From 3cb86eb7b1d2ea94e803ca064348f66695754578 Mon Sep 17 00:00:00 2001
From: Simone Visconti <simone.visconti@garr.it>
Date: Wed, 5 Oct 2016 11:32:29 +0000
Subject: [PATCH] primo commit
---
Dockerfile | 17 -
README.md | 39 +-
ansible.cfg | 3 +-
inventories/openstack | 12 -
inventories/python27 | 1 +
playbook.yml | 7 +-
roles/comanage/README.md | 38 -
roles/comanage/defaults/main.yml | 2 -
roles/comanage/handlers/main.yml | 12 -
roles/comanage/meta/main.yml | 139 --
roles/comanage/tasks/apache.yml | 82 -
roles/comanage/tasks/comanage.yml | 107 -
roles/comanage/tasks/firewall.yml | 24 -
roles/comanage/tasks/main.yml | 16 -
roles/comanage/tasks/mysql.yml | 40 -
roles/comanage/tasks/packages.yml | 39 -
roles/comanage/tasks/php.yml | 33 -
roles/comanage/tasks/tests.yml | 26 -
roles/comanage/templates/apache-registry.j2 | 68 -
roles/comanage/templates/apache.conf.j2 | 136 --
roles/comanage/templates/my.cnf.j2 | 129 --
roles/comanage/templates/php.ini.j2 | 1951 -----------------
roles/comanage/templates/php5-fpm.conf.j2 | 6 -
roles/comanage/templates/registry.key.j2 | 28 -
roles/comanage/templates/registry.pem.j2 | 22 -
roles/comanage/vars/apache.yml | 23 -
roles/comanage/vars/comanage.yml | 22 -
roles/comanage/vars/firewall.yml | 12 -
roles/comanage/vars/main.yml | 4 -
roles/comanage/vars/mysql.yml | 10 -
roles/comanage/vars/packages.yml | 28 -
roles/database/handlers/main.yml | 6 -
roles/database/tasks/main.yml | 6 -
roles/database/tasks/mysql.yml | 37 -
roles/database/tasks/packages.yml | 8 -
roles/database/vars/mysql.yml | 5 -
roles/database/vars/packages.yml | 12 -
roles/generic/README.md | 39 -
roles/generic/defaults/main.yml | 2 -
roles/generic/files/install-zerotier.sh | 8 -
roles/generic/handlers/main.yml | 29 -
roles/generic/meta/main.yml | 139 --
roles/generic/tasks/firewall.yml | 29 -
roles/generic/tasks/main.yml | 22 -
roles/generic/tasks/ntp.yml | 10 -
roles/generic/tasks/packages.yml | 9 -
roles/generic/tasks/prepare.yml | 22 -
roles/generic/tasks/restart.yml | 11 -
roles/generic/tasks/ssh.yml | 24 -
roles/generic/tasks/tests.yml | 31 -
roles/generic/tasks/yubico.yml | 16 -
roles/generic/tasks/zerotier.yml | 30 -
roles/generic/templates/authorized_keys.j2 | 1 -
roles/generic/templates/ntp.conf.j2 | 54 -
roles/generic/templates/sshd_config.j2 | 88 -
roles/generic/templates/yubikeys.j2 | 1 -
roles/generic/vars/firewall.yml | 11 -
roles/generic/vars/ntp.yml | 7 -
roles/generic/vars/packages.yml | 6 -
roles/generic/vars/restart.yml | 4 -
roles/generic/vars/users.yml | 17 -
roles/generic/vars/zerotier.yml | 6 -
roles/loadbalancer/README.md | 38 -
roles/loadbalancer/handlers/main.yml | 11 -
roles/loadbalancer/handlers/nginx.yml | 5 -
roles/loadbalancer/tasks/firewall.yml | 25 -
roles/loadbalancer/tasks/main.yml | 8 -
roles/loadbalancer/tasks/nginx.yml | 22 -
roles/loadbalancer/tasks/packages.yml | 11 -
roles/loadbalancer/templates/nginx.conf.j2 | 61 -
roles/loadbalancer/templates/registry.key.j2 | 28 -
roles/loadbalancer/templates/registry.pem.j2 | 22 -
.../loadbalancer/templates/vopaas-ssl.conf.j2 | 75 -
roles/loadbalancer/templates/vopaas.conf.j2 | 57 -
roles/loadbalancer/vars/firewall.yml | 16 -
roles/loadbalancer/vars/main.yml | 21 -
roles/python27/tasks/main.yml | 9 +
start.sh | 2 +-
test.sh | 8 -
79 files changed, 25 insertions(+), 4160 deletions(-)
delete mode 100644 Dockerfile
delete mode 100644 inventories/openstack
create mode 100644 inventories/python27
delete mode 100644 roles/comanage/README.md
delete mode 100644 roles/comanage/defaults/main.yml
delete mode 100644 roles/comanage/handlers/main.yml
delete mode 100644 roles/comanage/meta/main.yml
delete mode 100644 roles/comanage/tasks/apache.yml
delete mode 100644 roles/comanage/tasks/comanage.yml
delete mode 100644 roles/comanage/tasks/firewall.yml
delete mode 100644 roles/comanage/tasks/main.yml
delete mode 100644 roles/comanage/tasks/mysql.yml
delete mode 100644 roles/comanage/tasks/packages.yml
delete mode 100644 roles/comanage/tasks/php.yml
delete mode 100644 roles/comanage/tasks/tests.yml
delete mode 100644 roles/comanage/templates/apache-registry.j2
delete mode 100644 roles/comanage/templates/apache.conf.j2
delete mode 100644 roles/comanage/templates/my.cnf.j2
delete mode 100644 roles/comanage/templates/php.ini.j2
delete mode 100644 roles/comanage/templates/php5-fpm.conf.j2
delete mode 100644 roles/comanage/templates/registry.key.j2
delete mode 100644 roles/comanage/templates/registry.pem.j2
delete mode 100644 roles/comanage/vars/apache.yml
delete mode 100644 roles/comanage/vars/comanage.yml
delete mode 100644 roles/comanage/vars/firewall.yml
delete mode 100644 roles/comanage/vars/main.yml
delete mode 100644 roles/comanage/vars/mysql.yml
delete mode 100644 roles/comanage/vars/packages.yml
delete mode 100644 roles/database/handlers/main.yml
delete mode 100644 roles/database/tasks/main.yml
delete mode 100644 roles/database/tasks/mysql.yml
delete mode 100644 roles/database/tasks/packages.yml
delete mode 100644 roles/database/vars/mysql.yml
delete mode 100644 roles/database/vars/packages.yml
delete mode 100644 roles/generic/README.md
delete mode 100644 roles/generic/defaults/main.yml
delete mode 100644 roles/generic/files/install-zerotier.sh
delete mode 100644 roles/generic/handlers/main.yml
delete mode 100644 roles/generic/meta/main.yml
delete mode 100644 roles/generic/tasks/firewall.yml
delete mode 100644 roles/generic/tasks/main.yml
delete mode 100644 roles/generic/tasks/ntp.yml
delete mode 100644 roles/generic/tasks/packages.yml
delete mode 100644 roles/generic/tasks/prepare.yml
delete mode 100644 roles/generic/tasks/restart.yml
delete mode 100644 roles/generic/tasks/ssh.yml
delete mode 100644 roles/generic/tasks/tests.yml
delete mode 100644 roles/generic/tasks/yubico.yml
delete mode 100644 roles/generic/tasks/zerotier.yml
delete mode 100644 roles/generic/templates/authorized_keys.j2
delete mode 100644 roles/generic/templates/ntp.conf.j2
delete mode 100644 roles/generic/templates/sshd_config.j2
delete mode 100644 roles/generic/templates/yubikeys.j2
delete mode 100644 roles/generic/vars/firewall.yml
delete mode 100644 roles/generic/vars/ntp.yml
delete mode 100644 roles/generic/vars/packages.yml
delete mode 100644 roles/generic/vars/restart.yml
delete mode 100644 roles/generic/vars/users.yml
delete mode 100644 roles/generic/vars/zerotier.yml
delete mode 100644 roles/loadbalancer/README.md
delete mode 100644 roles/loadbalancer/handlers/main.yml
delete mode 100644 roles/loadbalancer/handlers/nginx.yml
delete mode 100644 roles/loadbalancer/tasks/firewall.yml
delete mode 100644 roles/loadbalancer/tasks/main.yml
delete mode 100644 roles/loadbalancer/tasks/nginx.yml
delete mode 100644 roles/loadbalancer/tasks/packages.yml
delete mode 100644 roles/loadbalancer/templates/nginx.conf.j2
delete mode 100644 roles/loadbalancer/templates/registry.key.j2
delete mode 100644 roles/loadbalancer/templates/registry.pem.j2
delete mode 100644 roles/loadbalancer/templates/vopaas-ssl.conf.j2
delete mode 100644 roles/loadbalancer/templates/vopaas.conf.j2
delete mode 100644 roles/loadbalancer/vars/firewall.yml
delete mode 100644 roles/loadbalancer/vars/main.yml
create mode 100644 roles/python27/tasks/main.yml
delete mode 100755 test.sh
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 053e2f0..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,17 +0,0 @@
-# Create an up to date minimal Debian Jessie build
-
-# Pull base image
-FROM debian:jessie
-
-# Update packages
-RUN apt-get update && apt-get upgrade -y
-RUN apt-get update && apt-get install -y python-pip python-dev git
-
-# Install Ansible pre-requisites
-RUN pip install PyYAML jinja2 paramiko
-
-# Install Ansible
-RUN git clone --recursive https://github.com/ansible/ansible.git /opt/ansible
-RUN cd /opt/ansible && make install
-RUN mkdir /etc/ansible
-RUN cp /opt/ansible/examples/hosts /etc/ansible/
diff --git a/README.md b/README.md
index 284f7c4..f0ca186 100644
--- a/README.md
+++ b/README.md
@@ -1,35 +1,12 @@
-VOPaaS
+PYTHON 2.7
======
-Ansible playbooks and roles to install VOPaaS virtual machines.
+PLAYBOOK per l'installazione di python 2.7 senza utilizzare moduli Ansible.
+In sistemi operativi come Ubuntu 16.04, python 2.7 non è presente e Ansible non può operare completamente.
+Con questo playbook, sempre utilizzando Ansible, è possibile installare python 2.7 con due semplici task.
+è necessario:
+ - Impostare l'utente ssh per la connessione
+ - Definire nell'inventory gli indirizzi IP / URL
-This codebase contains all the roles/playbooks and templates to configure VOPaaS VMs.
-The target Linux distribution for VOPaaS servers is Debian.
-
-This codebase use Ansible 2.0.2.
-To install on a Debian 8.2:
-- pip install ansible
-- easy_install debian
-
-
-This codebase also contains a `test.sh` script to verify that the installation works correctly.
-This script leverages a Docker container with a plain Debian box to test all the playbooks
-to be working correctly.
-To use it, you have to install Docker and create the image with the command (from the project's main folder):
-```
-root# docker build -t vopaas .
-```
-after that the Ansible playbook can be tested with the `./test.sh` command.
-
-This codebase contains a 'start.sh" script to execute ansible playbook.
-example:
-" ./start.sh INVENTORYNAME"
-
-Inventory file should be placed in "inventory" folder
-
-roles:
- - generic
- - comanage
- - database (work in progress)
- - loadbalancer
+@Author: Simone Visconti
diff --git a/ansible.cfg b/ansible.cfg
index 3227c36..644b02b 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -29,8 +29,7 @@
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
-#gathering = implicit
-
+#gathering = explicit
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles
diff --git a/inventories/openstack b/inventories/openstack
deleted file mode 100644
index 81fc28e..0000000
--- a/inventories/openstack
+++ /dev/null
@@ -1,12 +0,0 @@
-[teip]
-192.168.90.30
-192.168.90.31
-
-[loadbalancer]
-192.168.90.32
-192.168.90.33
-
-[comanage]
-192.168.90.34
-192.168.90.35
-
diff --git a/inventories/python27 b/inventories/python27
new file mode 100644
index 0000000..4253db6
--- /dev/null
+++ b/inventories/python27
@@ -0,0 +1 @@
+192.168.90.42
diff --git a/playbook.yml b/playbook.yml
index b623db1..3320bed 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -3,8 +3,11 @@
- name: install and configure generic services
become: yes
+ gather_facts: false
hosts: all
- remote_user: debian
+ vars:
+ ansible_python_interpreter: /usr/bin/python2.7
+ remote_user: ubuntu
roles:
- - generic
+ - python27
diff --git a/roles/comanage/README.md b/roles/comanage/README.md
deleted file mode 100644
index 2dc68e5..0000000
--- a/roles/comanage/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-Generic
-=======
-
-This role describes a comanage server in the VOPaaS environment.
-
-Requirements
-------------
-
-This playbook's role has been tested in Debian 8, which is the distribution used within VOPaaS.
-
-Role Variables
---------------
-
-
-
-Dependencies
-------------
-
-No dependency required.
-
-Example Playbook
-----------------
-
-This role can be used as follows:
-
- - hosts: servers
- roles:
- - { role: username.rolename, x: 42 }
-
-License
--------
-
-TBD
-
-Author Information
-------------------
-
-Simone Visconti <simone.visconti@garr.it>
diff --git a/roles/comanage/defaults/main.yml b/roles/comanage/defaults/main.yml
deleted file mode 100644
index faf51c8..0000000
--- a/roles/comanage/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# defaults file for generic
diff --git a/roles/comanage/handlers/main.yml b/roles/comanage/handlers/main.yml
deleted file mode 100644
index 3b4dbf9..0000000
--- a/roles/comanage/handlers/main.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# handlers file for generic
-- name: restart apache2
- become: yes
- become_method: sudo
- service: name=apache2 state=restarted
-
-- name: Reload firewall definitions
- become: yes
- become_user: root
- command: "firewall-cmd --reload"
-
diff --git a/roles/comanage/meta/main.yml b/roles/comanage/meta/main.yml
deleted file mode 100644
index 62c7d35..0000000
--- a/roles/comanage/meta/main.yml
+++ /dev/null
@@ -1,139 +0,0 @@
----
-galaxy_info:
- author: your name
- description:
- company: your company (optional)
- # If the issue tracker for your role is not on github, uncomment the
- # next line and provide a value
- # issue_tracker_url: http://example.com/issue/tracker
- # Some suggested licenses:
- # - BSD (default)
- # - MIT
- # - GPLv2
- # - GPLv3
- # - Apache
- # - CC-BY
- license: license (GPLv2, CC-BY, etc)
- min_ansible_version: 1.2
- #
- # Below are all platforms currently available. Just uncomment
- # the ones that apply to your role. If you don't see your
- # platform on this list, let us know and we'll get it added!
- #
- #platforms:
- #- name: EL
- # versions:
- # - all
- # - 5
- # - 6
- # - 7
- #- name: GenericUNIX
- # versions:
- # - all
- # - any
- #- name: Fedora
- # versions:
- # - all
- # - 16
- # - 17
- # - 18
- # - 19
- # - 20
- # - 21
- # - 22
- #- name: Windows
- # versions:
- # - all
- # - 2012R2
- #- name: SmartOS
- # versions:
- # - all
- # - any
- #- name: opensuse
- # versions:
- # - all
- # - 12.1
- # - 12.2
- # - 12.3
- # - 13.1
- # - 13.2
- #- name: Amazon
- # versions:
- # - all
- # - 2013.03
- # - 2013.09
- #- name: GenericBSD
- # versions:
- # - all
- # - any
- #- name: FreeBSD
- # versions:
- # - all
- # - 8.0
- # - 8.1
- # - 8.2
- # - 8.3
- # - 8.4
- # - 9.0
- # - 9.1
- # - 9.1
- # - 9.2
- #- name: Ubuntu
- # versions:
- # - all
- # - lucid
- # - maverick
- # - natty
- # - oneiric
- # - precise
- # - quantal
- # - raring
- # - saucy
- # - trusty
- # - utopic
- # - vivid
- #- name: SLES
- # versions:
- # - all
- # - 10SP3
- # - 10SP4
- # - 11
- # - 11SP1
- # - 11SP2
- # - 11SP3
- #- name: GenericLinux
- # versions:
- # - all
- # - any
- #- name: Debian
- # versions:
- # - all
- # - etch
- # - jessie
- # - lenny
- # - squeeze
- # - wheezy
- #
- # Below are all categories currently available. Just as with
- # the platforms above, uncomment those that apply to your role.
- #
- #categories:
- #- cloud
- #- cloud:ec2
- #- cloud:gce
- #- cloud:rax
- #- clustering
- #- database
- #- database:nosql
- #- database:sql
- #- development
- #- monitoring
- #- networking
- #- packaging
- #- system
- #- web
-dependencies: []
- # List your role dependencies here, one per line.
- # Be sure to remove the '[]' above if you add dependencies
- # to this list.
