barracuda.cnf

###
### Barracuda
###
### Configuration stored in the /root/.barracuda.cnf file.
### This example is for public install mode - see docs/INSTALL.txt
###
### NOTE: the group of settings displayed below will *not* be overridden
### on upgrade by the Barracuda script nor by this configuration file.
### They can be defined only on initial Barracuda install.
###
_EASY_HOSTNAME="f-q-d-n" #------ Hostname auto-configured via _EASY_SETUP
_LOCAL_NETWORK_HN="" #---------- Hostname if in localhost mode - auto-conf
_LOCAL_NETWORK_IP="" #---------- Web server IP if in localhost mode - auto-conf
_MY_FRONT="master.f-q-d-n" #---- URL of the Aegir Master Instance control panel
_MY_HOSTN="f-q-d-n" #----------- Allows to define server hostname
_MY_OWNIP="123.45.67.89" #------ Allows to specify web server IP if not default
_SMTP_RELAY_HOST="" #----------- Allows to configure simple SMTP relay (w/o pwd)
_SMTP_RELAY_TEST=YES #---------- Allows to skip SMTP availability tests when NO
_THIS_DB_HOST=localhost #------- Allows to use hostname in DB grants when FQDN
###
### NOTE: the group of settings displayed below
### will *override* all listed settings in the Barracuda script,
### both on initial install and upgrade.
###
_AUTOPILOT=NO #----------------- Allows to skip all Yes/No questions when YES
_DEBUG_MODE=NO #---------------- Allows to enable Drush debugging when YES
_MY_EMAIL="my@email" #---------- System admin email
_XTRAS_LIST="" #---------------- See docs/NOTES.txt for details on add-ons
###
_MODULES_FIX=YES #-------------- Allows to skip weekly modules en/dis when NO
_MODULES_SKIP="" #-------------- Modules (machine names) to never auto-disable
_PERMISSIONS_FIX=YES #---------- Allows to skip daily permissions fix when NO
###
_CPU_CRIT_RATIO=9 #------------- Max load per CPU core before killing PHP/Drush
_CPU_MAX_RATIO=6 #-------------- Max load per CPU core before disabling Nginx
_CPU_SPIDER_RATIO=3 #----------- Max load per CPU core before blocking spiders
###
_DB_BINARY_LOG=NO #------------- Allows to enable binary logging when YES
_DB_SERIES=5.7 #---------------- Supported values: 5.7
_DB_SERVER=Percona #------------ Install Percona or MariaDB (deprecated)
_USE_MYSQLTUNER=YES #----------- Use MySQLTuner to configure SQL limits when YES
###
_DNS_SETUP_TEST=YES #----------- Allows to skip DNS testing when NO
_EXTRA_PACKAGES="" #------------ Installs listed extra packages with apt-get
_FORCE_GIT_MIRROR="" #---------- Allows to use different mirror (deprecated)
_LOCAL_DEBIAN_MIRROR= #--------- Allows to force non-default Debian mirror
_LOCAL_UBUNTU_MIRROR= #--------- Allows to force non-default Ubuntu mirror
_NEWRELIC_KEY= #---------------- Installs New Relic when license key is set
_SCOUT_KEY= #------------------- Installs Scout App when license key is set
###
_ENABLE_GOACCESS=NO #----------- Generate statistics with GoAccess when YES
###
_MAGICK_FROM_SOURCES=YES #------ Builds ImageMagick from sources when YES
###
_NGINX_DOS_LIMIT=399 #---------- Allows to override default 399/599 limit
_NGINX_EXTRA_CONF="" #---------- Allows to add custom options to Nginx build
_NGINX_FORWARD_SECRECY=YES #---- Installs PFS Nginx support when YES (default)
_NGINX_HEADERS=NO #------------- Installs Nginx Headers More support when YES
_NGINX_LDAP=NO #---------------- Installs LDAP Nginx support when YES
_NGINX_NAXSI=NO #--------------- Installs NAXSI WAF when YES - experimental
_NGINX_SPDY=YES #--------------- Installs SPDY Nginx support when YES (default)
_NGINX_WORKERS=AUTO #----------- Allows to override AUTO with a valid integer
###
_PHP_CLI_VERSION=7.4 #---------- PHP-CLI for Master Instance: 8.0/1 7.3/4 5.6
_PHP_EXTRA_CONF="" #------------ Allows to add custom options to PHP build
_PHP_FPM_DENY="" #-------------- Modify disable_functions -- see info below
_PHP_FPM_VERSION=7.4 #---------- PHP-FPM for Master Instance: 8.0/1 7.3/4 5.6
_PHP_FPM_WORKERS=AUTO #--------- Allows to override AUTO with a valid integer
_PHP_IONCUBE=NO #--------------- Installs ionCube for all PHP versions when YES
_PHP_GEOS=NO #------------------ Installs GEOS for all PHP versions when YES
_PHP_MONGODB=NO #--------------- Installs MONGODB for all PHP versions when YES
_PHP_MULTI_INSTALL="8.0 7.4" #-- PHP versions to install: 8.0/1 7.0/1/2/3/4 5.6
_PHP_SINGLE_INSTALL="" #-------- Allows to force single PHP version, like: 7.4
###
_REDIS_LISTEN_MODE=SOCKET #----- Redis listen mode: SOCKET (recommended) or PORT
_REDIS_MAJOR_RELEASE=7 #-------- Redis major release version: 5, 6 or 7
_RESERVED_RAM=0 #--------------- Allows to reserve RAM (in MB) for non-BOA apps
_SPEED_VALID_MAX=3600 #--------- Defines Speed Booster hourly cache TTL in sec
_SSH_ARMOUR=NO #---------------- Allows to enhance OpenSSH security when YES
_SSH_FROM_SOURCES=NO #---------- Allows to build OpenSSH from sources on Debian
_SSH_PORT=22 #------------------ Allows to configure non-standard SSH port
_STRICT_BIN_PERMISSIONS=YES #--- Aggressively protect all binaries when YES
_STRONG_PASSWORDS=NO #---------- Configurable length: 8-128, YES (32), NO (8)
###
_CUSTOM_CONFIG_CSF=NO #--------- Protects custom CSF config when YES
_CUSTOM_CONFIG_LSHELL=NO #------ Protects custom Limited Shell config when YES
_CUSTOM_CONFIG_REDIS=NO #------- Protects custom Redis config when YES
_CUSTOM_CONFIG_SQL=NO #--------- Protects custom SQL config when YES
###
_AEGIR_UPGRADE_ONLY=NO #-------- Run only Aegir upgrade when YES (deprecated)
_SYSTEM_UPGRADE_ONLY=NO #------- Managed on the fly with 'system' keyword
###
_SYS_COLLATION_SQL= #----------- By default on the DB server: utf8mb4_unicode_ci
###
### Barracuda
###

