Commit 915cbd85 authored by Adrian Rossouw's avatar Adrian Rossouw
Browse files

Merge branch 'master' into dev_server_verify

Conflicts:
	install.sh.txt
	web_server/provision_apache.drush.inc
parents 02fd313f b0d90139
......@@ -49,8 +49,8 @@ Shell commands::
useradd --home-dir /var/aegir aegir
gpasswd -a aegir www-data
chmod -R 755 /var/aegir
# Include the Aegir config
echo "Include /var/aegir/config/vhost.d/" > /etc/httpd/conf.d/aegir.conf
# Include the Aegir configs
ln -s /var/aegir/config/apache.conf /etc/httpd/conf.d/aegir.conf
service mysqld start
# Optional: set the mysql root password
mysqladmin password $password
......
......@@ -58,7 +58,7 @@ Shell commands::
groupadd aegir
useradd -g aegir -G webservd -d /var/aegir -s /bin/bash -c "Aegir sandbox" aegir
chown aegir:aegir /var/aegir
echo "Include /var/aegir/config/vhost.d/" >> /etc/apache2/httpd.conf
echo "Include /var/aegir/config/apache.conf" >> /etc/apache2/httpd.conf
MySQL commands::
# Replace 'aegir_password' with the chosen password for 'aegir' mysql account
......
......@@ -156,8 +156,12 @@ you can place include that file in your apache.conf/httpd.conf. We
prefer the former. In other systems there are similar ways to accomplish
this. Consult your OS's documentation if unsure.
If you are on a Debian-based system, you will also need to enable the
mod_rewrite module manually.
Shell commands as root::
a2enmod rewrite
ln -s /var/aegir/config/apache.conf /etc/apache2/conf.d/aegir.conf
......@@ -212,9 +216,9 @@ the official release.). You can modify which version to install by editing the
AEGIR_VERSION variable in the script.
The install script is shipped with other default settings that you will likely
need to change (such as the URL of the Aegir site) prior to running it.
need to change, especially the value of AEGIR_DOMAIN to match the URL of your site.
You can change which release to install or other parameters such as these
You can also change which release to install or other parameters such as these
through options passed to the script. Run "sh install.sh.txt -h" for more
information on the available options.
......
......@@ -36,9 +36,9 @@ you are reading this document.
Shell commands::
export AEGIR_VERSION=HEAD
export DRUPAL_DIR=/var/aegir/hostmaster-$AEGIR_TAG
export DRUPAL_DIR=/var/aegir/hostmaster-$AEGIR_VERSION
export OLD_DRUPAL_DIR=/var/aegir/drupal-6.14
export DRUSH_VERSION=6.x-3.0-alpha1.tar.gz
export DRUSH_VERSION=All-versions-3.0-beta1
export DRUSH_MAKE_VERSION=6.x-2.0-beta6
This document also assumes drush is installed properly and we use an
......@@ -159,13 +159,22 @@ and a single apache.conf. The vhost.d directory is for virtual hosts,
platform.d is for platform-specific configuration and apache.conf is the
server-wide configuration file.
You will need to move all platform_* configuration file to the
platform.d directory for Aegir to operate properly. Failure to do so
will yield unpredictable results as multiple definitions will be loaded
by Apache for the same platform. This can be fixed by doing:
After you have completed the migration process as outlined above,
you will need to change the line you added to either the httpd.conf file
or /etc/apache2/conf.d/aegir file during installation.
Open your httpd.conf file and modify :
Shell commands::
Include /var/aegir/config/vhost.d
To read :
Include /var/aegir/config/apache.conf
You will also need to create the following directories :
/var/aegir/config/platform.d
/var/aegir/config/apache.d
mkdir /var/aegir/config/platform.d/
mv /var/aegir/config/vhost.d/platform_*.conf /var/aegir/config/platform.d/
Now log into Aegir, and verify the hostmaster platform. This will generate
the correct apache.conf file and restart apache.
......@@ -21,7 +21,7 @@ function drush_provision_mysql_pre_provision_backup($url = NULL) {
host=%s
user=%s
password=%s
', drush_get_option('db_host'), drush_get_option('db_user'), drush_get_option('db_passwd'));
', drush_get_option('db_host'), urldecode(drush_get_option('db_user')), urldecode(drush_get_option('db_passwd')));
$descriptorspec = array(
// 0 => array("pipe", "r"), // this would be stdin, but we don't need to input into mysqldump
......