-
diff --git a/roles/comanage/tasks/apache.yml b/roles/comanage/tasks/apache.yml
deleted file mode 100644
index 8f72035..0000000
--- a/roles/comanage/tasks/apache.yml
+++ /dev/null
@@ -1,82 +0,0 @@
----
-# playbook to install and configure general components of a Comanage machine
-- include_vars: "roles/comanage/vars/apache.yml"
-
-#Uncomment for activate php-fpm
-#- name: disable apache module
-# apache2_module:
-# state: absent
-# name: "{{ item }}"
-# with_items: dismodule
-#
-#- name: enable apache mpm_worker module manually
-# command: a2enmod mpm_worker
-
-#- name: Check for existing SSL certificate
-# become: yes
-# become_method: sudo
-# stat: path=/etc/ssl/private/registry.key
-# register: registry_cert_stat
-
-#- name: Create self signed SSL certificate
-# become: yes
-# become_method: sudo
-# command: openssl req -new -nodes -x509 -subj "/C=NL/ST=Utrecht/L=Utrecht/O=Snake Oil Certificates/CN=${ansible_fqdn}" -days 3650 -keyout /etc/ssl/private/registry.key -out /etc/ssl/certs/registry.pem -extensions v3_ca creates=/etc/ssl/certs/registry.pem
-# when: registry_cert_stat.stat.exists == false
-# notify:
-# - restart apache2
-
-- name: copy web key
- become_method: sudo
- template:
- src: roles/comanage/templates/registry.pem.j2
- dest: /etc/ssl/certs/registry.pem
-
-- name: copy web key
- become_method: sudo
- template:
- src: roles/comanage/templates/registry.key.j2
- dest: /etc/ssl/private/registry.key
-
-
-- name: Enable Apache2 modules
- become_method: sudo
- action: apache2_module name={{ item }} state=present
- with_items:
- - rewrite
- - ssl
- notify:
- - restart apache2
-
-- name: Apache registry symlink
- become_method: sudo
- file:
- src: "/srv/comanage/registry-current/app/webroot"
- dest: "/var/www/html/registry"
- state: link
-
-- name: Install registry apache configuration
- become_method: sudo
- template:
- src: apache-registry.j2
- dest: /etc/apache2/sites-available/registry.conf
- notify:
- - restart apache2
-
-- name: Disable default site
- become_method: sudo
- command: a2dissite 000-default
- notify:
- - restart apache2
-
-- name: Enable comanage site
- become_method: sudo
- command: a2ensite registry
- notify:
- - restart apache2
-
-- name: Verify apache is running
- become_method: sudo
- service:
- name: apache2
- state: started
diff --git a/roles/comanage/tasks/comanage.yml b/roles/comanage/tasks/comanage.yml
deleted file mode 100644
index f22dab9..0000000
--- a/roles/comanage/tasks/comanage.yml
+++ /dev/null
@@ -1,107 +0,0 @@
----
-### Modified by Benjamin Oshrin comanage yaml
- # Download COmanage source using tarball of specified release
- # (No need to clone git repo with extra files)
- - include_vars: roles/comanage/vars/comanage.yml
-
- - name: Create target directories
- become_method: sudo
- file:
- path: "/srv/comanage/src"
- state: directory
- mode: 0755
-
- - name: Download comanage source
- become_method: sudo
- get_url:
- url: "https://github.com/Internet2/comanage-registry/archive/{{ comanage_version }}.tar.gz"
- dest: "/srv/comanage/src/{{ comanage_version }}.tar.gz"
- register: comanage_downloaded
-
- - name: Unarchive comanage source
- become_method: sudo
- unarchive:
- src: "/srv/comanage/src/{{ comanage_version }}.tar.gz"
- dest: "/srv/comanage"
- copy: no
- when: comanage_downloaded|changed
-
- - name: Symlink comanage source
- become_method: sudo
- file:
- src: "/srv/comanage/comanage-registry-{{ comanage_version }}"
- dest: "/srv/comanage/registry-current"
- state: link
-
- - name: Check for comanage tmp directory
- stat: path=/var/cache/registry
- register: registry_tmp_stat
-
- - name: Create comanage tmp directory
- become_method: sudo
- command: mv /srv/comanage/registry-current/app/tmp.dist /var/cache/registry
- when: registry_tmp_stat.stat.exists == false
-
- - name: Verify comanage tmp directory ownership and permissions
- become_method: sudo
- file:
- path: /var/cache/registry
- owner: www-data
- state: directory
- recurse: yes
-
- - name: Check for comanage local tmp
- become_method: sudo
- stat: path=/srv/comanage/registry-current/local/tmp
- register: registry_tmp_local_stat
-
- - name: Create comanage tmp symlink
- become_method: sudo
- file:
- src: /var/cache/registry
- dest: /srv/comanage/registry-current/local/tmp
- state: link
- when: registry_tmp_local_stat.stat.exists == false
-
- - name: Check for database config
- become_method: sudo
- stat: path=/srv/comanage/registry-current/local/Config/database.php
- register: registry_database_stat
-
- - name: Copy database config
- become_method: sudo
- command: cp /srv/comanage/registry-current/app/Config/database.php.default /srv/comanage/registry-current/local/Config/database.php
- when: registry_database_stat.stat.exists == false
-
- - name: Configure database connection info
- become_method: sudo
- replace:
- dest: /srv/comanage/registry-current/local/Config/database.php
- regexp: "{{ item.regexp }}"
- replace: "{{ item.replace }}"
- with_items: replace
-
- - name: Install database schema
- become_method: sudo
- command: ./Console/cake database
- args:
- chdir: /srv/comanage/registry-current/app
- when: registry_database_stat.stat.exists == false
-
- - name: Check for email config
- become_method: sudo
- stat: path=/srv/comanage/registry-current/local/Config/email.php
- register: registry_email_stat
-
- - name: Copy email config
- become_method: sudo
- command: cp /srv/comanage/registry-current/app/Config/email.php.default /srv/comanage/registry-current/local/Config/email.php
- when: registry_email_stat.stat.exists == false
-
- - name: Configure database connection info
- become_method: sudo
- replace:
- dest: /srv/comanage/registry-current/local/Config/database.php
- regexp: "{{ item.regexp }}"
- replace: "{{ item.replace }}"
- with_items: infodb
diff --git a/roles/comanage/tasks/firewall.yml b/roles/comanage/tasks/firewall.yml
deleted file mode 100644
index 8599ff8..0000000
--- a/roles/comanage/tasks/firewall.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-# playbook to install and configure general components of a VOPaaS machine
-- include_vars: "roles/comanage/vars/firewall.yml"
-
-- name: Add rules for the firewall
- become_user: root
- firewalld:
- port: "{{ item.port }}/{{ item.protocol}}"
- permanent: true
- state: enabled
- zone: "{{ item.zone }}"
- with_items: ports
- notify: Reload firewall definitions
-
-- name: Add service to the firewall
- become_user: root
- firewalld:
- service: "{{ item }}"
- permanent: true
- state: enabled
- zone: "public"
- with_items: servicefirewall
- notify: Reload firewall definitions
-
diff --git a/roles/comanage/tasks/main.yml b/roles/comanage/tasks/main.yml
deleted file mode 100644
index c4ad195..0000000
--- a/roles/comanage/tasks/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# playbook to install and configure general components of a VOPaaS machine
-
-- include: packages.yml
-
-- include: mysql.yml
-
-#uncomment for switch to php-fpm
-#- include: php.yml
-
-- include: comanage.yml
-
-- include: apache.yml
-# Test tasks provided to verify all installations went good and with no errors
-
-#- include: tests.yml
diff --git a/roles/comanage/tasks/mysql.yml b/roles/comanage/tasks/mysql.yml
deleted file mode 100644
index 7d050d8..0000000
--- a/roles/comanage/tasks/mysql.yml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-#Have fun with Mysql!
-
-- include_vars: roles/comanage/vars/mysql.yml
-
-- name: Start the MySQL service
- become_method: sudo
- service:
- name: "{{ item.name }}"
- state: "{{ item.state }}"
- with_items: sqlstart
-
-- name: create database for comanage
- mysql_db:
- login_user: root
- name: registry
- state: present
-
-- name: create user for mysql with all privilege
- mysql_user:
- login_user: root
- name: comanage
- password: C0man4ge
- priv: "registry.*:ALL"
- state: present
-
-- name: copy .my.cnf file
- become_method: sudo
- template:
- src: roles/comanage/templates/my.cnf.j2
- dest: /etc/mysql/my.cnf
- owner: root
- mode: 0600
-
-- name: Restart the MySQL service
- become_method: sudo
- service:
- name: "{{ item.name }}"
- state: "{{ item.state }}"
- with_items: sqlrestart
diff --git a/roles/comanage/tasks/packages.yml b/roles/comanage/tasks/packages.yml
deleted file mode 100644
index c734ac1..0000000
--- a/roles/comanage/tasks/packages.yml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-- include_vars: "roles/comanage/vars/packages.yml"
-
-#Command for switch from apache2_handler to php-fpm
-#- name: Remove a repo
-# apt_repository:
-# repo: "{{ item }}"
-# state: present
-# update_cache: no
-# with_items: removerepository
-
-#- name: Add fastcgi repository
-# apt_repository:
-# repo: "{{ item }}"
-# state: present
-# update_cache: no
-# with_items: repository
-
-- name: perform apt-get update
- become_method: sudo
- apt:
- update_cache: yes
- cache_valid_time: 360
- tags: packages
-
-- name: ensure that packages are installed
- become_method: sudo
- apt:
- name: "{{ item }}"
- state: present
- with_items: packages
- tags: packages
-
-#- name: install php-fpm packages
-# apt:
-# name: "{{ item }}"
-# state: present
-# with_items: packagesfastcgi
-
diff --git a/roles/comanage/tasks/php.yml b/roles/comanage/tasks/php.yml
deleted file mode 100644
index ec679e3..0000000
--- a/roles/comanage/tasks/php.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-# playbook to install and configure general components of a Comanage machine
-
-- name: Check php software
- service:
- state: started
- name: php5-fpm
-
-- name: Create php5 folder
- file: path=/etc/php5/php-fpm state=directory mode=0755
-
-- name: add php5-fpm.conf to conf-available
- template:
- src: roles/comanage/templates/php5-fpm.conf.j2
- dest: /etc/apache2/conf-available/php5-fpm.conf
-
-- name: add php5-fpm.conf to conf-enabled
- template:
- src: roles/comanage/templates/php5-fpm.conf.j2
- dest: /etc/apache2/conf-enabled/php5-fpm.conf
-
-- name: change php.ini
- template:
- src: roles/comanage/templates/php.ini.j2
- dest: /etc/php5/php-fpm/php.ini
-
-- name: touch php5-fpm
- file:
- path: /usr/lib/cgi-bin/php5-fcgi
- state: touch
- mode: 0755
- owner: www-data
- group: www-data
diff --git a/roles/comanage/tasks/tests.yml b/roles/comanage/tasks/tests.yml
deleted file mode 100644
index a2dc41a..0000000
--- a/roles/comanage/tasks/tests.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-# Tests for the generic tasks
-- include_vars: "roles/comanage/vars/ntp.yml"
-- include_vars: "roles/comanage/vars/zerotier.yml"
-
-- name: Get time drift
- command: /usr/sbin/ntptime
- register: thetime
- changed_when: false
-
-- name: Raise error if differente is larger than acceptable difference
- fail:
- msg: "ERROR: The time difference is NOT ok"
- when: "{{ thetime['stdout_lines'] | regex_replace('^.*offset (\\d+.\\d+).*$', '\\1') | float * 1000 > item }}"
- with_items: time_difference
-
-- name: Get the zerotier network list
- command: zerotier-cli listnetworks
- register: listnetworks
- changed_when: false
-
-- name: Raise error if the network searched is not in network list
- fail:
- msg: "ERROR: the network is not in the list of networks for zerotier client"
- when: "\"200 listnetworks {{ networkid }}\" in thetime['stdout']"
- with_items: time_difference
diff --git a/roles/comanage/templates/apache-registry.j2 b/roles/comanage/templates/apache-registry.j2
deleted file mode 100644
index a0be021..0000000
--- a/roles/comanage/templates/apache-registry.j2
+++ /dev/null
@@ -1,68 +0,0 @@
-<VirtualHost *:80>
- UseCanonicalName On
-
- RedirectMatch (.*) https://{{ comanage }}$1
-</VirtualHost>
-
-<VirtualHost *:443>
- UseCanonicalName On
-
- ErrorLog ${APACHE_LOG_DIR}/registry_error.log
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/registry_access.log combined
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/registry.pem
- SSLCertificateKeyFile /etc/ssl/private/registry.key
- #SSLCertificateChainFile /etc/ssl/certs/registry-intermediate.crt
- SSLProtocol All -SSLv2 -SSLv3
- SSLCompression off
- SSLHonorCipherOrder On
- #SSLCipherSuite AES128+EECDH:AES128+EDH
- SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
-
- <Location /Shibboleth.sso>
- SetHandler shib
- </Location>
-
- DocumentRoot /var/www/html
- RedirectMatch ^/$ https://{{ comanage }}/registry/
- Redirect /registry/users/logout https://{{ comanage }}/Shibboleth.sso/Logout?return=https%3A//{{ comanage }}/registry/
-
- <Directory />
- Options FollowSymLinks
- AllowOverride None
- </Directory>
-
- <Directory /var/www/html/eds/>
- Options Indexes
- Order allow,deny
- allow from all
- </Directory>
-
- <Directory /var/www/html/registry/>
- Options Indexes FollowSymLinks MultiViews
- DirectoryIndex index.php
- AllowOverride All
- Order allow,deny
- allow from all
- </Directory>
-
- <Directory /var/www/html/registry/auth/login/>
- # AuthType shibboleth
- # ShibRequestSetting requireSession 1
- Require valid-user
- </Directory>
-
- <Directory /var/www/html/shibhook/>
- # AuthType shibboleth
- # ShibRequestSetting requireSession 1
- Require valid-user
- </Directory>
-
- <Location /registry>
- # AuthType shibboleth
- # Require shibboleth
- </Location>
-</VirtualHost>
diff --git a/roles/comanage/templates/apache.conf.j2 b/roles/comanage/templates/apache.conf.j2
deleted file mode 100644
index 4ddf10d..0000000
--- a/roles/comanage/templates/apache.conf.j2
+++ /dev/null
@@ -1,136 +0,0 @@
-<IfModule mod_ssl.c>
- <VirtualHost _default_:443>
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www/html
-
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
-
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
-
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-
- # Server Certificate Chain:
- # Point SSLCertificateChainFile at a file containing the
- # concatenation of PEM encoded CA certificates which form the
- # certificate chain for the server certificate. Alternatively
- # the referenced file can be the same as SSLCertificateFile
- # when the CA certificates are directly appended to the server
- # certificate for convinience.
- #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
-
- # Certificate Authority (CA):
- # Set the CA certificate verification path where to find CA
- # certificates for client authentication or alternatively one
- # huge file containing all of them (file must be PEM encoded)
- # Note: Inside SSLCACertificatePath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCACertificatePath /etc/ssl/certs/
- #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
-
- # Certificate Revocation Lists (CRL):
- # Set the CA revocation path where to find CA CRLs for client
- # authentication or alternatively one huge file containing all
- # of them (file must be PEM encoded)
- # Note: Inside SSLCARevocationPath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCARevocationPath /etc/apache2/ssl.crl/
- #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
-
- # Client Authentication (Type):
- # Client certificate verification type and depth. Types are
- # none, optional, require and optional_no_ca. Depth is a
- # number which specifies how deeply to verify the certificate
- # issuer chain before deciding the certificate is not valid.
- #SSLVerifyClient require
- #SSLVerifyDepth 10
-
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory /usr/lib/cgi-bin>
- SSLOptions +StdEnvVars
- </Directory>
-
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # MSIE 7 and newer should be able to use keepalive
- BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-
- </VirtualHost>
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/comanage/templates/my.cnf.j2 b/roles/comanage/templates/my.cnf.j2
deleted file mode 100644
index f3a228e..0000000
--- a/roles/comanage/templates/my.cnf.j2
+++ /dev/null
@@ -1,129 +0,0 @@
-#
-# The MySQL database server configuration file.
-#
-# You can copy this to one of:
-# - "/etc/mysql/my.cnf" to set global options,
-# - "~/.my.cnf" to set user-specific options.
-#
-# One can use all long options that the program supports.
-# Run program with --help to get a list of available options and with
-# --print-defaults to see which it would actually understand and use.
-#
-# For explanations see
-# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
-
-# This will be passed to all mysql clients
-# It has been reported that passwords should be enclosed with ticks/quotes
-# escpecially if they contain "#" chars...
-# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
-[client]
-port = 3306
-socket = /var/run/mysqld/mysqld.sock
-
-# Here is entries for some specific programs
-# The following values assume you have at least 32M ram
-
-# This was formally known as [safe_mysqld]. Both versions are currently parsed.
-[mysqld_safe]
-socket = /var/run/mysqld/mysqld.sock
-nice = 0
-
-[mysqld]
-#
-# * Basic Settings
-#
-user = mysql
-pid-file = /var/run/mysqld/mysqld.pid
-socket = /var/run/mysqld/mysqld.sock
-port = 3306
-basedir = /usr
-datadir = /var/lib/mysql
-tmpdir = /tmp
-lc-messages-dir = /usr/share/mysql
-skip-external-locking
-#
-# Instead of skip-networking the default is now to listen only on
-# localhost which is more compatible and is not less secure.
-bind-address = 127.0.0.1
-#
-# * Fine Tuning
-#
-key_buffer = 16M
-max_allowed_packet = 16M
-thread_stack = 192K
-thread_cache_size = 8
-# This replaces the startup script and checks MyISAM tables if needed
-# the first time they are touched
-myisam-recover = BACKUP
-#max_connections = 100
-#table_cache = 64
-#thread_concurrency = 10
-#
-# * Query Cache Configuration
-#
-query_cache_limit = 1M
-query_cache_size = 16M
-#
-# * Logging and Replication
-#
-# Both location gets rotated by the cronjob.
-# Be aware that this log type is a performance killer.
-# As of 5.1 you can enable the log at runtime!
-#general_log_file = /var/log/mysql/mysql.log
-#general_log = 1
-#
-# Error log - should be very few entries.
-#
-log_error = /var/log/mysql/error.log
-#
-# Here you can see queries with especially long duration
-#slow_query_log_file = /var/log/mysql/mysql-slow.log
-#slow_query_log = 1
-#long_query_time = 2
-#log_queries_not_using_indexes
-#
-# The following can be used as easy to replay backup logs or for replication.
-# note: if you are setting up a replication slave, see README.Debian about
-# other settings you may need to change.
-#server-id = 1
-#log_bin = /var/log/mysql/mysql-bin.log
-expire_logs_days = 10
-max_binlog_size = 100M
-#binlog_do_db = include_database_name
-#binlog_ignore_db = include_database_name
-#
-# * InnoDB
-#
-# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
-# Read the manual for more InnoDB related options. There are many!
-#
-# * Security Features
-#
-# Read the manual, too, if you want chroot!
-# chroot = /var/lib/mysql/
-#
-# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
-#
-# ssl-ca=/etc/mysql/cacert.pem
-# ssl-cert=/etc/mysql/server-cert.pem
-# ssl-key=/etc/mysql/server-key.pem
-
-
-
-[mysqldump]
-quick
-quote-names
-max_allowed_packet = 16M
-
-[mysql]
-#no-auto-rehash # faster start of mysql but no tab completition
-
-[isamchk]
-key_buffer = 16M
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-# The files must end with '.cnf', otherwise they'll be ignored.
-#
-!includedir /etc/mysql/conf.d/
-
diff --git a/roles/comanage/templates/php.ini.j2 b/roles/comanage/templates/php.ini.j2
deleted file mode 100644
index d3b1241..0000000
--- a/roles/comanage/templates/php.ini.j2
+++ /dev/null
@@ -1,1951 +0,0 @@
-;;;;;;;;;;;;;;;;;;;
-; About php.ini ;
-;;;;;;;;;;;;;;;;;;;
-; PHP's initialization file, generally called php.ini, is responsible for
-; configuring many of the aspects of PHP's behavior.
-
-; PHP attempts to find and load this configuration from a number of locations.
-; The following is a summary of its search order:
-; 1. SAPI module specific location.
-; 2. The PHPRC environment variable. (As of PHP 5.2.0)
-; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
-; 4. Current working directory (except CLI)
-; 5. The web server's directory (for SAPI modules), or directory of PHP
-; (otherwise in Windows)
-; 6. The directory from the --with-config-file-path compile time option, or the
-; Windows directory (C:\windows or C:\winnt)
-; See the PHP docs for more specific information.
-; http://php.net/configuration.file
-
-; The syntax of the file is extremely simple. Whitespace and lines
-; beginning with a semicolon are silently ignored (as you probably guessed).
-; Section headers (e.g. [Foo]) are also silently ignored, even though
-; they might mean something in the future.
-
-; Directives following the section heading [PATH=/www/mysite] only
-; apply to PHP files in the /www/mysite directory. Directives
-; following the section heading [HOST=www.example.com] only apply to
-; PHP files served from www.example.com. Directives set in these
-; special sections cannot be overridden by user-defined INI files or
-; at runtime. Currently, [PATH=] and [HOST=] sections only work under
-; CGI/FastCGI.
-; http://php.net/ini.sections
-
-; Directives are specified using the following syntax:
-; directive = value
-; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
-; Directives are variables used to configure PHP or PHP extensions.
-; There is no name validation. If PHP can't find an expected
-; directive because it is not set or is mistyped, a default value will be used.