###
### HINT: Check also control files docs in: docs/ctrl/system.ctrl
###

###
### Extra, special purpose settings are listed below.
###

###
### You can configure BOA to run automated upgrades to latest head version
### for both Barracuda and all Octopus instances with three variables, empty
### by default. All three variables must be defined to enable auto-upgrade.
###
### You can set _AUTO_UP_MONTH and _AUTO_UP_DAY to any date in the past or
### future (like _AUTO_UP_MONTH=2 with _AUTO_UP_DAY=29) if you wish to enable
### only weekly system upgrades.
###
### Remember that day/month upgrades will include complete upgrade to latest BOA
### head for Barracuda and all Octopus instances, while weekly upgrade is
### designed to run only 'barracuda up-head system' upgrade.
###
### You can further modify the auto-upgrade by specifying either head or dev
### with _AUTO_VER variable, plus you can include all supported PHP versions
### with _AUTO_PHP variable set to "php-all" -- otherwise it will be ignored.
###
### Note that weekly system upgrade will start shortly after midnight on the
### specified weekday, while the day/month upgrades for both Barracuda
### and all Octopus instances will start at ~3 AM for system and Aegir Master
### instance, and ~4 AM for all Octopus based Aegir instances.
###
### NOTE: All three _AUTO_UP_* variables must be defined to enable auto-upgrade.
###
_AUTO_UP_WEEKLY= #-------------- Day of week (1-7) for weekly system upgrades
_AUTO_UP_MONTH= #--------------- Month (1-12) to define date of one-time upgrade
_AUTO_UP_DAY= #----------------- Day (1-31) to define date of one-time upgrade
_AUTO_VER=head #---------------- The BOA version to use (head by default)
_AUTO_PHP= #-------------------- Useful to force php-all, otherwise ignored

