Przeglądaj źródła

Merge branch 'develop'

tags/pkg/staging/eole-2.7.0/0.0.1-0
Teddy Cornaut 5 miesięcy temu
rodzic
commit
92dbf4ffb0

+ 34
- 48
dicos/61_pve.xml Wyświetl plik

@@ -9,16 +9,22 @@
9 9
         <file filelist='mse-sys-lr' name='/etc/logrotate.d/mse' source='mse-logrotate.conf' rm='True' mkdir='True'/>
10 10
         <file filelist='mse-rsyslog' name='/etc/rsyslog.d/eole-traps/mse.conf' source='mse-rsyslog.conf' rm='True' mkdir='True'/>
11 11
         <file filelist='pve' name='/usr/lib/python2.7/dist-packages/eoledb/password/_eole_mypwd.py' source='tmpl_eole_mypwd.py' rm='True' mkdir='True'/>
12
-        <file filelist='pve' name='/etc/php5/fpm/php.ini' source='php.ini' rm='True' mkdir='True'/>
12
+        <file filelist='pve' name='/etc/php/5.6/fpm/php.ini' source='php.ini' rm='True' mkdir='True'/>
13
+        <file filelist='pve' name='/var/www/html/mse/app/config/parameters.yml' source='pvebundle-parameters.yml' rm='True' mkdir="True"/>
14
+        <file filelist='pve' name='/var/www/html/mse/scripts/scribe-post-install.sh' source='mse-scribe-post-install.sh' rm='True' mkdir="True"/>
15
+        <file filelist='pve' name='/var/www/html/mse/app/config/config_prod.yml' source='mse_config_prod.yml' rm='True' mkdir="True"/>
16
+        <file filelist='pve-redis' name='/var/www/html/mse/app/config/redis.yml' source='mse-redis.yml' rm='True' mkdir="True"/>
17
+        <file filelist='pve-redis-cluster' name='/var/www/html/mse/app/config/redis_cluster.yml' source='mse-redis-cluster.yml' rm='True' mkdir="True"/>
13 18
 
14 19
         <file filelist='mse-apache' name='/etc/apache2/sites-available/mse.conf' source='msebundle-apache.conf' mkdir='True' rm='True'/>
15 20
         <file filelist='mse-apache' name='/etc/apache2/mods-available/mpm_event.conf' mkdir='True' rm='True'/>
16 21
         <file filelist='mse-apache' name='/etc/apache2/mods-available/mpm_worker.conf' mkdir='True' rm='True'/>
17
-        <file filelist='mse-apache' name='/etc/php5/fpm/pool.d/mse.conf' source='mse-fpm.conf' mkdir='True' rm='True'/>
22
+        <file filelist='mse-apache' name='/etc/apache2/conf-available/security.conf' source='mse-apache-security.conf' mkdir='True' rm='True'/>
23
+        <file filelist='mse-apache' name='/etc/php/5.6/fpm/pool.d/mse.conf' source='mse-fpm.conf' mkdir='True' rm='True'/>
18 24
         <file filelist='mse-apache-revproxy' name='/etc/apache2/mods-available/remoteip.conf' source='mse-apache-remoteip.conf' mkdir='True' rm='True'/>
19 25
 
20 26
         <service servicelist='svApache'>apache2</service>
21
-        <service servicelist='svApache'>php5-fpm</service>
27
+        <service servicelist='svApache'>php5.6-fpm</service>
22 28
         <service method='apache'>mse.conf</service>
23 29
 
24 30
         <service_access service='apache2'>
@@ -27,17 +33,6 @@
27 33
         </service_access>
28 34
     </files>
29 35
 
