Commit bd6bc60b authored by anarcat's avatar anarcat

Merge remote branch 'ceres/prod-koumbit' into prod-koumbit

parents 21a60326 4ed88977
......@@ -6,10 +6,11 @@ This is the backend of the Aegir hosting system.
The front end and back end are designed to be run separately, and each
front end will also be able to drive multiple back ends.
The most up to date information regarding the project and its goal
can be found in the Aegir wiki page:
The most up to date information regarding the project and its goals
can be found on the Aegir website and the community portal:
http://groups.drupal.org/aegir/overview
http://aegirproject.org
http://community.aegirproject.org
To install Aegir, you should follow the INSTALL.txt document in docs/.
The HINTS_<arch>.txt files can be useful if you have a specific
......@@ -20,8 +21,8 @@ To upgrade Aegir, follow the UPGRADE.txt document in docs/.
The core of the documentation in docs/ should be sufficient to get you
started. If you have further questions or are having trouble with Aegir,
head for the documentation wiki:
head for the documentation:
http://groups.drupal.org/aegir-hosting-system/documentation
http://community.aegirproject.org/notebook
Other documentation for developpers is also available in docs/.
Other documentation for developers is also available in docs/.
......@@ -4,6 +4,6 @@ api = 2
projects[drupal][type] = "core"
projects[hostmaster][type] = "profile"
projects[hostmaster][download][type] = "git"
projects[hostmaster][download][url] = "git://git.aegirproject.org/hostmaster.git"
projects[hostmaster][download][branch] = "master"
projects[hostmaster][download][type] = "get"
projects[hostmaster][download][url] = "http://files.aegirproject.org/hostmaster-0.4-rc1.tgz"
projects[hostmaster][download][directory_name] = "hostmaster"
......@@ -71,7 +71,7 @@ class provisionService_db extends provisionService {
function suggest_db_name() {
$uri = $this->context->uri;
$suggest_base = substr(str_replace(array('.', '-'), '' , ereg_replace('^www\.', '', $uri)), 0, 16);
$suggest_base = substr(str_replace(array('.', '-'), '' , preg_replace('/^www\./', '', $uri)), 0, 16);
if (!$this->database_exists($suggest_base)) {
return $suggest_base;
......@@ -91,8 +91,10 @@ class provisionService_db extends provisionService {
/**
* Generate a new mysql database and user account for the specified credentials
*/
function create_site_database() {
$creds = $this->generate_site_credentials();
function create_site_database($creds = array()) {
if (!sizeof($creds)) {
$creds = $this->generate_site_credentials();
}
extract($creds);
if (!$this->can_create_database()) {
......@@ -150,12 +152,14 @@ class provisionService_db extends provisionService {
}
function import_site_database($dump_file = null) {
function import_site_database($dump_file = null, $creds = array()) {
if (is_null($dump_file)) {
$dump_file = d()->site_path . '/database.sql';
}
$creds = $this->fetch_site_credentials();
if (!sizeof($creds)) {
$creds = $this->fetch_site_credentials();
}
$exists = provision_file()->exists($dump_file)
->succeed('Found database dump at @path.')
......
......@@ -14,6 +14,8 @@ class provisionService_db_mysql extends provisionService_db_pdo {
}
function database_exists($name) {
// An underscore in a LIKE clause is a single character wildcard, escape it.
$name = str_replace('_', '\_', $name);
$result = $this->query("SHOW DATABASES LIKE '%s'", $name);
if ($result) {
return $result->fetchColumn(0);
......@@ -88,7 +90,7 @@ class provisionService_db_mysql extends provisionService_db_pdo {
}
function grant_host(provisionContext_server $server) {
$command = sprintf('mysql -u intntnllyInvalid -h %s -P %s',
$command = sprintf('mysql -u intntnllyInvalid -h %s -P %s -e ""',
escapeshellarg($this->server->remote_host),
escapeshellarg($this->server->db_port));
......@@ -124,6 +126,13 @@ class provisionService_db_mysql extends provisionService_db_pdo {
* We go through all this trouble to hide the password from the commandline,
* it's the most secure way (apart from writing a temporary file, which would
* create conflicts in parallel runs)
*
* XXX: this needs to be refactored so it:
* - works even if /dev/fd/3 doesn't exit
* - has a meaningful name (we're talking about reading and writing
* dumps here, really, or at least call mysql and mysqldump, not
* just any command)
* - can be pushed upstream to drush (http://drupal.org/node/671906)
*/
function safe_shell_exec($cmd, $db_host, $db_user, $db_passwd, $dump_file = null) {
$mycnf = sprintf('[client]
......@@ -141,6 +150,7 @@ port=%s
2 => array("pipe", "w"), // stderr is a file to write to
3 => array("pipe", "r"), // fd3 is our special file descriptor where we pass credentials
);
$pipes = array();
$process = proc_open($cmd, $descriptorspec, $pipes);
$this->safe_shell_exec_output = '';
if (is_resource($process)) {
......
