Compare commits

...

9 Commits

8 changed files with 180 additions and 80 deletions

View File

@ -18,6 +18,9 @@ vars:
"imap_key" string => "$(cfg_dir)/private/imap.key";
"imap_cert" string => "$(cfg_dir)/private/imap.crt";
"submission_key" string => "$(cfg_dir)/private/submission.key";
"submission_cert" string => "$(cfg_dir)/private/submission.crt";
"service_name" string => "dovecot";
@ -37,9 +40,11 @@ methods:
"any" usebundle => wmde_service("$(service_name)","dovecot_kept","dovecot_repaired"),
depends_on => {
"dovecot_pkgs_installed",
"dovecot_cfg_created",
"dovecot_imap_key_installed",
"dovecot_imap_cert_installed",
"dovecot_cfg_created"
"dovecot_submission_key_installed",
"dovecot_submission_cert_installed",
};
services:
@ -71,6 +76,18 @@ files:
copy_from => local_dcp( execresult( "/usr/bin/readlink -qfn $(cfg[imap_key])","noshell" )),
perms => mog("600","root","root");
"$(submission_cert)"
handle => "dovecot_submission_cert_installed",
classes => if_repaired(dovecot_repaired),
copy_from => local_dcp( execresult( "/usr/bin/readlink -qfn $(cfg[submission_cert])","noshell" )),
perms => mog("600","root","root");
"$(submission_key)"
handle => "dovecot_submission_key_installed",
classes => if_repaired(dovecot_repaired),
copy_from => local_dcp( execresult( "/usr/bin/readlink -qfn $(cfg[submission_key])","noshell" )),
perms => mog("600","root","root");

110
mysql.cf
View File

@ -2,31 +2,41 @@
#
#
bundle agent mysql
bundle agent mysql(cfg_param)
{
vars:
"bind_address" string => "127.0.0.1";
"user" string => "mysql";
"port" string => "3306";
"default_cfg" data => '{
"bind_address":"127.0.0.1",
"user":"mysql",
"port":"3306"
}';
"cfg" data => mergedata(@(default_cfg),@(cfg_param));
freebsd::
# "pkg" string => "mariadb106-server";
"pkg" string => "mysql80-server";
"service_name" string => "mysql-server";
"cfg_dir" string => "/usr/local/etc/mysql";
"cfg_file" string => "/usr/local/etc/mysql/my.cnf";
"mysql_cmd" string => "/usr/local/bin/mysql";
"bin_dir" string => "/usr/local/bin";
debian::
"pkg" slist => {"mariadb-common", "mariadb-client", "mariadb-server"};
"pkg" slist => {"mariadb-server"};
"client_pkgs" slist => {"mariadb-client"};
"service_name" string => "mysql";
"cfg_dir" string => "/etc/mysql";
"cfg_file" string => "/etc/mysql/my.cnf";
"mysql_cmd" string => "/usr/bin/mysql";
commands:
# debian&mysql_repaired::
# "/usr/bin/mysql_install_db"
# depends_on => { "mysql_pkgs_installed" },
# handle => "mysql_db_installed";
"bin_dir" string => "/usr/bin";
any::
"mysql_cmd" string => "$(bin_dir)/mysql";
"mysqldump_cmd" string => "$(bin_dir)/mysqldump";
files:
"$(cfg_dir)/."
create => "true",
perms => mog("0755","root","root"),
handle => "mysql_cfg_dir_created";
"$(cfg_file)"
create => "true",
@ -34,13 +44,13 @@ files:
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/my.cnf.mustache",
template_method => "mustache",
handle => "mysql_cfg_created",
# depends_on => {"mysql_db_installed"},
depends_on => {"mysql_cfg_dir_created"},
classes => if_repaired("mysql_repaired");
methods:
"any" usebundle => wmde_install_packages(@(mysql.pkg),"mysql"),
depends_on => { "mysql_cfg_created" };
depends_on => { "mysql_cfg_created"};
services:
"$(service_name)"
@ -53,10 +63,19 @@ services:
service_policy => "restart",
depends_on => {"mysql_running","mysql_cfg_created"};
reports:
}
bundle agent install_mysql_client
{
methods:
"any" usebundle => wmde_install_packages(@(mysql.client_pkgs),"mysql_client"),
handle => "mysql_client_installed";
}
body contain mysql_cmd
{
useshell=>"useshell";
@ -81,15 +100,6 @@ vars:
"classname" string => "mysql_$(dbdef[db_name])_$(table_name)_exists";
"cmd" string => 'if mysql $(xargs) -e "show tables LIKE \'$(table_name)\'" $(dbdef[db_name]) | grep -q \'$(table_name)\'; then echo "+$(classname)"; else echo "-$(classname)"; fi';
#"cmd" string => '"if mysql -e \\\"show tables"';
# "cmdfile" string => hash("$cmd)","sha256");
#files:
# "/tmp/$(cmdfile)"
# create => "true",
# content => "$(cmd)",
# handle => "mysql_$(cmdfile)_created";
commands:
"$(cmd)"
@ -98,9 +108,59 @@ commands:
module => "true";
reports:
# "CMD: $(cmd)";
}
bundle agent mysql_backup_all(cfg)
{
vars:
"cmd" string => '$(mysql.mysql_cmd) -N -e \'show databases\' | while read dbname; do $(mysql.mysqldump_cmd) --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M "$dbname" > $(cfg[backup_dir])/"$dbname".sql; done';
reports:
# "CMD: $(cmd)";
}
bundle agent mysql_backup_db(cfg,file)
{
vars:
"table_exists_cmd" string => '$(mysql.mysql_cmd) -e "show tables LIKE \'$(table_name)\'" $(cdfg[db_name]) | grep -q $(table_name)';
"cmd" string => "$(mysql.mysqldump_cmd) --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)";
}
bundle agent create_mysql_backup_cron_job(cfg,file,table_name,run)
{
classes:
"create_cron" expression => strcmp("$(run)","true");
vars:
"table_exists_cmd" string => '$(mysql.mysql_cmd) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) -e "show tables LIKE \'$(table_name)\'" $(cfg[db_name]) | grep -q $(table_name)';
"backup_cmd" string => "$(mysql.mysqldump_cmd) --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M -h$(cfg[db_host]) -u$(cfg[db_user]) -p$(cfg[db_pass]) $(cfg[db_name]) >$(file)";
files:
!create_cron::
"/etc/cron.d/$(cfg[db_name])"
delete=>tidy;
create_cron::
"/etc/cron.d/$(cfg[db_name])"
perms => m("644"),
create => "true",
content => "
#
# /etc/cron.d/roundcube
#
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 * * * * root $(table_exists_cmd) && $(backup_cmd)
";
}
bundle agent create_mysql_db(cfg)
{
@ -118,7 +178,5 @@ commands:
args => "$(args)",
inform => "false";
#mysql -u <username> -p -e "USE <database_name>;" && mysql -u <username> -p -e "SHOW TABLES LIKE '<table_name>';" | grep -q '<table_name>' && exit 0 || exit 1
reports:
}

