sha512sums="c6c9c8c5befd945614e92d1062df1d753ca8b7fd69b70226065c2dac77a59783b14ece4da994187079b683ee090ba5a79389ba679f22fce8c20a5afc2c8dfca0 postgis-2.5.1.tar.gz"
|
@ -1,33 +0,0 @@
|
||||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=proj4
|
||||
pkgver=5.2.0
|
||||
pkgrel=0
|
||||
pkgdesc="PROJ.4 - Cartographic Projections Library"
|
||||
url="https://trac.osgeo.org/proj/"
|
||||
arch="all"
|
||||
license="MIT"
|
||||
options=""
|
||||
depends=""
|
||||
makedepends=""
|
||||
subpackages="$pkgname-doc $pkgname-dev"
|
||||
source="http://download.osgeo.org/proj/proj-$pkgver.tar.gz
|
||||
"
|
||||
|
||||
builddir="$srcdir"/proj-$pkgver
|
||||
build () {
|
||||
cd "$builddir"
|
||||
./configure \
|
||||
--build=$CBUILD \
|
||||
--host=$CHOST \
|
||||
--prefix=/usr \
|
||||
--without-jni \
|
||||
|| return 1
|
||||
make || return 1
|
||||
}
|
||||
|
||||
package() {
|
||||
cd "$builddir"
|
||||
mkdir -p $pkgdir/usr/bin
|
||||
make DESTDIR="$pkgdir" install
|
||||
}
|
||||
sha512sums="f773117d22309d4ee8dbedc2a7b6ba27e8cd032e1bd0af3c98f270bf7b7ab3353be0b04d91202a1f137fc45164c8e8a52712bb06281948008160d08f9f9074ba proj-5.2.0.tar.gz"
|
@ -1,8 +1,8 @@
|
||||
# Contributor: Nathan Johnson <nathan@nathanjohnson.info>
|
||||
# Maintainer: Nathan Johnson <nathan@nathanjohnson.info>
|
||||
pkgname=rabbitmq-server
|
||||
pkgver=3.7.11
|
||||
pkgrel=0
|
||||
pkgver=3.7.18
|
||||
pkgrel=1
|
||||
pkgdesc="RabbitMQ is an open source multi-protocol messaging broker."
|
||||
url="https://www.rabbitmq.com/"
|
||||
arch="noarch !s390x"
|
||||
@ -11,10 +11,9 @@ depends="erlang erlang-tools erlang-runtime-tools erlang-stdlib
|
||||
logrotate erlang-ssl erlang-crypto erlang-parsetools
|
||||
erlang-mnesia erlang-sasl erlang-inets erlang-syntax-tools
|
||||
erlang-eldap erlang-xmerl erlang-os-mon erlang-asn1 erlang-public-key"
|
||||
depends_dev=""
|
||||
makedepends="$depends_dev erlang-dev python2 py2-simplejson xmlto libxslt
|
||||
makedepends="$depends_dev erlang-dev python3 py3-simplejson xmlto libxslt
|
||||
rsync zip gawk grep erlang-compiler erlang-erl-docgen
|
||||
erlang-edoc socat elixir"
|
||||
erlang-edoc socat erlang-eunit elixir"
|
||||
install="$pkgname.pre-install $pkgname.post-deinstall"
|
||||
pkgusers="rabbitmq"
|
||||
pkggroups="rabbitmq"
|
||||
@ -22,34 +21,37 @@ subpackages="$pkgname-doc"
|
||||
source="
|
||||
rabbitmq-server.initd
|
||||
rabbitmq-server.logrotate
|
||||
https://github.com/rabbitmq/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz
|
||||
https://github.com/rabbitmq/rabbitmq-server/releases/download/v$pkgver/rabbitmq-server-$pkgver.tar.xz
|
||||
py3.patch
|
||||
"
|
||||
options="!check" # test suite broken
|
||||
|
||||
# secfixes:
|
||||
# 3.7.17:
|
||||
# - CVE-2015-9251
|
||||
# - CVE-2017-16012
|
||||
# - CVE-2019-11358
|
||||
|
||||
builddir="$srcdir/${pkgname}-${pkgver}"
|
||||
build() {
|
||||
cd "$builddir"
|
||||
make dist manpages
|
||||
make dist manpages PYTHON=python3
|
||||
}
|
||||
|
||||
package() {
|
||||
cd "$builddir"
|
||||
|
||||
make install install-bin install-man DESTDIR="$pkgdir" PREFIX=/usr \
|
||||
RMQ_ROOTDIR="/usr/lib/rabbitmq" MANDIR=/usr/share/man
|
||||
RMQ_ROOTDIR="/usr/lib/rabbitmq" MANDIR=/usr/share/man PYTHON=python3
|
||||
|
||||
mkdir -p "$pkgdir"/var/lib/rabbitmq/mnesia
|
||||
mkdir -p "$pkgdir"/var/log/rabbitmq
|
||||
|
||||
#Copy all necessary lib files etc.
|
||||
install -p -m755 -D "$builddir"/scripts/rabbitmq-server.ocf \
|
||||
"$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server || return 1
|
||||
"$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server
|
||||
install -p -m755 -D "$builddir"/scripts/rabbitmq-server-ha.ocf \
|
||||
"$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server-ha \
|
||||
|| return 1
|
||||
"$pkgdir"/usr/lib/ocf/resource.d/rabbitmq/rabbitmq-server-ha
|
||||
install -p -m644 -D "$srcdir/"$pkgname.logrotate \
|
||||
"$pkgdir"/etc/logrotate.d/rabbitmq-server || return 1
|
||||
"$pkgdir"/etc/logrotate.d/rabbitmq-server
|
||||
install -m755 -D "$srcdir"/$pkgname.initd \
|
||||
"$pkgdir"/etc/init.d/$pkgname || return 1
|
||||
"$pkgdir"/etc/init.d/$pkgname
|
||||
mkdir -p "$pkgdir"/usr/sbin
|
||||
|
||||
# This is lifted / adapted from the official upstream spec file.
|
||||
@ -79,4 +81,5 @@ package() {
|
||||
|
||||
sha512sums="a8bb02a7cae1f8720e5c7aaabfe6a2c0e731cffbe0d8f99bdcb6597daa654dc49e6d41943974601435700cf469eaa8286dc91a3255a6b9023754c3861fbb5cd9 rabbitmq-server.initd
|
||||
b8655cb048ab3b32001d4e6920bb5366696f3a5da75c053605e9b270e771c548e36858dca8338813d34376534515bba00af5e6dd7b4b1754a0e64a8fb756e3f3 rabbitmq-server.logrotate
|
||||
a54034ebc919be0c6f58832ea5d47f8e3964e30ca9185c59bf882c3dc17d1df5b6e1ab0460f75e8cf0cc325504cc3a674f7cb44a5d7613e16a5ad8b721a286a4 rabbitmq-server-3.7.11.tar.xz"
|
||||
7ac10172b2a1d282a0fbcfc13e4612b0aaee31c7248616cc16451c9390aabd96d866619336a29c9bb3b4142d2141b5d442a07a49c6bb0a4ea0cdb287dc813c0f rabbitmq-server-3.7.18.tar.xz
|
||||
7862c8566631aeb8c7756e5c8ea11705546ffcdca6ec9058516f91c2650a21b1bb373879e8eb8a78dc5af808eb1fdf6c8167997ea7feace2de61dfa1fb1e5c8b py3.patch"
|
||||
|
112
apk/rabbitmq-server/py3.patch
Normal file
112
apk/rabbitmq-server/py3.patch
Normal file
@ -0,0 +1,112 @@
|
||||
diff --git a/deps/amqp10_common/codegen.py b/deps/amqp10_common/codegen.py
|
||||
index dc4480a..d573bcf 100755
|
||||
--- a/deps/amqp10_common/codegen.py
|
||||
+++ b/deps/amqp10_common/codegen.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
from __future__ import print_function
|
||||
|
||||
diff --git a/deps/rabbit_common/codegen.py b/deps/rabbit_common/codegen.py
|
||||
index 8b81362..70bd7fa 100755
|
||||
--- a/deps/rabbit_common/codegen.py
|
||||
+++ b/deps/rabbit_common/codegen.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
## The contents of this file are subject to the Mozilla Public License
|
||||
## Version 1.1 (the "License"); you may not use this file except in
|
||||
diff --git a/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py b/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py
|
||||
index 1ae2e80..3e61442 100755
|
||||
--- a/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py
|
||||
+++ b/deps/rabbitmq_auth_backend_http/examples/rabbitmq_auth_backend_django/manage.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
import os
|
||||
import sys
|
||||
|
||||
diff --git a/deps/rabbitmq_consistent_hash_exchange/README.md b/deps/rabbitmq_consistent_hash_exchange/README.md
|
||||
index ce1623f..6ff906b 100644
|
||||
--- a/deps/rabbitmq_consistent_hash_exchange/README.md
|
||||
+++ b/deps/rabbitmq_consistent_hash_exchange/README.md
|
||||
@@ -150,7 +150,7 @@ Executable versions of some of the code examples can be found under [./examples]
|
||||
This version of the example uses [Pika](https://pika.readthedocs.io/en/stable/), the most widely used Python client for RabbitMQ:
|
||||
|
||||
``` python
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
import pika
|
||||
import time
|
||||
@@ -342,7 +342,7 @@ routed to the same **arbitrarily chosen** queue.
|
||||
#### Code Example in Python
|
||||
|
||||
``` python
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
import pika
|
||||
import time
|
||||
@@ -544,7 +544,7 @@ routed to the same **arbitrarily chosen** queue.
|
||||
#### Code Example in Python
|
||||
|
||||
``` python
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
import pika
|
||||
import time
|
||||
diff --git a/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py b/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py
|
||||
index 6cf67d6..30e43ea 100644
|
||||
--- a/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py
|
||||
+++ b/deps/rabbitmq_consistent_hash_exchange/examples/python/example1.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
import pika
|
||||
import time
|
||||
diff --git a/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py b/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py
|
||||
index 8c1ac15..0099b28 100644
|
||||
--- a/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py
|
||||
+++ b/deps/rabbitmq_consistent_hash_exchange/examples/python/example2.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
import pika
|
||||
import time
|
||||
diff --git a/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py b/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py
|
||||
index 0b74501..c11a4ce 100644
|
||||
--- a/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py
|
||||
+++ b/deps/rabbitmq_consistent_hash_exchange/examples/python/example3.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
import pika
|
||||
import time
|
||||
diff --git a/deps/rabbitmq_management/bin/rabbitmqadmin b/deps/rabbitmq_management/bin/rabbitmqadmin
|
||||
index 55173cb..04c0c12 100755
|
||||
--- a/deps/rabbitmq_management/bin/rabbitmqadmin
|
||||
+++ b/deps/rabbitmq_management/bin/rabbitmqadmin
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
|
||||
# The contents of this file are subject to the Mozilla Public License
|
||||
# Version 1.1 (the "License"); you may not use this file except in
|
||||
diff --git a/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py b/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py
|
||||
index 469f277..ea21f63 100755
|
||||
--- a/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py
|
||||
+++ b/deps/rabbitmq_trust_store/examples/rabbitmq_trust_store_django/manage.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python3
|
||||
import os
|
||||
import sys
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
addgroup -S rabbitmq 2>/dev/null
|
||||
adduser -S -D -H -s /sbin/nologin -h /usr/lib/rabbitmq -G rabbitmq \
|
||||
adduser -S -D -H -s /sbin/nologin -h /var/lib/rabbitmq -G rabbitmq \
|
||||
-g 'RabbitMQ Server' rabbitmq 2>/dev/null
|
||||
exit 0
|
||||
|
1
apk/spoc
Submodule
1
apk/spoc
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 0614c15e3ed8b8482febaf6113a7f53ef006df18
|
@ -1 +1 @@
|
||||
Subproject commit d9334fd12be8feb11106564d1a3b2e7526c89f43
|
||||
Subproject commit 71604f26b6cd26e3d7cef720401bdc24bb13bd16
|
@ -1,65 +0,0 @@
|
||||
# Contributor: Stuart Cardall <developer@it-offshore.co.uk>
|
||||
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
|
||||
pkgname=wireguard-tools
|
||||
pkgver=0.0.20190702
|
||||
pkgrel=0
|
||||
pkgdesc="Next generation secure network tunnel: userspace tools"
|
||||
arch="all"
|
||||
url="https://www.wireguard.com"
|
||||
# SPDX identifier headers tells us 'GPL-2.0' but considering it
|
||||
# is a kernel project i think it is safe to assume it is GPL-2.0-only just
|
||||
# like the kernel.
|
||||
license="GPL-2.0-only"
|
||||
makedepends="libmnl-dev"
|
||||
depends="$pkgname-wg $pkgname-wg-quick"
|
||||
subpackages="
|
||||
$pkgname-doc
|
||||
$pkgname-bash-completion:bashcomp:noarch
|
||||
$pkgname-wg:_split
|
||||
$pkgname-wg-quick:_split:noarch
|
||||
"
|
||||
options="!check"
|
||||
source="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$pkgver.tar.xz
|
||||
alpine-compat.patch
|
||||
"
|
||||
builddir="$srcdir"/WireGuard-$pkgver
|
||||
|
||||
build() {
|
||||
make -C src/tools
|
||||
}
|
||||
|
||||
package() {
|
||||
mkdir -p "$pkgdir/usr/share/doc/$pkgname"
|
||||
|
||||
make -C src/tools \
|
||||
DESTDIR="$pkgdir" \
|
||||
WITH_BASHCOMPLETION=yes \
|
||||
WITH_WGQUICK=yes \
|
||||
WITH_SYSTEMDUNITS=no \
|
||||
install
|
||||
|
||||
find "$builddir"/contrib/examples -name '.gitignore' -delete
|
||||
cp -rf "$builddir"/contrib/examples "$pkgdir/usr/share/doc/$pkgname/"
|
||||
}
|
||||
|
||||
_split() {
|
||||
local cmd=${subpkgname/$pkgname-}
|
||||
pkgdesc="$pkgdesc ($cmd)"
|
||||
case $cmd in
|
||||
wg-quick) depends="$pkgname-wg iproute2 bash openresolv" ;;
|
||||
*) depends= ;;
|
||||
esac
|
||||
mkdir -p "$subpkgdir"/usr/bin
|
||||
mv "$pkgdir"/usr/bin/$cmd "$subpkgdir"/usr/bin/
|
||||
}
|
||||
|
||||
bashcomp() {
|
||||
depends="bash"
|
||||
pkgdesc="WireGuard bash completions"
|
||||
|
||||
mkdir -p "$subpkgdir"/usr
|
||||
mv "$pkgdir"/usr/share "$subpkgdir"/usr
|
||||
}
|
||||
|
||||
sha512sums="8b92b51506cd3f8e9939378b86f23678e08e8501432decd0abf6a9d4e3dfe4742b6f1cb75e06407f5816778b3dd90849a5da83252ab882392ec1905dfb997501 WireGuard-0.0.20190702.tar.xz
|
||||
4577574333f023217ae6e0945807e1ccd2dec7caa87e329b1d5b44569f6b5969663ad74f8154b85d3dc7063dd762649e3fa87c7667e238ffb77c0e5df9245a5e alpine-compat.patch"
|
@ -1,12 +0,0 @@
|
||||
diff --git a/src/tools/wg-quick/linux.bash b/src/tools/wg-quick/linux.bash
|
||||
--- a/src/tools/wg-quick/linux.bash
|
||||
+++ b/src/tools/wg-quick/linux.bash
|
||||
@@ -201,7 +201,7 @@
|
||||
cmd ip $proto rule add table main suppress_prefixlength 0
|
||||
while read -r key _ value; do
|
||||
[[ $value -eq 1 ]] && sysctl -q "$key=2"
|
||||
- done < <(sysctl -a -r '^net\.ipv4.conf\.[^ .=]+\.rp_filter$')
|
||||
+ done < <(sysctl -a 2>/dev/null | sed -n -r 's#^(net\.ipv4.conf\.[^ .=]+\.rp_filter).*$#\1#p')
|
||||
return 0
|
||||
}
|
||||
|
@ -1,91 +0,0 @@
|
||||
# Contributor: Stuart Cardall <developer@it-offshore.co.uk>
|
||||
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
|
||||
|
||||
# wireguard version
|
||||
_ver=0.0.20190702
|
||||
_rel=0
|
||||
|
||||
# kernel version
|
||||
_kver=4.19.52
|
||||
_krel=0
|
||||
|
||||
_kpkgver="$_kver-r$_krel"
|
||||
|
||||
# for custom kernels set $FLAVOR
|
||||
_extra_flavors=
|
||||
if [ -z "$FLAVOR" ]; then
|
||||
_flavor=vanilla
|
||||
case $CARCH in
|
||||
x86|x86_64) _extra_flavors="virt";;
|
||||
esac
|
||||
else
|
||||
_flavor=$FLAVOR
|
||||
fi
|
||||
_kpkg=linux-$_flavor
|
||||
|
||||
pkgname=wireguard-$_flavor
|
||||
pkgver=$_kver
|
||||
pkgrel=$(( $_rel + $_krel))
|
||||
|
||||
pkgdesc="Next generation secure network tunnel: kernel modules for $_flavor"
|
||||
arch="all"
|
||||
url="https://www.wireguard.com"
|
||||
license="GPL-2.0"
|
||||
depends="linux-$_flavor=$_kpkgver"
|
||||
makedepends="
|
||||
libmnl-dev
|
||||
linux-$_flavor-dev=$_kpkgver
|
||||
linux-firmware-none
|
||||
"
|
||||
install_if="wireguard-tools-wg=$_ver-r$_rel linux-$_flavor=$_kpkgver"
|
||||
options="!check"
|
||||
source="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$_ver.tar.xz"
|
||||
builddir="$srcdir"/WireGuard-$_ver
|
||||
|
||||
for f in $_extra_flavors; do
|
||||
makedepends="$makedepends linux-$f-dev=$_kpkgver"
|
||||
subpackages="$subpackages wireguard-$f:_extra"
|
||||
done
|
||||
|
||||
prepare() {
|
||||
default_prepare
|
||||
if [ -z "$FLAVOR" ]; then
|
||||
( . "$startdir"/../../main/linux-$_flavor/APKBUILD
|
||||
[ "$_kver" != "$pkgver" ] && die "please update _kver to $pkgver"
|
||||
[ "$_krel" != "$pkgrel" ] && die "please update _krel to $pkgrel"
|
||||
return 0
|
||||
)
|
||||
fi
|
||||
local flavor=
|
||||
for flavor in $_flavor $_extra_flavors; do
|
||||
cp -r "$builddir" "$srcdir"/$flavor
|
||||
done
|
||||
}
|
||||
|
||||
build() {
|
||||
unset LDFLAGS
|
||||
local flavor= kabi=
|
||||
for flavor in $_flavor $_extra_flavors; do
|
||||
kabi="$_kver-$_krel-$flavor"
|
||||
make -C "$srcdir/$flavor"/src \
|
||||
KERNELDIR=/lib/modules/$kabi/build module
|
||||
done
|
||||
}
|
||||
|
||||
package() {
|
||||
local kabi="$_kver-$_krel-$_flavor"
|
||||
install -Dm644 "$srcdir"/$_flavor/src/wireguard.ko \
|
||||
"$pkgdir/lib/modules/$kabi/extra/wireguard.ko"
|
||||
}
|
||||
|
||||
_extra() {
|
||||
flavor=${subpkgname##*-}
|
||||
depends="linux-$flavor=$_kpkgver"
|
||||
install_if="wireguard-tools-wg=$_ver-r$_rel linux-$flavor=$_kpkgver"
|
||||
pkgdesc="Next generation secure network tunnel: kernel modules for $flavor"
|
||||
local kabi="$_kver-$_krel-$flavor"
|
||||
install -Dm644 "$srcdir"/virt/src/wireguard.ko \
|
||||
"$subpkgdir/lib/modules/$kabi/extra/wireguard.ko"
|
||||
}
|
||||
|
||||
sha512sums="8b92b51506cd3f8e9939378b86f23678e08e8501432decd0abf6a9d4e3dfe4742b6f1cb75e06407f5816778b3dd90849a5da83252ab882392ec1905dfb997501 WireGuard-0.0.20190702.tar.xz"
|
@ -7,140 +7,106 @@ ROOT=$(dirname $(dirname $(realpath "${0}")))
|
||||
cd ${ROOT}/doc
|
||||
make html
|
||||
|
||||
# Build basic.tar
|
||||
# Build basic tar
|
||||
cd ${ROOT}/vm
|
||||
tar cpf /srv/build/vm.tar *
|
||||
tar czpf /srv/build/vm.tar.gz *
|
||||
|
||||
# Build native apps
|
||||
cd ${ROOT}/apk/acme-sh
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/geos
|
||||
apk add -U swig python2-dev
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/gdal
|
||||
apk add -U curl-dev geos-dev@vm giflib-dev jpeg-dev libjpeg-turbo-dev libpng-dev linux-headers postgresql-dev python2-dev sqlite-dev swig tiff-dev zlib-dev
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/proj4
|
||||
cd ${ROOT}/apk/lxc
|
||||
apk add -U autoconf automake bsd-compat-headers docbook2x libcap-dev libcap-static libseccomp-dev libtool linux-headers linux-pam-dev
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/rabbitmq-server
|
||||
apk add -U elixir erlang-compiler erlang-dev erlang-edoc erlang-eldap erlang-erl-docgen erlang-mnesia erlang-os-mon erlang-runtime-tools erlang-tools erlang-xmerl gawk grep libxslt logrotate py2-simplejson python2 rsync socat xmlto zip
|
||||
apk add -U elixir erlang-compiler erlang-dev erlang-edoc erlang-eldap erlang-erl-docgen erlang-mnesia erlang-os-mon erlang-runtime-tools erlang-tools erlang-eunit erlang-xmerl gawk grep libxslt py3-simplejson python3 rsync socat xmlto zip
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/postgis
|
||||
apk add -U gdal-dev@vm geos-dev@vm json-c-dev libxml2-dev pcre-dev perl perl-dev postgresql postgresql-dev proj4-dev@vm
|
||||
cd ${ROOT}/apk/spoc
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/vmmgr
|
||||
abuild -F
|
||||
|
||||
cd ${ROOT}/apk/wireguard
|
||||
apk add -U libmnl-dev linux-virt-dev linux-firmware-none
|
||||
FLAVOR=virt abuild -F
|
||||
|
||||
cd ${ROOT}/apk/wireguard-tools
|
||||
apk add -U libmnl-dev
|
||||
abuild -F
|
||||
|
||||
# Build apd pack runtimes
|
