diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..16c1a1f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*DS_Store* diff --git a/README.md b/README.md index d3b17d5..1eaddfa 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ kalabox ======= -Local development environment for drupal \ No newline at end of file +Local development environment for drupal diff --git a/manifests/site.pp b/manifests/site.pp new file mode 100755 index 0000000..583426a --- /dev/null +++ b/manifests/site.pp @@ -0,0 +1,31 @@ +node "default" { + # set a static ip for our webserver + # NOT DOING THIS YET + # + # network::interface { box: + # style => webserver, + # } + + # initialize core packages + include network + include puppet + include ssh + include git + include samba + + # initialize LEMP stack + include phpfpm + phpfpm::nginx::kalabox { "default": + server_name => "kala", + root => "/var/www", + } + include mysql + + # initialize bonus shit + include solr + include drush + include phpmyadmin + + # build basic drupal site + # drupal::site { basic } +} diff --git a/modules/drush/manifests/init.pp b/modules/drush/manifests/init.pp new file mode 100644 index 0000000..382f813 --- /dev/null +++ b/modules/drush/manifests/init.pp @@ -0,0 +1,4 @@ + +class drush { + include drush::install +} \ No newline at end of file diff --git a/modules/drush/manifests/install.pp b/modules/drush/manifests/install.pp new file mode 100644 index 0000000..b5f2df4 --- /dev/null +++ b/modules/drush/manifests/install.pp @@ -0,0 +1,7 @@ + +class drush::install { + + package { "drush": + ensure => latest, + } +} \ No newline at end of file diff --git a/modules/git/manifests/init.pp b/modules/git/manifests/init.pp new file mode 100644 index 0000000..2f8051d --- /dev/null +++ b/modules/git/manifests/init.pp @@ -0,0 +1,9 @@ + +class git { + + include git::params + + package { $git::params::packages: + ensure => present, + } +} diff --git a/modules/git/manifests/params.pp b/modules/git/manifests/params.pp new file mode 100644 index 0000000..227c46e --- /dev/null +++ b/modules/git/manifests/params.pp @@ -0,0 +1,4 @@ + +class git::params { + $packages = "git-core" +} diff --git a/modules/mysql/manifests/client.pp b/modules/mysql/manifests/client.pp new file mode 100644 index 0000000..ec8d9be --- /dev/null +++ b/modules/mysql/manifests/client.pp @@ -0,0 +1,10 @@ + +class mysql::client::install { + package { "mysql-client": + ensure => present, + } +} + +class mysql::client { + include mysql::client::install +} diff --git a/modules/mysql/manifests/init.pp b/modules/mysql/manifests/init.pp new file mode 100644 index 0000000..a084ca3 --- /dev/null +++ b/modules/mysql/manifests/init.pp @@ -0,0 +1,4 @@ + +class mysql { + include mysql::server +} \ No newline at end of file diff --git a/modules/mysql/manifests/my.pp b/modules/mysql/manifests/my.pp new file mode 100644 index 0000000..775a574 --- /dev/null +++ b/modules/mysql/manifests/my.pp @@ -0,0 +1,43 @@ + +define mysql::my ( + # basic settings + $path = "/etc/mysql/my.cnf", + $port = 3306, + $socket = "/var/run/mysqld/mysqld.sock", + $user = "mysql", + $default_storage_engine = "innodb", + + # fine tuning + $key_buffer = "384M", + $max_allowed_packet = "32M", + $thread_stack = "400K", + $thread_cache_size = "8", + $read_rnd_buffer_size = "8M", + $myisam_sort_buffer_size = "64M", + $table_open_cache = "512", + $sort_buffer_size = "2M", + $read_buffer_size = "2M", + + # query cache config + $query_cache_limit = "1M", + $query_cache_size = "64M", + + # innodb + $innodb_flush_log_at_trx_commit = "0", + + # mysqldump + $msd_max_allowed_packet = "32M", + + #isamchk + $ikey_buffer_size = "256M", + $isort_buffer_size = "256M", + $iread_buffer = "2M", + $iwrite_buffer = "2M", +) { + + file { + "${path}": + path => "${path}", + content => template("mysql/my.cnf.erb"), + } +} \ No newline at end of file diff --git a/modules/mysql/manifests/server.pp b/modules/mysql/manifests/server.pp new file mode 100644 index 0000000..4780bf1 --- /dev/null +++ b/modules/mysql/manifests/server.pp @@ -0,0 +1,4 @@ + +class mysql::server { + include mysql::server::install, mysql::server::config, mysql::server::service +} \ No newline at end of file diff --git a/modules/mysql/manifests/server/config.pp b/modules/mysql/manifests/server/config.pp new file mode 100644 index 0000000..0a726ba --- /dev/null +++ b/modules/mysql/manifests/server/config.pp @@ -0,0 +1,10 @@ + +class mysql::server::config { + + mysql::my { "my.cnf": + path => "/etc/mysql/my.cnf", + require => Class["mysql::server::install"], + notify => Class["mysql::server::service"], + } + +} \ No newline at end of file diff --git a/modules/mysql/manifests/server/db.pp b/modules/mysql/manifests/server/db.pp new file mode 100644 index 0000000..27b3e2a --- /dev/null +++ b/modules/mysql/manifests/server/db.pp @@ -0,0 +1,9 @@ + +define mysql::server::db($username, $password, $host = 'localhost') { + $root_password = $mysql::server::install::password + exec { "create-${name}-db": + unless => "/usr/bin/mysql -u${username} -p${password} ${name}", + command => "/usr/bin/mysql -uroot -p${root_password} -e \"create database ${name}; grant all on ${name}.* to ${username}@${host} identified by '$password';\"", + require => Class['mysql::server::service'], + } +} diff --git a/modules/mysql/manifests/server/install.pp b/modules/mysql/manifests/server/install.pp new file mode 100644 index 0000000..000c6f8 --- /dev/null +++ b/modules/mysql/manifests/server/install.pp @@ -0,0 +1,20 @@ + +class mysql::server::install { + $password = "password" + + package { "mysql-server": + ensure => present + } + + phpfpm::extension { "php5-mysql": } + + exec { "Set MySQL server root password": + subscribe => Package["mysql-server"], + refreshonly => true, + unless => "mysqladmin -uroot -p$password status", + path => "/bin:/usr/bin", + command => "mysqladmin -uroot password $password", + } + + +} \ No newline at end of file diff --git a/modules/mysql/manifests/server/service.pp b/modules/mysql/manifests/server/service.pp new file mode 100644 index 0000000..b2477c6 --- /dev/null +++ b/modules/mysql/manifests/server/service.pp @@ -0,0 +1,11 @@ + +class mysql::server::service { + service { "mysql-server": + ensure => running, + name => "mysql", + hasstatus => true, + hasrestart => true, + enable => true, + require => Class["mysql::server::install"], + } +} diff --git a/modules/mysql/templates/my.cnf.erb b/modules/mysql/templates/my.cnf.erb new file mode 100644 index 0000000..ff72851 --- /dev/null +++ b/modules/mysql/templates/my.cnf.erb @@ -0,0 +1,147 @@ +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# escpecially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. +[client] +port = <%= port %> +socket = <%= socket %> + +# Here is entries for some specific programs +# The following values assume you have at least 32M ram + +# This was formally known as [safe_mysqld]. Both versions are currently parsed. +[mysqld_safe] +socket = <%= socket %> +nice = 0 + +[mysqld] +# +# * Basic Settings +# +user = <%= user %> +pid-file = /var/run/mysqld/mysqld.pid +socket = <%= socket %> +port = <%= port %> +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking +default-storage-engine = <%= default_storage_engine %> + +# +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +bind-address = 127.0.0.1 +# +# * Fine Tuning +# +key_buffer = <%= key_buffer %> +max_allowed_packet = <%= max_allowed_packet %> +thread_stack = <%= thread_stack %> +thread_cache_size = <%= thread_cache_size %> +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +myisam-recover = BACKUP +#max_connections = 100 +#table_cache = 64 +#thread_concurrency = 10 +read_rnd_buffer_size = <%= read_rnd_buffer_size %> +myisam_sort_buffer_size = <%= myisam_sort_buffer_size %> +table_open_cache = <%= table_open_cache %> +sort_buffer_size = <%= sort_buffer_size %> +read_buffer_size = <%= read_buffer_size %> +# +# * Query Cache Configuration +# +query_cache_limit = <%= query_cache_limit %> +query_cache_size = <%= query_cache_size %> +# +# * Logging and Replication +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +# As of 5.1 you can enable the log at runtime! +#general_log_file = /var/log/mysql/mysql.log +#general_log = 1 +# +# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. +# +# Here you can see queries with especially long duration +#log_slow_queries = /var/log/mysql/mysql-slow.log +#long_query_time = 2 +#log-queries-not-using-indexes +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +#server-id = 1 +#log_bin = /var/log/mysql/mysql-bin.log +expire_logs_days = 10 +max_binlog_size = 100M +#binlog_do_db = include_database_name +#binlog_ignore_db = include_database_name +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! +# +# Uncomment the following if you are using InnoDB tables +#innodb_data_file_path = ibdata1:2000M;ibdata2:10M:autoextend +#innodb_log_group_home_dir = C:\mysql\data/ +# You can set .._buffer_pool_size up to 50 - 80 % +# of RAM but beware of setting memory usage too high +#innodb_buffer_pool_size = 384M +#innodb_additional_mem_pool_size = 20M +# Set .._log_file_size to 25 % of buffer pool size +#innodb_log_file_size = 100M +#innodb_log_buffer_size = 8M +innodb_flush_log_at_trx_commit = <%= innodb_flush_log_at_trx_commit %> +#innodb_lock_wait_timeout = 50 +# +# * Security Features +# +# Read the manual, too, if you want chroot! +# chroot = /var/lib/mysql/ +# +# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". +# +# ssl-ca=/etc/mysql/cacert.pem +# ssl-cert=/etc/mysql/server-cert.pem +# ssl-key=/etc/mysql/server-key.pem + +[mysqldump] +quick +quote-names +max_allowed_packet = <%= msd_max_allowed_packet %> + +[mysql] +#no-auto-rehash # faster start of mysql but no tab completition + +[isamchk] +key_buffer = <%= key_buffer %> +key_buffer_size = <%= ikey_buffer_size %> +sort_buffer_size = <%= isort_buffer_size %> +read_buffer = <%= iread_buffer %> +write_buffer = <%= iwrite_buffer %> + +# +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# +!includedir /etc/mysql/conf.d/ diff --git a/modules/network/manifests/config.pp b/modules/network/manifests/config.pp new file mode 100644 index 0000000..bf14236 --- /dev/null +++ b/modules/network/manifests/config.pp @@ -0,0 +1,10 @@ + +class network::config { + + file { "/etc/hosts" : + ensure => present, + content => template("network/hosts.erb"), + owner => "root", + group => "root", + } +} \ No newline at end of file diff --git a/modules/network/manifests/init.pp b/modules/network/manifests/init.pp new file mode 100644 index 0000000..1ff3d62 --- /dev/null +++ b/modules/network/manifests/init.pp @@ -0,0 +1,4 @@ + +class network { + include network::config +} \ No newline at end of file diff --git a/modules/network/manifests/interface.pp b/modules/network/manifests/interface.pp new file mode 100644 index 0000000..ebe8f3d --- /dev/null +++ b/modules/network/manifests/interface.pp @@ -0,0 +1,12 @@ +define network::interface ( + $style, + $ip = $::ipaddress, + $gateway = $::netmask) { + + file { "/etc/network/interfaces": + owner => root, + group => root, + mode => 644, + content => template("network/${style}") + } +} diff --git a/modules/network/templates/hosts.erb b/modules/network/templates/hosts.erb new file mode 100644 index 0000000..1d09f11 --- /dev/null +++ b/modules/network/templates/hosts.erb @@ -0,0 +1,9 @@ +127.0.0.1 localhost kala +127.0.1.1 <%= scope.lookupvar('hostname') %> + +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters \ No newline at end of file diff --git a/modules/network/templates/webserver b/modules/network/templates/webserver new file mode 100644 index 0000000..26bc0c8 --- /dev/null +++ b/modules/network/templates/webserver @@ -0,0 +1,17 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto eth0 +iface eth0 inet static + address <%= ip %> + netmask 255.255.255.0 + gateway <%= gateway %> + bridge_stp on + bridge_ports eth0 eth1 + bridge_bridgeprio 60000 + bridge_maxwait 30 \ No newline at end of file diff --git a/modules/nginx/manifests/init.pp b/modules/nginx/manifests/init.pp new file mode 100644 index 0000000..bc84557 --- /dev/null +++ b/modules/nginx/manifests/init.pp @@ -0,0 +1,6 @@ + +class nginx { + + include nginx::install, nginx::service + +} \ No newline at end of file diff --git a/modules/nginx/manifests/install.pp b/modules/nginx/manifests/install.pp new file mode 100644 index 0000000..7287d5f --- /dev/null +++ b/modules/nginx/manifests/install.pp @@ -0,0 +1,8 @@ + +class nginx::install { + + package { "nginx": + ensure => installed, + } + +} \ No newline at end of file diff --git a/modules/nginx/manifests/service.pp b/modules/nginx/manifests/service.pp new file mode 100644 index 0000000..f961250 --- /dev/null +++ b/modules/nginx/manifests/service.pp @@ -0,0 +1,9 @@ + +class nginx::service ($ensure = "running") { + + service { "nginx": + ensure => $ensure, + require => Class["nginx::install"], + } + +} \ No newline at end of file diff --git a/modules/nginx/manifests/vhost.pp b/modules/nginx/manifests/vhost.pp new file mode 100644 index 0000000..15ae623 --- /dev/null +++ b/modules/nginx/manifests/vhost.pp @@ -0,0 +1,22 @@ + +define nginx::vhost ( + $vhost = $title, + $root = "/var/www", + $server_name = "_", +) { + + file { "/etc/nginx/sites-available/${vhost}": + ensure => file, + content => template("nginx/vhost.conf.erb"), + require => [ + File["/etc/nginx/sites-enabled/${vhost}"], + ], + notify => Class["nginx::service"], + } + + file { "/etc/nginx/sites-enabled/${vhost}": + ensure => link, + target => "/etc/nginx/sites-available/${vhost}", + require => Class["nginx::install"], + } +} \ No newline at end of file diff --git a/modules/nginx/templates/vhost.conf.erb b/modules/nginx/templates/vhost.conf.erb new file mode 100644 index 0000000..3c33304 --- /dev/null +++ b/modules/nginx/templates/vhost.conf.erb @@ -0,0 +1,8 @@ +server { + server_name <%= server_name %>; + root <%= root %>; + + <% if server_name === '_' %> + server_name_in_redirect off; + <% end %> +} \ No newline at end of file diff --git a/modules/php5/manifests/config.pp b/modules/php5/manifests/config.pp new file mode 100644 index 0000000..a83b714 --- /dev/null +++ b/modules/php5/manifests/config.pp @@ -0,0 +1,20 @@ + +class php5::config { + + php5::ini { "cli": + path => "/etc/php5/cli/php.ini", + disable_functions => "", + max_execution_time => 0, + max_input_time => -1, + memory_limit => -1, + error_reporting => "E_ALL & ~E_DEPRECATED", + display_errors => "Off", + track_errors => "Off", + html_errors => "Off", + error_log => "/var/log/php_cli_errors.log", + post_max_size => "200M", + upload_max_filesize => "200M", + require => Class["php5::install"], + } + +} \ No newline at end of file diff --git a/modules/php5/manifests/ini.pp b/modules/php5/manifests/ini.pp new file mode 100644 index 0000000..d7133e4 --- /dev/null +++ b/modules/php5/manifests/ini.pp @@ -0,0 +1,22 @@ + +define php5::ini ( + $path = "/etc/php.ini", + $disable_functions = "pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,", + $max_execution_time = 30, + $max_input_time = 60, + $memory_limit = "512M", + $error_reporting = "E_ALL | E_STRICT", + $display_errors = "On", + $track_errors = "On", + $html_errors = "On", + $error_log = "/var/log/php_errors.l#og", + $post_max_size = "200M", + $upload_max_filesize = "200M", +) { + + file { + "${path}": + path => "${path}", + content => template("php5/php.ini.erb"), + } +} \ No newline at end of file diff --git a/modules/php5/manifests/init.pp b/modules/php5/manifests/init.pp new file mode 100644 index 0000000..fa92c66 --- /dev/null +++ b/modules/php5/manifests/init.pp @@ -0,0 +1,6 @@ + +class php5 { + + include php5::install, php5::config + +} diff --git a/modules/php5/manifests/install.pp b/modules/php5/manifests/install.pp new file mode 100644 index 0000000..8d39114 --- /dev/null +++ b/modules/php5/manifests/install.pp @@ -0,0 +1,8 @@ + +class php5::install { + + package { "php5-cli": + ensure => installed, + } + +} diff --git a/modules/php5/templates/php.ini.erb b/modules/php5/templates/php.ini.erb new file mode 100644 index 0000000..6de5b2f --- /dev/null +++ b/modules/php5/templates/php.ini.erb @@ -0,0 +1,1852 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. (As of PHP 5.2.0) +; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (C:\windows or C:\winnt) +; See the PHP docs for more specific information. +; http://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and Lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; http://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security conscience applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it's +; much more verbose when it comes to errors. We recommending using the +; development version only in development environments as errors shown to +; application users can inadvertently leak otherwise secure information. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; allow_call_time_pass_reference +; Default Value: On +; Development Value: Off +; Production Value: Off + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL & ~E_NOTICE +; Development Value: E_ALL | E_STRICT +; Production Value: E_ALL & ~E_DEPRECATED + +; html_errors +; Default Value: On +; Development Value: On +; Production value: Off + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; magic_quotes_gpc +; Default Value: On +; Development Value: Off +; Production Value: Off + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; register_long_arrays +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.bug_compat_42 +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.bug_compat_warn +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; session.hash_bits_per_character +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; track_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; url_rewriter.tags +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It's been +; recommended for several years that you not use the short tag "short cut" and +; instead to use the full tag combination. With the wide spread use +; of XML and use of these tags by other languages, the server can become easily +; confused and end up parsing the wrong code in the wrong context. But because +; this short cut has been a feature for such a long time, it's currently still +; supported for backwards compatibility, but we recommend you don't use them. +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/short-open-tag +short_open_tag = On + +; Allow ASP-style <% %> tags. +; http://php.net/asp-tags +asp_tags = Off + +; The number of significant digits displayed in floating point numbers. +; http://php.net/precision +precision = 14 + +; Enforce year 2000 compliance (will cause problems with non-compliant browsers) +; http://php.net/y2k-compliance +y2k_compliance = On + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; Turning on this setting and managing its maximum buffer size can yield some +; interesting side-effects depending on your application and web server. +; You may be able to send headers and cookies after you've already sent output +; through print or echo. You also may see performance benefits if your server is +; emitting less packets due to buffered output versus PHP streaming the output +; as it gets it. On production servers, 4096 bytes is a good setting for performance +; reasons. +; Note: Output buffering can also be controlled via Output Buffering Control +; functions. +; Possible Values: +; On = Enabled and buffer is unlimited. (Use with caution) +; Off = Disabled +; Integer = Enables the buffer and sets its maximum size in bytes. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 +; http://php.net/output-buffering +output_buffering = 4096 + +; You can redirect all of the output of your scripts to a function. For +; example, if you set output_handler to "mb_output_handler", character +; encoding will be transparently converted to the specified encoding. +; Setting any output handler automatically turns on output buffering. +; Note: People who wrote portable scripts should not depend on this ini +; directive. Instead, explicitly set the output handler using ob_start(). +; Using this ini directive may cause problems unless you know what script +; is doing. +; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" +; and you cannot use both "ob_gzhandler" and "zlib.output_compression". +; Note: output_handler must be empty if this is set 'On' !!!! +; Instead you must use zlib.output_handler. +; http://php.net/output-handler +;output_handler = + +; Transparent output compression using the zlib library +; Valid values for this option are 'off', 'on', or a specific buffer size +; to be used for compression (default is 4KB) +; Note: Resulting chunk size may vary due to nature of compression. PHP +; outputs chunks that are few hundreds bytes each as a result of +; compression. If you prefer a larger chunk size for better +; performance, enable output_buffering in addition. +; Note: You need to use zlib.output_handler instead of the standard +; output_handler, or otherwise the output will be corrupted. +; http://php.net/zlib.output-compression +zlib.output_compression = Off + +; http://php.net/zlib.output-compression-level +;zlib.output_compression_level = -1 + +; You cannot specify additional output handlers if zlib.output_compression +; is activated here. This setting does the same as output_handler but in +; a different order. +; http://php.net/zlib.output-handler +;zlib.output_handler = + +; Implicit flush tells PHP to tell the output layer to flush itself +; automatically after every output block. This is equivalent to calling the +; PHP function flush() after each and every call to print() or echo() and each +; and every HTML block. Turning this option on has serious performance +; implications and is generally recommended for debugging purposes only. +; http://php.net/implicit-flush +; Note: This directive is hardcoded to On for the CLI SAPI +implicit_flush = Off + +; The unserialize callback function will be called (with the undefined class' +; name as parameter), if the unserializer finds an undefined class +; which should be instantiated. A warning appears if the specified function is +; not defined, or if the function doesn't include/implement the missing class. +; So only set this entry, if you really want to implement such a +; callback-function. +unserialize_callback_func = + +; When floats & doubles are serialized store serialize_precision significant +; digits after the floating point. The default value ensures that when floats +; are decoded with unserialize, the data will remain the same. +serialize_precision = 17 + +; This directive allows you to enable and disable warnings which PHP will issue +; if you pass a value by reference at function call time. Passing values by +; reference at function call time is a deprecated feature which will be removed +; from PHP at some point in the near future. The acceptable method for passing a +; value by reference to a function is by declaring the reference in the functions +; definition, not at call time. This directive does not disable this feature, it +; only determines whether PHP will warn you about it or not. These warnings +; should enabled in development environments only. +; Default Value: On (Suppress warnings) +; Development Value: Off (Issue warnings) +; Production Value: Off (Issue warnings) +; http://php.net/allow-call-time-pass-reference +allow_call_time_pass_reference = Off + +; Safe Mode +; http://php.net/safe-mode +safe_mode = Off + +; By default, Safe Mode does a UID compare check when +; opening files. If you want to relax this to a GID compare, +; then turn on safe_mode_gid. +; http://php.net/safe-mode-gid +safe_mode_gid = Off + +; When safe_mode is on, UID/GID checks are bypassed when +; including files from this directory and its subdirectories. +; (directory must also be in include_path or full path must +; be used when including) +; http://php.net/safe-mode-include-dir +safe_mode_include_dir = + +; When safe_mode is on, only executables located in the safe_mode_exec_dir +; will be allowed to be executed via the exec family of functions. +; http://php.net/safe-mode-exec-dir +safe_mode_exec_dir = + +; Setting certain environment variables may be a potential security breach. +; This directive contains a comma-delimited list of prefixes. In Safe Mode, +; the user may only alter environment variables whose names begin with the +; prefixes supplied here. By default, users will only be able to set +; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). +; Note: If this directive is empty, PHP will let the user modify ANY +; environment variable! +; http://php.net/safe-mode-allowed-env-vars +safe_mode_allowed_env_vars = PHP_ + +; This directive contains a comma-delimited list of environment variables that +; the end user won't be able to change using putenv(). These variables will be +; protected even if safe_mode_allowed_env_vars is set to allow to change them. +; http://php.net/safe-mode-protected-env-vars +safe_mode_protected_env_vars = LD_LIBRARY_PATH + +; open_basedir, if set, limits all file operations to the defined directory +; and below. This directive makes most sense if used in a per-directory +; or per-virtualhost web server configuration file. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/open-basedir +;open_basedir = + +; This directive allows you to disable certain functions for security reasons. +; It receives a comma-delimited list of function names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-functions +disable_functions = <%= disable_functions %> + +; This directive allows you to disable certain classes for security reasons. +; It receives a comma-delimited list of class names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-classes +disable_classes = + +; Colors for Syntax Highlighting mode. Anything that's acceptable in +; would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.bg = #FFFFFF +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; http://php.net/realpath-cache-size +;realpath_cache_size = 16k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = <%= max_execution_time %> + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = <%= max_input_time %> + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; Maximum amount of memory a script may consume (128MB) +; http://php.net/memory-limit +memory_limit = <%= memory_limit %> + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it's automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.) +; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.) +; Default Value: E_ALL & ~E_NOTICE +; Development Value: E_ALL | E_STRICT +; Production Value: E_ALL & ~E_DEPRECATED +; http://php.net/error-reporting +error_reporting = <%= error_reporting %> + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; It's recommended that errors be logged on production servers rather than +; having the errors sent to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = <%= display_errors %> + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. But, it's strongly recommended that you +; leave this setting off on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This has only effect in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/track-errors +track_errors = <%= track_errors %> + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of inserting html +; links to documentation related to that error. This directive controls whether +; those HTML links appear in error messages or not. For performance and security +; reasons, it's recommended you disable this on production servers. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: On +; Development Value: On +; Production value: Off +; http://php.net/html-errors +html_errors = <%= html_errors %> + +; If html_errors is set On PHP produces clickable error messages that direct +; to a page describing the error or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +error_log = <%= error_log %> +; Log errors to syslog (Event Log on NT, not valid in Windows 95). +;error_log = syslog + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. If the register_globals directive is enabled, it also determines +; what order variables are populated into the global space. G,P,C,E & S are +; abbreviations for the following respective super globals: GET, POST, COOKIE, +; ENV and SERVER. There is a performance penalty paid for the registration of +; these arrays and because ENV is not as commonly used as the others, ENV is +; is not recommended on productions servers. You can still get access to +; the environment variables through getenv() should you need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P,C,E & S) should +; be registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive are +; specified in the same manner as the variables_order directive, EXCEPT one. +; Leaving this value empty will cause PHP to use the value set in the +; variables_order directive. It does not mean it will leave the super globals +; array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; Whether or not to register the EGPCS variables as global variables. You may +; want to turn this off if you don't want to clutter your scripts' global scope +; with user data. +; You should do your best to write your scripts so that they do not require +; register_globals to be on; Using form variables as globals can easily lead +; to possible security problems, if the code is not very well thought of. +; http://php.net/register-globals +register_globals = Off + +; Determines whether the deprecated long $HTTP_*_VARS type predefined variables +; are registered by PHP or not. As they are deprecated, we obviously don't +; recommend you use them. They are on by default for compatibility reasons but +; they are not recommended on production servers. +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-long-arrays +register_long_arrays = Off + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the SERVER and ENV variables are created when they're first +; used (Just In Time) instead of when the script starts. If these variables +; are not used within a script, having this directive on will result in a +; performance gain. The PHP directives register_globals, register_long_arrays, +; and register_argc_argv must be disabled for this directive to have any affect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Maximum size of POST data that PHP will accept. +; http://php.net/post-max-size +post_max_size = <%= post_max_size %> + +; Magic quotes are a preprocessing feature of PHP where PHP will attempt to +; escape any character sequences in GET, POST, COOKIE and ENV data which might +; otherwise corrupt data being placed in resources such as databases before +; making that data available to you. Because of character encoding issues and +; non-standard SQL implementations across many databases, it's not currently +; possible for this feature to be 100% accurate. PHP's default behavior is to +; enable the feature. We strongly recommend you use the escaping mechanisms +; designed specifically for the database your using instead of relying on this +; feature. Also note, this feature has been deprecated as of PHP 5.3.0 and is +; scheduled for removal in PHP 6. +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/magic-quotes-gpc +magic_quotes_gpc = Off + +; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. +; http://php.net/magic-quotes-runtime +magic_quotes_runtime = Off + +; Use Sybase-style magic quotes (escape ' with '' instead of \'). +; http://php.net/magic-quotes-sybase +magic_quotes_sybase = Off + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a character encoding using +; the Content-type: header. To disable sending of the charset, simply +; set it to be empty. +; +; PHP's built-in default is text/html +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to empty. +; http://php.net/default-charset +;default_charset = "iso-8859-1" + +; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is +; to disable this feature. +; http://php.net/always-populate-raw-post-data +;always_populate_raw_post_data = On + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/usr/share/php" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +; extension_dir = "./" +; On windows: +; extension_dir = "ext" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = ; + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1; + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = <%= upload_max_filesize %> + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename.extension +; +; For example, on Windows: +; +; extension=msql.dll +; +; ... or under UNIX: +; +; extension=msql.so +; +; ... or with a path: +; +; extension=/path/to/extension/msql.so +; +; If you only provide the name of the extension, PHP will look for it in its +; default extension directory. + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +;date.timezone = + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +;iconv.input_encoding = ISO-8859-1 +;iconv.internal_encoding = ISO-8859-1 +;iconv.output_encoding = ISO-8859-1 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING + +[sqlite] +; http://php.net/sqlite.assoc-case +;sqlite.assoc_case = 0 + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +;PCRE library recursion limit. +;Please note that if you set this value to a high number you may consume all +;the available process stack and eventually crash PHP (due to reaching the +;stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/pdo_mysql.cache_size +pdo_mysql.cache_size = 2000 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/pdo_mysql.default-socket +pdo_mysql.default_socket= + +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[Syslog] +; Whether or not to define the various syslog variables (e.g. $LOG_PID, +; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In +; runtime, you can define these variables by calling define_syslog_variables(). +; http://php.net/define-syslog-variables +define_syslog_variables = Off + +[mail function] +; For Win32 only. +; http://php.net/smtp +;SMTP = localhost +; http://php.net/smtp-port +;smtp_port = 25 + +; For Win32 only. +; http://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +sendmail_path = /usr/sbin/ssmtp -t + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(), even in safe mode. +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = On + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = + +[SQL] +; http://php.net/sql.safe-mode +sql.safe_mode = Off + +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +;birdstep.max_links = -1 + +[Interbase] +; Allow or prevent persistent links. +ibase.allow_persistent = 1 + +; Maximum number of persistent links. -1 means no limit. +ibase.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +ibase.max_links = -1 + +; Default database name for ibase_connect(). +;ibase.default_db = + +; Default username for ibase_connect(). +;ibase.default_user = + +; Default password for ibase_connect(). +;ibase.default_password = + +; Default charset for ibase_connect(). +;ibase.default_charset = + +; Default timestamp format. +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" + +; Default date format. +ibase.dateformat = "%Y-%m-%d" + +; Default time format. +ibase.timeformat = "%H:%M:%S" + +[MySQL] +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysql.allow_local_infile +mysql.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysql.allow-persistent +mysql.allow_persistent = On + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysql.cache_size +mysql.cache_size = 2000 + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysql.max-persistent +mysql.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/mysql.max-links +mysql.max_links = -1 + +; Default port number for mysql_connect(). If unset, mysql_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysql.default-port +mysql.default_port = + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysql.default-socket +mysql.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-host +mysql.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-user +mysql.default_user = + +; Default password for mysql_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysql.default-password +mysql.default_password = + +; Maximum time (in seconds) for connect timeout. -1 means no limit +; http://php.net/mysql.connect-timeout +mysql.connect_timeout = 60 + +; Trace mode. When trace_mode is active (=On), warnings for table/index scans and +; SQL-Errors will be displayed. +; http://php.net/mysql.trace-mode +mysql.trace_mode = Off + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysqli.cache_size +mysqli.cache_size = 2000 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off + +[mysqlnd] +; Enable / Disable collection of general statstics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_statistics +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statstics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_memory_statistics +mysqlnd.collect_memory_statistics = Off + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +; http://php.net/mysqlnd.net_cmd_buffer_size +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +; http://php.net/mysqlnd.net_read_buffer_size +;mysqlnd.net_read_buffer_size = 32768 + +[OCI8] + +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; http://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; http://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; http://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; http://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle 11g Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; http://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables statement prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; http://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; http://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[PostgresSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[Sybase-CT] +; Allow or prevent persistent links. +; http://php.net/sybct.allow-persistent +sybct.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/sybct.max-persistent +sybct.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/sybct.max-links +sybct.max_links = -1 + +; Minimum server message severity to display. +; http://php.net/sybct.min-server-severity +sybct.min_server_severity = 10 + +; Minimum client message severity to display. +; http://php.net/sybct.min-client-severity +sybct.min_client_severity = 10 + +; Set per-context timeout +; http://php.net/sybct.timeout +;sybct.timeout= + +;sybct.packet_size + +; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. +; Default: one minute +;sybct.login_timeout= + +; The name of the host you claim to be connecting from, for display by sp_who. +; Default: none +;sybct.hostname= + +; Allows you to define how often deadlocks are to be retried. -1 means "forever". +; Default: 0 +;sybct.deadlock_retry_count= + +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if you +; or your OS have problems with lots of files in one directory, and is +; a more efficient layout for servers that handle lots of sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +;session.save_path = "/tmp" + +; Whether to use cookies. +; http://php.net/session.use-cookies +session.use_cookies = 1 + +; http://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combatting +; session hijacking when not specifying and managing your own session id. It is +; not the end all be all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; http://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started +; on every session initialization. The probability is calculated by using +; gc_probability/gc_divisor. Where session.gc_probability is the numerator +; and gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +session.gc_probability = 0 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using the following equation: +; gc_probability/gc_divisor. Where session.gc_probability is the numerator and +; session.gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. Increasing this value to 1000 will give you +; a 0.1% chance the gc will run on any give request. For high volume production servers, +; this is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script would is the equivalent of +; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 | xargs rm + +; PHP 4.2 and less have an undocumented feature/bug that allows you to +; to initialize a session variable in the global scope, even when register_globals +; is disabled. PHP 4.3 and later will warn you, if this feature is used. +; You can disable the feature and the warning separately. At this time, +; the warning is only displayed, if bug_compat_42 is enabled. This feature +; introduces some serious security problems if not handled correctly. It's +; recommended that you do not use this feature on production servers. But you +; should enable this on development servers and enable the warning as well. If you +; do not enable the feature on development servers, you won't be warned when it's +; used and debugging errors caused by this can be difficult to track down. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-42 +session.bug_compat_42 = Off + +; This setting controls whether or not you are warned by PHP when initializing a +; session value into the global space. session.bug_compat_42 must be enabled before +; these warnings can be issued by PHP. See the directive above for more information. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-warn +session.bug_compat_warn = Off + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +session.referer_check = + +; How many bytes to read from the file. +; http://php.net/session.entropy-length +session.entropy_length = 0 + +; Specified here to create the session id. +; http://php.net/session.entropy-file +; On systems that don't have /dev/urandom /dev/arandom can be used +; On windows, setting the entropy_length setting will activate the +; Windows random source (using the CryptoAPI) +;session.entropy_file = /dev/urandom + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publically accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Select a hash function for use in generating session ids. +; Possible Values +; 0 (MD5 128 bits) +; 1 (SHA-1 160 bits) +; This option may also be set to the name of any hash function supported by +; the hash extension. A list of available hashes is returned by the hash_algos() +; function. +; http://php.net/session.hash-function +session.hash_function = 0 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.hash_bits_per_character = 5 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; form/fieldset are special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. If you want XHTML conformity, remove the form entry. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; http://php.net/url-rewriter.tags +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +[MSSQL] +; Allow or prevent persistent links. +mssql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +mssql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +mssql.max_links = -1 + +; Minimum error severity to display. +mssql.min_error_severity = 10 + +; Minimum message severity to display. +mssql.min_message_severity = 10 + +; Compatibility mode with old versions of PHP 3.0. +mssql.compatability_mode = Off + +; Connect timeout +;mssql.connect_timeout = 5 + +; Query timeout +;mssql.timeout = 60 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textlimit = 4096 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textsize = 4096 + +; Limits the number of records in each batch. 0 = all records in one batch. +;mssql.batchsize = 0 + +; Specify how datetime and datetim4 columns are returned +; On => Returns data converted to SQL server settings +; Off => Returns values as YYYY-MM-DD hh:mm:ss +;mssql.datetimeconvert = On + +; Use NT authentication when connecting to the server +mssql.secure_connection = Off + +; Specify max number of processes. -1 = library default +; msdlib defaults to 25 +; FreeTDS defaults to 4096 +;mssql.max_procs = -1 + +; Specify client character set. +; If empty or not set the client charset from freetds.comf is used +; This is only used when compiled with FreeTDS +;mssql.charset = "ISO-8859-1" + +[Assertion] +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Issue a PHP warning for each failed assertion. +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a components typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[mbstring] +; language for internal character representation. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; internal/script encoding. +; Some encoding cannot work as internal encoding. +; (e.g. SJIS, BIG5, ISO-2022-*) +; http://php.net/mbstring.internal-encoding +;mbstring.internal_encoding = EUC-JP + +; http input encoding. +; http://php.net/mbstring.http-input +;mbstring.http_input = auto + +; http output encoding. mb_output_handler must be +; registered as output buffer to function +; http://php.net/mbstring.http-output +;mbstring.http_output = SJIS + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; auto means +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none; + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +;mbstring.func_overload = 0 + +; enable strict encoding detection. +;mbstring.strict_detection = Off + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +; Allows to set script encoding. Only affects if PHP is compiled with --enable-zend-multibyte +; Default: "" +;mbstring.script_encoding= + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 0 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[mcrypt] +; For more information about mcrypt settings see http://php.net/mcrypt-module-open + +; Directory where to load mcrypt algorithms +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.algorithms_dir= + +; Directory where to load mcrypt modes +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.modes_dir= + +[dba] +;dba.default_handler= + +; Local Variables: +; tab-width: 4 +; End: diff --git a/modules/phpfpm/files/._kalamuna.jpg b/modules/phpfpm/files/._kalamuna.jpg new file mode 100755 index 0000000..2e7c610 Binary files /dev/null and b/modules/phpfpm/files/._kalamuna.jpg differ diff --git a/modules/phpfpm/files/index.php b/modules/phpfpm/files/index.php new file mode 100755 index 0000000..2b713b0 --- /dev/null +++ b/modules/phpfpm/files/index.php @@ -0,0 +1,6 @@ + +Kalamuna Kalabox + + + + \ No newline at end of file diff --git a/modules/phpfpm/files/kalamuna.jpg b/modules/phpfpm/files/kalamuna.jpg new file mode 100755 index 0000000..3b3c751 Binary files /dev/null and b/modules/phpfpm/files/kalamuna.jpg differ diff --git a/modules/phpfpm/manifests/config.pp b/modules/phpfpm/manifests/config.pp new file mode 100644 index 0000000..60a5e64 --- /dev/null +++ b/modules/phpfpm/manifests/config.pp @@ -0,0 +1,25 @@ + +class phpfpm::config { + + php5::ini { "fpm": + path => "/etc/php5/fpm/php.ini", + require => Class["phpfpm::install"], + notify => Class["phpfpm::service"], + } + + file { "/etc/php5/fpm/pool.d/www.conf": + ensure => file, + content => template("phpfpm/www.conf.erb"), + require => Class["phpfpm::install"], + notify => Class["phpfpm::service"], + } + + include phpfpm::extensions::apc + include phpfpm::extensions::xdebug + include phpfpm::extensions::curl + include phpfpm::extensions::imap + include phpfpm::extensions::pear + include phpfpm::extensions::gd + include phpfpm::extensions::mcrypt + +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/extension.pp b/modules/phpfpm/manifests/extension.pp new file mode 100644 index 0000000..166b2ad --- /dev/null +++ b/modules/phpfpm/manifests/extension.pp @@ -0,0 +1,10 @@ + +define phpfpm::extension { + + package { "${name}": + ensure => present, + require => Class["phpfpm::install"], + notify => [Class["phpfpm::service"], Class["nginx::service"]], + } + +} diff --git a/modules/phpfpm/manifests/extensions/apc.pp b/modules/phpfpm/manifests/extensions/apc.pp new file mode 100644 index 0000000..dd09761 --- /dev/null +++ b/modules/phpfpm/manifests/extensions/apc.pp @@ -0,0 +1,18 @@ + +class phpfpm::extensions::apc ( + $enabled = 1, + $shm_size = "64M", + $rfc1867 = 1 +){ + + phpfpm::extension { "php-apc": } + + file { + "apc.ini": + ensure => file, + path => "/etc/php5/conf.d/apc.ini", + require => Class["phpfpm::install"], + notify => [Class["phpfpm::service"], Class["nginx::service"]], + content => template("phpfpm/extensions/apc.ini.erb") + } +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/extensions/curl.pp b/modules/phpfpm/manifests/extensions/curl.pp new file mode 100644 index 0000000..ce32e3f --- /dev/null +++ b/modules/phpfpm/manifests/extensions/curl.pp @@ -0,0 +1,6 @@ + +class phpfpm::extensions::curl { + + phpfpm::extension { "php5-curl": } + +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/extensions/gd.pp b/modules/phpfpm/manifests/extensions/gd.pp new file mode 100644 index 0000000..9d467cf --- /dev/null +++ b/modules/phpfpm/manifests/extensions/gd.pp @@ -0,0 +1,6 @@ + +class phpfpm::extensions::gd { + + phpfpm::extension { "php5-gd": } + +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/extensions/imap.pp b/modules/phpfpm/manifests/extensions/imap.pp new file mode 100644 index 0000000..5e07560 --- /dev/null +++ b/modules/phpfpm/manifests/extensions/imap.pp @@ -0,0 +1,6 @@ + +class phpfpm::extensions::imap { + + phpfpm::extension { "php5-imap": } + +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/extensions/mcrypt.pp b/modules/phpfpm/manifests/extensions/mcrypt.pp new file mode 100644 index 0000000..2d323c0 --- /dev/null +++ b/modules/phpfpm/manifests/extensions/mcrypt.pp @@ -0,0 +1,6 @@ + +class phpfpm::extensions::mcrypt { + + phpfpm::extension { "php5-mcrypt": } + +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/extensions/pear.pp b/modules/phpfpm/manifests/extensions/pear.pp new file mode 100644 index 0000000..e8115ff --- /dev/null +++ b/modules/phpfpm/manifests/extensions/pear.pp @@ -0,0 +1,6 @@ + +class phpfpm::extensions::pear { + + phpfpm::extension { "php-pear": } + +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/extensions/xdebug.pp b/modules/phpfpm/manifests/extensions/xdebug.pp new file mode 100644 index 0000000..3f9e1ee --- /dev/null +++ b/modules/phpfpm/manifests/extensions/xdebug.pp @@ -0,0 +1,25 @@ + +class phpfpm::extensions::xdebug ( + $remote_enable = "On", + $remote_host = "kala", + $remote_port = 9000, + $remote_handler = "dbgp", + $profiler_enable = 1, + $profile_output_dir = "/tmp/xprofile", + $collect_params = "On", + $show_local_vars = "On", + +){ + + phpfpm::extension { "php5-xdebug": } + + file { + "xdebug.ini": + ensure => file, + path => "/etc/php5/conf.d/xdebug.ini", + require => Class["phpfpm::install"], + notify => [Class["phpfpm::service"], Class["nginx::service"]], + content => template("phpfpm/extensions/xdebug.ini.erb") + } + +} diff --git a/modules/phpfpm/manifests/init.pp b/modules/phpfpm/manifests/init.pp new file mode 100644 index 0000000..6ff59eb --- /dev/null +++ b/modules/phpfpm/manifests/init.pp @@ -0,0 +1,6 @@ + +class phpfpm { + + include phpfpm::install, phpfpm::config, phpfpm::service + +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/install.pp b/modules/phpfpm/manifests/install.pp new file mode 100644 index 0000000..ff1a91a --- /dev/null +++ b/modules/phpfpm/manifests/install.pp @@ -0,0 +1,9 @@ + +class phpfpm::install { + + include php5 + + package { "php5-fpm": + ensure => installed, + } +} \ No newline at end of file diff --git a/modules/phpfpm/manifests/nginx/kalabox.pp b/modules/phpfpm/manifests/nginx/kalabox.pp new file mode 100644 index 0000000..2aa499d --- /dev/null +++ b/modules/phpfpm/manifests/nginx/kalabox.pp @@ -0,0 +1,51 @@ + +define phpfpm::nginx::kalabox ( + $vhost = $title, + $root = "/var/www", + $server_name = "_", + $index = "index.php", + $upstream = "unix:/tmp/php-fpm.sock", + $custom = "", + $options = {}, +){ + + include nginx + + file { "/etc/nginx/sites-available/${vhost}": + ensure => file, + content => template("phpfpm/nginx/vhost.conf.erb"), + require => [ + File["/etc/nginx/sites-enabled/${vhost}"], + ], + notify => Class["nginx::service"], + } + + file { "/etc/nginx/sites-enabled/${vhost}": + ensure => link, + target => "/etc/nginx/sites-available/${vhost}", + require => Class["nginx::install"], + } + + file { $root: + ensure => "directory", + owner => "www-data", + group => "www-data", + mode => 777, + } + + file { "${root}/index.php": + ensure => file, + owner => www-data, + group => www-data, + mode => 777, + source => "puppet:///modules/phpfpm/index.php", + } + + file { "${root}/kalamuna.jpg": + ensure => file, + owner => www-data, + group => www-data, + mode => 777, + source => "puppet:///modules/phpfpm/kalamuna.jpg", + } +} diff --git a/modules/phpfpm/manifests/nginx/vhost.pp b/modules/phpfpm/manifests/nginx/vhost.pp new file mode 100644 index 0000000..c9698a5 --- /dev/null +++ b/modules/phpfpm/manifests/nginx/vhost.pp @@ -0,0 +1,35 @@ + +define phpfpm::nginx::vhost ( + $vhost = $title, + $root = "/var/www", + $server_name = "_", + $index = "index.php", + $upstream = "unix:/tmp/php-fpm.sock", + $custom = "", + $options = {}, +) { + + include nginx + + file { "/etc/nginx/sites-available/${vhost}": + ensure => file, + content => template("phpfpm/nginx/vhost.conf.erb"), + require => [ + File["/etc/nginx/sites-enabled/${vhost}"], + ], + notify => Class["nginx::service"], + } + + file { "/etc/nginx/sites-enabled/${vhost}": + ensure => link, + target => "/etc/nginx/sites-available/${vhost}", + require => Class["nginx::install"], + } + + file { $root: + ensure => "directory", + owner => "www-data", + group => "www-data", + mode => 755, + } +} diff --git a/modules/phpfpm/manifests/service.pp b/modules/phpfpm/manifests/service.pp new file mode 100644 index 0000000..9aa2e93 --- /dev/null +++ b/modules/phpfpm/manifests/service.pp @@ -0,0 +1,9 @@ + +class phpfpm::service { + + service { "php5-fpm": + ensure => running, + require => Class["phpfpm::install"], + } + +} \ No newline at end of file diff --git a/modules/phpfpm/templates/extensions/apc.ini.erb b/modules/phpfpm/templates/extensions/apc.ini.erb new file mode 100644 index 0000000..a5ee826 --- /dev/null +++ b/modules/phpfpm/templates/extensions/apc.ini.erb @@ -0,0 +1,10 @@ +extension=apc.so + +apc.shm_size=<%= shm_size %> +apc.enabled=<%= enabled %> +apc.shm_segments=1 +apc.ttl=7200 +apc.user_ttl=7200 +apc.stat=1 +apc.include_once_override=0 +apc.rfc1867=<%= rfc1867 %> diff --git a/modules/phpfpm/templates/extensions/xdebug.ini.erb b/modules/phpfpm/templates/extensions/xdebug.ini.erb new file mode 100644 index 0000000..0934b26 --- /dev/null +++ b/modules/phpfpm/templates/extensions/xdebug.ini.erb @@ -0,0 +1,10 @@ +zend_extension=/usr/lib/php5/20090626/xdebug.so + +xdebug.remote_enable=<%= remote_enable %> +xdebug.remote_host=<%= remote_host %> +xdebug.remote_port=<%= remote_port %> +xdebug.remote_handler=<%= remote_handler %> +xdebug.profiler_enable = <%= profiler_enable %> +xdebug.profile_output_dir = <%= profile_output_dir %> +xdebug.collect_params = <%= collect_params %> +xdebug.show_local_vars = <%= show_local_vars %> \ No newline at end of file diff --git a/modules/phpfpm/templates/nginx/vhost.conf.erb b/modules/phpfpm/templates/nginx/vhost.conf.erb new file mode 100644 index 0000000..36b5a4a --- /dev/null +++ b/modules/phpfpm/templates/nginx/vhost.conf.erb @@ -0,0 +1,33 @@ +server +{ + server_name <%= server_name %>; + root <%= root %>; + + client_max_body_size 100M; + fastcgi_read_timeout 1800; + + index <%= index %>; + + location / + { + try_files $uri $uri/ /<%= index %>; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + access_log off; + } + + location ~ \.php$ + { + try_files $uri =404; + + include fastcgi_params; + fastcgi_index <%= index %>; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass <%= upstream %>; + } + + <%= custom %> +} \ No newline at end of file diff --git a/modules/phpfpm/templates/www.conf.erb b/modules/phpfpm/templates/www.conf.erb new file mode 100644 index 0000000..0463032 --- /dev/null +++ b/modules/phpfpm/templates/www.conf.erb @@ -0,0 +1,385 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +;listen = 127.0.0.1:9000 +listen = /tmp/php-fpm.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = -1 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0666 +;listen.owner = www-data +;listen.group = www-data +;listen.mode = 0666 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 4 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 2 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 6 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = %R - %u %t "%m %r%Q%q" %s %f %{mili}d %{kilo}M %C%% + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = / + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/modules/phpmyadmin/manifests/config.pp b/modules/phpmyadmin/manifests/config.pp new file mode 100644 index 0000000..6192227 --- /dev/null +++ b/modules/phpmyadmin/manifests/config.pp @@ -0,0 +1,55 @@ + +class phpmyadmin::config { + + phpfpm::nginx::vhost { "phpmyadmin": + vhost => "phpmyadmin", + root => "/usr/share/phpmyadmin", + server_name => "php.kala", + index => "index.php", + upstream => "unix:/tmp/php-fpm.sock", + custom => "", + options => {}, + } + + $php_pass = $mysql::server::install::password + $pma_db = "phpmyadmin" + $pma_user = "root" + $pma_pass = "password" + $pma_server = "kala" + + exec { "phpmyadmindbconfig": + path => "/bin:/usr/bin", + command => "gunzip < /usr/share/doc/phpmyadmin/examples/create_tables.sql.gz | mysql -u${pma_user} -p${pma_pass} -h${pma_server}", + require => [ + Class[phpmyadmin::install], + Class[network::config] + ], + } + + exec { "phpmyadmincontrolconfig": + path => "/bin:/usr/bin", + command => "mysql -u${pma_user} -p${pma_pass} -h${pma_server} -e \"GRANT ALL PRIVILEGES ON ${pma_db}.* TO ${pma_user}@${pma_server} IDENTIFIED BY '${pma_pass}';\"", + require => Exec["phpmyadmindbconfig"], + } + + file{ "/etc/phpmyadmin/config.inc.php": + path => "/etc/phpmyadmin/config.inc.php", + ensure => present, + content => template("phpmyadmin/config.inc.php.erb"), + owner => "root", + group => "root", + mode => 0444, + require => Class[phpmyadmin::install], + } + + file{ "/etc/phpmyadmin/config-db.php": + path => "/etc/phpmyadmin/config-db.php", + ensure => present, + content => template("phpmyadmin/config-db.php.erb"), + owner => "root", + group => "root", + mode => 0444, + require => Class[phpmyadmin::install], + } + +} \ No newline at end of file diff --git a/modules/phpmyadmin/manifests/init.pp b/modules/phpmyadmin/manifests/init.pp new file mode 100644 index 0000000..d6c1097 --- /dev/null +++ b/modules/phpmyadmin/manifests/init.pp @@ -0,0 +1,4 @@ + +class phpmyadmin { + include phpmyadmin::install, phpmyadmin::config +} \ No newline at end of file diff --git a/modules/phpmyadmin/manifests/install.pp b/modules/phpmyadmin/manifests/install.pp new file mode 100644 index 0000000..bc8e38d --- /dev/null +++ b/modules/phpmyadmin/manifests/install.pp @@ -0,0 +1,11 @@ + +class phpmyadmin::install { + package { "phpmyadmin" : + ensure => present, + require => [ + Class["phpfpm"], + Class["nginx"], + Class["mysql"], + ] + } +} \ No newline at end of file diff --git a/modules/phpmyadmin/templates/config-db.php.erb b/modules/phpmyadmin/templates/config-db.php.erb new file mode 100644 index 0000000..ddbe111 --- /dev/null +++ b/modules/phpmyadmin/templates/config-db.php.erb @@ -0,0 +1,20 @@ +'; +$dbpass='<%= pma_pass %>'; +$basepath=''; +$dbname='<%= pma_db %>'; +$dbserver='<%= pma_server %>'; +$dbport=''; +$dbtype='mysql'; +?> \ No newline at end of file diff --git a/modules/phpmyadmin/templates/config.inc.php.erb b/modules/phpmyadmin/templates/config.inc.php.erb new file mode 100644 index 0000000..bfb513d --- /dev/null +++ b/modules/phpmyadmin/templates/config.inc.php.erb @@ -0,0 +1,123 @@ +'; + $cfg['Servers'][$i]['host'] = $dbserver; + + if (!empty($dbport) || $dbserver != 'localhost') { + $cfg['Servers'][$i]['connect_type'] = 'tcp'; + $cfg['Servers'][$i]['port'] = $dbport; + } + //$cfg['Servers'][$i]['compress'] = false; + /* Select mysqli if your server has it */ + $cfg['Servers'][$i]['extension'] = 'mysqli'; + /* Optional: User for advanced features */ + $cfg['Servers'][$i]['controluser'] = $dbuser; + $cfg['Servers'][$i]['controlpass'] = $dbpass; + /* Optional: Advanced phpMyAdmin features */ + $cfg['Servers'][$i]['pmadb'] = $dbname; + $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; + $cfg['Servers'][$i]['relation'] = 'pma_relation'; + $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; + $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; + $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; + $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; + $cfg['Servers'][$i]['history'] = 'pma_history'; + $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; + $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; + $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig'; + $cfg['Servers'][$i]['AllowNoPassword'] = TRUE; + $cfg['Servers'][$i]['user'] = 'root'; + $cfg['Servers'][$i]['password'] = '<%= php_pass %>'; + $cfg['Servers'][$i]['AllowRoot'] = TRUE; + + /* Uncomment the following to enable logging in to passwordless accounts, + * after taking note of the associated security risks. */ + // $cfg['Servers'][$i]['AllowNoPassword'] = TRUE; + + /* Advance to next server for rest of config */ + $i++; +} + +/* Authentication type */ +//$cfg['Servers'][$i]['auth_type'] = 'cookie'; +/* Server parameters */ +//$cfg['Servers'][$i]['host'] = 'localhost'; +//$cfg['Servers'][$i]['connect_type'] = 'tcp'; +//$cfg['Servers'][$i]['compress'] = false; +/* Select mysqli if your server has it */ +//$cfg['Servers'][$i]['extension'] = 'mysql'; +/* Optional: User for advanced features */ +// $cfg['Servers'][$i]['controluser'] = 'pma'; +// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; +/* Optional: Advanced phpMyAdmin features */ +// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; +// $cfg['Servers'][$i]['relation'] = 'pma_relation'; +// $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; +// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; +// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; +// $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; +// $cfg['Servers'][$i]['history'] = 'pma_history'; +// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; +/* Uncomment the following to enable logging in to passwordless accounts, + * after taking note of the associated security risks. */ +// $cfg['Servers'][$i]['AllowNoPassword'] = TRUE; + +/* + * End of servers configuration + */ + +/* + * Directories for saving/loading files from server + */ +$cfg['UploadDir'] = ''; +$cfg['SaveDir'] = ''; + + diff --git a/modules/puppet/manifests/config.pp b/modules/puppet/manifests/config.pp new file mode 100644 index 0000000..26d9730 --- /dev/null +++ b/modules/puppet/manifests/config.pp @@ -0,0 +1,14 @@ + +class puppet::config { + + $puppetserver = "kalabox.kalamuna.com" + + file { "/etc/puppet/puppet.conf" : + ensure => present, + content => template("puppet/puppet.conf.erb"), + owner => "puppet", + group => "puppet", + require => Class["puppet::install"], + notify => Class["puppet::service"], + } +} \ No newline at end of file diff --git a/modules/puppet/manifests/init.pp b/modules/puppet/manifests/init.pp new file mode 100644 index 0000000..77013c8 --- /dev/null +++ b/modules/puppet/manifests/init.pp @@ -0,0 +1,4 @@ + +class puppet { + include puppet::install, puppet::config, puppet::service +} \ No newline at end of file diff --git a/modules/puppet/manifests/install.pp b/modules/puppet/manifests/install.pp new file mode 100644 index 0000000..4e79b39 --- /dev/null +++ b/modules/puppet/manifests/install.pp @@ -0,0 +1,6 @@ + +class puppet::install { + package { "puppet" : + ensure => present, + } +} \ No newline at end of file diff --git a/modules/puppet/manifests/service.pp b/modules/puppet/manifests/service.pp new file mode 100644 index 0000000..177cb6c --- /dev/null +++ b/modules/puppet/manifests/service.pp @@ -0,0 +1,10 @@ + +class puppet::service { + service { "puppet": + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + require => Class["puppet::install"], + } +} \ No newline at end of file diff --git a/modules/puppet/templates/puppet.conf.erb b/modules/puppet/templates/puppet.conf.erb new file mode 100644 index 0000000..5f94b22 --- /dev/null +++ b/modules/puppet/templates/puppet.conf.erb @@ -0,0 +1,20 @@ +[main] +logdir=/var/log/puppet +vardir=/var/lib/puppet +ssldir=/var/lib/puppet/ssl +rundir=/var/run/puppet +factpath=$vardir/lib/facter +templatedir=$confdir/templates +prerun_command=/etc/puppet/etckeeper-commit-pre +postrun_command=/etc/puppet/etckeeper-commit-post + +[master] +# These are needed when the puppetmaster is run by passenger +# and can safely be removed if webrick is used. +ssl_client_header = SSL_CLIENT_S_DN +ssl_client_verify_header = SSL_CLIENT_VERIFY + +[agent] +report = true +pluginsync = true +server = <%= puppetserver %> \ No newline at end of file diff --git a/modules/samba/manifests/config.pp b/modules/samba/manifests/config.pp new file mode 100644 index 0000000..65982f7 --- /dev/null +++ b/modules/samba/manifests/config.pp @@ -0,0 +1,12 @@ + +class samba::config { + + file { "/etc/samba/smb.conf" : + ensure => present, + content => template("samba/smb.conf.erb"), + owner => "root", + group => "root", + require => Class["samba::install"], + notify => Class["samba::service"], + } +} \ No newline at end of file diff --git a/modules/samba/manifests/init.pp b/modules/samba/manifests/init.pp new file mode 100644 index 0000000..2dcf4c9 --- /dev/null +++ b/modules/samba/manifests/init.pp @@ -0,0 +1,4 @@ + +class samba { + include samba::install, samba::config, samba::service +} \ No newline at end of file diff --git a/modules/samba/manifests/install.pp b/modules/samba/manifests/install.pp new file mode 100644 index 0000000..b592306 --- /dev/null +++ b/modules/samba/manifests/install.pp @@ -0,0 +1,6 @@ + +class samba::install { + package { "samba" : + ensure => present, + } +} \ No newline at end of file diff --git a/modules/samba/manifests/service.pp b/modules/samba/manifests/service.pp new file mode 100644 index 0000000..f018a7c --- /dev/null +++ b/modules/samba/manifests/service.pp @@ -0,0 +1,11 @@ + +class samba::service { + service { "samba": + name => "smbd", + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + require => Class["samba::install"], + } +} \ No newline at end of file diff --git a/modules/samba/templates/smb.conf.erb b/modules/samba/templates/smb.conf.erb new file mode 100644 index 0000000..4749237 --- /dev/null +++ b/modules/samba/templates/smb.conf.erb @@ -0,0 +1,342 @@ +# +# Sample configuration file for the Samba suite for Debian GNU/Linux. +# +# +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options most of which +# are not shown in this example +# +# Some options that are often worth tuning have been included as +# commented-out examples in this file. +# - When such options are commented with ";", the proposed setting +# differs from the default Samba behaviour +# - When commented with "#", the proposed setting is the default +# behaviour of Samba but the option is considered important +# enough to be mentioned here +# +# NOTE: Whenever you modify this file you should run the command +# "testparm" to check that you have not made any basic syntactic +# errors. +# A well-established practice is to name the original file +# "smb.conf.master" and create the "real" config file with +# testparm -s smb.conf.master >smb.conf +# This minimizes the size of the really used smb.conf file +# which, according to the Samba Team, impacts performance +# However, use this with caution if your smb.conf file contains nested +# "include" statements. See Debian bug #483187 for a case +# where using a master file is not a good idea. +# + +#======================= Global Settings ======================= + +[global] + +## Browsing/Identification ### + +# Change this to the workgroup/NT-domain name your Samba server will part of + workgroup = WORKGROUP + +# server string is the equivalent of the NT Description field + server string = %h server (Samba, Ubuntu) + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable its WINS Server +# wins support = no + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# This will prevent nmbd to search for NetBIOS names through DNS. + dns proxy = no + +# What naming service and in what order should we use to resolve host names +# to IP addresses +; name resolve order = lmhosts host wins bcast + +#### Networking #### + +# The specific set of interfaces / networks to bind to +# This can be either the interface name or an IP address/netmask; +# interface names are normally preferred +; interfaces = 127.0.0.0/8 eth0 + +# Only bind to the named interfaces and/or networks; you must use the +# 'interfaces' option above to use this. +# It is recommended that you enable this feature if your Samba machine is +# not protected by a firewall or is a firewall itself. However, this +# option cannot handle dynamic or non-broadcast interfaces correctly. +; bind interfaces only = yes + + + +#### Debugging/Accounting #### + +# This tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Cap the size of the individual log files (in KiB). + max log size = 1000 + +# If you want Samba to only log through syslog then set the following +# parameter to 'yes'. +# syslog only = no + +# We want Samba to log a minimum amount of information to syslog. Everything +# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log +# through syslog you should set the following parameter to something higher. + syslog = 0 + +# Do something sensible when Samba crashes: mail the admin a backtrace + panic action = /usr/share/samba/panic-action %d + + +####### Authentication ####### + +# "security = user" is always a good idea. This will require a Unix account +# in this server for every user accessing the server. See +# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html +# in the samba-doc package for details. +# security = user + +# You may wish to use password encryption. See the section on +# 'encrypt passwords' in the smb.conf(5) manpage before enabling. + encrypt passwords = true + +# If you are using encrypted passwords, Samba will need to know what +# password database type you are using. + passdb backend = tdbsam + + obey pam restrictions = yes + +# This boolean parameter controls whether Samba attempts to sync the Unix +# password with the SMB password when the encrypted SMB password in the +# passdb is changed. + unix password sync = yes + +# For Unix password sync to work on a Debian GNU/Linux system, the following +# parameters must be set (thanks to Ian Kahan < for +# sending the correct chat script for the passwd program in Debian Sarge). + passwd program = /usr/bin/passwd %u + passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . + +# This boolean controls whether PAM will be used for password changes +# when requested by an SMB client instead of the program listed in +# 'passwd program'. The default is 'no'. + pam password change = yes + +# This option controls how unsuccessful authentication attempts are mapped +# to anonymous connections + map to guest = bad user + +########## Domains ########### + +# Is this machine able to authenticate users. Both PDC and BDC +# must have this setting enabled. If you are the BDC you must +# change the 'domain master' setting to no +# +; domain logons = yes +# +# The following setting only takes effect if 'domain logons' is set +# It specifies the location of the user's profile directory +# from the client point of view) +# The following required a [profiles] share to be setup on the +# samba server (see below) +; logon path = \\%N\profiles\%U +# Another common choice is storing the profile in the user's home directory +# (this is Samba's default) +# logon path = \\%N\%U\profile + +# The following setting only takes effect if 'domain logons' is set +# It specifies the location of a user's home directory (from the client +# point of view) +; logon drive = H: +# logon home = \\%N\%U + +# The following setting only takes effect if 'domain logons' is set +# It specifies the script to run during logon. The script must be stored +# in the [netlogon] share +# NOTE: Must be store in 'DOS' file format convention +; logon script = logon.cmd + +# This allows Unix users to be created on the domain controller via the SAMR +# RPC pipe. The example command creates a user account with a disabled Unix +# password; please adapt to your needs +; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u + +# This allows machine accounts to be created on the domain controller via the +# SAMR RPC pipe. +# The following assumes a "machines" group exists on the system +; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u + +# This allows Unix groups to be created on the domain controller via the SAMR +# RPC pipe. +; add group script = /usr/sbin/addgroup --force-badname %g + +########## Printing ########## + +# If you want to automatically load your printer list rather +# than setting them up individually then you'll need this +# load printers = yes + +# lpr(ng) printing. You may wish to override the location of the +# printcap file +; printing = bsd +; printcap name = /etc/printcap + +# CUPS printing. See also the cupsaddsmb(8) manpage in the +# cupsys-client package. +; printing = cups +; printcap name = cups + +############ Misc ############ + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /home/samba/etc/smb.conf.