Update to 2022-03-07 16:00

roles/unmaintained/itop/templates/cron.param.j2

@@ -0,0 +1,7 @@
+{% if itop_cron_user is defined and itop_cron_pass is defined %}
+auth_user = {{ itop_cron_user }}
+auth_pwd = {{ itop_cron_pass }}
+{% endif %}
+
+size_min = 20 # in MB
+time_limit = 40 # in minutes

roles/unmaintained/itop/templates/filebeat.yml.j2

@@ -0,0 +1,6 @@
+---
+
+- type: log
+  enabled: True
+  paths:
+    - {{ itop_root_dir }}/web/log/setup.log

roles/unmaintained/itop/templates/httpd.conf.j2

@@ -0,0 +1,26 @@
+{% if itop_alias is defined %}
+Alias /{{ itop_alias }} {{ itop_root_dir }}/web/
+{% else %}
+# No alias defined, create a vhost to access it
+{% endif %}
+
+RewriteEngine On
+# Upgrading DB schema can be very long, so makes sure httpd will wait for a response long enough
+ProxyTimeout 1800
+<Directory {{ itop_root_dir }}/web/>
+  AllowOverride All
+  Options FollowSymLinks
+{% if itop_src_ip is defined %}
+  Require ip {{ itop_src_ip | join(' ') }}
+{% else %}
+  Require all granted
+{% endif %}
+  <FilesMatch \.php$>
+    SetHandler "proxy:unix:/run/php-fpm/{{ itop_php_fpm_pool  | default('itop_' + itop_id | string) }}.sock|fcgi://localhost"
+  </FilesMatch>
+</Directory>
+{% for dir in ['log','env-production','env-production-build','data','conf'] %}
+<Directory {{ itop_root_dir }}/web/{{ dir }}>
+  Require all denied
+</Directory>
+{% endfor %}

roles/unmaintained/itop/templates/itop.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=iTop {{ itop_id }} background tasks
+
+[Service]
+Type=oneshot
+ExecStart=/bin/php{{ itop_php_version }} \
+            -d memory_limit=512M \
+            -d session.save_path={{ itop_root_dir }}/sessions \
+            {{ itop_root_dir }}/web/webservices/cron.php \
+            --param_file={{ itop_root_dir }}/etc/cron.params \
+            --verbose=1
+User={{ itop_php_user }}
+Group={{ itop_php_user }}
+
+

roles/unmaintained/itop/templates/itop.timer.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=iTop {{ itop_id }} background tasks
+
+[Timer]
+OnCalendar=*:0/5
+
+[Install]
+WantedBy=timers.target

roles/unmaintained/itop/templates/perms.sh.j2

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+restorecon -R {{ itop_root_dir }}
+chown -R root:root {{ itop_root_dir }}/web/
+find {{ itop_root_dir }}/web/ -type d -exec chmod 755 "{}" \;
+find {{ itop_root_dir }}/web/ -type f -exec chmod 644 "{}" \;
+{% for dir in ['data', 'conf', 'log', 'env-production', 'env-production-build', 'extensions'] %}
+chmod 700 {{ itop_root_dir }}/web/{{ dir }}
+setfacl -k -b -R {{ itop_root_dir }}/web/{{ dir }}
+chown -R {{ itop_php_user }}:{{ itop_php_user }} {{ itop_root_dir }}/web/{{ dir }}
+{% if dir == 'conf' %}
+find {{ itop_root_dir }}/web/{{ dir }} -type d -exec chmod 750 "{}" \;
+find {{ itop_root_dir }}/web/{{ dir }} -type f -exec chown root:{{ itop_php_user }} "{}" \; -exec chmod 640 "{}" \;
+{% else %}
+find {{ itop_root_dir }}/web/{{ dir }} -type d -exec chmod 750 "{}" \;
+find {{ itop_root_dir }}/web/{{ dir }} -type f -exec chmod 640 "{}" \;
+setfacl -R -m u:{{ httpd_user | default('apache') }}:rX,d:u:{{ httpd_user | default('apache') }}:rX {{ itop_root_dir }}/web/{{ dir }}
+{% endif %}
+{% endfor %}
+find {{ itop_root_dir }}/web/ -type f -name .htaccess -exec chown root:root "{}" \; -exec chmod 644 "{}" \;

roles/unmaintained/itop/templates/php.conf.j2

@@ -0,0 +1,39 @@
+; {{ ansible_managed }}
+
+[itop_{{ itop_id }}]
+
+listen.owner = root
+listen.group = {{ httpd_user | default('apache') }}
+listen.mode = 0660
+listen = /run/php-fpm/itop_{{ itop_id }}.sock
+user = {{ itop_php_user }}
+group = {{ itop_php_user }}
+catch_workers_output = yes
+
+pm = dynamic
+pm.max_children = 15
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 6
+pm.max_requests = 5000
+request_terminate_timeout = 60m
+
+php_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = 512M
+php_admin_value[session.save_path] = {{ itop_root_dir }}/sessions
+php_admin_value[upload_tmp_dir] = {{ itop_root_dir }}/tmp
+php_admin_value[sys_temp_dir] = {{ itop_root_dir }}/tmp
+php_admin_value[post_max_size] = 21M
+php_admin_value[upload_max_filesize] = 20M
+php_admin_value[disable_functions] = system, show_source, symlink, dl, shell_exec, passthru, phpinfo, escapeshellcmd
+php_admin_value[open_basedir] = {{ itop_root_dir }}:/etc/pki/tls/cert.pem:/usr/bin/dot
+; DB schema upgrade can be very long
+php_admin_value[max_execution_time] = 1800
+php_admin_value[max_input_time] = 120
+php_admin_flag[allow_url_include] = off
+php_admin_flag[allow_url_fopen] = on
+php_admin_flag[file_uploads] = on
+php_admin_flag[session.cookie_httponly] = on
+

roles/unmaintained/itop/templates/post-backup.sh.j2

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ itop_root_dir }}/backup/*

roles/unmaintained/itop/templates/pre-backup.sh.j2

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -eo pipefail
+
+/usr/bin/mysqldump \
+{% if itop_db_server not in ['127.0.0.1','localhost'] %}
+    --user={{ itop_db_user }} \
+    --password={{ itop_db_pass | quote }} \
+    --host={{ itop_db_server }} \
+{% if itop_db_port is defined %}
+    --port={{ itop_db_port }} \
+{% endif %}
+{% endif %}
+    --quick --single-transaction \
+    --add-drop-table {{ itop_db_name }} | zstd -c > {{ itop_root_dir }}/backup/{{ itop_db_name }}.sql.zst