Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Several improvements

Browse Source 
* Run `mysql_upgrade` during MySQL upgrade with `wo stack upgrade` to perform migration if needed
* WordOps now check if a repository already exist before trying to adding it again.
* install script refactored
This commit is contained in:
VirtuBox
2019-10-25 23:58:08 +02:00
parent b3cf601879
commit 7765b2ce84
13 changed files with 146 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wo/cli/plugins/site.py
View File

@@ -1151,7 +1151,7 @@ class WOSiteUpdateController(CementBaseController):
stype = oldsitetype
cache = oldcachetype
if oldsitetype == 'html' or oldsitetype == 'proxy':
data['static'] = True
data['static'] = False
data['wp'] = False
data['multisite'] = False
data['wpsubdir'] = False

1
wo/cli/plugins/stack_migrate.py
View File

@@ -1,7 +1,6 @@
import configparser
import os
from cement.core import handler, hook
from cement.core.controller import CementBaseController, expose
from wo.core.apt_repo import WORepo

66
wo/cli/plugins/stack_pref.py
View File

@@ -102,41 +102,68 @@ def pre_pref(self, apt_packages):
# add nginx repository
if set(WOVar.wo_nginx).issubset(set(apt_packages)):
Log.info(self, "Adding repository for NGINX, please wait...")
if (WOVar.wo_distro == 'ubuntu'):
WORepo.add(self, ppa=WOVar.wo_nginx_repo)
Log.debug(self, 'Adding ppa for Nginx')
if not os.path.isfile(
'wordops-ubuntu-nginx-wo-{0}.list'
.format(WOVar.wo_platform_codename)):
Log.info(self, "Adding repository for NGINX, please wait...")
WORepo.add(self, ppa=WOVar.wo_nginx_repo)
Log.debug(self, 'Adding ppa for Nginx')
else:
WORepo.add(self, repo_url=WOVar.wo_nginx_repo)
Log.debug(self, 'Adding repository for Nginx')
if not WOFileUtils.grepcheck(
self, '/etc/apt/sources.list/wo-repo.list',
'download.opensuse.org'):
Log.info(self, "Adding repository for NGINX, please wait...")
Log.debug(self, 'Adding repository for Nginx')
WORepo.add(self, repo_url=WOVar.wo_nginx_repo)
WORepo.add_key(self, WOVar.wo_nginx_key)
# add php repository
if (set(WOVar.wo_php73).issubset(set(apt_packages)) or
set(WOVar.wo_php).issubset(set(apt_packages))):
Log.info(self, "Adding repository for PHP, please wait...")
if (WOVar.wo_distro == 'ubuntu'):
Log.debug(self, 'Adding ppa for PHP')
WORepo.add(self, ppa=WOVar.wo_php_repo)
if not os.path.isfile(
'/etc/apt/sources.list.d/ondrej-ubuntu-php-{0}.list'
.format(WOVar.wo_platform_codename)):
Log.info(self, "Adding repository for PHP, please wait...")
WORepo.add(self, ppa=WOVar.wo_php_repo)
else:
# Add repository for php
if (WOVar.wo_platform_codename == 'buster'):
php_pref = ("Package: *\nPin: origin "
"packages.sury.org"
"\nPin-Priority: 1000\n")
with open('/etc/apt/preferences.d/'
'PHP.pref', 'w') as php_pref_file:
with open(
'/etc/apt/preferences.d/'
'PHP.pref', mode='w',
encoding='utf-8') as php_pref_file:
php_pref_file.write(php_pref)
Log.debug(self, 'Adding repo_url of php for debian')
WORepo.add(self, repo_url=WOVar.wo_php_repo)
if not WOFileUtils.grepcheck(
self, '/etc/apt/sources.list.d/wo-repo.list',
'packages.sury.org'):
Log.debug(self, 'Adding repo_url of php for debian')
Log.info(self, "Adding repository for PHP, please wait...")
WORepo.add(self, repo_url=WOVar.wo_php_repo)
Log.debug(self, 'Adding deb.sury GPG key')
WORepo.add_key(self, WOVar.wo_php_key)
# add redis repository
if set(WOVar.wo_redis).issubset(set(apt_packages)):
Log.info(self, "Adding repository for Redis, please wait...")
if WOVar.wo_distro == 'ubuntu':
Log.debug(self, 'Adding ppa for redis')
WORepo.add(self, ppa=WOVar.wo_redis_repo)
if not os.path.isfile(
'/etc/apt/sources.list.d/'
'chris-lea-ubuntu-redis-server-{0}.list'
.format(WOVar.wo_platform_codename)):
Log.info(self, "Adding repository for Redis, please wait...")
Log.debug(self, 'Adding ppa for redis')
WORepo.add(self, ppa=WOVar.wo_redis_repo)
else:
if not WOFileUtils.grepcheck(
self, '/etc/apt/sources.list/wo-repo.list',
'download.opensuse.org'):
Log.info(self, "Adding repository for Redis, please wait...")
WORepo.add(self, repo_url=WOVar.wo_php_repo)
WORepo.add_key(self, WOVar.wo_nginx_key)
def post_pref(self, apt_packages, packages, upgrade=False):
@@ -1374,21 +1401,29 @@ def post_pref(self, apt_packages, packages, upgrade=False):
def pre_stack(self):
"""Inital server configuration and tweak"""
# wo sysctl tweaks
Log.wait(self, 'Applying Linux tweaks')
# check system type
wo_arch = os.uname()[4]
if os.path.isfile('/proc/1/environ'):
# detect lxc containers
wo_lxc = WOFileUtils.grepcheck(
self, '/proc/1/environ', 'container=lxc')
# detect wsl
wo_wsl = WOFileUtils.grepcheck(
self, '/proc/1/environ', 'wsl')
else:
wo_wsl = True
wo_lxc = True
# remove old sysctl tweak
if os.path.isfile('/etc/sysctl.d/60-ubuntu-nginx-web-server.conf'):
WOFileUtils.rm(self, '/etc/sysctl.d/60-ubuntu-nginx-web-server.conf')
if wo_arch == 'x86_64':
if (wo_lxc is not True) and (wo_wsl is not True):
data = dict()
WOTemplate.deploy(
self, '/etc/sysctl.d/60-wo-tweaks.conf',
'sysctl.mustache', data, True)
# use tcp_bbr congestion algorithm only on new kernels
if (WOVar.wo_platform_codename == 'bionic' or
WOVar.wo_platform_codename == 'disco' or
WOVar.wo_platform_codename == 'buster'):
@@ -1410,6 +1445,7 @@ def pre_stack(self):
encoding='utf-8', mode='a') as sysctl_file:
sysctl_file.write(
'\nnet.ipv4.tcp_congestion_control = htcp')
# apply sysctl tweaks
WOShellExec.cmd_exec(
self, 'sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf')
# sysctl tweak service