......@@ -41,6 +41,9 @@ function drush_dns_provision_zone($action, $zone, $name = null, $type = null, $d
break;
case 'rr-add':
$record = d()->service('dns')->config('zone', $zone)->record_get($name);
if (!is_array($record[$type])) {
$record[$type] = array();
}
$record[$type] = array_merge($record[$type], array($destination));
$status = d()->service('dns')->config('zone', $zone)->record_set($name, $record)->write();
break;
......@@ -281,7 +284,7 @@ class provisionService_dns extends provisionService {
if ($status) {
drush_log(dt("creating zone configuration on slaves"));
$status = $this->_each_server("create_zone", $zone);
$status = $this->_each_server("create_zone", array($zone));
}
return $status;
}
......@@ -295,7 +298,7 @@ class provisionService_dns extends provisionService {
if ($status) {
drush_log(dt("deleting zone configuration from slaves"));
$status = $this->_each_server("delete_zone", $zone);
$status = $this->_each_server("delete_zone", array($zone));
}
return $status;
}
......
......@@ -62,7 +62,11 @@ The first two commands below are optional but recommended.
Shell commands::
sudo port selfupdate
sudo port upgrade outdated
sudo port install apache2 mysql5-server git-core unzip php52 +mysql5
sudo port install apache2 mysql5-server git-core unzip php52 php5-posix \
php5-gd php5-apc +mysql5
php5-apc is optional, but highly recommended as it will significantly increase
PHP performance.
Watch the output of the last port command carefully, as there are
usually some boring tasks for you to perform once the install is
......@@ -76,7 +80,13 @@ Next we'll create the aegir user and add it to the _www group. This
part is very different on Mac OS X than Linux or most other
Unices. Must be a NeXTism. The command we will use he is "dscl", which
is a short for Directory Service Command Line. In OSX 10.3 and
earlier, that command is "nicl" (short for Net Info Command Line).
earlier, that command is "nicl" (short for Net Info Command Line). It is also
possible to create the user using the "Workgroup Manager" utility included with
OS X Server. To obtain Workgroup Manager for the OS X Client, download the
"Server Admin Tools" from Apple. For example, for Mac OS X 10.6, the admin tools
can be found at:
http://support.apple.com/downloads/Server_Admin_Tools_10_6
Shell commands::
sudo dscl . -create /Users/aegir NFSHomeDirectory /var/aegir
......
This diff is collapsed.
......@@ -35,6 +35,7 @@ To become aegir user you can issue this command::
Note that /bin/sh is an example. You may wish to instead use the shell of your
choice, i.e /bin/bash
A standard umask of 022 is assumed. This is the default on most systems.
Upgrade script
==============
......@@ -50,10 +51,19 @@ the bottom of this document before attempting to run the upgrade.sh script,
as the script will assume you have your system set up appropriately to
handle the upgrade process.
You can download and run the upgrade.sh script with the following.
You can download the upgrade.sh script with the following command.
Make sure you download it to somewhere that the aegir user can access in order
to execute it.
Shell commands::
wget -O upgrade.sh.txt 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=provision-0.4-rc1'
You may need to edit the script to set any variables that are different from the
defaults. Pay particular attention to the OLD_DRUPAL_DIR variable, as you may be
upgrading from a different release to the default here.
Shell commands::
wget -O upgrade.sh.txt 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=HEAD'
su -s /bin/sh aegir -c "sh upgrade.sh.txt aegir.example.com"
Remember to replace aegir.example.com with the domain of your Aegir installation.
