Include the same changes in 70 and 56 versions

Author: hhorak

Diff for: 5.6/root/usr/libexec/container-setup

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -e
+
+# In order to drop the root user, we have to make some directories world
+# writeable as OpenShift default security model is to run the container under
+# random UID.
+
+source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh
+
+# compatibility symlinks so we hide SCL paths
+if [ -v SCL_ENABLED ] ; then
+  # /opt/rh/httpd24/root/etc/httpd will be symlink to /etc/httpd
+  mv /opt/rh/httpd24/root/etc/httpd /etc/httpd
+  ln -s /etc/httpd /opt/rh/httpd24/root/etc/httpd
+
+  # /opt/rh/httpd24/root/var/run/httpd will be symlink to /var/run/httpd
+  mv /opt/rh/httpd24/root/var/run/httpd /var/run/httpd
+  ln -s /var/run/httpd /opt/rh/httpd24/root/var/run/httpd
+
+  # /opt/rh/httpd24/root/var/www will be symlink to /var/www
+  rm -rf /var/www
+  mv ${HTTPD_DATA_ORIG_PATH} /var/www
+  ln -s /var/www ${HTTPD_DATA_ORIG_PATH}
+else
+  rm -f /opt/app-root/etc/scl_enable
+fi
+
+mkdir -p ${HTTPD_CONFIGURATION_PATH}
+chmod -R a+rwx ${HTTPD_MAIN_CONF_PATH}
+chmod -R a+rwx ${HTTPD_MAIN_CONF_D_PATH}
+chmod -R ug+r   /etc/pki/tls/certs/localhost.crt
+chmod -R ug+r   /etc/pki/tls/private/localhost.key
+chown -R 1000:0 /etc/pki/tls/certs/localhost.crt
+chown -R 1000:0 /etc/pki/tls/private/localhost.key
+mkdir -p ${APP_ROOT}/etc
+chmod -R a+rwx ${APP_ROOT}/etc
+chmod -R a+rwx ${HTTPD_VAR_RUN}
+chown -R 1001:0 ${APP_ROOT}
+mkdir /tmp/sessions
+chown -R 1000:0 /tmp/sessions
+chown -R 1001:0 ${HTTPD_DATA_PATH}
+chmod -R a+rwx ${PHP_SYSCONF_PATH}
+
+mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init
+
+config_general
+