||||
# Build runtimes
|
||||
cd ${ROOT}/lxc-shared
|
||||
lxc-build alpine3.8
|
||||
lxc-build alpine3.8-php5.6
|
||||
lxc-build alpine3.8-nodejs8
|
||||
lxc-build alpine3.8-ruby2.4
|
||||
lxc-build alpine3.9
|
||||
lxc-build alpine3.9-java8
|
||||
lxc-build alpine3.9-php7.2
|
||||
lxc-build alpine3.9-python2.7
|
||||
lxc-build alpine3.9-python3.6
|
||||
lxc-build alpine3.9-nodejs10
|
||||
lxc-build alpine3.9-ruby2.4
|
||||
lxc-build alpine3.9-tomcat7
|
||||
lxc-build alpine3.9-tomcat8.5
|
||||
spoc-image build -p alpine3.8/image
|
||||
spoc-image build -p alpine3.8-java8/image
|
||||
spoc-image build -p alpine3.8-php5.6/image
|
||||
spoc-image build -p alpine3.8-ruby2.4/image
|
||||
spoc-image build -p alpine3.10/image
|
||||
spoc-image build -p alpine3.10-nodejs10/image
|
||||
spoc-image build -p alpine3.10-python2.7/image
|
||||
spoc-image build -p alpine3.10-python3.7/image
|
||||
spoc-image build -p alpine3.11/image
|
||||
spoc-image build -p alpine3.11-java8/image
|
||||
spoc-image build -p alpine3.11-php7.3/image
|
||||
spoc-image build -p alpine3.11-python2.7/image
|
||||
spoc-image build -p alpine3.11-python3.8/image
|
||||
spoc-image build -p alpine3.11-ruby2.4/image
|
||||
spoc-image build -p alpine3.11-ruby2.6/image
|
||||
spoc-image build -p alpine3.11-tomcat7/image
|
||||
spoc-image build -p alpine3.11-tomcat8.5/image
|
||||
|
||||
# Build services
|
||||
cd ${ROOT}/lxc-services
|
||||
lxc-build activemq
|
||||
lxc-build mariadb
|
||||
lxc-build postgres
|
||||
lxc-build rabbitmq
|
||||
lxc-build redis
|
||||
lxc-build solr
|
||||
spoc-image build -p activemq/image
|
||||
spoc-image build -p mariadb/image
|
||||
spoc-image build -p postgres/image
|
||||
spoc-image build -p postgis/image
|
||||
spoc-image build -p rabbitmq/image
|
||||
spoc-image build -p redis/image
|
||||
spoc-image build -p solr6/image
|
||||
|
||||
# Build applications
|
||||
cd ${ROOT}/lxc-apps
|
||||
lxc-build ckan-datapusher
|
||||
lxc-build ckan
|
||||
lxc-build crisiscleanup
|
||||
lxc-build cts
|
||||
lxc-build ecogis
|
||||
lxc-build frontlinesms
|
||||
lxc-build gnuhealth
|
||||
lxc-build kanboard
|
||||
lxc-build mifosx
|
||||
lxc-build motech
|
||||
lxc-build odoo
|
||||
lxc-build opendatakit
|
||||
lxc-build opendatakit-build
|
||||
lxc-build openmapkit
|
||||
lxc-build pandora
|
||||
lxc-build sahana-shared
|
||||
lxc-build sahana
|
||||
lxc-build sahana-demo
|
||||
lxc-build sambro
|
||||
lxc-build seeddms
|
||||
lxc-build sigmah
|
||||
lxc-build ushahidi
|
||||
|
||||
# Pack runtimes
|
||||
cd ${ROOT}/lxc-shared
|
||||
lxc-pack alpine3.8
|
||||
lxc-pack alpine3.8-php5.6
|
||||
lxc-pack alpine3.8-nodejs8
|
||||
lxc-pack alpine3.8-ruby2.4
|
||||
lxc-pack alpine3.9
|
||||
lxc-pack alpine3.9-java8
|
||||
lxc-pack alpine3.9-php7.2
|
||||
lxc-pack alpine3.9-python2.7
|
||||
lxc-pack alpine3.9-python3.6
|
||||
lxc-pack alpine3.9-nodejs10
|
||||
lxc-pack alpine3.9-ruby2.4
|
||||
lxc-pack alpine3.9-tomcat7
|
||||
lxc-pack alpine3.9-tomcat8.5
|
||||
spoc-image build -p ckan/ckan.image
|
||||
spoc-image build -p ckan/ckan-datapusher.image
|
||||
spoc-app publish ckan/app
|
||||
|
||||
# Pack services
|
||||
cd ${ROOT}/lxc-services
|
||||
lxc-pack activemq
|
||||
lxc-pack mariadb
|
||||
lxc-pack postgres
|
||||
lxc-pack rabbitmq
|
||||
lxc-pack redis
|
||||
lxc-pack solr
|
||||
spoc-image build -p crisiscleanup/image
|
||||
spoc-app publish crisiscleanup/app
|
||||
|
||||
# Pack applications
|
||||
cd ${ROOT}/lxc-apps
|
||||
lxc-pack ckan-datapusher
|
||||
lxc-pack ckan
|
||||
lxc-pack crisiscleanup
|
||||
lxc-pack cts
|
||||
lxc-pack ecogis
|
||||
lxc-pack frontlinesms
|
||||
lxc-pack gnuhealth
|
||||
lxc-pack kanboard
|
||||
lxc-pack mifosx
|
||||
lxc-pack motech
|
||||
lxc-pack odoo
|
||||
lxc-pack opendatakit
|
||||
lxc-pack opendatakit-build
|
||||
lxc-pack openmapkit
|
||||
lxc-pack pandora
|
||||
lxc-pack sahana-shared
|
||||
lxc-pack sahana
|
||||
lxc-pack sahana-demo
|
||||
lxc-pack sambro
|
||||
lxc-pack seeddms
|
||||
lxc-pack sigmah
|
||||
lxc-pack ushahidi
|
||||
spoc-image build -p cts/image
|
||||
spoc-app publish cts/app
|
||||
|
||||
spoc-image build -p decidim/image
|
||||
spoc-app publish decidim/app
|
||||
|
||||
spoc-image build -p frontlinesms/image
|
||||
spoc-app publish frontlinesms/app
|
||||
|
||||
spoc-image build -p gnuhealth/image
|
||||
spoc-app publish gnuhealth/app
|
||||
|
||||
spoc-image build -p kanboard/image
|
||||
spoc-app publish kanboard/app
|
||||
|
||||
spoc-image build -p mifosx/image
|
||||
spoc-app publish mifosx/app
|
||||
|
||||
spoc-image build -p motech/image
|
||||
spoc-app publish motech/app
|
||||
|
||||
spoc-image build -p odoo/image
|
||||
spoc-app publish odoo/app
|
||||
|
||||
spoc-image build -p opendatakit/opendatakit.image
|
||||
spoc-image build -p opendatakit/opendatakit-build.image
|
||||
spoc-app publish opendatakit/app
|
||||
|
||||
spoc-image build -p openmapkit/image
|
||||
spoc-app publish openmapkit/app
|
||||
|
||||
spoc-image build -p pandora/image
|
||||
spoc-app publish pandora/app
|
||||
|
||||
spoc-image build -p sahana/image
|
||||
spoc-app publish sahana/app
|
||||
spoc-app publish sahana-demo/app
|
||||
spoc-app publish sambro/app
|
||||
|
||||
spoc-image build -p seeddms/image
|
||||
spoc-app publish seeddms/app
|
||||
|
||||
spoc-image build -p ushahidi/image
|
||||
spoc-app publish ushahidi/app
|
||||
|
29
build/clean-all.sh
Executable file
29
build/clean-all.sh
Executable file
@ -0,0 +1,29 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
# Clean documentation
|
||||
rm -rf /srv/build/doc/*
|
||||
|
||||
# Clean basic tar
|
||||
rm -f /srv/build/vm.tar.gz
|
||||
|
||||
# Clean native apps
|
||||
rm -rf /srv/build/alpine/*
|
||||
|
||||
# Clean built LXC packages
|
||||
rm -rf /srv/build/spoc
|
||||
|
||||
# Remove nginx configs
|
||||
for CONF in $(find /etc/nginx/conf.d -name '*.conf' -a ! -name repo.conf -a ! -name default.conf); do
|
||||
rm -f ${CONF}
|
||||
done
|
||||
service nginx reload
|
||||
|
||||
# Stop running containers
|
||||
for APP in $(spoc-container list); do
|
||||
spoc-container stop ${APP}
|
||||
done
|
||||
|
||||
# Remove data
|
||||
rm -rf /var/lib/spoc
|
||||
rm -rf /var/log/spoc
|
@ -9,18 +9,21 @@ export MAKEFLAGS=-j$JOBS
|
||||
# remove line below to disable colors
|
||||
USE_COLORS=1
|
||||
|
||||
# uncomment line below to enable ccache support.
|
||||
#USE_CCACHE=1
|
||||
|
||||
SRCDEST=/var/cache/distfiles
|
||||
|
||||
# uncomment line below to store built packages in other location
|
||||
# The package will be stored as $REPODEST/$repo/$pkgname-$pkgver-r$pkgrel.apk
|
||||
# where $repo is the name of the parent directory of $startdir.
|
||||
REPODEST=/srv/build/alpine/v3.9
|
||||
REPODEST=/srv/build/alpine/v3.11
|
||||
|
||||
# PACKAGER and MAINTAINER are used by newapkbuild when creating new aports for
|
||||
# the APKBUILD's "Contributor:" and "Maintainer:" comments, respectively.
|
||||
#PACKAGER="Your Name <your@email.address>"
|
||||
#MAINTAINER="$PACKAGER"
|
||||
PACKAGER_PRIVKEY="/srv/build/repokey.rsa"
|
||||
PACKAGER_PRIVKEY="/root/repo.spotter.cz.rsa"
|
||||
|
||||
# what to clean up after a successful build
|
||||
CLEANUP="srcdir bldroot pkgdir deps"
|
||||
|
@ -1,6 +1,6 @@
|
||||
server {
|
||||
listen [::]:80;
|
||||
server_name repo.spotter.cz;
|
||||
server_name repo.build.vm;
|
||||
|
||||
location / {
|
||||
root /srv/build;
|
@ -5,7 +5,7 @@ cd $(realpath $(dirname "${0}"))
|
||||
|
||||
# Install basic build tools
|
||||
apk update
|
||||
apk add git file htop less openssh-client tar xz
|
||||
apk add git file htop less openssh-client tree
|
||||
# Install Alpine SDK
|
||||
apk add alpine-sdk
|
||||
# Install Sphinx support
|
||||
@ -13,7 +13,7 @@ apk add py3-sphinx
|
||||
pip3 install recommonmark sphinx-markdown-tables
|
||||
|
||||
# Copy root profile files and settings
|
||||
mkdir -p /root/.config/htop /root/.ssh
|
||||
mkdir -p /root/.config/htop
|
||||
cp root/.profile /root/.profile
|
||||
cp root/.config/htop/htoprc /root/.config/htop/htoprc
|
||||
|
||||
@ -21,19 +21,17 @@ cp root/.config/htop/htoprc /root/.config/htop/htoprc
|
||||
adduser root abuild
|
||||
cp etc/abuild.conf /etc/abuild.conf
|
||||
|
||||
# Prepare LXC build toolchain
|
||||
cp usr/bin/fix-apk /usr/bin/fix-apk
|
||||
cp usr/bin/lxc-build /usr/bin/lxc-build
|
||||
cp usr/bin/lxc-pack /usr/bin/lxc-pack
|
||||
|
||||
# Prepare local APK repository
|
||||
cp etc/nginx/conf.d/apkrepo.conf /etc/nginx/conf.d/apkrepo.conf
|
||||
echo "172.17.0.1 repo.spotter.cz" >>/etc/hosts
|
||||
cp etc/nginx/conf.d/repo.conf /etc/nginx/conf.d/repo.conf
|
||||
echo "172.17.0.1 repo.build.vm" >>/etc/hosts
|
||||
service nginx reload
|
||||
|
||||
# Supply abuild key
|
||||
# echo '/srv/build/repokey.rsa' | abuild-keygen
|
||||
# Change SPOC repository
|
||||
sed -i 's/https:\/\/repo\.spotter\.cz/http:\/\/repo.build.vm/' /etc/spoc/spoc.conf
|
||||
|
||||
# Supply LXC build key
|
||||
# openssl ecparam -genkey -name secp384r1 -out /srv/build/packages.key
|
||||
# openssl ec -in /srv/build/packages.key -pubout -out /srv/build/packages.pub
|
||||
# Supply abuild key
|
||||
# echo '/root/repo.spotter.cz.rsa' | abuild-keygen
|
||||
|
||||
# Supply SPOC key
|
||||
# openssl ecparam -genkey -name secp384r1 -out /etc/spoc/publish.key
|
||||
# openssl ec -in /etc/spoc/publish.key -pubout -out /tmp/repository.pub
|
||||
|
@ -1,43 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
import os
|
||||
import sys
|
||||
|
||||
def fix_installed(layers):
|
||||
installed = []
|
||||
for layer in layers[:-1]:
|
||||
try:
|
||||
with open(os.path.join(layer, 'lib/apk/db/installed'), 'r') as f:
|
||||
buffer = []
|
||||
for line in f:
|
||||
if line.startswith('C:'):
|
||||
buffer = ''.join(buffer)
|
||||
if buffer not in installed:
|
||||
installed.append(buffer)
|
||||
buffer = []
|
||||
buffer.append(line)
|
||||
buffer = ''.join(buffer)
|
||||
if buffer not in installed:
|
||||
installed.append(buffer)
|
||||
except:
|
||||
continue
|
||||
os.makedirs(os.path.join(layers[-1], 'lib/apk/db'), 0o755, True)
|
||||
with open(os.path.join(layers[-1], 'lib/apk/db/installed'), 'w') as f:
|
||||
f.writelines(installed)
|
||||
|
||||
def fix_world(layers):
|
||||
world = []
|
||||
for layer in layers[:-1]:
|
||||
try:
|
||||
with open(os.path.join(layer, 'etc/apk/world'), 'r') as f:
|
||||
for line in f:
|
||||
if line not in world:
|
||||
world.append(line)
|
||||
except:
|
||||
continue
|
||||
os.makedirs(os.path.join(layers[-1], 'etc/apk'), 0o755, True)
|
||||
with open(os.path.join(layers[-1], 'etc/apk/world'), 'w') as f:
|
||||
f.writelines(world)
|
||||
|
||||
fix_installed(sys.argv[1:])
|
||||
fix_world(sys.argv[1:])
|
@ -1,210 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
import os
|
||||
import shutil
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
LXC_ROOT = '/var/lib/lxc'
|
||||
CONFIG_TEMPLATE = '''# Image name
|
||||
lxc.uts.name = {name}
|
||||
|
||||
# Network
|
||||
lxc.net.0.type = veth
|
||||
lxc.net.0.link = lxcbr0
|
||||
lxc.net.0.flags = up
|
||||
|
||||
# Volumes
|
||||
lxc.rootfs.path = {rootfs}
|
||||
|
||||
# Mounts
|
||||
lxc.mount.entry = shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
|
||||
lxc.mount.entry = /etc/hosts etc/hosts none bind,create=file 0 0
|
||||
lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,create=file 0 0
|
||||
{mounts}
|
||||
|
||||
# Init
|
||||
lxc.init.cmd = {cmd}
|
||||
lxc.init.uid = {uid}
|
||||
lxc.init.gid = {gid}
|
||||
lxc.init.cwd = {cwd}
|
||||
|
||||
# Environment
|
||||
lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
{env}
|
||||
|
||||
# Halt
|
||||
lxc.signal.halt = {halt}
|
||||
|
||||
# Log
|
||||
lxc.console.size = 1MB
|
||||
lxc.console.logfile = /var/log/lxc/{name}.log
|
||||
|
||||
# Other
|
||||
lxc.arch = x86_64
|
||||
lxc.cap.drop = sys_admin
|
||||
lxc.hook.pre-start = /usr/bin/vmmgr prepare-container
|
||||
lxc.hook.start-host = /usr/bin/vmmgr register-container
|
||||
lxc.hook.post-stop = /usr/bin/vmmgr unregister-container
|
||||
lxc.include = /usr/share/lxc/config/common.conf
|
||||
'''
|
||||
|
||||
class LXCImage:
|
||||
def __init__(self, build_path):
|
||||
self.name = None
|
||||
self.layers = []
|
||||
self.mounts = []
|
||||
self.env = []
|
||||
self.uid = 0
|
||||
self.gid = 0
|
||||
self.cmd = '/bin/true'
|
||||
self.cwd = '/'
|
||||
self.halt = 'SIGINT'
|
||||
|
||||
if os.path.isfile(build_path):
|
||||
self.lxcfile = os.path.realpath(build_path)
|
||||
self.build_dir = os.path.dirname(self.lxcfile)
|
||||
else:
|
||||
self.build_dir = os.path.realpath(build_path)
|
||||
self.lxcfile = os.path.join(self.build_dir, 'lxcfile')
|
||||
|
||||
def build(self):
|
||||
with open(self.lxcfile, 'r') as f:
|
||||
lxcfile = [l.strip() for l in f.readlines()]
|
||||
|
||||
script = []
|
||||
script_eof = None
|
||||
|
||||
for line in lxcfile:
|
||||
if script_eof:
|
||||
if line == script_eof:
|
||||
script_eof = None
|
||||
self.run_script(script)
|
||||
else:
|
||||
script.append(line)
|
||||
elif line.startswith('RUN'):
|
||||
script = []
|
||||
script_eof = line.split()[1]
|
||||
elif line.startswith('IMAGE'):
|
||||
self.set_name(line.split()[1])
|
||||
elif line.startswith('LAYER'):
|
||||
self.add_layer(line.split()[1])
|
||||
elif line.startswith('FIXLAYER'):
|
||||
self.fix_layer(line.split()[1])
|
||||
elif line.startswith('COPY'):
|
||||
srcdst = line.split()
|
||||
self.copy_files(srcdst[1], srcdst[2] if len(srcdst) == 3 else '')
|
||||
elif line.startswith('MOUNT'):
|
||||
mount = line.split()
|
||||
self.add_mount(mount[1], mount[2], mount[3])
|
||||
elif line.startswith('ENV'):
|
||||
env = line.split()
|
||||
self.add_env(env[1], env[2])
|
||||
elif line.startswith('USER'):
|
||||
uidgid = line.split()
|
||||
self.set_user(uidgid[1], uidgid[2])
|
||||
elif line.startswith('CMD'):
|
||||
self.set_cmd(' '.join(line.split()[1:]))
|
||||
elif line.startswith('WORKDIR'):
|
||||
self.set_cwd(line.split()[1])
|
||||
elif line.startswith('HALT'):
|
||||
self.set_halt(line.split()[1])
|
||||
# Add the final layer which will be treated as ephemeral
|
||||
self.add_layer('{}/delta0'.format(self.name))
|
||||
|
||||
def rebuild_config(self):
|
||||
if not self.name:
|
||||
return
|
||||
if len(self.layers) == 1:
|
||||
rootfs = self.layers[0]
|
||||
else:
|
||||
# Multiple lower overlayfs layers are ordered from right to left (lower2:lower1:rootfs:upper)
|
||||
rootfs = 'overlay:{}:{}'.format(':'.join(self.layers[:-1][::-1]), self.layers[-1])
|
||||
mounts = '\n'.join(self.mounts)
|
||||
env = '\n'.join(self.env)
|
||||
with open(os.path.join(LXC_ROOT, self.name, 'config'), 'w') as f:
|
||||
f.write(CONFIG_TEMPLATE.format(name=self.name,
|
||||
rootfs=rootfs, mounts=mounts, env=env,
|
||||
uid=self.uid, gid=self.gid,
|
||||
cmd=self.cmd, cwd=self.cwd, halt=self.halt))
|
||||
|
||||
def run_script(self, script):
|
||||
sh = os.path.join(self.layers[-1], 'run.sh')
|
||||
with open(sh, 'w') as f:
|
||||
f.write('#!/bin/sh\nset -ev\n\n{}\n'.format('\n'.join(script)))
|
||||
os.chmod(sh, 0o700)
|
||||
subprocess.run(['lxc-execute', '-n', self.name, '--', '/bin/sh', '-lc', '/run.sh'], check=True)
|
||||
os.unlink(sh)
|
||||
|
||||
def set_name(self, name):
|
||||
self.name = name
|
||||
os.makedirs(os.path.join(LXC_ROOT, self.name), 0o755, True)
|
||||
|
||||
def add_layer(self, layer):
|
||||
layer = os.path.join(LXC_ROOT, layer)
|
||||
self.layers.append(layer)
|
||||
os.makedirs(layer, 0o755, True)
|
||||
self.rebuild_config()
|
||||
|
||||
def fix_layer(self, cmd):
|
||||
subprocess.run([cmd]+self.layers, check=True)
|
||||
|
||||
def copy_files(self, src, dst):
|
||||
dst = os.path.join(self.layers[-1], dst)
|
||||
if src.startswith('http://') or src.startswith('https://'):
|
||||
self.unpack_http_archive(src, dst)
|
||||
else:
|
||||
src = os.path.join(self.build_dir, src)
|
||||
copy_tree(src, dst)
|
||||
|
||||
def unpack_http_archive(self, src, dst):
|
||||
xf = 'xzf'
|
||||
if src.endswith('.bz2'):
|
||||
xf = 'xjf'
|
||||
elif src.endswith('.xz'):
|
||||
xf = 'xJf'
|
||||
with subprocess.Popen(['wget', src, '-O', '-'], stdout=subprocess.PIPE) as wget:
|
||||
with subprocess.Popen(['tar', xf, '-', '-C', dst], stdin=wget.stdout) as tar:
|
||||
wget.stdout.close()
|
||||
tar.wait()
|
||||
|
||||
def add_mount(self, type, src, dst):
|
||||
self.mounts.append('lxc.mount.entry = {} {} none bind,create={} 0 0'.format(src, dst, type.lower()))
|
||||
self.rebuild_config()
|
||||
|
||||
def add_env(self, key, value):
|
||||
self.env.append('lxc.environment = {}={}'.format(key, value))
|
||||
self.rebuild_config()
|
||||
|
||||
def set_user(self, uid, gid):
|
||||
self.uid = uid
|
||||
self.gid = gid
|
||||
self.rebuild_config()
|
||||
|
||||
def set_cmd(self, cmd):
|
||||
self.cmd = cmd
|
||||
self.rebuild_config()
|
||||
|
||||
def set_cwd(self, cwd):
|
||||
self.cwd = cwd
|
||||
self.rebuild_config()
|
||||
|
||||
def set_halt(self, halt):
|
||||
self.halt = halt
|
||||
self.rebuild_config()
|
||||
|
||||
def copy_tree(src, dst):
|
||||
if not os.path.isdir(src):
|
||||
shutil.copy2(src, dst)
|
||||
else:
|
||||
os.makedirs(dst, exist_ok=True)
|
||||
for name in os.listdir(src):
|
||||
copy_tree(os.path.join(src, name), os.path.join(dst, name))
|
||||
shutil.copystat(src, dst)
|
||||
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'):
|
||||
print('Usage: lxc-build <buildpath>\n where the buildpath can be either specific lxcfile or a directory containing one')
|
||||
else:
|
||||
i = LXCImage(sys.argv[1])
|
||||
i.build()
|
@ -1,92 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
|
||||
import hashlib
|
||||
import json
|
||||
import os
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.asymmetric import ec
|
||||
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
||||
|
||||
PKG_ROOT = '/srv/build/lxc'
|
||||
PRIVATE_KEY = '/srv/build/packages.key'
|
||||
