diff --git a/.travis.yml b/.travis.yml index 27d38af..4d263aa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,12 @@ sudo: required -dist: xenial +dist: bionic language: bash notifications: slack: wordops:MyZBNbI7JfhbAi3YyFckMdaa + webhooks: + secure: "JiGtzYplTyFg/L6Rsi7ptEQIV29O5qCWU2Zf5pLITsQrBrQO4cIXXp9G4Z+cenXjfIiqbqIgU0US3zXeIAl4g14xdfzmMYeMMwuKBpI8afMYv8MD6ldoP0MTFHQfROE6OXxKLVUvZn1R0oLLU1fzVSI0qGjNkt20cf/Lrt/reH/zS5hAI92kWI3u2zPu7Zn/g/a8MO/Y3Iv7v1PSQaVkVJVqtOK3U2GJqhIv2G1AVcaPb7Nh/V2zm2dDYBVT0UotBnlBUcUXbEMP77D9pjtWXd1/0rWuJIHixMjwUybpZqY75UMee5INynU6OZRsv029LRHAIMkWhfBkdVN/U5jhQJzui14+vRQrb5nfUMG8Cd8INojDlu6dk/ps2GzTCCXBITeMQKAouUoHD2LEbsNp17xi1K4ZlKb3+0lrOAiS4JYFE6wOo4yMlLTYoquYSqk7AuxuUS8A5OD5MYxhk9uafiTSxKFOo39KYWTSaACsPD8q1swaTSjoYm9skyZvIkIFq5bHBCYEGFe6X/NY9l5tz3hSe+TJOerCHsg+dXVuQl+pIp5nw2as9TH9ox5Vgqc9Zh4GbTDQVvdAmUpmlsZ/SKoOMCkmkB1aRNFq/7RnERIJyAEGJbauHWmjtOM4cCxesl0L0b2Eab89zQpSn7pzE8JTiJgpzCUc22p653PTaqM=" addons: apt: diff --git a/CHANGELOG.md b/CHANGELOG.md index 3777422..a87bdb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### v3.9.x - [Unreleased] +### v3.9.8.12 - 2019-09-20 + +#### Changed + +- [APP] WP-CLI updated to v2.3.0 +- [CORE] Improved SSL certificates management from previous letsencrypt or certbot install +- [CORE] Use a separate python file for gitconfig during installation to redirect setup.py output into logs +- [CORE] updated cement to v2.8.2 +- [CORE] removed old `--experimental flag` +- [CORE] Improve and simplify install script + +#### Fixed + +- htpasswd protection when migrating from EasyEngine v3 [Issue #152](https://github.com/WordOps/WordOps/issues/152) +- acme.sh install when migration from EasyEngine v3 [Issue #153](https://github.com/WordOps/WordOps/issues/153) + ### v3.9.8.11 - 2019-09-06 #### Changed diff --git a/README.md b/README.md index d0dfe1a..9dc7748 100644 --- a/README.md +++ b/README.md @@ -11,13 +11,13 @@

build -MIT -Commits +MIT +Commits GitHub release
WordOps install codacy -Badge Twitter -Badge Slack +Badge Twitter +Badge Rocket.chat

diff --git a/config/bash_completion.d/wo_auto.rc b/config/bash_completion.d/wo_auto.rc index 56ec872..b0ffd54 100644 --- a/config/bash_completion.d/wo_auto.rc +++ b/config/bash_completion.d/wo_auto.rc @@ -94,7 +94,7 @@ _wo_complete() ;; "edit" | "enable" | "info" | "log" | "show" | "cd" | "delete") - if [ ${COMP_WORDS[1]} == "log" ]; then + if [ ""${COMP_WORDS[1]}"" == "log" ]; then COMPREPLY=( $(compgen \ -W "$(find /etc/nginx/sites-available/ -type f -printf "%P " 2> /dev/null) --nginx --php --fpm --mysql --access" \ -- $cur) ) @@ -131,7 +131,7 @@ _wo_complete() ;; esac - if [ ${COMP_WORDS[1]} == "debug" ] && ([ "$prev" != "--start" ] && [ "$prev" != "--nginx" ] && [ "$prev" != "--php" ] && [ "$prev" != "--php73" ] && [ "$prev" != "--fpm" ] && [ "$prev" != "--fpm7" ] && [ "$prev" != "--mysql" ] && [ "$prev" != "-i" ] && [ "$prev" != "--interactive" ] && [ "$prev" != "--import-slow-log" ] && [ "$prev" != "--stop" ]); then + if [ ""${COMP_WORDS[1]}"" == "debug" ] && ([ "$prev" != "--start" ] && [ "$prev" != "--nginx" ] && [ "$prev" != "--php" ] && [ "$prev" != "--php73" ] && [ "$prev" != "--fpm" ] && [ "$prev" != "--fpm7" ] && [ "$prev" != "--mysql" ] && [ "$prev" != "-i" ] && [ "$prev" != "--interactive" ] && [ "$prev" != "--import-slow-log" ] && [ "$prev" != "--stop" ]); then retlist="--all --wp --rewrite -i --all=off --wp=off --rewrite=off" ret="${retlist[@]/$prev}" COMPREPLY=( $(compgen \ @@ -139,7 +139,7 @@ _wo_complete() -- $cur) ) fi - #if [ ${COMP_WORDS[1]} == "log" ] && ([ "$prev" != "--access" ] || [ "$prev" != "--nginx" ] || [ "$prev" != "--php" ] || [ "$prev" != "--fpm" ] || [ "$prev" != "--mysql" ] || [ "$prev" != "-i" ] || ["$prev" != "--interactive" ] || ["$prev" != "--stop" ]); then + #if [ "${COMP_WORDS[1]}" == "log" ] && ([ "$prev" != "--access" ] || [ "$prev" != "--nginx" ] || [ "$prev" != "--php" ] || [ "$prev" != "--fpm" ] || [ "$prev" != "--mysql" ] || [ "$prev" != "-i" ] || ["$prev" != "--interactive" ] || ["$prev" != "--stop" ]); then # retlist="--all --wp --rewrite -i --all=off --wp=off --rewrite=off" # ret="${retlist[@]/$prev}" # COMPREPLY=( $(compgen \ @@ -148,7 +148,7 @@ _wo_complete() #fi - elif [ $COMP_CWORD -eq 4 ]; then + elif [ "$COMP_CWORD" -eq 4 ]; then case "$mprev" in # HANDLE EVERYTHING AFTER THE THIRD LEVEL NAMESPACE @@ -204,11 +204,11 @@ _wo_complete() case "$prev" in "--wp") - if [ ${COMP_WORDS[1]} != "debug" ]; then - if [ ${COMP_WORDS[2]} == "create" ]; then + if [ "${COMP_WORDS[1]}" != "debug" ]; then + if [ "${COMP_WORDS[2]}" == "create" ]; then retlist="--wp --wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce --letsencrypt -le --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do --php73" - elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard --letsencrypt=off --letsencrypt=clean -le=off -le=wildcard --dns --dns=dns_cf --dns=dns_do" + elif [ "${COMP_WORDS[2]}" == "update" ]; then + retlist="--wp --wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le --letsencrypt --letsencrypt=wildcard -le=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -223,11 +223,11 @@ _wo_complete() ;; "--wpsubdir" | "--wpsubdomain") - if [ ${COMP_WORDS[1]} != "debug" ]; then - if [ ${COMP_WORDS[2]} == "create" ]; then + if [ "${COMP_WORDS[1]}" != "debug" ]; then + if [ "${COMP_WORDS[2]}" == "create" ]; then retlist="--wpsc --wpfc --user --email --pass --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --php73 --dns --dns=dns_cf --dns=dns_do" - elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le -le=off -le=wildcard --letsencrypt --letsencrypt=wildcard --letsencrypt=off --letsencrypt=clean --dns --dns=dns_cf --dns=dns_do" + elif [ "${COMP_WORDS[2]}" == "update" ]; then + retlist="--wpfc --wpsc --php73 --php73=off --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -241,9 +241,9 @@ _wo_complete() -- $cur) ) ;; - "--wpredis --wprocket --wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") - if [ ${COMP_WORDS[2]} == "create" ]; then - retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 -le -le=off -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do" + "--wpredis" | "--wprocket" | "--wpce" | "--wpfc" | "--wpsc" | "--wpsubdir" | "--wpsubdomain" | "--user" | "--pass" | "--email" | "--wp") + if [ "${COMP_WORDS[2]}" == "create" ]; then + retlist="--user --pass --email --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce --php73 -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -254,9 +254,9 @@ _wo_complete() -- $cur) ) ;; - "--wpredis --wprocket --wpce" | "--wpfc") - if [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=off --letsencrypt --letsencrypt=off --letsencrypt=clean --dns --dns=dns_cf --dns=dns_do" + "--wpredis" | "--wprocket" | "--wpce" | "--wpfc") + if [ "${COMP_WORDS[2]}" == "update" ]; then + retlist="--password --php --php73 --mysql --wp --wpsubdir --wpsubdomain -le --letsencrypt --dns --dns=dns_cf --dns=dns_do" else retlist="" fi @@ -268,23 +268,23 @@ _wo_complete() ;; "--web" | "--admin" | "--nginx" | "--php" | "--php73" | "--mysql" | "--wpcli" | "--phpmyadmin" | "--adminer" | "--utils" | "--fail2ban" | "--redis | --phpredisadmin | --netdata") - if [[ ${COMP_WORDS[2]} == "install" || ${COMP_WORDS[2]} == "purge" || ${COMP_WORDS[2]} == "remove" ]]; then + if [[ "${COMP_WORDS[2]}" == "install" || "${COMP_WORDS[2]}" == "purge" || "${COMP_WORDS[2]}" == "remove" ]]; then retlist="--web --admin --security --nginx --php --php73 --mysql --wpcli --phpmyadmin --adminer --utils --redis --fail2ban --phpredisadmin --netdata -f --force" - elif [[ ${COMP_WORDS[2]} == "start" || ${COMP_WORDS[2]} == "reload" || ${COMP_WORDS[2]} == "restart" || ${COMP_WORDS[2]} == "stop" ]]; then + elif [[ "${COMP_WORDS[2]}" == "start" || "${COMP_WORDS[2]}" == "reload" || "${COMP_WORDS[2]}" == "restart" || "${COMP_WORDS[2]}" == "stop" ]]; then retlist="--nginx --php --php73 --mysql --redis --netdata" - elif [[ ${COMP_WORDS[1]} == "debug" ]]; then + elif [[ "${COMP_WORDS[1]}" == "debug" ]]; then retlist="--start --nginx --php --php73 --fpm --fpm7 --mysql -i --interactive -stop --import-slow-log --import-slow-log-interval= -" if [[ $prev == '--mysql' ]]; then retlist="--start --nginx --php --php73 --fpm --fpm7 --mysql -i --interactive --stop --import-slow-log" fi - elif [[ ${COMP_WORDS[1]} == "log" ]]; then - if [ ${COMP_WORDS[2]} == "show" ]; then + elif [[ "${COMP_WORDS[1]}" == "log" ]]; then + if [ "${COMP_WORDS[2]}" == "show" ]; then retlist="--access --nginx --php --mysql --fpm --wp" - elif [ ${COMP_WORDS[2]} == "reset" ]; then + elif [ "${COMP_WORDS[2]}" == "reset" ]; then retlist="--access --nginx --php --mysql --fpm --wp --slow-log-db" - elif [ ${COMP_WORDS[2]} == "mail" ]; then + elif [ "${COMP_WORDS[2]}" == "mail" ]; then retlist="--access --nginx --php --mysql --fpm --wp --to=" fi @@ -304,12 +304,12 @@ _wo_complete() ;; "--all") - if [ ${COMP_WORDS[1]} == "clean" ]; then + if [ "${COMP_WORDS[1]}" == "clean" ]; then retlist="--opcache --fastcgi --redis" - elif [ ${COMP_WORDS[2]} == "delete" ]; then + elif [ "${COMP_WORDS[2]}" == "delete" ]; then retlist="--db --files --force" - elif [ ${COMP_WORDS[2]} == "update" ]; then - retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=off -le=wildcard --letsencrypt --letsencrypt=off " + elif [ "${COMP_WORDS[2]}" == "update" ]; then + retlist="--password --php --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=off -le=wildcard --letsencrypt --letsencrypt=off " else retlist="" fi @@ -333,16 +333,16 @@ _wo_complete() -W "$(echo $ret)" \ -- $cur) ) ;; - "--access" | "--fpm" | "--wp" | "--slow-log-db") - if [[ ${COMP_WORDS[1]} == "log" ]]; then - if [ ${COMP_WORDS[2]} == "show" ]; then + "--access" | "--fpm" | "--slow-log-db") + if [[ "${COMP_WORDS[1]}" == "log" ]]; then + if [ "${COMP_WORDS[2]}" == "show" ]; then retlist="--access --nginx --php --mysql --fpm --wp" - elif [ ${COMP_WORDS[2]} == "reset" ]; then + elif [ "${COMP_WORDS[2]}" == "reset" ]; then retlist="--access --nginx --php --mysql --fpm --wp --slow-log-db" - elif [ ${COMP_WORDS[2]} == "mail" ]; then + elif [ "${COMP_WORDS[2]}" == "mail" ]; then retlist="--access --nginx --php --mysql --fpm --wp --to=" fi @@ -357,7 +357,7 @@ _wo_complete() esac case "$mprev" in "--user" | "--email" | "--pass") - if [ ${COMP_WORDS[2]} == "create" ]; then + if [ "${COMP_WORDS[2]}" == "create" ]; then retlist="--user --pass --email --html --php --php73 --mysql --wp --wpsubdir --wpsubdomain --wpfc --wpsc --wpredis --wprocket --wpce -le -le=wildcard --letsencrypt --letsencrypt=wildcard --dns --dns=dns_cf --dns=dns_do" fi ret="${retlist[@]/$prev}" diff --git a/gitconfig.py b/gitconfig.py new file mode 100644 index 0000000..65ef8e2 --- /dev/null +++ b/gitconfig.py @@ -0,0 +1,34 @@ +import configparser +import os +import re +import shutil + +# WordOps git configuration management +config = configparser.ConfigParser() +config.read(os.path.expanduser("~")+'/.gitconfig') +try: + wo_user = config['user']['name'] + wo_email = config['user']['email'] +except Exception: + print("WordOps (wo) require an username & and an email " + "address to configure Git (used to save server configurations)") + print("Your informations will ONLY be stored locally") + + wo_user = input("Enter your name: ") + while wo_user == "": + print("Unfortunately, this can't be left blank") + wo_user = input("Enter your name: ") + + wo_email = input("Enter your email: ") + + while not re.match(r"^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$", + wo_email): + print("Whoops, seems like you made a typo - " + "the e-mailaddress is invalid...") + wo_email = input("Enter your email: ") + + os.system("git config --global user.name {0}".format(wo_user)) + os.system("git config --global user.email {0}".format(wo_email)) + +if not os.path.isfile('/root/.gitconfig'): + shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') diff --git a/install b/install index 926c222..b81a667 100755 --- a/install +++ b/install @@ -9,7 +9,7 @@ # ------------------------------------------------------------------------- # wget -qO wo wops.cc && sudo bash wo # ------------------------------------------------------------------------- -# Version 3.9.8.10 - 2019-09-04 +# Version 3.9.8.12 - 2019-09-20 # ------------------------------------------------------------------------- # CONTENTS @@ -107,13 +107,33 @@ unset LANG export LANG='en_US.UTF-8' export LC_ALL='C.UTF-8' +# check if a command exist command_exists() { command -v "$@" > /dev/null 2>&1 } +# run functions and exit on failure +_run() { + if [ -n "$2" ]; then + wo_lib_echo "$2" + fi + if ! { "$1" >> "$wo_install_log" 2>&1; }; then + exit 1 + fi + +} + +check_path() { + if [ -d "$1" ]; then + return 0 + else + return 1 + fi +} + if [ -z "$wo_travis" ]; then if command_exists curl; then - apt-get update -qq & + apt-get update -qq else apt-get update -qq && apt-get -y install curl -qq > /dev/null 2>&1 fi @@ -132,8 +152,8 @@ echo "" ### # 1- Check whether lsb_release is installed, and if not, install it ### + if ! command_exists lsb_release; then - wo_lib_echo "Installing lsb-release, please /bin/bash --init-file <(echo 'source /etc/bash_completion.d/wo_auto.rc')..." apt-get install lsb-release -qq fi @@ -161,8 +181,10 @@ WO_ARCH="$(uname -m)" if [ -x /usr/local/bin/ee ]; then ee_migration=1 + ufw="n" elif [ -x /usr/local/bin/wo ]; then wo_upgrade=1 + ufw="n" fi if [ -z "$ufw" ]; then ufw="y" @@ -190,7 +212,6 @@ fi ### if [ ! -d "$wo_log_dir" ] || [ ! -d "$wo_backup_dir" ] || [ ! -d "$wo_tmp_dir" ]; then - wo_lib_echo "Creating WordOps directory" mkdir -p "$wo_backup_dir" "$wo_log_dir" "$wo_tmp_dir" || wo_lib_error "Whoops - seems we are unable to create the log directory $wo_log_dir, exit status " $? # create wordops log files @@ -204,46 +225,45 @@ fi #### wo_dist_upgrade() { - # update server packages + # perform server packages upgrade apt-get dist-upgrade --option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --option=Dpkg::options::=--force-unsafe-io --assume-yes --quiet -} >> "$wo_install_log" 2>&1 +} wo_install_dep() { - { + if [ "$wo_linux_distro" == "Ubuntu" ]; then + # install dependencies + apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ + build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \ + gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 + add-apt-repository ppa:wordops/nginx-wo -yn + else + # install dependencies + apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ + build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-requests python3-dev ca-certificates sqlite3 git tar \ + software-properties-common pigz apt-transport-https gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 + # add php repository gpg key + [ -d /etc/apt/trusted.gpg.d ] && { wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg; } + # add nginx repository gpg key + curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_10/Release.key | apt-key add - + fi - if [ "$wo_linux_distro" == "Ubuntu" ]; then - # install dependencies - apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ - build-essential curl gzip python3 python3-apt python3-setuptools python3-requests python3-dev sqlite3 git tar software-properties-common pigz \ - gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 - add-apt-repository ppa:wordops/nginx-wo -yn - else - # install dependencies - apt-get -option=Dpkg::options::=--force-confmiss --option=Dpkg::options::=--force-confold --assume-yes install \ - build-essential curl gzip dirmngr sudo python3 python3-apt python3-setuptools python3-requests python3-dev ca-certificates sqlite3 git tar \ - software-properties-common pigz apt-transport-https gnupg2 cron ccze rsync tree haveged ufw unattended-upgrades tzdata ntp > /dev/null 2>&1 - # add php repository gpg key - [ -d /etc/apt/trusted.gpg.d ] && { wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg; } - # add nginx repository gpg key - curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_10/Release.key | apt-key add - - fi - - locale-gen en - # enable unattended upgades - if [ ! -f /etc/apt/apt.conf.d/20auto-upgrades ]; then - cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades - fi - } >> "$wo_install_log" 2>&1 + locale-gen en + # enable unattended upgades + if [ ! -f /etc/apt/apt.conf.d/20auto-upgrades ]; then + cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades + fi } wo_timesync() { # set default ntp pools - if ! grep -q "time.cloudflare.com" /etc/systemd/timesyncd.conf; then - sed -e 's/^#NTP=/NTP=time.cloudflare.com 0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf - # enable ntp - timedatectl set-ntp 1 + if [ -f /etc/systemd/timesyncd.conf ]; then + if ! grep -q "time.cloudflare.com" /etc/systemd/timesyncd.conf; then + sed -e 's/^#NTP=/NTP=time.cloudflare.com 0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf + # enable ntp + timedatectl set-ntp 1 + fi fi } @@ -259,18 +279,16 @@ wo_sync_db() { mkdir -p /var/lib/wo if [ -f /var/lib/ee/ee.db ]; then - # Copy the EasyEngine database + # Make a backup of the EasyEngine database cp /var/lib/ee/ee.db /var/lib/wo/dbase-ee.db - ### - # Clean WO installation - ### - + # Copy ee database cp /var/lib/ee/ee.db /var/lib/wo/dbase.db else + if [ -d /etc/nginx/sites-available ]; then - # Create an empty database for WordOps - echo "CREATE TABLE sites ( + # Create an empty database for WordOps + echo "CREATE TABLE sites ( id INTEGER PRIMARY KEY AUTOINCREMENT, sitename UNIQUE, site_type CHAR, @@ -289,69 +307,69 @@ wo_sync_db() { php_version VARCHAR );" | sqlite3 /var/lib/wo/dbase.db - # Check site is enable/live or disable - AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)" - for site in $AV_SITES; do - if [ -h "/etc/nginx/sites-enabled/$site" ]; then - wo_site_status='1' - else - wo_site_status='0' - fi - - # Acquire information about the current nginx configuration - - wo_site_current_type=$(grep "common/" "/etc/nginx/sites-available/$site" | awk -F "/" '{print $2}') - - if echo "$wo_site_current_type" | grep -q "php"; then - if echo "$wo_site_current_type" | grep -q "php7"; then - wo_php_version="7.0" + # Check site is enable/live or disable + AV_SITES="$(basename -a /etc/nginx/sites-available/* | grep -v default)" + for site in $AV_SITES; do + if [ -h "/etc/nginx/sites-enabled/$site" ]; then + wo_site_status='1' else - wo_php_version="5.6" + wo_site_status='0' fi - else - wo_php_version="" - fi - if echo "$wo_site_current_type" | grep -q "redis"; then - wo_site_current_cache="wpredis" - elif echo "$wo_site_current_type" | grep -q wpsc; then - wo_site_current_cache="wpsc" - elif echo "$wo_site_current_type" | grep -q wpfc; then - wo_site_current_cache="wpfc" - else - wo_site_current_cache="basic" - fi + # Acquire information about the current nginx configuration - if echo "$wo_site_current_type" | grep -q wp; then - if echo "$wo_site_current_type" | grep -q wpsubdir; then - wo_site_current="wpsubdir" - elif echo "$wo_site_current_type" | grep -q wpsudomain; then - wo_site_current="wpsubdomain" - else - wo_site_current="wp" - fi - else - if echo "$wo_site_current_type" | grep -q location; then - wo_site_current="proxy" - elif echo "$wo_site_current_type" | grep -q php; then - wo_site_current="html" - else - if [ -f "/var/www/${site}/ee-config.php" ] || [ -f "/var/www/${site}/wo-config.php" ]; then - wo_site_current="mysql" + wo_site_current_type=$(grep "common/" "/etc/nginx/sites-available/$site" | awk -F "/" '{print $2}') + + if echo "$wo_site_current_type" | grep -q "php"; then + if echo "$wo_site_current_type" | grep -q "php7"; then + wo_php_version="7.0" else - wo_site_current="php" + wo_php_version="5.6" + fi + else + wo_php_version="" + fi + + if echo "$wo_site_current_type" | grep -q "redis"; then + wo_site_current_cache="wpredis" + elif echo "$wo_site_current_type" | grep -q wpsc; then + wo_site_current_cache="wpsc" + elif echo "$wo_site_current_type" | grep -q wpfc; then + wo_site_current_cache="wpfc" + else + wo_site_current_cache="basic" + fi + + if echo "$wo_site_current_type" | grep -q wp; then + if echo "$wo_site_current_type" | grep -q wpsubdir; then + wo_site_current="wpsubdir" + elif echo "$wo_site_current_type" | grep -q wpsudomain; then + wo_site_current="wpsubdomain" + else + wo_site_current="wp" + fi + else + if echo "$wo_site_current_type" | grep -q location; then + wo_site_current="proxy" + elif echo "$wo_site_current_type" | grep -q php; then + wo_site_current="html" + else + if [ -f "/var/www/${site}/ee-config.php" ] || [ -f "/var/www/${site}/wo-config.php" ]; then + wo_site_current="mysql" + else + wo_site_current="php" + fi fi fi - fi - wo_webroot="/var/www/$site" + wo_webroot="/var/www/$site" - # Import the configuration into the WordOps SQLite database - echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) + # Import the configuration into the WordOps SQLite database + echo "INSERT INTO sites (sitename, site_type, cache_type, site_path, is_enabled, is_ssl, storage_fs, storage_db) VALUES (\"$site\", \"$wo_site_current\", \"$wo_site_current_cache\", \"$wo_webroot\", \"$wo_site_status\", 0, 'ext4', 'mysql');" | sqlite3 /var/lib/wo/dbase.db - done - + done + fi fi # echo "UPDATE sites SET php_version = REPLACE(php_version, '5.6', '7.2');" | sqlite3 /var/lib/wo/dbase.db @@ -371,66 +389,65 @@ secure_wo_db() { # Update the WP-CLI version wo_update_wp_cli() { - { - WP_CLI_PATH=$(command -v wp) - if [ -n "$WP_CLI_PATH" ]; then - rm -rf "$WP_CLI_PATH" - fi - # Update WP-CLI to the most recent version - wget -qO /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar - chmod +x /usr/local/bin/wp - [ ! -h /usr/bin/wp ] && { - ln -s /usr/local/bin/wp /usr/bin/ - } - [ -d /etc/bash_completion.d ] && { - wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash - } - } >> "$wo_install_log" 2>&1 + WP_CLI_PATH=$(command -v wp) + if [ -n "$WP_CLI_PATH" ]; then + rm -rf "$WP_CLI_PATH" + fi + # Update WP-CLI to the most recent version + wget -qO /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar + chmod +x /usr/local/bin/wp + [ ! -h /usr/bin/wp ] && { + ln -s /usr/local/bin/wp /usr/bin/ + } + [ -d /etc/bash_completion.d ] && { + wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash + } + } wo_install_acme_sh() { # check if acme.sh is already installed - if [ ! -x /etc/letsencrypt/acme.sh ] && [ ! -d /etc/letsencrypt/archive ]; then - { - # clone the git repository - if [ -d /opt/acme.sh/.git ]; then - git -C /opt/acme.sh pull origin master - else - git clone https://github.com/Neilpang/acme.sh.git /opt/acme.sh -q - fi - cd /opt/acme.sh || exit 1 - # create conf directories - mkdir -p /etc/letsencrypt/{config,live,renewal} - # install acme.sh - ./acme.sh --install \ - --home /etc/letsencrypt \ - --config-home /etc/letsencrypt/config \ - --cert-home /etc/letsencrypt/renewal - # enable auto-upgrade - /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade + if [ ! -x /etc/letsencrypt/acme.sh ]; then + + # clone the git repository + if [ -d /opt/acme.sh/.git ]; then + git -C /opt/acme.sh pull origin master + else + git clone --depth=50 https://github.com/Neilpang/acme.sh.git /opt/acme.sh -q + fi + cd /opt/acme.sh || exit 1 + # create conf directories + mkdir -p /etc/letsencrypt/{config,live,renewal} + # install acme.sh + ./acme.sh --install \ + --home /etc/letsencrypt \ + --config-home /etc/letsencrypt/config \ + --cert-home /etc/letsencrypt/renewal + # enable auto-upgrade + /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --upgrade --auto-upgrade - } >> "$wo_install_log" 2>&1 fi - if [ -x "$HOME/.acme.sh/acme.sh" ]; then - { - # backup acme.sh folder - /bin/tar -I pigz -cf /var/lib/wo-backup/acme.sh.tar.gz "$HOME/.acme.sh" - # rsync previous certificates to new acme.sh location - /usr/bin/rsync -rltgoDpz --exclude="account.conf" \ - --exclude="acme.sh" \ - --exclude="acme.sh.env" \ - --exclude="deploy" \ - --exclude="dnsapi" \ - --exclude="http.header" \ - --exclude="ca" \ - "$HOME/.acme.sh/" \ - /etc/letsencrypt/renewal/ - # remove previous acme.sh folder - rm -rf "$HOME/.acme.sh" - # removing previous cronjob - crontab -l | sed '/41 0 \* \* \* "\/root\/\.acme\.sh"\/acme.sh --cron --home "\/root\/\.acme\.sh" > \/dev\/null/d' | crontab - - } >> "$wo_install_log" 2>&1 + if [ -x "$HOME/.acme.sh/acme.sh" ]; then + # backup acme.sh folder + /bin/tar -I pigz -cf /var/lib/wo-backup/acme.sh.tar.gz "$HOME/.acme.sh" + # rsync previous certificates to new acme.sh