-
-; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
-; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
-; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
-; previously set variable or directive (e.g. ${foo})
-
-; Expressions in the INI file are limited to bitwise operators and parentheses:
-; | bitwise OR
-; ^ bitwise XOR
-; & bitwise AND
-; ~ bitwise NOT
-; ! boolean NOT
-
-; Boolean flags can be turned on using the values 1, On, True or Yes.
-; They can be turned off using the values 0, Off, False or No.
-
-; An empty string can be denoted by simply not writing anything after the equal
-; sign, or by using the None keyword:
-
-; foo = ; sets foo to an empty string
-; foo = None ; sets foo to an empty string
-; foo = "None" ; sets foo to the string 'None'
-
-; If you use constants in your value, and these constants belong to a
-; dynamically loaded extension (either a PHP extension or a Zend extension),
-; you may only use these constants *after* the line that loads the extension.
-
-;;;;;;;;;;;;;;;;;;;
-; About this file ;
-;;;;;;;;;;;;;;;;;;;
-; PHP comes packaged with two INI files. One that is recommended to be used
-; in production environments and one that is recommended to be used in
-; development environments.
-
-; php.ini-production contains settings which hold security, performance and
-; best practices at its core. But please be aware, these settings may break
-; compatibility with older or less security conscience applications. We
-; recommending using the production ini in production and testing environments.
-
-; php.ini-development is very similar to its production variant, except it is
-; much more verbose when it comes to errors. We recommend using the
-; development version only in development environments, as errors shown to
-; application users can inadvertently leak otherwise secure information.
-
-; This is php.ini-production INI file.
-
-;;;;;;;;;;;;;;;;;;;
-; Quick Reference ;
-;;;;;;;;;;;;;;;;;;;
-; The following are all the settings which are different in either the production
-; or development versions of the INIs with respect to PHP's default behavior.
-; Please see the actual settings later in the document for more details as to why
-; we recommend these changes in PHP's behavior.
-
-; display_errors
-; Default Value: On
-; Development Value: On
-; Production Value: Off
-
-; display_startup_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-
-; error_reporting
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
-; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
-
-; html_errors
-; Default Value: On
-; Development Value: On
-; Production value: On
-
-; log_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: On
-
-; max_input_time
-; Default Value: -1 (Unlimited)
-; Development Value: 60 (60 seconds)
-; Production Value: 60 (60 seconds)
-
-; output_buffering
-; Default Value: Off
-; Development Value: 4096
-; Production Value: 4096
-
-; register_argc_argv
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
-; request_order
-; Default Value: None
-; Development Value: "GP"
-; Production Value: "GP"
-
-; session.gc_divisor
-; Default Value: 100
-; Development Value: 1000
-; Production Value: 1000
-
-; session.hash_bits_per_character
-; Default Value: 4
-; Development Value: 5
-; Production Value: 5
-
-; short_open_tag
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
-; track_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-
-; url_rewriter.tags
-; Default Value: "a=href,area=href,frame=src,form=,fieldset="
-; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-
-; variables_order
-; Default Value: "EGPCS"
-; Development Value: "GPCS"
-; Production Value: "GPCS"
-
-;;;;;;;;;;;;;;;;;;;;
-; php.ini Options ;
-;;;;;;;;;;;;;;;;;;;;
-; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
-;user_ini.filename = ".user.ini"
-
-; To disable this feature set this option to empty value
-;user_ini.filename =
-
-; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
-;user_ini.cache_ttl = 300
-
-;;;;;;;;;;;;;;;;;;;;
-; Language Options ;
-;;;;;;;;;;;;;;;;;;;;
-
-; Enable the PHP scripting language engine under Apache.
-; http://php.net/engine
-engine = On
-
-; This directive determines whether or not PHP will recognize code between
-; <? and ?> tags as PHP source which should be processed as such. It is
-; generally recommended that <?php and ?> should be used and that this feature
-; should be disabled, as enabling it may result in issues when generating XML
-; documents, however this remains supported for backward compatibility reasons.
-; Note that this directive does not control the <?= shorthand tag, which can be
-; used regardless of this directive.
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-; http://php.net/short-open-tag
-short_open_tag = Off
-
-; Allow ASP-style <% %> tags.
-; http://php.net/asp-tags
-asp_tags = Off
-
-; The number of significant digits displayed in floating point numbers.
-; http://php.net/precision
-precision = 14
-
-; Output buffering is a mechanism for controlling how much output data
-; (excluding headers and cookies) PHP should keep internally before pushing that
-; data to the client. If your application's output exceeds this setting, PHP
-; will send that data in chunks of roughly the size you specify.
-; Turning on this setting and managing its maximum buffer size can yield some
-; interesting side-effects depending on your application and web server.
-; You may be able to send headers and cookies after you've already sent output
-; through print or echo. You also may see performance benefits if your server is
-; emitting less packets due to buffered output versus PHP streaming the output
-; as it gets it. On production servers, 4096 bytes is a good setting for performance
-; reasons.
-; Note: Output buffering can also be controlled via Output Buffering Control
-; functions.
-; Possible Values:
-; On = Enabled and buffer is unlimited. (Use with caution)
-; Off = Disabled
-; Integer = Enables the buffer and sets its maximum size in bytes.
-; Note: This directive is hardcoded to Off for the CLI SAPI
-; Default Value: Off
-; Development Value: 4096
-; Production Value: 4096
-; http://php.net/output-buffering
-output_buffering = 4096
-
-; You can redirect all of the output of your scripts to a function. For
-; example, if you set output_handler to "mb_output_handler", character
-; encoding will be transparently converted to the specified encoding.
-; Setting any output handler automatically turns on output buffering.
-; Note: People who wrote portable scripts should not depend on this ini
-; directive. Instead, explicitly set the output handler using ob_start().
-; Using this ini directive may cause problems unless you know what script
-; is doing.
-; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
-; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
-; Note: output_handler must be empty if this is set 'On' !!!!
-; Instead you must use zlib.output_handler.
-; http://php.net/output-handler
-;output_handler =
-
-; Transparent output compression using the zlib library
-; Valid values for this option are 'off', 'on', or a specific buffer size
-; to be used for compression (default is 4KB)
-; Note: Resulting chunk size may vary due to nature of compression. PHP
-; outputs chunks that are few hundreds bytes each as a result of
-; compression. If you prefer a larger chunk size for better
-; performance, enable output_buffering in addition.
-; Note: You need to use zlib.output_handler instead of the standard
-; output_handler, or otherwise the output will be corrupted.
-; http://php.net/zlib.output-compression
-zlib.output_compression = Off
-
-; http://php.net/zlib.output-compression-level
-;zlib.output_compression_level = -1
-
-; You cannot specify additional output handlers if zlib.output_compression
-; is activated here. This setting does the same as output_handler but in
-; a different order.
-; http://php.net/zlib.output-handler
-;zlib.output_handler =
-
-; Implicit flush tells PHP to tell the output layer to flush itself
-; automatically after every output block. This is equivalent to calling the
-; PHP function flush() after each and every call to print() or echo() and each
-; and every HTML block. Turning this option on has serious performance
-; implications and is generally recommended for debugging purposes only.
-; http://php.net/implicit-flush
-; Note: This directive is hardcoded to On for the CLI SAPI
-implicit_flush = Off
-
-; The unserialize callback function will be called (with the undefined class'
-; name as parameter), if the unserializer finds an undefined class
-; which should be instantiated. A warning appears if the specified function is
-; not defined, or if the function doesn't include/implement the missing class.
-; So only set this entry, if you really want to implement such a
-; callback-function.
-unserialize_callback_func =
-
-; When floats & doubles are serialized store serialize_precision significant
-; digits after the floating point. The default value ensures that when floats
-; are decoded with unserialize, the data will remain the same.
-serialize_precision = 17
-
-; open_basedir, if set, limits all file operations to the defined directory
-; and below. This directive makes most sense if used in a per-directory
-; or per-virtualhost web server configuration file.
-; http://php.net/open-basedir
-;open_basedir =
-
-; This directive allows you to disable certain functions for security reasons.
-; It receives a comma-delimited list of function names.
-; http://php.net/disable-functions
-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
-
-; This directive allows you to disable certain classes for security reasons.
-; It receives a comma-delimited list of class names.
-; http://php.net/disable-classes
-disable_classes =
-
-; Colors for Syntax Highlighting mode. Anything that's acceptable in
-; <span style="color: ???????"> would work.
-; http://php.net/syntax-highlighting
-;highlight.string = #DD0000
-;highlight.comment = #FF9900
-;highlight.keyword = #007700
-;highlight.default = #0000BB
-;highlight.html = #000000
-
-; If enabled, the request will be allowed to complete even if the user aborts
-; the request. Consider enabling it if executing long requests, which may end up
-; being interrupted by the user or a browser timing out. PHP's default behavior
-; is to disable this feature.
-; http://php.net/ignore-user-abort
-;ignore_user_abort = On
-
-; Determines the size of the realpath cache to be used by PHP. This value should
-; be increased on systems where PHP opens many files to reflect the quantity of
-; the file operations performed.
-; http://php.net/realpath-cache-size
-;realpath_cache_size = 16k
-
-; Duration of time, in seconds for which to cache realpath information for a given
-; file or directory. For systems with rarely changing files, consider increasing this
-; value.
-; http://php.net/realpath-cache-ttl
-;realpath_cache_ttl = 120
-
-; Enables or disables the circular reference collector.
-; http://php.net/zend.enable-gc
-zend.enable_gc = On
-
-; If enabled, scripts may be written in encodings that are incompatible with
-; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
-; encodings. To use this feature, mbstring extension must be enabled.
-; Default: Off
-;zend.multibyte = Off
-
-; Allows to set the default encoding for the scripts. This value will be used
-; unless "declare(encoding=...)" directive appears at the top of the script.
-; Only affects if zend.multibyte is set.
-; Default: ""
-;zend.script_encoding =
-
-;;;;;;;;;;;;;;;;;
-; Miscellaneous ;
-;;;;;;;;;;;;;;;;;
-
-; Decides whether PHP may expose the fact that it is installed on the server
-; (e.g. by adding its signature to the Web server header). It is no security
-; threat in any way, but it makes it possible to determine whether you use PHP
-; on your server or not.
-; http://php.net/expose-php
-expose_php = Off
-
-;;;;;;;;;;;;;;;;;;;
-; Resource Limits ;
-;;;;;;;;;;;;;;;;;;;
-
-; Maximum execution time of each script, in seconds
-; http://php.net/max-execution-time
-; Note: This directive is hardcoded to 0 for the CLI SAPI
-max_execution_time = 30
-
-; Maximum amount of time each script may spend parsing request data. It's a good
-; idea to limit this time on productions servers in order to eliminate unexpectedly
-; long running scripts.
-; Note: This directive is hardcoded to -1 for the CLI SAPI
-; Default Value: -1 (Unlimited)
-; Development Value: 60 (60 seconds)
-; Production Value: 60 (60 seconds)
-; http://php.net/max-input-time
-max_input_time = 60
-
-; Maximum input variable nesting level
-; http://php.net/max-input-nesting-level
-;max_input_nesting_level = 64
-
-; How many GET/POST/COOKIE input variables may be accepted
-; max_input_vars = 1000
-
-; Maximum amount of memory a script may consume (128MB)
-; http://php.net/memory-limit
-memory_limit = 128M
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-; Error handling and logging ;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-; This directive informs PHP of which errors, warnings and notices you would like
-; it to take action for. The recommended way of setting values for this
-; directive is through the use of the error level constants and bitwise
-; operators. The error level constants are below here for convenience as well as
-; some common settings and their meanings.
-; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
-; those related to E_NOTICE and E_STRICT, which together cover best practices and
-; recommended coding standards in PHP. For performance reasons, this is the
-; recommend error reporting setting. Your production server shouldn't be wasting
-; resources complaining about best practices and coding standards. That's what
-; development servers and development settings are for.
-; Note: The php.ini-development file has this setting as E_ALL. This
-; means it pretty much reports everything which is exactly what you want during
-; development and early testing.
-;
-; Error Level Constants:
-; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
-; E_ERROR - fatal run-time errors
-; E_RECOVERABLE_ERROR - almost fatal run-time errors
-; E_WARNING - run-time warnings (non-fatal errors)
-; E_PARSE - compile-time parse errors
-; E_NOTICE - run-time notices (these are warnings which often result
-; from a bug in your code, but it's possible that it was
-; intentional (e.g., using an uninitialized variable and
-; relying on the fact it is automatically initialized to an
-; empty string)
-; E_STRICT - run-time notices, enable to have PHP suggest changes
-; to your code which will ensure the best interoperability
-; and forward compatibility of your code
-; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
-; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
-; initial startup
-; E_COMPILE_ERROR - fatal compile-time errors
-; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
-; E_USER_ERROR - user-generated error message
-; E_USER_WARNING - user-generated warning message
-; E_USER_NOTICE - user-generated notice message
-; E_DEPRECATED - warn about code that will not work in future versions
-; of PHP
-; E_USER_DEPRECATED - user-generated deprecation warnings
-;
-; Common Values:
-; E_ALL (Show all errors, warnings and notices including coding standards.)
-; E_ALL & ~E_NOTICE (Show all errors, except for notices)
-; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
-; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
-; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
-; http://php.net/error-reporting
-error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
-
-; This directive controls whether or not and where PHP will output errors,
-; notices and warnings too. Error output is very useful during development, but
-; it could be very dangerous in production environments. Depending on the code
-; which is triggering the error, sensitive information could potentially leak
-; out of your application such as database usernames and passwords or worse.
-; For production environments, we recommend logging errors rather than
-; sending them to STDOUT.
-; Possible Values:
-; Off = Do not display any errors
-; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
-; On or stdout = Display errors to STDOUT
-; Default Value: On
-; Development Value: On
-; Production Value: Off
-; http://php.net/display-errors
-display_errors = Off
-
-; The display of errors which occur during PHP's startup sequence are handled
-; separately from display_errors. PHP's default behavior is to suppress those
-; errors from clients. Turning the display of startup errors on can be useful in
-; debugging configuration problems. We strongly recommend you
-; set this to 'off' for production servers.
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-; http://php.net/display-startup-errors
-display_startup_errors = Off
-
-; Besides displaying errors, PHP can also log errors to locations such as a
-; server-specific log, STDERR, or a location specified by the error_log
-; directive found below. While errors should not be displayed on productions
-; servers they should still be monitored and logging is a great way to do that.
-; Default Value: Off
-; Development Value: On
-; Production Value: On
-; http://php.net/log-errors
-log_errors = On
-
-; Set maximum length of log_errors. In error_log information about the source is
-; added. The default is 1024 and 0 allows to not apply any maximum length at all.
-; http://php.net/log-errors-max-len
-log_errors_max_len = 1024
-
-; Do not log repeated messages. Repeated errors must occur in same file on same
-; line unless ignore_repeated_source is set true.
-; http://php.net/ignore-repeated-errors
-ignore_repeated_errors = Off
-
-; Ignore source of message when ignoring repeated messages. When this setting
-; is On you will not log errors with repeated messages from different files or
-; source lines.
-; http://php.net/ignore-repeated-source
-ignore_repeated_source = Off
-
-; If this parameter is set to Off, then memory leaks will not be shown (on
-; stdout or in the log). This has only effect in a debug compile, and if
-; error reporting includes E_WARNING in the allowed list
-; http://php.net/report-memleaks
-report_memleaks = On
-
-; This setting is on by default.
-;report_zend_debug = 0
-
-; Store the last error/warning message in $php_errormsg (boolean). Setting this value
-; to On can assist in debugging and is appropriate for development servers. It should
-; however be disabled on production servers.
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-; http://php.net/track-errors
-track_errors = Off
-
-; Turn off normal error reporting and emit XML-RPC error XML
-; http://php.net/xmlrpc-errors
-;xmlrpc_errors = 0
-
-; An XML-RPC faultCode
-;xmlrpc_error_number = 0
-
-; When PHP displays or logs an error, it has the capability of formatting the
-; error message as HTML for easier reading. This directive controls whether
-; the error message is formatted as HTML or not.
-; Note: This directive is hardcoded to Off for the CLI SAPI
-; Default Value: On
-; Development Value: On
-; Production value: On
-; http://php.net/html-errors
-html_errors = On
-
-; If html_errors is set to On *and* docref_root is not empty, then PHP
-; produces clickable error messages that direct to a page describing the error
-; or function causing the error in detail.
-; You can download a copy of the PHP manual from http://php.net/docs
-; and change docref_root to the base URL of your local copy including the
-; leading '/'. You must also specify the file extension being used including
-; the dot. PHP's default behavior is to leave these settings empty, in which
-; case no links to documentation are generated.
-; Note: Never use this feature for production boxes.
-; http://php.net/docref-root
-; Examples
-;docref_root = "/phpmanual/"
-
-; http://php.net/docref-ext
-;docref_ext = .html
-
-; String to output before an error message. PHP's default behavior is to leave
-; this setting blank.
-; http://php.net/error-prepend-string
-; Example:
-;error_prepend_string = "<span style='color: #ff0000'>"
-
-; String to output after an error message. PHP's default behavior is to leave
-; this setting blank.
-; http://php.net/error-append-string
-; Example:
-;error_append_string = "</span>"
-
-; Log errors to specified file. PHP's default behavior is to leave this value
-; empty.
-; http://php.net/error-log
-; Example:
-;error_log = php_errors.log
-; Log errors to syslog (Event Log on Windows).
-;error_log = syslog
-
-;windows.show_crt_warning
-; Default value: 0
-; Development value: 0
-; Production value: 0
-
-;;;;;;;;;;;;;;;;;
-; Data Handling ;
-;;;;;;;;;;;;;;;;;
-
-; The separator used in PHP generated URLs to separate arguments.
-; PHP's default setting is "&".
-; http://php.net/arg-separator.output
-; Example:
-;arg_separator.output = "&"
-
-; List of separator(s) used by PHP to parse input URLs into variables.
-; PHP's default setting is "&".
-; NOTE: Every character in this directive is considered as separator!
-; http://php.net/arg-separator.input
-; Example:
-;arg_separator.input = ";&"
-
-; This directive determines which super global arrays are registered when PHP
-; starts up. G,P,C,E & S are abbreviations for the following respective super
-; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
-; paid for the registration of these arrays and because ENV is not as commonly
-; used as the others, ENV is not recommended on productions servers. You
-; can still get access to the environment variables through getenv() should you
-; need to.
-; Default Value: "EGPCS"
-; Development Value: "GPCS"
-; Production Value: "GPCS";
-; http://php.net/variables-order
-variables_order = "GPCS"
-
-; This directive determines which super global data (G,P & C) should be
-; registered into the super global array REQUEST. If so, it also determines
-; the order in which that data is registered. The values for this directive
-; are specified in the same manner as the variables_order directive,
-; EXCEPT one. Leaving this value empty will cause PHP to use the value set
-; in the variables_order directive. It does not mean it will leave the super
-; globals array REQUEST empty.
-; Default Value: None
-; Development Value: "GP"
-; Production Value: "GP"
-; http://php.net/request-order
-request_order = "GP"
-
-; This directive determines whether PHP registers $argv & $argc each time it
-; runs. $argv contains an array of all the arguments passed to PHP when a script
-; is invoked. $argc contains an integer representing the number of arguments
-; that were passed when the script was invoked. These arrays are extremely
-; useful when running scripts from the command line. When this directive is
-; enabled, registering these variables consumes CPU cycles and memory each time
-; a script is executed. For performance reasons, this feature should be disabled
-; on production servers.