LXC_ROOT = '/var/lib/lxc'
|
||||
|
||||
def pack(path):
|
||||
# Determine correct metadata file and package name
|
||||
path = os.path.realpath(path)
|
||||
if os.path.isdir(path):
|
||||
meta_dir = path
|
||||
meta_file = os.path.join(meta_dir, 'meta')
|
||||
else:
|
||||
meta_dir = os.path.dirname(path)
|
||||
meta_file = path
|
||||
pkg_name = os.path.basename(meta_dir)
|
||||
|
||||
# Load metadata
|
||||
with open(meta_file) as f:
|
||||
meta = json.load(f)
|
||||
|
||||
# Prepare package file names
|
||||
os.makedirs(PKG_ROOT, 0o755, True)
|
||||
tar_path = os.path.join(PKG_ROOT, '{}_{}-{}.tar'.format(pkg_name, meta['version'], meta['release']))
|
||||
xz_path = '{}.xz'.format(tar_path)
|
||||
|
||||
# Remove old package
|
||||
if os.path.exists(tar_path):
|
||||
os.unlink(tar_path)
|
||||
if os.path.exists(xz_path):
|
||||
os.unlink(xz_path)
|
||||
|
||||
# Create archive
|
||||
print('Archiving', meta['lxcpath'])
|
||||
subprocess.run(['tar', '--xattrs', '-cpf', tar_path, os.path.join(LXC_ROOT, meta['lxcpath'])], cwd='/')
|
||||
# Add install/upgrade/uninstall scripts
|
||||
scripts = ('install', 'install.sh', 'upgrade', 'upgrade.sh', 'uninstall', 'uninstall.sh')
|
||||
scripts = [s for s in scripts if os.path.exists(os.path.join(meta_dir, s))]
|
||||
subprocess.run(['tar', '--transform', 's|^|srv/{}/|'.format(pkg_name), '-rpf', tar_path] + scripts, cwd=meta_dir)
|
||||
# Compress the tarball with xz (LZMA2)
|
||||
print('Compressing', tar_path, '({:.2f} MB)'.format(os.path.getsize(tar_path)/1048576))
|
||||
subprocess.run(['xz', '-9', tar_path])
|
||||
print('Compressed ', xz_path, '({:.2f} MB)'.format(os.path.getsize(xz_path)/1048576))
|
||||
|
||||
# Register package
|
||||
print('Registering package')
|
||||
packages = {}
|
||||
packages_file = os.path.join(PKG_ROOT, 'packages')
|
||||
if os.path.exists(packages_file):
|
||||
with open(packages_file, 'r') as f:
|
||||
packages = json.load(f)
|
||||
packages[pkg_name] = meta
|
||||
packages[pkg_name]['size'] = os.path.getsize(xz_path)
|
||||
packages[pkg_name]['sha512'] = hash_file(xz_path)
|
||||
with open(packages_file, 'w') as f:
|
||||
json.dump(packages, f, sort_keys=True, indent=4)
|
||||
|
||||
# Sign packages file
|
||||
print('Signing packages')
|
||||
with open(PRIVATE_KEY, 'rb') as f:
|
||||
priv_key = load_pem_private_key(f.read(), None, default_backend())
|
||||
with open(os.path.join(PKG_ROOT, 'packages'), 'rb') as f:
|
||||
data = f.read()
|
||||
with open(os.path.join(PKG_ROOT, 'packages.sig'), 'wb') as f:
|
||||
f.write(priv_key.sign(data, ec.ECDSA(hashes.SHA512())))
|
||||
|
||||
def hash_file(file_path):
|
||||
sha512 = hashlib.sha512()
|
||||
with open(file_path, 'rb') as f:
|
||||
while True:
|
||||
data = f.read(65536)
|
||||
if not data:
|
||||
break
|
||||
sha512.update(data)
|
||||
return sha512.hexdigest()
|
||||
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 2 or sys.argv[1] in ('-h', '--help'):
|
||||
print('Usage: lxc-pack <buildpath>\n where the buildpath can be either specific meta file or a directory containing one')
|
||||
else:
|
||||
pack(sys.argv[1])
|
@ -6,54 +6,52 @@
|
||||
|-------------------------|---------------------|
|
||||
| Alpine 3.8 | alpine3.8 |
|
||||
| Alpine 3.8 - PHP 5.6 | alpine3.8-php5.6 |
|
||||
| Alpine 3.8 - NodeJS 8 | alpine3.8-nodejs8 |
|
||||
| Alpine 3.9 - Ruby 2.4 | alpine3.8-ruby2.4 |
|
||||
| Alpine 3.9 | alpine3.9 |
|
||||
| Alpine 3.9 - Java 8 | alpine3.9-java8 |
|
||||
| Alpine 3.9 - PHP 7.2 | alpine3.9-php7.2 |
|
||||
| Alpine 3.9 - Python 2.7 | alpine3.9-python2.7 |
|
||||
| Alpine 3.9 - Python 3.6 | alpine3.9-python3.6 |
|
||||
| Alpine 3.9 - NodeJS 10 | alpine3.9-nodejs10 |
|
||||
| Alpine 3.9 - Ruby 2.4 | alpine3.9-ruby2.4 |
|
||||
| Alpine 3.9 - Ruby 2.6 | alpine3.9-ruby2.6 |
|
||||
| Alpine 3.9 - Tomcat 7 | alpine3.9-tomcat7 |
|
||||
| Alpine 3.9 - Tomcat 8.5 | alpine3.9-tomcat8.5 |
|
||||
| Sahana - Shared | sahana-shared |
|
||||
|
||||
## List of service containers
|
||||
|
||||
| Service | Container | UID/GID | Internal Port |
|
||||
|-----------------|-----------------|---------|------------------|
|
||||
| ActiveMQ | activemq | 61616 | 61616 (ActiveMQ) |
|
||||
| CKAN Datapusher | ckan-datapusher | 8004 | 8080 (HTTP) |
|
||||
| MariaDB | mariadb | 3306 | 3306 (MySQL) |
|
||||
| Postgres | postgres | 5432 | 5432 (Postgres) |
|
||||
| PostGIS | postgis | 5432 | 5432 (Postgres) |
|
||||
| RabbitMQ | rabbitmq | 5672 | 5672 (AMQP) |
|
||||
| Redis | redis | 6379 | 6379 (Redis) |
|
||||
| Solr | solr | 8983 | 8983 (HTTP) |
|
||||
| Solr 6 | solr6 | 8983 | 8983 (HTTP) |
|
||||
|
||||
## List of application containers
|
||||
|
||||
All application containers listen on internal port 8080 (HTTP)
|
||||
All application containers have the application user UID/GID 8080 and listen on internal port 8080 (HTTP)
|
||||
|
||||
| Application | Container | UID/GID | Host |
|
||||
|----------------|-------------------|---------|-------------|
|
||||
| CKAN | ckan | 8003 | ckan |
|
||||
| Crisis Cleanup | crisiscleanup | 8005 | cc |
|
||||
| CTS | cts | 8006 | cts |
|
||||
| EcoGIS | ecogis | 8020 | ecogis |
|
||||
| FrontlineSMS | frontlinesms | 8018 | sms |
|
||||
| GNU Health | gnuhealth | 8008 | gh |
|
||||
| KanBoard | kanboard | 8009 | kb |
|
||||
| Mifos X | mifosx | 8012 | mifosx |
|
||||
| Motech | motech | 8013 | motech |
|
||||
| ODK Aggregate | opendatakit | 8015 | odk |
|
||||
| ODK Build | opendatakit-build | 8017 | odkbuild |
|
||||
| Odoo | odoo | 8019 | odoo |
|
||||
| OpenMapKit | openmapkit | 8007 | omk |
|
||||
| Pan.do/ra | pandora | 8002 | pandora |
|
||||
| Sahana | sahana | 8001 | sahana |
|
||||
| Sahana - Demo | sahana-demo | 8001 | sahana-demo |
|
||||
| SAMBRO | sambro | 8001 | sambro |
|
||||
| SeedDMS | seeddms | 8010 | dms |
|
||||
| Sigmah | sigmah | 8011 | sigmah |
|
||||
| Ushahidi | ushahidi | 8014 | ush |
|
||||
| Application | Container | Host |
|
||||
|----------------|-------------------|-------------|
|
||||
| CKAN | ckan | ckan |
|
||||
| Crisis Cleanup | crisiscleanup | cc |
|
||||
| CTS | cts | cts |
|
||||
| EcoGIS | ecogis | ecogis |
|
||||
| FrontlineSMS | frontlinesms | sms |
|
||||
| GNU Health | gnuhealth | gh |
|
||||
| KanBoard | kanboard | kb |
|
||||
| Mifos X | mifosx | mifosx |
|
||||
| Motech | motech | motech |
|
||||
| ODK Aggregate | opendatakit | odk |
|
||||
| ODK Build | opendatakit-build | odkbuild |
|
||||
| Odoo | odoo | odoo |
|
||||
| OpenMapKit | openmapkit | omk |
|
||||
| Pan.do/ra | pandora | pandora |
|
||||
| Sahana | sahana | sahana |
|
||||
| Sahana - Demo | sahana-demo | sahana-demo |
|
||||
| SAMBRO | sambro | sambro |
|
||||
| SeedDMS | seeddms | dms |
|
||||
| Sigmah | sigmah | sigmah |
|
||||
| Ushahidi | ushahidi | ush |
|
||||
|
@ -13,7 +13,7 @@ The usage of Abuild, APK package manager and syntax of `APKBUILD` files is best
|
||||
|
||||
## Abuild in a nutshell
|
||||
|
||||
Building with abuild requires `alpine-sdk` package installed, `/etc/abuild.conf` configured and an RSA private key created in `/srv/build/repokey.rsa` and subsequently registered by `abuild-keygen` command. All these are taken care of in `install-toolchain.sh` script as part of [Build environment installation](vm-creation).
|
||||
Building with abuild requires `alpine-sdk` package installed, `/etc/abuild.conf` configured and an RSA private key created in `/srv/repo.spotter.cz.rsa` and subsequently registered by `abuild-keygen` command. All these are taken care of in `install-toolchain.sh` script as part of [Build environment installation](vm-creation).
|
||||
|
||||
Abuild toolchain is intended to be used in automated builds, therefore it requires some dependencies normally not found in other packaging systems. Abuild expects that `APKBUILD` files are a part of git repository and tries to read current commit hash. Then it tries to automatically download, build (compile), strip binaries, find out dependencies, and generally perform a lot of tasks normally useful when you are compiling from sources. Finally it packages the result to one or more subpackages, according to the build recipe. For purposes of LXC packaging, this is mostly useless, which is the reason why we have a [custom package manager](pkgmgr). It is however perfectly suitable for packages installed directly on the basic VM.
|
||||
|
||||
|
@ -7,7 +7,7 @@ VM building and packaging
|
||||
vm-creation
|
||||
abuild
|
||||
lxc-overview
|
||||
lxc-build
|
||||
lxcbuild
|
||||
lxc-pack
|
||||
pkgmgr
|
||||
vmmgr-hooks
|
||||
|
@ -2,18 +2,18 @@
|
||||
|
||||
## Overview
|
||||
|
||||
`lxc-build` utility creates a LXC container based on its build recipe and build context path given in command line parameter. If a filename is given, the build recipe is loaded from the file and the directory in which the file resides is taken as build context, ie. all relative paths are resolved from it. In case a directory path is passed as parameter, the directory is then used as build context and a file called `lxcfile` from the given directory is used as build recipe.
|
||||
`lxcbuild` utility creates a LXC container based on its build recipe and build context path given in command line parameter. If a filename is given, the build recipe is loaded from the file and the directory in which the file resides is taken as build context, ie. all relative paths are resolved from it. In case a directory path is passed as parameter, the directory is then used as build context and a file called `lxcfile` from the given directory is used as build recipe.
|
||||
|
||||
### Usage
|
||||
|
||||
```bash
|
||||
lxc-build <buildpath>
|
||||
lxcbuild <buildpath>
|
||||
where the buildpath can be either specific lxcfile or a directory containing one
|
||||
```
|
||||
|
||||
## Directives used in lxcfile
|
||||
|
||||
The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to ease the potential transition. Since LXC operates on much lower level of abstraction than Docker, some principles are applied more explicitly and verbosely. Major difference between Docker and *lxc-build* is that every directive in *Dockerfile* creates a new filesystem layer whereas layers in *lxc-build* are managed manually.
|
||||
The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to ease the potential transition. Since LXC operates on much lower level of abstraction than Docker, some principles are applied more explicitly and verbosely. Major difference between Docker and *lxcbuild* is that every directive in *Dockerfile* creates a new filesystem layer whereas layers in *lxcbuild* are managed manually.
|
||||
|
||||
### IMAGE
|
||||
|
||||
@ -29,13 +29,6 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas
|
||||
- **Docker equivalent:** `FROM`
|
||||
- **Populates LXC field:** `lxc.rootfs.path`
|
||||
|
||||
### FIXLAYER
|
||||
|
||||
- **Usage:** `FIXLAYER <scriptname>`
|
||||
- **Description:** Runs `<scriptname>` on LXC host and passes all layer paths as parameter to this script. This helps you to resolve the conflicts in cases where you mix multiple OverlayFS layers with overlapping files, ie. package manager cache. The idea is that all layers are read separately by the `<scriptname>` script and the fixed result is written back to the uppermost layer.
|
||||
- **Docker equivalent:** None
|
||||
- **Populates LXC field:** None
|
||||
|
||||
### RUN
|
||||
|
||||
- **Usage:**
|
||||
@ -82,13 +75,6 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas
|
||||
- **Docker equivalent:** `COPY` or `ADD`
|
||||
- **Populates LXC field:** None
|
||||
|
||||
### MOUNT
|
||||
|
||||
- **Usage:** `MOUNT DIR|FILE <source> <destination>`
|
||||
- **Description:** Creates a directory or file mount for the container. The `<source>` is usually given as absolute path existing on the LXC host, the `<destination>` is a path relative to the container root directory. If the file doesn't exist in any of the container layers, it is automatically created on container startup.
|
||||
- **Docker equivalent:** `VOLUME`
|
||||
- **Populates LXC field:** `lxc.mount.entry`
|
||||
|
||||
### USER
|
||||
|
||||
- **Usage:** `USER <uid> <gid>`
|
||||
@ -126,7 +112,7 @@ The *lxcfile* syntax is designed to resemble *Dockerfile* syntax in order to eas
|
||||
|
||||
## LXC config
|
||||
|
||||
Although *lxcfile* populates some LXC config fields, there are lot of defaults with remain unchanged. The template file to which *lxc-build* fills in the values looks as follows:
|
||||
Although *lxcfile* populates some LXC config fields, there are lot of defaults with remain unchanged. The template file to which *lxcbuild* fills in the values looks as follows:
|
||||
|
||||
```bash
|
||||
# Image name
|
||||
@ -192,9 +178,6 @@ RUN EOF
|
||||
apk --no-cache add redis
|
||||
EOF
|
||||
|
||||
MOUNT FILE /srv/redis/conf/redis.conf etc/redis.conf
|
||||
MOUNT DIR /srv/redis/data var/lib/redis
|
||||
|
||||
USER 6379 6379
|
||||
CMD redis-server /etc/redis.conf
|
||||
```
|
||||
|
@ -28,7 +28,7 @@ Due to the Docker's approach, storage overlay layers cannot be easily managed by
|
||||
|
||||
Finally, Docker maintainers explicitly refuse to implement a possibility to isolate the docker daemon to private Docker repositories (registries) in the community edition of Docker. It is possible to have some custom and even private repositories, but it is not possible to deactivate the default public *Dockerhub*.
|
||||
|
||||
The downsides of using LXC is that its usage requires a bit more knowledge about how the linux containers actually work, and that most 3rd party applications are distributed using `Dockerfile`, which requires rewriting into LXC, however this is simplified by the [`lxc-build`](lxc-build) tool, which aims to automatize LXC container building using *Dockerfile*-like syntax.
|
||||
The downsides of using LXC is that its usage requires a bit more knowledge about how the linux containers actually work, and that most 3rd party applications are distributed using `Dockerfile`, which requires rewriting into LXC, however this is simplified by the [`lxcbuild`](lxcbuild) tool, which aims to automatize LXC container building using *Dockerfile*-like syntax.
|
||||
|
||||
## Container interfaces
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
|
||||
The `lxc-pack` utility creates a `.tar.xz` archives based on package metadata and manages the `packages.json` repository metadata file. If a filename is passed as command line parameter to `lxc-pack`, the metadata are loaded from the file. In case a directory path is given, the metadata are loaded from a file called `pkg` from the directory. All metadata files are in JSON format.
|
||||
|
||||
The product of *lxc-build* command described in LXC building documentation can be used in its entirety, ie. both filesystem layer and configuration, or only as dependency, in which case the container configuration is omitted and only the filesystem layer is used. Apart from that, the package can contain installation, upgrade and uninstallation script and data, all of which are optional. Accepted names are
|
||||
The product of *lxcbuild* command described in LXC building documentation can be used in its entirety, ie. both filesystem layer and configuration, or only as dependency, in which case the container configuration is omitted and only the filesystem layer is used. Apart from that, the package can contain installation, upgrade and uninstallation script and data, all of which are optional. Accepted names are
|
||||
|
||||
- `install.sh` file and `install` directory for post-install scripts.
|
||||
- `upgrade.sh` file and `upgrade` directory for post-upgrade scripts.
|
||||
|
@ -20,7 +20,7 @@ setup-interfaces
|
||||
ifup eth0
|
||||
|
||||
# Download and launch the setup script
|
||||
wget repo.spotter.cz/vm.sh
|
||||
wget https://repo.spotter.cz/vm.sh
|
||||
sh vm.sh
|
||||
```
|
||||
|
||||
@ -46,7 +46,7 @@ Assign the newly generated key to your GitLab account
|
||||
|
||||
```bash
|
||||
# Clone the repository
|
||||
git clone --recurse-submodules ssh://git@git.spotter.cz:2222/Spotter-Cluster/Spotter-Cluster.git
|
||||
git clone --recursive ssh://git@git.spotter.cz:2222/Spotter-Cluster/Spotter-Cluster.git
|
||||
|
||||
# Install the build toolchain
|
||||
Spotter-Cluster/build/install-toolchain.sh
|
||||
@ -58,7 +58,7 @@ There are 3 distinct packaging systems.
|
||||
|
||||
1. Just a plain tar for basic OS setup used by `vm.sh` installation script.
|
||||
2. [Abuild](abuild) for the native Alpine linux packages (APK) used for ACME client and VMMgr packaging.
|
||||
3. [`lxc-build`](lxc-build) / [`lxc-pack`](lxc-pack) for LXC container building and packaging.
|
||||
3. [`lxcbuild`](lxcbuild) / [`lxc-pack`](lxc-pack) for LXC container building and packaging.
|
||||
|
||||
Before any building and packaging can be started, build toolchain including signing keys needs to be set up. This is done via `install-toolchain.sh` script.
|
||||
|
||||
|
@ -26,7 +26,7 @@ Where the `application` is the internal application name, same as previously use
|
||||
|
||||
## LXC hooks
|
||||
|
||||
LXC hooks set various environment variables prior to calling the defined executables. For overview of native LXC hooks, see section *Container hooks* in the official [lxc.container.conf(5) documentation](https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html). All hooks mentioned in this chapter are hardcoded in the container configuration via a template used by[`lxc-build`](lxc-build).
|
||||
LXC hooks set various environment variables prior to calling the defined executables. For overview of native LXC hooks, see section *Container hooks* in the official [lxc.container.conf(5) documentation](https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html). All hooks mentioned in this chapter are hardcoded in the container configuration via a template used by[`lxcbuild`](lxcbuild).
