summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames An2015-08-04 13:42:42 -0400
committerJames An2015-08-04 13:42:42 -0400
commit703835cdb69a7daa97baeb106426bab803ed9ac2 (patch)
tree456987663050b6b71ad973378b601b82743af1b8
parent8580155e53937717ed5a0f6cebeb32eb2263a775 (diff)
downloadaur-703835cdb69a7daa97baeb106426bab803ed9ac2.tar.gz
Moved all systemd unit changes to their own aegir service units, set aegir user as an alias use of http, and reorganised PHP/-FPM configurations.
-rw-r--r--.SRCINFO34
-rw-r--r--PKGBUILD70
-rw-r--r--aegir.ini4
-rw-r--r--aegir.install86
-rw-r--r--aegir.service5
-rw-r--r--aegir.target5
-rw-r--r--msmtprc (renamed from msmtprc.aegir)0
-rw-r--r--mysqld-aegir.service17
-rw-r--r--mysqld.svc.conf2
-rw-r--r--nginx-aegir.service18
-rw-r--r--nginx.conf2
-rw-r--r--nginx.svc.conf6
-rw-r--r--php-dev.ini3
-rw-r--r--php-fpm-aegir.service14
-rw-r--r--php-fpm.conf30
-rw-r--r--php-fpm.svc.conf2
-rw-r--r--php-opt.ini3
-rw-r--r--sudoers3
18 files changed, 194 insertions, 110 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 46e80f0c934..c480cad508a 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = aegir
pkgdesc = Configuration for a dedicated Aegir server to host Drupal sites.
- pkgver = 7.x_3.0_beta2
- pkgrel = 2
+ pkgver = 7.x_3.0
+ pkgrel = 1
url = http://aegirproject.org
install = aegir.install
arch = any
@@ -17,21 +17,27 @@ pkgbase = aegir
depends = sudo
depends = smtp-forwarder
depends = unzip
+ optdepends = ruby-mailcatcher: catch mail forwarded to it and serve it on a web UI
+ optdepends = msmtp-mta: smtp forwarder
options = emptydirs
- source = msmtprc.aegir
- source = nginx.conf
- source = nginx.svc.conf
- source = aegir.ini
- source = sudoers
source = aegir.service
source = aegir.target
- md5sums = ef91c3e0f09e6737105fc1b9971758cc
- md5sums = 829ac9283a168f796354e78e8bc8e496
- md5sums = 75535f9870f06c540f513262a9b7b1ab
- md5sums = 879237d0ca0dc54d5cdb4307adb40005
- md5sums = cb3462fda27156851badf51d5a0595ae
- md5sums = 4889b3de48732ec149a71aeb72039455
- md5sums = 80773e4278e09b14cc6843e346540a9d
+ source = msmtprc
+ source = mysqld-aegir.service
+ source = nginx-aegir.service
+ source = nginx.conf
+ source = php-fpm-aegir.service
+ source = php-fpm.conf
+ source = sudoers
+ md5sums = 2c74cf45b76503d2912c89da4a7bcccb
+ md5sums = c279899d0b987e4d53ea85d0f154a510
+ md5sums = d43026960060bc677549baa26a24c9ee
+ md5sums = 7559c51ec89b4d65a1193b3d6d6da297
+ md5sums = ef858752158383dfde4c8b7f8cb7c6f0
+ md5sums = 7edbcc6b449a2f09ed93f88b77f300a5
+ md5sums = f9f1b1a7e551c718c154c1c745827b1e
+ md5sums = b1300cd3bd23a2544e2eff247cad2f80
+ md5sums = cb65729f01d5d641fc85518c2175a13a
pkgname = aegir
diff --git a/PKGBUILD b/PKGBUILD
index 0da2c8a3051..62ca36e930e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -20,24 +20,31 @@ depends=(
'smtp-forwarder'
'unzip'
)
+optdepends=(
+ 'ruby-mailcatcher: catch mail forwarded to it and serve it on a web UI'
+ 'msmtp-mta: smtp forwarder'
+)
options=(emptydirs)
install=$pkgname.install
-source=(
- "msmtprc.$pkgname"
- 'nginx.conf'
- 'nginx.svc.conf'
- "$pkgname.ini"
- 'sudoers'
- "$pkgname.service"
- "$pkgname.target"
+source=("$pkgname.service"
+ "$pkgname.target"
+ 'msmtprc'
+ 'mysqld-aegir.service'
+ 'nginx-aegir.service'
+ 'nginx.conf'
+ 'php-fpm-aegir.service'
+ 'php-fpm.conf'
+ 'sudoers'
)
-md5sums=('d43026960060bc677549baa26a24c9ee'
- '829ac9283a168f796354e78e8bc8e496'
- '86395485765bb73ae09d28e0d7101613'
- '879237d0ca0dc54d5cdb4307adb40005'
- 'cb3462fda27156851badf51d5a0595ae'
- '25414ba4e4bd50f31286db9a349afa4d'
- '5020ae6d02a9796e979d1619a9a02957')
+md5sums=('2c74cf45b76503d2912c89da4a7bcccb'
+ 'c279899d0b987e4d53ea85d0f154a510'
+ 'd43026960060bc677549baa26a24c9ee'
+ '7559c51ec89b4d65a1193b3d6d6da297'
+ 'ef858752158383dfde4c8b7f8cb7c6f0'
+ '7edbcc6b449a2f09ed93f88b77f300a5'
+ 'f9f1b1a7e551c718c154c1c745827b1e'
