azbyka scripts: update to the latest

vz/azbyka/createbytask.int.sh

@@ -27,6 +27,7 @@ assure $AUSER
 assure $ACONF
 assure $ADOMAIN
 assure $VEID
+assure $NGINXIP
 
 # TODO: external config
 ADMINEMAIL=lav@etersoft.ru
@@ -173,6 +174,24 @@ EOF
     serv monit reload
 }
 
+
+tune_remoteip()
+{
+local ipstr
+
+ipstr="$NGINXIP"
+[ -n "$NGINXIPv6" ] && ipstr="$ipstr $NGINXIPv6"
+
+cat <<EOF > /etc/httpd2/conf/mods-available/remoteip.conf
+    <IfModule remoteip_module>
+        RemoteIPHeader X-Forwarded-For
+        RemoteIPInternalProxy $ipstr
+    </IfModule>
+EOF
+[ -f /etc/httpd2/conf/mods-enabled/remoteip.conf ] ||
+    ln -sr /etc/httpd2/conf/mods-available/remoteip.conf /etc/httpd2/conf/mods-enabled/remoteip.conf
+}
+
 # arg: path to php.ini
 tune_php()
 {
@@ -220,14 +239,7 @@ tune_apache2()
         echo "$i=no" >>$F
     done
 
-cat <<EOF > /etc/httpd2/conf/mods-available/remoteip.conf
-    <IfModule remoteip_module>
-        RemoteIPHeader X-Forwarded-For
-        RemoteIPInternalProxy $NGINXIP/32
-    </IfModule>
-EOF
-    [ -f /etc/httpd2/conf/mods-enabled/remoteip.conf ] ||
-        ln -sr /etc/httpd2/conf/mods-available/remoteip.conf /etc/httpd2/conf/mods-enabled/remoteip.conf
+    tune_remoteip
 
     cp /tmp/prepend.php /etc/httpd2/conf/include/prepend.php || fatal
     # TODO
@@ -318,13 +330,7 @@ tune_apache2_mediawiki()
         docmd a2disextra $i
     done
 
-cat <<EOF > /etc/httpd2/conf/mods-available/remoteip.conf
-    <IfModule remoteip_module>
-        RemoteIPHeader X-Forwarded-For
-        RemoteIPInternalProxy $NGINXIP/32
-    </IfModule>
-EOF
-    ln -sr /etc/httpd2/conf/mods-available/remoteip.conf /etc/httpd2/conf/mods-enabled/remoteip.conf
+    tune_remoteip
 
 #    cp /tmp/prepend.php /etc/httpd2/conf/include/prepend.php || fatal
 
@@ -341,9 +347,12 @@ tune_local_memcached_redis()
     # for access from sitebox
     subst 's|^bind 127.0.0.1|bind 0.0.0.0|' /etc/redis/redis.conf
     subst 's|^protected-mode yes|protected-mode no|' /etc/redis/redis.conf
-    subst 's|^LISTEN="127.0.0.1"|LISTEN="0.0.0.0"|' /etc/sysconfig/memcached 
+    subst 's|^LISTEN="127.0.0.1"|LISTEN="0.0.0.0"|' /etc/sysconfig/memcached
     serv redis on
     serv memcached on
+    # уже запущены ранее, поэтому эти настройки не применились
+    serv redis restart
+    serv memcached restart
 
 # hack: remove after update docker image
     if [ ! -f /etc/localtime ] ; then
@@ -374,6 +383,8 @@ if [ -n "$AUSERID" ] ; then
     useradd -M $AUSER -u $AUSERID -g $AGROUPID #|| fatal
 fi
 
+epm update
+
 # locales
 echo "%_install_langs ru:en:C" >/etc/rpm/macros
 epmi --auto --skip-installed glibc-locales
@@ -392,6 +403,8 @@ if [ -n "$AUSERID" ] ; then
     fi
 fi
 
+update_chrooted conf
+
 PHP7BASE="php7-mbstring php7-pdo php7-curl php7-fileinfo php7-dom php7-exif \
           php7-pdo_mysql php7-mysqli php7-pcntl php7-openssl php7-mcrypt php7-imagick \
           php7-gd2 php7-xmlreader php7-memcached php7-xsl php7-zip php7-redis php7-opcache"

vz/azbyka/createbytask.sh

@@ -12,7 +12,7 @@ tune_yandex_mirror()
 
 TASKFILE="$1"
 if ! echo "$TASKFILE" | grep -q ves/ ; then
-    TASKFILE=ves/$TASKFILE.task
+    TASKFILE=ves/$(basename $TASKFILE .task).task
     [ -s $TASKFILE ] || fatal "Can't find $TASKFILE (originally $1)"
 fi
 
