Commit 6d99b240 authored by Adrian Rossouw's avatar Adrian Rossouw Committed by adrian

Partial refactoring, finished documentation. Lots of little helper functions...

Partial refactoring, finished documentation. Lots of little helper functions to figure out defaults of things, for the auto-reconfiguring self documenting help.
parent 89eb19cc
......@@ -397,10 +397,34 @@ function provision_confirm_drush() {
}
/**
* Get the root path of the Provision installation
* Get the backup path of the Provision installation
*/
function _provision_root_path() {
return variable_get('provision_root', ereg_replace("/webroot$", "", $_SERVER['DOCUMENT_ROOT']));
function _provision_backup_path() {
$parts = explode("/", $_SERVER['DOCUMENT_ROOT']);
array_pop($parts);
return variable_get('provision_backup_path', implode("/" , $parts) . '/backups');
}
/**
* Get the drushrc path of the Provision installation
*/
function _provision_drushrc_path() {
$parts = explode("/", $_SERVER['DOCUMENT_ROOT']);
array_pop($parts);
return variable_get('provision_drushrc_path', implode("/" , $parts) . '/platform.d');
}
/**
* Get the vhost path of the Provision installation
*/
function _provision_vhost_path() {
$parts = explode("/", $_SERVER['DOCUMENT_ROOT']);
array_pop($parts);
return variable_get('provision_vhost_path', implode("/" , $parts) . '/vhost.d');
}
function _provision_path_can_be_created($path) {
}
/**
......@@ -453,7 +477,6 @@ function provision_get_script_owner() {
return variable_get('provision_user', get_current_user());
}
/**
* Return the group who runs the httpd daemin.
*
......
......@@ -37,6 +37,9 @@
/** Include the provisioning API. */
include_once('provision.inc');
function provision_provision_service() {
return t("Basic configuration");
}
/**
* Implementation of hook_help()
......@@ -48,22 +51,10 @@ function provision_help($section) {
$output .= t('<p>Additionally, the Provision framework is one component of the distributed hosting infrastructure provided by the <code>hostmaster</code> install profile.
The Hostmaster profile is capable of driving several provision backends, in a distributed manner, and provides an interface for the functionality of provision.</p>');
$output .= t('<p>It is not required to run the hosting front end to use the Provision framework, but the system does not provide much in the way of a web accessible front end, by design.</p>');
$output .= t('<p>Unfortunately, due to the requirements of some of the functionality, significantly more access than is usually allowed on a shared hosting solution is required,
and as such, a virtual server or dedicated hosting system will be required to run this system.</p>');
$output .= '<a name=\'requirements\'><h3>' . t('Requirements') . '</h3></a>';
$output .= '<dl>';
$modules = module_implements('provision_service');
foreach ($modules as $module) {
$name = module_invoke($module, 'provision_service');
$help = module_invoke($module, 'help', 'admin/help/provision#requirements');
if ($name && $help) {
$output .= '<dt>' . t($name) . '</dt>';
$output .= '<dd>' . $help . '</dd>';
}
}
$output .= '</dl>';
$output .= t('<p>For a more detailed breakdown of steps that need to be taken to configure Provisioning to run with your system, please read the <a href="@url">in depth requirement documentation</a></p>',
array('@url' => url('admin/help/provision/requirements')));
$output .= '<a name=\'commands\'><h3>' . t('Commands') . '</h3></a>';
$commands = module_invoke_all('drush_command');
$output .= "<dl>";
......@@ -92,8 +83,57 @@ function provision_help($section) {
$output .= "</dl>";
return $output;
case 'admin/help/provision#requirements' :
$username = provision_get_script_owner();
$group = provision_get_group_name();
$backup_path = _provision_backup_path();
$mkdir_cmd['@backup_path'] = $backup_path;
$mkdir_cmd['@provision_link'] = url('admin/settings/provision');
$mkdir_cmd['@mkdir_cmd'] = <<<EOF
[$username@hm2 ~]$ mkdir $backup_path
[$username@hm2 ~]$ chown $username:$username $backup_path
[$username@hm2 ~]$ chmod 0700 $backup_path
EOF;
$output .= "<ol>";
$output .= '<li>' . t('<p><strong>The user account running the script, and the group of the httpd daemon.</strong>
The provision framework takes special care to make sure that the file permissions of the
hosted sites are always as safe as can be, especially to make sure that the web server does
not have the ability to modify the code of the site, therefor this information is required
to assure that safety while keeping the sites accessible.</p>
<p>Based on your server configuration we have determined that you should set the
username to "<code>@username</code>" and the group to "<code>@group</code>",
but you can change these in the <a href="@provision_link">provisioning section</a>.</p>', array("@username" => $username, "@group" => $group, "@provision_link" => url('admin/settings/provision'))) . '</li>';
$output .= '<li>' . t('<strong>Write access to a directory to store backups.</strong>
The drush user needs to be able to maintain the backups repository to ensure that your site is backed up successfully.