+ 'b1300cd3bd23a2544e2eff247cad2f80'
+ 'cb65729f01d5d641fc85518c2175a13a')
#~ pkgver() {
#~ echo \
@@ -46,40 +53,33 @@ md5sums=('d43026960060bc677549baa26a24c9ee'
#~ | tr ' ' $'\n' | sort -ur | head -n1
#~ }
-prepare() {
- for extension in gd pdo_mysql; do
- echo -e "; Required extension for $pkgname\nextension=$extension.so" >| "$extension.$pkgname.ini"
- done
-}
-
package() {
msg2 'Adding config files'
install -dm750 "$pkgdir/etc/sudoers.d"
install -Dm440 sudoers "$pkgdir/etc/sudoers.d/$pkgname"
install -Dm644 nginx.conf "$pkgdir/etc/nginx/$pkgname.conf"
- install -Dm644 "$pkgname.ini" "$pkgdir/etc/php/conf.d/$pkgname.ini"
- install -Dm644 "msmtprc.$pkgname" "$pkgdir/etc/msmtprc.$pkgname"
+ install -Dm644 php-fpm.conf "$pkgdir/etc/php/fpm.d/$pkgname.conf"
+ install -Dm644 msmtprc "$pkgdir/etc/msmtprc.$pkgname"
install -Dm644 <( ) "$pkgdir/var/spool/cron/$pkgname"
- for extension in gd pdo_mysql; do
- install -Dm644 $extension.$pkgname.ini "$pkgdir/etc/php/conf.d/$extension.$pkgname.ini"
- done
msg2 'Adding systemd files'
- install -Dm644 nginx.svc.conf "$pkgdir/usr/lib/systemd/system/nginx.service.d/$pkgname.conf"
+ for unit in {mysqld,nginx,php-fpm}-aegir.service; do
+ install -Dm644 "$unit" "$pkgdir/usr/lib/systemd/system/$unit"
+ done
install -Dm644 "$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service"
install -Dm644 "$pkgname.target" "$pkgdir/usr/lib/systemd/system/$pkgname.target"
msg2 'Creating $pkgname directory structure'
- mkdir -p "$pkgdir/var/lib/$pkgname"
- ln -s /etc/drush "$pkgdir/var/lib/$pkgname/.drush"
+ mkdir -p "$pkgdir/etc/drush" "$pkgdir/usr/share/webapps/$pkgname"
+ ln -s /etc/drush "$pkgdir/usr/share/webapps/$pkgname/.drush"
umask 077
- mkdir -p "$pkgdir/var/lib/$pkgname/"{backups,clients/admin,config/{includes,self,server_master/nginx/{platform,post,pre,subdir,platform,vhost}.d}}
+ mkdir -p "$pkgdir/usr/share/webapps/$pkgname/"{backups,clients/admin,config/{includes,self,server_master/nginx/{platform,post,pre,subdir,platform,vhost}.d}}
umask 022
- mkdir -p "$pkgdir/var/lib/$pkgname/"{,config{includes,self,server_localhost,server_master/nginx}}
+ mkdir -p "$pkgdir/usr/share/webapps/$pkgname/"{,config{includes,self,server_localhost,server_master/nginx}}
- ln -s "/var/lib/$pkgname/config/server_master/nginx.conf" "$pkgdir/var/lib/$pkgname/config/nginx.conf"
- ln -s "/var/lib/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/var/lib/$pkgname/config/includes/nginx_advanced_include.conf"
- ln -s "/var/lib/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/var/lib/$pkgname/config/includes/nginx_simple_include.conf"
+ ln -s "/usr/share/webapps/$pkgname/config/server_master/nginx.conf" "$pkgdir/usr/share/webapps/$pkgname/config/nginx.conf"
+ ln -s "/usr/share/webapps/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/usr/share/webapps/$pkgname/config/includes/nginx_advanced_include.conf"
+ ln -s "/usr/share/webapps/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/usr/share/webapps/$pkgname/config/includes/nginx_simple_include.conf"
- chown -R 696:http "$pkgdir/var/lib/$pkgname" "$pkgdir/var/spool/cron/$pkgname"
+ chown -R http:http "$pkgdir/etc/drush" "$pkgdir/usr/share/webapps/$pkgname" "$pkgdir/var/spool/cron/$pkgname"
}
diff --git a/aegir.ini b/aegir.ini
deleted file mode 100644
index 545ba0771ab..00000000000
--- a/aegir.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-; Required config tweaks
-mbstring.http_input = pass
-mbstring.http_output = pass
-open_basedir =
diff --git a/aegir.install b/aegir.install
index bcc1da516ea..d8f454be4ff 100644
--- a/aegir.install
+++ b/aegir.install
@@ -1,39 +1,59 @@
post_install() {
- post_upgrade
+ echo -n ">>> Creating the aegir user as an alias of the http user... "
+ [ $(getent passwd aegir &>/dev/null; echo $?) -eq 0 ] && {
+ echo "User already exists; no action taken."