|
||||
|
||||
### prepare-container
|
||||
|
||||
|
27
extra/graveyard/ecogis/app
Normal file
27
extra/graveyard/ecogis/app
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"version": "2.10.1-200403",
|
||||
"meta": {
|
||||
"title": "EcoGIS",
|
||||
"desc-cs": "EcoGIS",
|
||||
"desc-en": "EcoGIS",
|
||||
"license": "GPL"
|
||||
},
|
||||
"containers": {
|
||||
"ecogis": {
|
||||
"image": "ecogis_2.10.1-200403",
|
||||
"depends": [
|
||||
"ecogis-postgres"
|
||||
],
|
||||
"mounts": {
|
||||
"ecogis/ecogis_data": "srv/ecogis/data/files",
|
||||
"ecogis/ecogis_conf/config.php": "srv/ecogis/etc/config.php:file"
|
||||
}
|
||||
},
|
||||
"ecogis-postgres": {
|
||||
"image": "postgres_11.3.0-190620",
|
||||
"mounts": {
|
||||
"ecogis/postgres_data": "var/lib/postgresql"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,7 +1,5 @@
|
||||
IMAGE ecogis
|
||||
LAYER shared/alpine3.8
|
||||
LAYER shared/alpine3.8-php5.6
|
||||
LAYER ecogis/ecogis
|
||||
IMAGE ecogis_2.10.1-200403
|
||||
FROM alpine3.8-php5.6_5.6.40-200403
|
||||
|
||||
RUN EOF
|
||||
# Install runtime dependencies
|
||||
@ -23,8 +21,8 @@ RUN EOF
|
||||
pear install Auth Log
|
||||
|
||||
# Create OS user
|
||||
addgroup -S -g 8020 ecogis
|
||||
adduser -S -u 8020 -h /srv/ecogis -s /bin/false -g ecogis -G ecogis ecogis
|
||||
addgroup -S -g 8080 ecogis
|
||||
adduser -S -u 8080 -h /srv/ecogis -s /bin/false -g ecogis -G ecogis ecogis
|
||||
|
||||
# Cleanup
|
||||
apk --no-cache del .deps
|
||||
@ -32,9 +30,6 @@ RUN EOF
|
||||
rm -rf /usr/bin/composer /tmp/.composer
|
||||
EOF
|
||||
|
||||
COPY lxc
|
||||
COPY image.d
|
||||
|
||||
# MOUNT DIR /srv/ecogis/data srv/ecogis/data/files
|
||||
MOUNT FILE /srv/ecogis/conf/config.php srv/ecogis/etc/config.php
|
||||
|
||||
CMD s6-svscan /etc/services.d
|
||||
CMD /bin/s6-svscan /etc/services.d
|
@ -15,6 +15,8 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
server {
|
||||
listen 8080;
|
31
extra/graveyard/ecogis/install.sh
Executable file
31
extra/graveyard/ecogis/install.sh
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
# Volumes
|
||||
POSTGRES_DATA="${VOLUMES_DIR}/ecogis/postgres_data"
|
||||
ECOGIS_CONF="${VOLUMES_DIR}/ecogis/ecogis_conf"
|
||||
ECOGIS_DATA="${VOLUMES_DIR}/ecogis/ecogis_data"
|
||||
|
||||
# Create Postgres instance
|
||||
install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA}
|
||||
spoc-container exec cts-postgres -- initdb -D /var/lib/postgresql
|
||||
|
||||
# Configure Postgres
|
||||
install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf
|
||||
install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf
|
||||
|
||||
# Populate database
|
||||
export ECOGIS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
|
||||
spoc-container start ecogis-postgres
|
||||
envsubst <createdb.sql | spoc-container exec ecogis-postgres -- psql
|
||||
|
||||
# Configure EcoGIS
|
||||
install -o 108080 -g 108080 -m 750 ${ECOGIS_CONF}
|
||||
install -o 108080 -g 108080 -m 750 ${ECOGIS_DATA}
|
||||
envsubst <ecogis_conf/config.php | install -o 108080 -g 108080 -m 640 /dev/stdin ${ECOGIS_CONF}/config.php
|
||||
|
||||
# Stop services required for setup
|
||||
spoc-container stop ecogis-postgres
|
||||
|
||||
# Register application
|
||||
vmmgr register-app ecogis ecogis
|
@ -9,7 +9,7 @@
|
||||
/* ------------------------------ DB Settings ------------------------------ */
|
||||
|
||||
$dsn = array('dbtype' => 'pgsql',
|
||||
'dbhost' => 'postgres', // host
|
||||
'dbhost' => 'ecogis-postgres', // host
|
||||
'dbuser' => 'ecogis', // login
|
||||
'dbpass' => '${ECOGIS_PWD}', // Password
|
||||
'dbname' => 'ecogis', // database
|
@ -73,27 +73,7 @@ unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of direc
|
||||
#bonjour_name = '' # defaults to the computer name
|
||||
# (change requires restart)
|
||||
|
||||
# - Security and Authentication -
|
||||
|
||||
#authentication_timeout = 1min # 1s-600s
|
||||
#ssl = off
|
||||
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
|
||||
#ssl_prefer_server_ciphers = on
|
||||
#ssl_ecdh_curve = 'prime256v1'
|
||||
#ssl_dh_params_file = ''
|
||||
#ssl_cert_file = 'server.crt'
|
||||
#ssl_key_file = 'server.key'
|
||||
#ssl_ca_file = ''
|
||||
#ssl_crl_file = ''
|
||||
#password_encryption = md5 # md5 or scram-sha-256
|
||||
#db_user_namespace = off
|
||||
#row_security = on
|
||||
|
||||
# GSSAPI using Kerberos
|
||||
#krb_server_keyfile = ''
|
||||
#krb_caseins_users = off
|
||||
|
||||
# - TCP Keepalives -
|
||||
# - TCP settings -
|
||||
# see "man 7 tcp" for details
|
||||
|
||||
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
|
||||
@ -102,6 +82,34 @@ unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of direc
|
||||
# 0 selects the system default
|
||||
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
|
||||
# 0 selects the system default
|
||||
#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
|
||||
# 0 selects the system default
|
||||
|
||||
# - Authentication -
|
||||
|
||||
#authentication_timeout = 1min # 1s-600s
|
||||
#password_encryption = md5 # md5 or scram-sha-256
|
||||
#db_user_namespace = off
|
||||
|
||||
# GSSAPI using Kerberos
|
||||
#krb_server_keyfile = ''
|
||||
#krb_caseins_users = off
|
||||
|
||||
# - SSL -
|
||||
|
||||
#ssl = off
|
||||
#ssl_ca_file = ''
|
||||
#ssl_cert_file = 'server.crt'
|
||||
#ssl_crl_file = ''
|
||||
#ssl_key_file = 'server.key'
|
||||
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
|
||||
#ssl_prefer_server_ciphers = on
|
||||
#ssl_ecdh_curve = 'prime256v1'
|
||||
#ssl_min_protocol_version = 'TLSv1'
|
||||
#ssl_max_protocol_version = ''
|
||||
#ssl_dh_params_file = ''
|
||||
#ssl_passphrase_command = ''
|
||||
#ssl_passphrase_command_supports_reload = off
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@ -110,7 +118,7 @@ unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of direc
|
||||
|
||||
# - Memory -
|
||||
|
||||
shared_buffers = 192MB # min 128kB
|
||||
shared_buffers = 128MB # min 128kB
|
||||
# (change requires restart)
|
||||
#huge_pages = try # on, off, or try
|
||||
# (change requires restart)
|
||||
@ -121,16 +129,20 @@ shared_buffers = 192MB # min 128kB
|
||||
# you actively intend to use prepared transactions.
|
||||
#work_mem = 4MB # min 64kB
|
||||
#maintenance_work_mem = 64MB # min 1MB
|
||||
#replacement_sort_tuples = 150000 # limits use of replacement selection sort
|
||||
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
|
||||
#max_stack_depth = 2MB # min 100kB
|
||||
#shared_memory_type = mmap # the default is the first option
|
||||
# supported by the operating system:
|
||||
# mmap
|
||||
# sysv
|
||||
# windows
|
||||
# (change requires restart)
|
||||
dynamic_shared_memory_type = posix # the default is the first option
|
||||
# supported by the operating system:
|
||||
# posix
|
||||
# sysv
|
||||
# windows
|
||||
# mmap
|
||||
# use none to disable dynamic shared memory
|
||||
# (change requires restart)
|
||||
|
||||
# - Disk -
|
||||
@ -138,15 +150,14 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
#temp_file_limit = -1 # limits per-process temp file space
|
||||
# in kB, or -1 for no limit
|
||||
|
||||
# - Kernel Resource Usage -
|
||||
# - Kernel Resources -
|
||||
|
||||
#max_files_per_process = 1000 # min 25
|
||||
# (change requires restart)
|
||||
#shared_preload_libraries = '' # (change requires restart)
|
||||
|
||||
# - Cost-Based Vacuum Delay -
|
||||
|
||||
#vacuum_cost_delay = 0 # 0-100 milliseconds
|
||||
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
|
||||
#vacuum_cost_page_hit = 1 # 0-10000 credits
|
||||
#vacuum_cost_page_miss = 10 # 0-10000 credits
|
||||
#vacuum_cost_page_dirty = 20 # 0-10000 credits
|
||||
@ -155,7 +166,7 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
# - Background Writer -
|
||||
|
||||
#bgwriter_delay = 200ms # 10-10000ms between rounds
|
||||
#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round
|
||||
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
|
||||
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
|
||||
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
|
||||
|
||||
@ -163,21 +174,23 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
|
||||
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
|
||||
#max_worker_processes = 8 # (change requires restart)
|
||||
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
|
||||
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
|
||||
#parallel_leader_participation = on
|
||||
#max_parallel_workers = 8 # maximum number of max_worker_processes that
|
||||
# can be used in parallel queries
|
||||
# can be used in parallel operations
|
||||
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
|
||||
# (change requires restart)
|
||||
#backend_flush_after = 0 # measured in pages, 0 disables
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# WRITE AHEAD LOG
|
||||
# WRITE-AHEAD LOG
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Settings -
|
||||
|
||||
#wal_level = replica # minimal, replica, or logical
|
||||
wal_level = minimal # minimal, replica, or logical
|
||||
# (change requires restart)
|
||||
#fsync = on # flush data to disk for crash safety
|
||||
# (turning this off can cause
|
||||
@ -195,6 +208,8 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
#wal_compression = off # enable compression of full-page writes
|
||||
#wal_log_hints = off # also do full page writes of non-critical updates
|
||||
# (change requires restart)
|
||||
#wal_init_zero = on # zero-fill new WAL files
|
||||
#wal_recycle = on # recycle WAL files
|
||||
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
|
||||
# (change requires restart)
|
||||
#wal_writer_delay = 200ms # 1-10000 milliseconds
|
||||
@ -223,21 +238,57 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
#archive_timeout = 0 # force a logfile segment switch after this
|
||||
# number of seconds; 0 disables
|
||||
|
||||
# - Archive Recovery -
|
||||
|
||||
# These are only used in recovery mode.
|
||||
|
||||
#restore_command = '' # command to use to restore an archived logfile segment
|
||||
# placeholders: %p = path of file to restore
|
||||
# %f = file name only
|
||||
# e.g. 'cp /mnt/server/archivedir/%f %p'
|
||||
# (change requires restart)
|
||||
#archive_cleanup_command = '' # command to execute at every restartpoint
|
||||
#recovery_end_command = '' # command to execute at completion of recovery
|
||||
|
||||
# - Recovery Target -
|
||||
|
||||
# Set these only when performing a targeted recovery.
|
||||
|
||||
#recovery_target = '' # 'immediate' to end recovery as soon as a
|
||||
# consistent state is reached
|
||||
# (change requires restart)
|
||||
#recovery_target_name = '' # the named restore point to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_time = '' # the time stamp up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_xid = '' # the transaction ID up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_inclusive = on # Specifies whether to stop:
|
||||
# just after the specified recovery target (on)
|
||||
# just before the recovery target (off)
|
||||
# (change requires restart)
|
||||
#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
|
||||
# (change requires restart)
|
||||
#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# REPLICATION
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Sending Server(s) -
|
||||
# - Sending Servers -
|
||||
|
||||
# Set these on the master and on any standby that will send replication data.
|
||||
|
||||
#max_wal_senders = 10 # max number of walsender processes
|
||||
max_wal_senders = 0 # max number of walsender processes
|
||||
# (change requires restart)
|
||||
#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables
|
||||
#wal_keep_segments = 0 # in logfile segments; 0 disables
|
||||
#wal_sender_timeout = 60s # in milliseconds; 0 disables
|
||||
|
||||
#max_replication_slots = 10 # max number of replication slots
|
||||
max_replication_slots = 0 # max number of replication slots
|
||||
# (change requires restart)
|
||||
#track_commit_timestamp = off # collect timestamp of transaction commit
|
||||
# (change requires restart)
|
||||
@ -256,6 +307,11 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
|
||||
# These settings are ignored on a master server.
|
||||
|
||||
#primary_conninfo = '' # connection string to sending server
|
||||
# (change requires restart)
|
||||
#primary_slot_name = '' # replication slot on sending server
|
||||
# (change requires restart)
|
||||
#promote_trigger_file = '' # file name whose presence ends recovery
|
||||
#hot_standby = on # "off" disallows queries during recovery
|
||||
# (change requires restart)
|
||||
#max_standby_archive_delay = 30s # max delay before canceling queries
|
||||
@ -273,14 +329,15 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
# in milliseconds; 0 disables
|
||||
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
|
||||
# retrieve WAL after a failed attempt
|
||||
#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
|
||||
|
||||
# - Subscribers -
|
||||
|
||||
# These settings are ignored on a publisher.
|
||||
|
||||
#max_logical_replication_workers = 4 # taken from max_worker_processes
|
||||
max_logical_replication_workers = 0 # taken from max_worker_processes
|
||||
# (change requires restart)
|
||||
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
|
||||
max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@ -297,9 +354,14 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
#enable_material = on
|
||||
#enable_mergejoin = on
|
||||
#enable_nestloop = on
|
||||
#enable_parallel_append = on
|
||||
#enable_seqscan = on
|
||||
#enable_sort = on
|
||||
#enable_tidscan = on
|
||||
#enable_partitionwise_join = off
|
||||
#enable_partitionwise_aggregate = off
|
||||
#enable_parallel_hash = on
|
||||
#enable_partition_pruning = on
|
||||
|
||||
# - Planner Cost Constants -
|
||||
|
||||
@ -310,6 +372,16 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
#cpu_operator_cost = 0.0025 # same scale as above
|
||||
#parallel_tuple_cost = 0.1 # same scale as above
|
||||
#parallel_setup_cost = 1000.0 # same scale as above
|
||||
|
||||
#jit_above_cost = 100000 # perform JIT compilation if available
|
||||
# and query more expensive than this;
|
||||
# -1 disables
|
||||
#jit_inline_above_cost = 500000 # inline small functions if query is
|
||||
# more expensive than this; -1 disables
|
||||
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
|
||||
# query is more expensive than this;
|
||||
# -1 disables
|
||||
|
||||
#min_parallel_table_scan_size = 8MB
|
||||
#min_parallel_index_scan_size = 512kB
|
||||
#effective_cache_size = 4GB
|
||||
@ -333,10 +405,13 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
#join_collapse_limit = 8 # 1 disables collapsing of explicit
|
||||
# JOIN clauses
|
||||
#force_parallel_mode = off
|
||||
#jit = on # allow JIT compilation
|
||||
#plan_cache_mode = auto # auto, force_generic_plan or
|
||||
# force_custom_plan
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# ERROR REPORTING AND LOGGING
|
||||
# REPORTING AND LOGGING
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Where to Log -
|
||||
@ -385,17 +460,6 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
|
||||
# - When to Log -
|
||||
|
||||
#client_min_messages = notice # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# log
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
|
||||
#log_min_messages = warning # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
@ -429,6 +493,9 @@ dynamic_shared_memory_type = posix # the default is the first option
|
||||
# statements running at least this number
|
||||
# of milliseconds
|
||||
|
||||
#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements
|
||||
# are logged regardless of their duration. 1.0 logs all
|
||||
# statements from all transactions, 0.0 never logs.
|
||||
|
||||
# - What to Log -
|
||||
|
||||
@ -464,15 +531,16 @@ log_line_prefix = '%m [%p] %q%u@%d ' # special values:
|
||||
# %% = '%'
|
||||
# e.g. '<%u%%%d> '
|
||||
#log_lock_waits = off # log lock waits >= deadlock_timeout
|
||||
#log_statement = 'all' # none, ddl, mod, all
|
||||
#log_statement = 'none' # none, ddl, mod, all
|
||||
#log_replication_commands = off
|
||||
#log_temp_files = -1 # log temporary files equal or larger
|
||||
# than the specified size in kilobytes;
|
||||
# -1 disables, 0 logs all temp files
|
||||
log_timezone = 'Europe/Prague'
|
||||
|
||||
|
||||
# - Process Title -
|
||||
#------------------------------------------------------------------------------
|
||||
# PROCESS TITLE
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#cluster_name = '' # added to process titles if nonempty
|
||||
# (change requires restart)
|
||||
@ -480,10 +548,10 @@ log_timezone = 'Europe/Prague'
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# RUNTIME STATISTICS
|
||||
# STATISTICS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Query/Index Statistics Collector -
|
||||
# - Query and Index Statistics Collector -
|
||||
|
||||
#track_activities = on
|
||||
#track_counts = on
|
||||
@ -493,7 +561,7 @@ log_timezone = 'Europe/Prague'
|
||||
#stats_temp_directory = 'pg_stat_tmp'
|
||||
|
||||
|
||||
# - Statistics Monitoring -
|
||||
# - Monitoring -
|
||||
|
||||
#log_parser_stats = off
|
||||
#log_planner_stats = off
|
||||
@ -502,7 +570,7 @@ log_timezone = 'Europe/Prague'
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# AUTOVACUUM PARAMETERS
|
||||
# AUTOVACUUM
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#autovacuum = on # Enable autovacuum subprocess? 'on'
|
||||
@ -525,7 +593,7 @@ log_timezone = 'Europe/Prague'
|
||||
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
|
||||
# before forced vacuum
|
||||
# (change requires restart)
|
||||
#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for
|
||||
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
|
||||
# autovacuum, in milliseconds;
|
||||
# -1 means use vacuum_cost_delay
|
||||
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
|
||||
@ -539,10 +607,22 @@ log_timezone = 'Europe/Prague'
|
||||
|
||||
# - Statement Behavior -
|
||||
|
||||
#client_min_messages = notice # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# log
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
#search_path = '"$user", public' # schema names
|
||||
#row_security = on
|
||||
#default_tablespace = '' # a tablespace name, '' uses the default
|
||||
#temp_tablespaces = '' # a list of tablespace names, '' uses
|
||||
# only default tablespace
|
||||
#default_table_access_method = 'heap'
|
||||
#check_function_bodies = on
|
||||
#default_transaction_isolation = 'read committed'
|
||||
#default_transaction_read_only = off
|
||||
@ -555,6 +635,9 @@ log_timezone = 'Europe/Prague'
|
||||
#vacuum_freeze_table_age = 150000000
|
||||
#vacuum_multixact_freeze_min_age = 5000000
|
||||
#vacuum_multixact_freeze_table_age = 150000000
|
||||
#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples
|
||||
# before index cleanup, 0 always performs
|
||||
# index cleanup
|
||||
#bytea_output = 'hex' # hex, escape
|
||||
#xmlbinary = 'base64'
|
||||
#xmloption = 'content'
|
||||
@ -573,7 +656,8 @@ timezone = 'Europe/Prague'
|
||||
# India
|
||||
# You can create your own file in
|
||||
# share/timezonesets/.
|
||||
#extra_float_digits = 0 # min -15, max 3
|
||||
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
|
||||
# selects precise output mode
|
||||
#client_encoding = sql_ascii # actually, defaults to database
|
||||
# encoding
|
||||
|
||||
@ -587,11 +671,16 @@ lc_time = 'C' # locale for time formatting
|
||||
# default configuration for text search
|
||||
default_text_search_config = 'pg_catalog.english'
|
||||
|
||||
# - Shared Library Preloading -
|
||||
|
||||
#shared_preload_libraries = '' # (change requires restart)
|
||||
#local_preload_libraries = ''
|
||||
#session_preload_libraries = ''
|
||||
#jit_provider = 'llvmjit' # JIT library to use
|
||||
|
||||
# - Other Defaults -
|
||||
|
||||
#dynamic_library_path = '$libdir'
|
||||
#local_preload_libraries = ''
|
||||
#session_preload_libraries = ''
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@ -610,14 +699,13 @@ default_text_search_config = 'pg_catalog.english'
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# VERSION/PLATFORM COMPATIBILITY
|
||||
# VERSION AND PLATFORM COMPATIBILITY
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Previous PostgreSQL Versions -
|
||||
|
||||
#array_nulls = on
|
||||
#backslash_quote = safe_encoding # on, off, or safe_encoding
|
||||
#default_with_oids = off
|
||||
#escape_string_warning = on
|
||||
#lo_compat_privileges = off
|
||||
#operator_precedence_warning = off
|
||||
@ -636,6 +724,9 @@ default_text_search_config = 'pg_catalog.english'
|
||||
|
||||
#exit_on_error = off # terminate session on any error?
|
||||
#restart_after_crash = on # reinitialize after backend crash?
|
||||
#data_sync_retry = off # retry or panic on failure to fsync
|
||||
# data?
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
@ -643,12 +734,13 @@ default_text_search_config = 'pg_catalog.english'
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# These options allow settings to be loaded from files other than the
|
||||
# default postgresql.conf.
|
||||
# default postgresql.conf. Note that these are directives, not variable
|
||||
# assignments, so they can usefully be given more than once.
|
||||
|
||||
#include_dir = 'conf.d' # include files ending in '.conf' from
|
||||
# directory 'conf.d'
|
||||
#include_if_exists = 'exists.conf' # include file only if it exists
|
||||
#include = 'special.conf' # include file
|
||||
#include_dir = '...' # include files ending in '.conf' from
|
||||
# a directory, e.g., 'conf.d'
|
||||
#include_if_exists = '...' # include file only if it exists
|
||||
#include = '...' # include file
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
8
extra/graveyard/ecogis/uninstall.sh
Executable file
8
extra/graveyard/ecogis/uninstall.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
# Remove persistent data
|
||||
rm -rf "${VOLUMES_DIR}/ecogis"
|
||||
|
||||
# Unregister application
|
||||
vmmgr unregister-app ecogis
|
28
extra/graveyard/sigmah/app
Normal file
28
extra/graveyard/sigmah/app
Normal file
@ -0,0 +1,28 @@
|
||||
{
|
||||
"version": "2.0.2-200403",
|
||||
"meta": {
|
||||
"title": "Sigmah",
|
||||
"desc-cs": "Finanční řízení sbírek",
|
||||
"desc-en": "Donation management",
|
||||
"license": "GPL"
|
||||
},
|
||||
"containers": {
|
||||
"sigmah": {
|
||||
"image": "sigmah_2.0.2-200403",
|
||||
"depends": [
|
||||
"sigmah-postgres"
|
||||
],
|
||||
"mounts": {
|
||||
"sigmah/sigmah_conf/persistence.xml": "srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml:file",
|
||||
"sigmah/sigmah_conf/sigmah.properties": "srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties:file",
|
||||
"sigmah/sigmah_data": "srv/sigmah"
|
||||
}
|
||||
},
|
||||
"sigmah-postgres": {
|
||||
"image": "postgres_12.2.0-200403",
|
||||
"mounts": {
|
||||
"sigmah/postgres_data": "var/lib/postgresql"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,8 +1,5 @@
|
||||
IMAGE sigmah
|
||||
LAYER shared/alpine3.9
|
||||
LAYER shared/alpine3.9-java8
|
||||
LAYER shared/alpine3.9-tomcat8.5
|
||||
LAYER sigmah/sigmah
|
||||
IMAGE sigmah_2.0.2-200403
|
||||
FROM alpine3.11-tomcat8.5_8.5.53-200403
|
||||
|
||||
RUN EOF
|
||||
# Download Sigmah
|
||||
@ -12,15 +9,13 @@ RUN EOF
|
||||
|
||||
# Update Postgres JDBC driver
|
||||
rm /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar
|
||||
wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-42.2.5.jar
|
||||
wget https://jdbc.postgresql.org/download/postgresql-42.2.11.jar -O /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-42.2.11.jar
|
||||
|
||||
# Remove logging config
|
||||
rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml
|
||||
|
||||
# Create OS user
|
||||
addgroup -S -g 8011 sigmah
|
||||
adduser -S -u 8011 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah
|
||||
chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
|
||||
# Change webapps ownership
|
||||
chown -R tomcat:tomcat /srv/tomcat/webapps
|
||||
|
||||
# Download database files
|
||||
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /srv/sigmah-MinimumDataKit.sql
|
||||
@ -30,12 +25,8 @@ RUN EOF
|
||||
rm /tmp/sigmah.war
|
||||
EOF
|
||||
|
||||
COPY lxc
|
||||
COPY image.d
|
||||
|
||||
MOUNT DIR /srv/sigmah/data srv/sigmah/data
|
||||
MOUNT FILE /srv/sigmah/conf/persistence.xml srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml
|
||||
MOUNT FILE /srv/sigmah/conf/sigmah.properties srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties
|
||||
|
||||
USER 8011 8011
|
||||
USER tomcat
|
||||
WORKDIR /srv/tomcat
|
||||
CMD catalina.sh run
|
||||
CMD /usr/bin/catalina.sh run
|
52
extra/graveyard/sigmah/install.sh
Executable file
52
extra/graveyard/sigmah/install.sh
Executable file
@ -0,0 +1,52 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
# Volumes
|
||||
POSTGRES_DATA="${VOLUMES_DIR}/sigmah/postgres_data"
|
||||
SIGMAH_DATA="${VOLUMES_DIR}/sigmah/sigmah_data"
|
||||
SIGMAH_CONF="${VOLUMES_DIR}/sigmah/sigmah_conf"
|
||||
SIGMAH_LAYER="${LAYERS_DIR}/sigmah_2.0.2-200403"
|
||||
|
||||
# Create Postgres instance
|
||||
install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA}
|
||||
spoc-container exec sigmah-postgres -- initdb -D /var/lib/postgresql
|
||||
|
||||
# Configure Postgres
|
||||
install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf
|
||||
install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf
|
||||
|
||||
# Create database
|
||||
export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
|
||||
spoc-container start sigmah-postgres
|
||||
envsubst <createdb.sql | spoc-container exec sigmah-postgres -- psql
|
||||
|
||||
# Configure Sigmah
|
||||
install -o 108080 -g 108080 -m 750 -d ${SIGMAH_CONF}
|
||||
install -o 108080 -g 108080 -m 750 -d ${SIGMAH_DATA}
|
||||
install -o 108080 -g 108080 -m 750 -d ${SIGMAH_DATA}/files
|
||||
install -o 108080 -g 108080 -m 750 -d ${SIGMAH_DATA}/archives
|
||||
envsubst <sigmah_conf/persistence.xml | install -o 108080 -g 108080 -m 640 /dev/stdin ${SIGMAH_CONF}/persistence.xml
|
||||
install -o 108080 -g 108080 -m 640 sigmah_conf/sigmah.properties ${SIGMAH_CONF}/sigmah.properties
|
||||
cp -p ${SIGMAH_LAYER}/srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png ${SIGMAH_DATA}/files/logo.png
|
||||
|
||||
# Populate database
|
||||
export SIGMAH_ADMIN_USER="Admin"
|
||||
export SIGMAH_ADMIN_EMAIL="admin@example.com"
|
||||
export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
|
||||
export SIGMAH_ADMIN_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw('${SIGMAH_ADMIN_PWD}'.encode(), bcrypt.gensalt(prefix=b'2a')).decode())")
|
||||
cat ${SIGMAH_LAYER}/srv/sigmah-MinimumDataKit.sql | spoc-container exec sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah"
|
||||
sed -e "s|§OrganizationName§|Demo organization|g" \
|
||||
-e "s|§OrganizationLogoFilename§|logo.png|g" \
|
||||
-e "s|§HeadquartersCountryCode§|CZ|g" \
|
||||
-e "s|§UserEmail§|${SIGMAH_ADMIN_EMAIL}|g" \
|
||||
-e "s|§UserName§|${SIGMAH_ADMIN_USER}|g" \
|
||||
-e "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" \
|
||||
-e "s|§UserLocale§|en|g" \
|
||||
-e "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" \
|
||||
${SIGMAH_LAYER}/srv/sigmah-newOrganizationLaunchScript.sql | spoc-container exec sigmah-postgres -- sh -c "PGPASSWORD=${SIGMAH_PWD} psql -U sigmah sigmah"
|
||||
|
||||
# Stop services required for setup
|
||||
spoc-container stop sigmah-postgres
|
||||
|
||||
# Register application
|
||||
vmmgr register-app sigmah sigmah "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}"