-; Note: This directive is hardcoded to On for the CLI SAPI
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-; http://php.net/register-argc-argv
-register_argc_argv = Off
-
-; When enabled, the ENV, REQUEST and SERVER variables are created when they're
-; first used (Just In Time) instead of when the script starts. If these
-; variables are not used within a script, having this directive on will result
-; in a performance gain. The PHP directive register_argc_argv must be disabled
-; for this directive to have any affect.
-; http://php.net/auto-globals-jit
-auto_globals_jit = On
-
-; Whether PHP will read the POST data.
-; This option is enabled by default.
-; Most likely, you won't want to disable this option globally. It causes $_POST
-; and $_FILES to always be empty; the only way you will be able to read the
-; POST data will be through the php://input stream wrapper. This can be useful
-; to proxy requests or to process the POST data in a memory efficient fashion.
-; http://php.net/enable-post-data-reading
-;enable_post_data_reading = Off
-
-; Maximum size of POST data that PHP will accept.
-; Its value may be 0 to disable the limit. It is ignored if POST data reading
-; is disabled through enable_post_data_reading.
-; http://php.net/post-max-size
-post_max_size = 8M
-
-; Automatically add files before PHP document.
-; http://php.net/auto-prepend-file
-auto_prepend_file =
-
-; Automatically add files after PHP document.
-; http://php.net/auto-append-file
-auto_append_file =
-
-; By default, PHP will output a character encoding using
-; the Content-type: header. To disable sending of the charset, simply
-; set it to be empty.
-;
-; PHP's built-in default is text/html
-; http://php.net/default-mimetype
-default_mimetype = "text/html"
-
-; PHP's default character set is set to UTF-8.
-; http://php.net/default-charset
-default_charset = "UTF-8"
-
-; PHP internal character encoding is set to empty.
-; If empty, default_charset is used.
-; http://php.net/internal-encoding
-;internal_encoding =
-
-; PHP input character encoding is set to empty.
-; If empty, default_charset is used.
-; http://php.net/input-encoding
-;input_encoding =
-
-; PHP output character encoding is set to empty.
-; If empty, default_charset is used.
-; mbstring or iconv output handler is used.
-; See also output_buffer.
-; http://php.net/output-encoding
-;output_encoding =
-
-; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
-; to disable this feature and it will be removed in a future version.
-; If post reading is disabled through enable_post_data_reading,
-; $HTTP_RAW_POST_DATA is *NOT* populated.
-; http://php.net/always-populate-raw-post-data
-;always_populate_raw_post_data = -1
-
-;;;;;;;;;;;;;;;;;;;;;;;;;
-; Paths and Directories ;
-;;;;;;;;;;;;;;;;;;;;;;;;;
-
-; UNIX: "/path1:/path2"
-;include_path = ".:/usr/share/php"
-;
-; Windows: "\path1;\path2"
-;include_path = ".;c:\php\includes"
-;
-; PHP's default setting for include_path is ".;/path/to/php/pear"
-; http://php.net/include-path
-
-; The root of the PHP pages, used only if nonempty.
-; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
-; if you are running php as a CGI under any web server (other than IIS)
-; see documentation for security issues. The alternate is to use the
-; cgi.force_redirect configuration below
-; http://php.net/doc-root
-doc_root =
-
-; The directory under which PHP opens the script using /~username used only
-; if nonempty.
-; http://php.net/user-dir
-user_dir =
-
-; Directory in which the loadable extensions (modules) reside.
-; http://php.net/extension-dir
-; extension_dir = "./"
-; On windows:
-; extension_dir = "ext"
-
-; Directory where the temporary files should be placed.
-; Defaults to the system default (see sys_get_temp_dir)
-; sys_temp_dir = "/tmp"
-
-; Whether or not to enable the dl() function. The dl() function does NOT work
-; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-; disabled on them.
-; http://php.net/enable-dl
-enable_dl = Off
-
-; cgi.force_redirect is necessary to provide security running PHP as a CGI under
-; most web servers. Left undefined, PHP turns this on by default. You can
-; turn it off here AT YOUR OWN RISK
-; **You CAN safely turn this off for IIS, in fact, you MUST.**
-; http://php.net/cgi.force-redirect
-;cgi.force_redirect = 1
-
-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
-; every request. PHP's default behavior is to disable this feature.
-;cgi.nph = 1
-
-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
-; will look for to know it is OK to continue execution. Setting this variable MAY
-; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
-; http://php.net/cgi.redirect-status-env
-;cgi.redirect_status_env =
-
-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
-; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
-; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
-; http://php.net/cgi.fix-pathinfo
-;cgi.fix_pathinfo=1
-
-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
-; security tokens of the calling client. This allows IIS to define the
-; security context that the request runs under. mod_fastcgi under Apache
-; does not currently support this feature (03/17/2002)
-; Set to 1 if running under IIS. Default is zero.
-; http://php.net/fastcgi.impersonate
-;fastcgi.impersonate = 1
-
-; Disable logging through FastCGI connection. PHP's default behavior is to enable
-; this feature.
-;fastcgi.logging = 0
-
-; cgi.rfc2616_headers configuration option tells PHP what type of headers to
-; use when sending HTTP response code. If set to 0, PHP sends Status: header that
-; is supported by Apache. When this option is set to 1, PHP will send
-; RFC2616 compliant header.
-; Default is zero.
-; http://php.net/cgi.rfc2616-headers
-;cgi.rfc2616_headers = 0
-
-;;;;;;;;;;;;;;;;
-; File Uploads ;
-;;;;;;;;;;;;;;;;
-
-; Whether to allow HTTP file uploads.
-; http://php.net/file-uploads
-file_uploads = On
-
-; Temporary directory for HTTP uploaded files (will use system default if not
-; specified).
-; http://php.net/upload-tmp-dir
-;upload_tmp_dir =
-
-; Maximum allowed size for uploaded files.
-; http://php.net/upload-max-filesize
-upload_max_filesize = 2M
-
-; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 20
-
-;;;;;;;;;;;;;;;;;;
-; Fopen wrappers ;
-;;;;;;;;;;;;;;;;;;
-
-; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-fopen
-allow_url_fopen = On
-
-; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-include
-allow_url_include = Off
-
-; Define the anonymous ftp password (your email address). PHP's default setting
-; for this is empty.
-; http://php.net/from
-;from="john@doe.com"
-
-; Define the User-Agent string. PHP's default setting for this is empty.
-; http://php.net/user-agent
-;user_agent="PHP"
-
-; Default timeout for socket based streams (seconds)
-; http://php.net/default-socket-timeout
-default_socket_timeout = 60
-
-; If your scripts have to deal with files from Macintosh systems,
-; or you are running on a Mac and need to deal with files from
-; unix or win32 systems, setting this flag will cause PHP to
-; automatically detect the EOL character in those files so that
-; fgets() and file() will work regardless of the source of the file.
-; http://php.net/auto-detect-line-endings
-;auto_detect_line_endings = Off
-
-;;;;;;;;;;;;;;;;;;;;;;
-; Dynamic Extensions ;
-;;;;;;;;;;;;;;;;;;;;;;
-
-; If you wish to have an extension loaded automatically, use the following
-; syntax:
-;
-; extension=modulename.extension
-;
-; For example, on Windows:
-;
-; extension=msql.dll
-;
-; ... or under UNIX:
-;
-; extension=msql.so
-;
-; ... or with a path:
-;
-; extension=/path/to/extension/msql.so
-;
-; If you only provide the name of the extension, PHP will look for it in its
-; default extension directory.
-;
-
-;;;;;;;;;;;;;;;;;;;
-; Module Settings ;
-;;;;;;;;;;;;;;;;;;;
-
-[CLI Server]
-; Whether the CLI web server uses ANSI color coding in its terminal output.
-cli_server.color = On
-
-[Date]
-; Defines the default timezone used by the date functions
-; http://php.net/date.timezone
-;date.timezone =
-
-; http://php.net/date.default-latitude
-;date.default_latitude = 31.7667
-
-; http://php.net/date.default-longitude
-;date.default_longitude = 35.2333
-
-; http://php.net/date.sunrise-zenith
-;date.sunrise_zenith = 90.583333
-
-; http://php.net/date.sunset-zenith
-;date.sunset_zenith = 90.583333
-
-[filter]
-; http://php.net/filter.default
-;filter.default = unsafe_raw
-
-; http://php.net/filter.default-flags
-;filter.default_flags =
-
-[iconv]
-; Use of this INI entry is deprecated, use global input_encoding instead.
-; If empty, default_charset or input_encoding or iconv.input_encoding is used.
-; The precedence is: default_charset < intput_encoding < iconv.input_encoding
-;iconv.input_encoding =
-
-; Use of this INI entry is deprecated, use global internal_encoding instead.
-; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
-; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
-;iconv.internal_encoding =
-
-; Use of this INI entry is deprecated, use global output_encoding instead.
-; If empty, default_charset or output_encoding or iconv.output_encoding is used.
-; The precedence is: default_charset < output_encoding < iconv.output_encoding
-; To use an output encoding conversion, iconv's output handler must be set
-; otherwise output encoding conversion cannot be performed.
-;iconv.output_encoding =
-
-[intl]
-;intl.default_locale =
-; This directive allows you to produce PHP errors when some error
-; happens within intl functions. The value is the level of the error produced.
-; Default is 0, which does not produce any errors.
-;intl.error_level = E_WARNING
-
-[sqlite]
-; http://php.net/sqlite.assoc-case
-;sqlite.assoc_case = 0
-
-[sqlite3]
-;sqlite3.extension_dir =
-
-[Pcre]
-;PCRE library backtracking limit.
-; http://php.net/pcre.backtrack-limit
-;pcre.backtrack_limit=100000
-
-;PCRE library recursion limit.
-;Please note that if you set this value to a high number you may consume all
-;the available process stack and eventually crash PHP (due to reaching the
-;stack size limit imposed by the Operating System).
-; http://php.net/pcre.recursion-limit
-;pcre.recursion_limit=100000
-
-[Pdo]
-; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
-; http://php.net/pdo-odbc.connection-pooling
-;pdo_odbc.connection_pooling=strict
-
-;pdo_odbc.db2_instance_name
-
-[Pdo_mysql]
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/pdo_mysql.cache_size
-pdo_mysql.cache_size = 2000
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/pdo_mysql.default-socket
-pdo_mysql.default_socket=
-
-[Phar]
-; http://php.net/phar.readonly
-;phar.readonly = On
-
-; http://php.net/phar.require-hash
-;phar.require_hash = On
-
-;phar.cache_list =
-
-[mail function]
-; For Win32 only.
-; http://php.net/smtp
-SMTP = localhost
-; http://php.net/smtp-port
-smtp_port = 25
-
-; For Win32 only.
-; http://php.net/sendmail-from
-;sendmail_from = me@example.com
-
-; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
-; http://php.net/sendmail-path
-;sendmail_path =
-
-; Force the addition of the specified parameters to be passed as extra parameters
-; to the sendmail binary. These parameters will always replace the value of
-; the 5th parameter to mail().
-;mail.force_extra_parameters =
-
-; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
-mail.add_x_header = On
-
-; The path to a log file that will log all mail() calls. Log entries include
-; the full path of the script, line number, To address and headers.
-;mail.log =
-; Log mail to syslog (Event Log on Windows).
-;mail.log = syslog
-
-[SQL]
-; http://php.net/sql.safe-mode
-sql.safe_mode = Off
-
-[ODBC]
-; http://php.net/odbc.default-db
-;odbc.default_db = Not yet implemented
-
-; http://php.net/odbc.default-user
-;odbc.default_user = Not yet implemented
-
-; http://php.net/odbc.default-pw
-;odbc.default_pw = Not yet implemented
-
-; Controls the ODBC cursor model.
-; Default: SQL_CURSOR_STATIC (default).
-;odbc.default_cursortype
-
-; Allow or prevent persistent links.
-; http://php.net/odbc.allow-persistent
-odbc.allow_persistent = On
-
-; Check that a connection is still valid before reuse.
-; http://php.net/odbc.check-persistent
-odbc.check_persistent = On
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/odbc.max-persistent
-odbc.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/odbc.max-links
-odbc.max_links = -1
-
-; Handling of LONG fields. Returns number of bytes to variables. 0 means
-; passthru.
-; http://php.net/odbc.defaultlrl
-odbc.defaultlrl = 4096
-
-; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
-; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
-; of odbc.defaultlrl and odbc.defaultbinmode
-; http://php.net/odbc.defaultbinmode
-odbc.defaultbinmode = 1
-
-;birdstep.max_links = -1
-
-[Interbase]
-; Allow or prevent persistent links.
-ibase.allow_persistent = 1
-
-; Maximum number of persistent links. -1 means no limit.
-ibase.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-ibase.max_links = -1
-
-; Default database name for ibase_connect().
-;ibase.default_db =
-
-; Default username for ibase_connect().
-;ibase.default_user =
-
-; Default password for ibase_connect().
-;ibase.default_password =
-
-; Default charset for ibase_connect().
-;ibase.default_charset =
-
-; Default timestamp format.
-ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
-
-; Default date format.
-ibase.dateformat = "%Y-%m-%d"
-
-; Default time format.
-ibase.timeformat = "%H:%M:%S"
-
-[MySQL]
-; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
-; http://php.net/mysql.allow_local_infile
-mysql.allow_local_infile = On
-
-; Allow or prevent persistent links.
-; http://php.net/mysql.allow-persistent
-mysql.allow_persistent = On
-
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/mysql.cache_size
-mysql.cache_size = 2000
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/mysql.max-persistent
-mysql.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/mysql.max-links
-mysql.max_links = -1
-
-; Default port number for mysql_connect(). If unset, mysql_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
-; at MYSQL_PORT.
-; http://php.net/mysql.default-port
-mysql.default_port =
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/mysql.default-socket
-mysql.default_socket =
-
-; Default host for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysql.default-host
-mysql.default_host =
-
-; Default user for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysql.default-user
-mysql.default_user =
-
-; Default password for mysql_connect() (doesn't apply in safe mode).
-; Note that this is generally a *bad* idea to store passwords in this file.
-; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
-; and reveal this password! And of course, any users with read access to this
-; file will be able to reveal the password as well.
-; http://php.net/mysql.default-password
-mysql.default_password =
-
-; Maximum time (in seconds) for connect timeout. -1 means no limit
-; http://php.net/mysql.connect-timeout
-mysql.connect_timeout = 60
-
-; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
-; SQL-Errors will be displayed.
-; http://php.net/mysql.trace-mode
-mysql.trace_mode = Off
-
-[MySQLi]
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/mysqli.max-persistent
-mysqli.max_persistent = -1
-
-; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
-; http://php.net/mysqli.allow_local_infile
-;mysqli.allow_local_infile = On
-
-; Allow or prevent persistent links.
-; http://php.net/mysqli.allow-persistent
-mysqli.allow_persistent = On
-
-; Maximum number of links. -1 means no limit.
-; http://php.net/mysqli.max-links
-mysqli.max_links = -1
-
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/mysqli.cache_size
-mysqli.cache_size = 2000
-
-; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
-; at MYSQL_PORT.
-; http://php.net/mysqli.default-port
-mysqli.default_port = 3306
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/mysqli.default-socket
-mysqli.default_socket =
-
-; Default host for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-host
-mysqli.default_host =
-
-; Default user for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-user
-mysqli.default_user =
-
-; Default password for mysqli_connect() (doesn't apply in safe mode).
-; Note that this is generally a *bad* idea to store passwords in this file.
-; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
-; and reveal this password! And of course, any users with read access to this
-; file will be able to reveal the password as well.
-; http://php.net/mysqli.default-pw
-mysqli.default_pw =
-
-; Allow or prevent reconnect
-mysqli.reconnect = Off
-
-[mysqlnd]
-; Enable / Disable collection of general statistics by mysqlnd which can be
-; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_statistics
-mysqlnd.collect_statistics = On
-
-; Enable / Disable collection of memory usage statistics by mysqlnd which can be
-; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_memory_statistics
-mysqlnd.collect_memory_statistics = Off
-
-; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
-; http://php.net/mysqlnd.net_cmd_buffer_size
-;mysqlnd.net_cmd_buffer_size = 2048
-
-; Size of a pre-allocated buffer used for reading data sent by the server in
-; bytes.
-; http://php.net/mysqlnd.net_read_buffer_size
-;mysqlnd.net_read_buffer_size = 32768
-
-[OCI8]
-
-; Connection: Enables privileged connections using external
-; credentials (OCI_SYSOPER, OCI_SYSDBA)
-; http://php.net/oci8.privileged-connect
-;oci8.privileged_connect = Off
-
-; Connection: The maximum number of persistent OCI8 connections per
-; process. Using -1 means no limit.
-; http://php.net/oci8.max-persistent
-;oci8.max_persistent = -1
-
-; Connection: The maximum number of seconds a process is allowed to
-; maintain an idle persistent connection. Using -1 means idle
-; persistent connections will be maintained forever.
-; http://php.net/oci8.persistent-timeout
-;oci8.persistent_timeout = -1
-
-; Connection: The number of seconds that must pass before issuing a
-; ping during oci_pconnect() to check the connection validity. When
-; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
-; pings completely.
-; http://php.net/oci8.ping-interval
-;oci8.ping_interval = 60
-
-; Connection: Set this to a user chosen connection class to be used
-; for all pooled server requests with Oracle 11g Database Resident
-; Connection Pooling (DRCP). To use DRCP, this value should be set to
-; the same string for all web servers running the same application,
-; the database pool must be configured, and the connection string must
-; specify to use a pooled server.
-;oci8.connection_class =
-
-; High Availability: Using On lets PHP receive Fast Application
-; Notification (FAN) events generated when a database node fails. The
-; database must also be configured to post FAN events.
-;oci8.events = Off
-
-; Tuning: This option enables statement caching, and specifies how
-; many statements to cache. Using 0 disables statement caching.
-; http://php.net/oci8.statement-cache-size
-;oci8.statement_cache_size = 20
-
-; Tuning: Enables statement prefetching and sets the default number of
-; rows that will be fetched automatically after statement execution.
-; http://php.net/oci8.default-prefetch
-;oci8.default_prefetch = 100
-
-; Compatibility. Using On means oci_close() will not close
-; oci_connect() and oci_new_connect() connections.
-; http://php.net/oci8.old-oci-close-semantics
-;oci8.old_oci_close_semantics = Off
-
-[PostgreSQL]
-; Allow or prevent persistent links.
-; http://php.net/pgsql.allow-persistent
-pgsql.allow_persistent = On
-
-; Detect broken persistent links always with pg_pconnect().
-; Auto reset feature requires a little overheads.
-; http://php.net/pgsql.auto-reset-persistent
-pgsql.auto_reset_persistent = Off
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/pgsql.max-persistent
-pgsql.max_persistent = -1
-
-; Maximum number of links (persistent+non persistent). -1 means no limit.
-; http://php.net/pgsql.max-links
-pgsql.max_links = -1
-
-; Ignore PostgreSQL backends Notice message or not.
-; Notice message logging require a little overheads.
-; http://php.net/pgsql.ignore-notice
-pgsql.ignore_notice = 0
-
-; Log PostgreSQL backends Notice message or not.
-; Unless pgsql.ignore_notice=0, module cannot log notice message.