+ } || {
+ useradd --gid $(id --group http) --home-dir /usr/shared/webapps/aegir --non-unique --uid $(id --user http) aegir
+ echo "Done."
+ }
- echo ">>> 1. Ensure this machine's hostname is a FQDN that resolves one of its IP addresses:"
- echo " $ ip addr | grep inet | sed --regexp-extended 's/ *inet6? ([^\\/]*).*/\1/' | \\"
- echo " grep --quiet $(resolveip $(hostname) | cut --fields=6 --delimiter=' ') && echo Success!"
- echo ">>> 2. Ensure the http user and group exist (i.e. uid=gid=33):"
- echo " $ test \$(id --user http) -eq 33 -a \$(id --group http) -eq 33 && echo Success!"
- echo ">>> 3. Ensure PHP can successfully send outgoing emails (the supplied msmtprc template works for Google accounts):"
- echo " $ php -r 'mail(\"example@example.com\", \"Test email from PHP\", \"Test email body.\");'"
- echo ">>> 4. Setup the MySQL instance (by running mysql_secure_installation, or the following shell commands):"
- echo " # systemctl start mysqld"
- echo " $ mysql --user=root --execute=\""
- echo " DELETE FROM mysql.user WHERE User='';"
- echo " DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
- echo " DROP DATABASE IF EXISTS test;"
- echo " DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';"
- echo " FLUSH PRIVILEGES;\""
- echo ">>> 5. (opt) Create a aegir MySQL user:"
- echo " $ mysql --user=root \\"
- echo " --execute=\"GRANT ALL PRIVILEGES ON *.* TO 'aegir'@'%' IDENTIFIED BY 'passwd' WITH GRANT OPTION;\""
- echo ">>> 6. Install hostmaster as the aegir user through its drush provision command:"
- echo " # su aegir -c \\"
- echo " \"drush hostmaster-install --yes --web_group=http --http_service_type=nginx \\"
- echo " --root=/var/lib/aegir/hostmaster --aegir_db_user=aegir --aegir_db_pass=passwd \\"
- echo " --aegir_host=\$(hostname) --client_email=aegir@\$(hostname) \$(hostname)\""
- echo ">>> 7. Connect nginx to the Unix socket used by php-fpm:"
- echo " # su aegir -c \"sed -i 's/127.0.0.1:9000/unix:\\/run\\/php-fpm\\/php-fpm.sock/' /var/lib/aegir/config/includes/nginx_vhost_common.conf\""
- echo ">>> 8. Start the entire web stack:"
- echo " # systemctl start mysqld nginx php-fpm"
- echo ">>> 9. (opt) Enable and start the hosting queue daemon:"
- echo " # su aegir -c \"drush @hostmaster pm-enable hosting_queued\" && systemctl start aegir"
+ echo -n ">>> Testing that localhost resolves to an IP address assigned to a network interface... "
+ [ $(ip addr | sed --quiet --regexp-extended 's/\s+inet6?\s([^\/]*).*/\1/p' | egrep '^(127.0.0.1|::1)$' | wc -l) -eq 0 ] && echo "Failed." || echo "Passed."
+
+ echo -n ">>> Testing for successful outgoing mail by PHP... "
+ [ -z "$(php -r 'print_r(mail("example@example.com", "Test email from PHP", "Test email body."));')" ] && echo "Failed." || echo "Passed."