It is incredibly important that this path is not accessible via the web server, so that no undesirables can get their
hands on your database. The recommended path is directly above your platform path, but it can be anywhere.<br />
Based on your server configuration we have determined that your path should be <code>@backup_path</code>,
but you can change it change them in the <a href="@provision_link">provisioning section</a><br />
To create and configure this directory correctly, please enter the following commands :
<pre>@mkdir_cmd</pre>',$mkdir_cmd) . '</li>';
$output .= "</ol>";
return $output;
}
}
function provision_help_requirements() {
$output .= t('<p>Unfortunately, due to the requirements of some of the functionality, significantly more access than is usually allowed on a shared hosting solution is required,
and as such, a virtual server or dedicated hosting system will be required to run this system.</p>');
$output .= t('<p>Some of the features of the system also require the ability to create symlinks, which means that it needs to run on a unix-like operating system. There are no plans currently to add windows support.</p>');
$modules = module_implements('provision_service');
foreach ($modules as $module) {
$name = module_invoke($module, 'provision_service');
$help = module_invoke($module, 'help', 'admin/help/provision#requirements');
if ($name && $help) {
$output .= '<h3>' . t($name) . '</h3>';
$output .= $help;
}
}
return $output;
}
/**
......@@ -122,6 +162,13 @@ function provision_menu($may_cache = true) {
'callback arguments' => array('provision_configure'),
'access' => user_access('administer provisioning'),
);
$items[] = array(
'path' => 'admin/help/provision/requirements',
'title' => t('Provisioning requirements'),
'description' => t("Information of how to configure the provisioning system."),
'callback' => 'provision_help_requirements',
'type' => MENU_CALLBACK
);
}
return $items;
}
......@@ -131,17 +178,25 @@ function provision_menu($may_cache = true) {
*
* Configuration screen for the provisioning framework.
*/
function provision_configure() {
$form['provision_root'] = array(
'#type' => 'textfield',
'#title' => t('Provision root'),
'#description' => t('The path where the provision platform is based.'),
'#default_value' => variable_get('provision_root', ereg_replace("/webroot$", "", $_SERVER['DOCUMENT_ROOT'])),
'#size' => 40,
'#maxlength' => 255,
);
foreach (module_implements('provision_configure') as $module) {
$form[$module] = array(
'#type' => 'fieldset',
'#title' => module_invoke($module, 'provision_service'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
'#access' => user_access('administer provisioning'),
);
$form[$module] = array_merge($form[$module], module_invoke($module, "provision_configure"));
}
return system_settings_form($form);
}
/**
* Implementation of provision_configure
*/
function provision_provision_configure() {
$form['provision_tempurl_base'] = array(
'#type' => 'textfield',
'#required' => TRUE,
......@@ -156,7 +211,7 @@ function provision_configure() {
'#type' => 'textfield',
'#title' => t('Provision user'),
'#description' => t('The owner of the files. must not be the web server user.'),
'#default_value' => variable_get('provision_user', 'hosting'),
'#default_value' => provision_get_script_owner(),
'#size' => 40,
'#maxlength' => 255,
);
......@@ -165,22 +220,12 @@ function provision_configure() {
'#type' => 'textfield',
'#title' => t('Provision group'),
'#description' => t('The group owner of the files. should be the group the web server is running as.'),
'#default_value' => variable_get('provision_group', 'apache'),
'#default_value' => provision_get_group_name(),
'#size' => 40,
'#maxlength' => 255,
);
foreach (module_implements('provision_configure') as $module) {
$form[$module] = array(
'#type' => 'fieldset',
'#title' => module_invoke($module, 'provision_service'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
'#access' => user_access('administer provisioning'),
);
$form[$module] = array_merge($form[$module], module_invoke($module, "provision_configure"));
}
return system_settings_form($form);
return $form;
}
/**
......
