Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update migration script

Browse Source
This commit is contained in:
VirtuBox
2019-03-20 21:59:56 +01:00
parent 8618b32f29
commit 644d86b33b
3 changed files with 159 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
install
View File

@@ -10,7 +10,7 @@
# Version 3.9.4 - 2019-03-15
# -------------------------------------------------------------------------
readonly wo_version_old="2.2.3"
readonly wo_version_new="3.9.4.1"
readonly wo_version_new="3.9.4.2"
# CONTENTS
# ---
# 1. VARIABLES AND DECLARATIONS
@@ -28,19 +28,19 @@ TPUT_INFO=$(tput setaf 7)
TPUT_ECHO=$(tput setaf 4)
wo_lib_echo () {
echo "${*}${TPUT_RESET}"
echo "${TPUT_ECHO}${*}${TPUT_RESET}"
}
wo_lib_echo_info()
{
echo "${TPUT_INFO}${*}${TPUT_RESET}"
}
wo_lib_echo_fail()
{
echo "${TPUT_FAIL}${*}${TPUT_RESET}"
}
@@ -71,7 +71,7 @@ echo ""
# 1- Update the apt sewers with fresh info
###
wo_lib_echo "Updating apt-get repository info"
apt-get update &>> /dev/null
apt-get update -qq &>> /dev/null
###
# 1- Check whether lsb_release is installed, and if not, install it
@@ -91,7 +91,7 @@ readonly wo_linux_distro=$(lsb_release -is)
readonly wo_distro_version=$(lsb_release -sc)
readonly wo_distro_id=$(lsb_release -rs)
if [ -x /usr/loca/bin/ee ]; then
if [ -x /usr/local/bin/ee ]; then
migration=1
else
migration=0
@@ -116,13 +116,13 @@ fi
###
# 1 - To prevent errors or unexpected behaviour, create the log and ACL it
###
if [ ! -d $wo_log_dir ]; then
if [ ! -d "$wo_log_dir" ]; then
wo_lib_echo "Creating WordOps log directory, just a second..."
mkdir -p $wo_log_dir || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $?
mkdir -p "$wo_log_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $?
touch /var/log/wo/{wordops.log,install.log}
chmod -R 700 /var/log/wo || wo_lib_error "Whoops, there was an error setting the permissions on the WordOps log folder, exit status " $?
fi
@@ -131,15 +131,15 @@ fi
####
wo_install_dep()
{
{
if [ "$wo_linux_distro" == "Ubuntu" ]; then
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze > /dev/null 2>&1
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip python3 python3-apt python3-setuptools python3-dev sqlite3 git tar software-properties-common pigz gnupg2 fail2ban cron ccze rsync tree > /dev/null 2>&1
else
wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze > /dev/null 2>&1
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confold" -y install build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-dev ca-certificates sqlite3 git tar software-properties-common pigz apt-transport-https gnupg2 fail2ban cron ccze rsync tree > /dev/null 2>&1
fi
locale-gen en
} >> /var/log/wo/install.log 2>&1
# Support PFS
@@ -150,7 +150,7 @@ wo_install_dep()
# Change the TLS protocols
sed -i "s/ssl_protocols\ \(.*\);/ssl_protocols TLSv1.2;/" /etc/nginx/nginx.conf
fi
# Let's Encrypt .well-known folder setup
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
mkdir -p /var/www/html/.well-known/acme-challenge
@@ -169,23 +169,23 @@ wo_sync_db()
if [ -f /var/lib/ee/ee.db ]; then
# Create the WordOps folder
mkdir -p /var/lib/wo
# Backup the nginx directory
tar -cvf - /etc/nginx /etc/ee /var/lib/ee | pigz -9 > /var/lib/wo/ee-backup.tgz
# Copy the EasyEngine database
cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db
# Set the migration variable for the closing text
migration=1
###
# Clean WO installation
###
elif [ ! -d /var/lib/wo ]; then
# Create the directory holding the WordOps database
mkdir -p /var/lib/wo