location + /usr/bin/rsync -rltgoDpz --exclude="account.conf" \ + --exclude="acme.sh" \ + --exclude="acme.sh.env" \ + --exclude="deploy" \ + --exclude="dnsapi" \ + --exclude="http.header" \ + --exclude="ca" \ + "$HOME/.acme.sh/" \ + /etc/letsencrypt/renewal/ + # remove previous acme.sh folder + rm -rf "$HOME/.acme.sh" + mkdir "$HOME/.acme.sh" + touch "$HOME/.acme.sh/acme.sh.env" + # removing previous cronjob + crontab -l | sed '/41 0 \* \* \* "\/root\/\.acme\.sh"\/acme.sh --cron --home "\/root\/\.acme\.sh" > \/dev\/null/d' | crontab - + fi # Let's Encrypt .well-known folder setup if [ ! -d /var/www/html/.well-known/acme-challenge ]; then @@ -442,33 +459,36 @@ wo_install_acme_sh() { fi } -# Clone Github repository if it doesn't exist -wo_install() { - { - rm -f /etc/bash_completion.d/wo_auto.rc - rm -rf /var/lib/wo/tmp/WordOps-* - if [ -z "$wo_version" ]; then - curl -sL https://github.com/WordOps/WordOps/archive/${wo_branch}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp - cd "/var/lib/wo/tmp/WordOps-$wo_branch" || exit 1 - else - curl -sL https://github.com/WordOps/WordOps/archive/v${wo_version}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp - cd "/var/lib/wo/tmp/WordOps-$wo_version" || exit 1 - fi +# Download WordOps +wo_download() { + rm -f /etc/bash_completion.d/wo_auto.rc + rm -rf /var/lib/wo/tmp/WordOps-* + if [ -z "$wo_version" ]; then + curl -sL https://github.com/WordOps/WordOps/archive/${wo_branch}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp + mv "/var/lib/wo/tmp/WordOps-$wo_branch" /var/lib/wo/tmp/WordOps-install + else + curl -sL https://github.com/WordOps/WordOps/archive/v${wo_version}.tar.gz | tar -I pigz -xf - -C /var/lib/wo/tmp + mv "/var/lib/wo/tmp/WordOps-$wo_version" /var/lib/wo/tmp/WordOps-install + fi +} - } \ - >> "$wo_install_log" 2>&1 +wo_git_config() { if [ "$wo_force_install" = "y" ]; then [ ! -f "$HOME/.gitconfig" ] && { bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME.local" > $HOME/.gitconfig'; } fi - if [ -f "$HOME/.gitconfig" ]; then - # install and redirect log to not print python package install - python3 setup.py install >> $wo_install_log 2>&1 - else - # install without redirecting logs to prompt user for name & email - python3 setup.py install - fi + # .gitconfig inital setup + cd /var/lib/wo/tmp/WordOps-install || exit 1 + python3 gitconfig.py + +} + +# WordOps install +wo_install() { + + cd /var/lib/wo/tmp/WordOps-install || exit 1 + python3 setup.py install } @@ -477,96 +497,90 @@ wo_install_travis() { if [ -f "$HOME/.gitconfig" ]; then # install and redirect log to not print python package install - python3 setup.py install >> $wo_install_log 2>&1 + python3 setup.py install fi } wo_upgrade_nginx() { - { + if [ -d /var/lib/wo-backup/nginx ]; then + /bin/tar -I pigz "$NGINX_BACKUP_FILE" /var/lib/wo-backup/nginx + rm -rf /var/lib/wo-backup/nginx + fi + # backup nginx conf + if [ -d /etc/nginx ]; then + /usr/bin/rsync -a --noatime /etc/nginx/ /var/lib/wo-backup/nginx/ + fi + if [ -d /etc/php ]; then + /usr/bin/rsync -a --noatime /etc/php/ /var/lib/wo-backup/php/ + fi + # chec if the package nginx-ee is installed + CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) + CHECK_PHP72=$(command -v php-fpm7.2) - if [ -d /var/lib/wo-backup/nginx ]; then - /bin/tar -I pigz "$NGINX_BACKUP_FILE" /var/lib/wo-backup/nginx - rm -rf /var/lib/wo-backup/nginx - fi - # backup nginx conf - if [ -d /etc/nginx ]; then - /usr/bin/rsync -a --noatime /etc/nginx/ /var/lib/wo-backup/nginx/ - fi - if [ -d /etc/php ]; then - /usr/bin/rsync -a --noatime /etc/php/ /var/lib/wo-backup/php/ - fi - # chec if the package nginx-ee is installed - CHECK_NGINX_EE=$(dpkg --list | grep nginx-ee) - CHECK_PHP72=$(command -v php-fpm7.2) + # add new Nginx repository + if [ "$wo_distro_version" == "jessie" ]; then + # import the respository key for updates + curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key | apt-key add - + else + curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key | apt-key add - + fi - # add new Nginx repository - if [ "$wo_distro_version" == "jessie" ]; then - # import the respository key for updates - curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_8.0/Release.key | apt-key add - - else - curl -sL https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_9.0/Release.key | apt-key add - - fi - - # install new nginx package - if [ -n "$CHECK_NGINX_EE" ]; then - if [ -x /usr/local/bin/wo ]; then - [ -f /etc/apt/preferences.d/nginx-block ] && { mv /etc/apt/preferences.d/nginx-block /var/lib/wo/tmp/nginx-block; } - # stop nginx - service nginx stop - # remove previous package - apt-mark unhold nginx-ee nginx-common nginx-custom - apt-get autoremove nginx-ee nginx-common nginx-custom --allow-change-held-packages --purge -qq - # remove previous php-fpm pool configuration - if [ -n "$CHECK_PHP72" ]; then - apt-get purge php7.2-fpm -y -qq - rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf} - fi - if [ -d /etc/nginx ]; then - rm -rf /etc/nginx - fi - /usr/local/bin/wo stack install --nginx --php - rm -f /etc/nginx/common/acl.conf /etc/nginx/htpasswd-wo - /usr/bin/rsync -au --noatime /var/lib/wo-backup/nginx/ /etc/nginx/ - /usr/local/bin/wo stack upgrade --nginx --force + # install new nginx package + if [ -n "$CHECK_NGINX_EE" ]; then + if [ -x /usr/local/bin/wo ]; then + [ -f /etc/apt/preferences.d/nginx-block ] && { mv /etc/apt/preferences.d/nginx-block /var/lib/wo/tmp/nginx-block; } + # stop nginx + service nginx stop + # remove previous package + apt-mark unhold nginx-ee nginx-common nginx-custom + apt-get autoremove nginx-ee nginx-common nginx-custom --allow-change-held-packages --purge -qq + # remove previous php-fpm pool configuration + if [ -n "$CHECK_PHP72" ]; then + apt-get purge php7.2-fpm -y -qq + rm -f /etc/php/7.2/fpm/pool.d/{www.conf,www-two.conf,debug.conf} fi - fi - # restore sites and configuration - [ -f /etc/nginx/htpasswd-ee ] && { cp -f /etc/nginx/htpasswd-ee /etc/nginx/htpasswd-wo; } - sed -i "s/locations.conf/locations-wo.conf/" /etc/nginx/sites-available/* - sed -i "s/locations-php7.conf/locations-wo.conf/" /etc/nginx/sites-available/* - sed -i "s/locations-php71.conf/locations-wo.conf/" /etc/nginx/sites-available/* - sed -i "s/locations-php72.conf/locations-wo.conf/" /etc/nginx/sites-available/* - sed -i "s/locations-php73.conf/locations-wo.conf/" /etc/nginx/sites-available/* - sed -i "s/php.conf/php72.conf/" /etc/nginx/sites-available/* - sed -i "s/php7.conf/php72.conf/" /etc/nginx/sites-available/* - sed -i 's/ssl on;/#ssl on;/' /var/www/*/conf/nginx/ssl.conf - - # update redis.conf headers - if [ -f /etc/nginx/common/redis.conf ]; then - sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf - sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf - - fi - - VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) - # check if nginx -t do not return errors - if [ -z "$VERIFY_NGINX_CONFIG" ]; then - systemctl stop nginx - systemctl start nginx - else - VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size") - if [ -n "$VERIFY_NGINX_BUCKET" ]; then - sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g" /etc/nginx/nginx.conf + if [ -d /etc/nginx ]; then + rm -rf /etc/nginx fi - systemctl stop nginx - systemctl start nginx + /usr/local/bin/wo stack install --nginx --php + rm -f /etc/nginx/common/acl.conf /etc/nginx/htpasswd-wo + /usr/bin/rsync -au --noatime /var/lib/wo-backup/nginx/ /etc/nginx/ + /usr/local/bin/wo stack upgrade --nginx --force fi - [ -f /var/lib/wo/tmp/nginx-block ] && { mv /var/lib/wo/tmp/nginx-block /etc/apt/preferences.d/nginx-block; } + fi + # restore sites and configuration + [ -f /etc/nginx/htpasswd-ee ] && { cp -f /etc/nginx/htpasswd-ee /etc/nginx/htpasswd-wo; } + sed -i "s/locations.conf/locations-wo.conf/" /etc/nginx/sites-available/* + sed -i "s/locations-php7.conf/locations-wo.conf/" /etc/nginx/sites-available/* + sed -i "s/locations-php71.conf/locations-wo.conf/" /etc/nginx/sites-available/* + sed -i "s/locations-php72.conf/locations-wo.conf/" /etc/nginx/sites-available/* + sed -i "s/locations-php73.conf/locations-wo.conf/" /etc/nginx/sites-available/* + sed -i "s/htpasswd-ee/htpasswd-wo/" /etc/nginx/common/acl.conf + sed -i 's/ssl on;/#ssl on;/' /var/www/*/conf/nginx/ssl.conf - } \ - >> "$wo_install_log" 2>&1 + # update redis.conf headers + if [ -f /etc/nginx/common/redis.conf ]; then + sed -i "s/X-Cache /X-SRCache-Fetch-Status /g" /etc/nginx/common/redis.conf + sed -i "s/X-Cache-2 /X-SRCache-Store-Status /g" /etc/nginx/common/redis.conf + + fi + + VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed) + # check if nginx -t do not return errors + if [ -z "$VERIFY_NGINX_CONFIG" ]; then + systemctl stop nginx + systemctl start nginx + else + VERIFY_NGINX_BUCKET=$(nginx -t 2>&1 | grep "server_names_hash_bucket_size") + if [ -n "$VERIFY_NGINX_BUCKET" ]; then + sed -i "s/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g" /etc/nginx/nginx.conf + fi + systemctl stop nginx + systemctl start nginx + fi + [ -f /var/lib/wo/tmp/nginx-block ] && { mv /var/lib/wo/tmp/nginx-block /etc/apt/preferences.d/nginx-block; } } @@ -602,7 +616,7 @@ wo_update_latest() { if [ -z "$CHECK_REDIS_BIND" ]; then echo 'bind 127.0.0.1 ::1' >> /etc/redis/redis.conf - service redis-server restart > /dev/null 2>&1 + service redis-server restart fi fi @@ -619,7 +633,7 @@ wo_git_init() { } git add -A . git commit -am "Updated Nginx" - } >> /var/log/wo/install.log 2>&1 + } # WordOps under git version control [ -d /etc/wo ] && { cd /etc/wo || exit 1 @@ -628,7 +642,7 @@ wo_git_init() { } git add -A . git commit -am "Installed/Updated to WordOps" - } >> /var/log/wo/install.log 2>&1 + } # PHP under git version control [ -d /etc/php ] && { cd /etc/php || exit 1 @@ -637,19 +651,31 @@ wo_git_init() { } git add -A . git commit -am "Updated PHP" - } >> /var/log/wo/install.log 2>&1 + } } wo_backup_ee() { - /bin/tar -I pigz -cf "$EE_BACKUP_FILE" /etc/nginx /usr/local/bin/ee /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee /etc/letsencrypt >> /var/log/wo/install.log 2>&1 + if [ -d /etc/nginx ]; then + local EE_NGINX="/etc/nginx" + else + local EE_NGINX="" + fi + if [ -d /etc/letsencrypt ]; then + local EE_LE="/etc/letsencrypt" + else + local EE_LE="" + fi + /bin/tar -I pigz -cf "$EE_BACKUP_FILE" "$EE_NGINX" /usr/local/bin/ee /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee "$EE_LE" } wo_backup_wo() { - /bin/tar -I pigz -cf "$WO_BACKUP_FILE" /etc/nginx /etc/wo /var/lib/wo /etc/letsencrypt >> /var/log/wo/install.log 2>&1 + /bin/tar -I pigz -cf "$WO_BACKUP_FILE" "$WO_NGINX" /etc/wo /var/lib/wo "$WO_LE" + return 0 } wo_clean_ee() { - rm -f /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee >> /var/log/wo/install.log 2>&1 + rm -f /usr/local/bin/ee /etc/bash_completion.d/ee_auto.rc /usr/lib/ee/templates /usr/local/lib/python3.*/dist-packages/ee-*.egg /etc/ee /var/lib/ee + return 0 } wo_remove_ee_cron() { @@ -678,14 +704,12 @@ wo_tweak_kernel() { wo_systemd_tweak() { if [ ! -x /opt/wo-kernel.sh ]; then - { - # download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup - wget -qO /opt/wo-kernel.sh https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-script.mustache - chmod +x /opt/wo-kernel.sh - wget -qO /lib/systemd/system/wo-kernel.service https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-service.mustache - systemctl enable wo-kernel.service - systemctl start wo-kernel.service - } >> /var/log/wo/install.log 2>&1 + # download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup + wget -qO /opt/wo-kernel.sh https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-script.mustache + chmod +x /opt/wo-kernel.sh + wget -qO /lib/systemd/system/wo-kernel.service https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-service.mustache + systemctl enable wo-kernel.service + systemctl start wo-kernel.service fi LIMIT_CHECK=$(grep "500000" /etc/security/limits.conf) @@ -701,27 +725,23 @@ wo_domain_suffix() { wo_mariadb_tweak() { # increase mariadb open_files_limit - { - if [ -d /etc/systemd/system/mariadb.service.d ] && [ ! -f /etc/systemd/system/mariadb.service.d/limits.conf ]; then - echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/mariadb.service.d/limits.conf - systemctl daemon-reload - service mysql restart - fi - } >> /var/log/wo/install.log 2>&1 + if [ -d /etc/systemd/system/mariadb.service.d ] && [ ! -f /etc/systemd/system/mariadb.service.d/limits.conf ]; then + echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/mariadb.service.d/limits.conf + systemctl daemon-reload + service mysql restart + fi } wo_nginx_tweak() { # increase nginx open_files_limit - { - if [ ! -d /etc/systemd/system/nginx.service.d ]; then - mkdir -p /etc/systemd/system/nginx.service.d - if [ ! -f /etc/systemd/system/nginx.service.d/limits.conf ]; then - echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/nginx.service.d/limits.conf - systemctl daemon-reload - nginx -t && service nginx restart - fi + if [ ! -d /etc/systemd/system/nginx.service.d ]; then + mkdir -p /etc/systemd/system/nginx.service.d + if [ ! -f /etc/systemd/system/nginx.service.d/limits.conf ]; then + echo -e '[Service]\nLimitNOFILE=500000' > /etc/systemd/system/nginx.service.d/limits.conf + systemctl daemon-reload + nginx -t && service nginx restart fi - } >> /var/log/wo/install.log 2>&1 + fi } wo_clean() { @@ -729,7 +749,7 @@ wo_clean() { } wo_uninstall() { - rm -rf /usr/local/lib/python3.*/dist-packages/{pystache-*,cement-2.*,wo-*} /usr/local/bin/wo /etc/bash_completion.d/wo_auto.rc /var/lib/wo /etc/wo /usr/lib/wo/templates >> /var/log/wo/install.log 2>&1 + rm -rf /usr/local/lib/python3.*/dist-packages/{pystache-*,cement-2.*,wo-*} /usr/local/bin/wo /etc/bash_completion.d/wo_auto.rc /var/lib/wo /etc/wo /usr/lib/wo/templates } wo_ufw_setup() { @@ -790,13 +810,13 @@ wo_ufw_setup() { service rsyslog restart fi fi -} \ - >> $wo_install_log +} wo_cheat_install() { curl -sL https://cht.sh/:cht.sh > /usr/local/bin/cht.sh chmod +x /usr/local/bin/cht.sh [ ! -h /usr/local/bin/cheat ] && { + rm -f /usr/local/bin/cheat ln -s /usr/local/bin/cht.sh /usr/local/bin/cheat } curl -sL https://cheat.sh/:bash_completion > /etc/bash_completion.d/cht.sh @@ -805,12 +825,11 @@ wo_cheat_install() { ### # 4 - WO MAIN SETUP ### -wait + +# wo uninstall script if [ "$wo_purge" = "y" ]; then - wo_lib_echo "Backing-up WO install" | tee -ai $wo_install_log - wo_backup_wo | tee -ai $wo_install_log - wo_lib_echo "Uninstalling WordOps" | tee -ai $wo_install_log - wo_uninstall | tee -ai $wo_install_log + _run wo_backup_wo "Backing-up WO install" + _run wo_uninstall "Uninstalling WordOps" wo_lib_echo "The WordOps backup files can be found in $WO_BACKUP_FILE" exit 0 else @@ -821,144 +840,54 @@ else wo_lib_error "You already have WordOps $wo_version_new" 1 fi fi - wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log - wo_install_dep & - wo_timesync & - wo_lib_echo "Backing-up WO install" | tee -ai $wo_install_log - wo_backup_wo & - secure_wo_db & - wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log - wo_clean & - wait - if [ "$wo_travis" = "y" ]; then - wo_install_travis & - else - if [ -f "$HOME/.gitconfig" ]; then - wo_install >> $wo_install_log 2>&1 & - else - wo_install + _run wo_backup_wo "Backing-up WO install" + _run wo_clean + # 2 - Migration from EEv3 + elif [ -x /usr/local/bin/ee ]; then + if [ -z "$wo_force_install" ]; then + echo -e "Migrate from EasyEngine to WordOps (y/n): " && read -r WO_ANSWER + if [ "$WO_ANSWER" != "y" ] && [ "$WO_ANSWER" != "Y" ]; then + wo_lib_error "Not installing WordOps" 1 fi fi - wo_update_latest & - if [ ! -d /opt/acme/.sh ]; then - wo_lib_echo "Updating acme.sh" | tee -ai $wo_install_log - wo_install_acme_sh & - fi - wo_lib_echo "Applying Kernel tweaks" | tee -ai $wo_install_log - wo_tweak_kernel & - if [ ! -f /opt/wo-kernel.sh ]; then - wo_lib_echo "Adding systemd service tweak" | tee -ai $wo_install_log - wo_systemd_tweak & - fi - if [ -x /usr/sbin/nginx ]; then - wo_nginx_tweak & - fi - if [ -d /etc/systemd/system/mariadb.service.d ]; then - wo_mariadb_tweak & - fi - wo_cheat_install & - wo_domain_suffix & - wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log - wo_update_wp_cli & - wait - else - # 2 - Migration from EEv3 - if [ -x /usr/local/bin/ee ]; then - if [ -z "$wo_force_install" ]; then - echo -e "Migrate from EasyEngine to WordOps (y/n): " && read -r WO_ANSWER - if [ "$WO_ANSWER" != "y" ] && [ "$WO_ANSWER" != "Y" ]; then - wo_lib_error "Not installing WordOps" 1 - fi - fi - wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log - wo_install_dep >> $wo_install_log 2>&1 & - wo_timesync >> $wo_install_log 2>&1 & - wo_lib_echo "Backing-up EE install" | tee -ai $wo_install_log - wo_backup_ee >> $wo_install_log 2>&1 & - wo_lib_echo "Removing EasyEngine cronjob" | tee -ai $wo_install_log - wo_remove_ee_cron >> $wo_install_log 2>&1 & - wo_lib_echo "Syncing WO database" | tee -ai $wo_install_log - wo_sync_db >> $wo_install_log 2>&1 & - secure_wo_db >> $wo_install_log 2>&1 & - wait - wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log - if [ -f "$HOME/.gitconfig" ]; then - wo_install >> $wo_install_log 2>&1 & - else - wo_install | tee -ai $wo_install_log - fi - if command_exists nginx; then - wo_lib_echo "Upgrading Nginx" | tee -ai $wo_install_log - wo_upgrade_nginx >> $wo_install_log 2>&1 & - fi - wait - wo_update_latest >> $wo_install_log 2>&1 & - wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log - wo_install_acme_sh >> $wo_install_log 2>&1 & - wo_lib_echo "Applying Kernel tweaks" | tee -ai $wo_install_log - wo_tweak_kernel >> $wo_install_log 2>&1 & - if [ ! -f /opt/wo-kernel.sh ]; then - wo_lib_echo "Adding systemd service tweak" | tee -ai $wo_install_log - wo_systemd_tweak & - fi - if command_exists nginx; then - wo_nginx_tweak & - fi - if [ -d /etc/systemd/system/mariadb.service.d ]; then - wo_mariadb_tweak & - fi - wo_domain_suffix >> $wo_install_log & - wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log - { - wo_git_init & - wo_update_wp_cli & - wo_cheat_install & - } >> $wo_install_log - wait - wo_lib_echo "Cleaning-up EE previous install" | tee -ai $wo_install_log - wo_clean_ee >> $wo_install_log - else - # 3 - Fresh WO setup - wo_lib_echo "Installing wo dependencies " | tee -ai $wo_install_log - [ -z "$wo_travis" ] && { - wo_dist_upgrade >> $wo_install_log - } - wo_install_dep >> $wo_install_log & - wo_timesync >> $wo_install_log & - wait - wo_lib_echo "Installing WordOps " | tee -ai $wo_install_log - if [ "$wo_travis" = "y" ]; then - wo_install_travis | tee -ai $wo_install_log & - else - if [ -f "$HOME/.gitconfig" ]; then - wo_install >> $wo_install_log 2>&1 & - else - wo_install | tee -ai $wo_install_log - fi - fi - if [ "$ufw" = "y" ]; then - wo_lib_echo "Configuring UFW" | tee -ai $wo_install_log - wo_ufw_setup & - fi - wo_lib_echo "Applying Kernel tweaks" | tee -ai $wo_install_log - wo_tweak_kernel >> $wo_install_log 2>&1 & - if [ ! -f /opt/wo-kernel.sh ]; then - wo_lib_echo "Adding systemd service tweak" | tee -ai $wo_install_log - wo_systemd_tweak >> $wo_install_log 2>&1 & - fi - wo_lib_echo "Installing acme.sh" | tee -ai $wo_install_log - wo_lib_echo "Running post-install steps " | tee -ai $wo_install_log - { - wo_install_acme_sh & - secure_wo_db & - wo_cheat_install & - wo_domain_suffix & - wo_git_init & - wo_update_wp_cli & - } >> $wo_install_log - wait - fi + _run wo_backup_ee "Backing-up EE install" + _run wo_remove_ee_cron "Removing EasyEngine cronjob" + _run wo_sync_db "Syncing WO database" fi + _run wo_install_dep "Installing wo dependencies" + _run wo_timesync + if [ "$ufw" = "y" ]; then + _run wo_ufw_setup "Configuring UFW" + fi + # skip steps if travis + if [ -z "$wo_travis" ]; then + _run wo_dist_upgrade + _run wo_download "Downloading WordOps" + wo_git_config + _run wo_install "Installing WordOps" + else + _run wo_install_travis "Installing WordOps" + fi + if [ -x /usr/local/bin/ee ]; then + _run wo_upgrade_nginx "Upgrading Nginx" + _run wo_clean_ee "Cleaning previous EasyEngine install" + fi + _run wo_install_acme_sh + _run wo_tweak_kernel "Applying Kernel tweaks" + if [ ! -f /opt/wo-kernel.sh ]; then + _run wo_systemd_tweak "Adding systemd service tweak" + fi + if [ -x /usr/sbin/nginx ]; then + _run wo_nginx_tweak + fi + if [ -d /etc/systemd/system/mariadb.service.d ]; then + _run wo_mariadb_tweak + fi + _run wo_cheat_install "Running post-install steps" + _run wo_domain_suffix + _run wo_update_wp_cli + _run wo_update_latest + _run secure_wo_db wo sync >> $wo_install_log 2>&1 @@ -970,10 +899,10 @@ else elif [ "$wo_upgrade" = "1" ]; then wo_lib_echo "WordOps (wo) upgrade to $wo_version_new was succesfull!" echo - wo_lib_echo "To upgrade Nginx use the command:" - wo_lib_echo_info "wo stack upgrade --nginx" + wo_lib_echo "To upgrade WordOps stacks use the command:" + wo_lib_echo_info "wo stack upgrade --all" echo - wo_lib_echo "To update other packages use the command:" + wo_lib_echo "To update all other server packages use the command:" wo_lib_echo_info "wo maintenance" else wo_lib_echo "WordOps (wo) installed successfully" diff --git a/requirements.txt b/requirements.txt index 6a4b1a5..2df9c0a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -cement>=2.8.0 +cement>=2.8.2 diff --git a/setup.py b/setup.py index 66e548f..09aa70a 100644 --- a/setup.py +++ b/setup.py @@ -1,17 +1,15 @@ -from setuptools import setup, find_packages -import os import glob -import configparser -import re -import shutil +import os + +from setuptools import find_packages, setup conf = [] templates = [] long_description = '''WordOps An essential toolset that eases WordPress site and server administration. It provide the ability - to Install a high performance WordPress stack + to install a high performance WordPress stack with a few keystrokes''' for name in glob.glob('config/plugins.d/*.conf'): @@ -26,38 +24,8 @@ if not os.path.exists('/var/log/wo/'): if not os.path.exists('/var/lib/wo/'): os.makedirs('/var/lib/wo/') -# WordOps git configuration management -config = configparser.ConfigParser() -config.read(os.path.expanduser("~")+'/.gitconfig') -try: - wo_user = config['user']['name'] - wo_email = config['user']['email'] -except Exception: - print("WordOps (wo) require an username & and an email " - "address to configure Git (used to save server configurations)") - print("Your informations will ONLY be stored locally") - - wo_user = input("Enter your name: ") - while wo_user == "": - print("Unfortunately, this can't be left blank") - wo_user = input("Enter your name: ") - - wo_email = input("Enter your email: ") - - while not re.match(r"^[A-Za-z0-9\.\+_-]+@[A-Za-z0-9\._-]+\.[a-zA-Z]*$", - wo_email): - print("Whoops, seems like you made a typo - " - "the e-mailaddress is invalid...") - wo_email = input("Enter your email: ") - - os.system("git config --global user.name {0}".format(wo_user)) - os.system("git config --global user.email {0}".format(wo_email)) - -if not os.path.isfile('/root/.gitconfig'): - shutil.copy2(os.path.expanduser("~")+'/.gitconfig', '/root/.gitconfig') - setup(name='wo', - version='3.9.8.11', + version='3.9.8.12', description=long_description, long_description=long_description, classifiers=[], @@ -78,7 +46,7 @@ setup(name='wo', # "nose", # "coverage", # Required to function - 'cement == 2.8.0', + 'cement == 2.8.2', 'pystache', 'python-apt', 'pynginxconfig', diff --git a/tests/init-file b/tests/init-file deleted file mode 100644 index d8a3a07..0000000 --- a/tests/init-file +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash --init-file -source /etc/bash_completion.d/wo_auto.rc -source ~/.bashrc diff --git a/tests/travis.sh b/tests/travis.sh index 2542b61..5bc2929 100644 --- a/tests/travis.sh +++ b/tests/travis.sh @@ -17,7 +17,7 @@ exit_script() { echo -e "${CGREEN}#############################################${CEND}" echo -e ' stack install ' echo -e "${CGREEN}#############################################${CEND}" -stack_list='nginx php php73 mysql redis fail2ban clamav proftpd admin' +stack_list='nginx php php73 mysql redis fail2ban clamav proftpd netdata phpmyadmin composer dashboard extplorer adminer redis phpredisadmin mysqltuner utils' for stack in $stack_list; do echo -ne " Installing $stack [..]