From ee18e372f6f23eeb909f03248b853be2db844477 Mon Sep 17 00:00:00 2001 From: Adrian Rossouw <adrian@developmentseed.org> Date: Mon, 25 Feb 2008 17:54:58 +0000 Subject: [PATCH] missed the provision_apache module during file move @http://drupal.org/node/225572. Thanks anarcat. --- web_server/provision_apache.module | 272 +++++++++++++++++++++++++++++ 1 file changed, 272 insertions(+) create mode 100644 web_server/provision_apache.module diff --git a/web_server/provision_apache.module b/web_server/provision_apache.module new file mode 100644 index 000000000..359ba5a23 --- /dev/null +++ b/web_server/provision_apache.module @@ -0,0 +1,272 @@ +<?php +/** + * @file + * Apache provisioning module + * This module simply serves to generate the virtual host entry, and make sure apache gets reloaded properly. + * Because Drupal is running via the command line for the entirety of this process, it is only necessary to make + * it available online once everything has been completed. + * + * This module still requires configuration and sanity checks. Need to figure out a way to inspect the apache configuration, + * to ensure that the sites are getting loaded up correctly. + */ + +function provision_apache_provision_service() { + return array( "web_server" => t("Web Server")); +} + +/** + * Implementation of hook_help(). + */ +function provision_apache_help($section) { + switch ($section) { + case 'admin/help/provision#requirements': + $username = provision_get_script_owner(); + $group = provision_get_group_name(); + $vhost_path = _provision_vhost_path(); + $mkdir_cmd['@vhost_path'] = $vhost_path; + $mkdir_cmd['@provision_link'] = url('admin/settings/provision'); + $mkdir_cmd['@mkdir_cmd'] = <<<EOF + [$username@hm2 ~]$ mkdir $vhost_path + [$username@hm2 ~]$ chown $username:$username $vhost_path + [$username@hm2 ~]$ chmod 0700 $vhost_path +EOF; + $visudo_cmd['@visudo_cmd'] = <<<EOF + [$username@hm2 ~]$ sudo su - + password: + [root@hm2 ~]$ visudo +EOF; + $visudo_cmd['@visudo_line'] = <<<EOF + $username ALL=NOPASSWD: /usr/sbin/apachectl +EOF; + + $vhost_line = <<<EOF + Include $vhost_path +EOF; + + $output .= "<ol>"; + + $output .= '<li>' . t('<p><strong>Web server inaccessible directory to store Virtual Host information.</strong> + The provision framework takes special care to make sure that the file permissions of the + hosted sites are always as safe as can be, especially to make sure that the web server does + not have the ability to modify the code of the site, therefor this information is required + to assure that safety while keeping the sites accessible. + The recommended path is directly above your platform path, but it can be anywhere.</p> + <p>Based on your server configuration we have determined that your path should be <code>@vhost_path</code>, + but you can change it change them in the <a href="@provision_link">provisioning section</a></p> + <p><strong>To configure:</strong> this directory correctly, please enter the following commands : + <pre>@mkdir_cmd</pre></p>',$mkdir_cmd) . '</li>'; + + $output .= '<li>' . t('<p><strong>Access to the server\'s <code>httpd.conf</code> file.</strong> + You are required to add a single line to the httpd.conf file, which allows + the system to load the additional virtual hosts that are generated.</p> + The location of this file differs between distributions, + but is most commonly found in <code>/etc/httpd</code> or <code>/etc/apache</a>.</p> + <p><strong>To configure:</strong> Once you have determined the location of your httpd.conf file, add the following line to it : + <pre>@vhost_line</pre></p>', array('@vhost_line' => $vhost_line)) . '</li>'; + $output .= '<li>' . t('<p><strong>Ability to reload the httpd daemon.</strong> + As the provisioning framework should not be run as root, + and the web server group should not be allowed access to the + functionality to stop/start the web server, it is required that you provide access + to the Apache restart command for the user account the script will be running as. + If this is not configured, every command will ask for a sudo password when restarting the server.</p> + <p><strong>To configure:</strong> Run the visudo command: <pre>@visudo_cmd</pre> + Then add the following line to the file: <pre>@visudo_line</pre></p>', + $visudo_cmd) . '</li>'; + $output .= "</ol>"; + return $output; + break; + } +} + +/** + * Hook into central configuration form for provisioning framework. + */ +function provision_apache_provision_configure($node = null) { + $form['ip_address'] = array( + '#type' => 'textfield', + '#title' => t('IP address'), + '#default_value' => $node->ip_address, + '#description' => t("The IP address the server can be accessed by. If this is empty, the hostname field will be used instead.") + ); + + $form['script_user'] = array( + '#type' => 'textfield', + '#title' => t('System account'), + '#required' => TRUE, + '#description' => t('The system account that the hosted files will belong to, for security reasons, this should be a different to the account the web server is running as.'), + '#default_value' => ($node->script_user) ? $node->script_user : provision_get_script_owner(), + '#size' => 40, + '#maxlength' => 255, + ); + + $form['web_group'] = array( + '#type' => 'textfield', + '#title' => t('Web server group'), + '#required' => TRUE, + '#description' => t('The group that the hosted files will belong to. Should be the group the web server is running as.'), + '#default_value' => ($node->web_group) ? $node->web_group : provision_get_group_name(), + '#size' => 40, + '#maxlength' => 255, + ); + + $form['config_path'] = array( + '#type' => 'textfield', + '#title' => t('Configuration path'), + '#required' => TRUE, + '#size' => 