Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
###
### Barracuda
###
### Configuration stored in the /root/.barracuda.cnf file.
### This example is for public install mode - see docs/INSTALL.txt
###
### NOTE: the group of settings displayed below will *not* be overridden
### on upgrade by the Barracuda script nor by this configuration file.
### They can be defined only on initial Barracuda install.
###
_EASY_HOSTNAME="f-q-d-n" #------ Hostname auto-configured via _EASY_SETUP
_LOCAL_NETWORK_HN="" #---------- Hostname if in localhost mode - auto-conf
_LOCAL_NETWORK_IP="" #---------- Web server IP if in localhost mode - auto-conf
_MY_FRONT="master.f-q-d-n" #---- URL of the Aegir Master Instance control panel
_MY_HOSTN="f-q-d-n" #----------- Allows to define server hostname
_MY_OWNIP="123.45.67.89" #------ Allows to specify web server IP if not default
_SMTP_RELAY_HOST="" #----------- Allows to configure simple SMTP relay (w/o pwd)
_SMTP_RELAY_TEST=YES #---------- Allows to skip SMTP availability tests when NO
_THIS_DB_HOST=localhost #------- Allows to use hostname in DB grants when FQDN
###
### NOTE: the group of settings displayed below
### will *override* all listed settings in the Barracuda script,
### both on initial install and upgrade.
###
_AUTOPILOT=NO #----------------- Allows to skip all Yes/No questions when YES
_DEBUG_MODE=NO #---------------- Allows to enable Drush debugging when YES
_MY_EMAIL="my@email" #---------- System admin email
_XTRAS_LIST="" #---------------- See docs/NOTES.txt for details on add-ons
###
_MODULES_FIX=YES #-------------- Allows to skip weekly modules en/dis when NO
_MODULES_SKIP="" #-------------- Modules (machine names) to never auto-disable
_PERMISSIONS_FIX=YES #---------- Allows to skip daily permissions fix when NO
###
_CPU_CRIT_RATIO=9 #------------- Max load per CPU core before killing PHP/Drush
_CPU_MAX_RATIO=6 #-------------- Max load per CPU core before disabling Nginx
_CPU_SPIDER_RATIO=3 #----------- Max load per CPU core before blocking spiders
###
_DB_BINARY_LOG=NO #------------- Allows to enable binary logging when YES
_DB_SERIES=5.7 #---------------- Supported values: 5.7
_DB_SERVER=Percona #------------ Install Percona or MariaDB (deprecated)
_USE_MYSQLTUNER=YES #----------- Use MySQLTuner to configure SQL limits when YES
###
_DNS_SETUP_TEST=YES #----------- Allows to skip DNS testing when NO
_EXTRA_PACKAGES="" #------------ Installs listed extra packages with apt-get
_FORCE_GIT_MIRROR="" #---------- Allows to use different mirror (deprecated)
_LOCAL_DEBIAN_MIRROR= #--------- Allows to force non-default Debian mirror
_LOCAL_UBUNTU_MIRROR= #--------- Allows to force non-default Ubuntu mirror
_NEWRELIC_KEY= #---------------- Installs New Relic when license key is set
_SCOUT_KEY= #------------------- Installs Scout App when license key is set
###
_ENABLE_GOACCESS=NO #----------- Generate statistics with GoAccess when YES
###
_MAGICK_FROM_SOURCES=YES #------ Builds ImageMagick from sources when YES
###
_NGINX_DOS_LIMIT=399 #---------- Allows to override default 399/599 limit
_NGINX_EXTRA_CONF="" #---------- Allows to add custom options to Nginx build
_NGINX_FORWARD_SECRECY=YES #---- Installs PFS Nginx support when YES (default)
_NGINX_HEADERS=NO #------------- Installs Nginx Headers More support when YES
_NGINX_LDAP=NO #---------------- Installs LDAP Nginx support when YES
_NGINX_NAXSI=NO #--------------- Installs NAXSI WAF when YES - experimental
_NGINX_SPDY=YES #--------------- Installs SPDY Nginx support when YES (default)
_NGINX_WORKERS=AUTO #----------- Allows to override AUTO with a valid integer
###
_PHP_CLI_VERSION=7.4 #---------- PHP-CLI for Master Instance: 8.0/1 7.3/4 5.6