......@@ -76,20 +86,20 @@ you are reading this document.
Shell commands::
export AEGIR_VERSION=HEAD
export AEGIR_DIR=/var/aegir
export DRUPAL_DIR=$AEGIR_DIR/hostmaster-$AEGIR_VERSION
export AEGIR_VERSION=0.4-rc1
export AEGIR_HOME="$HOME"
export DRUPAL_DIR=$AEGIR_HOME/hostmaster-$AEGIR_VERSION
export DRUSH_VERSION=6.x-3.3
export DRUSH_MAKE_VERSION=6.x-2.0-beta9
export DRUSH_MAKE_VERSION=6.x-2.0-beta11
export AEGIR_DOMAIN=aegir.example.com
export OLD_DRUPAL_DIR=$AEGIR_DIR/hostmaster-0.4-alpha9
export OLD_DRUPAL_DIR=$AEGIR_HOME/hostmaster-0.4-beta2
This document also assumes drush is installed properly and we use an
environment variable to simplify the documentation again.
Shell commands::
export DRUSH="php $AEGIR_DIR/drush/drush.php"
export DRUSH="php $AEGIR_HOME/drush/drush.php"
Generic upgrade instructions
============================
......@@ -124,7 +134,7 @@ frontend.
Shell commands::
cd $AEGIR_DIR
cd $AEGIR_HOME
mv drush drush.bak
wget http://ftp.drupal.org/files/projects/drush-$DRUSH_VERSION.tar.gz
gunzip -c drush-$DRUSH_VERSION.tar.gz | tar -xf -
......@@ -157,7 +167,6 @@ releases to the latest applicable versions.
Once you have upgraded the backend, and you have installed drush_make you will
need to run the hostmaster migrate command.
Shell commands::
cd $OLD_DRUPAL_DIR
......@@ -175,6 +184,11 @@ will be halted as it is necessary for the task queue to be processed.
The command above will fetch the latest stable Drupal release, so it can
simply be run again when a new security release of Drupal is made available.
If you have customized your Aegir installation and are maintaining your own
makefile, you can use the --makefile flag so the platform is created with
another makefile than the default. Be warned that this may create problems if
the makefile doesn't include the right Aegir modules.
Version-specific upgrade notes
==============================
......@@ -221,7 +235,7 @@ Finally, set an $AEGIR_IP environment variable for use in the Database
configuration step below.
Shell commands as root::
AEGIR_IP=`resolveip $AEGIR_HOST`
AEGIR_IP=`resolveip $AEGIR_HOST | awk {'print $6'}`
0.4 - unzip dependency
----------------------
......@@ -264,8 +278,8 @@ You need to re-use the pasword you had for the account before.
Shell commands::
mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@$AEGIR_HOST IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@$AEGIR_IP IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@'$AEGIR_HOST' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@'$AEGIR_IP' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
0.4 - Apache configuration
......@@ -278,8 +292,7 @@ and a single apache.conf. The vhost.d directory is for virtual hosts,
platform.d is for platform-specific configuration and apache.conf is the
server-wide configuration file.
After you have completed the migration process as outlined above,
you will need to change the line you added to either the httpd.conf file
You will need to change the line you added to either the httpd.conf file
or /etc/apache2/conf.d/aegir file during installation.
Open your httpd.conf file and modify::
......@@ -290,11 +303,11 @@ To read ::
Include /var/aegir/config/apache.conf
If you are upgrading from 0.4 releases between alpha8 and alpha14, you will
need to rename your conf.d directory to post.d in Apache and pre.d in
If you are upgrading from 0.4 releases between alpha8 and (including) alpha14,
you will need to rename your conf.d directory to post.d in Apache and pre.d in
Nginx. Example, in Apache::
mv /var/aegir/config/server_master/apache/{conf.d,post.d}
Now log into Aegir, and verify the hostmaster platform. This will generate
the correct apache.conf file and restart apache.
the correct apache.conf file and restart Apache.