\r" if { diff --git a/wo/cli/main.py b/wo/cli/main.py index d0c009e..864deff 100644 --- a/wo/cli/main.py +++ b/wo/cli/main.py @@ -2,7 +2,7 @@ import os import sys -from cement.core import foundation +from cement.core.foundation import CementApp from cement.core.exc import CaughtSignal, FrameworkError from cement.ext.ext_argparse import ArgParseArgumentHandler from cement.utils.misc import init_defaults @@ -40,7 +40,7 @@ class WOArgHandler(ArgParseArgumentHandler): super(WOArgHandler, self).error("unknown args") -class WOApp(foundation.CementApp): +class WOApp(CementApp): class Meta: label = 'wo' diff --git a/wo/cli/plugins/secure.py b/wo/cli/plugins/secure.py index 38f8190..ec3d916 100644 --- a/wo/cli/plugins/secure.py +++ b/wo/cli/plugins/secure.py @@ -10,6 +10,7 @@ from wo.core.logging import Log from wo.core.services import WOService from wo.core.shellexec import WOShellExec from wo.core.variables import WOVariables +from wo.core.random import RANDOM def wo_secure_hook(app): @@ -21,14 +22,17 @@ class WOSecureController(CementBaseController): label = 'secure' stacked_on = 'base' stacked_type = 'nested' - description = ('Secure command secure auth, ip and port') + description = ( + 'Secure command provide the ability to' + 'adjust settings for backend and to harden server security.') arguments = [ (['--auth'], - dict(help='secure auth', action='store_true')), + dict(help='secure backend authentification', + action='store_true')), (['--port'], - dict(help='secure port', action='store_true')), + dict(help='set backend port', action='store_true')), (['--ip'], - dict(help='secure ip', action='store_true')), + dict(help='set backend whitelisted ip', action='store_true')), (['user_input'], dict(help='user input', nargs='?', default=None)), (['user_pass'], @@ -49,9 +53,7 @@ class WOSecureController(CementBaseController): def secure_auth(self): """This function secures authentication""" pargs = self.app.pargs - passwd = ''.join([random.choice - (string.ascii_letters + string.digits) - for n in range(24)]) + passwd = RANDOM.long(self) if not pargs.user_input: username = input("Provide HTTP authentication user " "name [{0}] :".format(WOVariables.wo_user)) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 4e19cfc..668941c 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -11,7 +11,7 @@ from cement.core.controller import CementBaseController, expose from wo.cli.plugins.site_functions import * from wo.cli.plugins.sitedb import (addNewSite, deleteSiteInfo, getAllsites, getSiteInfo, updateSiteInfo) -from wo.core.domainvalidate import DMN +from wo.core.domainvalidate import WODomain from wo.core.fileutils import WOFileUtils from wo.core.git import WOGit from wo.core.logging import Log @@ -58,7 +58,7 @@ class WOSiteController(CementBaseController): pargs.site_name = pargs.site_name.strip() # validate domain name - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) # check if site exists if not check_domain_exists(self, wo_domain): @@ -95,7 +95,8 @@ class WOSiteController(CementBaseController): Log.debug(self, str(e)) Log.error(self, 'could not input site name') pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, + pargs.site_name) # check if site exists if not check_domain_exists(self, wo_domain): Log.error(self, "site {0} does not exist".format(wo_domain)) @@ -135,8 +136,8 @@ class WOSiteController(CementBaseController): Log.debug(self, str(e)) Log.error(self, 'could not input site name') pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) - (wo_domain_type, wo_root_domain) = DMN.getdomainlevel(self, wo_domain) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) + (wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(self, wo_domain) wo_db_name = '' wo_db_user = '' wo_db_pass = '' @@ -187,7 +188,7 @@ class WOSiteController(CementBaseController): def log(self): pargs = self.app.pargs pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) wo_site_webroot = getSiteInfo(self, wo_domain).site_path if not check_domain_exists(self, wo_domain): @@ -209,7 +210,7 @@ class WOSiteController(CementBaseController): Log.error(self, 'could not input site name') # TODO Write code for wo site edit command here pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) if not check_domain_exists(self, wo_domain): Log.error(self, "site {0} does not exist".format(wo_domain)) @@ -240,7 +241,7 @@ class WOSiteController(CementBaseController): Log.error(self, 'Unable to read input, please try again') pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) if not check_domain_exists(self, wo_domain): Log.error(self, "site {0} does not exist".format(wo_domain)) @@ -281,7 +282,7 @@ class WOSiteEditController(CementBaseController): Log.error(self, 'Unable to read input, Please try again') pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) if not check_domain_exists(self, wo_domain): Log.error(self, "site {0} does not exist".format(wo_domain)) @@ -382,9 +383,6 @@ class WOSiteCreateController(CementBaseController): (['--vhostonly'], dict(help="only create vhost and database " "without installing WordPress", action='store_true')), - (['--experimental'], - dict(help="Enable Experimental packages without prompt", - action='store_true')), ] @expose(hide=True) @@ -426,7 +424,7 @@ class WOSiteCreateController(CementBaseController): Log.error(self, "Unable to input site name, Please try again!") pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) if not wo_domain.strip(): Log.error(self, "Invalid domain name, " "Provide valid domain name") @@ -719,7 +717,8 @@ class WOSiteCreateController(CementBaseController): "`tail /var/log/wo/wordops.log` and please try again") if pargs.letsencrypt: - (wo_domain_type, wo_root_domain) = DMN.getdomainlevel(self, wo_domain) + (wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(self, + wo_domain) data['letsencrypt'] = True letsencrypt = True if data['letsencrypt'] is True: @@ -768,7 +767,7 @@ class WOSiteCreateController(CementBaseController): httpsRedirect(self, wo_domain, True, wo_wildcard) if pargs.hsts: - setupHsts(self, wo_domain) + SSL.setuphsts(self, wo_domain) SSL.siteurlhttps(self, wo_domain) if not WOService.reload_service(self, 'nginx'): @@ -932,7 +931,7 @@ class WOSiteUpdateController(CementBaseController): Log.error(self, 'Unable to input site name, Please try again!') pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) wo_site_webroot = WOVariables.wo_webroot + wo_domain check_site = getSiteInfo(self, wo_domain) @@ -969,7 +968,7 @@ class WOSiteUpdateController(CementBaseController): pargs.wpsubdir or pargs.wpsubdomain or pargs.password)): try: - setupHsts(self, wo_domain) + SSL.setuphsts(self, wo_domain) except SiteError as e: Log.debug(self, str(e)) Log.info(self, "\nFail to enable HSTS") @@ -1130,7 +1129,8 @@ class WOSiteUpdateController(CementBaseController): pargs.php73 = False if pargs.letsencrypt: - (wo_domain_type, wo_root_domain) = DMN.getdomainlevel(self, wo_domain) + (wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(self, + wo_domain) if pargs.letsencrypt == 'on': data['letsencrypt'] = True letsencrypt = True @@ -1474,7 +1474,7 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)): if not os.path.isfile("{0}/conf/nginx/hsts.conf" .format(wo_site_webroot)): - setupHsts(self, wo_domain) + SSL.setuphsts(self, wo_domain) else: Log.error(self, "HSTS is already configured for given " "site") @@ -1859,7 +1859,7 @@ class WOSiteDeleteController(CementBaseController): Log.error(self, 'could not input site name') pargs.site_name = pargs.site_name.strip() - (wo_domain, wo_www_domain) = DMN.validatedomain(self, pargs.site_name) + (wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name) wo_db_name = '' wo_prompt = '' wo_nginx_prompt = '' diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index b6a1355..8156f11 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1548,23 +1548,6 @@ def renewLetsEncrypt(self, wo_domain_name): # redirect= False to disable https redirection -def setupHsts(self, wo_domain_name): - Log.info( - self, "Adding /var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain_name)) - - hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - hstsconf.write("more_set_headers " - "\"Strict-Transport-Security: " - "max-age=31536000; " - "includeSubDomains; " - "preload\";") - hstsconf.close() - return 