diff options
| -rw-r--r-- | .SRCINFO | 34 | ||||
| -rw-r--r-- | PKGBUILD | 70 | ||||
| -rw-r--r-- | aegir.ini | 4 | ||||
| -rw-r--r-- | aegir.install | 86 | ||||
| -rw-r--r-- | aegir.service | 5 | ||||
| -rw-r--r-- | aegir.target | 5 | ||||
| -rw-r--r-- | msmtprc (renamed from msmtprc.aegir) | 0 | ||||
| -rw-r--r-- | mysqld-aegir.service | 17 | ||||
| -rw-r--r-- | mysqld.svc.conf | 2 | ||||
| -rw-r--r-- | nginx-aegir.service | 18 | ||||
| -rw-r--r-- | nginx.conf | 2 | ||||
| -rw-r--r-- | nginx.svc.conf | 6 | ||||
| -rw-r--r-- | php-dev.ini | 3 | ||||
| -rw-r--r-- | php-fpm-aegir.service | 14 | ||||
| -rw-r--r-- | php-fpm.conf | 30 | ||||
| -rw-r--r-- | php-fpm.svc.conf | 2 | ||||
| -rw-r--r-- | php-opt.ini | 3 | ||||
| -rw-r--r-- | sudoers | 3 |
18 files changed, 194 insertions, 110 deletions
@@ -1,7 +1,7 @@ pkgbase = aegir pkgdesc = Configuration for a dedicated Aegir server to host Drupal sites. - pkgver = 7.x_3.0_beta2 - pkgrel = 2 + pkgver = 7.x_3.0 + pkgrel = 1 url = http://aegirproject.org install = aegir.install arch = any @@ -17,21 +17,27 @@ pkgbase = aegir depends = sudo depends = smtp-forwarder depends = unzip + optdepends = ruby-mailcatcher: catch mail forwarded to it and serve it on a web UI + optdepends = msmtp-mta: smtp forwarder options = emptydirs - source = msmtprc.aegir - source = nginx.conf - source = nginx.svc.conf - source = aegir.ini - source = sudoers source = aegir.service source = aegir.target - md5sums = ef91c3e0f09e6737105fc1b9971758cc - md5sums = 829ac9283a168f796354e78e8bc8e496 - md5sums = 75535f9870f06c540f513262a9b7b1ab - md5sums = 879237d0ca0dc54d5cdb4307adb40005 - md5sums = cb3462fda27156851badf51d5a0595ae - md5sums = 4889b3de48732ec149a71aeb72039455 - md5sums = 80773e4278e09b14cc6843e346540a9d + source = msmtprc + source = mysqld-aegir.service + source = nginx-aegir.service + source = nginx.conf + source = php-fpm-aegir.service + source = php-fpm.conf + source = sudoers + md5sums = 2c74cf45b76503d2912c89da4a7bcccb + md5sums = c279899d0b987e4d53ea85d0f154a510 + md5sums = d43026960060bc677549baa26a24c9ee + md5sums = 7559c51ec89b4d65a1193b3d6d6da297 + md5sums = ef858752158383dfde4c8b7f8cb7c6f0 + md5sums = 7edbcc6b449a2f09ed93f88b77f300a5 + md5sums = f9f1b1a7e551c718c154c1c745827b1e + md5sums = b1300cd3bd23a2544e2eff247cad2f80 + md5sums = cb65729f01d5d641fc85518c2175a13a pkgname = aegir @@ -20,24 +20,31 @@ depends=( 'smtp-forwarder' 'unzip' ) +optdepends=( + 'ruby-mailcatcher: catch mail forwarded to it and serve it on a web UI' + 'msmtp-mta: smtp forwarder' +) options=(emptydirs) install=$pkgname.install -source=( - "msmtprc.$pkgname" - 'nginx.conf' - 'nginx.svc.conf' - "$pkgname.ini" - 'sudoers' - "$pkgname.service" - "$pkgname.target" +source=("$pkgname.service" + "$pkgname.target" + 'msmtprc' + 'mysqld-aegir.service' + 'nginx-aegir.service' + 'nginx.conf' + 'php-fpm-aegir.service' + 'php-fpm.conf' + 'sudoers' ) -md5sums=('d43026960060bc677549baa26a24c9ee' - '829ac9283a168f796354e78e8bc8e496' - '86395485765bb73ae09d28e0d7101613' - '879237d0ca0dc54d5cdb4307adb40005' - 'cb3462fda27156851badf51d5a0595ae' - '25414ba4e4bd50f31286db9a349afa4d' - '5020ae6d02a9796e979d1619a9a02957') +md5sums=('2c74cf45b76503d2912c89da4a7bcccb' + 'c279899d0b987e4d53ea85d0f154a510' + 'd43026960060bc677549baa26a24c9ee' + '7559c51ec89b4d65a1193b3d6d6da297' + 'ef858752158383dfde4c8b7f8cb7c6f0' + '7edbcc6b449a2f09ed93f88b77f300a5' + 'f9f1b1a7e551c718c154c1c745827b1e' + 'b1300cd3bd23a2544e2eff247cad2f80' + 'cb65729f01d5d641fc85518c2175a13a') #~ pkgver() { #~ echo \ @@ -46,40 +53,33 @@ md5sums=('d43026960060bc677549baa26a24c9ee' #~ | tr ' ' $'\n' | sort -ur | head -n1 #~ } -prepare() { - for extension in gd pdo_mysql; do - echo -e "; Required extension for $pkgname\nextension=$extension.so" >| "$extension.