|
3
extra/graveyard/sigmah/install/postgres_data/pg_hba.conf
Normal file
3
extra/graveyard/sigmah/install/postgres_data/pg_hba.conf
Normal file
@ -0,0 +1,3 @@
|
||||
local all postgres peer
|
||||
local all all md5
|
||||
host all all 0.0.0.0/0 md5
|
750
extra/graveyard/sigmah/install/postgres_data/postgresql.conf
Normal file
750
extra/graveyard/sigmah/install/postgres_data/postgresql.conf
Normal file
@ -0,0 +1,750 @@
|
||||
# -----------------------------
|
||||
# PostgreSQL configuration file
|
||||
# -----------------------------
|
||||
#
|
||||
# This file consists of lines of the form:
|
||||
#
|
||||
# name = value
|
||||
#
|
||||
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
|
||||
# "#" anywhere on a line. The complete list of parameter names and allowed
|
||||
# values can be found in the PostgreSQL documentation.
|
||||
#
|
||||
# The commented-out settings shown in this file represent the default values.
|
||||
# Re-commenting a setting is NOT sufficient to revert it to the default value;
|
||||
# you need to reload the server.
|
||||
#
|
||||
# This file is read on server startup and when the server receives a SIGHUP
|
||||
# signal. If you edit the file on a running system, you have to SIGHUP the
|
||||
# server for the changes to take effect, run "pg_ctl reload", or execute
|
||||
# "SELECT pg_reload_conf()". Some parameters, which are marked below,
|
||||
# require a server shutdown and restart to take effect.
|
||||
#
|
||||
# Any parameter can also be given as a command-line option to the server, e.g.,
|
||||
# "postgres -c log_connections=on". Some parameters can be changed at run time
|
||||
# with the "SET" SQL command.
|
||||
#
|
||||
# Memory units: kB = kilobytes Time units: ms = milliseconds
|
||||
# MB = megabytes s = seconds
|
||||
# GB = gigabytes min = minutes
|
||||
# TB = terabytes h = hours
|
||||
# d = days
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# FILE LOCATIONS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# The default values of these variables are driven from the -D command-line
|
||||
# option or PGDATA environment variable, represented here as ConfigDir.
|
||||
|
||||
#data_directory = 'ConfigDir' # use data in another directory
|
||||
# (change requires restart)
|
||||
#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
|
||||
# (change requires restart)
|
||||
#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
|
||||
# (change requires restart)
|
||||
|
||||
# If external_pid_file is not explicitly set, no extra PID file is written.
|
||||
#external_pid_file = '' # write an extra PID file
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CONNECTIONS AND AUTHENTICATION
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Connection Settings -
|
||||
|
||||
listen_addresses = '*' # what IP address(es) to listen on;
|
||||
# comma-separated list of addresses;
|
||||
# defaults to 'localhost'; use '*' for all
|
||||
# (change requires restart)
|
||||
#port = 5432 # (change requires restart)
|
||||
max_connections = 100 # (change requires restart)
|
||||
#superuser_reserved_connections = 3 # (change requires restart)
|
||||
unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories
|
||||
# (change requires restart)
|
||||
#unix_socket_group = '' # (change requires restart)
|
||||
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
|
||||
# (change requires restart)
|
||||
#bonjour = off # advertise server via Bonjour
|
||||
# (change requires restart)
|
||||
#bonjour_name = '' # defaults to the computer name
|
||||
# (change requires restart)
|
||||
|
||||
# - TCP settings -
|
||||
# see "man 7 tcp" for details
|
||||
|
||||
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
|
||||
# 0 selects the system default
|
||||
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
|
||||
# 0 selects the system default
|
||||
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
|
||||
# 0 selects the system default
|
||||
#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
|
||||
# 0 selects the system default
|
||||
|
||||
# - Authentication -
|
||||
|
||||
#authentication_timeout = 1min # 1s-600s
|
||||
#password_encryption = md5 # md5 or scram-sha-256
|
||||
#db_user_namespace = off
|
||||
|
||||
# GSSAPI using Kerberos
|
||||
#krb_server_keyfile = ''
|
||||
#krb_caseins_users = off
|
||||
|
||||
# - SSL -
|
||||
|
||||
#ssl = off
|
||||
#ssl_ca_file = ''
|
||||
#ssl_cert_file = 'server.crt'
|
||||
#ssl_crl_file = ''
|
||||
#ssl_key_file = 'server.key'
|
||||
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
|
||||
#ssl_prefer_server_ciphers = on
|
||||
#ssl_ecdh_curve = 'prime256v1'
|
||||
#ssl_min_protocol_version = 'TLSv1'
|
||||
#ssl_max_protocol_version = ''
|
||||
#ssl_dh_params_file = ''
|
||||
#ssl_passphrase_command = ''
|
||||
#ssl_passphrase_command_supports_reload = off
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# RESOURCE USAGE (except WAL)
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Memory -
|
||||
|
||||
shared_buffers = 128MB # min 128kB
|
||||
# (change requires restart)
|
||||
#huge_pages = try # on, off, or try
|
||||
# (change requires restart)
|
||||
#temp_buffers = 8MB # min 800kB
|
||||
#max_prepared_transactions = 0 # zero disables the feature
|
||||
# (change requires restart)
|
||||
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
|
||||
# you actively intend to use prepared transactions.
|
||||
#work_mem = 4MB # min 64kB
|
||||
#maintenance_work_mem = 64MB # min 1MB
|
||||
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
|
||||
#max_stack_depth = 2MB # min 100kB
|
||||
#shared_memory_type = mmap # the default is the first option
|
||||
# supported by the operating system:
|
||||
# mmap
|
||||
# sysv
|
||||
# windows
|
||||
# (change requires restart)
|
||||
dynamic_shared_memory_type = posix # the default is the first option
|
||||
# supported by the operating system:
|
||||
# posix
|
||||
# sysv
|
||||
# windows
|
||||
# mmap
|
||||
# (change requires restart)
|
||||
|
||||
# - Disk -
|
||||
|
||||
#temp_file_limit = -1 # limits per-process temp file space
|
||||
# in kB, or -1 for no limit
|
||||
|
||||
# - Kernel Resources -
|
||||
|
||||
#max_files_per_process = 1000 # min 25
|
||||
# (change requires restart)
|
||||
|
||||
# - Cost-Based Vacuum Delay -
|
||||
|
||||
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
|
||||
#vacuum_cost_page_hit = 1 # 0-10000 credits
|
||||
#vacuum_cost_page_miss = 10 # 0-10000 credits
|
||||
#vacuum_cost_page_dirty = 20 # 0-10000 credits
|
||||
#vacuum_cost_limit = 200 # 1-10000 credits
|
||||
|
||||
# - Background Writer -
|
||||
|
||||
#bgwriter_delay = 200ms # 10-10000ms between rounds
|
||||
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
|
||||
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
|
||||
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
|
||||
|
||||
# - Asynchronous Behavior -
|
||||
|
||||
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
|
||||
#max_worker_processes = 8 # (change requires restart)
|
||||
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
|
||||
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
|
||||
#parallel_leader_participation = on
|
||||
#max_parallel_workers = 8 # maximum number of max_worker_processes that
|
||||
# can be used in parallel operations
|
||||
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
|
||||
# (change requires restart)
|
||||
#backend_flush_after = 0 # measured in pages, 0 disables
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# WRITE-AHEAD LOG
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Settings -
|
||||
|
||||
wal_level = minimal # minimal, replica, or logical
|
||||
# (change requires restart)
|
||||
#fsync = on # flush data to disk for crash safety
|
||||
# (turning this off can cause
|
||||
# unrecoverable data corruption)
|
||||
#synchronous_commit = on # synchronization level;
|
||||
# off, local, remote_write, remote_apply, or on
|
||||
#wal_sync_method = fsync # the default is the first option
|
||||
# supported by the operating system:
|
||||
# open_datasync
|
||||
# fdatasync (default on Linux)
|
||||
# fsync
|
||||
# fsync_writethrough
|
||||
# open_sync
|
||||
#full_page_writes = on # recover from partial page writes
|
||||
#wal_compression = off # enable compression of full-page writes
|
||||
#wal_log_hints = off # also do full page writes of non-critical updates
|
||||
# (change requires restart)
|
||||
#wal_init_zero = on # zero-fill new WAL files
|
||||
#wal_recycle = on # recycle WAL files
|
||||
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
|
||||
# (change requires restart)
|
||||
#wal_writer_delay = 200ms # 1-10000 milliseconds
|
||||
#wal_writer_flush_after = 1MB # measured in pages, 0 disables
|
||||
|
||||
#commit_delay = 0 # range 0-100000, in microseconds
|
||||
#commit_siblings = 5 # range 1-1000
|
||||
|
||||
# - Checkpoints -
|
||||
|
||||
#checkpoint_timeout = 5min # range 30s-1d
|
||||
#max_wal_size = 1GB
|
||||
#min_wal_size = 80MB
|
||||
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
|
||||
#checkpoint_flush_after = 256kB # measured in pages, 0 disables
|
||||
#checkpoint_warning = 30s # 0 disables
|
||||
|
||||
# - Archiving -
|
||||
|
||||
#archive_mode = off # enables archiving; off, on, or always
|
||||
# (change requires restart)
|
||||
#archive_command = '' # command to use to archive a logfile segment
|
||||
# placeholders: %p = path of file to archive
|
||||
# %f = file name only
|
||||
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
|
||||
#archive_timeout = 0 # force a logfile segment switch after this
|
||||
# number of seconds; 0 disables
|
||||
|
||||
# - Archive Recovery -
|
||||
|
||||
# These are only used in recovery mode.
|
||||
|
||||
#restore_command = '' # command to use to restore an archived logfile segment
|
||||
# placeholders: %p = path of file to restore
|
||||
# %f = file name only
|
||||
# e.g. 'cp /mnt/server/archivedir/%f %p'
|
||||
# (change requires restart)
|
||||
#archive_cleanup_command = '' # command to execute at every restartpoint
|
||||
#recovery_end_command = '' # command to execute at completion of recovery
|
||||
|
||||
# - Recovery Target -
|
||||
|
||||
# Set these only when performing a targeted recovery.
|
||||
|
||||
#recovery_target = '' # 'immediate' to end recovery as soon as a
|
||||
# consistent state is reached
|
||||
# (change requires restart)
|
||||
#recovery_target_name = '' # the named restore point to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_time = '' # the time stamp up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_xid = '' # the transaction ID up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_inclusive = on # Specifies whether to stop:
|
||||
# just after the specified recovery target (on)
|
||||
# just before the recovery target (off)
|
||||
# (change requires restart)
|
||||
#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
|
||||
# (change requires restart)
|
||||
#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# REPLICATION
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Sending Servers -
|
||||
|
||||
# Set these on the master and on any standby that will send replication data.
|
||||
|
||||
max_wal_senders = 0 # max number of walsender processes
|
||||
# (change requires restart)
|
||||
#wal_keep_segments = 0 # in logfile segments; 0 disables
|
||||
#wal_sender_timeout = 60s # in milliseconds; 0 disables
|
||||
|
||||
max_replication_slots = 0 # max number of replication slots
|
||||
# (change requires restart)
|
||||
#track_commit_timestamp = off # collect timestamp of transaction commit
|
||||
# (change requires restart)
|
||||
|
||||
# - Master Server -
|
||||
|
||||
# These settings are ignored on a standby server.
|
||||
|
||||
#synchronous_standby_names = '' # standby servers that provide sync rep
|
||||
# method to choose sync standbys, number of sync standbys,
|
||||
# and comma-separated list of application_name
|
||||
# from standby(s); '*' = all
|
||||
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
|
||||
|
||||
# - Standby Servers -
|
||||
|
||||
# These settings are ignored on a master server.
|
||||
|
||||
#primary_conninfo = '' # connection string to sending server
|
||||
# (change requires restart)
|
||||
#primary_slot_name = '' # replication slot on sending server
|
||||
# (change requires restart)
|
||||
#promote_trigger_file = '' # file name whose presence ends recovery
|
||||
#hot_standby = on # "off" disallows queries during recovery
|
||||
# (change requires restart)
|
||||
#max_standby_archive_delay = 30s # max delay before canceling queries
|
||||
# when reading WAL from archive;
|
||||
# -1 allows indefinite delay
|
||||
#max_standby_streaming_delay = 30s # max delay before canceling queries
|
||||
# when reading streaming WAL;
|
||||
# -1 allows indefinite delay
|
||||
#wal_receiver_status_interval = 10s # send replies at least this often
|
||||
# 0 disables
|
||||
#hot_standby_feedback = off # send info from standby to prevent
|
||||
# query conflicts
|
||||
#wal_receiver_timeout = 60s # time that receiver waits for
|
||||
# communication from master
|
||||
# in milliseconds; 0 disables
|
||||
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
|
||||
# retrieve WAL after a failed attempt
|
||||
#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
|
||||
|
||||
# - Subscribers -
|
||||
|
||||
# These settings are ignored on a publisher.
|
||||
|
||||
max_logical_replication_workers = 0 # taken from max_worker_processes
|
||||
# (change requires restart)
|
||||
max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# QUERY TUNING
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Planner Method Configuration -
|
||||
|
||||
#enable_bitmapscan = on
|
||||
#enable_hashagg = on
|
||||
#enable_hashjoin = on
|
||||
#enable_indexscan = on
|
||||
#enable_indexonlyscan = on
|
||||
#enable_material = on
|
||||
#enable_mergejoin = on
|
||||
#enable_nestloop = on
|
||||
#enable_parallel_append = on
|
||||
#enable_seqscan = on
|
||||
#enable_sort = on
|
||||
#enable_tidscan = on
|
||||
#enable_partitionwise_join = off
|
||||
#enable_partitionwise_aggregate = off
|
||||
#enable_parallel_hash = on
|
||||
#enable_partition_pruning = on
|
||||
|
||||
# - Planner Cost Constants -
|
||||
|
||||
#seq_page_cost = 1.0 # measured on an arbitrary scale
|
||||
#random_page_cost = 4.0 # same scale as above
|
||||
#cpu_tuple_cost = 0.01 # same scale as above
|
||||
#cpu_index_tuple_cost = 0.005 # same scale as above
|
||||
#cpu_operator_cost = 0.0025 # same scale as above
|
||||
#parallel_tuple_cost = 0.1 # same scale as above
|
||||
#parallel_setup_cost = 1000.0 # same scale as above
|
||||
|
||||
#jit_above_cost = 100000 # perform JIT compilation if available
|
||||
# and query more expensive than this;
|
||||
# -1 disables
|
||||
#jit_inline_above_cost = 500000 # inline small functions if query is
|
||||
# more expensive than this; -1 disables
|
||||
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
|
||||
# query is more expensive than this;
|
||||
# -1 disables
|
||||
|
||||
#min_parallel_table_scan_size = 8MB
|
||||
#min_parallel_index_scan_size = 512kB
|
||||
#effective_cache_size = 4GB
|
||||
|
||||
# - Genetic Query Optimizer -
|
||||
|
||||
#geqo = on
|
||||
#geqo_threshold = 12
|
||||
#geqo_effort = 5 # range 1-10
|
||||
#geqo_pool_size = 0 # selects default based on effort
|
||||
#geqo_generations = 0 # selects default based on effort
|
||||
#geqo_selection_bias = 2.0 # range 1.5-2.0
|
||||
#geqo_seed = 0.0 # range 0.0-1.0
|
||||
|
||||
# - Other Planner Options -
|
||||
|
||||
#default_statistics_target = 100 # range 1-10000
|
||||
#constraint_exclusion = partition # on, off, or partition
|
||||
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
|
||||
#from_collapse_limit = 8
|
||||
#join_collapse_limit = 8 # 1 disables collapsing of explicit
|
||||
# JOIN clauses
|
||||
#force_parallel_mode = off
|
||||
#jit = on # allow JIT compilation
|
||||
#plan_cache_mode = auto # auto, force_generic_plan or
|
||||
# force_custom_plan
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# REPORTING AND LOGGING
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Where to Log -
|
||||
|
||||
#log_destination = 'stderr' # Valid values are combinations of
|
||||
# stderr, csvlog, syslog, and eventlog,
|
||||
# depending on platform. csvlog
|
||||
# requires logging_collector to be on.
|
||||
|
||||
# This is used when logging to stderr:
|
||||
#logging_collector = off # Enable capturing of stderr and csvlog
|
||||
# into log files. Required to be on for
|
||||
# csvlogs.
|
||||
# (change requires restart)
|
||||
|
||||
# These are only used if logging_collector is on:
|
||||
#log_directory = 'log' # directory where log files are written,
|
||||
# can be absolute or relative to PGDATA
|
||||
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
|
||||
# can include strftime() escapes
|
||||
#log_file_mode = 0600 # creation mode for log files,
|
||||
# begin with 0 to use octal notation
|
||||
#log_truncate_on_rotation = off # If on, an existing log file with the
|
||||
# same name as the new log file will be
|
||||
# truncated rather than appended to.
|
||||
# But such truncation only occurs on
|
||||
# time-driven rotation, not on restarts
|
||||
# or size-driven rotation. Default is
|
||||
# off, meaning append to existing files
|
||||
# in all cases.
|
||||
#log_rotation_age = 1d # Automatic rotation of logfiles will
|
||||
# happen after that time. 0 disables.
|
||||
#log_rotation_size = 10MB # Automatic rotation of logfiles will
|
||||
# happen after that much log output.
|
||||
# 0 disables.
|
||||
|
||||
# These are relevant when logging to syslog:
|
||||
#syslog_facility = 'LOCAL0'
|
||||
#syslog_ident = 'postgres'
|
||||
#syslog_sequence_numbers = on
|
||||
#syslog_split_messages = on
|
||||
|
||||
# This is only relevant when logging to eventlog (win32):
|
||||
# (change requires restart)
|
||||
#event_source = 'PostgreSQL'
|
||||
|
||||
# - When to Log -
|
||||
|
||||
#log_min_messages = warning # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# info
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
# log
|
||||
# fatal
|
||||
# panic
|
||||
|
||||
#log_min_error_statement = error # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# info
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
# log
|
||||
# fatal
|
||||
# panic (effectively off)
|
||||
|
||||
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
|
||||
# and their durations, > 0 logs only
|
||||
# statements running at least this number
|
||||
# of milliseconds
|
||||
|
||||
#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements
|
||||
# are logged regardless of their duration. 1.0 logs all
|
||||
# statements from all transactions, 0.0 never logs.
|
||||
|
||||
# - What to Log -
|
||||
|
||||
#debug_print_parse = off
|
||||
#debug_print_rewritten = off
|
||||
#debug_print_plan = off
|
||||
#debug_pretty_print = on
|
||||
#log_checkpoints = off
|
||||
#log_connections = off
|
||||
#log_disconnections = off
|
||||
#log_duration = off
|
||||
#log_error_verbosity = default # terse, default, or verbose messages
|
||||
#log_hostname = off
|
||||
log_line_prefix = '%m [%p] %q%u@%d ' # special values:
|
||||
# %a = application name
|
||||
# %u = user name
|
||||
# %d = database name
|
||||
# %r = remote host and port
|
||||
# %h = remote host
|
||||
# %p = process ID
|
||||
# %t = timestamp without milliseconds
|
||||
# %m = timestamp with milliseconds
|
||||
# %n = timestamp with milliseconds (as a Unix epoch)
|
||||
# %i = command tag
|
||||
# %e = SQL state
|
||||
# %c = session ID
|
||||
# %l = session line number
|
||||
# %s = session start timestamp
|
||||
# %v = virtual transaction ID
|
||||
# %x = transaction ID (0 if none)
|
||||
# %q = stop here in non-session
|
||||
# processes
|
||||
# %% = '%'
|
||||
# e.g. '<%u%%%d> '
|
||||
#log_lock_waits = off # log lock waits >= deadlock_timeout
|
||||
#log_statement = 'none' # none, ddl, mod, all
|
||||
#log_replication_commands = off
|
||||
#log_temp_files = -1 # log temporary files equal or larger
|
||||
# than the specified size in kilobytes;
|
||||
# -1 disables, 0 logs all temp files
|
||||
log_timezone = 'Europe/Prague'
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# PROCESS TITLE
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#cluster_name = '' # added to process titles if nonempty
|
||||
# (change requires restart)
|
||||
#update_process_title = on
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# STATISTICS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Query and Index Statistics Collector -
|
||||
|
||||
#track_activities = on
|
||||
#track_counts = on
|
||||
#track_io_timing = off
|
||||
#track_functions = none # none, pl, all
|
||||
#track_activity_query_size = 1024 # (change requires restart)
|
||||
#stats_temp_directory = 'pg_stat_tmp'
|
||||
|
||||
|
||||
# - Monitoring -
|
||||
|
||||
#log_parser_stats = off
|
||||
#log_planner_stats = off
|
||||
#log_executor_stats = off
|
||||
#log_statement_stats = off
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# AUTOVACUUM
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#autovacuum = on # Enable autovacuum subprocess? 'on'