40, + '#default_value' => ($node->config_path) ? $node->config_path : _provision_config_path(), + '#description' => t("The path on the server where configuration files will be stored. + It is essential that this directory should not be accessible via a web browser."), + '#maxlength' => 255, + ); + + $form['backup_path'] = array( + '#type' => 'textfield', + '#title' => t('Backup path'), + '#required' => TRUE, + '#size' => 40, + '#default_value' => ($node->backup_path) ? $node->backup_path : _provision_backup_path(), + '#description' => t("The path on the server where backups will be stored. + It is essential that this directory should not be accessible via a web browser."), + '#maxlength' => 255, + ); + + return $form; +} + +/** + * Implementation of hook_provision_templates + */ +function provision_apache_provision_templates() { + $form['vhost_template'] = array( + '#type' => 'textarea', + '#title' => t('Virtual Host configuration template'), + '#description' => t('The text to use when generating a virtual host configuration file for apache'), + '#default_value' => variable_get('provision_apache_vhost_template', _provision_apache_default_template()), + '#cols' => 60, + '#rows' => 5, + ); + return $form; +} + +/** + * The default template provided for the virtual host configuration + */ +function _provision_apache_default_template() { + return file_get_contents(drupal_get_path('module', 'provision_apache') . "/templates/apache_vhost.tpl.php"); +} + +/** + * Implementation of hook_provision_pre_install + */ +function provision_apache_provision_pre_install($url, &$data) { + #safety mechanism to ensure back end calls are not made via the front end. + if (!provision_confirm_drush()) return null; + return _provision_apache_create_vhost_config($url, $data); +} + +/** + * Implementation of hook_provision_post_install + */ +function provision_apache_provision_post_install($url, &$data) { + #safety mechanism to ensure back end calls are not made via the front end. + if (!provision_confirm_drush()) return null; + return _provision_apache_restart_apache(); +} + +/** + * Implementation of hook_provision_enable + */ +function provision_apache_provision_enable($url, &$data) { + #safety mechanism to ensure back end calls are not made via the front end. + if (!provision_confirm_drush()) return null; + + _provision_apache_create_vhost_config($url, $data); + _provision_apache_restart_apache(); +} + +/** + * Implementation of hook_provision_disable + */ +function provision_apache_provision_disable($url, &$data) { + #safety mechanism to ensure back end calls are not made via the front end. + if (!provision_confirm_drush()) return null; + + _provision_apache_delete_vhost_config($url, $data); + _provision_apache_restart_apache(); +} + +/** + * Implementation of hook_provision_sync + */ +function provision_apache_provision_synch($url, &$data) { + _provision_apache_create_vhost_config($url, $data); + _provision_apache_restart_apache(); +} + +/** + * Delete virtual host file + */ +function _provision_apache_delete_vhost_config($url, $data) { + provision_check_path(_provision_vhost_path() . "/$url", "unlink", true, + t("Removed apache virtual host configuration")); +} + +/** + * Generate virtual host file + */ +function _provision_apache_create_vhost_config($url, $data) { + $writable = provision_check_path(_provision_vhost_path(), "writable", true , + t("Virtual host configuration path is writable."), + t("Virtual host configuration path is not writable."), + PROVISION_PERM_ERROR | PROVISION_FRAMEWORK_ERROR); + if ($writable) { + $file = fopen(_provision_vhost_path() . '/' . $url, "w"); + $text = provision_render_config(variable_get('provision_apache_vhost_template', _provision_apache_default_template()), $data); + fwrite($file, $text); + fclose($file); + } +} + +/** + * Restart Apache + */ +function _provision_apache_restart_apache() { + # This is required to be configurable, due to the fact that different hosts might need to do this differently. + # TODO : add configuration / test for this + $apache_restart_cmd = escapeshellcmd(variable_get('provision_apache_restart_cmd', 'sudo apachectl graceful')); + $return = drush_shell_exec(escapeshellcmd($apache_restart_cmd)); + if (!$return) { + provision_set_error(PROVISION_WEB_ERROR); + provision_log("error", "Web server could not be restarted. Changes might not be available until this has been done."); + } +} + +function provision_apache_provision_verify() { + $path = _provision_vhost_path(); + $exists = provision_check_path($path, "exists", true , + t("Virtual Host configuration path exists."), + t("Virtual Host configuration path does not exist.")); + if (!$exists) { + $made = provision_check_path($path, "mkdir", true, + t("Virtual host configuration path has been created."), + t("Virtual host configuration path could not be created."), + PROVISION_PERM_ERROR | PROVISION_FRAMEWORK_ERROR); + } + else { + $writable = provision_check_path($path, "writable", true , + t("Virtual host configuration path is writable."), + t("Virtual host configuration path is not writable."), + PROVISION_PERM_ERROR | PROVISION_FRAMEWORK_ERROR); + if (!$writable) { + provision_check_path($path, "chown", provision_get_script_owner(), + t("Changed ownership of <code>%path</code>", array("%path" => $path)), + t("Could not change ownership <code>%path</code>", array("%path" => $path)), + PROVISION_PERM_ERROR); + provision_check_path($path, "chmod", 0700, + t("Changed permissions of <code>%path</code> to %perms", array("%path" => $path, '%perms' => 0700)), + t("Could not change ownership <code>%path</code> to %perms", array("%path" => $path, '%perms' => 0700)), + PROVISION_PERM_ERROR ); + } + } +} -- GitLab