......@@ -20,21 +20,58 @@ function provision_apache_provision_service() {
function provision_apache_help($section) {
switch ($section) {
case 'admin/help/provision#requirements':
$username = provision_get_script_owner();
$group = provision_get_group_name();
$vhost_path = _provision_vhost_path();
$mkdir_cmd['@vhost_path'] = $vhost_path;
$mkdir_cmd['@provision_link'] = url('admin/settings/provision');
$mkdir_cmd['@mkdir_cmd'] = <<<EOF
[$username@hm2 ~]$ mkdir $vhost_path
[$username@hm2 ~]$ chown $username:$username $vhost_path
[$username@hm2 ~]$ chmod 0700 $vhost_path
EOF;
$visudo_cmd['@visudo_cmd'] = <<<EOF
[$username@hm2 ~]$ sudo su -
password:
[root@hm2 ~]$ visudo
EOF;
$visudo_cmd['@visudo_line'] = <<<EOF
$username ALL=NOPASSWD: /usr/sbin/apachectl
EOF;
$vhost_line = <<<EOF
Include $vhost_path
EOF;
$output .= "<ol>";
$output .= '<li>' . t('<strong>The user account running the script, and the group of the httpd daemon.</strong>
$output .= '<li>' . t('<p><strong>Web server inaccessible directory to store Virtual Host information.</strong>
The provision framework takes special care to make sure that the file permissions of the
hosted sites are always as safe as can be, especially to make sure that the web server does
not have the ability to modify the code of the site, therefor this information is required
to assure that safety while keeping the sites accessible.') . '</li>';
$output .= '<li>' . t('<strong>Access to the server\'s <code>httpd.conf</code> file.</strong>
to assure that safety while keeping the sites accessible.
The recommended path is directly above your platform path, but it can be anywhere.</p>
<p>Based on your server configuration we have determined that your path should be <code>@vhost_path</code>,
but you can change it change them in the <a href="@provision_link">provisioning section</a></p>
<p><strong>To configure:</strong> this directory correctly, please enter the following commands :
<pre>@mkdir_cmd</pre></p>',$mkdir_cmd) . '</li>';
$output .= '<li>' . t('<p><strong>Access to the server\'s <code>httpd.conf</code> file.</strong>
You are required to add a single line to the httpd.conf file, which allows
the system to load the additional virtual hosts that are generated.') . '</li>';
$output .= '<li>' . t('<strong>Ability to reload the httpd daemon.</strong>
As the provisioning framework should <strong>never</strong> be run as root,
and the web server group should <strong>never</strong> be allowed access to the
the system to load the additional virtual hosts that are generated.</p>
The location of this file differs between distributions,
but is most commonly found in <code>/etc/httpd</code> or <code>/etc/apache</a>.</p>
<p><strong>To configure:</strong> Once you have determined the location of your httpd.conf file, add the following line to it :
<pre>@vhost_line</pre></p>', array('@vhost_line' => $vhost_line)) . '</li>';
$output .= '<li>' . t('<p><strong>Ability to reload the httpd daemon.</strong>
As the provisioning framework should not be run as root,
and the web server group should not be allowed access to the
functionality to stop/start the web server, it is required that you provide access
to the Apache restart command for the user account the script will be running as.
