From 644d86b33bf256bfd9436c48e1eec9e85bd21188 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 20 Mar 2019 21:59:56 +0100 Subject: [PATCH] update migration script --- install | 262 ++++++++++++++++--------------- wo/cli/plugins/site_functions.py | 15 +- wo/cli/plugins/stack.py | 42 +++-- 3 files changed, 159 insertions(+), 160 deletions(-) diff --git a/install b/install index 0e3814f..f289f30 100644 --- a/install +++ b/install @@ -10,7 +10,7 @@ # Version 3.9.4 - 2019-03-15 # ------------------------------------------------------------------------- readonly wo_version_old="2.2.3" -readonly wo_version_new="3.9.4.1" +readonly wo_version_new="3.9.4.2" # CONTENTS # --- # 1. VARIABLES AND DECLARATIONS @@ -28,19 +28,19 @@ TPUT_INFO=$(tput setaf 7) TPUT_ECHO=$(tput setaf 4) wo_lib_echo () { - - echo "${*}${TPUT_RESET}" + + echo "${TPUT_ECHO}${*}${TPUT_RESET}" } wo_lib_echo_info() { - + echo "${TPUT_INFO}${*}${TPUT_RESET}" } wo_lib_echo_fail() { - + echo "${TPUT_FAIL}${*}${TPUT_RESET}" } @@ -71,7 +71,7 @@ echo "" # 1- Update the apt sewers with fresh info ### wo_lib_echo "Updating apt-get repository info" -apt-get update &>> /dev/null +apt-get update -qq &>> /dev/null ### # 1- Check whether lsb_release is installed, and if not, install it @@ -91,7 +91,7 @@ readonly wo_linux_distro=$(lsb_release -is) readonly wo_distro_version=$(lsb_release -sc) readonly wo_distro_id=$(lsb_release -rs) -if [ -x /usr/loca/bin/ee ]; then +if [ -x /usr/local/bin/ee ]; then migration=1 else migration=0 @@ -116,13 +116,13 @@ fi ### # 1 - To prevent errors or unexpected behaviour, create the log and ACL it ### -if [ ! -d $wo_log_dir ]; then - +if [ ! -d "$wo_log_dir" ]; then + wo_lib_echo "Creating WordOps log directory, just a second..." - mkdir -p $wo_log_dir || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $? - + mkdir -p "$wo_log_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $? + touch /var/log/wo/{wordops.log,install.log} - + chmod -R 700 /var/log/wo || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $? fi @@ -131,15 +131,15 @@ fi #### wo_install_dep() { - + { if [ "$wo_linux_distro" == "Ubuntu" ]; then - DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze > /dev/null 2>&1 + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze rsync tree > /dev/null 2>&1 else wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze > /dev/null 2>&1 + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze rsync tree > /dev/null 2>&1 fi - + locale-gen en } >> /var/log/wo/install.log 2>&1 # Support PFS @@ -150,7 +150,7 @@ wo_install_dep() # Change the TLS protocols sed -i "s/ssl_protocols\ \(.*\);/ssl_protocols TLSv1.2;/" /etc/nginx/nginx.conf fi - + # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then mkdir -p /var/www/html/.well-known/acme-challenge @@ -169,23 +169,23 @@ wo_sync_db() if [ -f /var/lib/ee/ee.db ]; then # Create the WordOps folder mkdir -p /var/lib/wo - + # Backup the nginx directory tar -cvf - /etc/nginx /etc/ee /var/lib/ee | pigz -9 > /var/lib/wo/ee-backup.tgz - + # Copy the EasyEngine database cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db - + # Set the migration variable for the closing text migration=1 - + ### # Clean WO installation ### elif [ ! -d /var/lib/wo ]; then # Create the directory holding the WordOps database mkdir -p /var/lib/wo - + # Create an empty database for WordOps echo "CREATE TABLE sites ( id INTEGER PRIMARY KEY AUTOINCREMENT, @@ -205,12 +205,12 @@ wo_sync_db() is_hhvm INT INT DEFAULT '0', php_version VARCHAR );" | sqlite3 /var/lib/wo/dbase.db - + if [ -f /var/lib/wo/dbase-ee.db ]; then # Copy the main EasyEngine database over since we are migrating cp /var/lib/wo/dbase-ee.db /var/lib/wo/dbase.db fi - + # Check site is enable/live or disable cd /etc/nginx/sites-available || exit 1 for site in $(echo \* | grep -v default); @@ -220,10 +220,10 @@ wo_sync_db() else wo_site_status='0' fi - + # Acquire information about the current nginx configuration wo_site_current_type=$(head -n1 "/etc/nginx/sites-available/$site" | grep "NGINX CONFIGURATION" | rev | cut -d' ' -f3,4,5,6,7 | rev | cut -d ' ' -f2,3,4,5) - + # Sniff out the vhost type and cache configuration if [ "$wo_site_current_type" = "HTML" ]; then wo_site_current="html" @@ -234,7 +234,7 @@ wo_sync_db() elif [ "$wo_site_current_type" = "MYSQL" ]; then wo_site_current="mysql" wo_site_current_cache="basic" - + # Caching types on a single WordPress installation elif [ "$wo_site_current_type" = "WPSINGLE BASIC" ]; then wo_site_current="wp" @@ -245,7 +245,7 @@ wo_sync_db() elif [ "$wo_site_current_type" = "WPSINGLE FAST CGI" ] || [ "$wo_site_current_type" = "WPSINGLE FASTCGI" ]; then wo_site_current="wp" wo_site_current_cache="wpfc" - + # Caching types on a single, subdirectory WordPress installation elif [ "$wo_site_current_type" = "WPSUBDIR