8
php.cf
View File

@ -38,7 +38,13 @@ vars:
"php$(version)-mysql",
"php-json",
"php$(version)-xml",
"php-gd"
"php-gd",
"php-mbstring",
"php-intl",
"php-curl",
"php-imagick",
"php-ldap",
};
ubuntu::
"pkgs" slist => {

View File

@ -9,7 +9,7 @@ vars:
"local.d/milter_headers.conf",
# "local.d/actions.conf",
"local.d/worker-normal.inc",
# "local.d/worker-proxy.inc",
"local.d/worker-proxy.inc",
# "local.d/worker-controller.inc",
# "local.d/classifier-bayes.conf",
# "local.d/worker-fuzzy.inc",
@ -29,53 +29,28 @@ vars:
"service_name" string => "rspamd";
"root_user" string => "root";
"root_group" string => "root";
packages:
freebsd::
"$(rspamd.pkgs)"
policy => "present",
package_module => pkg,
handle => "rspamd_pkg_installed",
classes => if_repaired(rspamd_changed);
debian::
"$(rspamd.pkgs)"
policy => "present",
package_module => apt_get,
handle => "rspamd_pkg_installed",
classes => if_repaired(rspamd_changed);
fedora|centos::
"$(rspamd.pkgs)"
policy => "present",
package_module => yum,
handle => "rspamd_pkg_installed",
classes => if_repaired(rspamd_changed);
methods:
"any" usebundle => wmde_install_packages(@(pkgs),"rspamd");
"any" usebundle => wmde_service("$(service_name)","rspamd_kept","rspamd_repaired"),
depends_on => {"rspamd_cfgs_done"};
files:
"$(cfg_dir)/."
perms => uperm("$(root_user)","$(root_group)","755"),
depends_on => { "rspamd_pkg_installed" },
depends_on => { "rspamd_pkgs_installed" },
handle => "rspamd_cfg_dir_created";
"$(cfg_dir)/$(cfgfiles)"
create => "true",
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/rspamd/$(cfgfiles).mustache",
template_method => "mustache",
perms => uperm("$(root_user)","$(root_group)","644"),
perms => m("644"),
template_data => bundlestate("$(this.bundle)"),
depends_on => { "rspamd_pkg_installed","rspamd_cfg_dir_created" },
classes => if_repaired(rspamd_restart),
depends_on => { "rspamd_pkgs_installed","rspamd_cfg_dir_created" },
classes => if_repaired(rspamd_repaired),
handle => "rspamd_cfgs_done";
services:
"$(service_name)"
service_policy => "start",
depends_on => { "rspamd_cfgs_done" },
handle => "rspamd_running";
rspamd_restart::
"$(service_name)"
service_policy => "restart",
depends_on => { "rspamd_running", "rspamd_cfgs_done"};
reports:
# "RSPAMD: $(cfgjs)";
# "RSJ: $(worker_normalx)";