|
||||
# requires track_counts to also be on.
|
||||
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
|
||||
# their durations, > 0 logs only
|
||||
# actions running at least this number
|
||||
# of milliseconds.
|
||||
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
|
||||
# (change requires restart)
|
||||
#autovacuum_naptime = 1min # time between autovacuum runs
|
||||
#autovacuum_vacuum_threshold = 50 # min number of row updates before
|
||||
# vacuum
|
||||
#autovacuum_analyze_threshold = 50 # min number of row updates before
|
||||
# analyze
|
||||
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
|
||||
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
|
||||
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
|
||||
# (change requires restart)
|
||||
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
|
||||
# before forced vacuum
|
||||
# (change requires restart)
|
||||
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
|
||||
# autovacuum, in milliseconds;
|
||||
# -1 means use vacuum_cost_delay
|
||||
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
|
||||
# autovacuum, -1 means use
|
||||
# vacuum_cost_limit
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CLIENT CONNECTION DEFAULTS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Statement Behavior -
|
||||
|
||||
#client_min_messages = notice # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# log
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
#search_path = '"$user", public' # schema names
|
||||
#row_security = on
|
||||
#default_tablespace = '' # a tablespace name, '' uses the default
|
||||
#temp_tablespaces = '' # a list of tablespace names, '' uses
|
||||
# only default tablespace
|
||||
#default_table_access_method = 'heap'
|
||||
#check_function_bodies = on
|
||||
#default_transaction_isolation = 'read committed'
|
||||
#default_transaction_read_only = off
|
||||
#default_transaction_deferrable = off
|
||||
#session_replication_role = 'origin'
|
||||
#statement_timeout = 0 # in milliseconds, 0 is disabled
|
||||
#lock_timeout = 0 # in milliseconds, 0 is disabled
|
||||
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
|
||||
#vacuum_freeze_min_age = 50000000
|
||||
#vacuum_freeze_table_age = 150000000
|
||||
#vacuum_multixact_freeze_min_age = 5000000
|
||||
#vacuum_multixact_freeze_table_age = 150000000
|
||||
#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples
|
||||
# before index cleanup, 0 always performs
|
||||
# index cleanup
|
||||
#bytea_output = 'hex' # hex, escape
|
||||
#xmlbinary = 'base64'
|
||||
#xmloption = 'content'
|
||||
#gin_fuzzy_search_limit = 0
|
||||
#gin_pending_list_limit = 4MB
|
||||
|
||||
# - Locale and Formatting -
|
||||
|
||||
datestyle = 'iso, mdy'
|
||||
#intervalstyle = 'postgres'
|
||||
timezone = 'Europe/Prague'
|
||||
#timezone_abbreviations = 'Default' # Select the set of available time zone
|
||||
# abbreviations. Currently, there are
|
||||
# Default
|
||||
# Australia (historical usage)
|
||||
# India
|
||||
# You can create your own file in
|
||||
# share/timezonesets/.
|
||||
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
|
||||
# selects precise output mode
|
||||
#client_encoding = sql_ascii # actually, defaults to database
|
||||
# encoding
|
||||
|
||||
# These settings are initialized by initdb, but they can be changed.
|
||||
lc_messages = 'C' # locale for system error message
|
||||
# strings
|
||||
lc_monetary = 'C' # locale for monetary formatting
|
||||
lc_numeric = 'C' # locale for number formatting
|
||||
lc_time = 'C' # locale for time formatting
|
||||
|
||||
# default configuration for text search
|
||||
default_text_search_config = 'pg_catalog.english'
|
||||
|
||||
# - Shared Library Preloading -
|
||||
|
||||
#shared_preload_libraries = '' # (change requires restart)
|
||||
#local_preload_libraries = ''
|
||||
#session_preload_libraries = ''
|
||||
#jit_provider = 'llvmjit' # JIT library to use
|
||||
|
||||
# - Other Defaults -
|
||||
|
||||
#dynamic_library_path = '$libdir'
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# LOCK MANAGEMENT
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#deadlock_timeout = 1s
|
||||
#max_locks_per_transaction = 64 # min 10
|
||||
# (change requires restart)
|
||||
#max_pred_locks_per_transaction = 64 # min 10
|
||||
# (change requires restart)
|
||||
#max_pred_locks_per_relation = -2 # negative values mean
|
||||
# (max_pred_locks_per_transaction
|
||||
# / -max_pred_locks_per_relation) - 1
|
||||
#max_pred_locks_per_page = 2 # min 0
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# VERSION AND PLATFORM COMPATIBILITY
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Previous PostgreSQL Versions -
|
||||
|
||||
#array_nulls = on
|
||||
#backslash_quote = safe_encoding # on, off, or safe_encoding
|
||||
#escape_string_warning = on
|
||||
#lo_compat_privileges = off
|
||||
#operator_precedence_warning = off
|
||||
#quote_all_identifiers = off
|
||||
#standard_conforming_strings = on
|
||||
#synchronize_seqscans = on
|
||||
|
||||
# - Other Platforms and Clients -
|
||||
|
||||
#transform_null_equals = off
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# ERROR HANDLING
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#exit_on_error = off # terminate session on any error?
|
||||
#restart_after_crash = on # reinitialize after backend crash?
|
||||
#data_sync_retry = off # retry or panic on failure to fsync
|
||||
# data?
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CONFIG FILE INCLUDES
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# These options allow settings to be loaded from files other than the
|
||||
# default postgresql.conf. Note that these are directives, not variable
|
||||
# assignments, so they can usefully be given more than once.
|
||||
|
||||
#include_dir = '...' # include files ending in '.conf' from
|
||||
# a directory, e.g., 'conf.d'
|
||||
#include_if_exists = '...' # include file only if it exists
|
||||
#include = '...' # include file
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CUSTOMIZED OPTIONS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# Add settings for extensions here
|
@ -13,7 +13,7 @@
|
||||
<property name="hibernate.connection.driver_class" value="org.postgresql.Driver" />
|
||||
<property name="hibernate.connection.username" value="sigmah" />
|
||||
<property name="hibernate.connection.password" value="${SIGMAH_PWD}" />
|
||||
<property name="hibernate.connection.url" value="jdbc:postgresql://postgres:5432/sigmah" />
|
||||
<property name="hibernate.connection.url" value="jdbc:postgresql://sigmah-postgres:5432/sigmah" />
|
||||
<property name="hibernate.show_sql" value="false" />
|
||||
<property name="hibernate.format_sql" value="false" />
|
||||
|
@ -10,10 +10,10 @@
|
||||
# --
|
||||
|
||||
# Root directory name where files are stored.
|
||||
files.repository.name=/srv/sigmah/data/files
|
||||
files.repository.name=/srv/sigmah/files
|
||||
|
||||
# Root directory name where backup archives are stored.
|
||||
archives.repository.name=/srv/sigmah/data/archives/
|
||||
archives.repository.name=/srv/sigmah/archives
|
||||
|
||||
#Maximum size of the uploaded files (bytes)
|
||||
files.upload.maxSize=20971520
|
9
extra/graveyard/sigmah/install/update-conf.sh
Executable file
9
extra/graveyard/sigmah/install/update-conf.sh
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Volumes
|
||||
SIGMAH_CONF="${VOLUMES_DIR}/sigmah/sigmah_conf"
|
||||
|
||||
# Replacements
|
||||
sed -i "s|\(^mail\.from\.address=\).*|\1${EMAIL}|" ${SIGMAH_CONF}/sigmah.properties
|
||||
sed -i "s|\(^mail\.support\.to=\).*|\1${EMAIL}|" ${SIGMAH_CONF}/sigmah.properties
|
||||
sed -i "s|\(^maps\.key=\).*|\1${GMAPS_API_KEY}|" ${SIGMAH_CONF}/sigmah.properties
|
8
extra/graveyard/sigmah/uninstall.sh
Executable file
8
extra/graveyard/sigmah/uninstall.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
# Remove persistent data
|
||||
rm -rf "${VOLUMES_DIR}/sigmah"
|
||||
|
||||
# Unregister application
|
||||
vmmgr unregister-app sigmah
|
@ -1,17 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
cd $(realpath $(dirname "${0}"))/install
|
||||
|
||||
# Configure CKAN DataPusher
|
||||
mkdir -p /srv/ckan-datapusher/conf /srv/ckan-datapusher/data
|
||||
cp srv/ckan-datapusher/conf/datapusher.wsgi /srv/ckan-datapusher/conf/datapusher.wsgi
|
||||
cp srv/ckan-datapusher/conf/datapusher_settings.py /srv/ckan-datapusher/conf/datapusher_settings.py
|
||||
chown -R 8004:8004 /srv/ckan-datapusher/data
|
||||
|
||||
# Install service
|
||||
cp etc/init.d/ckan-datapusher /etc/init.d/ckan-datapusher
|
||||
rc-update -u
|
||||
|
||||
# Install config update script
|
||||
cp srv/ckan-datapusher/update-conf.sh /srv/ckan-datapusher/update-conf.sh
|
@ -1,11 +0,0 @@
|
||||
#!/sbin/openrc-run
|
||||
|
||||
description="CKAN DataPusher container"
|
||||
|
||||
start() {
|
||||
lxc-start ckan-datapusher
|
||||
}
|
||||
|
||||
stop() {
|
||||
lxc-stop ckan-datapusher
|
||||
}
|
@ -1,3 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" /srv/ckan-datapusher/conf/datapusher_settings.py
|
@ -1,4 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
/bin/cat /etc/ssl/services.pem >>/usr/lib/python2.7/site-packages/requests/cacert.pem
|
||||
/bin/cat /etc/ssl/services.pem >>/usr/lib/python2.7/site-packages/certifi/cacert.pem
|
@ -1,9 +0,0 @@
|
||||
{
|
||||
"desc-cs": "Služba datového skladu pro extrakci dat",
|
||||
"desc-en": "Data store data extraction service",
|
||||
"lxcpath": "ckan-datapusher",
|
||||
"version": "0.0.1",
|
||||
"release": "0",
|
||||
"license": "GPL",
|
||||
"depends": ["alpine3.9-python2.7"]
|
||||
}
|
@ -1,6 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
# Remove service
|
||||
rm -f /etc/init.d/ckan-datapusher
|
||||
rc-update -u
|
50
lxc-apps/ckan/app
Normal file
50
lxc-apps/ckan/app
Normal file
@ -0,0 +1,50 @@
|
||||
{
|
||||
"version": "2.8.3-200403",
|
||||
"meta": {
|
||||
"title": "CKAN",
|
||||
"desc-cs": "Datový sklad",
|
||||
"desc-en": "Data store",
|
||||
"license": "GPL"
|
||||
},
|
||||
"containers": {
|
||||
"ckan": {
|
||||
"image": "ckan_2.8.3-200403",
|
||||
"depends": [
|
||||
"ckan-datapusher",
|
||||
"ckan-redis",
|
||||
"ckan-solr",
|
||||
"ckan-postgres"
|
||||
],
|
||||
"mounts": {
|
||||
"ckan/ckan_conf": "etc/ckan",
|
||||
"ckan/ckan_data": "srv/ckan/storage"
|
||||
}
|
||||
},
|
||||
"ckan-datapusher": {
|
||||
"image": "ckan-datapusher_0.0.16-200403",
|
||||
"mounts": {
|
||||
"ckan/datapusher_conf": "etc/ckan-datapusher",
|
||||
"ckan/datapusher_data": "srv/ckan-datapusher/data"
|
||||
}
|
||||
},
|
||||
"ckan-redis": {
|
||||
"image": "redis_5.0.7-200403",
|
||||
"mounts": {
|
||||
"ckan/redis_conf/redis.conf": "etc/redis.conf:file",
|
||||
"ckan/redis_data": "var/lib/redis"
|
||||
}
|
||||
},
|
||||
"ckan-solr": {
|
||||
"image": "solr6_6.5.1-200403",
|
||||
"mounts": {
|
||||
"ckan/solr_data": "var/lib/solr"
|
||||
}
|
||||
},
|
||||
"ckan-postgres": {
|
||||
"image": "postgis_3.0.0-200403",
|
||||
"mounts": {
|
||||
"ckan/postgres_data": "var/lib/postgresql"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,11 +1,10 @@
|
||||
IMAGE ckan-datapusher
|
||||
LAYER shared/alpine3.9
|
||||
LAYER shared/alpine3.9-python2.7
|
||||
LAYER ckan-datapusher/ckan-datapusher
|
||||
IMAGE ckan-datapusher_0.0.16-200403
|
||||
FROM alpine3.10-python2.7_2.7.16-200403
|
||||
# Alpine 3.11 discontinued uwsgi-python2 module
|
||||
|
||||
RUN EOF
|
||||
# Install runtime dependencies
|
||||
apk --no-cache add libffi libressl uwsgi-python
|
||||
apk --no-cache add libffi uwsgi-python
|
||||
|
||||
# Install build dependencies
|
||||
apk --no-cache add --virtual .deps build-base git libffi-dev libressl-dev libxml2-dev libxslt-dev py2-pip python2-dev
|
||||
@ -14,15 +13,19 @@ RUN EOF
|
||||
mkdir -p /srv/ckan-datapusher
|
||||
cd /srv/ckan-datapusher
|
||||
pip install -U setuptools
|
||||
pip install -e 'git+https://github.com/ckan/datapusher.git#egg=datapusher'
|
||||
pip install -e 'git+https://github.com/ckan/datapusher.git@e662e3c33e069ac174cdb4fb1d61121f0ba4bb3a#egg=datapusher'
|
||||
|
||||
# Hackfix the X509_STORE_CTX wrapper
|
||||
sed -i 's/\[security\]//' /srv/ckan-datapusher/src/datapusher/requirements.txt
|
||||
pip install -r /srv/ckan-datapusher/src/datapusher/requirements.txt
|
||||
|
||||
# Hackfix werkzeug==1.0.0 proxy_fix import
|
||||
# https://github.com/ckan/ckan-service-provider/pull/49
|
||||
sed -i 's/werkzeug\.contrib\.fixers/werkzeug.middleware.proxy_fix/' /usr/lib/python2.7/site-packages/ckanserviceprovider/web.py
|
||||
|
||||
# Create OS user
|
||||
addgroup -S -g 8004 ckandp
|
||||
adduser -S -u 8004 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp
|
||||
addgroup -S -g 8080 ckandp
|
||||
adduser -S -u 8080 -h /srv/ckan-datapusher -s /bin/false -g ckandp -G ckandp ckandp
|
||||
chown -R ckandp:ckandp /srv/ckan-datapusher
|
||||
|
||||
# Cleanup
|
||||
@ -31,10 +34,6 @@ RUN EOF
|
||||
rm -rf /root/.cache
|
||||
EOF
|
||||
|
||||
COPY lxc
|
||||
COPY ckan-datapusher.image.d
|
||||
|
||||
MOUNT FILE /etc/ssl/services.pem etc/ssl/services.pem
|
||||
MOUNT DIR /srv/ckan-datapusher/conf etc/ckan-datapusher
|
||||
MOUNT DIR /srv/ckan-datapusher/data srv/ckan-datapusher/data
|
||||
|
||||
CMD execlineb -P /run
|
||||
CMD /bin/execlineb -P /run
|
13
lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert
Executable file
13
lxc-apps/ckan/ckan-datapusher.image.d/bin/add-ca-cert
Executable file
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import ssl
|
||||
|
||||
with open('/etc/ckan-datapusher/add-ca-cert.env') as f:
|
||||
env = dict(tuple(line.split('=')) for line in f.read().splitlines())
|
||||
|
||||
cert = ssl.get_server_certificate((env['HOST'], env['PORT']))
|
||||
with open('/usr/lib/python2.7/site-packages/requests/cacert.pem', 'a') as f:
|
||||
f.write(cert)
|
||||
|
||||
with open('/usr/lib/python2.7/site-packages/certifi/cacert.pem', 'a') as f:
|
||||
f.write(cert)
|
2
lxc-apps/ckan-datapusher/lxc/run → lxc-apps/ckan/ckan-datapusher.image.d/run
Normal file → Executable file
2
lxc-apps/ckan-datapusher/lxc/run → lxc-apps/ckan/ckan-datapusher.image.d/run
Normal file → Executable file
@ -1,5 +1,5 @@
|
||||
#!/bin/execlineb -P
|
||||
|
||||
foreground { add-ca-cert }
|
||||
foreground { /bin/add-ca-cert }
|
||||
s6-setuidgid ckandp
|
||||
uwsgi --plugin python --http-socket 0.0.0.0:8080 --wsgi-file /etc/ckan-datapusher/datapusher.wsgi --enable-threads
|
@ -1,24 +1,19 @@
|
||||
IMAGE ckan
|
||||
LAYER shared/alpine3.9
|
||||
LAYER shared/alpine3.9-python2.7
|
||||
LAYER ckan/ckan
|
||||
IMAGE ckan_2.8.3-200403
|
||||
FROM alpine3.11-python2.7_2.7.16-200403
|
||||
|
||||
RUN EOF
|
||||
# Install runtime dependencies
|
||||
apk --no-cache add geos@vm libjpeg-turbo libmagic libpq mailcap py2-pip zlib
|
||||
apk --no-cache add geos libjpeg-turbo libmagic libpq mailcap py2-pip zlib
|
||||
|
||||
# Install build dependencies
|
||||
apk --no-cache add --virtual .deps build-base git libjpeg-turbo-dev libxml2-dev libxslt-dev postgresql-dev python2-dev zlib-dev
|
||||
|
||||
# Hackfix for python find_library('c') call
|
||||
ln -s /lib/ld-musl-x86_64.so.1 /lib/libc.so.1
|
||||
|
||||
# Install CKAN
|
||||
mkdir -p /srv/ckan
|
||||
cd /srv/ckan
|
||||
pip install -U setuptools
|
||||
pip install flask-debugtoolbar
|
||||
pip install -e 'git+https://github.com/ckan/ckan.git#egg=ckan'
|
||||
pip install -e 'git+https://github.com/ckan/ckan.git@8e1cc60b2fa11da6843051678b7ee2cc08c2a7a9#egg=ckan'
|
||||
pip install -r /srv/ckan/src/ckan/requirements.txt
|
||||
|
||||
# Install CKAN extensions
|
||||
@ -33,9 +28,13 @@ RUN EOF
|
||||
pip install -r /srv/ckan/src/ckanext-geoview/pip-requirements.txt
|
||||
pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt
|
||||
|
||||
# Hackfix support for PostgreSQL 12
|
||||
# https://github.com/sqlalchemy/sqlalchemy/issues/4463
|
||||
sed -i 's/cons\.consrc/pg_get_constraintdef(cons.oid)/' /usr/lib/python2.7/site-packages/sqlalchemy/dialects/postgresql/base.py
|
||||
|
||||
# Create OS user
|
||||
addgroup -S -g 8003 ckan
|
||||
adduser -S -u 8003 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan
|
||||
addgroup -S -g 8080 ckan
|
||||
adduser -S -u 8080 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan
|
||||
chown -R ckan:ckan /srv/ckan
|
||||
|
||||
# Cleanup
|
||||
@ -44,8 +43,6 @@ RUN EOF
|
||||
rm -rf /root/.cache
|
||||
EOF
|
||||
|
||||
MOUNT DIR /srv/ckan/conf etc/ckan
|
||||
MOUNT DIR /srv/ckan/data srv/ckan/storage
|
||||
COPY ckan.image.d
|
||||
|
||||
USER 8003 8003
|
||||
CMD paster serve /etc/ckan/ckan.ini
|
||||
CMD /bin/s6-svscan /etc/services.d
|
2
lxc-apps/ckan/ckan.image.d/etc/crontabs/ckan
Normal file
2
lxc-apps/ckan/ckan.image.d/etc/crontabs/ckan
Normal file
@ -0,0 +1,2 @@
|
||||
0 * * * * paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null
|
||||
0 * * * * paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null
|
4
lxc-apps/ckan/ckan.image.d/etc/services.d/.s6-svscan/finish
Executable file
4
lxc-apps/ckan/ckan.image.d/etc/services.d/.s6-svscan/finish
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/execlineb -P
|
||||
|
||||
foreground { s6-svwait -d -t 3000 ckan }
|
||||
foreground { s6-svwait -d -t 3000 cron }
|
5
lxc-apps/ckan/ckan.image.d/etc/services.d/ckan/run
Executable file
5
lxc-apps/ckan/ckan.image.d/etc/services.d/ckan/run
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/execlineb -P
|
||||
|
||||
fdmove -c 2 1
|
||||
s6-setuidgid ckan
|
||||
paster serve /etc/ckan/ckan.ini
|
4
lxc-apps/ckan/ckan.image.d/etc/services.d/cron/run
Executable file
4
lxc-apps/ckan/ckan.image.d/etc/services.d/cron/run
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/execlineb -P
|
||||
|
||||
fdmove -c 2 1
|
||||
crond -f -d 8
|
@ -1,66 +1,82 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
cd $(realpath $(dirname "${0}"))/install
|
||||
# Volumes
|
||||
POSTGRES_DATA="${VOLUMES_DIR}/ckan/postgres_data"
|
||||
REDIS_CONF="${VOLUMES_DIR}/ckan/redis_conf"
|
||||
REDIS_DATA="${VOLUMES_DIR}/ckan/redis_data"
|
||||
SOLR_DATA="${VOLUMES_DIR}/ckan/solr_data"
|
||||
SOLR_LAYER="${LAYERS_DIR}/solr6_6.5.1-200403"
|
||||
DATAPUSHER_CONF="${VOLUMES_DIR}/ckan/datapusher_conf"
|
||||
DATAPUSHER_DATA="${VOLUMES_DIR}/ckan/datapusher_data"
|
||||
CKAN_CONF="${VOLUMES_DIR}/ckan/ckan_conf"
|
||||
CKAN_DATA="${VOLUMES_DIR}/ckan/ckan_data"
|
||||
|
||||
# Check prerequisites
|
||||
[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
|
||||
[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1
|
||||
[ ! -e /run/openrc/started/solr ] && service solr start && STOP_SOLR=1
|
||||
# Create Postgres instance
|
||||
install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA}
|
||||
spoc-container exec ckan-postgres -- initdb -D /var/lib/postgresql
|
||||
|
||||
# Configure Postgres
|
||||
install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf
|
||||
install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf
|
||||
|
||||
# Create database
|
||||
export CKAN_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
|
||||
export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
|
||||
envsubst <createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql
|
||||
spoc-container start ckan-postgres
|
||||
envsubst <createdb.sql | spoc-container exec ckan-postgres -- psql
|
||||
|
||||
# Configure Redis
|
||||
install -o 100000 -g 106379 -m 750 -d ${REDIS_CONF}
|
||||
install -o 106379 -g 106379 -m 750 -d ${REDIS_DATA}
|
||||
install -o 100000 -g 106379 -m 640 redis_conf/redis.conf ${REDIS_CONF}/redis.conf
|
||||
spoc-container start ckan-redis
|
||||
|
||||
# Configure Solr
|
||||
install -o 108983 -g 108983 -m 750 -d ${SOLR_DATA}
|
||||
cp -p ${SOLR_LAYER}/opt/solr/server/solr/solr.xml ${SOLR_DATA}/solr.xml
|
||||
spoc-container start ckan-solr
|
||||
|
||||
# Configure CKAN Solr core
|
||||
lxc-attach -u 8983 -g 8983 solr -- solr create -p 8983 -c ckan
|
||||
cp srv/solr/data/ckan/conf/schema.xml /srv/solr/data/ckan/conf/schema.xml
|
||||
cp srv/solr/data/ckan/conf/solrconfig.xml /srv/solr/data/ckan/conf/solrconfig.xml
|
||||
chown 8983:8983 /srv/solr/data/ckan/conf/schema.xml
|
||||
service solr restart
|
||||
spoc-container exec ckan-solr -- solr create -p 8983 -c ckan
|
||||
spoc-container stop ckan-solr
|
||||
install -o 108983 -g 108983 -m 640 solr_data/ckan/conf/schema.xml ${SOLR_DATA}/ckan/conf/schema.xml
|
||||
install -o 108983 -g 108983 -m 640 solr_data/ckan/conf/solrconfig.xml ${SOLR_DATA}/ckan/conf/solrconfig.xml
|
||||
spoc-container start ckan-solr
|
||||
|
||||
# Configure CKAN DataPusher
|
||||
install -o 100000 -g 108080 -m 750 -d ${DATAPUSHER_CONF}
|
||||
install -o 108080 -g 108080 -m 750 -d ${DATAPUSHER_DATA}
|
||||
install -o 100000 -g 108080 -m 640 datapusher_conf/add-ca-cert.env ${DATAPUSHER_CONF}/add-ca-cert.env
|
||||
install -o 100000 -g 108080 -m 640 datapusher_conf/datapusher.wsgi ${DATAPUSHER_CONF}/datapusher.wsgi
|
||||
install -o 100000 -g 108080 -m 640 datapusher_conf/datapusher_settings.py ${DATAPUSHER_CONF}/datapusher_settings.py
|
||||
|
||||
# Configure CKAN
|
||||
mkdir -p /srv/ckan/conf /srv/ckan/data
|
||||
install -o 100000 -g 108080 -m 750 -d ${CKAN_CONF}
|
||||
install -o 108080 -g 108080 -m 750 -d ${CKAN_DATA}
|
||||
export CKAN_SECRET=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
|
||||
export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid)
|
||||
envsubst <srv/ckan/conf/ckan.ini >/srv/ckan/conf/ckan.ini
|
||||
cp srv/ckan/conf/who.ini /srv/ckan/conf/who.ini
|
||||
chown -R 8003:8003 /srv/ckan/data
|
||||
|
||||
# Set "production values" (increases performance) only if the DEBUG environment variable is not set
|
||||
if [ ${DEBUG:-0} -eq 0 ]; then
|
||||
sed -i 's/debug = true/debug = false/' /srv/ckan/conf/ckan.ini
|
||||
fi
|
||||
envsubst <ckan_conf/ckan.ini | install -o 100000 -g 108080 -m 640 /dev/stdin ${CKAN_CONF}/ckan.ini
|
||||
install -o 100000 -g 108080 -m 640 ckan_conf/who.ini ${CKAN_CONF}/who.ini
|
||||
|
||||
# Populate database
|
||||
lxc-execute ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini
|
||||
lxc-execute ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
|
||||
lxc-execute ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 postgres -- psql
|
||||
spoc-container exec ckan -- paster --plugin=ckan db init -c /etc/ckan/ckan.ini
|
||||
spoc-container exec ckan -- paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini
|
||||
spoc-container exec ckan -- paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | spoc-container exec ckan-postgres -- psql
|
||||
|
||||
# Create admin account
|
||||
export CKAN_ADMIN_USER="admin"
|
||||
export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid)
|
||||
export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid)
|
||||
export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
|
||||
export CKAN_ADMIN_HASH=$(lxc-execute ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
|
||||
export CKAN_ADMIN_HASH=$(spoc-container exec ckan -- python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')")
|
||||
export CKAN_ADMIN_EMAIL="admin@example.com"
|
||||
envsubst <adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- psql ckan
|
||||
|
||||
# Install cron job
|
||||
cp etc/periodic/hourly/ckan /etc/periodic/hourly/ckan
|
||||
|
||||
# Install service
|
||||
cp etc/init.d/ckan /etc/init.d/ckan
|
||||
rc-update -u
|
||||
|
||||
# Install config update script
|
||||
cp srv/ckan/update-conf.sh /srv/ckan/update-conf.sh
|
||||
envsubst <adminpwd.sql | spoc-container exec ckan-postgres -- psql ckan
|
||||
|
||||
# Stop services required for setup
|
||||
[ ! -z ${STOP_POSTGRES} ] && service postgres stop
|
||||
[ ! -z ${STOP_REDIS} ] && service redis stop
|
||||
[ ! -z ${STOP_SOLR} ] && service solr stop
|
||||
spoc-container stop ckan-solr
|
||||
spoc-container stop ckan-postgres
|
||||
spoc-container stop ckan-redis
|
||||
|
||||
# Register application
|
||||
vmmgr register-app ckan ckan "${CKAN_ADMIN_USER}" "${CKAN_ADMIN_PWD}"
|
||||
|
@ -13,8 +13,9 @@
|
||||
|
||||
[DEFAULT]