###
### You can whitelist extra binaries to make them available for web server
### requests, in addition to already whitelisted, known as safe binaries.
###
### Please be aware that you could easily open security holes by whitelisting
### commands which may provide access to otherwise not available parts of
### the system, because the exec() in PHP doesn't respect other limitations
### like open_basedir directive.
###
### You should list only filenames, not full paths, for example:
###
###   _BACKEND_ITEMS_LIST="git foo bar"
###
_BACKEND_ITEMS_LIST=

###
### The BOA Skynet auto-updates were initially limited to checking for new BOA
### release and notifying the system admin daily, until the system has been
### upgraded to latest stable release.
###
### Next, since people tend to forget about running meta-installers update
### before running barracuda or octopus upgrade, and it generated a ton of
### unneeded tickets, confusion and frustration, we have automated these
### updates, so all your meta-installers were updated daily.
###
### Then #drupageddon happened, and we realized that we could make all existing
### BOA systems secure, auto-magically, in the first 60 minutes after the
### #drupageddon alert was published. Only if we could have a running mechanism
### in place to apply very trivial but how important patch to all your D7 sites/
### /codebases while you were on vacation, out of town, or just AFK anywhere.
###
### So we have added Drupal core monitoring and auto-patching to make sure you
### never run vulnerable codebase again. To make it effective, we have scheduled
### to run these checks hourly.
###
### Then we have added also hourly updates for a few key scripts responsible
### for your system security, self-monitoring and self-healing.
###
### Gradually it grew into its current incarnation, so at the moment BOA Skynet
### auto-updates do these things for you, while you sleep:
###
### * Daily version/release check and notification
### * Hourly update for all meta-installers and related tools
### * Hourly check for D7 core vulnerability and patching if detected
### * Hourly update for key BOA tools, monitors and self-healing agents
### * Hourly check if your DNS resolver works as expected and repair if not
###
### While it is a very convenient to have all this work done for you, and we
### believe that it should be still enabled by default, we should make it
### possible to opt-out from all those auto-updates, if you prefer that your
### BOA system never calls home, and whatever happens, is totally under
### your control.
###
### Now you can disable this convenient magic completely by adding the line:
###
###   _SKYNET_MODE=OFF
###
_SKYNET_MODE=ON

###
### NOTE: the group of settings displayed below is never stored
### permanently in this config file, since they are intended to be used
### only when required/useful for some reason, and while can be added
### manually before running barracuda up-{stable|head} command,
### they will be either removed automatically to not affect
### normal upgrades, or ignored afterwards.
###

###
### You can force Nginx, PHP and/or DB server
### reinstall, even if there are no updates
### available, when set to YES.
###
_NGX_FORCE_REINSTALL=NO
_PHP_FORCE_REINSTALL=NO
_SQL_FORCE_REINSTALL=NO
_GIT_FORCE_REINSTALL=NO

###
### Use YES to force installing everything
### from sources again, even if there are
### no updates available.
###
_FULL_FORCE_REINSTALL=NO

###
### Use YES to run major system upgrade
### from Debian Jessie to Debian Stretch.
###
_JESSIE_TO_STRETCH=NO

###
### Use YES to run migration from Tomcat 6
### to Jetty 7 with Apache Solr 1.4.1
### See also docs/SOLR.txt
###
_TOMCAT_TO_JETTY=NO