BASIC" ]; then wo_site_current="wpsubdir" @@ -256,7 +256,7 @@ wo_sync_db() elif [ "$wo_site_current_type" = "WPSUBDIR FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDIR FASTCGI" ]; then wo_site_current="wpsubdir" wo_site_current_cache="wpfc" - + # Caching types on a single, subdomain WordPress installation elif [ "$wo_site_current_type" = "WPSUBDOMAIN BASIC" ]; then wo_site_current="wpsubdomain" @@ -268,9 +268,9 @@ wo_sync_db() wo_site_current="wpsubdomain" wo_site_current_cache="wpfc" fi - + wo_webroot="/var/www/$site" - + # Import the configuration into the WordOps SQLite database echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db @@ -285,22 +285,22 @@ wo_sync_db() echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db fi - - + + echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db - + } # Once again, set the proper ACL on the WordOps configuration directory secure_wo_db() { - + # The owner is root chown -R root:root /var/lib/wo/ # Only allow access by root, block others chmod -R 600 /var/lib/wo/ - + } # Update the WP-CLI version @@ -350,13 +350,13 @@ wo_install_acme_sh() { --cert-home /etc/letsencrypt/renewal # enable auto-upgrade /etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --upgrade --auto-upgrade - + # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then mkdir -p /var/www/html/.well-known/acme-challenge chown -R www-data:www-data /var/www/html /var/www/html/.well-known fi - + } >> /var/log/wo/install.log 2>&1 fi } @@ -367,91 +367,104 @@ wo_install() { rm -rf /tmp/easyengine rm -rf /tmp/wordops - + [ -z "$wo_branch" ] && { wo_branch=master } - + git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet - + cd /tmp/wordops || exit 1 } >> /var/log/wo/install.log 2>&1; python3 setup.py install - - + + } wo_upgrade_nginx() { - # chec if the package nginx-ee is installed - CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) - CHECK_NGINX_VERSION=$(/usr/sbin/nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15) - if [ -n "$CHECK_NGINX_EE" ]; then - { - # add new Nginx repository - if [ "$wo_linux_distro" = "Ubuntu" ]; then - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_${wo_distro_id}/ /" >> /etc/apt/sources.list.d/wo-repo.list - wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key" + + { + # create backup directory + mkdir -p /var/lib/wo/backup + + # backup all sites available + /usr/bin/rsync -az /etc/nginx/ /var/lib/wo/backup/nginx/ + + # chec if the package nginx-ee is installed + CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) + CHECK_NGINX_WO=$(dpkg --list | grep nginx-wo) + CHECK_PHP72=$(dpkg --list | grep php7.2-fpm) + CHECK_PHP73=$(dpkg --list | grep php7.3-fpm) + + # add new Nginx repository + if [ "$wo_linux_distro" = "Ubuntu" ]; then + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_${wo_distro_id}/ /" >> /etc/apt/sources.list.d/wo-repo.list + wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key" + else + if [ "$wo_distro_version" == "jessie" ]; then + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list + wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key else - if [ "$wo_distro_version" == "jessie" ]; then - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list - wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key - else - echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list - wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key - fi + echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list + wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key fi - # prevent apt preference to block install - [ -f /etc/apt/preferences.d/nginx-block ] && { - mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block" - } - # import the respository key for updates - apt-key add - < /tmp/nginx-wo.key - rm -f /tmp/nginx-wo.key - sudo apt-get update - # stop nginx - service nginx stop - + fi + # prevent apt preference to block install + [ -f /etc/apt/preferences.d/nginx-block ] && { + mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block" + } + # import the respository key for updates + apt-key add - < /tmp/nginx-wo.key + rm -f /tmp/nginx-wo.key + sudo apt-get update + # stop nginx + service nginx stop + + if [ -n "$CHECK_NGINX_EE" ]; then # remove previous package apt-mark unhold nginx-ee nginx-common nginx-custom - apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom - # install new nginx package - if [ -x /usr/local/bin/wo ]; then - # backup nginx conf - cd /etc || exit 1 - tar -I pigz -cf backup-nginx.tar.gz nginx - cd || exit 1 - rm -f /etc/nginx/conf.d/{upstream.conf,redis.conf,fastcgi.conf} - rm -f /etc/nginx/common/{php72.conf,php73.conf,wpcommon-php72.conf,wpcommon-php73.conf,locations-php72.conf,locations-php73.conf,redis-php72.conf,redis-php73.conf,wpfc-php72.conf,wpfc-php73.conf,wpsc-php72.conf,wpsc-php73.conf} - rm -f /etc/nginx/*.default - /usr/local/bin/wo stack install - else - DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confnew" -y install nginx-custom nginx-wo - fi - # set back apt preference - [ -f "$HOME/nginx-block" ] && { - mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block - } - # update nginx headers and ssl_ciphers - if [ -f /etc/nginx/nginx.conf ]; then - sed -i "s/.