|
||||
|
||||
# WARNING: *THIS SETTING MUST BE SET TO FALSE ON A PRODUCTION ENVIRONMENT*
|
||||
debug = true
|
||||
# WARNING: *THIS SETTING MUST BE SET TO FALSE ON A PUBLIC ENVIRONMENT*
|
||||
# With debug mode enabled, a visitor to your site could execute malicious commands.
|
||||
debug = false
|
||||
|
||||
[server:main]
|
||||
use = egg:Paste#http
|
||||
@ -45,15 +46,16 @@ who.log_file = %(cache_dir)s/who_log.ini
|
||||
# who.timeout = 86400
|
||||
|
||||
## Database Settings
|
||||
sqlalchemy.url = postgresql://ckan:${CKAN_PWD}@postgres/ckan
|
||||
sqlalchemy.url = postgresql://ckan:${CKAN_PWD}@ckan-postgres/ckan
|
||||
|
||||
ckan.datastore.write_url = postgresql://ckan:${CKAN_PWD}@postgres/ckan_datastore
|
||||
ckan.datastore.read_url = postgresql://ckan_datastore:${CKAN_DS_PWD}@postgres/ckan_datastore
|
||||
ckan.datastore.write_url = postgresql://ckan:${CKAN_PWD}@ckan-postgres/ckan_datastore
|
||||
ckan.datastore.read_url = postgresql://ckan_datastore:${CKAN_DS_PWD}@ckan-postgres/ckan_datastore
|
||||
|
||||
# PostgreSQL' full-text search parameters
|
||||
ckan.datastore.default_fts_lang = english
|
||||
ckan.datastore.default_fts_index_method = gist
|
||||
|
||||
|
||||
## Site Settings
|
||||
|
||||
ckan.site_url = https://ckan.spotter.vm
|
||||
@ -71,18 +73,20 @@ ckan.auth.user_delete_organizations = false
|
||||
ckan.auth.create_user_via_api = false
|
||||
ckan.auth.create_user_via_web = true
|
||||
ckan.auth.roles_that_cascade_to_sub_groups = admin
|
||||
ckan.auth.public_user_details = true
|
||||
ckan.auth.public_activity_stream_detail = true
|
||||
|
||||
|
||||
## Search Settings
|
||||
|
||||
ckan.site_id = default
|
||||
solr_url = http://solr:8983/solr/ckan
|
||||
solr_url = http://ckan-solr:8983/solr/ckan
|
||||
|
||||
|
||||
## Redis Settings
|
||||
|
||||
# URL to your Redis instance, including the database to be used.
|
||||
ckan.redis.url = redis://redis:6379/0
|
||||
ckan.redis.url = redis://ckan-redis:6379/0
|
||||
|
||||
|
||||
## CORS Settings
|
||||
@ -130,10 +134,6 @@ ckan.datasetthumbnail.auto_generate = true
|
||||
|
||||
## Front-End Settings
|
||||
|
||||
# Uncomment following configuration to enable using of Bootstrap 2
|
||||
#ckan.base_public_folder = public-bs2
|
||||
#ckan.base_templates_folder = templates-bs2
|
||||
|
||||
ckan.site_title = CKAN
|
||||
ckan.site_logo = /base/images/ckan-logo.png
|
||||
ckan.site_description =
|
||||
@ -146,7 +146,6 @@ ckan.display_timezone = server
|
||||
# package_hide_extras = for_search_index_only
|
||||
#package_edit_return_url = http://another.frontend/dataset/<NAME>
|
||||
#package_new_return_url = http://another.frontend/dataset/<NAME>
|
||||
#ckan.recaptcha.version = 1
|
||||
#ckan.recaptcha.publickey =
|
||||
#ckan.recaptcha.privatekey =
|
||||
#licenses_group_url = http://licenses.opendefinition.org/licenses/groups/ckan.json
|
||||
@ -172,6 +171,11 @@ ckan.storage_path = /srv/ckan/storage
|
||||
ckan.max_resource_size = 100
|
||||
ckan.max_image_size = 10
|
||||
|
||||
## Webassets Settings
|
||||
#ckan.webassets.use_x_sendfile = false
|
||||
#ckan.webassets.path = /var/lib/ckan/webassets
|
||||
|
||||
|
||||
## Datapusher settings
|
||||
|
||||
# Make sure you have set up the DataStore
|
||||
@ -204,7 +208,10 @@ smtp.starttls = False
|
||||
#smtp.user = username@example.com
|
||||
#smtp.password = your_password
|
||||
smtp.mail_from = admin@example.com
|
||||
#smtp.reply_to =
|
||||
|
||||
## Background Job Settings
|
||||
ckan.jobs.timeout = 180
|
||||
|
||||
## Logging configuration
|
||||
[loggers]
|
2
lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env
Normal file
2
lxc-apps/ckan/install/datapusher_conf/add-ca-cert.env
Normal file
@ -0,0 +1,2 @@
|
||||
HOST=ckan.spotter.vm
|
||||
PORT=443
|
@ -1,23 +0,0 @@
|
||||
#!/sbin/openrc-run
|
||||
|
||||
description="CKAN container"
|
||||
|
||||
depend() {
|
||||
need ckan-datapusher postgres redis solr
|
||||
}
|
||||
|
||||
start() {
|
||||
lxc-start ckan
|
||||
}
|
||||
|
||||
start_post() {
|
||||
vmmgr register-proxy ckan
|
||||
}
|
||||
|
||||
stop_pre() {
|
||||
vmmgr unregister-proxy ckan
|
||||
}
|
||||
|
||||
stop() {
|
||||
lxc-stop ckan
|
||||
}
|
@ -1,6 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [ -e /run/openrc/started/ckan ]; then
|
||||
lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan tracking update -c /etc/ckan/ckan.ini >/dev/null
|
||||
lxc-attach -u 8003 -g 8003 ckan -- paster --plugin=ckan search-index rebuild -r -c /etc/ckan/ckan.ini >/dev/null
|
||||
fi
|
3
lxc-apps/ckan/install/postgres_data/pg_hba.conf
Normal file
3
lxc-apps/ckan/install/postgres_data/pg_hba.conf
Normal file
@ -0,0 +1,3 @@
|
||||
local all postgres peer
|
||||
local all all md5
|
||||
host all all 0.0.0.0/0 md5
|
750
lxc-apps/ckan/install/postgres_data/postgresql.conf
Normal file
750
lxc-apps/ckan/install/postgres_data/postgresql.conf
Normal file
@ -0,0 +1,750 @@
|
||||
# -----------------------------
|
||||
# PostgreSQL configuration file
|
||||
# -----------------------------
|
||||
#
|
||||
# This file consists of lines of the form:
|
||||
#
|
||||
# name = value
|
||||
#
|
||||
# (The "=" is optional.) Whitespace may be used. Comments are introduced with
|
||||
# "#" anywhere on a line. The complete list of parameter names and allowed
|
||||
# values can be found in the PostgreSQL documentation.
|
||||
#
|
||||
# The commented-out settings shown in this file represent the default values.
|
||||
# Re-commenting a setting is NOT sufficient to revert it to the default value;
|
||||
# you need to reload the server.
|
||||
#
|
||||
# This file is read on server startup and when the server receives a SIGHUP
|
||||
# signal. If you edit the file on a running system, you have to SIGHUP the
|
||||
# server for the changes to take effect, run "pg_ctl reload", or execute
|
||||
# "SELECT pg_reload_conf()". Some parameters, which are marked below,
|
||||
# require a server shutdown and restart to take effect.
|
||||
#
|
||||
# Any parameter can also be given as a command-line option to the server, e.g.,
|
||||
# "postgres -c log_connections=on". Some parameters can be changed at run time
|
||||
# with the "SET" SQL command.
|
||||
#
|
||||
# Memory units: kB = kilobytes Time units: ms = milliseconds
|
||||
# MB = megabytes s = seconds
|
||||
# GB = gigabytes min = minutes
|
||||
# TB = terabytes h = hours
|
||||
# d = days
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# FILE LOCATIONS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# The default values of these variables are driven from the -D command-line
|
||||
# option or PGDATA environment variable, represented here as ConfigDir.
|
||||
|
||||
#data_directory = 'ConfigDir' # use data in another directory
|
||||
# (change requires restart)
|
||||
#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
|
||||
# (change requires restart)
|
||||
#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
|
||||
# (change requires restart)
|
||||
|
||||
# If external_pid_file is not explicitly set, no extra PID file is written.
|
||||
#external_pid_file = '' # write an extra PID file
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CONNECTIONS AND AUTHENTICATION
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Connection Settings -
|
||||
|
||||
listen_addresses = '*' # what IP address(es) to listen on;
|
||||
# comma-separated list of addresses;
|
||||
# defaults to 'localhost'; use '*' for all
|
||||
# (change requires restart)
|
||||
#port = 5432 # (change requires restart)
|
||||
max_connections = 100 # (change requires restart)
|
||||
#superuser_reserved_connections = 3 # (change requires restart)
|
||||
unix_socket_directories = '/run/postgresql,/tmp' # comma-separated list of directories
|
||||
# (change requires restart)
|
||||
#unix_socket_group = '' # (change requires restart)
|
||||
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
|
||||
# (change requires restart)
|
||||
#bonjour = off # advertise server via Bonjour
|
||||
# (change requires restart)
|
||||
#bonjour_name = '' # defaults to the computer name
|
||||
# (change requires restart)
|
||||
|
||||
# - TCP settings -
|
||||
# see "man 7 tcp" for details
|
||||
|
||||
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
|
||||
# 0 selects the system default
|
||||
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
|
||||
# 0 selects the system default
|
||||
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
|
||||
# 0 selects the system default
|
||||
#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
|
||||
# 0 selects the system default
|
||||
|
||||
# - Authentication -
|
||||
|
||||
#authentication_timeout = 1min # 1s-600s
|
||||
#password_encryption = md5 # md5 or scram-sha-256
|
||||
#db_user_namespace = off
|
||||
|
||||
# GSSAPI using Kerberos
|
||||
#krb_server_keyfile = ''
|
||||
#krb_caseins_users = off
|
||||
|
||||
# - SSL -
|
||||
|
||||
#ssl = off
|
||||
#ssl_ca_file = ''
|
||||
#ssl_cert_file = 'server.crt'
|
||||
#ssl_crl_file = ''
|
||||
#ssl_key_file = 'server.key'
|
||||
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
|
||||
#ssl_prefer_server_ciphers = on
|
||||
#ssl_ecdh_curve = 'prime256v1'
|
||||
#ssl_min_protocol_version = 'TLSv1'
|
||||
#ssl_max_protocol_version = ''
|
||||
#ssl_dh_params_file = ''
|
||||
#ssl_passphrase_command = ''
|
||||
#ssl_passphrase_command_supports_reload = off
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# RESOURCE USAGE (except WAL)
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Memory -
|
||||
|
||||
shared_buffers = 128MB # min 128kB
|
||||
# (change requires restart)
|
||||
#huge_pages = try # on, off, or try
|
||||
# (change requires restart)
|
||||
#temp_buffers = 8MB # min 800kB
|
||||
#max_prepared_transactions = 0 # zero disables the feature
|
||||
# (change requires restart)
|
||||
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
|
||||
# you actively intend to use prepared transactions.
|
||||
#work_mem = 4MB # min 64kB
|
||||
#maintenance_work_mem = 64MB # min 1MB
|
||||
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
|
||||
#max_stack_depth = 2MB # min 100kB
|
||||
#shared_memory_type = mmap # the default is the first option
|
||||
# supported by the operating system:
|
||||
# mmap
|
||||
# sysv
|
||||
# windows
|
||||
# (change requires restart)
|
||||
dynamic_shared_memory_type = posix # the default is the first option
|
||||
# supported by the operating system:
|
||||
# posix
|
||||
# sysv
|
||||
# windows
|
||||
# mmap
|
||||
# (change requires restart)
|
||||
|
||||
# - Disk -
|
||||
|
||||
#temp_file_limit = -1 # limits per-process temp file space
|
||||
# in kB, or -1 for no limit
|
||||
|
||||
# - Kernel Resources -
|
||||
|
||||
#max_files_per_process = 1000 # min 25
|
||||
# (change requires restart)
|
||||
|
||||
# - Cost-Based Vacuum Delay -
|
||||
|
||||
#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
|
||||
#vacuum_cost_page_hit = 1 # 0-10000 credits
|
||||
#vacuum_cost_page_miss = 10 # 0-10000 credits
|
||||
#vacuum_cost_page_dirty = 20 # 0-10000 credits
|
||||
#vacuum_cost_limit = 200 # 1-10000 credits
|
||||
|
||||
# - Background Writer -
|
||||
|
||||
#bgwriter_delay = 200ms # 10-10000ms between rounds
|
||||
#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
|
||||
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
|
||||
#bgwriter_flush_after = 512kB # measured in pages, 0 disables
|
||||
|
||||
# - Asynchronous Behavior -
|
||||
|
||||
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
|
||||
#max_worker_processes = 8 # (change requires restart)
|
||||
#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
|
||||
#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
|
||||
#parallel_leader_participation = on
|
||||
#max_parallel_workers = 8 # maximum number of max_worker_processes that
|
||||
# can be used in parallel operations
|
||||
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
|
||||
# (change requires restart)
|
||||
#backend_flush_after = 0 # measured in pages, 0 disables
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# WRITE-AHEAD LOG
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Settings -
|
||||
|
||||
wal_level = minimal # minimal, replica, or logical
|
||||
# (change requires restart)
|
||||
#fsync = on # flush data to disk for crash safety
|
||||
# (turning this off can cause
|
||||
# unrecoverable data corruption)
|
||||
#synchronous_commit = on # synchronization level;
|
||||
# off, local, remote_write, remote_apply, or on
|
||||
#wal_sync_method = fsync # the default is the first option
|
||||
# supported by the operating system:
|
||||
# open_datasync
|
||||
# fdatasync (default on Linux)
|
||||
# fsync
|
||||
# fsync_writethrough
|
||||
# open_sync
|
||||
#full_page_writes = on # recover from partial page writes
|
||||
#wal_compression = off # enable compression of full-page writes
|
||||
#wal_log_hints = off # also do full page writes of non-critical updates
|
||||
# (change requires restart)
|
||||
#wal_init_zero = on # zero-fill new WAL files
|
||||
#wal_recycle = on # recycle WAL files
|
||||
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
|
||||
# (change requires restart)
|
||||
#wal_writer_delay = 200ms # 1-10000 milliseconds
|
||||
#wal_writer_flush_after = 1MB # measured in pages, 0 disables
|
||||
|
||||
#commit_delay = 0 # range 0-100000, in microseconds
|
||||
#commit_siblings = 5 # range 1-1000
|
||||
|
||||
# - Checkpoints -
|
||||
|
||||
#checkpoint_timeout = 5min # range 30s-1d
|
||||
#max_wal_size = 1GB
|
||||
#min_wal_size = 80MB
|
||||
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0
|
||||
#checkpoint_flush_after = 256kB # measured in pages, 0 disables
|
||||
#checkpoint_warning = 30s # 0 disables
|
||||
|
||||
# - Archiving -
|
||||
|
||||
#archive_mode = off # enables archiving; off, on, or always
|
||||
# (change requires restart)
|
||||
#archive_command = '' # command to use to archive a logfile segment
|
||||
# placeholders: %p = path of file to archive
|
||||
# %f = file name only
|
||||
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
|
||||
#archive_timeout = 0 # force a logfile segment switch after this
|
||||
# number of seconds; 0 disables
|
||||
|
||||
# - Archive Recovery -
|
||||
|
||||
# These are only used in recovery mode.
|
||||
|
||||
#restore_command = '' # command to use to restore an archived logfile segment
|
||||
# placeholders: %p = path of file to restore
|
||||
# %f = file name only
|
||||
# e.g. 'cp /mnt/server/archivedir/%f %p'
|
||||
# (change requires restart)
|
||||
#archive_cleanup_command = '' # command to execute at every restartpoint
|
||||
#recovery_end_command = '' # command to execute at completion of recovery
|
||||
|
||||
# - Recovery Target -
|
||||
|
||||
# Set these only when performing a targeted recovery.
|
||||
|
||||
#recovery_target = '' # 'immediate' to end recovery as soon as a
|
||||
# consistent state is reached
|
||||
# (change requires restart)
|
||||
#recovery_target_name = '' # the named restore point to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_time = '' # the time stamp up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_xid = '' # the transaction ID up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
|
||||
# (change requires restart)
|
||||
#recovery_target_inclusive = on # Specifies whether to stop:
