full-text-rss/ubuntu-15.10.pp

# Puppet file intended to install server componenets for self-hosted FiveFilters.org web services
# This file is intended for base images of:
# Ubuntu 15.10

# Please see here for more information on how to use this: 
# http://help.fivefilters.org/customer/en/portal/articles/1143210-hosting

Exec { path => "/bin:/usr/bin:/usr/local/bin" }

stage { 'first': before => Stage['main'] }
stage { 'last': require => Stage['main'] }

class {
	'init': stage => first;
	'final': stage => last;
}

class init {
	exec { "apt-update": 
		command => "apt-get update"
	}
	package { "fail2ban":
		ensure => latest
	}
	package { "unattended-upgrades":
		ensure => latest
	}
	file { "/etc/apt/apt.conf.d/20auto-upgrades":
		ensure => present,
		content => 'APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";',
		require => Package["unattended-upgrades"]
	}
}

# make sure apt-update run before package
Exec["apt-update"] -> Package <| |>

class apache {
	exec { "enable-mod_rewrite":
		require => Package["apache2"],
		before => Service["apache2"],
		#command => "/usr/sbin/a2enmod rewrite",
		command => "sudo a2enmod rewrite",
	}

	file { "/etc/apache2/mods-available/mpm_prefork.conf":
		ensure => present,
		content => "<IfModule mpm_prefork_module>
        StartServers                     5
        MinSpareServers           5
        MaxSpareServers          10
        MaxRequestWorkers         80
        MaxConnectionsPerChild   0
</IfModule>",
		require => Package["apache2"],
		notify => Exec["restart-apache"]
	}

	file { "/etc/apache2/sites-available/fivefilters.conf":
		ensure => present,
		content => "<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog /dev/null combined
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
        
				KeepAliveTimeout 2
				MaxKeepAliveRequests 10
</VirtualHost>",
		require => Package["apache2"],
		before => Exec["enable-fivefilters-apache2"],
		notify => Exec["restart-apache"]
	}

	exec { "enable-fivefilters-apache2":
		require => [Package["apache2"], Service["apache2"]],
		command => "sudo a2dissite 000-default && sudo a2ensite fivefilters"
	}

	exec { "disable-mod_status":
		require => Package["apache2"],
		before => Service["apache2"],
		command => "sudo a2dismod status",
	}

	package { "apache2":
		ensure => latest
	}

	service { "apache2":
		ensure => running,
		require => Package["apache2"]
	}

	exec { "restart-apache":
		command => "sudo service apache2 restart",
		require => Package["apache2"],
		refreshonly => true
	}
	#TODO: Set AllowOverride All in default config to enable .htaccess
}

class php {
	package { "php5": ensure => latest }
	package { "libapache2-mod-php5": ensure => latest }
	package { "php5-cli": ensure => latest }
	package { "php5-tidy": ensure => latest }
	package { "php5-curl": ensure => latest }
	package { "libcurl4-gnutls-dev": ensure => latest }
	package { "libpcre3-dev": ensure => latest }
	package { "make": ensure=>latest }
	package { "php-pear": ensure => latest }
	package { "php5-dev": ensure => latest }
	package { "php5-intl": ensure => latest }
	package { "php5-gd": ensure => latest }
	package { "php5-imagick": ensure => latest }
	package { "php5-json": ensure => latest }
	#package { "php-http": ensure => latest }
	package { "php5-raphf": ensure => latest }
	package { "php5-propro": ensure => latest }
	file { "/etc/php5/mods-available/fivefilters-php.ini":
		ensure => present,
		content => "engine = On
		expose_php = Off
		max_execution_time = 120
		memory_limit = 128M
		error_reporting = E_ALL & ~E_DEPRECATED
		display_errors = Off
		display_startup_errors = Off
		html_errors = Off
		default_socket_timeout = 120
		file_uploads = Off
		date.timezoe = 'UTC'",
		require => Package["php5"],
		before => Exec["enable-fivefilters-php"],
	}
	exec { "enable-fivefilters-php":
		command => "sudo php5enmod fivefilters-php",
	}	
}

class php_pecl_http {
  # Important: this file needs to be in place before we install the HTTP extension
	file { "/etc/php5/mods-available/http.ini":
		ensure => present,
		#owner => root, group => root, mode => 444,
		content => "; priority=25
extension=raphf.so
extension=propro.so
extension=http.so",
		before => [Exec["install-http-pecl"], Exec["enable-http"]],
		require => Class["php"]
	}