30
-    <containers>
31
-        <container name='web'>
32
-            <!-- services de configuration de l'application  -->
33
-            <file filelist='pve' name='/var/www/html/mse/app/config/parameters.yml' source='pvebundle-parameters.yml' rm='True' mkdir="True"/>
34
-            <file filelist='pve' name='/var/www/html/mse/scripts/scribe-post-install.sh' source='mse-scribe-post-install.sh' rm='True' mkdir="True"/>
35
-            <file filelist='pve' name='/var/www/html/mse/app/config/config_prod.yml' source='mse_config_prod.yml' rm='True' mkdir="True"/>
36
-            <file filelist='pve-redis' name='/var/www/html/mse/app/config/redis.yml' source='mse-redis.yml' rm='True' mkdir="True"/>
37
-            <file filelist='pve-redis-cluster' name='/var/www/html/mse/app/config/redis_cluster.yml' source='mse-redis-cluster.yml' rm='True' mkdir="True"/>
38
-        </container>
39
-    </containers>
40
-
41 36
     <variables>
42 37
         <family name='MSE'>
43 38
             <!-- SERVICES -->
@@ -133,13 +128,13 @@
133 128
             <variable name='pvebundle_redisalias'      type='string' description="Alias du serveur Redis" multi="True" mandatory="True">
134 129
                 <value>session_cache</value>
135 130
             </variable>
136
-            <variable name='pvebundle_redisserveur'      type='ip' description="Adresse du serveur Redis" mandatory="True">
131
+            <variable name='pvebundle_redisserveur'      type='domain' description="Adresse du serveur Redis" mandatory="True">
137 132
                 <value>127.0.0.1</value>
138 133
             </variable>
139 134
             <variable name='pvebundle_redisport'         type='string' description="Port du serveur Redis" mandatory="True">
140 135
                 <value>6379</value>
141 136
             </variable>
142
-            <variable name='pvebundle_redisserveurslave'      type='ip' description="Adresse du serveur slave Redis" mandatory="True">
137
+            <variable name='pvebundle_redisserveurslave'      type='domain' description="Adresse du serveur slave Redis" mandatory="True">
143 138
                 <value>127.0.0.1</value>
144 139
             </variable>
145 140
             <variable name='pvebundle_redisportslave'         type='string' description="Port du serveur slave Redis" mandatory="True">
@@ -161,7 +156,7 @@
161 156
 
162 157
             <!-- REVERSE PROXY -->
163 158
 
164
-            <variable name='pvebundle_reverse_proxy'    type='string' description="Adresse IP du reverse proxy en frontal" mandatory="False" />
159
+            <variable name='pvebundle_reverse_proxy'    type='domain' description="Adresse du reverse proxy en frontal" mandatory="False" />
165 160
 
166 161
             <!-- SAML -->
167 162
             <variable name='saml_idp_url_metadata' type='string' description="URL des metadata de l'IDP" mandatory="True">
@@ -247,7 +242,7 @@
247 242
             <variable name='pvebundle_aglae_surveillance_wsdl_url'     type='string' description="URL du WSDL Surveillance des webservices AGLAE" mandatory="True">
248 243
                 <value>http://localhost</value>
249 244
             </variable>
250
-            <variable name='pvebundle_aglae_sftp_host'     type='string' description="AGLAE SFTP serveur" mandatory="True">
245
+            <variable name='pvebundle_aglae_sftp_host'     type='domain' description="AGLAE SFTP serveur" mandatory="True">
251 246
                 <value>localhost</value>
252 247
             </variable>
253 248
 
@@ -306,7 +301,7 @@
306 301
 
307 302
             <!-- SMTP -->
308 303
 
309
-            <variable name='pvebundle_ipsmtp'      type='string' description="Adresse IP de la passerelle SMTP" mandatory="True">
304
+            <variable name='pvebundle_ipsmtp'      type='domain' description="Adresse de la passerelle SMTP" mandatory="True">
310 305
                 <value>127.0.0.1</value>
311 306
             </variable>
312 307
             <variable name='pvebundle_mailer_user'      type='string' description="Nom de l'utilisateur SMTP" mandatory="False" />
@@ -320,7 +315,7 @@
320 315
 