###
### Use YES to enable The Hourly Hot DB Server Backups with Percona XtraBackup
###
### Once enabled, the system will use XtraBackup to create complete and very
### fast, non-blocking backups of all databases on the system, every hour.
### These backups will be compressed and rotated after 2 days.
###
### The recovery procedure shown below uses the latest, hourly, complete backup
### of all databases hosted on the system. It should be used only for global
### data recovery, as there is no option to reliably recover data per database,
### so this method should be used as a last resort, when trying to recover from
### disaster or human error - see the GitLab horror story: http://bit.ly/2jvJ5YG
###
### In theory you could try to copy over the data only from the affected
### database directory manually, but then there will be conflicts in the binary
### log which may even prevent the db server from starting properly,
### and another InnoDB recovery procedure may be required.
###
### If you are not sure what to do, and you have never tried this before
### at least few times with good results, it's probably better to ask someone
### more experienced for assistance.
###
### You can use any other existing hourly backup you can find in the
### /data/disk/arch/hourly/ directory and replace the "latest" keyword
### with the correct filename, for example: "server.name.foo-170218-1518"
###
### $ cd /data/disk/arch/hourly/
### $ tar xjf latest.tar.bz2
### $ service cron stop
### $ sleep 180
### $ service mysql stop
### $ mkdir /tmp/mysql
### $ mv /var/lib/mysql/* /tmp/mysql/
### $ innobackupex --copy-back /data/disk/arch/hourly/latest
### $ chown -R mysql:mysql: /var/lib/mysql
### $ chown -R mysql:mysql: /var/log/mysql
### $ chown -R mysql:mysql: /var/run/mysqld
### $ service mysql start
### $ service cron start
###
_HOURLY_DB_BACKUPS=NO
	###
	### Barracuda
	###
	### Configuration stored in the /root/.barracuda.cnf file.
	### This example is for public install mode - see docs/INSTALL.txt
	###
	### NOTE: the group of settings displayed below will not be overridden
	### on upgrade by the Barracuda script nor by this configuration file.
	### They can be defined only on initial Barracuda install.
	###
	_EASY_HOSTNAME="f-q-d-n" #------ Hostname auto-configured via _EASY_SETUP
	_LOCAL_NETWORK_HN="" #---------- Hostname if in localhost mode - auto-conf
	_LOCAL_NETWORK_IP="" #---------- Web server IP if in localhost mode - auto-conf
	_MY_FRONT="master.f-q-d-n" #---- URL of the Aegir Master Instance control panel
	_MY_HOSTN="f-q-d-n" #----------- Allows to define server hostname
	_MY_OWNIP="123.45.67.89" #------ Allows to specify web server IP if not default
	_SMTP_RELAY_HOST="" #----------- Allows to configure simple SMTP relay (w/o pwd)
	_SMTP_RELAY_TEST=YES #---------- Allows to skip SMTP availability tests when NO
	_THIS_DB_HOST=localhost #------- Allows to use hostname in DB grants when FQDN
	###
	### NOTE: the group of settings displayed below
	### will override all listed settings in the Barracuda script,
	### both on initial install and upgrade.
	###
	_AUTOPILOT=NO #----------------- Allows to skip all Yes/No questions when YES
	_DEBUG_MODE=NO #---------------- Allows to enable Drush debugging when YES
	_MY_EMAIL="my@email" #---------- System admin email
	_XTRAS_LIST="" #---------------- See docs/NOTES.txt for details on add-ons
	###
	_MODULES_FIX=YES #-------------- Allows to skip weekly modules en/dis when NO
	_MODULES_SKIP="" #-------------- Modules (machine names) to never auto-disable
	_PERMISSIONS_FIX=YES #---------- Allows to skip daily permissions fix when NO
	###
	_CPU_CRIT_RATIO=9 #------------- Max load per CPU core before killing PHP/Drush
	_CPU_MAX_RATIO=6 #-------------- Max load per CPU core before disabling Nginx