+
+ echo ">>> Initialise Aegir with the following steps:"
+ echo " 1. Initialise the MariaDB data directory, e.g. with the mysql install db command, and start the MariaDB service:"
+ echo " # mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql && systemctl start mysqld.service"
+ echo " 2. Run mysql_secure_installation to:"
+ echo " - set a root password;"
+ echo " - remove anonymous users;"
+ echo " - disallow remote root logins; and"
+ echo " - remove the test database."
+ echo " 3. Create a database user for Aegir with the 'GRANT OPTION' privilege:"
+ echo " $ mysql --execute=\"GRANT ALL PRIVILEGES ON *.* TO 'aegir'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;\""
+ echo " 4. Install Aegir's frontend with the drush command, hostmaster-install, e.g.:"
+ echo " # sudo -Hu aegir drush hostmaster-install --web_group=http --http_service_type=nginx \\"
+ echo " --root=/usr/share/webapps/hostmaster \\"
+ echo " --aegir_db_user=aegir --aegir_db_pass=password \\"
+ echo " --client_email=aegir@$(hostname) \\"
+ echo " --aegir_host=$(hostname) aegir.$(hostname)\\"
+ echo " 5. Reconfigure Aegir's nginx configuration to use UNIX sockets instead of a network loopback port:"
+ echo " # sed -i 's#127.0.0.1:9000#unix:/run/php-fpm/php-fpm.sock#' /var/lib/aegir/config/includes/nginx_vhost_common.conf"
+ echo " 6. Start and start on boot the Aegir stack target:"
+ echo " # systemctl enable --now aegir.target"
+ echo " 7. Enable the hosting_queued module/hosting feature, unmask the queue daemon service unit, and restart the Aegir stack:"
+ echo " # drush @hostmaster pm-enable hosting_queued"
+ echo " # drush @hostmaster vset --exact --format=integer hosting_feature_queued 1"
+ echo " # systemctl restart aegir.target"
+}
+
+pre_upgrade() {
+ [ $(systemctl --system is-active aegir.target) = active ] && {
+ touch /tmp/aegir.target-active
+ systemctl --system stop --now aegir.target
+ }
}
post_upgrade() {
- [ getent passwd aegir &>/dev/null ] || useradd --uid 696 --gid http --home-dir /var/lib/aegir aegir
- chmod 755 /var/lib/aegir
- pwconv
+ [ -f /tmp/aegir.target-active ] && {
+ rm /tmp/aegir.target-active
+ systemctl --system stop --now aegir.target
+ }
+}
+
+pre_remove() {
+ [ $(systemctl --system is-enabled aegir.target) = enabled ] && systemctl --system disable --now aegir.target
+ [ $(systemctl --system is-active aegir.target) = enabled ] && systemctl --system stop --now aegir.target
}
diff --git a/aegir.service b/aegir.service
index a85639223cd..72b36f2d67b 100644
--- a/aegir.service
+++ b/aegir.service
@@ -1,15 +1,14 @@
[Unit]
Description=Aegir queue daemon
-PartOf=aegir.target
Wants=mysqld.service php-fpm.service
After=mysqld.service php-fpm.service
[Service]
Type=simple
ExecStart=/usr/bin/drush --quiet @hostmaster hosting-queued
-User=aegir
+User=http
Restart=always
SuccessExitStatus=1
[Install]
-WantedBy=multi-user.target
+RequiredBy=multi-user.target
diff --git a/aegir.target b/aegir.target
index 6315193173f..82fa3f59434 100644
--- a/aegir.target
+++ b/aegir.target
@@ -1,8 +1,7 @@
[Unit]
Description=Aegir Hosting System
-Wants=aegir.service mailcatcher.service mailcatcher-smtp.socket mysqld.service nginx.service php-fpm.service
-After=aegir.service mailcatcher.service mailcatcher-smtp.socket mysqld.service nginx.service php-fpm.service
-PropagatesReloadTo=aegir.service mailcatcher.service mailcatcher-smtp.socket mysqld.service nginx.service php-fpm.service
+Wants=mailcatcher.service mailcatcher-smtp.socket
+After=mailcatcher.service mailcatcher-smtp.socket
[Install]
WantedBy=multi-user.target
diff --git a/msmtprc.aegir b/msmtprc
index facd259ee86..facd259ee86 100644
--- a/msmtprc.aegir
+++ b/msmtprc
diff --git a/mysqld-aegir.service b/mysqld-aegir.service
new file mode 100644
index 00000000000..6b1df7542fb
--- /dev/null