321 316
             <!-- IZLY -->
322 317
 
323
-            <variable name='pvebundle_izly_sftp_host'     type='string' description="IZLY SFTP serveur" mandatory="True">
318
+            <variable name='pvebundle_izly_sftp_host'     type='domain' description="IZLY SFTP serveur" mandatory="True">
324 319
                 <value>localhost</value>
325 320
             </variable>
326 321
             <variable name='pvebundle_izly_sftp_port'     type='number' description="IZLY SFTP port" mandatory="True">
@@ -423,26 +418,23 @@
423 418
             <variable name='smb_min_password_class' type='number' exists='False' description='Nombre minimum de classes de caractères'>
424 419
                 <value>3</value>
425 420
             </variable>
426
-            <variable name='ead_support_multietab' type='oui/non' exists='False' description='Mode multiétab' hidden='True'>
427
-                <value>non</value>
428
-            </variable>
429 421
         </family>
430 422
         <family name='MSE-Logrotate' mode='expert'>
431
-			<variable name='mseLogPeriod' type='string' description="Périodicité de la rotation des journaux applicatifs">
432
-				<value>weekly</value>
433
-			</variable>
434
-			<variable name='mseLogRotate' type='string' description="Nombre de fichiers de journaux applicatifs compressés à conserver">
435
-				<value>52</value>
436
-			</variable>
437
-			<variable name='mseLogDir' type='string' description="Répertoire des fichiers de journaux applicatifs">
438
-				<value>/var/www/html/mse/app/logs</value>
439
-			</variable>
440
-			<variable name='mseLogSize' type='string' description="Taille maximale d'un fichier de journal applicatif (en Mo)">
441
-				<value>900</value>
442
-			</variable>
443
-			<variable name='mseLogMaxAge' type='string' description="Age maximum des archives de journaux applicatifs">
444
-				<value>365</value>
445
-			</variable>
423
+            <variable name='mseLogPeriod' type='string' description="Périodicité de la rotation des journaux applicatifs">
424
+                <value>weekly</value>
425
+            </variable>
426
+            <variable name='mseLogRotate' type='string' description="Nombre de fichiers de journaux applicatifs compressés à conserver">
427
+                <value>52</value>
428
+            </variable>
429
+            <variable name='mseLogDir' type='string' description="Répertoire des fichiers de journaux applicatifs">
430
+                <value>/var/www/html/mse/app/logs</value>
431
+            </variable>
432
+            <variable name='mseLogSize' type='string' description="Taille maximale d'un fichier de journal applicatif (en Mo)">
433
+                <value>900</value>
434
+            </variable>
435
+            <variable name='mseLogMaxAge' type='string' description="Age maximum des archives de journaux applicatifs">
436
+                <value>365</value>
437
+            </variable>
446 438
 
447 439
             <variable name='mse_lr_apache_period' type='string' description='Périodicité de la rotation'>
448 440
                 <value>weekly</value>
@@ -456,7 +448,7 @@
456 448
             <variable name='mse_lr_apache_olddir' type='string' description="Emplacement des archives"/>
457 449
 
458 450
         </family>
459
-		<family name='Logs'>
451
+        <family name='Logs'>
460 452
             <variable name='activer_conf_lr' type='oui/non' description='Ajouter des configurations logrotate ?'>
461 453
                 <value>non</value>
462 454
             </variable>
@@ -475,7 +467,7 @@
475 467
             <variable name='mse_lr_copytruncate' type='oui/non' description="Remise à 0 du fichier de journal">
476 468
                 <value>oui</value>
477 469
             </variable>
478
-		</family>
470
+        </family>
479 471
 
480 472
         <family name='MSE-NFS' mode='expert'>
481 473
             <variable name='nfsUploads' type='oui/non' description="Les fichiers 'uploads' sont dans un partage NFS ?">
@@ -489,7 +481,7 @@
489 481
             <variable name='mseApacheBehindRevproxy' type='oui/non' description="Le serveur web est derrière un reverse proxy">
490 482
                     <value>non</value>
491 483
             </variable>
492
-            <variable name='mseApacheBehindRevproxyIP' type='ip' description="Adresse IP du serveur reverse proxy" mandatory='True'/>
484
+            <variable name='mseApacheBehindRevproxyIP' type='domain' description="Adresse IP du serveur reverse proxy" mandatory='True'/>
493 485
             <variable name='mseApacheServerLimit' type='string' description='Limite supérieure de la définition du nombre de processus (ServerLimit)' >
494 486
                    <value>16</value>
495 487
             </variable>
@@ -581,7 +573,7 @@
581 573
             <separator name='wsdlbundle_heberg_passwd'>HEBERG</separator>
582 574
             <separator name='wsdlbundle_cve_passwd'>CVE</separator>-->
583 575
             <separator name='smb_min_password_length'>WHAT</separator>
584
-			<separator name='mseLogPeriod'>Configuration des rotations de journaux applicatifs</separator>
576
+            <separator name='mseLogPeriod'>Configuration des rotations de journaux applicatifs</separator>
585 577
             <separator name='mse_lr_apache_period'>Configuration des logrotate pour Apache</separator>
586 578
         </separators>
587 579
 
@@ -602,12 +594,6 @@
602 594
             <param>['daily', 'weekly', 'monthly', 'yearly']</param>
603 595
         </check>
604 596
 
605
-        <check name='valid_enum' target='smb_min_password_length'>
606
-            <param type="python">[str(i) for i in range(3, 13)]</param>
607
-        </check>
608
-        <check name='valid_enum' target='smb_min_password_class'>
609
-            <param>['1', '2', '3', '4']</param>
610
-        </check>
611 597
         <check name='valid_enum' target='pvebundle_scheme'>
612 598
             <param>['http', 'https']</param>
613 599
         </check>