	_CPU_SPIDER_RATIO=3 #----------- Max load per CPU core before blocking spiders
	###
	_DB_BINARY_LOG=NO #------------- Allows to enable binary logging when YES
	_DB_SERIES=5.7 #---------------- Supported values: 5.7
	_DB_SERVER=Percona #------------ Install Percona or MariaDB (deprecated)
	_USE_MYSQLTUNER=YES #----------- Use MySQLTuner to configure SQL limits when YES
	###
	_DNS_SETUP_TEST=YES #----------- Allows to skip DNS testing when NO
	_EXTRA_PACKAGES="" #------------ Installs listed extra packages with apt-get
	_FORCE_GIT_MIRROR="" #---------- Allows to use different mirror (deprecated)
	_LOCAL_DEBIAN_MIRROR= #--------- Allows to force non-default Debian mirror
	_LOCAL_UBUNTU_MIRROR= #--------- Allows to force non-default Ubuntu mirror
	_NEWRELIC_KEY= #---------------- Installs New Relic when license key is set
	_SCOUT_KEY= #------------------- Installs Scout App when license key is set
	###
	_ENABLE_GOACCESS=NO #----------- Generate statistics with GoAccess when YES
	###
	_MAGICK_FROM_SOURCES=YES #------ Builds ImageMagick from sources when YES
	###
	_NGINX_DOS_LIMIT=399 #---------- Allows to override default 399/599 limit
	_NGINX_EXTRA_CONF="" #---------- Allows to add custom options to Nginx build
	_NGINX_FORWARD_SECRECY=YES #---- Installs PFS Nginx support when YES (default)
	_NGINX_HEADERS=NO #------------- Installs Nginx Headers More support when YES
	_NGINX_LDAP=NO #---------------- Installs LDAP Nginx support when YES
	_NGINX_NAXSI=NO #--------------- Installs NAXSI WAF when YES - experimental
	_NGINX_SPDY=YES #--------------- Installs SPDY Nginx support when YES (default)
	_NGINX_WORKERS=AUTO #----------- Allows to override AUTO with a valid integer
	###
	_PHP_CLI_VERSION=7.4 #---------- PHP-CLI for Master Instance: 8.0/1 7.3/4 5.6
	_PHP_EXTRA_CONF="" #------------ Allows to add custom options to PHP build
	_PHP_FPM_DENY="" #-------------- Modify disable_functions -- see info below
	_PHP_FPM_VERSION=7.4 #---------- PHP-FPM for Master Instance: 8.0/1 7.3/4 5.6
	_PHP_FPM_WORKERS=AUTO #--------- Allows to override AUTO with a valid integer
	_PHP_IONCUBE=NO #--------------- Installs ionCube for all PHP versions when YES
	_PHP_GEOS=NO #------------------ Installs GEOS for all PHP versions when YES
	_PHP_MONGODB=NO #--------------- Installs MONGODB for all PHP versions when YES
	_PHP_MULTI_INSTALL="8.0 7.4" #-- PHP versions to install: 8.0/1 7.0/1/2/3/4 5.6
	_PHP_SINGLE_INSTALL="" #-------- Allows to force single PHP version, like: 7.4
	###
	_REDIS_LISTEN_MODE=SOCKET #----- Redis listen mode: SOCKET (recommended) or PORT
	_REDIS_MAJOR_RELEASE=7 #-------- Redis major release version: 5, 6 or 7
	_RESERVED_RAM=0 #--------------- Allows to reserve RAM (in MB) for non-BOA apps
	_SPEED_VALID_MAX=3600 #--------- Defines Speed Booster hourly cache TTL in sec
	_SSH_ARMOUR=NO #---------------- Allows to enhance OpenSSH security when YES
	_SSH_FROM_SOURCES=NO #---------- Allows to build OpenSSH from sources on Debian
	_SSH_PORT=22 #------------------ Allows to configure non-standard SSH port
	_STRICT_BIN_PERMISSIONS=YES #--- Aggressively protect all binaries when YES
	_STRONG_PASSWORDS=NO #---------- Configurable length: 8-128, YES (32), NO (8)
	###
	_CUSTOM_CONFIG_CSF=NO #--------- Protects custom CSF config when YES
	_CUSTOM_CONFIG_LSHELL=NO #------ Protects custom Limited Shell config when YES
	_CUSTOM_CONFIG_REDIS=NO #------- Protects custom Redis config when YES
	_CUSTOM_CONFIG_SQL=NO #--------- Protects custom SQL config when YES
	###
	_AEGIR_UPGRADE_ONLY=NO #-------- Run only Aegir upgrade when YES (deprecated)
	_SYSTEM_UPGRADE_ONLY=NO #------- Managed on the fly with 'system' keyword
	###
	_SYS_COLLATION_SQL= #----------- By default on the DB server: utf8mb4_unicode_ci
	###
	### Barracuda
	###

