Update to 2021-12-01 19:13

roles/akeneo_pim/templates/akeneo-pim-events-api.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Akeneo Events API worker for PIM {{ pim_id }}
+
+[Service]
+User={{ pim_user }}
+Group={{ pim_user }}
+WorkingDirectory={{ pim_root_dir }}/app
+ExecStart=/bin/php{{ pim_php_version }} bin/console messenger:consume webhook --env=prod
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=akeneo-pim_{{ pim_id }}-events-api
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
+

roles/akeneo_pim/templates/akeneo-pim-jobs.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Akeneo jobs worker for PIM {{ pim_id }}
+
+[Service]
+User={{ pim_user }}
+Group={{ pim_user }}
+WorkingDirectory={{ pim_root_dir }}/app
+ExecStart=/bin/php{{ pim_php_version }} bin/console akeneo:batch:job-queue-consumer-daemon --env=prod
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=akeneo-pim_{{ pim_id }}-jobs
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
+

roles/akeneo_pim/templates/composer.json.j2

@@ -0,0 +1,44 @@
+{
+    "name": "akeneo/pim-community-standard",
+    "description": "The \"Akeneo Community Standard Edition\" distribution",
+    "license": "OSL-3.0",
+    "type": "project",
+    "authors": [
+        {
+            "name": "Akeneo",
+            "homepage": "http://www.akeneo.com"
+        }
+    ],
+    "autoload": {
+        "psr-0": {
+            "": "src/"
+        },
+        "psr-4": {
+            "Pim\\Upgrade\\": "upgrades/"
+        },
+        "exclude-from-classmap": [
+            "vendor/akeneo/pim-community-dev/src/Kernel.php"
+        ]
+    },
+    "require": {
+        "akeneo/pim-community-dev": "^{{ pim_version }}"
+    },
+    "require-dev": {
+        "doctrine/doctrine-migrations-bundle": "1.3.2",
+        "symfony/debug-bundle": "^4.4.7",
+        "symfony/web-profiler-bundle": "^4.4.7",
+        "symfony/web-server-bundle": "^4.4.7"
+    },
+    "scripts": {
+        "post-update-cmd": [
+            "bash vendor/akeneo/pim-community-dev/std-build/install-required-files.sh"
+        ],
+        "post-install-cmd": [
+            "bash vendor/akeneo/pim-community-dev/std-build/install-required-files.sh"
+        ],
+        "post-create-project-cmd": [
+            "bash vendor/akeneo/pim-community-dev/std-build/install-required-files.sh"
+        ]
+    },
+    "minimum-stability": "stable"
+}

roles/akeneo_pim/templates/env.j2

@@ -0,0 +1,17 @@
+APP_ENV=prod
+APP_DEBUG=0
+APP_DATABASE_HOST={{ pim_db_server }}
+APP_DATABASE_PORT={{ pim_db_port }}
+APP_DATABASE_NAME={{ pim_db_name }}
+APP_DATABASE_USER={{ pim_db_user }}
+APP_DATABASE_PASSWORD={{ pim_db_pass | quote }}
+APP_DEFAULT_LOCALE=en
+APP_SECRET={{ pim_secret | quote }}
+APP_INDEX_HOSTS={{ pim_es_server }}
+APP_PRODUCT_AND_PRODUCT_MODEL_INDEX_NAME=akeneo_pim_product_and_product_model
+APP_CONNECTION_ERROR_INDEX_NAME=akeneo_connectivity_connection_error
+MAILER_URL=null://localhost&sender_address=no-reply@{{ ansible_domain }}
+AKENEO_PIM_URL={{ pim_public_url }}
+LOGGING_LEVEL=NOTICE
+APP_EVENTS_API_DEBUG_INDEX_NAME=akeneo_connectivity_connection_events_api_debug
+APP_PRODUCT_AND_PRODUCT_MODEL_INDEX_NAME=akeneo_pim_product_and_product_model