*X-Powered-By.*/\tadd_header X-Powered-By \"WordOps $wo_version_new\";/" /etc/nginx/nginx.conf &>> /dev/null - new_ciphers="EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES" - sed -i "s/ssl_ciphers\ \(\"\|.\|'\)\(.*\)\(\"\|.\|'\);/ssl_ciphers \"$new_ciphers\";/" /etc/nginx/nginx.conf - fi - # update redis.conf headers - if [ -f /etc/nginx/common/redis.conf ]; then - sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null - sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null - fi - systemctl enable nginx - systemctl restart nginx - } >> /var/log/wo/install.log 2>&1 - fi + apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom --purge + elif [ -n "$CHECK_NGINX_WO" ]; then + apt-mark unhold nginx-wo nginx-common nginx-custom + apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge + fi + # remove previous php-fpm pool configuration + if [ -n "$CHECK_PHP72" ]; then + apt-get remove php7.2-fpm -y -qq --purge + rm -f /etc/php/7.2/fpm/pool.d/* + fi + if [ -n "$CHECK_PHP73" ]; then + apt-get remove php7.3-fpm -y -qq --purge + rm -f /etc/php/7.3/fpm/pool.d/* + fi + + # install new nginx package + if [ -x /usr/local/bin/wo ]; then + /usr/local/bin/wo stack install --nginx --php --php73 + fi + + # restore sites and configuration + /usr/bin/rsync -auz /var/lib/wo/backup/nginx/ /etc/nginx/ + + # set back apt preference + [ -f "$HOME/nginx-block" ] && { + mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block + } + # update redis.conf headers + if [ -f /etc/nginx/common/redis.conf ]; then + sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null + sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null + fi + systemctl enable nginx + systemctl restart nginx + } >> /var/log/wo/install.log 2>&1 + } wo_update_latest() { - + if [ -f /etc/nginx/fastcgi_params ] then grep -q 'HTTP_PROXY' /etc/nginx/fastcgi_params @@ -461,7 +474,7 @@ wo_update_latest() service nginx restart &>> /dev/null fi fi - + if [ -f /etc/ImageMagick/policy.xml ] then if [ ! -f /etc/ImageMagick/patch.txt ] @@ -470,40 +483,33 @@ wo_update_latest() sed -i '//r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml fi fi - + # Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf - if [ ! -f /etc/mysql/conf.d/my.cnf ] - then + if [ ! -f /etc/mysql/conf.d/my.cnf ]; then # create conf.d folder if not exist - if [ ! -d /etc/mysql/conf.d ]; then + [ ! -d /etc/mysql/conf.d ] && { mkdir -p /etc/mysql/conf.d chmod 755 /etc/mysql/conf.d - fi - if [ -d /etc/mysql/conf.d ] - then - if [ -f ~/.my.cnf ] - then - cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null - chmod 600 /etc/mysql/conf.d/my.cnf - else - if [ -f /root/.my.cnf ] - then - cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null - chmod 600 /etc/mysql/conf.d/my.cnf - else - wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..." - fi - fi + } + if [ -f $HOME/.my.cnf ]; then + cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null + chmod 600 /etc/mysql/conf.d/my.cnf + + elif [ -f /root/.my.cnf ]; then + cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null + chmod 600 /etc/mysql/conf.d/my.cnf + else + wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..." fi fi - + # Fix WordPress example.html issue # Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users dpkg --get-selections | grep -v deinstall | grep nginx &>> /dev/null if [ $? -eq 0 ]; then cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations-php72.conf &>> /dev/null fi - + # Fix Redis-server security issue # http://redis.io/topics/security if [ -f /etc/redis/redis.conf ]; then @@ -513,7 +519,7 @@ wo_update_latest() service redis-server restart &>> /dev/null fi fi - + } # Do git intialisation diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 05c90b4..f15401b 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -294,14 +294,14 @@ def setupwordpress(self, data): if not data['multisite']: Log.debug(self, "Generating wp-config for WordPress Single site") Log.debug(self, "bash -c \"php {0} --allow-root " - .format(WOVariables.wo_wpcli_path) - + "core config " - + "--dbname=\'{0}\' --dbprefix=\'{1}\' --dbuser=\'{2}\' " + .format(WOVariables.wo_wpcli_path) + + "core config " + + "--dbname=\'{0}\' --dbprefix=\'{1}\' --dbuser=\'{2}\' " "--dbhost=\'{3}\' " .format(data['wo_db_name'], wo_wp_prefix, - data['wo_db_user'], data['wo_db_host']) - + "--dbpass=\'{0}\' " - "--extra-php<