<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
<VirtualHost <?php print "{$ip_address}:{$http_ssl_port}"; ?>>
<?php if ($this->site_mail) : ?>
ServerAdmin <?php print $this->site_mail; ?>
<?php endif;?>
DocumentRoot <?php print $this->root; ?>
ServerName <?php print $this->uri; ?>
# Enable SSL handling.
SSLEngine on
SSLCertificateFile <?php print $ssl_cert; ?>
SSLCertificateKeyFile <?php print $ssl_cert_key; ?>
<?php
if (sizeof($this->aliases)) {
print "\n ServerAlias " . implode("\n ServerAlias ", $this->aliases) . "\n";
}
?>
RewriteEngine on
# the ? at the end is to remove any query string in the original url
RewriteRule ^(.*)$ <?php print $this->platform->server->web_disable_url . '/' . $this->uri ?>?
</VirtualHost>
<?php endif; ?>
<?php
include('http/apache/vhost_disabled.tpl.php');
?>
......@@ -104,8 +104,8 @@ class provisionService_http_public extends provisionService_http {
// Redirection urls
$this->server->setProperty('web_disable_url', $this->server->master_url .'/hosting/disabled');
$this->server->setProperty('web_maintenance_url', $this->server->master_url .'/hosting/maintenance');
$this->server->web_disable_url = rtrim($this->server->master_url, '/') .'/hosting/disabled';
$this->server->web_maintenance_url = rtrim($this->server->master_url, '/') .'/hosting/maintenance';
if (!is_null($this->application_name)) {
......@@ -114,6 +114,7 @@ class provisionService_http_public extends provisionService_http {
$this->server->http_postd_path = "{$app_dir}/post.d";
$this->server->http_platformd_path = "{$app_dir}/platform.d";
$this->server->http_vhostd_path = "{$app_dir}/vhost.d";
$this->server->http_platforms_path = "{$this->server->aegir_root}/platforms";
}
}
......@@ -142,7 +143,12 @@ class provisionService_http_public extends provisionService_http {
provision_file()->create_dir($this->server->http_vhostd_path , dt("Webserver virtual host configuration"), 0700);
$this->sync($this->server->http_vhostd_path, array(
'exclude' => $this->server->http_vhostd_path . '/*', // Make sure remote directory is created
));
));
provision_file()->create_dir($this->server->http_platforms_path, dt("Platforms"), 0755);
$this->sync($this->server->http_platforms_path, array(
'exclude' => $this->server->http_platforms_path . '/*', // Make sure remote directory is created
));
}
parent::verify_server_cmd();
......
This diff is collapsed.
......@@ -22,8 +22,9 @@ class provisionService_http_nginx extends provisionService_http_public {
$this->server->shell_exec('nginx -V');
$this->server->nginx_has_gzip = preg_match("/(with-http_gzip_static_module)/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_upload_progress = preg_match("/(nginx-upload-progress-module)/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_new_version = preg_match("/(nginx\/0\.8\.)/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_new_version = preg_match("/(Barracuda\/0\.9\.)/", implode('', drush_shell_exec_output()), $match);
$this->server->provision_db_cloaking = FALSE;
$this->server->nginx_web_server = 1;
}
function verify_server_cmd() {
......
This diff is collapsed.
......@@ -25,26 +25,54 @@
fastcgi_param REDIRECT_STATUS 200;
fastcgi_index index.php;
## Default index files
index index.php index.html;
## Size Limits
client_body_buffer_size 64k;
client_header_buffer_size 32k;
client_max_body_size 50m;
client_max_body_size 100m;
large_client_header_buffers 32 32k;
connection_pool_size 256;
request_pool_size 4k;
server_names_hash_bucket_size 128;
server_names_hash_bucket_size 512;
server_names_hash_max_size 8192;
types_hash_max_size 8192;
types_hash_bucket_size 128;
types_hash_bucket_size 512;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
## Timeouts
client_body_timeout 60;
client_header_timeout 60;
send_timeout 60;
lingering_time 30;
lingering_timeout 5;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
## Open File Performance
open_file_cache max=8000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 3;
open_file_cache_errors on;
## FastCGI Caching
fastcgi_cache_path /var/lib/nginx/speed
levels=2:2:2
keys_zone=speed:50m
inactive=8h
max_size=1g;
## General Options
ignore_invalid_headers on;
limit_zone gulag $binary_remote_addr 10m;
recursive_error_pages on;
reset_timedout_connection on;
fastcgi_intercept_errors on;
## TCP options
tcp_nopush on;
......@@ -55,19 +83,21 @@
## Compression
gzip_buffers 16 8k;
gzip_comp_level 9;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_min_length 10;
gzip_types text/plain text/css image/png image/gif image/jpeg application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.";
<?php
if ($server->nginx_has_gzip) {
print ' gzip_static on\;';
<?php
$nginx_has_gzip = drush_get_option('nginx_has_gzip');
if ($nginx_has_gzip) {
print " gzip_static on;\n";
}
if ($server->nginx_has_upload_progress) {
print ' upload_progress uploads 1m\;';
$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($nginx_has_upload_progress) {
print " upload_progress uploads 1m;\n";
}
?>
......