	exec { "enable-http":
		command => "sudo php5enmod http",
		require => Class["php"],
	}
	
	package { "libidn11-dev":
		ensure => latest,
		before => Exec["install-http-pecl"]
	}
	
	package { "libevent-dev":
		ensure => latest,
		before => Exec["install-http-pecl"]
	}

	exec { "install-http-pecl":
		command => "pecl install https://pecl.php.net/get/pecl_http-2.5.5.tgz",
		#command => "sudo pecl install pecl_http",
		# the above is now version 3.0 - requires PHP7
		#command => "pecl install http://pecl.php.net/get/pecl_http-1.7.6.tgz",
		#creates => "/tmp/needed/directory",
		require => Exec["enable-http"]
	}
}

class php_pecl_apcu {
	exec { "install-apcu-pecl":
		command => "sudo pecl install channel://pecl.php.net/APCu-4.0.10",
		#creates => "/tmp/needed/directory",
		require => Class["php"]
	}

	file { "/etc/php5/mods-available/apcu.ini":
		ensure => present,
		#owner => root, group => root, mode => 444,
		content => "extension=apcu.so",
		require => Exec["install-apcu-pecl"],
		before => Exec["enable-apcu"]
	}
	exec { "enable-apcu":
		command => "sudo php5enmod apcu",
		notify => Exec["restart-apache"],
	}
}

class php_cld {
	# see https://github.com/lstrojny/php-cld
	package { "git": ensure => latest }
	
	package { "build-essential": ensure => latest }
	
	file { "/tmp/cld":
		ensure => absent,
		before => Exec["download-cld"],
		recurse => true,
		force => true
	}
	
	exec { "download-cld":
		command => "git clone git://github.com/lstrojny/php-cld.git /tmp/cld",
		require => [Package["git"], Class["php"]],
		before => Exec["build-cld"]
	}
	
	exec { "checkout-cld-version":
		# recent version does not work, so we switch to an older one
		command => "git reset --hard fd5aa5721b01bfe547ff6674fa0daa9c3b791ca3",
		cwd => "/tmp/cld",
		require => Exec["download-cld"],
		before => Exec["build-cld"]
	}
	
	exec { "build-cld":
		command => "./build.sh",
		#new cld:command => "sh compile_libs.sh",
		cwd => "/tmp/cld/vendor/libcld",
		require => Package["build-essential"],
		provider => "shell"
	}
	
	exec { "install-cld-extension":
		command => "phpize && ./configure --with-libcld-dir=/tmp/cld/vendor/libcld && make && sudo make install",
		cwd => "/tmp/cld",
		provider => "shell",
		require => Exec["build-cld"]
	}

	file { "/etc/php5/mods-available/cld.ini":
		ensure => present,
		#owner => root, group => root, mode => 444,
		content => "extension=cld.so",
		require => Exec["install-cld-extension"],
		before => Exec["enable-cld"],
	}

	exec { "enable-cld":
		command => "sudo php5enmod cld",
		notify => Exec["restart-apache"],
	}
}

class final {
	exec { "lower-swappiness":
		command => "echo 'vm.swappiness = 10' >> /etc/sysctl.conf && sudo sysctl -p",
		provider => "shell"
	}
}

include init
include apache
include php
include php_pecl_apcu
include php_cld
include php_pecl_http
include final
Full-Text RSS 3.6 2019-04-04 21:15:15 +00:00			`# Puppet file intended to install server componenets for self-hosted FiveFilters.org web services`
			`# This file is intended for base images of:`
			`# Ubuntu 15.10`

			`# Please see here for more information on how to use this:`
			`# http://help.fivefilters.org/customer/en/portal/articles/1143210-hosting`

			`Exec { path => "/bin:/usr/bin:/usr/local/bin" }`

			`stage { 'first': before => Stage['main'] }`
			`stage { 'last': require => Stage['main'] }`

