From 3dad908f71f6dd80bfaa52f25116a2fd9436c474 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Oliver=20B=C3=B6ttcher?= Date: Tue, 24 Oct 2017 16:05:06 +0200 Subject: [PATCH] spk-spar-checker - changed tier --- customer/spk-spar-checker/dev_mysql57.yaml | 222 +++++++++++++++++++++ 1 file changed, 222 insertions(+) create mode 100644 customer/spk-spar-checker/dev_mysql57.yaml diff --git a/customer/spk-spar-checker/dev_mysql57.yaml b/customer/spk-spar-checker/dev_mysql57.yaml new file mode 100644 index 00000000..87e351ba --- /dev/null +++ b/customer/spk-spar-checker/dev_mysql57.yaml @@ -0,0 +1,222 @@ +--- +mysql::client::package_name: "mysql-community-client" # required forproper MySQL installation +mysql::server::package_name: "mysql-community-server" # required forproper MySQL installation +mysql::server::service_name: "mysqld" +mysql::server::users: + 'replication@%': + password_hash: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQqb00kdh1x/DxMgkawRvI1jSHD3lG2HZgn6DPPH831pSJ9lnm1SnqlxCxU526CyCVE6Q9cNZgsaPatu6FWdOUl1WA26Yutbh2UOhU47olweRLAOv83dtiuADQLgqgp8MMcuIC2X9DVSjFA/tL2ucvdyZp5oUqYQrS9CKyDsmr185N+WjFXwhZOH3foI8PrVXe5xJMmUhWf8gFCVQee9kvmXQfd4ezyZ4OPOWt1yASaPS8xpPDK+zmu/QizydsK2Rs6xSzGpPyccU80Dw3bomjd4lM98gct58kVe0Eoqg3wOwsb662Flovh9EUULX0OnEIkV5Vi0KYDnO0yfZhVhdmTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBQVMrKiYncTWVRLcBbteVLgDAhIH+adP9NcucM5xOEUvOKrCOHeT6q4hSqWc0XxrU59nsRd9Wwk5+O2DmfMcOKpOg=] +mysql::server::grants: + 'replication@%/*.*': + options: 'GRANT' + privileges: 'REPLICATION SLAVE' + table: '*.*' + user: 'replication@%' + +mysql::server::root_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEALXSUFrj+9Yn41vRBaqpFmKj/Ojh1QBDIx2WG1nnOtJewSCUuLrbUCfCcrRWchmcYFEj0tIUGDlBeGaAD6cxYeFiQCK9WpeA5hd+FV/gXSSLah4Q2wz6ZOXXLdIT270sEMKGJONL/VYUkSrdT1h+y8KIwULbRvAYSBdXL0FUoIrVBxRt1thr+y/4K/E3xySrX0FsKjNpln0icC5Zt4TRE1fxrChOA7LKhVZBp05Iw7WH5t6txpOOZbH6cItsvGUnt3aXbSSiFu+060pEk7w5m82U/437iL40SJ615dK+i52Oh+LUinX5yV6T8c47mQlsJ/k6wvGY3rX523aFg1XliYzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDYtJJFNWMMYRepy/tOaNXfgCB9KykOY5UfcO9W7RJIyIVDMzzIKbQBK3Tr86RkUMmAQw==] +mysql::server::backup::backuppassword: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAqsIvptOejYWCbmnvN32J+mJCPEQBTI0b1wsgv72AWuANa9QpzMiH3d0odQgVAhtu55WS0VHcwA/OMhDmWT+dUJE9QkDJFVpZ+n9o1fX8A0atoTVHcjV+ki2zwGroX8mBZ1Y/VmtjjJB32MCixhE/uhS/OvO1TD/h0spmXXsSLPLK30ulAgN+DGHlyEYx69zGEoF+WU+rVrciFpBoITUIcYKmnQBrQtqi01gJB1mNqIsIyRESnp8ff8LIs54xhw5K9aU4qiNP/z/kmAUZJCq5Ja8YO5nf5e1euWaj0m4Il2k8/dK+Pvw0R/I8joyYKqir9+kwpvFKkGWODMzwzrII3TBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAQamIzsiqRLZgEEefoXwNgCD83OhZVENssIJdHTAtRlPH9sIxdRIYb19K6x4J3xqnpQ==] +infra::profile::mysql_server::databases: + sparchecker: + user: sparchecker + password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAlFBo9m24b1s+5POY1NpLub6ANKSbMTf01R1sZe9DnTwVdmkTEyj7r0P81uGWWY5WKujZReDAPRdX/iuB4GKLoljLWKN+IWQTEyQAjFjXNVL6RtgvJo0sC39lmyGgXIB6IIe9Xtd6SaTqRe3vUzMng/7CnKOEk9tYXgXsTbijl/uYMszw4YUgplvpwAzyv+Lv7CxlffZH/7Ou4Bk0OAc0q+0LEaFexGOBIcLZEIQpxZXhfBC0yIIWz5+8tjS9EEH/2jqQsDBQ/kRw96/XATFWt6RUKqZv1HcfV+6sC2UEYO9tGO/ddYkxkLWkhGj6ULGwp+x+ptAoDkjekvyysUcIPTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAbiUd/8GpurGb6nIzhnlddgCC/4uhG6TQLtJp0pMb1kCRjJVtAKWvAEJ1EngZSS+lQDA==] + +infra::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAgaTs4v4M186pjYjcjEILHFMVdtz4n5FcysRYDbQQC27Ktcb3XEy7+lDAgnCuh5A2+uQgO5UxdUJQ+DTwvBiV7/3e4ZYSpfcOCmLqYz7GVCM3YottvVDDlG9q4w8QG/Zzakx8qFrrr7QC3VppG+X7Dm7e+Lb5lIk33MQ8Az5OOb9V6wnlObjhN7D1vkaMJP/LzTSdjfuMe0MSUCx+kT6Ckillq06gpW8J/4edrXYxrkmrYKOoUR1kSlXc48o1vClPw29qV3OIoOQAaLUFPKD7QtbGaCMWgQno3dRDyxkrhVuvrRl6SG9ozuEpnpbDe1TvH78rt3J6/RH1Kl3ahvWlozA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCttcrRUdZhsD+WuxTDqCdygBBqwtCddXMlVvPshhYJQZjB] + +infra::profile::apache::pp_vhosts: + sparchecker: + docroot: /var/www/spar-checker/sparchecker-frontend + servername: spar-checker.stage.sparkassen-finanzportal.de + serveraliases: + - stage-spar-checker-de.pixelpark.net + - stage-web01-spar-checker-de.pixelpark.net + - stage-web02-spar-checker-de.pixelpark.net + - www.spar-checker.stage.sparkassen-finanzportal.de + ssl: false + docroot_owner: deploy.spk + docroot_group: apache + docroot_mode: '0750' + access_log_format: lb_combined + headers: + - 'always set X-XSS-Protection "1; mode=block"' + - 'always set X-Frame-Options "SAMEORIGIN"' + - 'always set X-Content-Type-Options "nosniff"' + - 'always set Strict-Transport-Security: "max-age=15768001"' + - 'always set Referrer-Policy "origin"' + - "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\"" + + aliases: + - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api } + - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp } + setenv: + - 'APPLICATION_ENV production' + setenvif: + - 'HTTPS on X-Forwarded-Proto=https' + - 'HTTPS on HTTPS=on' + - 'X-Forwarded-For 80.146.239.2 admin_ip_range' + - 'X-Forwarded-For 109.86.229.215 admin_ip_range' + - 'X-Forwarded-For 130.180.83.190 admin_ip_range' + - 'X-Forwarded-For 195.69.134.114 admin_ip_range' + - 'X-Forwarded-For 62.181.145.202 admin_ip_range' + - 'X-Forwarded-For 195.140.123 admin_ip_range' + - 'X-Forwarded-For 195.140.44 admin_ip_range' + - 'X-Forwarded-For 62.181.145 admin_ip_range' + - 'X-Forwarded-For 62.181.146 admin_ip_range' + - 'X-Forwarded-For 192.168.15.1[6789] self_ip_range' + + error_documents: + - { error_code: 401 , document: "/401.html" } + - { error_code: 403 , document: "/403.html" } + - { error_code: 404 , document: "/404.html" } + - { error_code: 500 , document: "/500.html" } + directories: + - provider: directory + path: '/var/www/spar-checker/sparchecker-frontend/' + options: + - FollowSymLinks + allow_override: + - None + directoryindex: 'index.html' + custom_fragment: | + AddType text/plain .tmpl + ExpiresActive On + ExpiresDefault A0 + + ExpiresDefault A0 + Header set Cache-Control "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform" + Header set Pragma "no-cache" + + + rewrites: + - comment: 'frontend root rewrite' + rewrite_cond: + - '%%{ich-trickse}{REQUEST_URI} ^/$' + rewrite_rule: + - '.* /index.html [END]' + - comment: 'frontend rewrites' + rewrite_rule: + - '^code/(modernizr-custom|spar-checker-min|selection)-v[0-9]{1,4}\.(js|css|json)$ /code/$1.$2 [END]' + - '^code/(modernizr-custom.js|spar-checker-min.css|spar-checker-min.js|selection.json)$ - [L]' + - '^media/(.*)-v[0-9]{1,4}\.(svg|jpg|png|gif)$ /media/$1.$2 [END]' + - '^media/(.*)\.(svg|jpg|png|gif)$ - [L]' + - '^code/(.