# Create an empty database for WordOps
echo "CREATE TABLE sites (
id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -205,12 +205,12 @@ wo_sync_db()
is_hhvm INT INT DEFAULT '0',
php_version VARCHAR
);" | sqlite3 /var/lib/wo/dbase.db
if [ -f /var/lib/wo/dbase-ee.db ]; then
# Copy the main EasyEngine database over since we are migrating
cp /var/lib/wo/dbase-ee.db /var/lib/wo/dbase.db
fi
# Check site is enable/live or disable
cd /etc/nginx/sites-available || exit 1
for site in $(echo \* | grep -v default);
@@ -220,10 +220,10 @@ wo_sync_db()
else
wo_site_status='0'
fi
# Acquire information about the current nginx configuration
wo_site_current_type=$(head -n1 "/etc/nginx/sites-available/$site" | grep "NGINX CONFIGURATION" | rev | cut -d' ' -f3,4,5,6,7 | rev | cut -d ' ' -f2,3,4,5)
# Sniff out the vhost type and cache configuration
if [ "$wo_site_current_type" = "HTML" ]; then
wo_site_current="html"
@@ -234,7 +234,7 @@ wo_sync_db()
elif [ "$wo_site_current_type" = "MYSQL" ]; then
wo_site_current="mysql"
wo_site_current_cache="basic"
# Caching types on a single WordPress installation
elif [ "$wo_site_current_type" = "WPSINGLE BASIC" ]; then
wo_site_current="wp"
@@ -245,7 +245,7 @@ wo_sync_db()
elif [ "$wo_site_current_type" = "WPSINGLE FAST CGI" ] || [ "$wo_site_current_type" = "WPSINGLE FASTCGI" ]; then
wo_site_current="wp"
wo_site_current_cache="wpfc"
# Caching types on a single, subdirectory WordPress installation
elif [ "$wo_site_current_type" = "WPSUBDIR BASIC" ]; then
wo_site_current="wpsubdir"
@@ -256,7 +256,7 @@ wo_sync_db()
elif [ "$wo_site_current_type" = "WPSUBDIR FAST CGI" ] || [ "$wo_site_current_type" = "WPSUBDIR FASTCGI" ]; then
wo_site_current="wpsubdir"
wo_site_current_cache="wpfc"
# Caching types on a single, subdomain WordPress installation
elif [ "$wo_site_current_type" = "WPSUBDOMAIN BASIC" ]; then
wo_site_current="wpsubdomain"
@@ -268,9 +268,9 @@ wo_sync_db()
wo_site_current="wpsubdomain"
wo_site_current_cache="wpfc"
fi
wo_webroot="/var/www/$site"
# Import the configuration into the WordOps SQLite database
echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db)
VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db
@@ -285,22 +285,22 @@ wo_sync_db()
echo "ALTER TABLE sites ADD COLUMN is_hhvm INT DEFAULT '0';" | sqlite3 /var/lib/wo/dbase.db
echo "ALTER TABLE sites ADD COLUMN php_version varchar DEFAULT \"$wo_php_version\";" | sqlite3 /var/lib/wo/dbase.db
fi
echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db
echo "UPDATE sites SET php_version = REPLACE(php_version, '7.0', '7.3');" | sqlite3 /var/lib/wo/dbase.db
}
# Once again, set the proper ACL on the WordOps configuration directory
secure_wo_db()
{
# The owner is root
chown -R root:root /var/lib/wo/
# Only allow access by root, block others
chmod -R 600 /var/lib/wo/
}
# Update the WP-CLI version
@@ -350,13 +350,13 @@ wo_install_acme_sh() {
--cert-home /etc/letsencrypt/renewal
# enable auto-upgrade
/etc/letsencrypt/acme.sh --config-home /etc/letsencrypt/config --upgrade --auto-upgrade
# Let's Encrypt .well-known folder setup
if [ ! -d /var/www/html/.well-known/acme-challenge ]; then
mkdir -p /var/www/html/.well-known/acme-challenge
chown -R www-data:www-data /var/www/html /var/www/html/.well-known
fi
} >> /var/log/wo/install.log 2>&1
fi
}
@@ -367,91 +367,104 @@ wo_install()
{
rm -rf /tmp/easyengine
rm -rf /tmp/wordops
[ -z "$wo_branch" ] && {
wo_branch=master
}
git clone -b "$wo_branch" https://github.com/WordOps/WordOps.git /tmp/wordops --quiet
cd /tmp/wordops || exit 1
} >> /var/log/wo/install.log 2>&1;