			`class {`
			`'init': stage => first;`
			`'final': stage => last;`
			`}`

			`class init {`
			`exec { "apt-update":`
			`command => "apt-get update"`
			`}`
			`package { "fail2ban":`
			`ensure => latest`
			`}`
			`package { "unattended-upgrades":`
			`ensure => latest`
			`}`
			`file { "/etc/apt/apt.conf.d/20auto-upgrades":`
			`ensure => present,`
			`content => 'APT::Periodic::Update-Package-Lists "1";`
			`APT::Periodic::Unattended-Upgrade "1";',`
			`require => Package["unattended-upgrades"]`
			`}`
			`}`

			`# make sure apt-update run before package`
			`Exec["apt-update"] -> Package <\| \|>`

			`class apache {`
			`exec { "enable-mod_rewrite":`
			`require => Package["apache2"],`
			`before => Service["apache2"],`
			`#command => "/usr/sbin/a2enmod rewrite",`
			`command => "sudo a2enmod rewrite",`
			`}`

			`file { "/etc/apache2/mods-available/mpm_prefork.conf":`
			`ensure => present,`
			`content => "<IfModule mpm_prefork_module>`
			`StartServers 5`
			`MinSpareServers 5`
			`MaxSpareServers 10`
			`MaxRequestWorkers 80`
			`MaxConnectionsPerChild 0`
			`</IfModule>",`
			`require => Package["apache2"],`
			`notify => Exec["restart-apache"]`
			`}`

			`file { "/etc/apache2/sites-available/fivefilters.conf":`
			`ensure => present,`
			`content => "<VirtualHost *:80>`
			`ServerAdmin webmaster@localhost`
			`DocumentRoot /var/www/html`

			`ErrorLog ${APACHE_LOG_DIR}/error.log`
			`CustomLog /dev/null combined`
			`#CustomLog ${APACHE_LOG_DIR}/access.log combined`

			`KeepAliveTimeout 2`
			`MaxKeepAliveRequests 10`
			`</VirtualHost>",`
			`require => Package["apache2"],`
			`before => Exec["enable-fivefilters-apache2"],`
			`notify => Exec["restart-apache"]`
			`}`

			`exec { "enable-fivefilters-apache2":`
			`require => [Package["apache2"], Service["apache2"]],`
			`command => "sudo a2dissite 000-default && sudo a2ensite fivefilters"`
			`}`

			`exec { "disable-mod_status":`
			`require => Package["apache2"],`
			`before => Service["apache2"],`
			`command => "sudo a2dismod status",`
			`}`

			`package { "apache2":`
			`ensure => latest`
			`}`

			`service { "apache2":`
			`ensure => running,`
			`require => Package["apache2"]`
			`}`

			`exec { "restart-apache":`
			`command => "sudo service apache2 restart",`
			`require => Package["apache2"],`
			`refreshonly => true`
			`}`
			`#TODO: Set AllowOverride All in default config to enable .htaccess`
			`}`

			`class php {`
			`package { "php5": ensure => latest }`
			`package { "libapache2-mod-php5": ensure => latest }`
			`package { "php5-cli": ensure => latest }`
			`package { "php5-tidy": ensure => latest }`
			`package { "php5-curl": ensure => latest }`
			`package { "libcurl4-gnutls-dev": ensure => latest }`
			`package { "libpcre3-dev": ensure => latest }`
			`package { "make": ensure=>latest }`
			`package { "php-pear": ensure => latest }`
			`package { "php5-dev": ensure => latest }`
			`package { "php5-intl": ensure => latest }`
			`package { "php5-gd": ensure => latest }`
			`package { "php5-imagick": ensure => latest }`
			`package { "php5-json": ensure => latest }`
			`#package { "php-http": ensure => latest }`
			`package { "php5-raphf": ensure => latest }`
			`package { "php5-propro": ensure => latest }`
			`file { "/etc/php5/mods-available/fivefilters-php.ini":`
			`ensure => present,`
			`content => "engine = On`
			`expose_php = Off`
			`max_execution_time = 120`
			`memory_limit = 128M`
			`error_reporting = E_ALL & ~E_DEPRECATED`
			`display_errors = Off`
			`display_startup_errors = Off`
			`html_errors = Off`
			`default_socket_timeout = 120`
			`file_uploads = Off`
			`date.timezoe = 'UTC'",`
			`require => Package["php5"],`
			`before => Exec["enable-fivefilters-php"],`
			`}`
			`exec { "enable-fivefilters-php":`
			`command => "sudo php5enmod fivefilters-php",`
			`}`
			`}`