+ 4
- 4
postservice/61-pve Wyświetl plik

@@ -55,12 +55,12 @@ function synchroHost()
55 55
     --include="php.ini" \
56 56
     --include="pool.d" \
57 57
     --include="pool.d/mse.conf" \
58
-    /etc/php5/fpm/ root@${hst}:/etc/php5/fpm/
58
+    /etc/php/5.6/fpm/ root@${hst}:/etc/php/5.6/fpm/
59 59
 
60 60
     # Nettoyage du cache
61 61
     cmd="${cmd} rm -rf ${WORKDIR}/app/cache/*;"
62 62
 
63
-    cmd="${cmd} php -r \"apc_clear_cache(); apc_clear_cache('user'); apc_clear_cache('opcode');\";"
63
+    #cmd="${cmd} php -r \"apc_clear_cache(); apc_clear_cache('user'); apc_clear_cache('opcode');\";"
64 64
 
65 65
     # Warm up du cache
66 66
     cmd="${cmd} php app/console cache:warmup --env=prod --no-debug;"
@@ -86,7 +86,7 @@ function synchroHost()
86 86
 
87 87
     # Redémarrage service apache
88 88
     cmd="${cmd} a2ensite mse;"
89
-    cmd="${cmd} service php5-fpm restart;"
89
+    cmd="${cmd} service php5.6-fpm restart;"
90 90
     cmd="${cmd} service apache2 restart;"
91 91
 
92 92
     ssh ${hst} "${cmd}"
@@ -95,7 +95,7 @@ function synchroHost()
95 95
 }
96 96
 
97 97
 chmod +x /var/www/html/mse/scripts/scribe-post-install.sh
98
-CreoleRun "/var/www/html/mse/scripts/scribe-post-install.sh" web
98
+CreoleRun "/var/www/html/mse/scripts/scribe-post-install.sh"
99 99
 
100 100
 LOGFILE=/var/log/eole/mse-sync.log
101 101
 

+ 1
- 1
scripts/apacheSync.sh Wyświetl plik

@@ -24,7 +24,7 @@ then
24 24
 	done
25 25
 
26 26
     cmd="${cmd} a2ensite mse;"
27
-    cmd="${cmd} service php5-fpm restart;"
27
+    cmd="${cmd} service php5.6-fpm restart;"
28 28
     cmd="${cmd} service apache2 restart;"
29 29
 
30 30
     ssh ${HOST} "${cmd}"

+ 1
- 1
scripts/nginxSync.sh Wyświetl plik

@@ -14,7 +14,7 @@ if [ $result -eq 0 ]
14 14
 then
15 15
     echo "#### Working on ${HOST}"
16 16
     # Redémarrage service nginx
17
-    cmd="service php5-fpm restart;"
17
+    cmd="service php5.6-fpm restart;"
18 18
     cmd="${cmd} service nginx restart;"
19 19
 
20 20
     ssh ${HOST} "${cmd}"

+ 74
- 0
tmpl/mse-apache-security.conf Wyświetl plik

@@ -0,0 +1,74 @@
1
+#
2
+# Disable access to the entire file system except for the directories that
3
+# are explicitly allowed later.
4
+#
5
+# This currently breaks the configurations that come with some web application
6
+# Debian packages.
7
+#
8
+#<Directory />
9
+#   AllowOverride None
10
+#   Require all denied
11
+#</Directory>
12
+
13
+
14
+# Changing the following options will not really affect the security of the
15
+# server, but might make attacks slightly more difficult in some cases.
16
+
17
+#
18
+# ServerTokens
19
+# This directive configures what you return as the Server HTTP response
20
+# Header. The default is 'Full' which sends information about the OS-Type
21
+# and compiled in modules.
22
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
23
+# where Full conveys the most information, and Prod the least.
24
+#ServerTokens Minimal
25
+#ServerTokens OS
26
+#ServerTokens Full
27
+ServerTokens Prod
28
+
29
+#
30
+# Optionally add a line containing the server version and virtual host
31
+# name to server-generated pages (internal error documents, FTP directory
32
+# listings, mod_status and mod_info output etc., but not CGI generated
33
+# documents or custom error documents).
34
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
35
+# Set to one of:  On | Off | EMail
36
+#ServerSignature Off
37
+ServerSignature On
38
+
39
+#
40
+# Allow TRACE method
41
+#
42
+# Set to "extended" to also reflect the request body (only for testing and
43
+# diagnostic purposes).
44
+#
45
+# Set to one of:  On | Off | extended
46
+TraceEnable Off
47
+#TraceEnable On
48
+
49
+#
50
+# Forbid access to version control directories
51
+#
52
+# If you use version control systems in your document root, you should
53
+# probably deny access to their directories. For example, for subversion:
54
+#
55
+#<DirectoryMatch "/\.svn">
56
+#   Require all denied
57
+#</DirectoryMatch>
58
+
59
+#
60
+# Setting this header will prevent MSIE from interpreting files as something
61
+# else than declared by the content type in the HTTP headers.
62
+# Requires mod_headers to be enabled.
63
+#
64
+#Header set X-Content-Type-Options: "nosniff"
65
+
66
+#
67
+# Setting this header will prevent other sites from embedding pages from this
68
+# site as frames. This defends against clickjacking attacks.
69
+# Requires mod_headers to be enabled.
70
+#
71
+#Header set X-Frame-Options: "sameorigin"
72
+
73
+
74
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