_PHP_EXTRA_CONF="" #------------ Allows to add custom options to PHP build
_PHP_FPM_DENY="" #-------------- Modify disable_functions -- see info below
_PHP_FPM_VERSION=7.4 #---------- PHP-FPM for Master Instance: 8.0/1 7.3/4 5.6
_PHP_FPM_WORKERS=AUTO #--------- Allows to override AUTO with a valid integer
_PHP_IONCUBE=NO #--------------- Installs ionCube for all PHP versions when YES
_PHP_GEOS=NO #------------------ Installs GEOS for all PHP versions when YES
_PHP_MONGODB=NO #--------------- Installs MONGODB for all PHP versions when YES
_PHP_MULTI_INSTALL="8.0 7.4" #-- PHP versions to install: 8.0/1 7.0/1/2/3/4 5.6
_PHP_SINGLE_INSTALL="" #-------- Allows to force single PHP version, like: 7.4
###
_REDIS_LISTEN_MODE=SOCKET #----- Redis listen mode: SOCKET (recommended) or PORT
_REDIS_MAJOR_RELEASE=7 #-------- Redis major release version: 5, 6 or 7
_RESERVED_RAM=0 #--------------- Allows to reserve RAM (in MB) for non-BOA apps
_SPEED_VALID_MAX=3600 #--------- Defines Speed Booster hourly cache TTL in sec
_SSH_ARMOUR=NO #---------------- Allows to enhance OpenSSH security when YES
_SSH_FROM_SOURCES=NO #---------- Allows to build OpenSSH from sources on Debian
_SSH_PORT=22 #------------------ Allows to configure non-standard SSH port
_STRICT_BIN_PERMISSIONS=YES #--- Aggressively protect all binaries when YES
_STRONG_PASSWORDS=NO #---------- Configurable length: 8-128, YES (32), NO (8)
###
_CUSTOM_CONFIG_CSF=NO #--------- Protects custom CSF config when YES
_CUSTOM_CONFIG_LSHELL=NO #------ Protects custom Limited Shell config when YES
_CUSTOM_CONFIG_REDIS=NO #------- Protects custom Redis config when YES
_CUSTOM_CONFIG_SQL=NO #--------- Protects custom SQL config when YES
###
_AEGIR_UPGRADE_ONLY=NO #-------- Run only Aegir upgrade when YES (deprecated)
_SYSTEM_UPGRADE_ONLY=NO #------- Managed on the fly with 'system' keyword
###
_SYS_COLLATION_SQL= #----------- By default on the DB server: utf8mb4_unicode_ci
###
### Barracuda
###
###
### HINT: Check also control files docs in: docs/ctrl/system.ctrl
###
###
### Extra, special purpose settings are listed below.
###
###
### You can configure BOA to run automated upgrades to latest head version
### for both Barracuda and all Octopus instances with three variables, empty
### by default. All three variables must be defined to enable auto-upgrade.
###
### You can set _AUTO_UP_MONTH and _AUTO_UP_DAY to any date in the past or
### future (like _AUTO_UP_MONTH=2 with _AUTO_UP_DAY=29) if you wish to enable
### only weekly system upgrades.
###
### Remember that day/month upgrades will include complete upgrade to latest BOA
### head for Barracuda and all Octopus instances, while weekly upgrade is
### designed to run only 'barracuda up-head system' upgrade.
###
### You can further modify the auto-upgrade by specifying either head or dev
### with _AUTO_VER variable, plus you can include all supported PHP versions
### with _AUTO_PHP variable set to "php-all" -- otherwise it will be ignored.
###
### Note that weekly system upgrade will start shortly after midnight on the
### specified weekday, while the day/month upgrades for both Barracuda
### and all Octopus instances will start at ~3 AM for system and Aegir Master
### instance, and ~4 AM for all Octopus based Aegir instances.
###
### NOTE: All three _AUTO_UP_* variables must be defined to enable auto-upgrade.
###
_AUTO_UP_WEEKLY= #-------------- Day of week (1-7) for weekly system upgrades
_AUTO_UP_MONTH= #--------------- Month (1-12) to define date of one-time upgrade
_AUTO_UP_DAY= #----------------- Day (1-31) to define date of one-time upgrade
_AUTO_VER=head #---------------- The BOA version to use (head by default)