-; http://php.net/pgsql.log-notice
-pgsql.log_notice = 0
-
-[Sybase-CT]
-; Allow or prevent persistent links.
-; http://php.net/sybct.allow-persistent
-sybct.allow_persistent = On
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/sybct.max-persistent
-sybct.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/sybct.max-links
-sybct.max_links = -1
-
-; Minimum server message severity to display.
-; http://php.net/sybct.min-server-severity
-sybct.min_server_severity = 10
-
-; Minimum client message severity to display.
-; http://php.net/sybct.min-client-severity
-sybct.min_client_severity = 10
-
-; Set per-context timeout
-; http://php.net/sybct.timeout
-;sybct.timeout=
-
-;sybct.packet_size
-
-; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
-; Default: one minute
-;sybct.login_timeout=
-
-; The name of the host you claim to be connecting from, for display by sp_who.
-; Default: none
-;sybct.hostname=
-
-; Allows you to define how often deadlocks are to be retried. -1 means "forever".
-; Default: 0
-;sybct.deadlock_retry_count=
-
-[bcmath]
-; Number of decimal digits for all bcmath functions.
-; http://php.net/bcmath.scale
-bcmath.scale = 0
-
-[browscap]
-; http://php.net/browscap
-;browscap = extra/browscap.ini
-
-[Session]
-; Handler used to store/retrieve data.
-; http://php.net/session.save-handler
-session.save_handler = files
-
-; Argument passed to save_handler. In the case of files, this is the path
-; where data files are stored. Note: Windows users have to change this
-; variable in order to use PHP's session functions.
-;
-; The path can be defined as:
-;
-; session.save_path = "N;/path"
-;
-; where N is an integer. Instead of storing all the session files in
-; /path, what this will do is use subdirectories N-levels deep, and
-; store the session data in those directories. This is useful if
-; your OS has problems with many files in one directory, and is
-; a more efficient layout for servers that handle many sessions.
-;
-; NOTE 1: PHP will not create this directory structure automatically.
-; You can use the script in the ext/session dir for that purpose.
-; NOTE 2: See the section on garbage collection below if you choose to
-; use subdirectories for session storage
-;
-; The file storage module creates files using mode 600 by default.
-; You can change that by using
-;
-; session.save_path = "N;MODE;/path"
-;
-; where MODE is the octal representation of the mode. Note that this
-; does not overwrite the process's umask.
-; http://php.net/session.save-path
-;session.save_path = "/var/lib/php5/sessions"
-
-; Whether to use strict session mode.
-; Strict session mode does not accept uninitialized session ID and regenerate
-; session ID if browser sends uninitialized session ID. Strict mode protects
-; applications from session fixation via session adoption vulnerability. It is
-; disabled by default for maximum compatibility, but enabling it is encouraged.
-; https://wiki.php.net/rfc/strict_sessions
-session.use_strict_mode = 0
-
-; Whether to use cookies.
-; http://php.net/session.use-cookies
-session.use_cookies = 1
-
-; http://php.net/session.cookie-secure
-;session.cookie_secure =
-
-; This option forces PHP to fetch and use a cookie for storing and maintaining
-; the session id. We encourage this operation as it's very helpful in combating
-; session hijacking when not specifying and managing your own session id. It is
-; not the be-all and end-all of session hijacking defense, but it's a good start.
-; http://php.net/session.use-only-cookies
-session.use_only_cookies = 1
-
-; Name of the session (used as cookie name).
-; http://php.net/session.name
-session.name = PHPSESSID
-
-; Initialize session on request startup.
-; http://php.net/session.auto-start
-session.auto_start = 0
-
-; Lifetime in seconds of cookie or, if 0, until browser is restarted.
-; http://php.net/session.cookie-lifetime
-session.cookie_lifetime = 0
-
-; The path for which the cookie is valid.
-; http://php.net/session.cookie-path
-session.cookie_path = /
-
-; The domain for which the cookie is valid.
-; http://php.net/session.cookie-domain
-session.cookie_domain =
-
-; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
-; http://php.net/session.cookie-httponly
-session.cookie_httponly =
-
-; Handler used to serialize data. php is the standard serializer of PHP.
-; http://php.net/session.serialize-handler
-session.serialize_handler = php
-
-; Defines the probability that the 'garbage collection' process is started
-; on every session initialization. The probability is calculated by using
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator
-; and gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request.
-; Default Value: 1
-; Development Value: 1
-; Production Value: 1
-; http://php.net/session.gc-probability
-session.gc_probability = 0
-
-; Defines the probability that the 'garbage collection' process is started on every
-; session initialization. The probability is calculated by using the following equation:
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
-; session.gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request. Increasing this value to 1000 will give you
-; a 0.1% chance the gc will run on any give request. For high volume production servers,
-; this is a more efficient approach.
-; Default Value: 100
-; Development Value: 1000
-; Production Value: 1000
-; http://php.net/session.gc-divisor
-session.gc_divisor = 1000
-
-; After this number of seconds, stored data will be seen as 'garbage' and
-; cleaned up by the garbage collection process.
-; http://php.net/session.gc-maxlifetime
-session.gc_maxlifetime = 1440
-
-; NOTE: If you are using the subdirectory option for storing session files
-; (see session.save_path above), then garbage collection does *not*
-; happen automatically. You will need to do your own garbage
-; collection through a shell script, cron entry, or some other method.
-; For example, the following script would is the equivalent of
-; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
-; find /path/to/sessions -cmin +24 -type f | xargs rm
-
-; Check HTTP Referer to invalidate externally stored URLs containing ids.
-; HTTP_REFERER has to contain this substring for the session to be
-; considered as valid.
-; http://php.net/session.referer-check
-session.referer_check =
-
-; How many bytes to read from the file.
-; http://php.net/session.entropy-length
-;session.entropy_length = 32
-
-; Specified here to create the session id.
-; http://php.net/session.entropy-file
-; Defaults to /dev/urandom
-; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
-; If neither are found at compile time, the default is no entropy file.
-; On windows, setting the entropy_length setting will activate the
-; Windows random source (using the CryptoAPI)
-;session.entropy_file = /dev/urandom
-
-; Set to {nocache,private,public,} to determine HTTP caching aspects
-; or leave this empty to avoid sending anti-caching headers.
-; http://php.net/session.cache-limiter
-session.cache_limiter = nocache
-
-; Document expires after n minutes.
-; http://php.net/session.cache-expire
-session.cache_expire = 180
-
-; trans sid support is disabled by default.
-; Use of trans sid may risk your users' security.
-; Use this option with caution.
-; - User may send URL contains active session ID
-; to other person via. email/irc/etc.
-; - URL that contains active session ID may be stored
-; in publicly accessible computer.
-; - User may access your site with the same session ID
-; always using URL stored in browser's history or bookmarks.
-; http://php.net/session.use-trans-sid
-session.use_trans_sid = 0
-
-; Select a hash function for use in generating session ids.
-; Possible Values
-; 0 (MD5 128 bits)
-; 1 (SHA-1 160 bits)
-; This option may also be set to the name of any hash function supported by
-; the hash extension. A list of available hashes is returned by the hash_algos()
-; function.
-; http://php.net/session.hash-function
-session.hash_function = 0
-
-; Define how many bits are stored in each character when converting
-; the binary hash data to something readable.
-; Possible values:
-; 4 (4 bits: 0-9, a-f)
-; 5 (5 bits: 0-9, a-v)
-; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
-; Default Value: 4
-; Development Value: 5
-; Production Value: 5
-; http://php.net/session.hash-bits-per-character
-session.hash_bits_per_character = 5
-
-; The URL rewriter will look for URLs in a defined set of HTML tags.
-; form/fieldset are special; if you include them here, the rewriter will
-; add a hidden <input> field with the info which is otherwise appended
-; to URLs. If you want XHTML conformity, remove the form entry.
-; Note that all valid entries require a "=", even if no value follows.
-; Default Value: "a=href,area=href,frame=src,form=,fieldset="
-; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-; http://php.net/url-rewriter.tags
-url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
-
-; Enable upload progress tracking in $_SESSION
-; Default Value: On
-; Development Value: On
-; Production Value: On
-; http://php.net/session.upload-progress.enabled
-;session.upload_progress.enabled = On
-
-; Cleanup the progress information as soon as all POST data has been read
-; (i.e. upload completed).
-; Default Value: On
-; Development Value: On
-; Production Value: On
-; http://php.net/session.upload-progress.cleanup
-;session.upload_progress.cleanup = On
-
-; A prefix used for the upload progress key in $_SESSION
-; Default Value: "upload_progress_"
-; Development Value: "upload_progress_"
-; Production Value: "upload_progress_"
-; http://php.net/session.upload-progress.prefix
-;session.upload_progress.prefix = "upload_progress_"
-
-; The index name (concatenated with the prefix) in $_SESSION
-; containing the upload progress information
-; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
-; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
-; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
-; http://php.net/session.upload-progress.name
-;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
-
-; How frequently the upload progress should be updated.
-; Given either in percentages (per-file), or in bytes
-; Default Value: "1%"
-; Development Value: "1%"
-; Production Value: "1%"
-; http://php.net/session.upload-progress.freq
-;session.upload_progress.freq = "1%"
-
-; The minimum delay between updates, in seconds
-; Default Value: 1
-; Development Value: 1
-; Production Value: 1
-; http://php.net/session.upload-progress.min-freq
-;session.upload_progress.min_freq = "1"
-
-[MSSQL]
-; Allow or prevent persistent links.
-mssql.allow_persistent = On
-
-; Maximum number of persistent links. -1 means no limit.
-mssql.max_persistent = -1
-
-; Maximum number of links (persistent+non persistent). -1 means no limit.
-mssql.max_links = -1
-
-; Minimum error severity to display.
-mssql.min_error_severity = 10
-
-; Minimum message severity to display.
-mssql.min_message_severity = 10
-
-; Compatibility mode with old versions of PHP 3.0.
-mssql.compatibility_mode = Off
-
-; Connect timeout
-;mssql.connect_timeout = 5
-
-; Query timeout
-;mssql.timeout = 60
-
-; Valid range 0 - 2147483647. Default = 4096.
-;mssql.textlimit = 4096
-
-; Valid range 0 - 2147483647. Default = 4096.
-;mssql.textsize = 4096
-
-; Limits the number of records in each batch. 0 = all records in one batch.
-;mssql.batchsize = 0
-
-; Specify how datetime and datetim4 columns are returned
-; On => Returns data converted to SQL server settings
-; Off => Returns values as YYYY-MM-DD hh:mm:ss
-;mssql.datetimeconvert = On
-
-; Use NT authentication when connecting to the server
-mssql.secure_connection = Off
-
-; Specify max number of processes. -1 = library default
-; msdlib defaults to 25
-; FreeTDS defaults to 4096
-;mssql.max_procs = -1
-
-; Specify client character set.
-; If empty or not set the client charset from freetds.conf is used
-; This is only used when compiled with FreeTDS
-;mssql.charset = "ISO-8859-1"
-
-[Assertion]
-; Assert(expr); active by default.
-; http://php.net/assert.active
-;assert.active = On
-
-; Issue a PHP warning for each failed assertion.
-; http://php.net/assert.warning
-;assert.warning = On
-
-; Don't bail out by default.
-; http://php.net/assert.bail
-;assert.bail = Off
-
-; User-function to be called if an assertion fails.
-; http://php.net/assert.callback
-;assert.callback = 0
-
-; Eval the expression with current error_reporting(). Set to true if you want
-; error_reporting(0) around the eval().
-; http://php.net/assert.quiet-eval
-;assert.quiet_eval = 0
-
-[COM]
-; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
-; http://php.net/com.typelib-file
-;com.typelib_file =
-
-; allow Distributed-COM calls
-; http://php.net/com.allow-dcom
-;com.allow_dcom = true
-
-; autoregister constants of a components typlib on com_load()
-; http://php.net/com.autoregister-typelib
-;com.autoregister_typelib = true
-
-; register constants casesensitive
-; http://php.net/com.autoregister-casesensitive
-;com.autoregister_casesensitive = false
-
-; show warnings on duplicate constant registrations
-; http://php.net/com.autoregister-verbose
-;com.autoregister_verbose = true
-
-; The default character set code-page to use when passing strings to and from COM objects.
-; Default: system ANSI code page
-;com.code_page=
-
-[mbstring]
-; language for internal character representation.
-; This affects mb_send_mail() and mbstrig.detect_order.
-; http://php.net/mbstring.language
-;mbstring.language = Japanese
-
-; Use of this INI entry is deprecated, use global internal_encoding instead.
-; internal/script encoding.
-; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
-; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
-; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
-;mbstring.internal_encoding =
-
-; Use of this INI entry is deprecated, use global input_encoding instead.
-; http input encoding.
-; mbstring.encoding_traslation = On is needed to use this setting.
-; If empty, default_charset or input_encoding or mbstring.input is used.
-; The precedence is: default_charset < intput_encoding < mbsting.http_input
-; http://php.net/mbstring.http-input
-;mbstring.http_input =
-
-; Use of this INI entry is deprecated, use global output_encoding instead.
-; http output encoding.
-; mb_output_handler must be registered as output buffer to function.
-; If empty, default_charset or output_encoding or mbstring.http_output is used.
-; The precedence is: default_charset < output_encoding < mbstring.http_output
-; To use an output encoding conversion, mbstring's output handler must be set
-; otherwise output encoding conversion cannot be performed.
-; http://php.net/mbstring.http-output
-;mbstring.http_output =
-
-; enable automatic encoding translation according to
-; mbstring.internal_encoding setting. Input chars are
-; converted to internal encoding by setting this to On.
-; Note: Do _not_ use automatic encoding translation for
-; portable libs/applications.
-; http://php.net/mbstring.encoding-translation
-;mbstring.encoding_translation = Off
-
-; automatic encoding detection order.
-; "auto" detect order is changed according to mbstring.language
-; http://php.net/mbstring.detect-order
-;mbstring.detect_order = auto
-
-; substitute_character used when character cannot be converted
-; one from another
-; http://php.net/mbstring.substitute-character
-;mbstring.substitute_character = none
-
-; overload(replace) single byte functions by mbstring functions.
-; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
-; etc. Possible values are 0,1,2,4 or combination of them.
-; For example, 7 for overload everything.
-; 0: No overload
-; 1: Overload mail() function
-; 2: Overload str*() functions
-; 4: Overload ereg*() functions
-; http://php.net/mbstring.func-overload
-;mbstring.func_overload = 0
-
-; enable strict encoding detection.
-; Default: Off
-;mbstring.strict_detection = On
-
-; This directive specifies the regex pattern of content types for which mb_output_handler()
-; is activated.
-; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
-;mbstring.http_output_conv_mimetype=
-
-[gd]
-; Tell the jpeg decode to ignore warnings and try to create
-; a gd image. The warning will then be displayed as notices
-; disabled by default
-; http://php.net/gd.jpeg-ignore-warning
-;gd.jpeg_ignore_warning = 0
-
-[exif]
-; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
-; With mbstring support this will automatically be converted into the encoding
-; given by corresponding encode setting. When empty mbstring.internal_encoding
-; is used. For the decode settings you can distinguish between motorola and
-; intel byte order. A decode setting cannot be empty.
-; http://php.net/exif.encode-unicode
-;exif.encode_unicode = ISO-8859-15
-
-; http://php.net/exif.decode-unicode-motorola
-;exif.decode_unicode_motorola = UCS-2BE
-
-; http://php.net/exif.decode-unicode-intel
-;exif.decode_unicode_intel = UCS-2LE
-
-; http://php.net/exif.encode-jis
-;exif.encode_jis =
-
-; http://php.net/exif.decode-jis-motorola
-;exif.decode_jis_motorola = JIS
-
-; http://php.net/exif.decode-jis-intel
-;exif.decode_jis_intel = JIS
-
-[Tidy]
-; The path to a default tidy configuration file to use when using tidy
-; http://php.net/tidy.default-config
-;tidy.default_config = /usr/local/lib/php/default.tcfg
-
-; Should tidy clean and repair output automatically?
-; WARNING: Do not use this option if you are generating non-html content
-; such as dynamic images
-; http://php.net/tidy.clean-output
-tidy.clean_output = Off
-
-[soap]
-; Enables or disables WSDL caching feature.
-; http://php.net/soap.wsdl-cache-enabled
-soap.wsdl_cache_enabled=1
-
-; Sets the directory name where SOAP extension will put cache files.
-; http://php.net/soap.wsdl-cache-dir
-soap.wsdl_cache_dir="/tmp"
-
-; (time to live) Sets the number of second while cached file will be used
-; instead of original one.
-; http://php.net/soap.wsdl-cache-ttl
-soap.wsdl_cache_ttl=86400
-
-; Sets the size of the cache limit. (Max. number of WSDL files to cache)
-soap.wsdl_cache_limit = 5
-
-[sysvshm]
-; A default size of the shared memory segment
-;sysvshm.init_mem = 10000
-
-[ldap]
-; Sets the maximum number of open links or -1 for unlimited.
-ldap.max_links = -1
-
-[mcrypt]
-; For more information about mcrypt settings see http://php.net/mcrypt-module-open
-
-; Directory where to load mcrypt algorithms
-; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
-;mcrypt.algorithms_dir=
-
-; Directory where to load mcrypt modes
-; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
-;mcrypt.modes_dir=
-
-[dba]
-;dba.default_handler=
-
-[opcache]
-; Determines if Zend OPCache is enabled
-;opcache.enable=0
-
-; Determines if Zend OPCache is enabled for the CLI version of PHP
-;opcache.enable_cli=0
-
-; The OPcache shared memory storage size.
-;opcache.memory_consumption=64
-
-; The amount of memory for interned strings in Mbytes.
-;opcache.interned_strings_buffer=4
-
-; The maximum number of keys (scripts) in the OPcache hash table.
-; Only numbers between 200 and 100000 are allowed.
-;opcache.max_accelerated_files=2000
-
-; The maximum percentage of "wasted" memory until a restart is scheduled.
-;opcache.max_wasted_percentage=5
-
-; When this directive is enabled, the OPcache appends the current working
-; directory to the script key, thus eliminating possible collisions between
-; files with the same name (basename). Disabling the directive improves
-; performance, but may break existing applications.
-;opcache.use_cwd=1
-
-; When disabled, you must reset the OPcache manually or restart the
-; webserver for changes to the filesystem to take effect.
-;opcache.validate_timestamps=1
-
-; How often (in seconds) to check file timestamps for changes to the shared
-; memory storage allocation. ("1" means validate once per second, but only
-; once per request. "0" means always validate)
-;opcache.revalidate_freq=2
-
-; Enables or disables file search in include_path optimization
-;opcache.revalidate_path=0
-
-; If disabled, all PHPDoc comments are dropped from the code to reduce the
-; size of the optimized code.
-;opcache.save_comments=1
-
-; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments"
-; may be always stored (save_comments=1), but not loaded by applications
-; that don't need them anyway.
-;opcache.load_comments=1
-
-; If enabled, a fast shutdown sequence is used for the accelerated code
-;opcache.fast_shutdown=0
-
-; Allow file existence override (file_exists, etc.) performance feature.
-;opcache.enable_file_override=0
-
-; A bitmask, where each bit enables or disables the appropriate OPcache
-; passes
-;opcache.optimization_level=0xffffffff
-
-;opcache.inherited_hack=1
-;opcache.dups_fix=0
-
-; The location of the OPcache blacklist file (wildcards allowed).