$pkgname.ini" - done -} - package() { msg2 'Adding config files' install -dm750 "$pkgdir/etc/sudoers.d" install -Dm440 sudoers "$pkgdir/etc/sudoers.d/$pkgname" install -Dm644 nginx.conf "$pkgdir/etc/nginx/$pkgname.conf" - install -Dm644 "$pkgname.ini" "$pkgdir/etc/php/conf.d/$pkgname.ini" - install -Dm644 "msmtprc.$pkgname" "$pkgdir/etc/msmtprc.$pkgname" + install -Dm644 php-fpm.conf "$pkgdir/etc/php/fpm.d/$pkgname.conf" + install -Dm644 msmtprc "$pkgdir/etc/msmtprc.$pkgname" install -Dm644 <( ) "$pkgdir/var/spool/cron/$pkgname" - for extension in gd pdo_mysql; do - install -Dm644 $extension.$pkgname.ini "$pkgdir/etc/php/conf.d/$extension.$pkgname.ini" - done msg2 'Adding systemd files' - install -Dm644 nginx.svc.conf "$pkgdir/usr/lib/systemd/system/nginx.service.d/$pkgname.conf" + for unit in {mysqld,nginx,php-fpm}-aegir.service; do + install -Dm644 "$unit" "$pkgdir/usr/lib/systemd/system/$unit" + done install -Dm644 "$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service" install -Dm644 "$pkgname.target" "$pkgdir/usr/lib/systemd/system/$pkgname.target" msg2 'Creating $pkgname directory structure' - mkdir -p "$pkgdir/var/lib/$pkgname" - ln -s /etc/drush "$pkgdir/var/lib/$pkgname/.drush" + mkdir -p "$pkgdir/etc/drush" "$pkgdir/usr/share/webapps/$pkgname" + ln -s /etc/drush "$pkgdir/usr/share/webapps/$pkgname/.drush" umask 077 - mkdir -p "$pkgdir/var/lib/$pkgname/"{backups,clients/admin,config/{includes,self,server_master/nginx/{platform,post,pre,subdir,platform,vhost}.d}} + mkdir -p "$pkgdir/usr/share/webapps/$pkgname/"{backups,clients/admin,config/{includes,self,server_master/nginx/{platform,post,pre,subdir,platform,vhost}.d}} umask 022 - mkdir -p "$pkgdir/var/lib/$pkgname/"{,config{includes,self,server_localhost,server_master/nginx}} + mkdir -p "$pkgdir/usr/share/webapps/$pkgname/"{,config{includes,self,server_localhost,server_master/nginx}} - ln -s "/var/lib/$pkgname/config/server_master/nginx.conf" "$pkgdir/var/lib/$pkgname/config/nginx.conf" - ln -s "/var/lib/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/var/lib/$pkgname/config/includes/nginx_advanced_include.conf" - ln -s "/var/lib/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/var/lib/$pkgname/config/includes/nginx_simple_include.conf" + ln -s "/usr/share/webapps/$pkgname/config/server_master/nginx.conf" "$pkgdir/usr/share/webapps/$pkgname/config/nginx.conf" + ln -s "/usr/share/webapps/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/usr/share/webapps/$pkgname/config/includes/nginx_advanced_include.conf" + ln -s "/usr/share/webapps/$pkgname/config/includes/nginx_vhost_common.conf" "$pkgdir/usr/share/webapps/$pkgname/config/includes/nginx_simple_include.conf" - chown -R 696:http "$pkgdir/var/lib/$pkgname" "$pkgdir/var/spool/cron/$pkgname" + chown -R http:http "$pkgdir/etc/drush" "$pkgdir/usr/share/webapps/$pkgname" "$pkgdir/var/spool/cron/$pkgname" } diff --git a/aegir.ini b/aegir.ini deleted file mode 100644 index 545ba0771abc..000000000000 --- a/aegir.