	###
	### HINT: Check also control files docs in: docs/ctrl/system.ctrl
	###

	###
	### Extra, special purpose settings are listed below.
	###

	###
	### You can configure BOA to run automated upgrades to latest head version
	### for both Barracuda and all Octopus instances with three variables, empty
	### by default. All three variables must be defined to enable auto-upgrade.
	###
	### You can set _AUTO_UP_MONTH and _AUTO_UP_DAY to any date in the past or
	### future (like _AUTO_UP_MONTH=2 with _AUTO_UP_DAY=29) if you wish to enable
	### only weekly system upgrades.
	###
	### Remember that day/month upgrades will include complete upgrade to latest BOA
	### head for Barracuda and all Octopus instances, while weekly upgrade is
	### designed to run only 'barracuda up-head system' upgrade.
	###
	### You can further modify the auto-upgrade by specifying either head or dev
	### with _AUTO_VER variable, plus you can include all supported PHP versions
	### with _AUTO_PHP variable set to "php-all" -- otherwise it will be ignored.
	###
	### Note that weekly system upgrade will start shortly after midnight on the
	### specified weekday, while the day/month upgrades for both Barracuda
	### and all Octopus instances will start at ~3 AM for system and Aegir Master
	### instance, and ~4 AM for all Octopus based Aegir instances.
	###
	### NOTE: All three _AUTO_UP_* variables must be defined to enable auto-upgrade.
	###
	_AUTO_UP_WEEKLY= #-------------- Day of week (1-7) for weekly system upgrades
	_AUTO_UP_MONTH= #--------------- Month (1-12) to define date of one-time upgrade
	_AUTO_UP_DAY= #----------------- Day (1-31) to define date of one-time upgrade
	_AUTO_VER=head #---------------- The BOA version to use (head by default)
	_AUTO_PHP= #-------------------- Useful to force php-all, otherwise ignored

	###
	### You can whitelist extra binaries to make them available for web server
	### requests, in addition to already whitelisted, known as safe binaries.
	###
	### Please be aware that you could easily open security holes by whitelisting
	### commands which may provide access to otherwise not available parts of
	### the system, because the exec() in PHP doesn't respect other limitations
	### like open_basedir directive.
	###
	### You should list only filenames, not full paths, for example:
	###
	### _BACKEND_ITEMS_LIST="git foo bar"
	###
	_BACKEND_ITEMS_LIST=