server {
<?php
print " include " . $server->include_path . "/fastcgi_params.conf;\n";
<?php
if ($ssl_redirection || $this->redirection) {
// Redirect all aliases to the main http url using separate vhosts blocks to avoid if{} in Nginx.
foreach ($this->aliases as $alias_url) {
print "server {\n";
print " listen {$ip_address}:{$http_port};\n";
print " server_name {$alias_url};\n";
print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
print "}\n";
}
}
?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print $ip_address . ':' . $http_port; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root <?php print $this->root; ?>;
index index.php index.html;
server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print "{$this->root}"; ?>;
<?php
$nginx_has_new_version = drush_get_option('nginx_has_new_version');
$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($this->redirection || $ssl_redirection) {
if ($ssl_redirection && !$this->redirection) {
// redirect aliases in non-ssl to the same alias on ssl.
print "\n rewrite ^/(.*)$ https://\$host/$1 permanent;\n";
print "\n rewrite ^ https://\$host\$request_uri? permanent;\n";
}
elseif ($ssl_redirection && $this->redirection) {
// redirect all aliases + main uri to the main https uri.
print "\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n";
print "\n rewrite ^ https://{$this->uri}\$request_uri? permanent;\n";
}
elseif (!$ssl_redirection && $this->redirection) {
// Redirect all aliases to the main http url.
print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ http://{$this->uri}/$1 permanent;\n }\n";
if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
......
server {
listen <?php print $ip_address . ':' . $http_port; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root <?php print $this->root; ?>;
index index.php index.html;
location / {
root /var/www/nginx-default;
index index.html index.htm;
rewrite ^/(.*)$ <?php print $this->platform->server->web_disable_url . '/' . $this->uri ?>? permanent;
}
root /var/www/nginx-default;
index index.html index.htm;
### Dont't reveal Aegir front-end URL here.
}
<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
server {
<?php
print " include " . $server->include_path . "/fastcgi_ssl_params.conf;\n";
<?php
if ($this->redirection) {
// Redirect all aliases to the main https url using separate vhosts blocks to avoid if{} in Nginx.
foreach ($this->aliases as $alias_url) {
print "server {\n";
print " listen {$ip_address}:{$http_ssl_port};\n";
print " server_name {$alias_url};\n";
print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
print "}\n";
}
}
?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root <?php print $this->root; ?>;
index index.php index.html;
server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
root <?php print "{$this->root}"; ?>;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
<?php
if ($this->redirection) {
// Redirect all aliases to the main https url.
print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n }\n";
}
if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) {
$nginx_has_new_version = drush_get_option('nginx_has_new_version');
$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($nginx_has_new_version || $nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
else {
......
<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
server {
include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
root /var/www/nginx-default;
index index.html index.htm;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
### Dont't reveal Aegir front-end URL here.
}
<?php endif; ?>
<?php
// Generate the standard virtual host too.
include('http/nginx/vhost_disabled.tpl.php');
?>
......@@ -4,36 +4,147 @@
* @file install the hostmaster system
*/
function drush_provision_hostmaster_install($site = NULL) {
function drush_provision_hostmaster_install_validate($site = NULL) {
// set defaults for this whole script
// those are settings that are not prompted to the user but still overridable
drush_set_default('version', provision_version());
$version = drush_get_option('version');
$aegir_root = drush_set_default('aegir_root', drush_server_home());
drush_set_default('root', $aegir_root . '/' . 'hostmaster-' . $version);
drush_set_default('r', drush_get_option('root'));
drush_set_default('script_user', provision_current_user());
drush_set_default('web_group', _provision_default_web_group());
drush_set_default('http_service_type', 'apache');
drush_set_default('drush_make_version', '6.x-2.0-beta11');
drush_set_default('aegir_db_user', 'root');
$aegir_db_user = drush_get_option('aegir_db_user');
drush_set_default('makefile', $aegir_root . '/.drush/provision/aegir.make');
drush_print("Aegir $version automated install script");
drush_print("==============================================================================");
if (!$site || !drush_get_option('aegir_host', NULL) || !drush_get_option('aegir_db_pass', NULL) || filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) {
drush_print("Some settings have not been provided and will now be prompted.