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Required config tweaks -mbstring.http_input = pass -mbstring.http_output = pass -open_basedir = diff --git a/aegir.install b/aegir.install index bcc1da516ea6..d8f454be4ff5 100644 --- a/aegir.install +++ b/aegir.install @@ -1,39 +1,59 @@ post_install() { - post_upgrade + echo -n ">>> Creating the aegir user as an alias of the http user... " + [ $(getent passwd aegir &>/dev/null; echo $?) -eq 0 ] && { + echo "User already exists; no action taken." + } || { + useradd --gid $(id --group http) --home-dir /usr/shared/webapps/aegir --non-unique --uid $(id --user http) aegir + echo "Done." + } - echo ">>> 1. Ensure this machine's hostname is a FQDN that resolves one of its IP addresses:" - echo " $ ip addr | grep inet | sed --regexp-extended 's/ *inet6? ([^\\/]*).*/\1/' | \\" - echo " grep --quiet $(resolveip $(hostname) | cut --fields=6 --delimiter=' ') && echo Success!" - echo ">>> 2. Ensure the http user and group exist (i.e. uid=gid=33):" - echo " $ test \$(id --user http) -eq 33 -a \$(id --group http) -eq 33 && echo Success!" - echo ">>> 3. Ensure PHP can successfully send outgoing emails (the supplied msmtprc template works for Google accounts):" - echo " $ php -r 'mail(\"example@example.com\", \"Test email from PHP\", \"Test email body.\");'" - echo ">>> 4. Setup the MySQL instance (by running mysql_secure_installation, or the following shell commands):" - echo " # systemctl start mysqld" - echo " $ mysql --user=root --execute=\"" - echo " DELETE FROM mysql.user WHERE User='';" - echo " DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" - echo " DROP DATABASE IF EXISTS test;" - echo " DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" - echo " FLUSH PRIVILEGES;\"" - echo ">>> 5. (opt) Create a aegir MySQL user:" - echo " $ mysql --user=root \\" - echo " --execute=\"GRANT ALL PRIVILEGES ON *.* TO 'aegir'@'%' IDENTIFIED BY 'passwd' WITH GRANT OPTION;\"" - echo ">>> 6. Install hostmaster as the aegir user through its drush provision command:" - echo " # su aegir -c \\" - echo " \"drush hostmaster-install --yes --web_group=http --http_service_type=nginx \\" - echo " --root=/var/lib/aegir/hostmaster --aegir_db_user=aegir --aegir_db_pass=passwd \\" - echo " --aegir_host=\$(hostname) --client_email=aegir@\$(hostname) \$(hostname)\"" - echo ">>> 7. Connect nginx to the Unix socket used by php-fpm:" - echo " # su aegir -c \"sed -i 's/127.0.0.1:9000/unix:\\/run\\/php-fpm\\/php-fpm.sock/' /var/lib/aegir/config/includes/nginx_vhost_common.conf\"" - echo ">>> 8. Start the entire web stack:" - echo " # systemctl start mysqld nginx php-fpm" - echo ">>> 9. (opt) Enable and start the hosting queue daemon:" - echo " # su aegir -c \"drush @hostmaster pm-enable hosting_queued\" && systemctl start aegir" + echo -n ">>> Testing that localhost resolves to an IP address assigned to a network interface... " + [ $(ip addr | sed --quiet --regexp-extended 's/\s+inet6?\s([^\/]*).*/\1/p' | egrep '^(127.0.0.1|::1)$' | wc -l) -eq 0 ] && echo "Failed." || echo "Passed." + + echo -n ">>> Testing for successful outgoing mail by PHP... " + [ -z "$(php -r 'print_r(mail("example@example.com", "Test email from PHP", "Test email body."));')" ] && echo "Failed." || echo "Passed." + + echo ">>> Initialise Aegir with the following steps:" + echo " 1. Initialise the MariaDB data directory, e.g. with the mysql install db command, and start the MariaDB service:" + echo " # mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql && systemctl start mysqld.service" + echo " 2. Run mysql_secure_installation to:" + echo " - set a root password;" + echo " - remove anonymous users;" + echo " - disallow remote root logins; and" + echo " - remove the test database." + echo " 3. Create a database user for Aegir with the 'GRANT OPTION' privilege:" + echo " $ mysql --execute=\"GRANT ALL PRIVILEGES ON *.