	###
	### The BOA Skynet auto-updates were initially limited to checking for new BOA
	### release and notifying the system admin daily, until the system has been
	### upgraded to latest stable release.
	###
	### Next, since people tend to forget about running meta-installers update
	### before running barracuda or octopus upgrade, and it generated a ton of
	### unneeded tickets, confusion and frustration, we have automated these
	### updates, so all your meta-installers were updated daily.
	###
	### Then #drupageddon happened, and we realized that we could make all existing
	### BOA systems secure, auto-magically, in the first 60 minutes after the
	### #drupageddon alert was published. Only if we could have a running mechanism
	### in place to apply very trivial but how important patch to all your D7 sites/
	### /codebases while you were on vacation, out of town, or just AFK anywhere.
	###
	### So we have added Drupal core monitoring and auto-patching to make sure you
	### never run vulnerable codebase again. To make it effective, we have scheduled
	### to run these checks hourly.
	###
	### Then we have added also hourly updates for a few key scripts responsible
	### for your system security, self-monitoring and self-healing.
	###
	### Gradually it grew into its current incarnation, so at the moment BOA Skynet
	### auto-updates do these things for you, while you sleep:
	###
	### * Daily version/release check and notification
	### * Hourly update for all meta-installers and related tools
	### * Hourly check for D7 core vulnerability and patching if detected
	### * Hourly update for key BOA tools, monitors and self-healing agents
	### * Hourly check if your DNS resolver works as expected and repair if not
	###
	### While it is a very convenient to have all this work done for you, and we
	### believe that it should be still enabled by default, we should make it
	### possible to opt-out from all those auto-updates, if you prefer that your
	### BOA system never calls home, and whatever happens, is totally under
	### your control.
	###
	### Now you can disable this convenient magic completely by adding the line:
	###
	### _SKYNET_MODE=OFF
	###
	_SKYNET_MODE=ON

	###
	### NOTE: the group of settings displayed below is never stored
	### permanently in this config file, since they are intended to be used
	### only when required/useful for some reason, and while can be added
	### manually before running barracuda up-{stable\|head} command,
	### they will be either removed automatically to not affect
	### normal upgrades, or ignored afterwards.
	###

	###
	### You can force Nginx, PHP and/or DB server
	### reinstall, even if there are no updates
	### available, when set to YES.
	###
	_NGX_FORCE_REINSTALL=NO
	_PHP_FORCE_REINSTALL=NO
	_SQL_FORCE_REINSTALL=NO
	_GIT_FORCE_REINSTALL=NO

	###
	### Use YES to force installing everything
	### from sources again, even if there are
	### no updates available.
	###
	_FULL_FORCE_REINSTALL=NO

	###
	### Use YES to run major system upgrade
	### from Debian Jessie to Debian Stretch.
	###
	_JESSIE_TO_STRETCH=NO

	###
	### Use YES to run migration from Tomcat 6
	### to Jetty 7 with Apache Solr 1.4.1
	### See also docs/SOLR.txt
	###
	_TOMCAT_TO_JETTY=NO

	###
	### Use YES to enable The Hourly Hot DB Server Backups with Percona XtraBackup
	###
	### Once enabled, the system will use XtraBackup to create complete and very
	### fast, non-blocking backups of all databases on the system, every hour.
	### These backups will be compressed and rotated after 2 days.
	###
	### The recovery procedure shown below uses the latest, hourly, complete backup
	### of all databases hosted on the system. It should be used only for global
	### data recovery, as there is no option to reliably recover data per database,
	### so this method should be used as a last resort, when trying to recover from
	### disaster or human error - see the GitLab horror story: http://bit.ly/2jvJ5YG
	###
	### In theory you could try to copy over the data only from the affected
	### database directory manually, but then there will be conflicts in the binary
	### log which may even prevent the db server from starting properly,
	### and another InnoDB recovery procedure may be required.
	###
	### If you are not sure what to do, and you have never tried this before
	### at least few times with good results, it's probably better to ask someone
	### more experienced for assistance.
	###
	### You can use any other existing hourly backup you can find in the
	### /data/disk/arch/hourly/ directory and replace the "latest" keyword
	### with the correct filename, for example: "server.name.foo-170218-1518"
	###
	### $ cd /data/disk/arch/hourly/
	### $ tar xjf latest.tar.bz2
	### $ service cron stop
	### $ sleep 180
	### $ service mysql stop
	### $ mkdir /tmp/mysql
	### $ mv /var/lib/mysql/* /tmp/mysql/
	### $ innobackupex --copy-back /data/disk/arch/hourly/latest
	### $ chown -R mysql:mysql: /var/lib/mysql
	### $ chown -R mysql:mysql: /var/log/mysql
	### $ chown -R mysql:mysql: /var/run/mysqld
	### $ service mysql start
	### $ service cron start
	###
	_HOURLY_DB_BACKUPS=NO