|
||||
# just after the specified recovery target (on)
|
||||
# just before the recovery target (off)
|
||||
# (change requires restart)
|
||||
#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
|
||||
# (change requires restart)
|
||||
#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# REPLICATION
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Sending Servers -
|
||||
|
||||
# Set these on the master and on any standby that will send replication data.
|
||||
|
||||
max_wal_senders = 0 # max number of walsender processes
|
||||
# (change requires restart)
|
||||
#wal_keep_segments = 0 # in logfile segments; 0 disables
|
||||
#wal_sender_timeout = 60s # in milliseconds; 0 disables
|
||||
|
||||
max_replication_slots = 0 # max number of replication slots
|
||||
# (change requires restart)
|
||||
#track_commit_timestamp = off # collect timestamp of transaction commit
|
||||
# (change requires restart)
|
||||
|
||||
# - Master Server -
|
||||
|
||||
# These settings are ignored on a standby server.
|
||||
|
||||
#synchronous_standby_names = '' # standby servers that provide sync rep
|
||||
# method to choose sync standbys, number of sync standbys,
|
||||
# and comma-separated list of application_name
|
||||
# from standby(s); '*' = all
|
||||
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
|
||||
|
||||
# - Standby Servers -
|
||||
|
||||
# These settings are ignored on a master server.
|
||||
|
||||
#primary_conninfo = '' # connection string to sending server
|
||||
# (change requires restart)
|
||||
#primary_slot_name = '' # replication slot on sending server
|
||||
# (change requires restart)
|
||||
#promote_trigger_file = '' # file name whose presence ends recovery
|
||||
#hot_standby = on # "off" disallows queries during recovery
|
||||
# (change requires restart)
|
||||
#max_standby_archive_delay = 30s # max delay before canceling queries
|
||||
# when reading WAL from archive;
|
||||
# -1 allows indefinite delay
|
||||
#max_standby_streaming_delay = 30s # max delay before canceling queries
|
||||
# when reading streaming WAL;
|
||||
# -1 allows indefinite delay
|
||||
#wal_receiver_status_interval = 10s # send replies at least this often
|
||||
# 0 disables
|
||||
#hot_standby_feedback = off # send info from standby to prevent
|
||||
# query conflicts
|
||||
#wal_receiver_timeout = 60s # time that receiver waits for
|
||||
# communication from master
|
||||
# in milliseconds; 0 disables
|
||||
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
|
||||
# retrieve WAL after a failed attempt
|
||||
#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
|
||||
|
||||
# - Subscribers -
|
||||
|
||||
# These settings are ignored on a publisher.
|
||||
|
||||
max_logical_replication_workers = 0 # taken from max_worker_processes
|
||||
# (change requires restart)
|
||||
max_sync_workers_per_subscription = 0 # taken from max_logical_replication_workers
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# QUERY TUNING
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Planner Method Configuration -
|
||||
|
||||
#enable_bitmapscan = on
|
||||
#enable_hashagg = on
|
||||
#enable_hashjoin = on
|
||||
#enable_indexscan = on
|
||||
#enable_indexonlyscan = on
|
||||
#enable_material = on
|
||||
#enable_mergejoin = on
|
||||
#enable_nestloop = on
|
||||
#enable_parallel_append = on
|
||||
#enable_seqscan = on
|
||||
#enable_sort = on
|
||||
#enable_tidscan = on
|
||||
#enable_partitionwise_join = off
|
||||
#enable_partitionwise_aggregate = off
|
||||
#enable_parallel_hash = on
|
||||
#enable_partition_pruning = on
|
||||
|
||||
# - Planner Cost Constants -
|
||||
|
||||
#seq_page_cost = 1.0 # measured on an arbitrary scale
|
||||
#random_page_cost = 4.0 # same scale as above
|
||||
#cpu_tuple_cost = 0.01 # same scale as above
|
||||
#cpu_index_tuple_cost = 0.005 # same scale as above
|
||||
#cpu_operator_cost = 0.0025 # same scale as above
|
||||
#parallel_tuple_cost = 0.1 # same scale as above
|
||||
#parallel_setup_cost = 1000.0 # same scale as above
|
||||
|
||||
#jit_above_cost = 100000 # perform JIT compilation if available
|
||||
# and query more expensive than this;
|
||||
# -1 disables
|
||||
#jit_inline_above_cost = 500000 # inline small functions if query is
|
||||
# more expensive than this; -1 disables
|
||||
#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
|
||||
# query is more expensive than this;
|
||||
# -1 disables
|
||||
|
||||
#min_parallel_table_scan_size = 8MB
|
||||
#min_parallel_index_scan_size = 512kB
|
||||
#effective_cache_size = 4GB
|
||||
|
||||
# - Genetic Query Optimizer -
|
||||
|
||||
#geqo = on
|
||||
#geqo_threshold = 12
|
||||
#geqo_effort = 5 # range 1-10
|
||||
#geqo_pool_size = 0 # selects default based on effort
|
||||
#geqo_generations = 0 # selects default based on effort
|
||||
#geqo_selection_bias = 2.0 # range 1.5-2.0
|
||||
#geqo_seed = 0.0 # range 0.0-1.0
|
||||
|
||||
# - Other Planner Options -
|
||||
|
||||
#default_statistics_target = 100 # range 1-10000
|
||||
#constraint_exclusion = partition # on, off, or partition
|
||||
#cursor_tuple_fraction = 0.1 # range 0.0-1.0
|
||||
#from_collapse_limit = 8
|
||||
#join_collapse_limit = 8 # 1 disables collapsing of explicit
|
||||
# JOIN clauses
|
||||
#force_parallel_mode = off
|
||||
#jit = on # allow JIT compilation
|
||||
#plan_cache_mode = auto # auto, force_generic_plan or
|
||||
# force_custom_plan
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# REPORTING AND LOGGING
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Where to Log -
|
||||
|
||||
#log_destination = 'stderr' # Valid values are combinations of
|
||||
# stderr, csvlog, syslog, and eventlog,
|
||||
# depending on platform. csvlog
|
||||
# requires logging_collector to be on.
|
||||
|
||||
# This is used when logging to stderr:
|
||||
#logging_collector = off # Enable capturing of stderr and csvlog
|
||||
# into log files. Required to be on for
|
||||
# csvlogs.
|
||||
# (change requires restart)
|
||||
|
||||
# These are only used if logging_collector is on:
|
||||
#log_directory = 'log' # directory where log files are written,
|
||||
# can be absolute or relative to PGDATA
|
||||
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
|
||||
# can include strftime() escapes
|
||||
#log_file_mode = 0600 # creation mode for log files,
|
||||
# begin with 0 to use octal notation
|
||||
#log_truncate_on_rotation = off # If on, an existing log file with the
|
||||
# same name as the new log file will be
|
||||
# truncated rather than appended to.
|
||||
# But such truncation only occurs on
|
||||
# time-driven rotation, not on restarts
|
||||
# or size-driven rotation. Default is
|
||||
# off, meaning append to existing files
|
||||
# in all cases.
|
||||
#log_rotation_age = 1d # Automatic rotation of logfiles will
|
||||
# happen after that time. 0 disables.
|
||||
#log_rotation_size = 10MB # Automatic rotation of logfiles will
|
||||
# happen after that much log output.
|
||||
# 0 disables.
|
||||
|
||||
# These are relevant when logging to syslog:
|
||||
#syslog_facility = 'LOCAL0'
|
||||
#syslog_ident = 'postgres'
|
||||
#syslog_sequence_numbers = on
|
||||
#syslog_split_messages = on
|
||||
|
||||
# This is only relevant when logging to eventlog (win32):
|
||||
# (change requires restart)
|
||||
#event_source = 'PostgreSQL'
|
||||
|
||||
# - When to Log -
|
||||
|
||||
#log_min_messages = warning # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# info
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
# log
|
||||
# fatal
|
||||
# panic
|
||||
|
||||
#log_min_error_statement = error # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# info
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
# log
|
||||
# fatal
|
||||
# panic (effectively off)
|
||||
|
||||
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
|
||||
# and their durations, > 0 logs only
|
||||
# statements running at least this number
|
||||
# of milliseconds
|
||||
|
||||
#log_transaction_sample_rate = 0.0 # Fraction of transactions whose statements
|
||||
# are logged regardless of their duration. 1.0 logs all
|
||||
# statements from all transactions, 0.0 never logs.
|
||||
|
||||
# - What to Log -
|
||||
|
||||
#debug_print_parse = off
|
||||
#debug_print_rewritten = off
|
||||
#debug_print_plan = off
|
||||
#debug_pretty_print = on
|
||||
#log_checkpoints = off
|
||||
#log_connections = off
|
||||
#log_disconnections = off
|
||||
#log_duration = off
|
||||
#log_error_verbosity = default # terse, default, or verbose messages
|
||||
#log_hostname = off
|
||||
log_line_prefix = '%m [%p] %q%u@%d ' # special values:
|
||||
# %a = application name
|
||||
# %u = user name
|
||||
# %d = database name
|
||||
# %r = remote host and port
|
||||
# %h = remote host
|
||||
# %p = process ID
|
||||
# %t = timestamp without milliseconds
|
||||
# %m = timestamp with milliseconds
|
||||
# %n = timestamp with milliseconds (as a Unix epoch)
|
||||
# %i = command tag
|
||||
# %e = SQL state
|
||||
# %c = session ID
|
||||
# %l = session line number
|
||||
# %s = session start timestamp
|
||||
# %v = virtual transaction ID
|
||||
# %x = transaction ID (0 if none)
|
||||
# %q = stop here in non-session
|
||||
# processes
|
||||
# %% = '%'
|
||||
# e.g. '<%u%%%d> '
|
||||
#log_lock_waits = off # log lock waits >= deadlock_timeout
|
||||
#log_statement = 'none' # none, ddl, mod, all
|
||||
#log_replication_commands = off
|
||||
#log_temp_files = -1 # log temporary files equal or larger
|
||||
# than the specified size in kilobytes;
|
||||
# -1 disables, 0 logs all temp files
|
||||
log_timezone = 'Europe/Prague'
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# PROCESS TITLE
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#cluster_name = '' # added to process titles if nonempty
|
||||
# (change requires restart)
|
||||
#update_process_title = on
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# STATISTICS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Query and Index Statistics Collector -
|
||||
|
||||
#track_activities = on
|
||||
#track_counts = on
|
||||
#track_io_timing = off
|
||||
#track_functions = none # none, pl, all
|
||||
#track_activity_query_size = 1024 # (change requires restart)
|
||||
#stats_temp_directory = 'pg_stat_tmp'
|
||||
|
||||
|
||||
# - Monitoring -
|
||||
|
||||
#log_parser_stats = off
|
||||
#log_planner_stats = off
|
||||
#log_executor_stats = off
|
||||
#log_statement_stats = off
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# AUTOVACUUM
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#autovacuum = on # Enable autovacuum subprocess? 'on'
|
||||
# requires track_counts to also be on.
|
||||
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and
|
||||
# their durations, > 0 logs only
|
||||
# actions running at least this number
|
||||
# of milliseconds.
|
||||
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses
|
||||
# (change requires restart)
|
||||
#autovacuum_naptime = 1min # time between autovacuum runs
|
||||
#autovacuum_vacuum_threshold = 50 # min number of row updates before
|
||||
# vacuum
|
||||
#autovacuum_analyze_threshold = 50 # min number of row updates before
|
||||
# analyze
|
||||
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
|
||||
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
|
||||
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
|
||||
# (change requires restart)
|
||||
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
|
||||
# before forced vacuum
|
||||
# (change requires restart)
|
||||
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
|
||||
# autovacuum, in milliseconds;
|
||||
# -1 means use vacuum_cost_delay
|
||||
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
|
||||
# autovacuum, -1 means use
|
||||
# vacuum_cost_limit
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CLIENT CONNECTION DEFAULTS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Statement Behavior -
|
||||
|
||||
#client_min_messages = notice # values in order of decreasing detail:
|
||||
# debug5
|
||||
# debug4
|
||||
# debug3
|
||||
# debug2
|
||||
# debug1
|
||||
# log
|
||||
# notice
|
||||
# warning
|
||||
# error
|
||||
#search_path = '"$user", public' # schema names
|
||||
#row_security = on
|
||||
#default_tablespace = '' # a tablespace name, '' uses the default
|
||||
#temp_tablespaces = '' # a list of tablespace names, '' uses
|
||||
# only default tablespace
|
||||
#default_table_access_method = 'heap'
|
||||
#check_function_bodies = on
|
||||
#default_transaction_isolation = 'read committed'
|
||||
#default_transaction_read_only = off
|
||||
#default_transaction_deferrable = off
|
||||
#session_replication_role = 'origin'
|
||||
#statement_timeout = 0 # in milliseconds, 0 is disabled
|
||||
#lock_timeout = 0 # in milliseconds, 0 is disabled
|
||||
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
|
||||
#vacuum_freeze_min_age = 50000000
|
||||
#vacuum_freeze_table_age = 150000000
|
||||
#vacuum_multixact_freeze_min_age = 5000000
|
||||
#vacuum_multixact_freeze_table_age = 150000000
|
||||
#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples
|
||||
# before index cleanup, 0 always performs
|
||||
# index cleanup
|
||||
#bytea_output = 'hex' # hex, escape
|
||||
#xmlbinary = 'base64'
|
||||
#xmloption = 'content'
|
||||
#gin_fuzzy_search_limit = 0
|
||||
#gin_pending_list_limit = 4MB
|
||||
|
||||
# - Locale and Formatting -
|
||||
|
||||
datestyle = 'iso, mdy'
|
||||
#intervalstyle = 'postgres'
|
||||
timezone = 'Europe/Prague'
|
||||
#timezone_abbreviations = 'Default' # Select the set of available time zone
|
||||
# abbreviations. Currently, there are
|
||||
# Default
|
||||
# Australia (historical usage)
|
||||
# India
|
||||
# You can create your own file in
|
||||
# share/timezonesets/.
|
||||
#extra_float_digits = 1 # min -15, max 3; any value >0 actually
|
||||
# selects precise output mode
|
||||
#client_encoding = sql_ascii # actually, defaults to database
|
||||
# encoding
|
||||
|
||||
# These settings are initialized by initdb, but they can be changed.
|
||||
lc_messages = 'C' # locale for system error message
|
||||
# strings
|
||||
lc_monetary = 'C' # locale for monetary formatting
|
||||
lc_numeric = 'C' # locale for number formatting
|
||||
lc_time = 'C' # locale for time formatting
|
||||
|
||||
# default configuration for text search
|
||||
default_text_search_config = 'pg_catalog.english'
|
||||
|
||||
# - Shared Library Preloading -
|
||||
|
||||
#shared_preload_libraries = '' # (change requires restart)
|
||||
#local_preload_libraries = ''
|
||||
#session_preload_libraries = ''
|
||||
#jit_provider = 'llvmjit' # JIT library to use
|
||||
|
||||
# - Other Defaults -
|
||||
|
||||
#dynamic_library_path = '$libdir'
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# LOCK MANAGEMENT
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#deadlock_timeout = 1s
|
||||
#max_locks_per_transaction = 64 # min 10
|
||||
# (change requires restart)
|
||||
#max_pred_locks_per_transaction = 64 # min 10
|
||||
# (change requires restart)
|
||||
#max_pred_locks_per_relation = -2 # negative values mean
|
||||
# (max_pred_locks_per_transaction
|
||||
# / -max_pred_locks_per_relation) - 1
|
||||
#max_pred_locks_per_page = 2 # min 0
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# VERSION AND PLATFORM COMPATIBILITY
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# - Previous PostgreSQL Versions -
|
||||
|
||||
#array_nulls = on
|
||||
#backslash_quote = safe_encoding # on, off, or safe_encoding
|
||||
#escape_string_warning = on
|
||||
#lo_compat_privileges = off
|
||||
#operator_precedence_warning = off
|
||||
#quote_all_identifiers = off
|
||||
#standard_conforming_strings = on
|
||||
#synchronize_seqscans = on
|
||||
|
||||
# - Other Platforms and Clients -
|
||||
|
||||
#transform_null_equals = off
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# ERROR HANDLING
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#exit_on_error = off # terminate session on any error?
|
||||
#restart_after_crash = on # reinitialize after backend crash?
|
||||
#data_sync_retry = off # retry or panic on failure to fsync
|
||||
# data?
|
||||
# (change requires restart)
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CONFIG FILE INCLUDES
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# These options allow settings to be loaded from files other than the
|
||||
# default postgresql.conf. Note that these are directives, not variable
|
||||
# assignments, so they can usefully be given more than once.
|
||||
|
||||
#include_dir = '...' # include files ending in '.conf' from
|
||||
# a directory, e.g., 'conf.d'
|
||||
#include_if_exists = '...' # include file only if it exists
|
||||
#include = '...' # include file
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# CUSTOMIZED OPTIONS
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# Add settings for extensions here
|
@ -191,7 +191,7 @@ databases 16
|
||||
#
|
||||
# However it is possible to force the pre-4.0 behavior and always show a
|
||||
# ASCII art logo in startup logs by setting the following option to yes.
|
||||
always-show-logo yes
|
||||
always-show-logo no
|
||||
|
||||
################################ SNAPSHOTTING ################################
|
||||
#
|
53
lxc-apps/ckan/install/solr_data/solr.xml
Normal file
53
lxc-apps/ckan/install/solr_data/solr.xml
Normal file
@ -0,0 +1,53 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
contributor license agreements. See the NOTICE file distributed with
|
||||
this work for additional information regarding copyright ownership.
|
||||
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
(the "License"); you may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
|
||||
<!--
|
||||
This is an example of a simple "solr.xml" file for configuring one or
|
||||
more Solr Cores, as well as allowing Cores to be added, removed, and
|
||||
reloaded via HTTP requests.
|
||||
|
||||
More information about options available in this configuration file,
|
||||
and Solr Core administration can be found online:
|
||||
http://wiki.apache.org/solr/CoreAdmin
|
||||
-->
|
||||
|
||||
<solr>
|
||||
|
||||
<solrcloud>
|
||||
|
||||
<str name="host">${host:}</str>
|
||||
<int name="hostPort">${jetty.port:8983}</int>
|
||||
<str name="hostContext">${hostContext:solr}</str>
|
||||
|
||||
<bool name="genericCoreNodeNames">${genericCoreNodeNames:true}</bool>
|
||||
|
||||
<int name="zkClientTimeout">${zkClientTimeout:30000}</int>
|
||||
<int name="distribUpdateSoTimeout">${distribUpdateSoTimeout:600000}</int>
|
||||
<int name="distribUpdateConnTimeout">${distribUpdateConnTimeout:60000}</int>
|
||||
<str name="zkCredentialsProvider">${zkCredentialsProvider:org.apache.solr.common.cloud.DefaultZkCredentialsProvider}</str>
|
||||
<str name="zkACLProvider">${zkACLProvider:org.apache.solr.common.cloud.DefaultZkACLProvider}</str>
|
||||
|
||||
</solrcloud>
|
||||
|
||||
<shardHandlerFactory name="shardHandlerFactory"
|
||||
class="HttpShardHandlerFactory">
|
||||
<int name="socketTimeout">${socketTimeout:600000}</int>
|
||||
<int name="connTimeout">${connTimeout:60000}</int>
|
||||
</shardHandlerFactory>
|
||||
|
||||
</solr>
|
@ -1,8 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
HOST="${DOMAIN}"
|
||||
[ "${PORT}" != "443" ] && HOST="${DOMAIN}:${PORT}"
|
||||
sed -i "s|\(^ckan\.site_url = \).*|\1https://ckan.${HOST}|" /srv/ckan/conf/ckan.ini
|
||||
|
||||
sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" /srv/ckan/conf/ckan.ini
|
||||
sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" /srv/ckan/conf/ckan.ini
|
20
lxc-apps/ckan/install/update-conf.sh
Executable file
20
lxc-apps/ckan/install/update-conf.sh
Executable file
@ -0,0 +1,20 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Volumes
|
||||
DATAPUSHER_CONF="${VOLUMES_DIR}/ckan/datapusher_conf"
|
||||
CKAN_CONF="${VOLUMES_DIR}/ckan/ckan_conf"
|
||||
|
||||
# Variables
|
||||
HTTP_HOST="${HOST}"
|
||||
[ "${PORT}" != "443" ] && HTTP_HOST="${HTTP_HOST}:${PORT}"
|
||||
|
||||
# Replacements
|
||||
sed -i "s|\(^ckan\.site_url = \).*|\1https://${HTTP_HOST}|" ${CKAN_CONF}/ckan.ini
|
||||
sed -i "s|\(^smtp\.mail_from = \).*|\1${EMAIL}|" ${CKAN_CONF}/ckan.ini
|
||||
sed -i "s|\(^ckanext\.geoview\.gapi_key = \).*|\1${GMAPS_API_KEY}|" ${CKAN_CONF}/ckan.ini
|
||||
|
||||
cat <<EOF >${DATAPUSHER_CONF}/add-ca-cert.env
|
||||
HOST=${HOST}
|
||||
PORT=${PORT}
|
||||
EOF
|
||||
sed -i "s|\(^FROM_EMAIL = \).*|\1'${EMAIL}'|" ${DATAPUSHER_CONF}/datapusher_settings.py
|
@ -1,10 +0,0 @@
|
||||
{
|
||||
"title": "CKAN",
|
||||
"desc-cs": "Datový sklad",
|
||||
"desc-en": "Data store",
|
||||
"lxcpath": "ckan",
|
||||
"version": "0.0.1",
|
||||
"release": "0",
|
||||
"license": "GPL",
|
||||
"depends": ["alpine3.9-python2.7", "ckan-datapusher", "postgres", "redis", "solr"]
|
||||
}
|
@ -1,27 +1,8 @@
|
||||
#!/bin/sh
|
||||
set -ev
|
||||
|
||||
# Remove cronjob
|
||||
rm -f /etc/periodic/hourly/ckan
|
||||
|
||||
# Remove service
|
||||
rm -f /etc/init.d/ckan
|
||||
rc-update -u
|
||||
|
||||
# Drop database and user
|
||||
[ ! -e /run/openrc/started/postgres ] && service postgres start && STOP_POSTGRES=1
|
||||
echo 'DROP DATABASE IF EXISTS ckan; DROP DATABASE IF EXISTS ckan_datastore; DROP ROLE IF EXISTS ckan; DROP ROLE IF EXISTS ckan_datastore;' | lxc-attach -u 5432 -g 5432 postgres -- psql
|
||||
[ ! -z ${STOP_POSTGRES} ] && service postgres stop
|
||||
|
||||
# Remove redis data
|
||||
[ ! -e /run/openrc/started/redis ] && service redis start && STOP_REDIS=1
|
||||
lxc-attach redis -- redis-cli -n 0 flushdb
|
||||
[ ! -z ${STOP_REDIS} ] && service redis stop
|
||||
|
||||
# Remove solr core
|
||||
[ -e /run/openrc/started/solr ] && service solr stop && START_SOLR=1
|
||||
rm -rf /srv/solr/data/ckan
|
||||
[ ! -z ${START_SOLR} ] && service solr start
|
||||
# Remove persistent data
|
||||
rm -rf "${VOLUMES_DIR}/ckan"
|
||||
|
||||
# Unregister application
|
||||
vmmgr unregister-app ckan
|
||||
|
26
lxc-apps/crisiscleanup/app
Normal file
26
lxc-apps/crisiscleanup/app
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"version": "2.2.0-200403",
|
||||
"meta": {
|
||||
"title": "Crisis Cleanup",
|
||||
"desc-cs": "Mapování následků katastrof",
|
||||
"desc-en": "Disaster relief mapping",
|
||||
"license": "GPL"
|
||||
},
|
||||
"containers": {
|
||||
"crisiscleanup": {
|
||||
"image": "crisiscleanup_2.2.0-200403",
|
||||
"depends": [
|
||||
"crisiscleanup-postgres"
|
||||
],
|
||||
"mounts": {
|
||||
"crisiscleanup/cc_conf": "srv/crisiscleanup/config"
|
||||
}
|
||||
},
|
||||
"crisiscleanup-postgres": {
|
||||
"image": "postgres_12.2.0-200403",
|
||||
"mounts": {
|
||||
"crisiscleanup/postgres_data": "var/lib/postgresql"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user