%m + +# Most people will find that this option gives better performance. +# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html +# for details +# You may want to add the following on a Linux system: +# SO_RCVBUF=8192 SO_SNDBUF=8192 +# socket options = TCP_NODELAY + +# The following parameter is useful only if you have the linpopup package +# installed. The samba maintainer and the linpopup maintainer are +# working to ease installation and configuration of linpopup and samba. +; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & + +# Domain Master specifies Samba to be the Domain Master Browser. If this +# machine will be configured as a BDC (a secondary logon server), you +# must set this to 'no'; otherwise, the default behavior is recommended. +# domain master = auto + +# Some defaults for winbind (make sure you're not using the ranges +# for something else.) +; idmap uid = 10000-20000 +; idmap gid = 10000-20000 +; template shell = /bin/bash + +# The following was the default behaviour in sarge, +# but samba upstream reverted the default because it might induce +# performance issues in large organizations. +# See Debian bug #368251 for some of the consequences of *not* +# having this setting and smb.conf(5) for details. +; winbind enum groups = yes +; winbind enum users = yes + +# Setup usershare options to enable non-root users to share folders +# with the net usershare command. + +# Maximum number of usershare. 0 (default) means that usershare is disabled. +; usershare max shares = 100 + +# Allow users who've been granted usershare privileges to create +# public shares, not just authenticated ones + usershare allow guests = yes + +#======================= Share Definitions ======================= + +# Un-comment the following (and tweak the other settings below to suit) +# to enable the default home directory shares. This will share each +# user's home director as \\server\username +;[homes] +; comment = Home Directories +; browseable = no + +# By default, the home directories are exported read-only. Change the +# next parameter to 'no' if you want to be able to write to them. +; read only = yes + +# File creation mask is set to 0700 for security reasons. If you want to +# create files with group=rw permissions, set next parameter to 0775. +; create mask = 0700 + +# Directory creation mask is set to 0700 for security reasons. If you want to +# create dirs. with group=rw permissions, set next parameter to 0775. +; directory mask = 0700 + +# By default, \\server\username shares can be connected to by anyone +# with access to the samba server. Un-comment the following parameter +# to make sure that only "username" can connect to \\server\username +# The following parameter makes sure that only "username" can connect +# +# This might need tweaking when using external authentication schemes +; valid users = %S + +# Un-comment the following and create the netlogon directory for Domain Logons +# (you need to configure Samba to act as a domain controller too.) +;[netlogon] +; comment = Network Logon Service +; path = /home/samba/netlogon +; guest ok = yes +; read only = yes + +# Un-comment the following and create the profiles directory to store +# users profiles (see the "logon path" option above) +# (you need to configure Samba to act as a domain controller too.) +# The path below should be writable by all users so that their +# profile directory may be created the first time they log on +;[profiles] +; comment = Users profiles +; path = /home/samba/profiles +; guest ok = no +; browseable = no +; create mask = 0600 +; directory mask = 0700 + +[printers] + comment = All Printers + browseable = no + path = /var/spool/samba + printable = yes + guest ok = no + read only = yes + create mask = 0700 + +# Windows clients look for this share name as a source of downloadable +# printer drivers +[print$] + comment = Printer Drivers + path = /var/lib/samba/printers + browseable = yes + read only = yes + guest ok = no +# Uncomment to allow remote administration of Windows print drivers. +# You may need to replace 'lpadmin' with the name of the group your +# admin users are members of. +# Please note that you also need to set appropriate Unix permissions +# to the drivers directory for these users to have write rights in it +; write list = root, @lpadmin + +# A sample share for sharing your CD-ROM with others. +;[cdrom] +; comment = Samba server's CD-ROM +; read only = yes +; locking = no +; path = /cdrom +; guest ok = yes + +# The next two parameters show how to auto-mount a CD-ROM when the +# cdrom share is accesed. For this to work /etc/fstab must contain +# an entry like this: +# +# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0 +# +# The CD-ROM gets unmounted automatically after the connection to the +# +# If you don't want to use auto-mounting/unmounting make sure the CD +# is mounted on /cdrom +# +; preexec = /bin/mount /cdrom +; postexec = /bin/umount /cdrom + +[www] +path = /var/www +read only = no +guest ok = yes +browseable = yes diff --git a/modules/solr/manifests/init.pp b/modules/solr/manifests/init.pp new file mode 100644 index 0000000..383e511 --- /dev/null +++ b/modules/solr/manifests/init.pp @@ -0,0 +1,4 @@ + +class solr { + include solr::params, solr::install, solr::service +} \ No newline at end of file diff --git a/modules/solr/manifests/install.pp b/modules/solr/manifests/install.pp new file mode 100644 index 0000000..90c685d --- /dev/null +++ b/modules/solr/manifests/install.pp @@ -0,0 +1,10 @@ + +class solr::install { + package { "solr-tomcat": + ensure => present, + require => [ + Class["phpfpm"], + Class["nginx"], + ] + } +} \ No newline at end of file diff --git a/modules/solr/manifests/params.pp b/modules/solr/manifests/params.pp new file mode 100644 index 0000000..5475512 --- /dev/null +++ b/modules/solr/manifests/params.pp @@ -0,0 +1,4 @@ + +class solr::params { + $tomcat = "tomcat6" +} diff --git a/modules/solr/manifests/service.pp b/modules/solr/manifests/service.pp new file mode 100644 index 0000000..b5d6ea8 --- /dev/null +++ b/modules/solr/manifests/service.pp @@ -0,0 +1,9 @@ +class solr::service { + service { $solr::params::tomcat: + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + require => Class["solr::install"], + } +} \ No newline at end of file diff --git a/modules/ssh/files/ssh_config b/modules/ssh/files/ssh_config new file mode 100644 index 0000000..43b298e --- /dev/null +++ b/modules/ssh/files/ssh_config @@ -0,0 +1,54 @@ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +Host * +# ForwardAgent no +# ForwardX11 no +# ForwardX11Trusted yes +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# GSSAPIKeyExchange no +# GSSAPITrustDNS no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# VisualHostKey no +# ProxyCommand ssh -q -W %h:%p gateway.example.com + SendEnv LANG LC_* + HashKnownHosts yes + GSSAPIAuthentication yes + GSSAPIDelegateCredentials no + UserKnownHostsFile /dev/null diff --git a/modules/ssh/files/sshd_config b/modules/ssh/files/sshd_config new file mode 100644 index 0000000..0524874 --- /dev/null +++ b/modules/ssh/files/sshd_config @@ -0,0 +1,77 @@ +# Package generated configuration file +# See the sshd(8) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +UsePAM yes diff --git a/modules/ssh/manifests/client.pp b/modules/ssh/manifests/client.pp new file mode 100644 index 0000000..5844897 --- /dev/null +++ b/modules/ssh/manifests/client.pp @@ -0,0 +1,5 @@ +class ssh::client { + include ssh::params + include ssh::client::install + include ssh::client::config +} diff --git a/modules/ssh/manifests/client/config.pp b/modules/ssh/manifests/client/config.pp new file mode 100644 index 0000000..11192d2 --- /dev/null +++ b/modules/ssh/manifests/client/config.pp @@ -0,0 +1,9 @@ +class ssh::client::config { + file { $ssh::params::ssh_config: + ensure => present, + owner => root, + group => root, + source => "puppet:///modules/${module_name}/ssh_config", + require => Class["ssh::client::install"], + } +} diff --git a/modules/ssh/manifests/client/install.pp b/modules/ssh/manifests/client/install.pp new file mode 100644 index 0000000..d221fe3 --- /dev/null +++ b/modules/ssh/manifests/client/install.pp @@ -0,0 +1,5 @@ +class ssh::client::install { + package { $ssh::params::client_package_name: + ensure => latest, + } +} diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp new file mode 100644 index 0000000..e89da5e --- /dev/null +++ b/modules/ssh/manifests/init.pp @@ -0,0 +1,4 @@ +class ssh { + include ssh::server + include ssh::client +} diff --git a/modules/ssh/manifests/params.pp b/modules/ssh/manifests/params.pp new file mode 100644 index 0000000..551eaae --- /dev/null +++ b/modules/ssh/manifests/params.pp @@ -0,0 +1,8 @@ +class ssh::params { + $server_package_name = "openssh-server" + $client_package_name = "openssh-client" + $sshd_config = "/etc/ssh/sshd_config" + $ssh_config = "/etc/ssh/ssh_config" + $ssh_known_hosts = "/etc/ssh/ssh_known_hosts" + $service_name = "ssh" +} diff --git a/modules/ssh/manifests/server.pp b/modules/ssh/manifests/server.pp new file mode 100644 index 0000000..6f06b72 --- /dev/null +++ b/modules/ssh/manifests/server.pp @@ -0,0 +1,6 @@ +class ssh::server { + include ssh::params + include ssh::server::install + include ssh::server::config + include ssh::server::service +} diff --git a/modules/ssh/manifests/server/config.pp b/modules/ssh/manifests/server/config.pp new file mode 100644 index 0000000..176dd32 --- /dev/null +++ b/modules/ssh/manifests/server/config.pp @@ -0,0 +1,12 @@ +class ssh::server::config { + file { $ssh::params::sshd_config: + ensure => present, + owner => "root", + group => "root", + mode => 0600, + replace => false, + source => "puppet:///modules/${module_name}/sshd_config", + require => Class["ssh::server::install"], + notify => Class["ssh::server::service"], + } +} diff --git a/modules/ssh/manifests/server/install.pp b/modules/ssh/manifests/server/install.pp new file mode 100644 index 0000000..20e0bb5 --- /dev/null +++ b/modules/ssh/manifests/server/install.pp @@ -0,0 +1,6 @@ +class ssh::server::install { + include ssh::params + package { $ssh::params::server_package_name: + ensure => present, + } +} diff --git a/modules/ssh/manifests/server/service.pp b/modules/ssh/manifests/server/service.pp new file mode 100644 index 0000000..8821d25 --- /dev/null +++ b/modules/ssh/manifests/server/service.pp @@ -0,0 +1,12 @@ +class ssh::server::service { + include ssh::params + include ssh::server + + service { $ssh::params::service_name: + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + require => Class["ssh::server::config"], + } +}