@@ -25,11 +25,14 @@ FORCE=''
 # links:
 # TODO: do via docker compose
 # TODO: user Dockerfile
+COMPOSEDIR=servers
+SITESDIR=servers/sites.d
 if [ -n "$DOCKID" ] ; then
-    mkdir -p composers/sites.d/
-cat <<EOF > composers/sites.d/$ACONF.yml
+    mkdir -p $SITESDIR/
+cat <<EOF > $SITESDIR/$ACONF.yml
   $ACONF:
     container_name: $ACONF
+    hostname: "$ACONF"
     restart: always
     image: $DOCKERIMAGE
     command:
@@ -39,35 +42,35 @@ cat <<EOF > composers/sites.d/$ACONF.yml
       - $HOSTHOME/$AUSER:/home/$AUSER
 EOF
 if [ -n "$DOCKVOLUME" ] ; then
-cat <<EOF >> composers/sites.d/$ACONF.yml
+cat <<EOF >> $SITESDIR/$ACONF.yml
       - $DOCKVOLUME
 EOF
 fi
-cat <<EOF >> composers/sites.d/$ACONF.yml
+cat <<EOF >> $SITESDIR/$ACONF.yml
     cap_add:
       - SYS_ADMIN
       - SYS_PTRACE
+      - CAP_AUDIT_WRITE
+      - CAP_AUDIT_CONTROL
     security_opt:
       - apparmor:unconfined
 
     extra_hosts:
-      - "sphinx.azbyka:$SPHINXHOST"
       - "memcached memcached.azbyka memcached.$AUSER:$MEMCACHEDHOST"
       - "redis redis.azbyka redis.$AUSER:$REDISHOST"
-      - "beanstalkd beanstalkd.azbyka beanstalkd.$AUSER:$BEANSTALKDHOST"
-      - "mysql mysql.azbyka mysql.$AUSER:$MYSQLHOST"
-      - "mariadb mariadb.azbyka mariadb.$AUSER:$MARIADBHOST"
+      - "mysql.azbyka mysql.$AUSER:$MYSQLHOST"
+      - "manticore:$MANTICOREHOST"
 
     networks:
-      default:
-          ipv4_address: $VEIP
+      default
 EOF
-    composers/update_compose.sh
+    $COMPOSEDIR/update_compose.sh
     #cd composers
     DOCKID=$ACONF
     #evz destroy $DOCKID
     #docker-compose -f composers/docker-compose.yml -p $BASENAME create $DOCKID || fatal
-    docmd docker-compose -f composers/docker-compose.yml -p $BASENAME up --build $FORCE --no-start $DOCKID || fatal
+    #docmd docker-compose -f composers/docker-compose.yml -p $BASENAME up --build $FORCE --no-start $DOCKID || fatal
+    docmd podman-compose -f $COMPOSEDIR/docker-compose.yml -p $BASENAME up --build $FORCE --no-start $DOCKID || fatal
     #cd -
 
     docmd docker start $DOCKID || fatal
@@ -163,6 +166,8 @@ echo "ACONF=$ACONF" | st tee -a $ATASK
 echo "ADOMAIN=$ADOMAIN" | st tee -a $ATASK
 echo "PKGINSTALL='$PKGINSTALL'" | st tee -a $ATASK
 echo "VEIP=$VEIP" | st tee -a $ATASK
+echo "NGINXIP=$NGINXIP" | st tee -a $ATASK
+echo "NGINXIPv6=$NGINXIPv6" | st tee -a $ATASK
 
 # common projects
 if false && [ -n "$VEIDORIG" ] ; then

vz/azbyka/functions

@@ -24,6 +24,28 @@ hostserver()
 }
 
 
+# run command in cont
+contexec()
+{
+    contid="$1"
+    shift
+    docker exec -i -e LC_ALL=ru_RU.UTF8 "$contid" "$@"
+}
+
+# run script in cont
+# contid
+run_in_cont()
+{
+    contid="$1"
+    shift
+    contexec "$contid" tee /tmp/cmd.int.sh >/dev/null
+    contexec "$contid" bash -x /tmp/cmd.int.sh "$@" </dev/null
+    status=$?
+    contexec "$contid" rm -f /tmp/cmd.int.sh </dev/null
+    return $status
+}
+
+
 load_config() {
 
 TASK="$1"
@@ -44,7 +66,7 @@ fi
 # TODO
 [ -n "$VEIP" ] || VEIP=$BASEIP.$VEID
 
-# Если указан системный пользователь AUSER или указано STANDALONE, что это отдельный проект на домене
+# Если указан системный пользователь AUSER, то это отдельный проект на домене
 [ -n "$AUSER" ] && STANDALONE=1 || AUSER="$NAME"
 
 # Проект на BASESITE (с префиксом BASENAME при его наличии)