28
wo/cli/plugins/sync.py
View File

@@ -52,18 +52,22 @@ class WOSyncController(CementBaseController):
if configfiles:
if WOFileUtils.isexist(self, configfiles[0]):
wo_db_name = (WOFileUtils.grep(self, configfiles[0],
'DB_NAME').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
wo_db_user = (WOFileUtils.grep(self, configfiles[0],
'DB_USER').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
wo_db_pass = (WOFileUtils.grep(self, configfiles[0],
'DB_PASSWORD').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
wo_db_host = (WOFileUtils.grep(self, configfiles[0],
'DB_HOST').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
wo_db_name = (
WOFileUtils.grep(self, configfiles[0],
'DB_NAME').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
wo_db_user = (
WOFileUtils.grep(self, configfiles[0],
'DB_USER').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
wo_db_pass = (
WOFileUtils.grep(self, configfiles[0],
'DB_PASSWORD').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
wo_db_host = (
WOFileUtils.grep(self, configfiles[0],
'DB_HOST').split(',')[1]
.split(')')[0].strip().replace('\'', ''))
# Check if database really exist
try:

9
wo/cli/templates/nextcloud.mustache
View File

@@ -8,7 +8,7 @@ location = /robots.txt {
access_log off;
}
location / {
rewrite ^ /index.php$request_uri;
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
@@ -18,13 +18,12 @@ location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass {{upstream}};
fastcgi_intercept_errors on;

6
wo/cli/templates/nginx-core.mustache
View File

@@ -55,12 +55,12 @@ http {
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_early_data on;
ssl_early_data on;
{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
ssl_ecdh_curve X25519:P-521:P-384:P-256;
# Previous TLS v1.2 configuration
{{^tls13}}ssl_protocols TLSv1.2;
{{^tls13}}# Previous TLS v1.2 configuration
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
# Common security headers

9
wo/core/acme.py
View File

@@ -22,6 +22,7 @@ class WOAcme:
self, "{0} ".format(WOAcme.wo_acme_exec) +
"--list --listraw > /var/lib/wo/cert.csv"):
Log.error(self, "Unable to export certs list")
WOFileUtils.chmod(self, '/var/lib/wo/cert.csv', 0o600)
def setupletsencrypt(self, acme_domains, acmedata):
"""Issue SSL certificates with acme.sh"""
@@ -38,6 +39,14 @@ class WOAcme:
acme_mode = "-w /var/www/html"
validation_mode = "Webroot challenge"
Log.debug(self, "Validation : Webroot mode")
if not os.path.isdir('/var/www/html/.well-known/acme-challenge'):
WOFileUtils.mkdir(
self, '/var/www/html/.well-known/acme-challenge')
WOFileUtils.chown(
self, '/var/www/html/.well-known', 'www-data', 'www-data',
recursive=True)
WOFileUtils.chmod(self, '/var/www/html/.well-known', 0o750,
recursive=True)
Log.info(self, "Validation mode : {0}".format(validation_mode))
Log.wait(self, "Issuing SSL cert with acme.sh")

1
wo/core/domainvalidate.py
View File

@@ -25,7 +25,6 @@ class WODomain():
return domain_name
def getlevel(self, domain):
"""
Returns the domain type : domain, subdomain and the root domain

14
wo/core/fileutils.py
View File

@@ -280,17 +280,19 @@ class WOFileUtils():
"""
Searches for string in file and returns True or False.
"""
try:
Log.debug(self, "Finding string {0} to file {1}"
.format(sstr, fnm))
if os.path.isfile(fnm):
try:
Log.debug(self, "Finding string {0} to file {1}"
.format(sstr, fnm))
for line in open(fnm, encoding='utf-8'):
if sstr in line:
return True
return False
except OSError as e:
Log.debug(self, "{0}".format(e.strerror))
Log.error(self, "Unable to Search string {0} in {1}"
.format(sstr, fnm))
Log.debug(self, "{0}".format(e.strerror))
Log.error(self, "Unable to Search string {0} in {1}"
.format(sstr, fnm))
return False
def rm(self, path):
"""