* TO 'aegir'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;\"" + echo " 4. Install Aegir's frontend with the drush command, hostmaster-install, e.g.:" + echo " # sudo -Hu aegir drush hostmaster-install --web_group=http --http_service_type=nginx \\" + echo " --root=/usr/share/webapps/hostmaster \\" + echo " --aegir_db_user=aegir --aegir_db_pass=password \\" + echo " --client_email=aegir@$(hostname) \\" + echo " --aegir_host=$(hostname) aegir.$(hostname)\\" + echo " 5. Reconfigure Aegir's nginx configuration to use UNIX sockets instead of a network loopback port:" + echo " # sed -i 's#127.0.0.1:9000#unix:/run/php-fpm/php-fpm.sock#' /var/lib/aegir/config/includes/nginx_vhost_common.conf" + echo " 6. Start and start on boot the Aegir stack target:" + echo " # systemctl enable --now aegir.target" + echo " 7. Enable the hosting_queued module/hosting feature, unmask the queue daemon service unit, and restart the Aegir stack:" + echo " # drush @hostmaster pm-enable hosting_queued" + echo " # drush @hostmaster vset --exact --format=integer hosting_feature_queued 1" + echo " # systemctl restart aegir.target" +} + +pre_upgrade() { + [ $(systemctl --system is-active aegir.target) = active ] && { + touch /tmp/aegir.target-active + systemctl --system stop --now aegir.target + } } post_upgrade() { - [ getent passwd aegir &>/dev/null ] || useradd --uid 696 --gid http --home-dir /var/lib/aegir aegir - chmod 755 /var/lib/aegir - pwconv + [ -f /tmp/aegir.target-active ] && { + rm /tmp/aegir.target-active + systemctl --system stop --now aegir.target + } +} + +pre_remove() { + [ $(systemctl --system is-enabled aegir.target) = enabled ] && systemctl --system disable --now aegir.target + [ $(systemctl --system is-active aegir.target) = enabled ] && systemctl --system stop --now aegir.target } diff --git a/aegir.service b/aegir.service index a85639223cdc..72b36f2d67be 100644 --- a/aegir.service +++ b/aegir.service @@ -1,15 +1,14 @@ [Unit] Description=Aegir queue daemon -PartOf=aegir.target Wants=mysqld.service php-fpm.service After=mysqld.service php-fpm.service [Service] Type=simple ExecStart=/usr/bin/drush --quiet @hostmaster hosting-queued -User=aegir +User=http Restart=always SuccessExitStatus=1 [Install] -WantedBy=multi-user.target +RequiredBy=multi-user.target diff --git a/aegir.target b/aegir.target index 6315193173fe..82fa3f594343 100644 --- a/aegir.target +++ b/aegir.target @@ -1,8 +1,7 @@ [Unit] Description=Aegir Hosting System -Wants=aegir.service mailcatcher.service mailcatcher-smtp.socket mysqld.service nginx.service php-fpm.service -After=aegir.service mailcatcher.service mailcatcher-smtp.socket mysqld.service nginx.service php-fpm.service -PropagatesReloadTo=aegir.service mailcatcher.service mailcatcher-smtp.socket mysqld.service nginx.service php-fpm.service +Wants=mailcatcher.service mailcatcher-smtp.socket +After=mailcatcher.service mailcatcher-smtp.socket [Install] WantedBy=multi-user.target diff --git a/msmtprc.aegir b/msmtprc index facd259ee863..facd259ee863 100644 --- a/msmtprc.aegir +++ b/msmtprc diff --git a/mysqld-aegir.service b/mysqld-aegir.service new file mode 100644 index 000000000000..6b1df7542fbc --- /dev/null +++ b/mysqld-aegir.service @@ -0,0 +1,17 @@ +[Unit] +Description=MariaDB database server +After=syslog.target +Conflicts=mysqld.service + +[Service] +User=mysql +Group=mysql + +ExecStart=/usr/bin/mysqld --pid-file=/run/mysqld/mysqld.pid +ExecStartPost=/usr/bin/mysqld-post + +Restart=always +PrivateTmp=true + +[Install] +RequiredBy=aegir.target diff --git a/mysqld.svc.conf b/mysqld.svc.conf deleted file mode 100644 index 21c138229ad6..000000000000 --- a/mysqld.svc.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Unit] -PartOf=aegir.target diff --git a/nginx-aegir.service b/nginx-aegir.service new file mode 100644 index 000000000000..3b757e796bee --- /dev/null +++ b/nginx-aegir.service @@ -0,0 +1,18 @@ +[Unit] +Description=A high performance web server and a reverse proxy server +After=network.target +Conflicts=nginx.service + +[Service] +Type=forking +PIDFile=/run/nginx.pid +PrivateDevices=yes +SyslogLevel=err + +ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;' +ExecReload=/usr/bin/kill -HUP $MAINPID +KillSignal=SIGQUIT +KillMode=mixed + +[Install] +RequiredBy=aegir.target diff --git a/nginx.conf b/nginx.conf index e9a9d6594fde..99731557e5d2 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,4 +1,4 @@ -user aegir http; +user http; worker_processes 1; error_log stderr; diff --git a/nginx.svc.conf b/nginx.svc.conf deleted file mode 100644 index 55161a6b2ef8..000000000000 --- a/nginx.svc.conf +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -PartOf=aegir.target - -[Service] -ExecStart= -ExecStart=/usr/bin/nginx -c /etc/nginx/aegir.conf diff --git a/php-dev.ini b/php-dev.ini deleted file mode 100644 index 721939a12e71..000000000000 --- a/php-dev.ini +++ /dev/null @@ -1,3 +0,0 @@ -; Error handling -display_errors = stderr -error_reporting = E_ALL | E_NOTICE | E_STRICT diff --git a/php-fpm-aegir.service b/php-fpm-aegir.service new file mode 100644 index 000000000000..595da01d83f7 --- /dev/null +++ b/php-fpm-aegir.service @@ -0,0 +1,14 @@ +[Unit] +Description=The PHP FastCGI Process Manager +After=syslog.target network.target +Conflicts=php-fpm.service + +[Service] +Type=notify +PIDFile=/run/php-fpm/php-fpm.pid +PrivateTmp=true +ExecStart=/usr/bin/php-fpm --nodaemonize --pid /run/php-fpm/php-fpm.pid +ExecReload=/bin/kill -USR2 $MAINPID + +[Install] +RequiredBy=aegir.target diff --git a/php-fpm.conf b/php-fpm.conf new file mode 100644 index 000000000000..8b8d0595b3b7 --- /dev/null +++ b/php-fpm.conf @@ -0,0 +1,30 @@ +[aegir] +user = http +group = http + +; Listening interface settings +listen = 127.0.0.1:9000 +listen.owner = http +listen.group = http +listen.mode = 0660 + +; Process manager settings +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +; Drupal requirements +php_value[extension] = gd.so +php_value[extension] = mysqli.so +php_value[extension] = pdo_mysql.so +php_value[mbstring.http_input] = pass +php_value[mbstring.http_output] = pass +php_value[date.timezone] = UTC +php_value[open_basedir] = + +; Recommended settings +php_value[memory_limit] = 192M +php_value[display_errors] = stderr +php_value[error_reporting] = E_ALL | E_NOTICE | E_STRICT diff --git a/php-fpm.svc.conf b/php-fpm.svc.conf deleted file mode 100644 index 21c138229ad6..000000000000 --- a/php-fpm.svc.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Unit] -PartOf=aegir.target diff --git a/php-opt.ini b/php-opt.ini deleted file mode 100644 index 9e5c782f971d..000000000000 --- a/php-opt.ini +++ /dev/null @@ -1,3 +0,0 @@ -; Optional settings -date.timezone = UTC -memory_limit = 192M @@ -1,2 +1,3 @@ Defaults:aegir !requiretty -aegir ALL=NOPASSWD: /usr/bin/nginx +http ALL=NOPASSWD: /usr/bin/systemctl reload-or-try-restart nginx.service +http ALL=NOPASSWD: /usr/bin/nginx |