*)-v[0-9]{1,4}\.(tmpl|eot|svg|ttf|woff|woff2)$ /code/$1.$2 [END]' + - '^code/.*\.(tmpl|eot|svg|ttf|woff|woff2)$ - [L]' + - '^((401|403|404|500)\.html)$ - [L]' + - '^(favicon-[0-9]{2}.ico)$ - [L]' + - '^(favicon-[0-9]{2}x[0-9]{2}.png)$ - [L]' + - '^(favicon.ico)$ - [L]' + - '^(sitemap.xml)$ - [L]' + - '^(robots.txt)$ - [L]' + - '^(manifest.json)$ - [L]' + - '^(browserconfig.xml)$ - [L]' + - '^(android-chrome-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]' + - '^(apple-touch-icon-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]' + - '^(apple-touch-icon-precompose.png)$ - [L]' + - '^(apple-touch-icon.png)$ - [L]' + - '^(mstile-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]' + - '^(opera_160.png)$ - [L]' + - '.* /404.html [R=404,L]' + + - provider: location + path: '/' + limit_except: + - { methods: "GET HEAD POST" , require: "all denied" } + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + require: + enforce: any + requires: + - 'valid-user' + - 'env self_ip_range' + - 'env admin_ip_range' + - provider: location + path: '/sfp' + auth_type: Digest + auth_name: 'server' + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + require: + enforce: all + requires: + - 'valid-user' + - 'env admin_ip_range' + - provider: directory + path: '/var/www/spar-checker/sparchecker-backend/public/sfp/' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + allow_override: + - None + directoryindex: 'index.php' + rewrites: + - comment: 'sfp rewrites' + rewrite_rule: + - 'code/.*(css|js|eot|index.php|svg|ttf|woff|woff2)$ - [L]' + - '.* /sfp/index.php [END]' + + - provider: directory + path: '/var/www/spar-checker/sparchecker-backend/public/api/' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + allow_override: + - None + directoryindex: 'index.php' + rewrites: + - comment: 'api rewrites' + rewrite_rule: + - '^v1/[/[:alnum:]]{2,30}$ /api/index.php [END]' + - '.* /404.html [R=404,L]' + + - provider: filesmatch + path: '\.(ttf|otf|eot|woff|woff2)$' + headers: + - 'always set Access-Control-Allow-Origin "*"' + + rewrites: + - comment: 'http to https' + rewrite_cond: + - '%%{ich-trickse}{HTTP:HTTPS} !=on' + rewrite_rule: + - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]' + - comment: 'Alle Aliase auf Servername' + rewrite_cond: + - '%%{ich-trickse}{HTTP_HOST} !^stage-spar-checker-de.pixelpark.net$ [NC]' + rewrite_rule: + - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]' + +infra::profile::cron::cronjobs: + clear_tokens: + ensure: 'present' + user: apache + command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php tokens-clear >>$LOG 2>&1' + minute: '*/30' + hour: '*' + environment: + - 'APPLICATION_ENV=production' + - 'LOG=/var/www/log/cron/clear.token.log' + description: clear tokens + ping_api: + ensure: 'present' + user: apache + command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php api-pinger >>$LOG 2>&1' + minute: '*/5' + hour: '*' + environment: + - 'APPLICATION_ENV=production' + - 'LOG=/var/www/log/cron/ping.api.log' + description: ping api + # 8x5-it@sparkassen-finanzportal.de + send_logs_via_email: + ensure: 'present' + user: root + command: '/var/www/cgi-bin/send_logs_via_email.sh' + minute: '0' + hour: '8' + description: send webserver logs via email -- 2.39.5