Commit 0e16e073 authored by anarcat's avatar anarcat
Browse files

Merge branch 'upstream' into debian

parents 502b4418 4eeedd73
......@@ -6,4 +6,4 @@ projects[drupal][type] = "core"
projects[hostmaster][type] = "profile"
projects[hostmaster][download][type] = "git"
projects[hostmaster][download][url] = "http://git.drupal.org/project/hostmaster.git"
projects[hostmaster][download][tag] = "6.x-1.0-rc2"
projects[hostmaster][download][tag] = "6.x-1.0-rc3"
......@@ -21,6 +21,8 @@ function db_drush_exit() {
function db_drush_help($section) {
switch ($section) {
case 'error:PROVISION_CONNECT_DB_FAILED' :
return dt('Unable to connect to database server.');
case 'error:PROVISION_CREATE_DB_FAILED' :
return dt('Unable to create new databases.');
case 'error:PROVISION_DROP_DB_FAILED' :
......@@ -56,12 +58,15 @@ class provisionService_db extends provisionService {
}
function verify_server_cmd() {
$this->connect();
if ($this->can_create_database()) {
drush_log(dt('Provision can create new databases.'), 'message');
}
else {
drush_set_error('PROVISION_CREATE_DB_FAILED');
if ($this->connect()) {
if ($this->can_create_database()) {
drush_log(dt('Provision can create new databases.'), 'message');
}
else {
drush_set_error('PROVISION_CREATE_DB_FAILED');
}
} else {
drush_set_error('PROVISION_CONNECT_DB_FAILED');
}
}
......@@ -281,6 +286,7 @@ class provisionService_db_pdo extends provisionService_db {
function connect() {
try {
$this->conn = new PDO($this->dsn, $this->creds['user'], $this->creds['pass']);
return $this->conn;
}
catch (PDOException $e) {
return drush_set_error('PROVISION_DB_CONNECT_FAIL', $e->getMessage());
......
......@@ -24,6 +24,18 @@ class provisionService_dns_bind_slave extends provisionService_dns {
$this->restart();
}
function verify_server_cmd() {
if (!is_null($this->application_name)) {
provision_file()->create_dir($this->server->dns_zoned_path, dt("DNS slave zone configuration"), 0775);
$this->sync($this->server->dns_zoned_path, array(
'exclude' => $this->server->dns_zoned_path . '/*', // Make sure remote directory is created
));
$this->create_config('server');
}
}
/**
* Create the zonefile record on the slave server
*
......
......@@ -2,5 +2,4 @@
#
# this file is designed to be installed in /etc/sudoers.d in sudo
# 1.7.2p1 or later, which provide a #includedir directive.
#aegir ALL=NOPASSWD: /usr/sbin/apachectl
#aegir ALL=NOPASSWD: /usr/sbin/apache2ctl
......@@ -15,7 +15,7 @@
if ( $request_method !~ ^(?:GET|HEAD|POST)$ ) {
return 444;
}
###
### upload progress support
### http://drupal.org/project/filefield_nginx_progress
......@@ -37,7 +37,7 @@
access_log off;
try_files $uri @cache;
}
###
### deny listed requests for security reasons without 403 response
###
......@@ -45,9 +45,25 @@
return 444;
}
###
### deny direct access to backups
###
location ~* ^/sites/.*/files/backup_migrate/ {
access_log off;
deny all;
}
###
### deny direct access to private downloads
###
location ~* ^/sites/.*/private/ {
access_log off;
deny all;
}
###
### make css files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.css$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -61,10 +77,10 @@
add_header X-Header "Boost Citrus 2.1";
try_files /cache/perm/$host${uri}_.css $uri =404;
}
###
### make js files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.js$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -75,13 +91,13 @@
error_page 405 = @uncached;
access_log off;
expires max; # if using aggregator
add_header X-Header "Boost Citrus 2.2";
add_header X-Header "Boost Citrus 2.2";
try_files /cache/perm/$host${uri}_.js $uri =404;
}
###
### make json compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.json$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -92,22 +108,22 @@
error_page 405 = @uncached;
access_log off;
expires max; ### if using aggregator
add_header X-Header "Boost Citrus 2.3";
add_header X-Header "Boost Citrus 2.3";
try_files /cache/normal/$host${uri}_.json $uri =404;
}
###
### helper location to bypass boost static files cache for logged in users
###
###
location @uncached {
access_log off;
expires max; # max if using aggregator, otherwise sane expire time
}
###
### imagecache, imagecache_external and (f)ckeditor support
### imagecache and imagecache_external support
###
location ~* /(?:external|system|files/imagecache|files/styles|f?ckeditor)/ {
location ~* /(?:external|system|files/imagecache|files/styles)/ {
access_log off;
expires 30d;
# fix common problems with old paths after import from standalone to Aegir multisite
......@@ -132,8 +148,8 @@
###
### serve & log bigger media/static/archive files directly, without all standard drupal rewrites, php-fpm etc.
###
location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|t?gz|rar)$ {
###
location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|tar|t?gz|rar)$ {
expires 30d;
# allow files/downloads to be accessed without /sites/fqdn/
rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
......@@ -143,7 +159,7 @@
###
### serve & no-log some static files as is, without forcing default_type
###
###
location ~* /(?:cross-?domain)\.xml$ {
access_log off;
expires 30d;
......@@ -160,16 +176,25 @@
fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
}
###
### serve & no-log static helper files used in some wysiwyg editors
###
location ~* /(?:modules|libraries)/(?:tinybrowser|f?ckeditor|tinymce)/.*\.(?:html?|xml)$ {
access_log off;
expires 30d;
try_files $uri =404;
}
###
### deny listed requests for security reasons without 403 response
###
location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|script|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) {
location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) {
return 444;
}
###
### make feeds compatible with boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.xml$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -190,7 +215,7 @@
###
### make feeds compatible with Boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
###
location ~* /feed$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -202,7 +227,7 @@
access_log off;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 2.5";
add_header X-Header "Boost Citrus 2.5";
charset utf-8;
types { }
default_type application/rss+xml;
......@@ -243,22 +268,6 @@
access_log off;
try_files $uri @cache;
}
###
### deny direct access to backups
###
location ~* ^/sites/.*/files/backup_migrate/ {
access_log off;
deny all;
}
###
### deny direct access to private downloads
###
location ~* ^/sites/.*/private/ {
access_log off;
deny all;
}
###
### catch all unspecified requests
......@@ -278,9 +287,9 @@
return 405;
}
error_page 405 = @drupal;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 1.9";
add_header X-Header "Boost Citrus 1.9";
charset utf-8;
try_files /cache/normal/$host${uri}_$args.html @drupal;
}
......@@ -294,7 +303,7 @@
###
### send all non-static requests to php-fpm, restricted to known php files
###
###
location ~* ^/(?:index|boost_stats|update|authorize|xmlrpc)\.php$ {
try_files $uri @drupal; ### check for existence of php file first
fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
......@@ -303,7 +312,7 @@
###
### deny access to any not listed above php files
###
###
location ~* ^.+\.php$ {
deny all;
}
......
......@@ -15,7 +15,7 @@
if ( $request_method !~ ^(?:GET|HEAD|POST)$ ) {
return 444;
}
###
### fix for Aegir & .info .pl domain ext
###
......@@ -23,7 +23,7 @@
access_log off;
try_files $uri @cache;
}
###
### deny listed requests for security reasons without 403 response
###
......@@ -31,9 +31,25 @@
return 444;
}
###
### deny direct access to backups
###
location ~* ^/sites/.*/files/backup_migrate/ {
access_log off;
deny all;
}
###
### deny direct access to private downloads
###
location ~* ^/sites/.*/private/ {
access_log off;
deny all;
}
###
### make css files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.css$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -47,10 +63,10 @@
add_header X-Header "Boost Citrus 2.1";
try_files /cache/perm/$host${uri}_.css $uri =404;
}
###
### make js files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.js$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -61,13 +77,13 @@
error_page 405 = @uncached;
access_log off;
expires max; # if using aggregator
add_header X-Header "Boost Citrus 2.2";
add_header X-Header "Boost Citrus 2.2";
try_files /cache/perm/$host${uri}_.js $uri =404;
}
###
### make json compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.json$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -78,22 +94,22 @@
error_page 405 = @uncached;
access_log off;
expires max; ### if using aggregator
add_header X-Header "Boost Citrus 2.3";
add_header X-Header "Boost Citrus 2.3";
try_files /cache/normal/$host${uri}_.json $uri =404;
}
###
### helper location to bypass boost static files cache for logged in users
###
###
location @uncached {
access_log off;
expires max; # max if using aggregator, otherwise sane expire time
}
###
### imagecache, imagecache_external and (f)ckeditor support
### imagecache and imagecache_external support
###
location ~* /(?:external|system|files/imagecache|files/styles|f?ckeditor)/ {
location ~* /(?:external|system|files/imagecache|files/styles)/ {
access_log off;
expires 30d;
# fix common problems with old paths after import from standalone to Aegir multisite
......@@ -105,7 +121,7 @@
###
### serve & no-log static files & images directly, without all standard drupal rewrites, php-fpm etc.
###
###
location ~* ^.+\.(?:jpe?g|gif|png|ico|swf|pdf|doc|xls|tiff?|txt|cgi|bat|pl|dll|aspx?|exe|class)$ {
access_log off;
expires 30d;