0 - - def httpsRedirect(self, wo_domain_name, redirect=True, wildcard=False): if redirect: if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled" diff --git a/wo/cli/plugins/stack_config.py b/wo/cli/plugins/stack_config.py new file mode 100644 index 0000000..3c5166a --- /dev/null +++ b/wo/cli/plugins/stack_config.py @@ -0,0 +1,52 @@ +import os +import shutil + +from cement.core import handler, hook +from cement.core.controller import CementBaseController, expose + +from wo.cli.plugins.stack_pref import post_pref, pre_pref +from wo.core.aptget import WOAptGet +from wo.core.download import WODownload +from wo.core.extract import WOExtract +from wo.core.fileutils import WOFileUtils +from wo.core.logging import Log +from wo.core.services import WOService +from wo.core.shellexec import WOShellExec +from wo.core.variables import WOVariables + + +class WOStackUpgradeController(CementBaseController): + class Meta: + label = 'config' + stacked_on = 'stack' + stacked_type = 'nested' + exit_on_close = True + description = ('Upgrade stack safely') + arguments = [ + (['--nginx'], + dict(help='Upgrade all stack', action='store_true')), + (['--php'], + dict(help='Upgrade PHP 7.2 stack', action='store_true')), + (['--php73'], + dict(help='Upgrade PHP 7.3 stack', action='store_true')), + (['--mysql'], + dict(help='Upgrade MySQL stack', action='store_true')), + (['--wpcli'], + dict(help='Upgrade WPCLI', action='store_true')), + (['--redis'], + dict(help='Upgrade Redis', action='store_true')), + (['--netdata'], + dict(help='Upgrade Netdata', action='store_true')), + (['--dashboard'], + dict(help='Upgrade WordOps Dashboard', action='store_true')), + (['--composer'], + dict(help='Upgrade Composer', action='store_true')), + (['--phpmyadmin'], + dict(help='Upgrade phpMyAdmin', action='store_true')), + (['--no-prompt'], + dict(help="Upgrade Packages without any prompt", + action='store_true')), + (['--force'], + dict(help="Force Packages upgrade without any prompt", + action='store_true')), + ] diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 7488f70..3aa4c24 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -780,22 +780,22 @@ def post_pref(self, apt_packages, packages, upgrade=False): with open("/etc/php/7.3/fpm/pool.d/debug.conf", encoding='utf-8', mode='a') as myfile: - myfile.write("php_admin_value[xdebug.profiler_output_dir] " - "= /tmp/ \nphp_admin_value[xdebug.profiler_" - "output_name] = cachegrind.out.%p-%H-%R " - "\nphp_admin_flag[xdebug.profiler_enable" - "_trigger] = on \nphp_admin_flag[xdebug." - "profiler_enable] = off\n") + myfile.write( + "php_admin_value[xdebug.profiler_output_dir] " + "= /tmp/ \nphp_admin_value[xdebug.profiler_" + "output_name] = cachegrind.out.%p-%H-%R " + "\nphp_admin_flag[xdebug.profiler_enable" + "_trigger] = on \nphp_admin_flag[xdebug." + "profiler_enable] = off\n") # Disable xdebug - if not WOShellExec.cmd_exec(self, "grep -q \';zend_extension\'" - " /etc/php/7.3/mods-available" - "/xdebug.ini"): - WOFileUtils.searchreplace(self, "/etc/php/7.3/" - "mods-available/" - "xdebug.ini", - "zend_extension", - ";zend_extension") + if not WOShellExec.cmd_exec( + self, "grep -q \';zend_extension\'" + " /etc/php/7.3/mods-available/xdebug.ini"): + WOFileUtils.searchreplace( + self, "/etc/php/7.3/mods-available/" + "xdebug.ini", + "zend_extension", ";zend_extension") # PHP and Debug pull configuration if not os.path.exists('{0}22222/htdocs/fpm/status/' @@ -892,20 +892,21 @@ def post_pref(self, apt_packages, packages, upgrade=False): if not os.path.isfile("/etc/fail2ban/jail.d/custom.conf"): Log.info(self, "Configuring Fail2Ban") data = dict() - WOTemplate.render(self, - '/etc/fail2ban/jail.d/custom.conf', - 'fail2ban.mustache', - data, overwrite=False) - WOTemplate.render(self, - '/etc/fail2ban/filter.d/' - 'wo-wordpress.conf', - 'fail2ban-wp.mustache', - data, overwrite=False) - WOTemplate.render(self, - '/etc/fail2ban/filter.d/' - 'nginx-forbidden.conf', - 'fail2ban-forbidden.mustache', - data, overwrite=False) + WOTemplate.render( + self, + '/etc/fail2ban/jail.d/custom.conf', + 'fail2ban.mustache', + data, overwrite=False) + WOTemplate.render( + self, + '/etc/fail2ban/filter.d/wo-wordpress.conf', + 'fail2ban-wp.mustache', + data, overwrite=False) + WOTemplate.render( + self, + '/etc/fail2ban/filter.d/nginx-forbidden.conf', + 'fail2ban-forbidden.mustache', + data, overwrite=False) WOGit.add(self, ["/etc/fail2ban"], msg="Adding Fail2ban into Git") @@ -916,22 +917,18 @@ def post_pref(self, apt_packages, packages, upgrade=False): if os.path.isfile("/etc/proftpd/proftpd.conf"): Log.info(self, "Configuring ProFTPd") Log.debug(self, "Setting up Proftpd configuration") - WOFileUtils.searchreplace(self, "/etc/proftpd/" - "proftpd.conf", - "# DefaultRoot", - "DefaultRoot") - WOFileUtils.searchreplace(self, "/etc/proftpd/" - "proftpd.conf", - "# RequireValidShell", - "RequireValidShell") - WOFileUtils.searchreplace(self, "/etc/proftpd/" - "proftpd.conf", - "# PassivePorts " - " " - "49152 65534", - "PassivePorts " - " " - " 49000 50000") + WOFileUtils.searchreplace( + self, "/etc/proftpd/proftpd.conf", + "# DefaultRoot", "DefaultRoot") + WOFileUtils.searchreplace( + self, "/etc/proftpd/proftpd.conf", + "# RequireValidShell", "RequireValidShell") + WOFileUtils.searchreplace( + self, "/etc/proftpd/proftpd.conf", + "# PassivePorts " + "49152 65534", + "PassivePorts " + " 49000 50000") # proftpd TLS configuration if not os.path.isdir("/etc/proftpd/ssl"): WOFileUtils.mkdir(self, "/etc/proftpd/ssl") @@ -1361,9 +1358,10 @@ def post_pref(self, apt_packages, packages, upgrade=False): WOShellExec.cmd_exec(self, 'mysql < {0}22222/htdocs/db' '/anemometer/install.sql' .format(WOVariables.wo_webroot)) - except CommandExecutionError as e: + except Exception as e: Log.debug(self, "{0}".format(e)) - raise SiteError("Unable to import Anemometer database") + Log.error(self, "failed to configure Anemometer", + exit=False) WOMysql.execute(self, 'grant select on' ' *.* to \'anemometer\'' diff --git a/wo/cli/templates/nginx-core.mustache b/wo/cli/templates/nginx-core.mustache index 9d205c5..dd1db4b 100644 --- a/wo/cli/templates/nginx-core.mustache +++ b/wo/cli/templates/nginx-core.mustache @@ -32,7 +32,7 @@ http { # Limit Request limit_req_status 403; limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; - limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s; + limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s; # Proxy Settings # set_real_ip_from proxy-server-ip; diff --git a/wo/core/domainvalidate.py b/wo/core/domainvalidate.py index ff7ddd3..de74fce 100644 --- a/wo/core/domainvalidate.py +++ b/wo/core/domainvalidate.py @@ -3,7 +3,8 @@ import os from urllib.parse import urlparse -class DMN(): +class WODomain(): + """WordOps domain validation utilities""" def validatedomain(self, url): """ diff --git a/wo/core/random.py b/wo/core/random.py new file mode 100644 index 0000000..cb7482d --- /dev/null +++ b/wo/core/random.py @@ -0,0 +1,17 @@ +import random +import string + + +class RANDOM: + + def short(self): + short_random = ''.join([random.choice + (string.ascii_letters + string.digits) + for n in range(8)]) + return short_random + + def long(self): + long_random = ''.join([random.choice + (string.ascii_letters + string.digits) + for n in range(24)]) + return long_random diff --git a/wo/core/sslutils.py b/wo/core/sslutils.py index b04745f..9bb620d 100644 --- a/wo/core/sslutils.py +++ b/wo/core/sslutils.py @@ -119,7 +119,7 @@ class SSL: return iswildcard - def setupHsts(self, wo_domain_name): + def setuphsts(self, wo_domain_name): Log.info( self, "Adding /var/www/{0}/conf/nginx/hsts.conf" .format(wo_domain_name)) diff --git a/wo/core/variables.py b/wo/core/variables.py index fb3dd39..aa39058 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -11,9 +11,9 @@ class WOVariables(): """Intialization of core variables""" # WordOps version - wo_version = "3.9.8.11" + wo_version = "3.9.8.12" # WordOps packages versions - wo_wp_cli = "2.2.0" + wo_wp_cli = "2.3.0" wo_adminer = "4.7.2" wo_phpmyadmin = "4.9.0.1" wo_extplorer = "2.1.13"