+++ b/mysqld-aegir.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=MariaDB database server
+After=syslog.target
+Conflicts=mysqld.service
+
+[Service]
+User=mysql
+Group=mysql
+
+ExecStart=/usr/bin/mysqld --pid-file=/run/mysqld/mysqld.pid
+ExecStartPost=/usr/bin/mysqld-post
+
+Restart=always
+PrivateTmp=true
+
+[Install]
+RequiredBy=aegir.target
diff --git a/mysqld.svc.conf b/mysqld.svc.conf
deleted file mode 100644
index 21c138229ad..00000000000
--- a/mysqld.svc.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[Unit]
-PartOf=aegir.target
diff --git a/nginx-aegir.service b/nginx-aegir.service
new file mode 100644
index 00000000000..3b757e796be
--- /dev/null
+++ b/nginx-aegir.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=A high performance web server and a reverse proxy server
+After=network.target
+Conflicts=nginx.service
+
+[Service]
+Type=forking
+PIDFile=/run/nginx.pid
+PrivateDevices=yes
+SyslogLevel=err
+
+ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;'
+ExecReload=/usr/bin/kill -HUP $MAINPID
+KillSignal=SIGQUIT
+KillMode=mixed
+
+[Install]
+RequiredBy=aegir.target
diff --git a/nginx.conf b/nginx.conf
index e9a9d6594fd..99731557e5d 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,4 +1,4 @@
-user aegir http;
+user http;
worker_processes 1;
error_log stderr;
diff --git a/nginx.svc.conf b/nginx.svc.conf
deleted file mode 100644
index 55161a6b2ef..00000000000
--- a/nginx.svc.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-[Unit]
-PartOf=aegir.target
-
-[Service]
-ExecStart=
-ExecStart=/usr/bin/nginx -c /etc/nginx/aegir.conf
diff --git a/php-dev.ini b/php-dev.ini
deleted file mode 100644
index 721939a12e7..00000000000
--- a/php-dev.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-; Error handling
-display_errors = stderr
-error_reporting = E_ALL | E_NOTICE | E_STRICT
diff --git a/php-fpm-aegir.service b/php-fpm-aegir.service
new file mode 100644
index 00000000000..595da01d83f
--- /dev/null
+++ b/php-fpm-aegir.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=The PHP FastCGI Process Manager
+After=syslog.target network.target
+Conflicts=php-fpm.service
+
+[Service]
+Type=notify
+PIDFile=/run/php-fpm/php-fpm.pid
+PrivateTmp=true
+ExecStart=/usr/bin/php-fpm --nodaemonize --pid /run/php-fpm/php-fpm.pid
+ExecReload=/bin/kill -USR2 $MAINPID
+
+[Install]
+RequiredBy=aegir.target
diff --git a/php-fpm.conf b/php-fpm.conf
new file mode 100644
index 00000000000..8b8d0595b3b
--- /dev/null
+++ b/php-fpm.conf
@@ -0,0 +1,30 @@
+[aegir]
+user = http
+group = http
+
+; Listening interface settings
+listen = 127.0.0.1:9000
+listen.owner = http
+listen.group = http
+listen.mode = 0660
+
+; Process manager settings
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+; Drupal requirements
+php_value[extension] = gd.so
+php_value[extension] = mysqli.so
+php_value[extension] = pdo_mysql.so
+php_value[mbstring.http_input] = pass
+php_value[mbstring.http_output] = pass
+php_value[date.timezone] = UTC
+php_value[open_basedir] =
+
+; Recommended settings
+php_value[memory_limit] = 192M
+php_value[display_errors] = stderr
+php_value[error_reporting] = E_ALL | E_NOTICE | E_STRICT
diff --git a/php-fpm.svc.conf b/php-fpm.svc.conf
deleted file mode 100644
index 21c138229ad..00000000000
--- a/php-fpm.svc.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[Unit]
-PartOf=aegir.target
diff --git a/php-opt.ini b/php-opt.ini
deleted file mode 100644
index 9e5c782f971..00000000000
--- a/php-opt.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-; Optional settings
-date.timezone = UTC
-memory_limit = 192M
diff --git a/sudoers b/sudoers
index bdd4749c977..1bfbc135f60 100644
--- a/sudoers
+++ b/sudoers
@@ -1,2 +1,3 @@
Defaults:aegir !requiretty
-aegir ALL=NOPASSWD: /usr/bin/nginx
+http ALL=NOPASSWD: /usr/bin/systemctl reload-or-try-restart nginx.service
+http ALL=NOPASSWD: /usr/bin/nginx