_AUTO_PHP= #-------------------- Useful to force php-all, otherwise ignored
###
### You can whitelist extra binaries to make them available for web server
### requests, in addition to already whitelisted, known as safe binaries.
###
### Please be aware that you could easily open security holes by whitelisting
### commands which may provide access to otherwise not available parts of
### the system, because the exec() in PHP doesn't respect other limitations
### like open_basedir directive.
###
### You should list only filenames, not full paths, for example:
###
### _BACKEND_ITEMS_LIST="git foo bar"
###
_BACKEND_ITEMS_LIST=
###
### The BOA Skynet auto-updates were initially limited to checking for new BOA
### release and notifying the system admin daily, until the system has been
### upgraded to latest stable release.
###
### Next, since people tend to forget about running meta-installers update
### before running barracuda or octopus upgrade, and it generated a ton of
### unneeded tickets, confusion and frustration, we have automated these
### updates, so all your meta-installers were updated daily.
###
### Then #drupageddon happened, and we realized that we could make all existing
### BOA systems secure, auto-magically, in the first 60 minutes after the
### #drupageddon alert was published. Only if we could have a running mechanism
### in place to apply very trivial but how important patch to all your D7 sites/
### /codebases while you were on vacation, out of town, or just AFK anywhere.
###
### So we have added Drupal core monitoring and auto-patching to make sure you
### never run vulnerable codebase again. To make it effective, we have scheduled
### to run these checks hourly.
###
### Then we have added also hourly updates for a few key scripts responsible
### for your system security, self-monitoring and self-healing.
###
### Gradually it grew into its current incarnation, so at the moment BOA Skynet
### auto-updates do these things for you, while you sleep:
###
### * Daily version/release check and notification
### * Hourly update for all meta-installers and related tools
### * Hourly check for D7 core vulnerability and patching if detected
### * Hourly update for key BOA tools, monitors and self-healing agents
### * Hourly check if your DNS resolver works as expected and repair if not
###
### While it is a very convenient to have all this work done for you, and we
### believe that it should be still enabled by default, we should make it
### possible to opt-out from all those auto-updates, if you prefer that your
### BOA system never calls home, and whatever happens, is totally under
### your control.
###
### Now you can disable this convenient magic completely by adding the line:
###
### _SKYNET_MODE=OFF
###
_SKYNET_MODE=ON
###
### NOTE: the group of settings displayed below is never stored
### permanently in this config file, since they are intended to be used
### only when required/useful for some reason, and while can be added
### manually before running barracuda up-{stable|head} command,
### they will be either removed automatically to not affect
### normal upgrades, or ignored afterwards.
###
###
### You can force Nginx, PHP and/or DB server
### reinstall, even if there are no updates
### available, when set to YES.
###
_NGX_FORCE_REINSTALL=NO
_PHP_FORCE_REINSTALL=NO
_SQL_FORCE_REINSTALL=NO
_GIT_FORCE_REINSTALL=NO
###
### Use YES to force installing everything
### from sources again, even if there are
### no updates available.
###
_FULL_FORCE_REINSTALL=NO
###
### Use YES to run major system upgrade
### from Debian Jessie to Debian Stretch.
###
_JESSIE_TO_STRETCH=NO
###
### Use YES to run migration from Tomcat 6
### to Jetty 7 with Apache Solr 1.4.1
### See also docs/SOLR.txt
###
_TOMCAT_TO_JETTY=NO
###
### Use YES to enable The Hourly Hot DB Server Backups with Percona XtraBackup
###
### Once enabled, the system will use XtraBackup to create complete and very
### fast, non-blocking backups of all databases on the system, every hour.
### These backups will be compressed and rotated after 2 days.
###
### The recovery procedure shown below uses the latest, hourly, complete backup
### of all databases hosted on the system. It should be used only for global
### data recovery, as there is no option to reliably recover data per database,
### so this method should be used as a last resort, when trying to recover from
### disaster or human error - see the GitLab horror story: http://bit.ly/2jvJ5YG
###
### In theory you could try to copy over the data only from the affected
### database directory manually, but then there will be conflicts in the binary
### log which may even prevent the db server from starting properly,
### and another InnoDB recovery procedure may be required.
###
### If you are not sure what to do, and you have never tried this before
### at least few times with good results, it's probably better to ask someone
### more experienced for assistance.
###
### You can use any other existing hourly backup you can find in the
### /data/disk/arch/hourly/ directory and replace the "latest" keyword
### with the correct filename, for example: "server.name.foo-170218-1518"
###
### $ cd /data/disk/arch/hourly/
### $ tar xjf latest.tar.bz2
### $ service cron stop
### $ sleep 180
### $ service mysql stop
### $ mkdir /tmp/mysql
### $ mv /var/lib/mysql/* /tmp/mysql/
### $ innobackupex --copy-back /data/disk/arch/hourly/latest
### $ chown -R mysql:mysql: /var/lib/mysql
### $ chown -R mysql:mysql: /var/log/mysql
### $ chown -R mysql:mysql: /var/run/mysqld
### $ service mysql start
### $ service cron start
###
_HOURLY_DB_BACKUPS=NO