Diff for: 5.6/root/usr/share/container-scripts/php/common.sh

@@ -0,0 +1,134 @@
+config_httpd_conf() {
+  sed -i "s/^Listen 80/Listen 0.0.0.0:8080/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "s/^User apache/User default/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "s/^Group apache/Group root/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "s%^DocumentRoot \"${HTTPD_DATA_ORIG_PATH}/html\"%#DocumentRoot \"${APP_DATA}\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "s%^<Directory \"${HTTPD_DATA_ORIG_PATH}/html\"%<Directory \"${APP_DATA}\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "s%^<Directory \"${HTTPD_VAR_PATH}/html\"%<Directory \"${APP_DATA}\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "s%^ErrorLog \"logs/error_log\"%ErrorLog \"|/usr/bin/cat\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "s%CustomLog \"logs/access_log\"%CustomLog \"|/usr/bin/cat\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+  sed -i "151s%AllowOverride None%AllowOverride All%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+}
+
+config_ssl_conf() {
+  sed -i -E "s/^Listen 443/Listen 0.0.0.0:8443/" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf
+  sed -i -E "s/_default_:443/_default_:8443/" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf
+  sed -i -E "s!^(\s*CustomLog)\s+\S+!\1 |/usr/bin/cat!" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf
+  sed -i -E "s!^(\s*TransferLog)\s+\S+!\1 |/usr/bin/cat!" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf
+  sed -i -E "s!^(\s*ErrorLog)\s+\S+!\1 |/usr/bin/cat!" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf
+}
+
+config_general() {
+  config_httpd_conf
+  config_ssl_conf
+  sed -i '/php_value session.save_path/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE}
+  head -n151 ${HTTPD_MAIN_CONF_PATH}/httpd.conf | tail -n1 | grep "AllowOverride All" || exit 1
+  echo "IncludeOptional ${APP_ROOT}/etc/conf.d/*.conf" >> ${HTTPD_MAIN_CONF_PATH}/httpd.conf
+}
+
+function log_info {
+  echo "---> `date +%T`     $@"
+}
+
+function log_and_run {
+  log_info "Running $@"
+  "$@"
+}
+
+function log_volume_info {
+  CONTAINER_DEBUG=${CONTAINER_DEBUG:-}
+  if [[ "${CONTAINER_DEBUG,,}" != "true" ]]; then
+    return
+  fi
+
+  log_info "Volume info for $@:"
+  set +e
+  log_and_run mount
+  while [ $# -gt 0 ]; do
+    log_and_run ls -alZ $1
+    shift
+  done
+  set -e
+}
+
+# get_matched_files finds file for image extending
+function get_matched_files() {
+  local custom_dir default_dir
+  custom_dir="$1"
+  default_dir="$2"
+  files_matched="$3"
+  find "$default_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n"
+  [ -d "$custom_dir" ] && find "$custom_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n"
+}
+
+# process_extending_files process extending files in $1 and $2 directories
+# - source all *.sh files
+#   (if there are files with same name source only file from $1)
+function process_extending_files() {
+  local custom_dir default_dir
+  custom_dir=$1
+  default_dir=$2
+
+  while read filename ; do
+    echo "=> sourcing $filename ..."
+    # Custom file is prefered
+    if [ -f $custom_dir/$filename ]; then
+      source $custom_dir/$filename
+    elif [ -f $default_dir/$filename ]; then
+      source $default_dir/$filename
+    fi
+  done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.sh' | sort -u)"
+}
+
+# process extending config files in $1 and $2 directories
+# - expand variables in *.conf and copy the files into /opt/app-root/etc/httpd.d directory
+#   (if there are files with same name source only file from $1)
+function process_extending_config_files() {
+  local custom_dir default_dir
+  custom_dir=$1
+  default_dir=$2
+
+  while read filename ; do
+    echo "=> sourcing $filename ..."
+    # Custom file is prefered
+    if [ -f $custom_dir/$filename ]; then
+       envsubst < $custom_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename
+    elif [ -f $default_dir/$filename ]; then
+       envsubst < $default_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename
+    fi
+  done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)"
+}
+
+# Copy config files from application to the location where httd expects them
+# Param sets the directory where to look for files
+# This function was taken from httpd container
+process_config_files() {
+  local dir=${1:-.}
+  if [ -d ${dir}/httpd-cfg ]; then
+    echo "---> Copying httpd configuration files..."
+    if [ "$(ls -A ${dir}/httpd-cfg/*.conf)" ]; then
+      cp -v ${dir}/httpd-cfg/*.conf "${HTTPD_CONFIGURATION_PATH}"/
+      rm -rf ${dir}/httpd-cfg
+    fi
+  fi
+}
+
+# Copy SSL files provided in application source
+# This function was taken from httpd container
+process_ssl_certs() {
+  local dir=${1:-.}
+  if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then
+    echo "---> Looking for SSL certs for httpd..."
+    cp -r ${dir}/httpd-ssl ${APP_ROOT}
+    local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)"
+    local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)"
+    if [ -f "${ssl_cert}" ] && [ -f "${ssl_private}" ]; then
+      echo "---> Setting SSL certs for httpd..."
+      sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf
+      sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf
+    fi
+    rm -rf ${dir}/httpd-ssl
+  fi
+}
+
+

Diff for: 5.6/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf

@@ -0,0 +1 @@
+DocumentRoot "/opt/app-root/src${DOCUMENTROOT}"