python3 setup.py install
}
wo_upgrade_nginx()
{
# chec if the package nginx-ee is installed
CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee)
CHECK_NGINX_VERSION=$(/usr/sbin/nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15)
if [ -n "$CHECK_NGINX_EE" ]; then
{
# add new Nginx repository
if [ "$wo_linux_distro" = "Ubuntu" ]; then
echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_${wo_distro_id}/ /" >> /etc/apt/sources.list.d/wo-repo.list
wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key"
{
# create backup directory
mkdir -p /var/lib/wo/backup
# backup all sites available
/usr/bin/rsync -az /etc/nginx/ /var/lib/wo/backup/nginx/
# chec if the package nginx-ee is installed
CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee)
CHECK_NGINX_WO=$(dpkg --list | grep nginx-wo)
CHECK_PHP72=$(dpkg --list | grep php7.2-fpm)
CHECK_PHP73=$(dpkg --list | grep php7.3-fpm)
# add new Nginx repository
if [ "$wo_linux_distro" = "Ubuntu" ]; then
echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/xUbuntu_${wo_distro_id}/ /" >> /etc/apt/sources.list.d/wo-repo.list
wget -qO /tmp/nginx-wo.key "https://download.opensuse.org/repositories/home:virtubox:WordOps/xUbuntu_${wo_distro_id}/Release.key"
else
if [ "$wo_distro_version" == "jessie" ]; then
echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list
wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key
else
if [ "$wo_distro_version" == "jessie" ]; then
echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_8.0/ /" >> /etc/apt/sources.list.d/wo-repo.list
wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key
else
echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list
wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key
fi
echo "deb http://download.opensuse.org/repositories/home:/virtubox:/WordOps/Debian_9.0/ /" >> /etc/apt/sources.list.d/wo-repo.list
wget -qO /tmp/nginx-wo.key https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key
fi
# prevent apt preference to block install
[ -f /etc/apt/preferences.d/nginx-block ] && {
mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block"
}
# import the respository key for updates
apt-key add - < /tmp/nginx-wo.key
rm -f /tmp/nginx-wo.key
sudo apt-get update
# stop nginx
service nginx stop
fi
# prevent apt preference to block install
[ -f /etc/apt/preferences.d/nginx-block ] && {
mv /etc/apt/preferences.d/nginx-block "$HOME/nginx-block"
}
# import the respository key for updates
apt-key add - < /tmp/nginx-wo.key
rm -f /tmp/nginx-wo.key
sudo apt-get update
# stop nginx
service nginx stop
if [ -n "$CHECK_NGINX_EE" ]; then
# remove previous package
apt-mark unhold nginx-ee nginx-common nginx-custom
apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom
# install new nginx package
if [ -x /usr/local/bin/wo ]; then
# backup nginx conf
cd /etc || exit 1
tar -I pigz -cf backup-nginx.tar.gz nginx
cd || exit 1
rm -f /etc/nginx/conf.d/{upstream.conf,redis.conf,fastcgi.conf}
rm -f /etc/nginx/common/{php72.conf,php73.conf,wpcommon-php72.conf,wpcommon-php73.conf,locations-php72.conf,locations-php73.conf,redis-php72.conf,redis-php73.conf,wpfc-php72.conf,wpfc-php73.conf,wpsc-php72.conf,wpsc-php73.conf}
rm -f /etc/nginx/*.default
/usr/local/bin/wo stack install
else
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confmiss" -o Dpkg::Options::="--force-confnew" -y install nginx-custom nginx-wo
fi
# set back apt preference
[ -f "$HOME/nginx-block" ] && {
mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block
}