			`class php_pecl_http {`
			`# Important: this file needs to be in place before we install the HTTP extension`
			`file { "/etc/php5/mods-available/http.ini":`
			`ensure => present,`
			`#owner => root, group => root, mode => 444,`
			`content => "; priority=25`
			`extension=raphf.so`
			`extension=propro.so`
			`extension=http.so",`
			`before => [Exec["install-http-pecl"], Exec["enable-http"]],`
			`require => Class["php"]`
			`}`

			`exec { "enable-http":`
			`command => "sudo php5enmod http",`
			`require => Class["php"],`
			`}`

			`package { "libidn11-dev":`
			`ensure => latest,`
			`before => Exec["install-http-pecl"]`
			`}`

			`package { "libevent-dev":`
			`ensure => latest,`
			`before => Exec["install-http-pecl"]`
			`}`

			`exec { "install-http-pecl":`
			`command => "pecl install https://pecl.php.net/get/pecl_http-2.5.5.tgz",`
			`#command => "sudo pecl install pecl_http",`
			`# the above is now version 3.0 - requires PHP7`
			`#command => "pecl install http://pecl.php.net/get/pecl_http-1.7.6.tgz",`
			`#creates => "/tmp/needed/directory",`
			`require => Exec["enable-http"]`
			`}`
			`}`

			`class php_pecl_apcu {`
			`exec { "install-apcu-pecl":`
			`command => "sudo pecl install channel://pecl.php.net/APCu-4.0.10",`
			`#creates => "/tmp/needed/directory",`
			`require => Class["php"]`
			`}`

			`file { "/etc/php5/mods-available/apcu.ini":`
			`ensure => present,`
			`#owner => root, group => root, mode => 444,`
			`content => "extension=apcu.so",`
			`require => Exec["install-apcu-pecl"],`
			`before => Exec["enable-apcu"]`
			`}`
			`exec { "enable-apcu":`
			`command => "sudo php5enmod apcu",`
			`notify => Exec["restart-apache"],`
			`}`
			`}`

			`class php_cld {`
			`# see https://github.com/lstrojny/php-cld`
			`package { "git": ensure => latest }`

			`package { "build-essential": ensure => latest }`

			`file { "/tmp/cld":`
			`ensure => absent,`
			`before => Exec["download-cld"],`
			`recurse => true,`
			`force => true`
			`}`

			`exec { "download-cld":`
			`command => "git clone git://github.com/lstrojny/php-cld.git /tmp/cld",`
			`require => [Package["git"], Class["php"]],`
			`before => Exec["build-cld"]`
			`}`

			`exec { "checkout-cld-version":`
			`# recent version does not work, so we switch to an older one`
			`command => "git reset --hard fd5aa5721b01bfe547ff6674fa0daa9c3b791ca3",`
			`cwd => "/tmp/cld",`
			`require => Exec["download-cld"],`
			`before => Exec["build-cld"]`
			`}`

			`exec { "build-cld":`
			`command => "./build.sh",`
			`#new cld:command => "sh compile_libs.sh",`
			`cwd => "/tmp/cld/vendor/libcld",`
			`require => Package["build-essential"],`
			`provider => "shell"`
			`}`

			`exec { "install-cld-extension":`
			`command => "phpize && ./configure --with-libcld-dir=/tmp/cld/vendor/libcld && make && sudo make install",`
			`cwd => "/tmp/cld",`
			`provider => "shell",`
			`require => Exec["build-cld"]`
			`}`

			`file { "/etc/php5/mods-available/cld.ini":`
			`ensure => present,`
			`#owner => root, group => root, mode => 444,`
			`content => "extension=cld.so",`
			`require => Exec["install-cld-extension"],`
			`before => Exec["enable-cld"],`
			`}`

			`exec { "enable-cld":`
			`command => "sudo php5enmod cld",`
			`notify => Exec["restart-apache"],`
			`}`
			`}`

			`class final {`
			`exec { "lower-swappiness":`
			`command => "echo 'vm.swappiness = 10' >> /etc/sysctl.conf && sudo sysctl -p",`
			`provider => "shell"`
			`}`
			`}`

			`include init`
			`include apache`
			`include php`
			`include php_pecl_apcu`
			`include php_cld`
			`include php_pecl_http`
			`include final`