Diff for: 5.6/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf

@@ -0,0 +1,12 @@
+<IfModule mpm_prefork_module>
+    # This value should mirror what is set in MinSpareServers.
+    StartServers          ${HTTPD_START_SERVERS}
+    MinSpareServers       ${HTTPD_START_SERVERS}
+    MaxSpareServers       ${HTTPD_MAX_SPARE_SERVERS}
+    # The MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served. 
+    # The default value, when no Cgroup limits are set is 256.
+    MaxRequestWorkers     ${HTTPD_MAX_REQUEST_WORKERS}
+    ServerLimit           ${HTTPD_MAX_REQUEST_WORKERS}
+    MaxRequestsPerChild   4000
+    MaxKeepAliveRequests  100
+</IfModule>

Diff for: 5.6/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh

@@ -0,0 +1,6 @@
+# additional arbitrary httpd configuration provided by user using s2i
+
+log_info 'Processing additional arbitrary httpd configuration provided by s2i ...'
+
+process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/
+

Diff for: 5.6/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh

@@ -0,0 +1,4 @@
+source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh
+
+# Copy SSL files provided in application source
+process_ssl_certs

Diff for: 5.6/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh

@@ -0,0 +1,6 @@
+# additional arbitrary httpd configuration provided by user using s2i
+
+log_info 'Processing additional arbitrary httpd configuration provided by s2i ...'
+
+process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/
+

Diff for: 5.6/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh

@@ -0,0 +1,4 @@
+source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh
+
+# Copy SSL files provided in application source
+process_ssl_certs ${APP_ROOT}/src

Diff for: 7.0/root/usr/libexec/container-setup

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -e
+
+# In order to drop the root user, we have to make some directories world
+# writeable as OpenShift default security model is to run the container under
+# random UID.
+
+source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh
+
+# compatibility symlinks so we hide SCL paths
+if [ -v SCL_ENABLED ] ; then
+  # /opt/rh/httpd24/root/etc/httpd will be symlink to /etc/httpd
+  mv /opt/rh/httpd24/root/etc/httpd /etc/httpd
+  ln -s /etc/httpd /opt/rh/httpd24/root/etc/httpd
+
+  # /opt/rh/httpd24/root/var/run/httpd will be symlink to /var/run/httpd
+  mv /opt/rh/httpd24/root/var/run/httpd /var/run/httpd
+  ln -s /var/run/httpd /opt/rh/httpd24/root/var/run/httpd
+
+  # /opt/rh/httpd24/root/var/www will be symlink to /var/www
+  rm -rf /var/www
+  mv ${HTTPD_DATA_ORIG_PATH} /var/www
+  ln -s /var/www ${HTTPD_DATA_ORIG_PATH}
+else
+  rm -f /opt/app-root/etc/scl_enable
+fi
+
+mkdir -p ${HTTPD_CONFIGURATION_PATH}
+chmod -R a+rwx ${HTTPD_MAIN_CONF_PATH}
+chmod -R a+rwx ${HTTPD_MAIN_CONF_D_PATH}
+chmod -R ug+r   /etc/pki/tls/certs/localhost.crt
+chmod -R ug+r   /etc/pki/tls/private/localhost.key
+chown -R 1000:0 /etc/pki/tls/certs/localhost.crt
+chown -R 1000:0 /etc/pki/tls/private/localhost.key
+mkdir -p ${APP_ROOT}/etc
+chmod -R a+rwx ${APP_ROOT}/etc
+chmod -R a+rwx ${HTTPD_VAR_RUN}
+chown -R 1001:0 ${APP_ROOT}
+mkdir /tmp/sessions
+chown -R 1000:0 /tmp/sessions
+chown -R 1001:0 ${HTTPD_DATA_PATH}
+chmod -R a+rwx ${PHP_SYSCONF_PATH}
+
+mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init
+
+config_general
+