roles/akeneo_pim/templates/httpd.conf.j2

@@ -0,0 +1,31 @@
+<Directory {{ pim_root_dir }}/app/public>
+  AllowOverride All
+  Options FollowSymLinks
+{% if pim_src_ip is defined and pim_src_ip | length > 0 %}
+  Require ip {{ pim_src_ip | join(' ') }}
+{% else %}
+  Require all granted
+{% endif %}
+  <FilesMatch \.php$>
+    SetHandler "proxy:unix:/run/php-fpm/{{ pim_php_fpm_pool | default('pim_' + pim_id | string) }}.sock|fcgi://localhost"
+  </FilesMatch>
+
+  RewriteEngine On
+
+  # Handle Authorization Header
+  RewriteCond %{HTTP:Authorization} .
+  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+  # Send Requests To Front Controller...
+  RewriteCond %{REQUEST_FILENAME} !-f
+  RewriteRule ^ index.php [QSA,L]
+
+  <FilesMatch "(\.git.*)">
+    Require all denied
+  </FilesMatch>
+
+</Directory>
+
+<Directory {{ pim_root_dir }}/app/public/bundles>
+  RewriteEngine Off
+</Directory>

roles/akeneo_pim/templates/logrotate.conf.j2

@@ -0,0 +1,6 @@
+{{ pim_root_dir }}/data/logs/*.log {
+  daily
+  rotate 90
+  compress
+  missingok
+}

roles/akeneo_pim/templates/perms.sh.j2

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+restorecon -R {{ pim_root_dir }}
+chown root:root {{ pim_root_dir }}
+chmod 700 {{ pim_root_dir }}
+setfacl -R -k -b {{ pim_root_dir }}
+setfacl -m u:{{ pim_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:x {{ pim_root_dir }}
+find {{ pim_root_dir }}/app -type f -exec chmod 644 "{}" \;
+find {{ pim_root_dir }}/app -type d -exec chmod 755 "{}" \;
+chown -R {{ pim_user }}:{{ pim_user }} {{ pim_root_dir }}/app
+

roles/akeneo_pim/templates/php.conf.j2

@@ -0,0 +1,35 @@
+[pim_{{ pim_id }}]
+
+listen.owner = root
+listen.group = apache
+listen.mode = 0660
+listen = /run/php-fpm/pim_{{ pim_id }}.sock
+user = {{ pim_user }}
+group = {{ pim_user }}
+catch_workers_output = yes
+
+pm = dynamic
+pm.max_children = 15
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 6
+pm.max_requests = 5000
+request_terminate_timeout = 5m
+
+php_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_value[error_log] = syslog
+php_admin_value[memory_limit] = 1024M
+php_admin_value[session.save_path] = {{ pim_root_dir }}/sessions
+php_admin_value[upload_tmp_dir] = {{ pim_root_dir }}/tmp
+php_admin_value[sys_temp_dir] = {{ pim_root_dir }}/tmp
+php_admin_value[post_max_size] = 200M
+php_admin_value[upload_max_filesize] = 200M
+php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
+php_admin_value[open_basedir] = {{ pim_root_dir }}:/usr/share/pear/:/usr/share/php/
+php_admin_value[max_execution_time] = 1200
+php_admin_value[max_input_time] = 1200
+php_admin_flag[allow_url_include] = off
+php_admin_flag[allow_url_fopen] = off
+php_admin_flag[file_uploads] = on
+php_admin_flag[session.cookie_httponly] = on

roles/akeneo_pim/templates/post-backup.j2

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ pim_root_dir }}/backup/*.sql.zst

roles/akeneo_pim/templates/pre-backup.j2

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -eo pipefail
+
+/usr/bin/mysqldump \
+{% if pim_db_server not in ['localhost','127.0.0.1'] %}
+  --user={{ pim_db_user | quote }} \
+  --password={{ pim_db_pass | quote }} \
+  --host={{ pim_db_server | quote }} \
+  --port={{ pim_db_port | quote }} \
+{% endif %}
+  --quick --single-transaction \
+  --add-drop-table {{ pim_db_name | quote }} | zstd -c > {{ pim_root_dir }}/backup/{{ pim_db_name }}.sql.zst
+