-; Each OPcache blacklist file is a text file that holds the names of files
-; that should not be accelerated. The file format is to add each filename
-; to a new line. The filename may be a full path or just a file prefix
-; (i.e., /var/www/x blacklists all the files and directories in /var/www
-; that start with 'x'). Line starting with a ; are ignored (comments).
-;opcache.blacklist_filename=
-
-; Allows exclusion of large files from being cached. By default all files
-; are cached.
-;opcache.max_file_size=0
-
-; Check the cache checksum each N requests.
-; The default value of "0" means that the checks are disabled.
-;opcache.consistency_checks=0
-
-; How long to wait (in seconds) for a scheduled restart to begin if the cache
-; is not being accessed.
-;opcache.force_restart_timeout=180
-
-; OPcache error_log file name. Empty string assumes "stderr".
-;opcache.error_log=
-
-; All OPcache errors go to the Web server log.
-; By default, only fatal errors (level 0) or errors (level 1) are logged.
-; You can also enable warnings (level 2), info messages (level 3) or
-; debug messages (level 4).
-;opcache.log_verbosity_level=1
-
-; Preferred Shared Memory back-end. Leave empty and let the system decide.
-;opcache.preferred_memory_model=
-
-; Protect the shared memory from unexpected writing during script execution.
-; Useful for internal debugging only.
-;opcache.protect_memory=0
-
-[curl]
-; A default value for the CURLOPT_CAINFO option. This is required to be an
-; absolute path.
-;curl.cainfo =
-
-[openssl]
-; The location of a Certificate Authority (CA) file on the local filesystem
-; to use when verifying the identity of SSL/TLS peers. Most users should
-; not specify a value for this directive as PHP will attempt to use the
-; OS-managed cert stores in its absence. If specified, this value may still
-; be overridden on a per-stream basis via the "cafile" SSL stream context
-; option.
-;openssl.cafile=
-
-; If openssl.cafile is not specified or if the CA file is not found, the
-; directory pointed to by openssl.capath is searched for a suitable
-; certificate. This value must be a correctly hashed certificate directory.
-; Most users should not specify a value for this directive as PHP will
-; attempt to use the OS-managed cert stores in its absence. If specified,
-; this value may still be overridden on a per-stream basis via the "capath"
-; SSL stream context option.
-;openssl.capath=
-
-; Local Variables:
-; tab-width: 4
-; End:
diff --git a/roles/comanage/templates/php5-fpm.conf.j2 b/roles/comanage/templates/php5-fpm.conf.j2
deleted file mode 100644
index c109bda..0000000
--- a/roles/comanage/templates/php5-fpm.conf.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-<IfModule mod_fastcgi.c>
- AddType application/x-httpd-fastphp5 .php
- Action application/x-httpd-fastphp5 /php5-fcgi
- Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
- FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
-</IfModule>
diff --git a/roles/comanage/templates/registry.key.j2 b/roles/comanage/templates/registry.key.j2
deleted file mode 100644
index a4f33f6..0000000
--- a/roles/comanage/templates/registry.key.j2
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDYBPQRrUm0ZdXI
-kVSBt9cUYxnoTl81mszFzNLLJaydfZBRD0ypJ/AhphXvfb+Y4GlFMJjlR9CcDnD9
-vTIflgJo7KhFfMlIr+A3W8bDlbiVc+twQ0tg7xrIbOi1WrRyPHnTgiR060WpB5OR
-y5CKGaaqqFO+U/JGcB4b/tJQaxZXZBAn48kCeqi9lIQxFwv7yBGPEaz1vbm+OfDI
-Y9U95aUNWHMMQhHzbDAEcnuFLAXaynGudImIeZxgfV4AuuFYNyHd1DGnM/WtJe9U
-3AaB7AjEjVxsrBabsh2Shm/3gJeaNsBSEcCzm+y0a1KVKgpEqGQ4h11Zp5+2xdHA
-3FiNJoXxAgMBAAECggEBAMKzLDzmgED9bEObYZyNU2jHrakpQj0xahF5/CAns747
-VyEIdiMcoR3i8XBrWY5z7c3z8ErvgIG3rnW02gGIFmH1s/D1eQJvqtqaeLr+LmFe
-Gr2TmdQjjnNJXjFfMLap9XACo9NR3vZrosFMxdkDJ6o3j0tDpGGCWlEHSw46hud5
-2rgeAzq4lKUlUQVnH/0mZnjuCVuqP3fbrqJSimh2A+K0ec9KzBRyYikk2XnzN0Of
-O/c4L+OkOkCHgM3U7ZTp3ZkIiBcecoc5XWRIPWDz24yl/8oy+9q0ZCrq+1pEfabm
-5GmhodqlZ/ndX0DAORXZm7/U4Dzd9ooMnttOP/eAYjECgYEA/i1feKUuLPSsriOa
-HxdT/LfChxpVpOC4SOhVNTQ4AyJ0hantw499OFyZhRq6nxkxRkUEDCbkHGvWwhNg
-I8WC6VUCam1o46XRQGv3kI3u9M3TixvVC416P52vcPOk3GVyZ7UvMLYryEFmJgN9
-l1eZIBNWHN2l8h0MzRmpRm1kXr0CgYEA2ZGHaCZupokkEXNAg2LqVpbldbTWILAO
-WY6ZtvJmImgEfpI89TKFP2JNF2knHf6uxGsz4ScpjRfCy6ENftB4EFrsOAoANuPX
-QLRDUZCQL6sVatgGQs3VIMRF+TlQQfEFbVtlINHNlmmpanuZVBKTSIZkBf2chLou
-3K+jHUNnQUUCgYEAkodrs2xeO1JuPhGOJwBWzajN/v7CgsN92aH+hSZuZ/gz/l5h
-EE0nHhfb9Ozcyx1F18GvvKWq+Wt9qfJriROzDXqRYvNh9WLBSAc19+Kq7/u8SUSp
-Q/iykfwAiPgcgWYGVx0PcGCEyvRQw/ddLqM0RlZ/XTK2GOaAW7jAajZkF20CgYEA
-zqgGwAzRSWo2UkTw4FuSTxEhfz53rbDM0JA8vaNdFA1NR5RMRnLoUh5jL3t35mvF
-QVi6fICgXR5WruiZUv1dLdvPSCNntLuR+CnBT7ZK3pxYyZXLzKSKbodAF8wyyY/Q
-IeGQGy5tYxOWEki4iTzjnR3Z4D7W7tOSM5i5DNC7QSkCgYAEFppklScvrpAfpzDy
-mmmmfKhJnkHlrOxbJEmYRNHAYghYABxomskD1Jh3oyz1X55l6Ep62vCNyUiqMr0y
-4qDOrkYv4MXOoEA64HtPOuadLkLsz7RoKNGTa4jaxeoD5dgY+PkFqbeMieqJ/mc0
-CbEcnad6o15MPZEXMOCZBn1ScQ==
------END PRIVATE KEY-----
diff --git a/roles/comanage/templates/registry.pem.j2 b/roles/comanage/templates/registry.pem.j2
deleted file mode 100644
index f58bf94..0000000
--- a/roles/comanage/templates/registry.pem.j2
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqzCCApOgAwIBAgIJAMqHciiHWnAuMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
-BAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MR8wHQYD
-VQQKDBZTbmFrZSBPaWwgQ2VydGlmaWNhdGVzMRgwFgYDVQQDDA8ke2Fuc2libGVf
-ZnFkbn0wHhcNMTYwMjI1MTYyNjU3WhcNMjYwMjIyMTYyNjU3WjBsMQswCQYDVQQG
-EwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEfMB0GA1UE
-CgwWU25ha2UgT2lsIENlcnRpZmljYXRlczEYMBYGA1UEAwwPJHthbnNpYmxlX2Zx
-ZG59MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AT0Ea1JtGXVyJFU
-gbfXFGMZ6E5fNZrMxczSyyWsnX2QUQ9MqSfwIaYV732/mOBpRTCY5UfQnA5w/b0y
-H5YCaOyoRXzJSK/gN1vGw5W4lXPrcENLYO8ayGzotVq0cjx504IkdOtFqQeTkcuQ
-ihmmqqhTvlPyRnAeG/7SUGsWV2QQJ+PJAnqovZSEMRcL+8gRjxGs9b25vjnwyGPV
-PeWlDVhzDEIR82wwBHJ7hSwF2spxrnSJiHmcYH1eALrhWDch3dQxpzP1rSXvVNwG
-gewIxI1cbKwWm7IdkoZv94CXmjbAUhHAs5vstGtSlSoKRKhkOIddWaeftsXRwNxY
-jSaF8QIDAQABo1AwTjAdBgNVHQ4EFgQUR7i3PaHb4CfoX5Tq7nT44OAKNWgwHwYD
-VR0jBBgwFoAUR7i3PaHb4CfoX5Tq7nT44OAKNWgwDAYDVR0TBAUwAwEB/zANBgkq
-hkiG9w0BAQsFAAOCAQEAgPrQqSgfc+JomS9H0qSCxmz4JZ9YJeQyZyuTnOghJqAV
-GSNfRNSAwvZbX6t1R/m3SpJu9NVdsYyTAT+Y1iMl3JATXQ3HQkBtF2LrrrVyEmw0
-a7zTayDCBkOB9kJpAtik/wA1hOgx+qm1eshVq85RuszX/RWRIfDLmRY9t7CflAoB
-5uVIYTGLyq7KUGKVPsznd5Ar3WSceeEVVNT1kAx79fPkNFMQs1uxYfDr5IJVHbZ3
-kRrq0WADk5dbxon+vukK34wS5dAyQ8DpmapfUFDYjxPplKPimHIsb/uV25xrBMIR
-Xv64l28qqx85ssQd8RPqd8l6QzeK2bnPwDfGQtu8Cw==
------END CERTIFICATE-----
diff --git a/roles/comanage/vars/apache.yml b/roles/comanage/vars/apache.yml
deleted file mode 100644
index e337366..0000000
--- a/roles/comanage/vars/apache.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-module:
- - ssl
- - status
- - cgid
- - cgi
-# - fastcgi
- - actions
- - alias
-
-conf:
- - php5-fpm
-
-dismodule:
- - mpm_prefork
- - php5
-
-restart:
- - apache2
-# - php5-fpm
-
-
-#comanageip: 10.200.51.57
diff --git a/roles/comanage/vars/comanage.yml b/roles/comanage/vars/comanage.yml
deleted file mode 100644
index 7d55b86..0000000
--- a/roles/comanage/vars/comanage.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-replace:
-# -
-# regexp: "'datasource' => 'Database/Mysql'"
-# replace: "'datasource' => 'Database/Postgres'"
- -
- regexp: "'login' => 'user'"
- replace: "'login' => 'comanage'"
- -
- regexp: "'password' => 'password'"
- replace: "'password' => 'C0man4ge'"
- -
- regexp: "'database' => 'database_name'"
- replace: "'database' => 'registry'"
-
-infodb:
- -
- regexp: "you@localhost"
- replace: "admin@example.it"
-
-
-
diff --git a/roles/comanage/vars/firewall.yml b/roles/comanage/vars/firewall.yml
deleted file mode 100644
index bfa2f69..0000000
--- a/roles/comanage/vars/firewall.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-ports:
- - port: 80
- protocol: tcp
- zone: public
- - port: 443
- protocol: tcp
- zone: public
-
-servicefirewall:
- - http
- - https
diff --git a/roles/comanage/vars/main.yml b/roles/comanage/vars/main.yml
deleted file mode 100644
index 49e97cf..0000000
--- a/roles/comanage/vars/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-### COmanage vars main.yml
- # The version of COmanage to pull
- comanage_version: 1.0.0
diff --git a/roles/comanage/vars/mysql.yml b/roles/comanage/vars/mysql.yml
deleted file mode 100644
index 1e3f2ad..0000000
--- a/roles/comanage/vars/mysql.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-sqlstart:
- -
- name: "mysql"
- state: "started"
-
-sqlrestart:
- -
- name: "mysql"
- state: "restarted"
diff --git a/roles/comanage/vars/packages.yml b/roles/comanage/vars/packages.yml
deleted file mode 100644
index 31f5e64..0000000
--- a/roles/comanage/vars/packages.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-removerepository:
- - deb http://security.debian.org/ jessie/updates main contrib non-free
- - deb-src http://security.debian.org/ jessie/updates main contrib non-free
-
-packages:
- - apache2
- - php5
- - mysql-client
- - mysql-server
- - php5-mysql
- - libmysqlclient-dev
- - python-mysqldb
- - libapache2-mod-php5
- - php5-xsl
- - python-dev
-
-packagesfastcgi:
- - php5-fpm
- - libapache2-mod-fastcgi
- - apache2-mpm-worker
- - php5-mcrypt
-
-repository:
- - deb http://ftp.es.debian.org/debian stable main contrib non-free
- - deb-src http://ftp.es.debian.org/debian stable main contrib non-free
- - deb http://ftp.debian.org/debian/ jessie-updates main contrib non-free
- - deb-src http://ftp.debian.org/debian/ jessie-updates main contrib non-free
diff --git a/roles/database/handlers/main.yml b/roles/database/handlers/main.yml
deleted file mode 100644
index 1168ab2..0000000
--- a/roles/database/handlers/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# handlers for database role
-- name: restart mysql
- become: yes
- become_method: sudo
- service: name=mysql state=restarted
diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml
deleted file mode 100644
index 54e0375..0000000
--- a/roles/database/tasks/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-#Ansible roles for database deployment
-
-- include: packages.yml
-
-- include: mysql.yml
diff --git a/roles/database/tasks/mysql.yml b/roles/database/tasks/mysql.yml
deleted file mode 100644
index 7244234..0000000
--- a/roles/database/tasks/mysql.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-#Have fun with Mysql!
-
-- include_vars: roles/database/vars/mysql.yml
-
-- name: Start the MySQL service
- become: yes
- become_method: sudo
- service:
- name: "{{ item.name }}"
- state: "{{ item.state }}"
- with_items: sqlstart
-
-- name: create database for database server
- mysql_db:
- login_user: root
- name: registry
- state: present
-
-- name: create user for mysql with all privilege
- mysql_user:
- login_user: root
- name: comanage
- password: C0man4ge
- priv: "registry.*:ALL"
- state: present
-
-- name: copy .my.cnf file
- become: yes
- become_method: sudo
- template:
- src: roles/comanage/templates/my.cnf.j2
- dest: /etc/mysql/my.cnf
- owner: root
- mode: 0600
- notify:
- - restart mysql
diff --git a/roles/database/tasks/packages.yml b/roles/database/tasks/packages.yml
deleted file mode 100644
index a8616ff..0000000
--- a/roles/database/tasks/packages.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- include_vars: roles/database/vars/packages.yml
-
-- name: Install all packages
- apt:
- name: "{{ item }}"
- state: present
- with_items: packages
diff --git a/roles/database/vars/mysql.yml b/roles/database/vars/mysql.yml
deleted file mode 100644
index 721fe7f..0000000
--- a/roles/database/vars/mysql.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-sqlstart:
- -
- name: "mysql"
- state: "started"
diff --git a/roles/database/vars/packages.yml b/roles/database/vars/packages.yml
deleted file mode 100644
index 2da6f4d..0000000
--- a/roles/database/vars/packages.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-packages:
- - apache2
- - php5
- - mysql-client
- - mysql-server
- - php5-mysql
- - libmysqlclient-dev
- - python-mysqldb
- - libapache2-mod-php5
- - php5-xsl
- - python-dev
diff --git a/roles/generic/README.md b/roles/generic/README.md
deleted file mode 100644
index 8fbd6ec..0000000
--- a/roles/generic/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-Generic
-=======
-
-This role describes a generic server in the VOPaaS environment.
-
-Requirements
-------------
-
-This playbook's role has been tested in Debian 8, which is the distribution used within VOPaaS.
-
-Role Variables
---------------
-
-Within the variables the vile vars/users.yml contains all the users (with ssh and yubico keys) to be added to the system.
-
-Dependencies
-------------
-
-No dependency required.
-
-Example Playbook
-----------------
-
-This role can be used as follows:
-
- - hosts: servers
- roles:
- - { role: username.rolename, x: 42 }
-
-License
--------
-
-TBD
-
-Author Information
-------------------
-
-Andrea Biancini <andrea.biancini@garr.it>
-Simone Visconti <simone.visconti@garr.it>
diff --git a/roles/generic/defaults/main.yml b/roles/generic/defaults/main.yml
deleted file mode 100644
index faf51c8..0000000
--- a/roles/generic/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# defaults file for generic
diff --git a/roles/generic/files/install-zerotier.sh b/roles/generic/files/install-zerotier.sh
deleted file mode 100644
index 065fd84..0000000
--- a/roles/generic/files/install-zerotier.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-INSTALLER_PATH=/tmp/zerotier-installer
-
-#wget -O $INSTALLER_PATH https://www.zerotier.com/dist/ZeroTierOneInstaller-linux-x64
-chmod +x $INSTALLER_PATH
-
-$INSTALLER_PATH
diff --git a/roles/generic/handlers/main.yml b/roles/generic/handlers/main.yml
deleted file mode 100644
index 10aa49d..0000000
--- a/roles/generic/handlers/main.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-# handlers file for generic
-
-- name: Restart sshd
- become: yes
- become_method: sudo
- service:
- name: ssh
- state: restarted
-
-- name: Reload firewall definitions
- become: yes
- become_method: sudo
- command: firewall-cmd --reload
-
-- name: Restart ntp
- become: yes
- become_method: sudo
- service:
- name: ntp
- state: restarted
-
-- name: Start zerotier
- become: yes
- become_method: sudo
- service:
- name: zerotier-one
- state: started
-
diff --git a/roles/generic/meta/main.yml b/roles/generic/meta/main.yml
deleted file mode 100644
index 62c7d35..0000000
--- a/roles/generic/meta/main.yml
+++ /dev/null
@@ -1,139 +0,0 @@
----
-galaxy_info:
- author: your name
- description:
- company: your company (optional)
- # If the issue tracker for your role is not on github, uncomment the
- # next line and provide a value
- # issue_tracker_url: http://example.com/issue/tracker
- # Some suggested licenses:
- # - BSD (default)
- # - MIT
- # - GPLv2
- # - GPLv3
- # - Apache
- # - CC-BY
- license: license (GPLv2, CC-BY, etc)
- min_ansible_version: 1.2
- #
- # Below are all platforms currently available. Just uncomment
- # the ones that apply to your role. If you don't see your
- # platform on this list, let us know and we'll get it added!