......@@ -118,8 +134,8 @@
###
### serve & log bigger media/static/archive files directly, without all standard drupal rewrites, php-fpm etc.
###
location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|t?gz|rar)$ {
###
location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|tar|t?gz|rar)$ {
expires 30d;
# allow files/downloads to be accessed without /sites/fqdn/
rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
......@@ -129,7 +145,7 @@
###
### serve & no-log some static files as is, without forcing default_type
###
###
location ~* /(?:cross-?domain)\.xml$ {
access_log off;
expires 30d;
......@@ -146,16 +162,25 @@
fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
}
###
### serve & no-log static helper files used in some wysiwyg editors
###
location ~* /(?:modules|libraries)/(?:tinybrowser|f?ckeditor|tinymce)/.*\.(?:html?|xml)$ {
access_log off;
expires 30d;
try_files $uri =404;
}
###
### deny listed requests for security reasons without 403 response
###
location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|script|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) {
location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) {
return 444;
}
###
### make feeds compatible with boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
###
location ~* \.xml$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -176,7 +201,7 @@
###
### make feeds compatible with Boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
###
location ~* /feed$ {
if ( $request_method !~ ^(?:GET|HEAD)$ ) {
return 405;
......@@ -188,7 +213,7 @@
access_log off;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 2.5";
add_header X-Header "Boost Citrus 2.5";
charset utf-8;
types { }
default_type application/rss+xml;
......@@ -229,22 +254,6 @@
access_log off;
try_files $uri @cache;
}
###
### deny direct access to backups
###
location ~* ^/sites/.*/files/backup_migrate/ {
access_log off;
deny all;
}
###
### deny direct access to private downloads
###
location ~* ^/sites/.*/private/ {
access_log off;
deny all;
}
###
### catch all unspecified requests
......@@ -264,9 +273,9 @@
return 405;
}
error_page 405 = @drupal;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 1.9";
add_header X-Header "Boost Citrus 1.9";
charset utf-8;
try_files /cache/normal/$host${uri}_$args.html @drupal;
}
......@@ -280,7 +289,7 @@
###
### send all non-static requests to php-fpm, restricted to known php files
###
###
location ~* ^/(?:index|boost_stats|update|authorize|xmlrpc)\.php$ {
try_files $uri @drupal; ### check for existence of php file first
fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
......@@ -288,7 +297,7 @@
###
### deny access to any not listed above php files
###
###
location ~* ^.+\.php$ {
deny all;
}
......
......@@ -27,7 +27,7 @@
## Default index files
index index.php index.html;
## Size Limits
client_body_buffer_size 64k;
client_header_buffer_size 32k;
......@@ -43,8 +43,8 @@
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
## Timeouts
## Timeouts
client_body_timeout 60;
client_header_timeout 60;
send_timeout 60;
......@@ -55,18 +55,18 @@
fastcgi_read_timeout 300;
## Open File Performance
open_file_cache max=8000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache max=8000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 3;
open_file_cache_errors on;
## FastCGI Caching
fastcgi_cache_path /var/lib/nginx/speed
levels=2:2:2
keys_zone=speed:50m
inactive=8h
max_size=1g;
## General Options
ignore_invalid_headers on;
limit_zone gulag $binary_remote_addr 10m;
......@@ -74,13 +74,13 @@
reset_timedout_connection on;
fastcgi_intercept_errors on;
## TCP options
## TCP options
tcp_nopush on;
## SSL performance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## Compression
gzip_buffers 16 8k;
gzip_comp_level 5;
......@@ -110,7 +110,7 @@ if ($nginx_has_upload_progress) {
client_body_temp_path /var/lib/nginx/body 1 2;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log crit;
#######################################################
### nginx default server
......
......@@ -3,6 +3,6 @@ server {
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root /var/www/nginx-default;
index index.html index.htm;
### Dont't reveal Aegir front-end URL here.
}
......@@ -24,7 +24,7 @@ class provisionService_http_nginx_ssl extends provisionService_http_ssl {
// We share the application name with nginx.
protected $application_name = 'nginx';
protected $has_restart_cmd = TRUE;
function default_restart_cmd() {
// The nginx service defines it's restart command as a static
// method so that we can make use of it here.
......
......@@ -15,7 +15,7 @@ server {
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
### Dont't reveal Aegir front-end URL here.
}
......
......@@ -15,8 +15,9 @@ function drush_provision_hostmaster_install_validate($site = NULL) {
drush_set_default('script_user', provision_current_user());
drush_set_default('web_group', _provision_default_web_group());
drush_set_default('http_service_type', 'apache');
drush_set_default('drush_make_version', '6.x-2.1');
drush_set_default('drush_make_version', '6.x-2.2');
drush_set_default('aegir_db_user', 'root');
drush_set_default('client_name', 'admin');
$aegir_db_user = drush_get_option('aegir_db_user');
drush_set_default('makefile', dirname(__FILE__) . '/aegir.make');
......@@ -82,7 +83,7 @@ The following settings will be used:
Aegir version: !version
Aegir platform path: !root
Aegir makefile: !makefile
Client email: !email
Admin email: !email
', array('!site' => $site,
'!fqdn' => drush_get_option('aegir_host'),
'!home' => drush_get_option('aegir_root'),
......@@ -186,10 +187,10 @@ function drush_provision_hostmaster_install($site = NULL) {
'platform' => $platform_name,
'db_server' => $dbserver,
'uri' => $site,
'client_email' => drush_get_option('client_email'),
'client_name' => drush_get_option('client_name'),
'profile' => 'hostmaster',
));
$data = provision_backend_invoke($site_name, 'provision-install');
$data = provision_backend_invoke($site_name, 'provision-install', array(), array('client_email' => drush_get_option('client_email')));
provision_backend_invoke($site_name, 'provision-verify');
// exit if an error has occured.
......
......@@ -28,8 +28,8 @@
########################################################################