......@@ -277,15 +277,7 @@ function _provision_mysql_suggest_db_name($url) {
*
*/
function _provision_mysql_grant_host($db_host, $web_ip, $web_host) {
// The database hostname is localhost, not defined or on the same ip/host as the webserver.
if (in_array($db_host, array('127.0.0.1', 'localhost', '', $web_ip, $web_host))) {
$grant = 'localhost';
}
// if we have the web ip, use that first.
elseif ($web_ip) {
$grant = $web_ip;
} else {
$grant = $web_host;
}
return $grant;
$result = provision_db_result(provision_db_query("select current_user()"));
preg_match('/^.*@(.*)$/', $result, $matches);
return $matches[1];
}
......@@ -35,8 +35,7 @@ AEGIR_VERSION=HEAD
AEGIR_HOME=$HOME
WEB_GROUP=www-data
# doesn't exist yet, but we need drush_prompt in HEAD
DRUSH_VERSION=6.x-3.0-beta2
DRUSH_MAKE_VERSION=6.x-2.0-beta6
DRUSH_VERSION=All-versions-3.0-rc3
# when adding a variable here, add it to the display below
......@@ -140,6 +139,7 @@ fi
msg "Creating basic directory structure"
mkdir -p $AEGIR_HOME/config/vhost.d
mkdir -p $AEGIR_HOME/config/platform.d
mkdir -p $AEGIR_HOME/config/apache.d
mkdir -p $AEGIR_HOME/backups
chmod 0711 $AEGIR_HOME/config
chmod 0700 $AEGIR_HOME/backups
......@@ -175,7 +175,7 @@ else
$DRUSH dl drush_make-$DRUSH_MAKE_VERSION --destination=$AEGIR_HOME/.drush
fi
if $DRUSH help | grep "^ provision install" > /dev/null ; then
if $DRUSH help | grep "^ provision-install" > /dev/null ; then
msg "Provision already seems to be installed"
else
msg "Installing provision backend in $AEGIR_HOME/.drush"
......@@ -190,8 +190,37 @@ else
fi
fi
<<<<<<< HEAD
# this will prompt the user for the database password if not provided through stdin in JSON
$DRUSH provision-server --parent_path=$AEGIR_HOME --web_group=$WEB_GROUP --drush_path=$DRUSH
=======
# this should be handled by provision server verification, as it is a
# duplicate of web_server/provision_apache_server.tpl.php
# http://drupal.org/node/586000
if [ ! -f $AEGIR_HOME/config/apache.conf ]; then
cat > $AEGIR_HOME/config/apache.conf <<EOF
NameVirtualHost *:80
<IfModule ssl_module>
NameVirtualHost *:443
</IfModule>
<IfModule !env_module>
LoadModule env_module modules/mod_env.so
</IfModule>
<IfModule !rewrite_module>
LoadModule rewrite_module modules/mod_rewrite.so
</IfModule>
# virtual hosts
Include $AEGIR_HOME/config/vhost.d/
# platforms
Include $AEGIR_HOME/config/platform.d/
# other configuration, not touched by aegir
Include $AEGIR_HOME/config/apache.d/
EOF
fi
>>>>>>> master
msg "Aegir provision backend installed successfully"
......
......@@ -70,3 +70,14 @@ function drush_provision_drupal_provision_backup($url) {
drush_set_error('PROVISION_BACKUP_FAILED', dt("Could not back up sites directory for drupal"));
}
}
/**
* Remove the backup file if something went wrong
*/
function drush_provision_drupal_provision_backup_rollback() {
$backup_file = drush_get_option('backup_file');
if (file_exists($backup_file)) {
provision_path('unlink', $backup_file, TRUE,
dt("Removed stale backup file $backup_file"), dt("Failed deleting backup file $backup_file"));
}
}
This provision extension is designed to enforce privacy of backups in the backup_migrate module.