- #
- #platforms:
- #- name: EL
- # versions:
- # - all
- # - 5
- # - 6
- # - 7
- #- name: GenericUNIX
- # versions:
- # - all
- # - any
- #- name: Fedora
- # versions:
- # - all
- # - 16
- # - 17
- # - 18
- # - 19
- # - 20
- # - 21
- # - 22
- #- name: Windows
- # versions:
- # - all
- # - 2012R2
- #- name: SmartOS
- # versions:
- # - all
- # - any
- #- name: opensuse
- # versions:
- # - all
- # - 12.1
- # - 12.2
- # - 12.3
- # - 13.1
- # - 13.2
- #- name: Amazon
- # versions:
- # - all
- # - 2013.03
- # - 2013.09
- #- name: GenericBSD
- # versions:
- # - all
- # - any
- #- name: FreeBSD
- # versions:
- # - all
- # - 8.0
- # - 8.1
- # - 8.2
- # - 8.3
- # - 8.4
- # - 9.0
- # - 9.1
- # - 9.1
- # - 9.2
- #- name: Ubuntu
- # versions:
- # - all
- # - lucid
- # - maverick
- # - natty
- # - oneiric
- # - precise
- # - quantal
- # - raring
- # - saucy
- # - trusty
- # - utopic
- # - vivid
- #- name: SLES
- # versions:
- # - all
- # - 10SP3
- # - 10SP4
- # - 11
- # - 11SP1
- # - 11SP2
- # - 11SP3
- #- name: GenericLinux
- # versions:
- # - all
- # - any
- #- name: Debian
- # versions:
- # - all
- # - etch
- # - jessie
- # - lenny
- # - squeeze
- # - wheezy
- #
- # Below are all categories currently available. Just as with
- # the platforms above, uncomment those that apply to your role.
- #
- #categories:
- #- cloud
- #- cloud:ec2
- #- cloud:gce
- #- cloud:rax
- #- clustering
- #- database
- #- database:nosql
- #- database:sql
- #- development
- #- monitoring
- #- networking
- #- packaging
- #- system
- #- web
-dependencies: []
- # List your role dependencies here, one per line.
- # Be sure to remove the '[]' above if you add dependencies
- # to this list.
-
diff --git a/roles/generic/tasks/firewall.yml b/roles/generic/tasks/firewall.yml
deleted file mode 100644
index 9b54e53..0000000
--- a/roles/generic/tasks/firewall.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-# playbook to install and configure general components of a VOPaaS machine
-- include_vars: "roles/generic/vars/firewall.yml"
-
-- name: Add rules for the firewall
- become_user: root
- firewalld:
- port: "{{ item.port }}/{{ item.protocol}}"
- permanent: true
- state: enabled
- zone: "{{ item.zone }}"
-# command: firewall-cmd --zone={{ item.zone }} --add-port={{ item.port }}/{{ item.protocol }}
- with_items: ports
- notify: Reload firewall definitions
-
-
-- name: Add service to the firewall
- become_user: root
- firewalld:
- service: "{{ item }}"
- permanent: true
- state: enabled
- zone: "public"
- notify: Reload firewall
- with_items: servicefirewall
-
-- name: reload firewalld
- become_user: root
- command: "firewall-cmd --reload"
diff --git a/roles/generic/tasks/main.yml b/roles/generic/tasks/main.yml
deleted file mode 100644
index db128ef..0000000
--- a/roles/generic/tasks/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# playbook to install and configure general components of a VOPaaS machine
-
-- include: prepare.yml
-
-- include: packages.yml
-
-- include: firewall.yml
-
-- include: ntp.yml
-
-- include: ssh.yml
-
-- include: yubico.yml
-
-#- include: zerotier.yml
-
-# Test tasks provided to verify all installations went good and with no errors
-
-- include: restart.yml
-
-#- include: tests.yml
diff --git a/roles/generic/tasks/ntp.yml b/roles/generic/tasks/ntp.yml
deleted file mode 100644
index fea54e6..0000000
--- a/roles/generic/tasks/ntp.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# playbook to install and configure general components of a VOPaaS machine
-- include_vars: "roles/generic/vars/ntp.yml"
-
-- name: push the template for ntp.conf
- become_user: root
- template:
- src: roles/generic/templates/ntp.conf.j2
- dest: /etc/ntp.conf
- notify: Restart ntp
diff --git a/roles/generic/tasks/packages.yml b/roles/generic/tasks/packages.yml
deleted file mode 100644
index 32c4684..0000000
--- a/roles/generic/tasks/packages.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- include_vars: "roles/generic/vars/packages.yml"
-
-- name: ensure that packages are installed
- become_user: root
- apt:
- name: "{{ item }}"
- state: present
- with_items: packages
diff --git a/roles/generic/tasks/prepare.yml b/roles/generic/tasks/prepare.yml
deleted file mode 100644
index ba83b40..0000000
--- a/roles/generic/tasks/prepare.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# playbook to prepare VOPaaS machine wiht update and upgrade
-
-- name: perform ping
- ping:
-
-- name: update cache
- become_user: root
- apt:
- update_cache: yes
-
-- name: install aptitude
- become_user: root
- apt:
- name: "aptitude"
- state: present
-
-- name: perform apt-get upgrade
- become_user: root
- apt:
- upgrade: safe
-
diff --git a/roles/generic/tasks/restart.yml b/roles/generic/tasks/restart.yml
deleted file mode 100644
index fcee1a9..0000000
--- a/roles/generic/tasks/restart.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-#Reload all services
-- include_vars: "roles/generic/vars/restart.yml"
-
-- name: reload all packages
- become_user: root
- service:
- name: "{{ item }}"
- state: restarted
- with_items: packages
-
diff --git a/roles/generic/tasks/ssh.yml b/roles/generic/tasks/ssh.yml
deleted file mode 100644
index 16db4ca..0000000
--- a/roles/generic/tasks/ssh.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-- include_vars: "roles/generic/vars/users.yml"
-
-- name: create user
- become_user: root
- user:
- name: "{{ item['username'] }}"
- home: "/home/{{ item['username'] }}"
- with_items: users
-
-- name: Create ssh_key
- become_user: root
- authorized_key:
- user: "{{ item['username'] }}"
- key: "{{ item['sshkey'] }}"
- path: "/home/{{ item['username'] }}/.ssh/authorized_keys"
- with_items: users
-
-- name: Change sshd_config
- become_user: root
- template:
- src: roles/generic/templates/sshd_config.j2
- dest: /etc/ssh/sshd_config
- notify: Restart sshd
diff --git a/roles/generic/tasks/tests.yml b/roles/generic/tasks/tests.yml
deleted file mode 100644
index 8c52bb1..0000000
--- a/roles/generic/tasks/tests.yml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# Tests for the generic tasks
-- include_vars: "roles/generic/vars/ntp.yml"
-- include_vars: "roles/generic/vars/zerotier.yml"
-
-- name: Get time drift
- become_user: root
- command: /usr/sbin/ntptime
- register: thetime
- changed_when: false
-
-- name: Raise error if differente is larger than acceptable difference
- become_user: root
- fail:
- msg: "ERROR: The time difference is NOT ok"
- when: " thetime['stdout_lines'] | regex_replace('^.*offset (\\d+.\\d+).*$', '\\1') | float * 1000 > item "
- with_items: time_difference
-
-- name: Get the zerotier network list
- become_user: root
- command: zerotier-cli listnetworks
- register: listnetworks
- changed_when: false
-
-- name: Raise error if the network searched is not in network list
- become_user: root
- fail:
- msg: "ERROR: the network is not in the list of networks for zerotier client"
- when: "\"200 listnetworks {{ networkid }}\" in thetime['stdout']"
- with_items: time_difference
-
diff --git a/roles/generic/tasks/yubico.yml b/roles/generic/tasks/yubico.yml
deleted file mode 100644
index 9b7dcd3..0000000
--- a/roles/generic/tasks/yubico.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- include_vars: "roles/generic/vars/users.yml"
-
-- name: Create yubico folder
- become_user: root
- file:
- path: "/home/{{ item['username'] }}/.yubico"
- state: directory
- with_items: users
-
-- name: Create yubi_key
- become_user: root
- template:
- src: roles/generic/templates/yubikeys.j2
- dest: "/home/{{ item['username'] }}/.yubico/authorized_yubikeys"
- with_items: users
diff --git a/roles/generic/tasks/zerotier.yml b/roles/generic/tasks/zerotier.yml
deleted file mode 100644
index 8965175..0000000
--- a/roles/generic/tasks/zerotier.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-- include_vars: "roles/generic/vars/zerotier.yml"
-
-- name: Download zerotier package
- get_url:
- url: "{{ packageurl }}"
- dest: "/tmp/zerotier-installer"
-
-- name: Install zerotier package
- become_user: root
- script: install-zerotier.sh creates=/usr/bin/zerotier-cli
- register: zerotier_install
-
-- name: start zerotier
- become_user: root
- service:
- name: zerotier-one
- state: started
-
-- name: Join zerotier network
- become_user: root
- command: "zerotier-cli join {{ networkid }}"
- register: join_status
- when: zerotier_install|changed
-
-- name: Raise error if network join gave an error
- debug:
- msg: "ERROR: The zerotier client was not able to join network"
- when: "'200 join OK' not in join_status['stdout']"
- when: zerotier_install|changed
diff --git a/roles/generic/templates/authorized_keys.j2 b/roles/generic/templates/authorized_keys.j2
deleted file mode 100644
index c3afc66..0000000
--- a/roles/generic/templates/authorized_keys.j2
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDquLtJJtq91dTMlQUxeU3Ej/OcxgSmV3o317qswdOXAt0BvC6iiEceWZILc7TMBJRpdcpSfriAlH5+BIieXrA/Co0kXjObZSeI3NmQY4LERA6fwkSKkBVNu0v9byDWwFrobwf4NxxbwzLrtkPoEMEPU1nfPTpnGNk05n5jwmS1w4IcOOzFu3R8igAjBA6Gyt1m11lp8WqhgcfrEf5iQ3IcHyu0xf7JCvYNMtWK/zDRwWARY41UbdtSw+t89nX+umxoAUSIWT2pbrn8muSQRGBJu51Jby3HHPAILQ6kFjgRPUCLIrKzgkr3qUNv4uZ7KoSWzmZY4ISn+EpljlbJUP+mB3PbVgTjTpCFiM3G3IlAj+Ze8MjNxdUJbbW0noDauW2HHmXGzOkgg1hg9f5CJ2ok2MgM5FGpFglYbiN1ujRIFicAo6lDJvDFt8Bm6bXJZHMyiMGi7jI+Wm3sg5zWfObAWNDfJv4r90dLhdUJ1/ApHQ/5W9tbnM6hJJlnddrd1g4w76xdkSFVgnst2Y2M1Hq/uY6Km29tOCPUa0L9l6KwEjX80UypPF9Bnv0/F/gj5pRphDi6+Uv/D+EwbKAXcZkl9DyzBnSJu4/uD20H5MTbs4nXj63LAYlsq5AXlAej6c3POu9v89qUq8dZl1kb2WPmn8AtLrAh1FWiGZHeuY165Q== simone.visconti@garr.it
diff --git a/roles/generic/templates/ntp.conf.j2 b/roles/generic/templates/ntp.conf.j2
deleted file mode 100644
index 7cb16db..0000000
--- a/roles/generic/templates/ntp.conf.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
-
-driftfile /var/lib/ntp/ntp.drift
-
-
-# Enable this if you want statistics to be logged.
-#statsdir /var/log/ntpstats/
-
-statistics loopstats peerstats clockstats
-filegen loopstats file loopstats type day enable
-filegen peerstats file peerstats type day enable
-filegen clockstats file clockstats type day enable
-
-# Specify one or more NTP servers.
-
-# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
-# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
-# more information.
-{% for server in ntp_servers %}
-server {{ server }}
-{% endfor %}
-
-# Use Ubuntu's ntp server as a fallback.
-server ntp.ubuntu.com
-
-# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
-# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
-# might also be helpful.
-#
-# Note that "restrict" applies to both servers and clients, so a configuration
-# that might be intended to block requests from certain clients could also end
-# up blocking replies from your own upstream servers.
-
-# By default, exchange time with everybody, but don't allow configuration.
-restrict -4 default kod notrap nomodify nopeer noquery
-restrict -6 default kod notrap nomodify nopeer noquery
-
-# Local users may interrogate the ntp server more closely.
-restrict 127.0.0.1
-restrict ::1
-
-# Clients from this (example!) subnet have unlimited access, but only if
-# cryptographically authenticated.
-#restrict 192.168.123.0 mask 255.255.255.0 notrust
-
-
-# If you want to provide time to your local subnet, change the next line.
-# (Again, the address is an example only.)
-#broadcast 192.168.123.255
-
-# If you want to listen to time broadcasts on your local subnet, de-comment the
-# next lines. Please do this only if you trust everybody on the network!
-#disable auth
-#broadcastclient
diff --git a/roles/generic/templates/sshd_config.j2 b/roles/generic/templates/sshd_config.j2
deleted file mode 100644
index c93c8b8..0000000
--- a/roles/generic/templates/sshd_config.j2
+++ /dev/null
@@ -1,88 +0,0 @@
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-
-# What ports, IPs and protocols we listen for
-Port 22
-# Use these options to restrict which interfaces/protocols sshd will bind to
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-Protocol 2
-# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-#Privilege Separation is turned on for security
-UsePrivilegeSeparation yes
-
-# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 1024
-
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
-
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin yes
-StrictModes yes
-
-RSAAuthentication yes
-PubkeyAuthentication yes
-AuthorizedKeysFile %h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
diff --git a/roles/generic/templates/yubikeys.j2 b/roles/generic/templates/yubikeys.j2
deleted file mode 100644
index caeb68c..0000000
--- a/roles/generic/templates/yubikeys.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ item['username'] }}:{{ item['yubikey'] }}
diff --git a/roles/generic/vars/firewall.yml b/roles/generic/vars/firewall.yml
deleted file mode 100644
index 789760f..0000000
--- a/roles/generic/vars/firewall.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-ports:
- - port: 9993
- protocol: udp
- zone: public
- - port: 22
- protocol: tcp
- zone: public
-
-servicefirewall:
- - ssh
diff --git a/roles/generic/vars/ntp.yml b/roles/generic/vars/ntp.yml
deleted file mode 100644
index 8f227c7..0000000
--- a/roles/generic/vars/ntp.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-ntp_servers:
- - ntp1.inrim.it
- - ntp2.inrim.it
-
-time_difference:
- - 1000
diff --git a/roles/generic/vars/packages.yml b/roles/generic/vars/packages.yml
deleted file mode 100644
index 88ae610..0000000
--- a/roles/generic/vars/packages.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-packages:
- - ssh
- - ntp
- - libpam-yubico
- - firewalld
diff --git a/roles/generic/vars/restart.yml b/roles/generic/vars/restart.yml
deleted file mode 100644
index b9bc116..0000000
--- a/roles/generic/vars/restart.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-packages:
- - ssh
- - ntp
diff --git a/roles/generic/vars/users.yml b/roles/generic/vars/users.yml
deleted file mode 100644
index aa282f2..0000000
--- a/roles/generic/vars/users.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-users:
- - username: niels
- sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpveM1t58xSxR+UAeUBkCxjAJUI3c4LBrUoVy0RhWTtidUUm/eBWIW4bC3daIeb+5HZjrmQrsFqDsUGmhc1oPC/dUbQHep7ka0vCEMF1mF/vlSnDbRbPSZOMqRqcY0qEk8CMdIi+qXj7k5xORIOVY3mglRyWQu+1IWA9J5h46wOkxztDrFl2qoD7XWoOGrAGfZviMeMoQTaBDwuIw4mJUNIvkgWj5R5D2nUtfn+wACOKRJWYLmKyCWXwt4Hdrm96mx1qwrOH37+j5sBTHrMLh4KFLiFtRPR0YAwkAeD0BEaE8c22HoeyIF1JLuJQwA7pSph9t1H90BPSQ6Sj48ebiJ niels@Asimov
- yubikey: 3c44169c8c
- - username: daniela
- sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk8kRY1gzK6xz/mrLFCtA4gVMj3L237n1Cu6r0HnIJeqW6I8atSSwDWTpEC+sK07ZzoKjTtNvlQOP0dqb10/eyNxdMNEVSW4tskapixkQFY9PeaiR/nxJX+PRAHs/8WWx6vZZ3iHJg3E8WD5F7eafy7VbOd5TB9GhUKyIKFY8lMdz6D/XaUo77gTtkgrgn/mmR7rJOQOvAkInjUJwnPxr5kKqaIeMBi/Abd85iSF7LU832WixjkQbY4pwN3epz5UBOuEoUbSKwbvFzyRGVnDUwMrfI+8SwcdcFgy4whhcpZgMIjmF1Of+CrezMYPgA3nrKoWhlRDSf56KtMVIm5K7HQ==
- yubikey: b139c64ee1
- - username: andrea
- sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD6uQJ1/lSmiXNZrLmynm2/yPeebnxnMlroOaIzD3gc/6KCHd4UTeg9MZH9j8JycfL/zm+39Yc4W4qs/l9fkFY3Vcn5us/EP0dFfREdHvNHZRXCAsERW2Y+8mzgakMtqjwK4xWV0DCpfX9Mf/e+48KGfq8vqivo4xjb7C0FfBg0t8dGld40ja2Z2C/m58Bol04fCTWcHqD/nxkyr9RODSlbMY9o2jwI/+VPvHAXxrkjVONUQs3OY39gFmyzOJn3TiQYTFMIPq5p6vLXADsC4j8iVU/P0Xx6e0zEqSOTj45EgT25ayg7fneDwsGHjVdD95YHrt+eH90YdUfa1iawR4x andrea@sigmund
- yubikey: 525c5a72d4
- - username: bajnokk
- sshkey: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGa31pyW1Dsoa+txLz7urS+ATK3s5r6gVhwQOE8jiBMxUKX3zV1W99j/f1CYZUpWGFt/vvNT+cRXbtC75erYLDw= id_ecdsa@clutch
- yubikey: ebeb0106cb
- - username: simome
- sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDquLtJJtq91dTMlQUxeU3Ej/OcxgSmV3o317qswdOXAt0BvC6iiEceWZILc7TMBJRpdcpSfriAlH5+BIieXrA/Co0kXjObZSeI3NmQY4LERA6fwkSKkBVNu0v9byDWwFrobwf4NxxbwzLrtkPoEMEPU1nfPTpnGNk05n5jwmS1w4IcOOzFu3R8igAjBA6Gyt1m11lp8WqhgcfrEf5iQ3IcHyu0xf7JCvYNMtWK/zDRwWARY41UbdtSw+t89nX+umxoAUSIWT2pbrn8muSQRGBJu51Jby3HHPAILQ6kFjgRPUCLIrKzgkr3qUNv4uZ7KoSWzmZY4ISn+EpljlbJUP+mB3PbVgTjTpCFiM3G3IlAj+Ze8MjNxdUJbbW0noDauW2HHmXGzOkgg1hg9f5CJ2ok2MgM5FGpFglYbiN1ujRIFicAo6lDJvDFt8Bm6bXJZHMyiMGi7jI+Wm3sg5zWfObAWNDfJv4r90dLhdUJ1/ApHQ/5W9tbnM6hJJlnddrd1g4w76xdkSFVgnst2Y2M1Hq/uY6Km29tOCPUa0L9l6KwEjX80UypPF9Bnv0/F/gj5pRphDi6+Uv/D+EwbKAXcZkl9DyzBnSJu4/uD20H5MTbs4nXj63LAYlsq5AXlAej6c3POu9v89qUq8dZl1kb2WPmn8AtLrAh1FWiGZHeuY165Q== simone.visconti@garr.it
- yubikey: 905baa50e4
diff --git a/roles/generic/vars/zerotier.yml b/roles/generic/vars/zerotier.yml
deleted file mode 100644
index f8e793d..0000000
--- a/roles/generic/vars/zerotier.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-#packageurl: "https://download.zerotier.com/dist/zerotier-one_1.1.0_i386.deb"
-#packageurl: "https://download.zerotier.com/dist/zerotier-one_1.1.0_amd64.deb"
-#packageurl: "https://download.zerotier.com/dist/zerotier-one_1.1.4_amd64.deb"
-packageurl: "https://download.zerotier.com/dist/ZeroTierOneInstaller-linux-x64-1_1_4"
-networkid: "e5cd7a9e1c6a4bbb"
diff --git a/roles/loadbalancer/README.md b/roles/loadbalancer/README.md
deleted file mode 100644
index d4291e8..0000000
--- a/roles/loadbalancer/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-Generic
-=======
-
-This role describes a loadbalancer server in the VOPaaS environment.