View File

@ -30,12 +30,25 @@ protocol imap {
ssl_cert = <{{vars.dovecot.imap_cert}}
ssl_key = <{{vars.dovecot.imap_key}}
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
}
protocol submission {
ssl_cert = <{{vars.dovecot.submission_cert}}
ssl_key = <{{vars.dovecot.submission_key}}
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
}
@ -55,5 +68,18 @@ passdb {
}
{{/vars.dovecot.cfg.passdbs}}
{{#vars.dovecot.cfg.services}}
#
# {{comment}}
#
service {{@}} {
{{{raw}}}
}
{{/vars.dovecot.cfg.services}}
{{vars.dovecot.cfg.raw}}

View File

@ -3,7 +3,7 @@
#
[client-server]
port = {{vars.mysql.port}}
port = {{vars.cfg.mysql.port}}
socket = /run/mysqld/mysqld.sock
#[mysql]
@ -11,10 +11,10 @@ socket = /run/mysqld/mysqld.sock
#no_auto_rehash
[mysqld]
log-error =/var/log/mysql/mysqld.log
user = {{vars.mysql.user}}
port = {{vars.mysql.port}}
bind-address = 127.0.0.1
#log-error =/var/log/mysql/mysqld.log
user = {{vars.mysql.cfg.user}}
port = {{vars.mysql.cfg.port}}
bind-address = {{vars.mysql.cfg.bind_address}}
lower_case_table_names = 1

View File

@ -1,5 +1,5 @@
#
# Managed by CFEngine
#
{{cfg.worker_normal}}
{{{cfg.worker_normal}}}

View File

@ -4,11 +4,13 @@
bundle agent vimbadmin(cfg)
{
classes:
"vimbadmin_restore_db_file" expression => isvariable("cfg[restore_db_file]");
vimbadmin_restore_db_file::
"vimbadmin_restore_db" expression => fileexists("$(cfg[restore_db_file])");
vars:
"r" int => randomint(1,5),
handle => "rand_assigned";
"vsettings[resources.doctrine2.connection.options.driver]" string => "'$(cfg[db_driver])'";
"vsettings[resources.doctrine2.connection.options.dbname]" string => "'$(cfg[db_name])'";
"vsettings[resources.doctrine2.connection.options.user]" string => "'$(cfg[db_user])'";
@ -88,9 +90,15 @@ files:
commands:
"!mysql_$(cfg[db_name])_admin_exists"::
"(!mysql_$(cfg[db_name])_admin_exists)&(!vimbadmin_restore_db)"::
"cd $(cfg[install_dir]) && ./bin/doctrine2-cli.php orm:schema-tool:create "
contain => wmde_cmd_useshell,
handle => "vimbadmin_db_initialized",
depends_on => {"vimbadmin_appini_edited"};
"(!mysql_$(cfg[db_name])_admin_exists)&vimbadmin_restore_db"::
"mysql -u $(cfg[db_user]) -p$(cfg[db_pass]) -h$(cfg[db_host]) $(cfg[db_name]) < $(cfg[restore_db_file])"
contain => wmde_cmd_useshell,
depends_on => {"vimbadmin_appini_edited"};
@ -121,6 +129,16 @@ methods:
"any" usebundle => mysql_table_exists(@(cfg),"admin");
reports:
# "VIMBADMIN $(cfg[restore_db_file])";
# "vimbadmin_restore_db_file"::
# "RESTORE_DB_FILE";
# "vimbadmin_restore_db"::
# "RESTORE_DB";
# "(!mysql_$(cfg[db_name])_admin_exists)&vimbadmin_restore_db"::
# "Should restore db";
}