Don't worry: you will get to review those settings after the final install");
}
// now we prompt the user for settings if not provided or not sane
if (!$site) {
$site = drush_prompt(dt("Aegir domain name"), "aegir.example.com");
$site = drush_prompt(dt("Aegir frontend URL"), provision_fqdn());
}
drush_set_option('site', $site);
drush_set_default('aegir_host', provision_fqdn());
drush_set_default('aegir_db_host', 'localhost');
if (is_null(drush_get_option('aegir_db_pass', NULL))) {
// XXX: may not be portable everywhere?
system('stty -echo');
drush_set_option('aegir_db_pass', drush_prompt(dt('MySQL privileged user ("!root") password', array('!root' => $aegir_db_user))));
system('stty echo');
print "\n"; // add a newline since the user's didn't print
}
if (drush_get_option('aegir_host') == 'localhost') {
$default_email = 'webmaster@example.com';
} else {
$default_email = 'webmaster@' . drush_get_option('aegir_host');
}
while (!filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) {
$client_email = drush_prompt(dt("Admin user e-mail"), $default_email);
drush_set_option('client_email', $client_email);
}
$version = drush_get_option('version', 'HEAD');
$aegir_root = drush_get_option('aegir_root', drush_server_home());
$platform = drush_get_option(array('r', 'root'), $aegir_root . '/' . 'hostmaster-' . $version);
drush_print(dt('
This script will operate the following changes in your system:
1. Create server-level configuration directories
2. Download drush_make
3. Create the Hostmaster frontend platform
4. Install the frontend site
5. Setup the dispatcher (a user cron job)
We are making the following assumptions:
* you have read INSTALL.txt and prepared the platform accordingly
* the FQDN of this machine is valid and resolves
* you are executing this script as your "aegir" user
The following settings will be used:
Aegir frontend URL: !site
Master server FQDN: !fqdn
Aegir root: !home
Aegir user: !user
Web group: !web
Web server: !web_server
Aegir DB host: !db_host
Aegir DB user: !db_user
Aegir DB password: !db_pass
Drush make version: !drush_make
Aegir version: !version
Aegir platform path: !root
Aegir makefile: !makefile
Client email: !email
', array('!site' => $site,
'!fqdn' => drush_get_option('aegir_host'),
'!home' => drush_get_option('aegir_root'),
'!user' => drush_get_option('script_user'),
'!web' => drush_get_option('web_group'),
'!web_server' => drush_get_option('http_service_type'),
'!db_host' => drush_get_option('aegir_db_host'),
'!db_user' => drush_get_option('aegir_db_user'),
'!db_pass' => is_null(drush_get_option('aegir_db_pass', NULL, 'process')) ? '<previously set>' : '<prompted>',
'!drush_make' => drush_get_option('drush_make_version'),
'!version' => drush_get_option('version'),
'!root' => drush_get_option(array('r', 'root')),
'!makefile' => drush_get_option('makefile'),
'!email' => drush_get_option('client_email'),
)));
if (!drush_confirm(dt('Do you really want to proceed with the install'))) {
return drush_set_error('PROVISION_CANCEL_INSTALL', dt('Installation aborted by user'));
}
$aegir_host = drush_get_option('aegir_host', php_uname('n'), 'options');
$aegir_db_pass = drush_get_option('aegir_db_pass', 'pass', 'options');
$aegir_db_user = drush_get_option('aegir_db_user', 'aegir_root', 'options');
$master_db = sprintf("mysql://%s:%s@%s",$aegir_db_user, $aegir_db_pass, $aegir_host);
return TRUE;
}
// TODO: support creation of an external db server
function drush_provision_hostmaster_install($site = NULL) {