http://drupal.org/node/642948
name = Provision: backup_migrate
description = Backup migrate specific configuration
package = Provision
dependencies[] = provision
core = 6.x
<?php
/**
* Inject the relevant .htacces configuration into the global apache configuration
*/
function provision_backupmigrate_provision_apache_dir_config($data = null) {
return <<<EOF
RewriteRule sites/%{SERVER_NAME}/files/backup_migrate - [F]
RewriteRule files/backup_migrate - [F]
EOF;
}
......@@ -2,7 +2,7 @@
// $Id$
$new_url = drush_get_option('site_url');
$old_url = drush_get_option('site_url', 'site');
$old_url = drush_get_option('site_url', '', 'site');
/**
* @file
......@@ -15,7 +15,7 @@ drush_log(
dt('Changed paths from sites/@old_url to sites/@new_url',
array('@old_url' => $old_url, '@new_url' => $new_url)));
db_query("UPDATE {files} SET filepath=replace(filepath, 'sites/%', 'sites/%')", $old_url, $new_url);
db_query("UPDATE {files} SET filepath=replace(filepath, 'sites/%s', 'sites/%s')", $old_url, $new_url);
db_query("UPDATE {users} SET picture = replace(picture, 'sites/%s', 'sites/%s')", $old_url, $new_url);
variable_set('file_directory_path', "sites/$new_url/files");
variable_set('file_directory_temp', "sites/$new_url/files/tmp");
......
......@@ -445,10 +445,6 @@ function provision_find_packages() {
$packages['profiles'][$profile] = _provision_find_packages('profiles', $profile);
}
// Iterate through the sites, finding site specific packages
foreach (drush_get_option('sites', array()) as $site) {
$packages['sites'][$site] = _provision_find_packages('sites', $site);
}
return $packages;
}
......@@ -501,6 +497,11 @@ function provision_drupal_system_map() {
$packages['profiles'][$profile]->status = 1;
foreach (_provision_system_query("module") as $module) {
$frags = explode("/", $module->filename);
// ignore site-specific modules
if ($frags[0] == 'sites' && $frags[1] != 'all') {
continue;
}
$info_file = sprintf("%s/%s.info", dirname($module->filename), $module->name);
$module->info = provision_parse_info_file($info_file);
......@@ -514,7 +515,13 @@ function provision_drupal_system_map() {
drush_log(dt("Found !count modules", array('!count' => sizeof($packages['modules']))));
// XXX: mostly a copy-paste from above
foreach (_provision_system_query("theme") as $theme) {
$frags = explode("/", $theme->filename);
// ignore site-specific themes
if ($frags[0] == 'sites' && $frags[1] != 'all') {
continue;
}
$info_file = sprintf("%s/%s.info", dirname($theme->filename), $theme->name);
$theme->info = provision_parse_info_file($info_file);
_provision_cvs_deploy($theme);
......@@ -571,7 +578,7 @@ function _provision_drupal_find_modules($scope, $key = '') {
$source = str_replace("\r\n", "\n", $source);
$source = str_replace("\r", "\n", $source);
$function_matches = array();
preg_match_all('!function\s*&?([a-zA-Z0-9_]+)_update_([0-9]+)\(.*?\s*\{!', $source, $function_matches);
preg_match_all('!function\s*&?([a-zA-Z0-9_]+)_update_([0-9]+)\s*\(.*?\s*\{!', $source, $function_matches);
if (sizeof($function_matches[0])) {
$schema_version = max($function_matches[2]);
......@@ -604,7 +611,10 @@ function provision_parse_info_file($filename) {
}
/**
* Set up the $_SERVER environment variable so that drupal can correctly parse the settings.php file
* Set up the $_SERVER environment variable so that drupal can correctly parse the settings.php file.
* The real credentials are stored in the Apache vhost of the relevant site, to prevent leaking of
* sensitive data to site administrators with PHP access who might otherwise access such credentials
* potentially of other sites' settings.php in a multisite set-up.
*/
function provision_prepare_environment() {
$fields = array('db_type', 'db_host', 'db_user', 'db_passwd', 'db_name');
......
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
# There is no end quote below, for compatibility with Apache 1.3.
ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>
# Set the default handler.
DirectoryIndex index.php
# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.