-
-Requirements
-------------
-
-This playbook's role has been tested in Debian 8, which is the distribution used within VOPaaS.
-
-Role Variables
---------------
-
-TO DO
-
-Dependencies
-------------
-
-No dependency required.
-
-Example Playbook
-----------------
-
-This role can be used as follows:
-
- - hosts: servers
- roles:
- - { role }
-
-License
--------
-
-TBD
-
-Author Information
-------------------
-
-Simone Visconti <simone.visconti@garr.it>
diff --git a/roles/loadbalancer/handlers/main.yml b/roles/loadbalancer/handlers/main.yml
deleted file mode 100644
index 41cf82d..0000000
--- a/roles/loadbalancer/handlers/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Restart Nginx
- service:
- name: nginx
- state: restarted
-
-- name: Reload firewall definitions
- become: yes
- become_user: root
- command: "firewall-cmd --reload"
-
diff --git a/roles/loadbalancer/handlers/nginx.yml b/roles/loadbalancer/handlers/nginx.yml
deleted file mode 100644
index 72d2e28..0000000
--- a/roles/loadbalancer/handlers/nginx.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Restart Nginx
- service:
- name: nginx
- state: restarted
diff --git a/roles/loadbalancer/tasks/firewall.yml b/roles/loadbalancer/tasks/firewall.yml
deleted file mode 100644
index cc183e7..0000000
--- a/roles/loadbalancer/tasks/firewall.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# playbook to install and configure general components of a VOPaaS machine
-- include_vars: "roles/loadbalancer/vars/firewall.yml"
-
-- name: Add rules for the firewall
- become_user: root
- firewalld:
- port: "{{ item.port }}/{{ item.protocol}}"
- permanent: true
- state: enabled
- zone: "{{ item.zone }}"
- with_items: ports
- notify: Reload firewall definitions
-
-
-- name: Add service to the firewall
- become_user: root
- firewalld:
- service: "{{ item }}"
- permanent: true
- state: enabled
- zone: "public"
- notify: Reload firewall definitions
- with_items: servicefirewall
-
diff --git a/roles/loadbalancer/tasks/main.yml b/roles/loadbalancer/tasks/main.yml
deleted file mode 100644
index 0df2d3f..0000000
--- a/roles/loadbalancer/tasks/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-#@author: Simone Visconti
-# playbook to prepare openstack machine
-- include: packages.yml
-
-- include: nginx.yml
-
-- include: firewall.yml
diff --git a/roles/loadbalancer/tasks/nginx.yml b/roles/loadbalancer/tasks/nginx.yml
deleted file mode 100644
index 4d1f77c..0000000
--- a/roles/loadbalancer/tasks/nginx.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-#YML for prepare nginx
-
-- name: prepare all necessary file for service-gateway
- become_method: sudo
- template:
- src: "{{ item.source }}"
- dest: "{{ item.dest }}"
- with_items: servicetemplates
-
-- name: touch a directory
- become_method: sudo
- file:
- path: /var/cache/nginx/proxy_temp/cache
- state: directory
-
-- name: create nginx user
- become_method: sudo
- user:
- name: nginx
- state: present
- notify: Restart Nginx
diff --git a/roles/loadbalancer/tasks/packages.yml b/roles/loadbalancer/tasks/packages.yml
deleted file mode 100644
index eafdcc6..0000000
--- a/roles/loadbalancer/tasks/packages.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-#@author: Simone Visconti
-# playbook to prepare openstack machine
-- include_vars: roles/loadbalancer/vars/main.yml
-
-- name: install packages
- become_method: sudo
- apt:
- name: "{{ item }}"
- state: present
- with_items: packages
diff --git a/roles/loadbalancer/templates/nginx.conf.j2 b/roles/loadbalancer/templates/nginx.conf.j2
deleted file mode 100644
index 3646564..0000000
--- a/roles/loadbalancer/templates/nginx.conf.j2
+++ /dev/null
@@ -1,61 +0,0 @@
-
-user nginx;
-worker_processes auto;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-worker_rlimit_nofile 200000;
-
-
-events {
- worker_connections 10240;
- use epoll;
- multi_accept on;
- accept_mutex off;
-}
-
-
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main buffer=23k;
-
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
-
- keepalive_requests 1000;
- keepalive_timeout 95;
-
- gzip on;
- gzip_static on;
- client_max_body_size 4096m;
-
-#inizio aggiunte
- gzip_http_version 1.1;
- gzip_proxied expired no-cache no-store private auth;
- gzip_disable "MSIE [1-6]\.";
- gzip_vary on;
- gzip_buffers 16 8k;
- gzip_types text/plain text/xml text/css text/javascript application/javascript image/svg+xml application/json;
-#fine aggiunte
-
- proxy_cache_path /var/cache/nginx/proxy_temp/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=4g;
- proxy_temp_path /var/cache/nginx/proxy_temp;
- proxy_cache_key "$scheme://$host$request_uri";
- proxy_redirect off;
-
- proxy_connect_timeout 600;
- proxy_send_timeout 600;
- proxy_read_timeout 600;
- send_timeout 600;
-
- include /etc/nginx/conf.d/*.conf;
-}
diff --git a/roles/loadbalancer/templates/registry.key.j2 b/roles/loadbalancer/templates/registry.key.j2
deleted file mode 100644
index a4f33f6..0000000
--- a/roles/loadbalancer/templates/registry.key.j2
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDYBPQRrUm0ZdXI
-kVSBt9cUYxnoTl81mszFzNLLJaydfZBRD0ypJ/AhphXvfb+Y4GlFMJjlR9CcDnD9
-vTIflgJo7KhFfMlIr+A3W8bDlbiVc+twQ0tg7xrIbOi1WrRyPHnTgiR060WpB5OR
-y5CKGaaqqFO+U/JGcB4b/tJQaxZXZBAn48kCeqi9lIQxFwv7yBGPEaz1vbm+OfDI
-Y9U95aUNWHMMQhHzbDAEcnuFLAXaynGudImIeZxgfV4AuuFYNyHd1DGnM/WtJe9U
-3AaB7AjEjVxsrBabsh2Shm/3gJeaNsBSEcCzm+y0a1KVKgpEqGQ4h11Zp5+2xdHA
-3FiNJoXxAgMBAAECggEBAMKzLDzmgED9bEObYZyNU2jHrakpQj0xahF5/CAns747
-VyEIdiMcoR3i8XBrWY5z7c3z8ErvgIG3rnW02gGIFmH1s/D1eQJvqtqaeLr+LmFe
-Gr2TmdQjjnNJXjFfMLap9XACo9NR3vZrosFMxdkDJ6o3j0tDpGGCWlEHSw46hud5
-2rgeAzq4lKUlUQVnH/0mZnjuCVuqP3fbrqJSimh2A+K0ec9KzBRyYikk2XnzN0Of
-O/c4L+OkOkCHgM3U7ZTp3ZkIiBcecoc5XWRIPWDz24yl/8oy+9q0ZCrq+1pEfabm
-5GmhodqlZ/ndX0DAORXZm7/U4Dzd9ooMnttOP/eAYjECgYEA/i1feKUuLPSsriOa
-HxdT/LfChxpVpOC4SOhVNTQ4AyJ0hantw499OFyZhRq6nxkxRkUEDCbkHGvWwhNg
-I8WC6VUCam1o46XRQGv3kI3u9M3TixvVC416P52vcPOk3GVyZ7UvMLYryEFmJgN9
-l1eZIBNWHN2l8h0MzRmpRm1kXr0CgYEA2ZGHaCZupokkEXNAg2LqVpbldbTWILAO
-WY6ZtvJmImgEfpI89TKFP2JNF2knHf6uxGsz4ScpjRfCy6ENftB4EFrsOAoANuPX
-QLRDUZCQL6sVatgGQs3VIMRF+TlQQfEFbVtlINHNlmmpanuZVBKTSIZkBf2chLou
-3K+jHUNnQUUCgYEAkodrs2xeO1JuPhGOJwBWzajN/v7CgsN92aH+hSZuZ/gz/l5h
-EE0nHhfb9Ozcyx1F18GvvKWq+Wt9qfJriROzDXqRYvNh9WLBSAc19+Kq7/u8SUSp
-Q/iykfwAiPgcgWYGVx0PcGCEyvRQw/ddLqM0RlZ/XTK2GOaAW7jAajZkF20CgYEA
-zqgGwAzRSWo2UkTw4FuSTxEhfz53rbDM0JA8vaNdFA1NR5RMRnLoUh5jL3t35mvF
-QVi6fICgXR5WruiZUv1dLdvPSCNntLuR+CnBT7ZK3pxYyZXLzKSKbodAF8wyyY/Q
-IeGQGy5tYxOWEki4iTzjnR3Z4D7W7tOSM5i5DNC7QSkCgYAEFppklScvrpAfpzDy
-mmmmfKhJnkHlrOxbJEmYRNHAYghYABxomskD1Jh3oyz1X55l6Ep62vCNyUiqMr0y
-4qDOrkYv4MXOoEA64HtPOuadLkLsz7RoKNGTa4jaxeoD5dgY+PkFqbeMieqJ/mc0
-CbEcnad6o15MPZEXMOCZBn1ScQ==
------END PRIVATE KEY-----
diff --git a/roles/loadbalancer/templates/registry.pem.j2 b/roles/loadbalancer/templates/registry.pem.j2
deleted file mode 100644
index f58bf94..0000000
--- a/roles/loadbalancer/templates/registry.pem.j2
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqzCCApOgAwIBAgIJAMqHciiHWnAuMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
-BAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0MRAwDgYDVQQHDAdVdHJlY2h0MR8wHQYD
-VQQKDBZTbmFrZSBPaWwgQ2VydGlmaWNhdGVzMRgwFgYDVQQDDA8ke2Fuc2libGVf
-ZnFkbn0wHhcNMTYwMjI1MTYyNjU3WhcNMjYwMjIyMTYyNjU3WjBsMQswCQYDVQQG
-EwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEfMB0GA1UE
-CgwWU25ha2UgT2lsIENlcnRpZmljYXRlczEYMBYGA1UEAwwPJHthbnNpYmxlX2Zx
-ZG59MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2AT0Ea1JtGXVyJFU
-gbfXFGMZ6E5fNZrMxczSyyWsnX2QUQ9MqSfwIaYV732/mOBpRTCY5UfQnA5w/b0y
-H5YCaOyoRXzJSK/gN1vGw5W4lXPrcENLYO8ayGzotVq0cjx504IkdOtFqQeTkcuQ
-ihmmqqhTvlPyRnAeG/7SUGsWV2QQJ+PJAnqovZSEMRcL+8gRjxGs9b25vjnwyGPV
-PeWlDVhzDEIR82wwBHJ7hSwF2spxrnSJiHmcYH1eALrhWDch3dQxpzP1rSXvVNwG
-gewIxI1cbKwWm7IdkoZv94CXmjbAUhHAs5vstGtSlSoKRKhkOIddWaeftsXRwNxY
-jSaF8QIDAQABo1AwTjAdBgNVHQ4EFgQUR7i3PaHb4CfoX5Tq7nT44OAKNWgwHwYD
-VR0jBBgwFoAUR7i3PaHb4CfoX5Tq7nT44OAKNWgwDAYDVR0TBAUwAwEB/zANBgkq
-hkiG9w0BAQsFAAOCAQEAgPrQqSgfc+JomS9H0qSCxmz4JZ9YJeQyZyuTnOghJqAV
-GSNfRNSAwvZbX6t1R/m3SpJu9NVdsYyTAT+Y1iMl3JATXQ3HQkBtF2LrrrVyEmw0
-a7zTayDCBkOB9kJpAtik/wA1hOgx+qm1eshVq85RuszX/RWRIfDLmRY9t7CflAoB
-5uVIYTGLyq7KUGKVPsznd5Ar3WSceeEVVNT1kAx79fPkNFMQs1uxYfDr5IJVHbZ3
-kRrq0WADk5dbxon+vukK34wS5dAyQ8DpmapfUFDYjxPplKPimHIsb/uV25xrBMIR
-Xv64l28qqx85ssQd8RPqd8l6QzeK2bnPwDfGQtu8Cw==
------END CERTIFICATE-----
diff --git a/roles/loadbalancer/templates/vopaas-ssl.conf.j2 b/roles/loadbalancer/templates/vopaas-ssl.conf.j2
deleted file mode 100644
index e8f0ae2..0000000
--- a/roles/loadbalancer/templates/vopaas-ssl.conf.j2
+++ /dev/null
@@ -1,75 +0,0 @@
-upstream vopaas-ssl {
- server {{ comanage }}:443 fail_timeout=5s max_fails=3;
-}
-
-server {
- listen *:443;
- access_log /var/log/nginx/vopaas-ssl.access.log main;
- error_log /var/log/nginx/vopaas-ssl.error.log;
- root /usr/local/nginx/html;
- index index.html;
-
- client_header_buffer_size 128m;
- large_client_header_buffers 8 128m;
-
- ### timeouts ###
- resolver_timeout 300;
- client_header_timeout 300;
- client_body_timeout 600;
- send_timeout 600;
- #keepalive_timeout 65 20;
-
- ### proxy-timeouts ###
- proxy_connect_timeout 30;
- proxy_send_timeout 600;
- proxy_read_timeout 600;
-
- client_max_body_size 8192m;
-
-
- ssl_prefer_server_ciphers on;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_session_timeout 5m;
- ssl_session_cache shared:SSL:10m;
- ssl_certificate /etc/ssl/certs/registry.pem;
- ssl_certificate_key /etc/ssl/private/registry.key;
- ssl on;
-
-
- location / {
- proxy_pass https://vopaas-ssl;
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
- proxy_redirect off;
- proxy_buffering off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-By $server_addr:$server_port;
- proxy_set_header X-Forwarded-Proto https;
- fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
-
- proxy_cache STATIC;
- proxy_cache_valid 200 302 60m;
- proxy_cache_valid 404 1m;
- proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
- proxy_ignore_headers "Set-Cookie";
- }
-
- #status per report con collectd
- location /nginx_status {
- # Turn on nginx stats
- stub_status on;
- # I do not need logs for stats
- access_log off;
- # Security: Only allow access from 192.168.1.100 IP #
- #allow 127.0.0.1 192.168.118.0/24;
- # Send rest of the world to /dev/null #
- #deny all;
- }
-
- location /robots.txt {
- return 200 "User-agent: *\nDisallow: /\nAllow: /index.php\nAllow: /sync-clients/";
- }
-
-}
diff --git a/roles/loadbalancer/templates/vopaas.conf.j2 b/roles/loadbalancer/templates/vopaas.conf.j2
deleted file mode 100644
index 8d6707d..0000000
--- a/roles/loadbalancer/templates/vopaas.conf.j2
+++ /dev/null
@@ -1,57 +0,0 @@
-upstream vopaas {
- server {{ comanage }}:443 fail_timeout=5s max_fails=3;
-}
-
-server {
- listen *:80;
- #server_name ;
-
- #redirect permanently http tp https
- return 301 https://$host$request_uri;
-
- access_log /var/log/nginx/vopaas.access.log main;
- error_log /var/log/nginx/vopaas.error.log;
- root /usr/local/nginx/html;
- index index.html;
-
- client_header_buffer_size 128m;
- large_client_header_buffers 8 128m;
- ### timeouts ###
- resolver_timeout 300;
- client_header_timeout 300;
- client_body_timeout 600;
- send_timeout 600;
- #keepalive_timeout 65 20;
- ### proxy-timeouts ###
- proxy_connect_timeout 30;
- proxy_send_timeout 600;
- proxy_read_timeout 600;
-
- client_max_body_size 4096m;
-
- location / {
- proxy_pass http://vopaas;
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
- proxy_redirect off;
- proxy_buffering off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- #status per report con collectd
- location /nginx_status {
- # Turn on nginx stats
- stub_status on;
- # I do not need logs for stats
- access_log off;
- # Security: Only allow access from 192.168.1.100 IP #
- #allow 127.0.0.1 192.168.118.0/24;
- # Send rest of the world to /dev/null #
- #deny all;
- }
-
- location /robots.txt {
- return 200 "User-agent: *\nDisallow: /\nAllow: /index.php\nAllow: /sync-clients/";
- }
-}
diff --git a/roles/loadbalancer/vars/firewall.yml b/roles/loadbalancer/vars/firewall.yml
deleted file mode 100644
index af36179..0000000
--- a/roles/loadbalancer/vars/firewall.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-ports:
- - port: 80
- protocol: tcp
- zone: public
- - port: 22
- protocol: tcp
- zone: public
- - port: 443
- protocol: tcp
- zone: public
-
-
-servicefirewall:
- - http
- - https
diff --git a/roles/loadbalancer/vars/main.yml b/roles/loadbalancer/vars/main.yml
deleted file mode 100644
index fa6c283..0000000
--- a/roles/loadbalancer/vars/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-packages:
- - nginx
-
-servicetemplates:
- -
- source: "roles/loadbalancer/templates/nginx.conf.j2"
- dest: "/etc/nginx/nginx.conf"
- -
- source: "roles/loadbalancer/templates/vopaas.conf.j2"
- dest: "/etc/nginx/conf.d/vopaas.conf"
- -
- source: "roles/loadbalancer/templates/vopaas-ssl.conf.j2"
- dest: "/etc/nginx/conf.d/vopaas-ssl.conf"
- -
- source: "roles/loadbalancer/templates/registry.pem.j2"
- dest: "/etc/ssl/certs/registry.pem"
- -
- source: "roles/loadbalancer/templates/registry.key.j2"
- dest: "/etc/ssl/private/registry.key"
-
diff --git a/roles/python27/tasks/main.yml b/roles/python27/tasks/main.yml
new file mode 100644
index 0000000..6d3956d
--- /dev/null
+++ b/roles/python27/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+# playbook to install python 2.7 on ubuntu 16.04
+
+- name: perform apt-get update
+ raw: apt-get update -qq
+
+- name: ensure that python is installed
+ raw: sudo apt-get install -qq python2.7
+
diff --git a/start.sh b/start.sh
index bf2eeaf..fe38ef7 100755
--- a/start.sh
+++ b/start.sh
@@ -1 +1 @@
-ansible-playbook -i inventories/$1 playbook.yml
+ansible-playbook -i inventories/python27 playbook.yml
diff --git a/test.sh b/test.sh
deleted file mode 100755
index f71354b..0000000
--- a/test.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-PLAYBOOK="$1"
-if [ -z "$PLAYBOOK" ]; then
- PLAYBOOK="playbook.yml"
-fi
-
-docker run -v $PWD:/opt/VOPaaS -w /opt/VOPaaS vopaas ansible-playbook -c local -i inventories/inventory.localhost $PLAYBOOK
--
GitLab