+ 1
- 1
tmpl/mse-nginx.conf Wyświetl plik

@@ -24,7 +24,7 @@ server {
24 24
 
25 25
 
26 26
   location ~ ^/app\.php(/|$) {
27
-    fastcgi_pass unix:/var/run/php5-fpm.sock;
27
+    fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
28 28
     fastcgi_split_path_info ^(.+\.php)(/.*)$;
29 29
     include fastcgi_params;
30 30
     # When you are using symlinks to link the document root to the

+ 6
- 2
tmpl/mse-scribe-post-install.sh Wyświetl plik

@@ -3,7 +3,7 @@
3 3
 cd /var/www/html/mse
4 4
 
5 5
 # Dépendences Deb
6
-declare -a deps=("php5-intl" "libssh2-php")
6
+declare -a deps=("php5.6-intl" "php-ssh2")
7 7
 
8 8
 for i in "${deps[@]}"
9 9
 do
@@ -13,9 +13,13 @@ do
13 13
   fi
14 14
 done
15 15
 
16
+%for %%server in %%getVar('pvebundle_redisalias', [])
17
+    redis-cli -h %%server.pvebundle_redisserveur -p %%server.pvebundle_redisport flushall
18
+%end for
19
+
16 20
 # Nettoyage du cache
17 21
 php app/console cache:clear --env=prod --no-debug
18
-php -r "apc_clear_cache(); apc_clear_cache('user'); apc_clear_cache('opcode');"
22
+#php -r "apc_clear_cache(); apc_clear_cache('user'); apc_clear_cache('opcode');"
19 23
 
20 24
 php app/console cache:warmup --env=prod --no-debug
21 25
 

+ 2
- 2
tmpl/php.ini Wyświetl plik

@@ -373,7 +373,7 @@ zend.enable_gc = On
373 373
 ; threat in any way, but it makes it possible to determine whether you use PHP
374 374
 ; on your server or not.
375 375
 ; http://php.net/expose-php
376
-expose_php = On
376
+expose_php = Off
377 377
 
378 378
 ;;;;;;;;;;;;;;;;;;;
379 379
 ; Resource Limits ;
@@ -798,7 +798,7 @@ file_uploads = On
798 798
 ; Temporary directory for HTTP uploaded files (will use system default if not
799 799
 ; specified).
800 800
 ; http://php.net/upload-tmp-dir
801
-;upload_tmp_dir =
801
+upload_tmp_dir = /var/www/html/mse/app/uploads
802 802
 
803 803
 ; Maximum allowed size for uploaded files.
804 804
 ; http://php.net/upload-max-filesize

+ 1
- 1
tmpl/pve-db.yml Wyświetl plik

@@ -2,7 +2,7 @@ dbtype: mysql
2 2
 dbname: pve
3 3
 dbuser: pve
4 4
 dbroot: mse
5
-dbpass: 123456
5
+dbpass: '123456'
6 6
 dbport: 3306
7 7
 %if %%getVar('is_mse_master','non') == 'oui'
8 8
 client_hosts: ["127.0.0.1", "localhost" %slurp

+ 1
- 1
tmpl/pvebundle-parameters.yml Wyświetl plik

@@ -51,7 +51,7 @@ parameters:
51 51
     cnous_pve.service.ldap.port: %%pvebundle_ldapport
52 52
     cnous_pve.service.ldap.base_dn: %%pvebundle_ldapbase
53 53
     cnous_pve.service.ldap.user: %%pvebundle_ldapdn
54
-    cnous_pve.service.ldap.password: %%pvebundle_ldappwd
54
+    cnous_pve.service.ldap.password: %include raw %%pvebundle_ldappwd
55 55
     cnous_pve.proxy.trust: %%pvebundle_reverse_proxy
56 56
     cnous_pve.portal_url: '%%pvebundle_portal_url'
57 57
     cnous_pve.portal_frame_include_url: '%%pvebundle_portal_url?page=%s'

Ładowanie…
Anuluj
Zapisz