If this is not configured, every command will ask for a sudo password when restarting the server.') . '</li>';
If this is not configured, every command will ask for a sudo password when restarting the server.</p>
<p><strong>To configure:</strong> Run the visudo command: <pre>@visudo_cmd</pre>
Then add the following line to the file: <pre>@visudo_line</pre></p>',
$visudo_cmd) . '</li>';
$output .= "</ol>";
return $output;
break;
......@@ -74,6 +111,10 @@ function provision_apache_provision_configure() {
return $form;
}
/**
* The default template provided for the virtual host configuration
*/
function _provision_apache_default_template() {
return <<<EOF
<VirtualHost *:80>
......@@ -91,18 +132,28 @@ function _provision_apache_default_template() {
</VirtualHost>
EOF;
}
/**
* Implementation of hook_provision_pre_install
*/
function provision_apache_provision_pre_install($url, &$data) {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
return _provision_apache_create_vhost_config($url, $data);
}
/**
* Implementation of hook_provision_post_install
*/
function provision_apache_provision_post_install($url, &$data) {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
return _provision_apache_restart_apache();
}
/**
* Implementation of hook_provision_enable
*/
function provision_apache_provision_enable($url, &$data) {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
......@@ -111,6 +162,9 @@ function provision_apache_provision_enable($url, &$data) {
_provision_apache_restart_apache();
}
/**
* Implementation of hook_provision_disable
*/
function provision_apache_provision_disable($url, &$data) {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
......@@ -119,7 +173,10 @@ function provision_apache_provision_disable($url, &$data) {
_provision_apache_restart_apache();
}
function provision_apache_provision_regenerate($url, &$data) {
/**
* Implementation of hook_provision_sync
*/
function provision_apache_provision_sync($url, &$data) {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
......@@ -127,6 +184,9 @@ function provision_apache_provision_regenerate($url, &$data) {
_provision_apache_restart_apache();
}
/**
* Delete virtual host file
*/
function _provision_apache_delete_vhost_config($url, $data) {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
......@@ -137,6 +197,9 @@ function _provision_apache_delete_vhost_config($url, $data) {
}
}
/**
* Generate virtual host file
*/
function _provision_apache_create_vhost_config($url, $data) {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
......@@ -154,6 +217,9 @@ function _provision_apache_create_vhost_config($url, $data) {
fclose($file);
}
/**
* Restart Apache
*/
function _provision_apache_restart_apache() {
#safety mechanism to ensure back end calls are not made via the front end.
if (!provision_confirm_drush()) return null;
......
......@@ -18,13 +18,10 @@
function provision_mysql_help($section) {
switch ($section) {
case 'admin/help/provision#requirements':
$username = provision_get_script_owner();
$output .= "<ol>";
$command = <<<EOF
benton:~ adrian$ mysql -uroot -pXXXXXXXXX mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1329 to server version: 4.1.20
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
[$username@hm2 ~]$ mysql -uroot -pXXXXXXXXX mysql
mysql> grant create, drop, grant option on *.* to 'username_here'@'localhost'
-> identified by 'mypassword';
......@@ -33,7 +30,11 @@
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
EOF;
$output .= '<li>' . t('<strong>Mysql user account capable of creating new databases.</strong> To be able to create new sites, the provisioning framework will need to be able to create new databases and users. It is not recommended using the mysql root password for this, but any account with the correct permissions will do. To create the account, log in to your server as root, and type in the following command: <pre>@command_text</pre>', array('@command_text' => $command)) . '</li>';
$output .= '<li>' . t('<p><strong>Mysql user account capable of creating new databases.</strong>
To be able to create new sites, the provisioning framework will need to be able to create new databases and users.
It is not recommended using the mysql root password for this, but any account with the correct permissions will do.</p>
<p><strong>To configure:</strong> Log in to your mysql server as root, and type in the following command:
<pre>@command_text</pre></p>', array('@command_text' => $command)) . '</li>';
$output .= "</ol>";
return $output;
break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment