From 1ff747af9d3c55eaa36865d4a89852129e3d1e74 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Wed, 20 Nov 2024 08:27:01 +0100 Subject: [PATCH] Engineblock: Clean non docker related configuration --- roles/engineblock/defaults/main.yml | 29 +-- roles/engineblock/handlers/main.yml | 5 - roles/engineblock/tasks/build.yml | 43 ---- roles/engineblock/tasks/develop.yml | 46 ---- roles/engineblock/tasks/install-branch.yml | 45 ---- roles/engineblock/tasks/install-release.yml | 31 --- roles/engineblock/tasks/main.yml | 21 +- roles/engineblock/tasks/test.yml | 36 --- .../engineblock/templates/engine-api.conf.j2 | 54 ----- .../templates/engine-pool-72.conf.j2 | 227 ------------------ roles/engineblock/templates/engine.conf.j2 | 56 ----- roles/engineblock/templates/selenium-unit.j2 | 11 - .../engineblock/vars/{docker.yml => main.yml} | 0 13 files changed, 9 insertions(+), 595 deletions(-) delete mode 100644 roles/engineblock/tasks/build.yml delete mode 100644 roles/engineblock/tasks/develop.yml delete mode 100644 roles/engineblock/tasks/install-branch.yml delete mode 100644 roles/engineblock/tasks/install-release.yml delete mode 100644 roles/engineblock/tasks/test.yml delete mode 100644 roles/engineblock/templates/engine-api.conf.j2 delete mode 100644 roles/engineblock/templates/engine-pool-72.conf.j2 delete mode 100644 roles/engineblock/templates/engine.conf.j2 delete mode 100644 roles/engineblock/templates/selenium-unit.j2 rename roles/engineblock/vars/{docker.yml => main.yml} (100%) diff --git a/roles/engineblock/defaults/main.yml b/roles/engineblock/defaults/main.yml index 1ab26ffcc..c58a30d05 100644 --- a/roles/engineblock/defaults/main.yml +++ b/roles/engineblock/defaults/main.yml @@ -1,7 +1,6 @@ ## Version of EngineBlock that is installable by this role -engine_version: '' +engine_version: "" # Be aware that if you enable this option that NPM, Node.js and Composer are installed -#engine_branch: "develop" # Feature toggles engine_feature_encrypted_assertions: 1 engine_feature_encrypted_assertions_require_outer_signature: 1 @@ -42,7 +41,7 @@ engine_domain: engine.{{ base_domain }} engine_debug: false engine_theme: "skeune" -#engine_theme: openconext +# engine_theme: openconext engine_profile_baseurl: "https://profile.{{ base_domain }}" @@ -90,17 +89,6 @@ engine_stepup_gateway_sfo_public_key_file: "{{ engine_keys.default.publicFile }} ## The minimum priority of messages that will be logged engine_logging_passthru_level: NOTICE -#engine_initial_sql: '' - -engineblock_symfony_cache_path: "/tmp/engineblock/cache" -engineblock_symfony_log_path: "{{ engine_current_release_symlink }}/var/logs" - -engine_fpm_user: engine -engine_fpm_port: 801 -engine_fpm_memory: 128M -# When using vagrant for provisioning, it's not possible to put something in the inventory dir -engine_crt_not_in_inventory: false - # The memory limit used for the metadata push engine_metadata_push_memory_limit: 256M @@ -116,15 +104,4 @@ eb_tos_url: "https://example.org" engine_site_notice_show: false -# Backwards compatibility with older secrets files -engineblock_private_keys: - default: "{{ engineblock_private_key }}" - -# Webdriver test settings -engineblock_selenium_version: 2.53.1 -engineblock_selenium_install_dir: /opt - -# Composer -composer_path: /usr/local/bin/composer - -engineblock_log_attributes: [] +engineblock_log_attributes: [] diff --git a/roles/engineblock/handlers/main.yml b/roles/engineblock/handlers/main.yml index ee9e9e1e8..6ab193b9f 100644 --- a/roles/engineblock/handlers/main.yml +++ b/roles/engineblock/handlers/main.yml @@ -1,9 +1,4 @@ --- -- name: restart php72-fpm - service: - name: php72-php-fpm - state: restarted - - name: restart engine community.docker.docker_container: name: engine diff --git a/roles/engineblock/tasks/build.yml b/roles/engineblock/tasks/build.yml deleted file mode 100644 index 566f0e6f6..000000000 --- a/roles/engineblock/tasks/build.yml +++ /dev/null @@ -1,43 +0,0 @@ -- name: Get Composer installer signature. - uri: - url: https://composer.github.io/installer.sig - return_content: true - register: composer_installer_signature - -- name: Download Composer installer - get_url: - url: https://getcomposer.org/installer - dest: /tmp/composer-installer.php - mode: 0755 - checksum: "sha384:{{ composer_installer_signature.content }}" - register: reg_composer_installer - -- name: Run Composer installer - command: > - php72 composer-installer.php - chdir=/tmp - when: - - reg_composer_installer.changed | bool - -- name: Move Composer into globally-accessible location. - command: > - mv -f /tmp/composer.phar {{ composer_path }} - creates={{ composer_path }} - when: - - reg_composer_installer.changed | bool - -- name: Remove Nodesource repositories for Node.js - yum: - name: "nodesource-release" - state: removed - -- name: Add Nodesource repositories for Node.js - yum: - name: "https://rpm.nodesource.com/pub_12.x/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/nodesource-release-el{{ ansible_distribution_major_version }}-1.noarch.rpm" - state: present - -- name: Ensure Node.js and npm are installed - yum: - name: "nodejs-12*" - state: present - enablerepo: nodesource diff --git a/roles/engineblock/tasks/develop.yml b/roles/engineblock/tasks/develop.yml deleted file mode 100644 index 4732b79f6..000000000 --- a/roles/engineblock/tasks/develop.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: Add "engineblock" user - user: - name: engineblock - groups: "{{ apache_user}}" - append: yes - state: present - createhome: no - -- name: Create the cache dir for Symfony - file: - path: "{{ engineblock_symfony_cache_path }}" - state: directory - recurse: yes - -- name: Create the log dir for Symfony - file: - path: "{{ engineblock_symfony_log_path }}" - state: directory - recurse: yes - -- name: Ensure setfacl support is present. - become: true - package: - name: acl - state: present - -- name: Allow vagrant user complete access to all engineblock files - become: true - acl: - entity: "{{ item[0] }}" - default: "{{ item[1] }}" - path: "{{ item[2] }}" - permissions: rwx - use_nfsv4_acls: yes - with_nested: - - [ "{{ engine_fpm_user }}", "vagrant" ] - - [ "no", "yes" ] - - [ "{{ engineblock_symfony_cache_path }}", "{{ engineblock_symfony_log_path }}", "/opt/openconext/OpenConext-engineblock/" ] - -- name: Copy app_dev.php.dist to OpenConext web folder - copy: - src: "/opt/openconext/OpenConext-engineblock/app_dev.php.dist" - dest: "/opt/openconext/OpenConext-engineblock/web/app_dev.php" - remote_src: yes - mode: 0644 diff --git a/roles/engineblock/tasks/install-branch.yml b/roles/engineblock/tasks/install-branch.yml deleted file mode 100644 index 56d819ac3..000000000 --- a/roles/engineblock/tasks/install-branch.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Check if target dir exists - stat: - path: "{{ engine_release_dir }}" - register: eb_dir - -- name: Checkout engine-block branch - git: - repo: https://github.com/OpenConext/OpenConext-engineblock.git - dest: "{{ engine_branch_dir }}" - version: "{{ engine_branch }}" - force: yes - register: eb_gitclone - -- name: Make release - command: "./bin/makeRelease.sh {{ engine_branch }}" - environment: - HOME: "{{ openconext_builds_dir }}" - PATH: /usr/local/bin:{{ ansible_env.PATH }} - args: - chdir: "{{ engine_branch_dir }}" - when: - - eb_gitclone.changed or not eb_dir.stat.exists - register: make_release_out - -- debug: - var: make_release_out - verbosity: 2 - -- name: Unpack current version - unarchive: - src: "{{ openconext_builds_dir }}/Releases/OpenConext-engineblock-{{ engine_branch | replace('/', '_') }}.tar.gz" - dest: "{{ openconext_releases_dir }}" - copy: no - when: - - eb_gitclone.changed or not eb_dir.stat.exists - -- name: Activate new EngineBlock branch - file: - src: "{{ openconext_releases_dir }}/OpenConext-engineblock-{{ engine_branch | replace('/', '_') }}" - dest: "{{ engine_current_release_symlink }}" - state: link - notify: - - "restart httpd" - - "restart php72-fpm" diff --git a/roles/engineblock/tasks/install-release.yml b/roles/engineblock/tasks/install-release.yml deleted file mode 100644 index a76789e17..000000000 --- a/roles/engineblock/tasks/install-release.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Check if target dir exists - stat: - path: "{{ engine_current_release_symlink }}" - follow: no - register: eb_dir - -- name: Download current version - get_url: - url: "{{ engine_download_url }}" - dest: "{{ engine_build_path }}" - register: eb_download - -- name: Unpack current version - unarchive: - src: "{{ engine_build_path }}" - dest: "{{ openconext_releases_dir }}" - copy: no - when: - - eb_download.changed or eb_dir.stat.lnk_source != engine_release_dir - -- name: Activate new EngineBlock release - file: - src: "{{ engine_release_dir }}" - dest: "{{ engine_current_release_symlink }}" - state: link - notify: - - "restart httpd" - - "restart php72-fpm" - when: - - eb_download.changed or eb_dir.stat.lnk_source != engine_release_dir diff --git a/roles/engineblock/tasks/main.yml b/roles/engineblock/tasks/main.yml index 594b4f85d..0376bd638 100644 --- a/roles/engineblock/tasks/main.yml +++ b/roles/engineblock/tasks/main.yml @@ -1,6 +1,3 @@ -- name: Include docker vars - ansible.builtin.include_vars: docker.yml - - name: Add group engine ansible.builtin.group: name: "engine" @@ -52,8 +49,7 @@ mode: "0644" owner: root group: engine - when: - attributes_json_present.stat.exists + when: attributes_json_present.stat.exists - name: Check presence of language specific overrides ansible.builtin.stat: @@ -89,8 +85,7 @@ owner: root group: engine mode: "0644" - when: - customlogo.stat.exists + when: customlogo.stat.exists - name: Check if we have a custom favicon ansible.builtin.stat: @@ -106,8 +101,7 @@ owner: root group: root mode: "0644" - when: - customfavicon.stat.exists + when: customfavicon.stat.exists - name: Check if we have a custom background back image for the feedback page ansible.builtin.stat: @@ -123,8 +117,7 @@ owner: root group: engine mode: "0644" - when: - eb_customfeedbackbackground.stat.exists + when: eb_customfeedbackbackground.stat.exists - name: Check if we have a custom background front image for the feedback page ansible.builtin.stat: @@ -140,8 +133,7 @@ owner: root group: engine mode: "0644" - when: - eb_customfeedbackforeground.stat.exists + when: eb_customfeedbackforeground.stat.exists - name: Check if we have a Stepup GW certificate ansible.builtin.stat: @@ -157,8 +149,7 @@ owner: root group: engine mode: "0644" - when: - eb_stepupgwcert.stat.exists + when: eb_stepupgwcert.stat.exists - name: Copy over the engineblock keys ansible.builtin.copy: diff --git a/roles/engineblock/tasks/test.yml b/roles/engineblock/tasks/test.yml deleted file mode 100644 index 43133372b..000000000 --- a/roles/engineblock/tasks/test.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Create install directory - file: - path: "{{ engineblock_selenium_install_dir }}/selenium" - state: directory - recurse: yes - -- name: Install latest Chrome - yum: - name: https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm - state: present - -- name: Install Selenium standalone - get_url: - url: "http://selenium-release.storage.googleapis.com/{{ engineblock_selenium_version | regex_replace('\\.[0-9]+$', '') }}/selenium-server-standalone-{{ engineblock_selenium_version }}.jar" - dest: "{{ engineblock_selenium_install_dir }}/selenium/selenium-server-standalone-{{ engineblock_selenium_version }}.jar" - mode: 0755 - -- name: Get the latest release for chromedriver - uri: - url: https://chromedriver.storage.googleapis.com/LATEST_RELEASE - return_content: yes - register: chromedriver_latest - -- name: Install chromedriver - unarchive: - src: "https://chromedriver.storage.googleapis.com/{{ chromedriver_latest.content | trim }}/chromedriver_linux64.zip" - dest: "{{ engineblock_selenium_install_dir }}/selenium" - mode: 0755 - copy: no - -- name: Install systemd unit file - template: - src: "selenium-unit.j2" - dest: /etc/systemd/system/selenium.service - mode: 0755 diff --git a/roles/engineblock/templates/engine-api.conf.j2 b/roles/engineblock/templates/engine-api.conf.j2 deleted file mode 100644 index f2e455933..000000000 --- a/roles/engineblock/templates/engine-api.conf.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{% if apache_app_listen_address.engine_api is defined %} -Listen {{ apache_app_listen_address.engine_api }}:{{ loadbalancing.engine_api.port }} - -{% else %} - -{% endif %} - ServerAdmin {{ admin_email }} - - DocumentRoot {{ engine_current_release_symlink }}/web - ServerName {{ engine_api_domain }} - - - Require all granted - Options -MultiViews - RewriteEngine On - RewriteBase / - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ app{% if develop %}_dev{% endif %}.php [QSA,L] - -{% if apache_app_listen_address.all is defined %} - SSLEngine on - SSLCertificateFile {{ tls.cert_path }}/{{ tls_star_cert }} - SSLCertificateKeyFile {{ tls.cert_private_path }}/{{ tls_star_cert_key }} - SSLCertificateChainFile {{ tls.cert_path_ca }}/{{ tls_ca }} -{% endif %} - - Header always set X-Content-Type-Options "nosniff" - Header always set X-Frame-Options "DENY" - Header always set Content-Security-Policy "{{ httpd_csp.nothing }}" - - SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - SetEnv ENGINEBLOCK_ENV {{ engine_apache_environment }} - SetEnv SYMFONY_ENV {{ engine_apache_symfony_environment }} - SetEnv HTTPS on - - RewriteEngine On - # We support only GET/POST/HEAD - RewriteCond %{REQUEST_METHOD} !^(POST|DELETE|GET|HEAD)$ - RewriteRule .* - [R=405,L] - - #Proxy the requests to FPM - ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php-fpm/engine-pool-72.sock|fcgi://localhost/{{ engine_current_release_symlink }}/web/$1 - - ErrorLog "|/usr/bin/logger -S 32k -p local3.err -t 'Apache-EBAPI'" - CustomLog "|/usr/bin/logger -S 32k -p local3.info -t 'Apache-EBAPI'" combined - - {% if haproxy_backend_tls %} - SSLEngine on - SSLCertificateFile {{ tls.cert_path }}/backend.{{ base_domain }}.pem - SSLCertificateKeyFile {{ tls.cert_private_path }}/backend.{{ base_domain }}.key - Include ssl_backend.conf - {% endif %} - - diff --git a/roles/engineblock/templates/engine-pool-72.conf.j2 b/roles/engineblock/templates/engine-pool-72.conf.j2 deleted file mode 100644 index c766f2a65..000000000 --- a/roles/engineblock/templates/engine-pool-72.conf.j2 +++ /dev/null @@ -1,227 +0,0 @@ -; Create a new pool named engine. -[engine] - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. - -; Use unix socket -listen = /var/run/php-fpm/engine-pool-72.sock - -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: -1 -;listen.backlog = -1 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -listen.allowed_clients = 127.0.0.1 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 -listen.owner = apache -listen.group = apache -listen.mode = 0640 - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = {{ engine_fpm_user }} -group = {{ engine_fpm_user }} - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives: -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' -; Note: This value is mandatory. -pm.max_children = 40 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 5 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 5 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 35 - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. By default, the status page shows the following -; information: -; accepted conn - the number of request accepted by the pool; -; pool - the name of the pool; -; process manager - static or dynamic; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes. -; The values of 'idle processes', 'active processes' and 'total processes' are -; updated each second. The value of 'accepted conn' is updated in real time. -; Example output: -; accepted conn: 12073 -; pool: www -; process manager: static -; idle processes: 35 -; active processes: 65 -; total processes: 100 -; By default the status page output is formatted as text/plain. Passing either -; 'html' or 'json' as a query string will return the corresponding output -; syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/php-fpm/www-slow.log - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. This value must be an absolute path. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -;catch_workers_output = yes - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -php_admin_value[error_log] = /var/log/php-fpm/engine-error.log -php_admin_flag[log_errors] = on -php_admin_value[memory_limit] = {{ engine_fpm_memory }} -php_admin_value[post_max_size] = 25M - -; Set session path to a directory owned by process user -php_value[session.save_handler] = files -php_value[session.save_path] = {{ php_session_dir }}/engine -php_value[disable_functions] = {{ php_disabled_functions }} diff --git a/roles/engineblock/templates/engine.conf.j2 b/roles/engineblock/templates/engine.conf.j2 deleted file mode 100644 index 6b7b769c1..000000000 --- a/roles/engineblock/templates/engine.conf.j2 +++ /dev/null @@ -1,56 +0,0 @@ -{% if apache_app_listen_address.engine is defined %} -Listen {{ apache_app_listen_address.engine }}:{{ loadbalancing.engine.port }} - -{% else %} - -{% endif %} - ServerAdmin {{ admin_email }} - - DocumentRoot {{ engine_current_release_symlink }}/web - ServerName {{ engine_domain }} - - - Require all granted - Options -MultiViews - RewriteEngine On - RewriteBase / - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ app{% if develop %}_dev{% endif %}.php [QSA,L] - - - Header always set X-Content-Type-Options "nosniff" - - SetEnv ENGINEBLOCK_ENV {{ engine_apache_environment }} - SetEnv SYMFONY_ENV {{ engine_apache_symfony_environment }} - SetEnv HTTPS on - - RewriteEngine On - # We support only GET/POST - RewriteCond %{REQUEST_METHOD} !^(POST|GET)$ - RewriteRule .* - [R=405,L] - - #Proxy the requests to FPM - ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php-fpm/engine-pool-72.sock|fcgi://localhost/{{ engine_current_release_symlink }}/web/$1 - - ErrorLog "|/usr/bin/logger -S 32k -p local3.err -t 'Apache-EB'" - CustomLog "|/usr/bin/logger -S 32k -p local3.info -t 'Apache-EB'" combined - {% if haproxy_backend_tls %} - SSLEngine on - SSLCertificateFile {{ tls.cert_path }}/backend.{{ base_domain }}.pem - SSLCertificateKeyFile {{ tls.cert_private_path }}/backend.{{ base_domain }}.key - Include ssl_backend.conf - {% endif %} - {% if apache_app_listen_address.all is defined %} - SSLEngine on - SSLCertificateFile {{ tls.cert_path }}/{{ tls_star_cert }} - SSLCertificateKeyFile {{ tls.cert_private_path }}/{{ tls_star_cert_key }} - SSLCertificateChainFile {{ tls.cert_path_ca }}/{{ tls_ca }} - Include ssl_backend.conf - {% endif %} - - ExpiresActive on - ExpiresByType font/* "access plus 1 year" - ExpiresByType image/* "access plus 6 months" - ExpiresByType text/css "access plus 1 year" - ExpiresByType text/js "access plus 1 year" - diff --git a/roles/engineblock/templates/selenium-unit.j2 b/roles/engineblock/templates/selenium-unit.j2 deleted file mode 100644 index 29f943cfa..000000000 --- a/roles/engineblock/templates/selenium-unit.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Selenium test framework -After=syslog.target network.target - -[Service] -ExecStart=/usr/bin/java -jar {{ engineblock_selenium_install_dir }}/selenium/selenium-server-standalone-{{ engineblock_selenium_version }}.jar -Dwebdriver.chrome.driver={{ engineblock_selenium_install_dir }}/selenium/chromedriver & -Restart=on-failure -RestartSec=20s - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/engineblock/vars/docker.yml b/roles/engineblock/vars/main.yml similarity index 100% rename from roles/engineblock/vars/docker.yml rename to roles/engineblock/vars/main.yml