# update nginx headers and ssl_ciphers
if [ -f /etc/nginx/nginx.conf ]; then
sed -i "s/.*X-Powered-By.*/\tadd_header X-Powered-By \"WordOps $wo_version_new\";/" /etc/nginx/nginx.conf &>> /dev/null
new_ciphers="EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES"
sed -i "s/ssl_ciphers\ \(\"\|.\|'\)\(.*\)\(\"\|.\|'\);/ssl_ciphers \"$new_ciphers\";/" /etc/nginx/nginx.conf
fi
# update redis.conf headers
if [ -f /etc/nginx/common/redis.conf ]; then
sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
fi
systemctl enable nginx
systemctl restart nginx
} >> /var/log/wo/install.log 2>&1
fi
apt-get -y -qq autoremove nginx-ee nginx-common nginx-custom --purge
elif [ -n "$CHECK_NGINX_WO" ]; then
apt-mark unhold nginx-wo nginx-common nginx-custom
apt-get -y -qq autoremove nginx-wo nginx-common nginx-custom --purge
fi
# remove previous php-fpm pool configuration
if [ -n "$CHECK_PHP72" ]; then
apt-get remove php7.2-fpm -y -qq --purge
rm -f /etc/php/7.2/fpm/pool.d/*
fi
if [ -n "$CHECK_PHP73" ]; then
apt-get remove php7.3-fpm -y -qq --purge
rm -f /etc/php/7.3/fpm/pool.d/*
fi
# install new nginx package
if [ -x /usr/local/bin/wo ]; then
/usr/local/bin/wo stack install --nginx --php --php73
fi
# restore sites and configuration
/usr/bin/rsync -auz /var/lib/wo/backup/nginx/ /etc/nginx/
# set back apt preference
[ -f "$HOME/nginx-block" ] && {
mv "$HOME/nginx-block" /etc/apt/preferences.d/nginx-block
}
# update redis.conf headers
if [ -f /etc/nginx/common/redis.conf ]; then
sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf &>> /dev/null
fi
systemctl enable nginx
systemctl restart nginx
} >> /var/log/wo/install.log 2>&1
}
wo_update_latest()
{
if [ -f /etc/nginx/fastcgi_params ]
then
grep -q 'HTTP_PROXY' /etc/nginx/fastcgi_params
@@ -461,7 +474,7 @@ wo_update_latest()
service nginx restart &>> /dev/null
fi
fi
if [ -f /etc/ImageMagick/policy.xml ]
then
if [ ! -f /etc/ImageMagick/patch.txt ]
@@ -470,40 +483,33 @@ wo_update_latest()
sed -i '/<policymap>/r /etc/ImageMagick/patch.txt' /etc/ImageMagick/policy.xml
fi
fi
# Move ~/.my.cnf to /etc/mysql/conf.d/my.cnf
if [ ! -f /etc/mysql/conf.d/my.cnf ]
then
if [ ! -f /etc/mysql/conf.d/my.cnf ]; then
# create conf.d folder if not exist
if [ ! -d /etc/mysql/conf.d ]; then
[ ! -d /etc/mysql/conf.d ] && {
mkdir -p /etc/mysql/conf.d
chmod 755 /etc/mysql/conf.d
fi
if [ -d /etc/mysql/conf.d ]
then
if [ -f ~/.my.cnf ]
then
cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null
chmod 600 /etc/mysql/conf.d/my.cnf
else
if [ -f /root/.my.cnf ]
then
cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null
chmod 600 /etc/mysql/conf.d/my.cnf
else
wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..."
fi
fi
}
if [ -f $HOME/.my.cnf ]; then
cp ~/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null
chmod 600 /etc/mysql/conf.d/my.cnf
elif [ -f /root/.my.cnf ]; then
cp /root/.my.cnf /etc/mysql/conf.d/my.cnf &>> /dev/null
chmod 600 /etc/mysql/conf.d/my.cnf
else
wo_lib_echo_fail ".my.cnf cannot be located in your current user or root folder..."
fi
fi
# Fix WordPress example.html issue
# Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users
dpkg --get-selections | grep -v deinstall | grep nginx &>> /dev/null
if [ $? -eq 0 ]; then
cp /usr/lib/wo/templates/locations.mustache /etc/nginx/common/locations-php72.conf &>> /dev/null
fi
# Fix Redis-server security issue
# http://redis.io/topics/security
if [ -f /etc/redis/redis.conf ]; then
@@ -513,7 +519,7 @@ wo_update_latest()
service redis-server restart &>> /dev/null
fi
fi
}
# Do git intialisation