# PHP 4, Apache 1.
<IfModule mod_php4.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# allow files to be accessed without /sites/fqdn/
RewriteRule ^files/(.*)$ /sites/%{HTTP_HOST}/files/$1 [L]
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>
/**
* The database credentials are stored in the Apache vhost config
* of the associated site with SetEnv parameters.
* They are called here with $_SERVER environment variables to
* prevent sensitive data from leaking to site administrators
* with PHP access, that potentially might be of other sites in
* Drupal's multisite set-up.
* This is a security measure implemented by the Aegir project.
*/
$databases['default']['default'] = array(
'driver' => urldecode($_SERVER['db_type']),
'database' => urldecode($_SERVER['db_name']),
......
......@@ -67,9 +67,14 @@ function drush_provision_drupal_post_provision_verify($url = NULL) {
* @see hook_provision_apache_dir_config()
*/
function provision_drupal_provision_apache_dir_config($data = null) {
$htaccess = file_get_contents(dirname(__FILE__) . "/provision_drupal_htaccess.tpl.php");
$htaccess = file_get_contents(drush_get_option('publish_path') . '/.htaccess');
$htaccess .= <<<EOF
<IfModule mod_rewrite.c>
# allow files to be accessed without /sites/fqdn/
RewriteRule ^files/(.*)$ /sites/%{HTTP_HOST}/files/$1 [L]
</IfModule>
# Do not read the platform's .htaccess
AllowOverride none
......
......@@ -300,11 +300,13 @@ function _provision_default_web_group() {
*/
function provision_count_cpus() {
$ncpus = FALSE;
# this should work on Linux with a /proc filesystem
$cpuinfo = file_get_contents("/proc/cpuinfo");
if ($cpuinfo !== FALSE) {
if (preg_match_all("/^processor.*:.*[0-9]+$/m", $cpuinfo, $matches)) {
$ncpus = count(array_pop($matches));
if (file_exists("/proc/cpuinfo")) {
# this should work on Linux with a /proc filesystem
$cpuinfo = file_get_contents("/proc/cpuinfo");
if ($cpuinfo !== FALSE) {
if (preg_match_all("/^processor.*:.*[0-9]+$/m", $cpuinfo, $matches)) {
$ncpus = count(array_pop($matches));
}
}
}
return $ncpus;
......
......@@ -31,10 +31,12 @@ function provision_ssl_provision_apache_vhost_config($url, $options) {
$newoptions['site_port'] = 80;
provision_write_config(drush_get_option('vhost_path') . '/' . $url . '_80', _provision_apache_redirect_template(), $newoptions);
}
return array("php_value session.cookie_secure 1", "SSLEngine On");
} else {
return NULL;
$newoptions = $options;
$newoptions['site_port'] = 443;
$newoptions['extra_config'] = "php_value session.cookie_secure 1\nSSLEngine On\n";
provision_write_config(drush_get_option('vhost_path') . '/' . $url . '_443', _provision_apache_default_template(), $newoptions);
}
return NULL;
}
/**
......
......@@ -188,6 +188,11 @@ function _provision_apache_create_platform_config($url) {
$writable = provision_path("writable", drush_get_option('platform_conf_path'), TRUE , NULL, dt("Platform configuration path @path is not writable."), 'PROVISION_VHOST_PATH_NOT_WRITABLE');
if ($writable) {
// remove the old path first.
$oldfile = drush_get_option('vhost_path') . '/' . $file;
if (file_exists($oldfile) && is_writable($oldfile)) {
unlink($oldfile);
}
return provision_write_config(drush_get_option('platform_conf_path') . '/' . $file, _provision_apache_platform_template(), $data);
} else {
return $writable;
......@@ -219,7 +224,12 @@ function _provision_apache_create_server_config() {
'PROVISION_VHOST_PATH_NOT_WRITABLE');
if ($writable) {
return provision_write_config($file, $template, $options);
// remove the old path first.
$oldfile = drush_get_option('vhost_path') . '/' . drush_get_option('web_host') . '.server';
if (file_exists($oldfile) && is_writable($oldfile)) {
unlink($oldfile);
}
return provision_write_config(drush_get_option('config_path') .'/apache.conf', $template, $options);
} else {
return $writable;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment