summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAntoine Beaupré2011-02-21 20:42:27 (GMT)
committerAntoine Beaupré2011-02-21 20:42:27 (GMT)
commitbd6bc60b6b9a58f0f7cfe143edd7517263f7531e (patch)
tree208adfdbbc63750d6a1c3d601e450a4a4d704f43
parent21a603267728247d0185021f13bc4e1795e55eb3 (diff)
parent4ed8897706fd78f2f64141014bc96fd73fd8d4cf (diff)
Merge remote branch 'ceres/prod-koumbit' into prod-koumbitprod-koumbit
-rw-r--r--README.txt13
-rw-r--r--aegir.make6
-rw-r--r--db/db.drush.inc14
-rw-r--r--db/mysql/mysql_service.inc12
-rw-r--r--dns/dns.drush.inc7
-rw-r--r--docs/HINTS_OSX.txt14
-rw-r--r--docs/INSTALL.txt145
-rw-r--r--docs/UPGRADE.txt49
-rw-r--r--http/apache_ssl/vhost_ssl_disabled.tpl.php35
-rw-r--r--http/http.drush.inc12
-rw-r--r--http/nginx/nginx_advanced_include.conf278
-rw-r--r--http/nginx/nginx_service.inc5
-rw-r--r--http/nginx/nginx_simple_include.conf354
-rw-r--r--http/nginx/server.tpl.php50
-rw-r--r--http/nginx/vhost.tpl.php30
-rw-r--r--http/nginx/vhost_disabled.tpl.php11
-rw-r--r--http/nginx_ssl/vhost_ssl.tpl.php34
-rw-r--r--http/nginx_ssl/vhost_ssl_disabled.tpl.php27
-rw-r--r--install.hostmaster.inc167
-rw-r--r--install.sh.txt92
-rw-r--r--migrate.hostmaster.inc31
-rw-r--r--parse.backend.inc5
-rw-r--r--platform/backup.provision.inc5
-rw-r--r--platform/backup_delete.provision.inc26
-rw-r--r--platform/clone.provision.inc7
-rw-r--r--platform/deploy.provision.inc2
-rw-r--r--platform/drupal/deploy.inc33
-rw-r--r--platform/provision_drupal.drush.inc44
-rw-r--r--platform/provision_drupal_settings.tpl.php11
-rw-r--r--platform/verify.provision.inc9
-rw-r--r--provision.api.php8
-rw-r--r--provision.context.inc4
-rw-r--r--provision.context.server.inc3
-rw-r--r--provision.drush.inc11
-rw-r--r--provision.inc29
-rw-r--r--provision.info4
-rw-r--r--release.sh4
-rw-r--r--upgrade.sh.txt36
38 files changed, 1059 insertions, 568 deletions
diff --git a/README.txt b/README.txt
index 2196fe8..616a169 100644
--- a/README.txt
+++ b/README.txt
@@ -6,10 +6,11 @@ This is the backend of the Aegir hosting system.
The front end and back end are designed to be run separately, and each
front end will also be able to drive multiple back ends.
-The most up to date information regarding the project and its goal
-can be found in the Aegir wiki page:
+The most up to date information regarding the project and its goals
+can be found on the Aegir website and the community portal:
- http://groups.drupal.org/aegir/overview
+ http://aegirproject.org
+ http://community.aegirproject.org
To install Aegir, you should follow the INSTALL.txt document in docs/.
The HINTS_<arch>.txt files can be useful if you have a specific
@@ -20,8 +21,8 @@ To upgrade Aegir, follow the UPGRADE.txt document in docs/.
The core of the documentation in docs/ should be sufficient to get you
started. If you have further questions or are having trouble with Aegir,
-head for the documentation wiki:
+head for the documentation:
- http://groups.drupal.org/aegir-hosting-system/documentation
+ http://community.aegirproject.org/notebook
-Other documentation for developpers is also available in docs/.
+Other documentation for developers is also available in docs/.
diff --git a/aegir.make b/aegir.make
index f923a0b..e25eb28 100644
--- a/aegir.make
+++ b/aegir.make
@@ -4,6 +4,6 @@ api = 2
projects[drupal][type] = "core"
projects[hostmaster][type] = "profile"
-projects[hostmaster][download][type] = "git"
-projects[hostmaster][download][url] = "git://git.aegirproject.org/hostmaster.git"
-projects[hostmaster][download][branch] = "master"
+projects[hostmaster][download][type] = "get"
+projects[hostmaster][download][url] = "http://files.aegirproject.org/hostmaster-0.4-rc1.tgz"
+projects[hostmaster][download][directory_name] = "hostmaster"
diff --git a/db/db.drush.inc b/db/db.drush.inc
index be9f2ea..82e09c1 100644
--- a/db/db.drush.inc
+++ b/db/db.drush.inc
@@ -71,7 +71,7 @@ class provisionService_db extends provisionService {
function suggest_db_name() {
$uri = $this->context->uri;
- $suggest_base = substr(str_replace(array('.', '-'), '' , ereg_replace('^www\.', '', $uri)), 0, 16);
+ $suggest_base = substr(str_replace(array('.', '-'), '' , preg_replace('/^www\./', '', $uri)), 0, 16);
if (!$this->database_exists($suggest_base)) {
return $suggest_base;
@@ -91,8 +91,10 @@ class provisionService_db extends provisionService {
/**
* Generate a new mysql database and user account for the specified credentials
*/
- function create_site_database() {
- $creds = $this->generate_site_credentials();
+ function create_site_database($creds = array()) {
+ if (!sizeof($creds)) {
+ $creds = $this->generate_site_credentials();
+ }
extract($creds);
if (!$this->can_create_database()) {
@@ -150,12 +152,14 @@ class provisionService_db extends provisionService {
}
- function import_site_database($dump_file = null) {
+ function import_site_database($dump_file = null, $creds = array()) {
if (is_null($dump_file)) {
$dump_file = d()->site_path . '/database.sql';
}
- $creds = $this->fetch_site_credentials();
+ if (!sizeof($creds)) {
+ $creds = $this->fetch_site_credentials();
+ }
$exists = provision_file()->exists($dump_file)
->succeed('Found database dump at @path.')
diff --git a/db/mysql/mysql_service.inc b/db/mysql/mysql_service.inc
index 10dccaa..cc92ea4 100644
--- a/db/mysql/mysql_service.inc
+++ b/db/mysql/mysql_service.inc
@@ -14,6 +14,8 @@ class provisionService_db_mysql extends provisionService_db_pdo {
}
function database_exists($name) {
+ // An underscore in a LIKE clause is a single character wildcard, escape it.
+ $name = str_replace('_', '\_', $name);
$result = $this->query("SHOW DATABASES LIKE '%s'", $name);
if ($result) {
return $result->fetchColumn(0);
@@ -88,7 +90,7 @@ class provisionService_db_mysql extends provisionService_db_pdo {
}
function grant_host(provisionContext_server $server) {
- $command = sprintf('mysql -u intntnllyInvalid -h %s -P %s',
+ $command = sprintf('mysql -u intntnllyInvalid -h %s -P %s -e ""',
escapeshellarg($this->server->remote_host),
escapeshellarg($this->server->db_port));
@@ -124,6 +126,13 @@ class provisionService_db_mysql extends provisionService_db_pdo {
* We go through all this trouble to hide the password from the commandline,
* it's the most secure way (apart from writing a temporary file, which would
* create conflicts in parallel runs)
+ *
+ * XXX: this needs to be refactored so it:
+ * - works even if /dev/fd/3 doesn't exit
+ * - has a meaningful name (we're talking about reading and writing
+ * dumps here, really, or at least call mysql and mysqldump, not
+ * just any command)
+ * - can be pushed upstream to drush (http://drupal.org/node/671906)
*/
function safe_shell_exec($cmd, $db_host, $db_user, $db_passwd, $dump_file = null) {
$mycnf = sprintf('[client]
@@ -141,6 +150,7 @@ port=%s
2 => array("pipe", "w"), // stderr is a file to write to
3 => array("pipe", "r"), // fd3 is our special file descriptor where we pass credentials
);
+ $pipes = array();
$process = proc_open($cmd, $descriptorspec, $pipes);
$this->safe_shell_exec_output = '';
if (is_resource($process)) {
diff --git a/dns/dns.drush.inc b/dns/dns.drush.inc
index 79554cd..6b60034 100644
--- a/dns/dns.drush.inc
+++ b/dns/dns.drush.inc
@@ -41,6 +41,9 @@ function drush_dns_provision_zone($action, $zone, $name = null, $type = null, $d
break;
case 'rr-add':
$record = d()->service('dns')->config('zone', $zone)->record_get($name);
+ if (!is_array($record[$type])) {
+ $record[$type] = array();
+ }
$record[$type] = array_merge($record[$type], array($destination));
$status = d()->service('dns')->config('zone', $zone)->record_set($name, $record)->write();
break;
@@ -281,7 +284,7 @@ class provisionService_dns extends provisionService {
if ($status) {
drush_log(dt("creating zone configuration on slaves"));
- $status = $this->_each_server("create_zone", $zone);
+ $status = $this->_each_server("create_zone", array($zone));
}
return $status;
}
@@ -295,7 +298,7 @@ class provisionService_dns extends provisionService {
if ($status) {
drush_log(dt("deleting zone configuration from slaves"));
- $status = $this->_each_server("delete_zone", $zone);
+ $status = $this->_each_server("delete_zone", array($zone));
}
return $status;
}
diff --git a/docs/HINTS_OSX.txt b/docs/HINTS_OSX.txt
index dd6d1cb..951136c 100644
--- a/docs/HINTS_OSX.txt
+++ b/docs/HINTS_OSX.txt
@@ -62,7 +62,11 @@ The first two commands below are optional but recommended.
Shell commands::
sudo port selfupdate
sudo port upgrade outdated
- sudo port install apache2 mysql5-server git-core unzip php52 +mysql5
+ sudo port install apache2 mysql5-server git-core unzip php52 php5-posix \
+ php5-gd php5-apc +mysql5
+
+php5-apc is optional, but highly recommended as it will significantly increase
+PHP performance.
Watch the output of the last port command carefully, as there are
usually some boring tasks for you to perform once the install is
@@ -76,7 +80,13 @@ Next we'll create the aegir user and add it to the _www group. This
part is very different on Mac OS X than Linux or most other
Unices. Must be a NeXTism. The command we will use he is "dscl", which
is a short for Directory Service Command Line. In OSX 10.3 and
-earlier, that command is "nicl" (short for Net Info Command Line).
+earlier, that command is "nicl" (short for Net Info Command Line). It is also
+possible to create the user using the "Workgroup Manager" utility included with
+OS X Server. To obtain Workgroup Manager for the OS X Client, download the
+"Server Admin Tools" from Apple. For example, for Mac OS X 10.6, the admin tools
+can be found at:
+
+http://support.apple.com/downloads/Server_Admin_Tools_10_6
Shell commands::
sudo dscl . -create /Users/aegir NFSHomeDirectory /var/aegir
diff --git a/docs/INSTALL.txt b/docs/INSTALL.txt
index 5f7448f..9a7e62a 100644
--- a/docs/INSTALL.txt
+++ b/docs/INSTALL.txt
@@ -16,7 +16,7 @@ fairly simple. It's 3 basic steps::
1. Install requirements
2. Configure system requirements, which include::
* create a Aegir user
- * configure Apache, MySQL, DNS, etc
+ * configure Apache (or Nginx with PHP-FPM), MySQL, DNS, etc
3. Run the install script.
Those steps are detailed below. The following instructions provide example
@@ -32,10 +32,11 @@ bullet-point summary of the steps required for the installation. In case of
conflict between INSTALL.txt and other documentation, INSTALL.txt should be
considered the canonical source of information.
-Also note that those instructions setup a complete Aegir system. If you want
-to only setup a new server, it should be sufficient to install requirement
-(step 1) and configure them (step 2). You will just need the --backend-only flag
-to avoid installing the frontend on the server.
+Also note that these instructions setup a complete Aegir system. If you want
+to only setup a new remote web/db server, it should be sufficient to install
+requirements (step 1), configure them (step 2) and follow the Remote server
+how-to which you can find at http://community.aegirproject.org/node/30.
+
1. Install software requirements
================================
@@ -51,6 +52,9 @@ The level of access required to be able to configure this system is very far
beyond what is commonly available to users with shared hosting. Commands are
assumed to be run as root user.
+A standard umask of 022 is assumed. This is the default on most systems.
+
+
Web server
----------
@@ -60,6 +64,15 @@ need root access to that server and the server must be reserved for
Aegir. Sharing the server with other control panels such as Cpanel, Plesk or
AlternC will very likely create problems and is not supported.
+Aegir also supports Nginx web server, but requires at least version 0.7.27 or
+newer. Since Nginx doesn't provide php-cgi or php-fpm (recommended) modules,
+you will need to install and run php-fpm server separately. You can find
+useful examples and tips in the third party Barracuda installer available
+at http://gitorious.org/aegir/barracuda-octopus. Note: this third party
+installer is not supported by the core Aegir developers, but you can find
+helpful community support at http://community.aegirproject.org.
+
+
PHP 5.2
-------
@@ -73,12 +86,15 @@ load. As a result, we suggest using PHP 5.2 for the time-being.
See http://drupal.org/node/360605 (amongst other issues) for details.
+
Database server
---------------
You will require a database server, obviously. Aegir currently only supports
-MySQL. It is preferable to use a dedicated server since Aegir will create
-database users and will require a privileged user.
+MySQL and MariaDB. It is preferable to use a dedicated (not shared-hosting)
+server since Aegir will create database users and will require the use of the
+MySQL 'root' user.
+
Mail transfer agent
-------------------
@@ -90,6 +106,7 @@ email". Additional messages will show that site has been removed because of
this problem. To remedy the situation simply install an MTA like sendmail,
postfix, or exim and do the minimal configuration.
+
Other utilities: sudo, rsync, git and unzip
------------------------------
@@ -102,13 +119,14 @@ The jQueryUI library is used in the Aegir UI, unzip is required to extract it.
Sudo is required to allow the aegir user the limited privilege to restart the
webserver when required. Rsync is used to sync files to remote servers.
+
Summary
-------
This may vary according to your platform, but under a Debian derivative, you
can install all those packages using the following.
-Shell commands::
+Shell commands as root::
apt-get install apache2 php5 php5-cli php5-gd php5-mysql mysql-server \
postfix sudo rsync git-core unzip
@@ -148,6 +166,7 @@ the resolved IP address to be the '127.0.0.1' loopback address.
If you intend to manage multiple servers using Aegir, you will need to
make sure that the IP address is the public IP of this server.
+
Aegir user
----------
@@ -168,7 +187,7 @@ username if desired.
In addition we will create a directory layout for Aegir configuration and
backups.
-Shell commands::
+Shell commands as root::
adduser --system --group --home /var/aegir aegir
adduser aegir www-data #make aegir a user of group www-data
@@ -194,7 +213,6 @@ Change the memory_limit directive in /etc/php5/apache2/php.ini to read::
memory_limit = 128M ; Maximum amount of memory a script may consume (128MB)
-
Apache configuration
--------------------
@@ -226,21 +244,47 @@ file.
/etc/sudoers configuration::
aegir ALL=NOPASSWD: /usr/sbin/apache2ctl
+
+Nginx configuration
+--------------------
+
+Aegir assumes standard Nginx configuration is available on the server, and
+generates its own configuration files. The way we enable this is by
+symlinking a single file which contains all the configuration necessary.
+In Debian-based systems, you should symlink this file inside
+``/etc/nginx/conf.d`` that will be parsed on startup.
+
+Shell command as root::
+
+ ln -s /var/aegir/config/nginx.conf /etc/nginx/conf.d/aegir.conf
+
+**Do not reload/restart Nginx after running these commands, it will fail.**
+The installer script creates the configuration file referenced by the newly
+created symlink.
+
+The aegir user needs to have sudo access. Add the relevant line to your sudoers
+file.
+
+/etc/sudoers configuration::
+ aegir ALL=NOPASSWD: /etc/init.d/nginx
+
+
Remote web servers
------------------
Any number of remote web servers may be configured. They need an aegir user and
Apache configuration as above, with the same user name and directory paths. SSH
public/private keys should be set up so hostmaster's Aegir user can access
-remote web Aegir users with no passwords. The above apache configuration needs
-to be performed to.
+remote web Aegir users with no passwords. The above Apache configuration needs
+to be performed too.
They will also need a login shell, which can be modified using the ``chsh`` command.
-Shell command as root::
+Shell commands as root::
chsh -s /bin/sh aegir
apt-get install rsync apache2 php5 php5-cli php5-mysql
+
Database configuration
----------------------
@@ -256,9 +300,9 @@ Now you need to restart mysql, to clear any caches.
Shell command as root::
/etc/init.d/mysql restart
-The installer will prompt you for your MySQL root user password. It will
-not store this information, but instead use it to generate a new super
-user account for the aegir system.
+The installer will prompt you for your MySQL root user password. The root
+user will be used to make administrative tasks such as creating new databases,
+and granting and revoking access to those databases for sites.
Even though MySQL is now listening on all IP's, it will not allow invalid users
to connect to the databases, without the correct user accounts configured.
@@ -267,18 +311,26 @@ If you are concerned about MySQL being accessible in this way, you can also
configure your firewall to only allow incoming connections from certain addresses.
This is outside the scope of this document however.
+
3. Run the install script
=========================
-This section deals with the actual installation of Aegir.
+This section deals with the actual installation of Aegir. You can
+install aegir in one of two ways: one assumes you have already
+downloaded drush and provision, while the other will do that for you.
+
+
+3.1 Installing aegir with only the install.sh script
+----------------------------------------------------
There is an install script that takes care of installing the right packages and
preparing the backend and frontend install for you. That script needs to be run
-as the aegir user created above. This file is available in Provision or can be
-downloaded through the web with this command::
+as the aegir user created above, so it needs to be placed somewhere that the
+aegir user can access in order to execute it. This file is available in
+Provision or can be downloaded through the web with this command::
-Shell commands::
- wget -O install.sh 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=install.sh.txt;hb=HEAD'
+Shell command::
+ wget -O install.sh 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=install.sh.txt;hb=provision-0.4-rc1'
By default, the install script will install the "correct" version of Aegir
(ie. if it was downloaded through git, it will install the version from the
@@ -286,21 +338,54 @@ git master branch. If you downloaded an official release, it should install
the official release.). You can modify which version to install by editing the
AEGIR_VERSION variable in the script.
-Shell commands::
- su -s /bin/sh aegir -c "sh install.sh aegir.example.com"
+Shell command for Apache version::
+ su -s /bin/sh aegir -c "sh install.sh"
+
+Shell command for Nginx version::
+ su -s /bin/sh aegir -c "sh install.sh --http_service_type=nginx"
Note you must run the above command as root or prefix with sudo.
-Be sure to change 'aegir.example.com' to match the URI of your site.
+You will be prompted for the information necessary to complete the
+installation.
+
+Once you have run install.sh once, drush and provision should be
+installed and you can use the more powerful hostmaster-install command
+to retry the install if it failed the first time.
+
+
+3.2 Installing aegir with drush and provision installed
+-------------------------------------------------------
+
+If you have already downloaded drush and provision, you can just install
+provision in the commands directory of Drush (either ~aegir/.drush or
+/usr/share/drush/commands), if that's not already done. Once provision
+is properly installed, you can install all other aegir components using
+the hostmaster-install command.
+
+Shell command::
+
+ drush hostmaster-install --version=HEAD
+
+You will be prompted for the required information if not provided on the
+commandline. See the inline help for the available options::
+
+ drush help hostmaster-install
+
+It is imperative that you provide a valid FQDN to the installer. This is used
+for database GRANTs. Remote web servers depend on the FQDN being resolvable
+in order to connect back to your Aegir master server if it is used as your
+database server for managed sites.
+
+Upon completion of the installation, the traditional Drupal 'Welcome' e-mail
+will be sent to the e-mail address specified by --client_email=(your e-mail)
+or if not provided as a command line switch, the address prompted by the
+installer process. This e-mail address will also be used as the default e-mail
+address of the first user and client in Aegir, but can be changed later.
-You can append '--client_email=you@example.com' to keep from being prompted for
-an e-mail address during install. The traditional Drupal 'Welcome' e-mail will
-be sent to this e-mail address upon completion of the installation. This e-mail
-address will also be used as the default e-mail address of the first user and
-client in Aegir, but can be changed later.
Checkpoint / Finished!
------------
+----------------------
At this point, you have checked out all the code and setup your basic Drupal
system (Drupal core, hosting, hostmaster and eldir) that will be the Aegir
diff --git a/docs/UPGRADE.txt b/docs/UPGRADE.txt
index 778ee90..3d05398 100644
--- a/docs/UPGRADE.txt
+++ b/docs/UPGRADE.txt
@@ -35,6 +35,7 @@ To become aegir user you can issue this command::
Note that /bin/sh is an example. You may wish to instead use the shell of your
choice, i.e /bin/bash
+A standard umask of 022 is assumed. This is the default on most systems.
Upgrade script
==============
@@ -50,10 +51,19 @@ the bottom of this document before attempting to run the upgrade.sh script,
as the script will assume you have your system set up appropriately to
handle the upgrade process.
-You can download and run the upgrade.sh script with the following.
+You can download the upgrade.sh script with the following command.
+
+Make sure you download it to somewhere that the aegir user can access in order
+to execute it.
+
+Shell commands::
+ wget -O upgrade.sh.txt 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=provision-0.4-rc1'
+
+You may need to edit the script to set any variables that are different from the
+defaults. Pay particular attention to the OLD_DRUPAL_DIR variable, as you may be
+upgrading from a different release to the default here.
Shell commands::
- wget -O upgrade.sh.txt 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=HEAD'
su -s /bin/sh aegir -c "sh upgrade.sh.txt aegir.example.com"
Remember to replace aegir.example.com with the domain of your Aegir installation.
@@ -76,20 +86,20 @@ you are reading this document.
Shell commands::
- export AEGIR_VERSION=HEAD
- export AEGIR_DIR=/var/aegir
- export DRUPAL_DIR=$AEGIR_DIR/hostmaster-$AEGIR_VERSION
+ export AEGIR_VERSION=0.4-rc1
+ export AEGIR_HOME="$HOME"
+ export DRUPAL_DIR=$AEGIR_HOME/hostmaster-$AEGIR_VERSION
export DRUSH_VERSION=6.x-3.3
- export DRUSH_MAKE_VERSION=6.x-2.0-beta9
+ export DRUSH_MAKE_VERSION=6.x-2.0-beta11
export AEGIR_DOMAIN=aegir.example.com
- export OLD_DRUPAL_DIR=$AEGIR_DIR/hostmaster-0.4-alpha9
+ export OLD_DRUPAL_DIR=$AEGIR_HOME/hostmaster-0.4-beta2
This document also assumes drush is installed properly and we use an
environment variable to simplify the documentation again.
Shell commands::
- export DRUSH="php $AEGIR_DIR/drush/drush.php"
+ export DRUSH="php $AEGIR_HOME/drush/drush.php"
Generic upgrade instructions
============================
@@ -124,7 +134,7 @@ frontend.
Shell commands::
- cd $AEGIR_DIR
+ cd $AEGIR_HOME
mv drush drush.bak
wget http://ftp.drupal.org/files/projects/drush-$DRUSH_VERSION.tar.gz
gunzip -c drush-$DRUSH_VERSION.tar.gz | tar -xf -
@@ -157,7 +167,6 @@ releases to the latest applicable versions.
Once you have upgraded the backend, and you have installed drush_make you will
need to run the hostmaster migrate command.
-
Shell commands::
cd $OLD_DRUPAL_DIR
@@ -175,6 +184,11 @@ will be halted as it is necessary for the task queue to be processed.
The command above will fetch the latest stable Drupal release, so it can
simply be run again when a new security release of Drupal is made available.
+If you have customized your Aegir installation and are maintaining your own
+makefile, you can use the --makefile flag so the platform is created with
+another makefile than the default. Be warned that this may create problems if
+the makefile doesn't include the right Aegir modules.
+
Version-specific upgrade notes
==============================
@@ -221,7 +235,7 @@ Finally, set an $AEGIR_IP environment variable for use in the Database
configuration step below.
Shell commands as root::
- AEGIR_IP=`resolveip $AEGIR_HOST`
+ AEGIR_IP=`resolveip $AEGIR_HOST | awk {'print $6'}`
0.4 - unzip dependency
----------------------
@@ -264,8 +278,8 @@ You need to re-use the pasword you had for the account before.
Shell commands::
- mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@$AEGIR_HOST IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
- mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@$AEGIR_IP IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
+ mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@'$AEGIR_HOST' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
+ mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@'$AEGIR_IP' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;"
0.4 - Apache configuration
@@ -278,8 +292,7 @@ and a single apache.conf. The vhost.d directory is for virtual hosts,
platform.d is for platform-specific configuration and apache.conf is the
server-wide configuration file.
-After you have completed the migration process as outlined above,
-you will need to change the line you added to either the httpd.conf file
+You will need to change the line you added to either the httpd.conf file
or /etc/apache2/conf.d/aegir file during installation.
Open your httpd.conf file and modify::
@@ -290,11 +303,11 @@ To read ::
Include /var/aegir/config/apache.conf
-If you are upgrading from 0.4 releases between alpha8 and alpha14, you will
-need to rename your conf.d directory to post.d in Apache and pre.d in
+If you are upgrading from 0.4 releases between alpha8 and (including) alpha14,
+you will need to rename your conf.d directory to post.d in Apache and pre.d in
Nginx. Example, in Apache::
mv /var/aegir/config/server_master/apache/{conf.d,post.d}
Now log into Aegir, and verify the hostmaster platform. This will generate
-the correct apache.conf file and restart apache.
+the correct apache.conf file and restart Apache.
diff --git a/http/apache_ssl/vhost_ssl_disabled.tpl.php b/http/apache_ssl/vhost_ssl_disabled.tpl.php
new file mode 100644
index 0000000..52e6ee8
--- /dev/null
+++ b/http/apache_ssl/vhost_ssl_disabled.tpl.php
@@ -0,0 +1,35 @@
+<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
+
+ <VirtualHost <?php print "{$ip_address}:{$http_ssl_port}"; ?>>
+ <?php if ($this->site_mail) : ?>
+ ServerAdmin <?php print $this->site_mail; ?>
+ <?php endif;?>
+
+ DocumentRoot <?php print $this->root; ?>
+
+ ServerName <?php print $this->uri; ?>
+
+ # Enable SSL handling.
+
+ SSLEngine on
+
+ SSLCertificateFile <?php print $ssl_cert; ?>
+
+ SSLCertificateKeyFile <?php print $ssl_cert_key; ?>
+
+<?php
+ if (sizeof($this->aliases)) {
+ print "\n ServerAlias " . implode("\n ServerAlias ", $this->aliases) . "\n";
+ }
+?>
+
+ RewriteEngine on
+ # the ? at the end is to remove any query string in the original url
+ RewriteRule ^(.*)$ <?php print $this->platform->server->web_disable_url . '/' . $this->uri ?>?
+
+</VirtualHost>
+<?php endif; ?>
+
+<?php
+ include('http/apache/vhost_disabled.tpl.php');
+?>
diff --git a/http/http.drush.inc b/http/http.drush.inc
index 3f12b56..2f3b811 100644
--- a/http/http.drush.inc
+++ b/http/http.drush.inc
@@ -104,8 +104,8 @@ class provisionService_http_public extends provisionService_http {
// Redirection urls
- $this->server->setProperty('web_disable_url', $this->server->master_url .'/hosting/disabled');
- $this->server->setProperty('web_maintenance_url', $this->server->master_url .'/hosting/maintenance');
+ $this->server->web_disable_url = rtrim($this->server->master_url, '/') .'/hosting/disabled';
+ $this->server->web_maintenance_url = rtrim($this->server->master_url, '/') .'/hosting/maintenance';
if (!is_null($this->application_name)) {
@@ -114,6 +114,7 @@ class provisionService_http_public extends provisionService_http {
$this->server->http_postd_path = "{$app_dir}/post.d";
$this->server->http_platformd_path = "{$app_dir}/platform.d";
$this->server->http_vhostd_path = "{$app_dir}/vhost.d";
+ $this->server->http_platforms_path = "{$this->server->aegir_root}/platforms";
}
}
@@ -142,7 +143,12 @@ class provisionService_http_public extends provisionService_http {
provision_file()->create_dir($this->server->http_vhostd_path , dt("Webserver virtual host configuration"), 0700);
$this->sync($this->server->http_vhostd_path, array(
'exclude' => $this->server->http_vhostd_path . '/*', // Make sure remote directory is created
- ));
+ ));
+
+ provision_file()->create_dir($this->server->http_platforms_path, dt("Platforms"), 0755);
+ $this->sync($this->server->http_platforms_path, array(
+ 'exclude' => $this->server->http_platforms_path . '/*', // Make sure remote directory is created
+ ));
}
parent::verify_server_cmd();
diff --git a/http/nginx/nginx_advanced_include.conf b/http/nginx/nginx_advanced_include.conf
index a29e6e2..92089b9 100644
--- a/http/nginx/nginx_advanced_include.conf
+++ b/http/nginx/nginx_advanced_include.conf
@@ -5,18 +5,15 @@
###
### deny crawlers without 403 response
###
- if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
+ if ( $http_user_agent ~* (?:HTTrack|HTMLParser|libwww|wget) ) {
return 444;
}
###
- ### deny bots on never cached uri without 403 response
+ ### deny not compatible request methods without 405 response
###
- location ~* ^/(user)|(admin) {
- if ($http_user_agent ~* (crawl|goog|bot) ) {
+ if ( $request_method !~ ^(?:GET|HEAD|POST)$ ) {
return 444;
- }
- try_files $uri $uri/ @cache;
}
###
@@ -24,84 +21,39 @@
### http://drupal.org/project/filefield_nginx_progress
### http://github.com/masterzen/nginx-upload-progress-module
###
- location ~ (.*)/x-progress-id:(\w*) {
+ location ~ (?:.*)/x-progress-id:(?:\w*) {
+ access_log off;
rewrite ^(.*)/x-progress-id:(\w*) $1?X-Progress-ID=$2;
}
location ^~ /progress {
+ access_log off;
report_uploads uploads;
}
-
- ###
- ### catch all unspecified requests
- ###
- location / {
- try_files $uri $uri/ @cache;
- }
-
- ###
- ### boost compatible cache check - nginx 0.7.27 or newer required with try_files support
- ###
- location @cache {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
- }
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
- }
- error_page 405 = @drupal;
- add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
- add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
- add_header X-Header "Boost Citrus 1.9";
- charset utf-8;
- try_files /cache/normal/$host${uri}_$args.html @drupal;
- }
-
- ###
- ### send all not cached requests to drupal with clean URLs support
- ###
- location @drupal {
- rewrite ^/(.*)$ /index.php?q=$1 last;
- }
-
- ###
- ### deny listed requests for security reasons
- ###
- location ~* (/\..*|settings\.php$|\.(htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(Entries.*|Repository|Root|Tag|Template))$ {
- deny all;
- }
###
- ### deny php files here for security reasons (remove 'sites' to allow civicrm install)
+ ### fix for Aegir & .info .pl domain ext
###
- location ~* /(files|themes|sites)/.*\.php$ {
- deny all;
+ location ~* ^/(?:hosting) {
+ access_log off;
+ try_files $uri @cache;
}
-
+
###
- ### deny direct access to backups
- ###
- location ~* ^/sites/(.*)/files/backup_migrate/ {
- deny all;
- }
-
+ ### deny listed requests for security reasons without 403 response
###
- ### send all non-static requests to php-fpm
- ###
- location ~ \.php$ {
- try_files $uri @drupal; ### check for existence of php file first
- fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
- track_uploads uploads 60s; ### required for upload progress
+ location ~* (/\..*|settings\.php$|\.(?:git|htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)$|^(?:Entries.*|Repository|Root|Tag|Template))$ {
+ return 444;
}
###
### make css files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
- location ~ \.css$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ location ~* \.css$ {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @uncached;
access_log off;
@@ -113,12 +65,12 @@
###
### make js files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
- location ~ \.js$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ location ~* \.js$ {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @uncached;
access_log off;
@@ -130,12 +82,12 @@
###
### make json compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
- location ~ \.json$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ location ~* \.json$ {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @uncached;
access_log off;
@@ -153,55 +105,83 @@
}
###
- ### imagecache, crossdomain file for flash and (f)ckeditor support
+ ### imagecache, imagecache_external and (f)ckeditor support
###
- location ~* /(files/imagecache)|(fckeditor)|(ckeditor)|(crossdomain)|(cross-domain)/ {
+ location ~* /(?:external|system|files/imagecache|files/styles|f?ckeditor)/ {
access_log off;
expires 30d;
# fix common problems with old paths after import from standalone to Aegir multisite
- rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4/$5 last;
- rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4 last;
- rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$1/files/imagecache/$2/$3 last;
- rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/images/(.*)$ /sites/$1/files/imagecache/$2/images/$3 last;
- rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/www\.(.*)/files/(.*)$ /sites/$1/files/imagecache/$2/$4 last;
+ rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$host/files/imagecache/$2/$3 last;
+ rewrite ^/files/imagecache/(.*)$ /sites/$host/files/imagecache/$1 last;
+ rewrite ^/files/styles/(.*)$ /sites/$host/files/styles/$1 last;
try_files $uri @drupal;
}
###
### serve & no-log static files & images directly, without all standard drupal rewrites, php-fpm etc.
###
- location ~* ^.+\.(jpg|jpeg|gif|png|ico|swf|pdf|doc|xls|tiff|tif|txt|shtml|cgi|bat|pl|dll|asp|exe|class)$ {
+ location ~* ^.+\.(?:jpe?g|gif|png|ico|swf|pdf|doc|xls|tiff?|txt|cgi|bat|pl|dll|aspx?|exe|class)$ {
access_log off;
expires 30d;
- # allow files to be accessed without /sites/fqdn/
- rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
+ # allow files/images/downloads to be accessed without /sites/fqdn/
+ rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
+ rewrite ^/images/(.*)$ /sites/$host/files/images/$1 last;
+ rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last;
try_files $uri =404;
}
###
### serve & log bigger media/static/archive files directly, without all standard drupal rewrites, php-fpm etc.
###
- location ~* ^.+\.(avi|mpg|mpeg|mov|wmv|mp3|mp4|m4a|flv|wav|midi|zip|gz|rar)$ {
+ location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|t?gz|rar)$ {
+ expires 30d;
+ # allow files/downloads to be accessed without /sites/fqdn/
+ rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
+ rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last;
+ try_files $uri =404;
+ }
+
+ ###
+ ### serve & no-log some static files as is, without forcing default_type
+ ###
+ location ~* /(?:cross-?domain)\.xml$ {
+ access_log off;
expires 30d;
- # allow files to be accessed without /sites/fqdn/
- rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
+ add_header X-Header "Barracuda Octopus 1.0";
try_files $uri =404;
}
###
+ ### allow some known php files (like serve.php in the ad module)
+ ###
+ location ~* /(?:modules|libraries)/(?:ad|tinybrowser|f?ckeditor|tinymce|wysiwyg_spellcheck)/.*\.php$ {
+ access_log off;
+ try_files $uri =404;
+ fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
+ }
+
+ ###
+ ### deny listed requests for security reasons without 403 response
+ ###
+ location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|script|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) {
+ return 444;
+ }
+
+ ###
### make feeds compatible with boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
location ~* \.xml$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @drupal;
+ access_log off;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
- add_header X-Header "Boost Citrus 2.4";
+ add_header X-Header "Boost Citrus 2.4";
charset utf-8;
types { }
default_type application/rss+xml;
@@ -212,13 +192,14 @@
### make feeds compatible with Boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
location ~* /feed$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @drupal;
+ access_log off;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 2.5";
@@ -228,6 +209,105 @@
try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal;
}
+ ###
+ ### deny php env display
+ ###
+ location ~* /admin/reports/status/.+ {
+ access_log off;
+ rewrite ^ http://$host/admin/reports/status permanent;
+ }
+
+ ###
+ ### deny cache details display
+ ###
+ location ~* /admin/reports/cache {
+ access_log off;
+ rewrite ^ http://$host/admin/reports/status permanent;
+ }
+
+ ###
+ ### deny phpinfo details display
+ ###
+ location ~* /devel/(?:phpinfo|php) {
+ access_log off;
+ rewrite ^ http://$host/admin/reports/status permanent;
+ }
+
+ ###
+ ### deny bots on never cached uri without 403 response
+ ###
+ location ~* ^/(?:user|admin|node/add) {
+ if ( $http_user_agent ~* (?:crawl|goog|yahoo|spider|bot|yandex) ) {
+ return 444;
+ }
+ access_log off;
+ try_files $uri @cache;
+ }
+
+ ###
+ ### deny direct access to backups
+ ###
+ location ~* ^/sites/.*/files/backup_migrate/ {
+ access_log off;
+ deny all;
+ }
+
+ ###
+ ### deny direct access to private downloads
+ ###
+ location ~* ^/sites/.*/private/ {
+ access_log off;
+ deny all;
+ }
+
+ ###
+ ### catch all unspecified requests
+ ###
+ location / {
+ try_files $uri @cache;
+ }
+
+ ###
+ ### boost compatible cache check - nginx 0.7.27 or newer required with try_files support
+ ###
+ location @cache {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
+ }
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
+ }
+ error_page 405 = @drupal;
+ add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
+ add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
+ add_header X-Header "Boost Citrus 1.9";
+ charset utf-8;
+ try_files /cache/normal/$host${uri}_$args.html @drupal;
+ }
+
+ ###
+ ### send all not cached requests to drupal with clean URLs support
+ ###
+ location @drupal {
+ rewrite ^/(.*)$ /index.php?q=$1 last;
+ }
+
+ ###
+ ### send all non-static requests to php-fpm, restricted to known php files
+ ###
+ location ~* ^/(?:index|boost_stats|update|authorize|xmlrpc)\.php$ {
+ try_files $uri @drupal; ### check for existence of php file first
+ fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
+ track_uploads uploads 60s; ### required for upload progress
+ }
+
+ ###
+ ### deny access to any not listed above php files
+ ###
+ location ~* ^.+\.php$ {
+ deny all;
+ }
+
#######################################################
### nginx.conf site standard vhost include end
#######################################################
diff --git a/http/nginx/nginx_service.inc b/http/nginx/nginx_service.inc
index 0acf70d..a981449 100644
--- a/http/nginx/nginx_service.inc
+++ b/http/nginx/nginx_service.inc
@@ -22,8 +22,9 @@ class provisionService_http_nginx extends provisionService_http_public {
$this->server->shell_exec('nginx -V');
$this->server->nginx_has_gzip = preg_match("/(with-http_gzip_static_module)/", implode('', drush_shell_exec_output()), $match);
$this->server->nginx_has_upload_progress = preg_match("/(nginx-upload-progress-module)/", implode('', drush_shell_exec_output()), $match);
- $this->server->nginx_has_new_version = preg_match("/(nginx\/0\.8\.)/", implode('', drush_shell_exec_output()), $match);
-
+ $this->server->nginx_has_new_version = preg_match("/(Barracuda\/0\.9\.)/", implode('', drush_shell_exec_output()), $match);
+ $this->server->provision_db_cloaking = FALSE;
+ $this->server->nginx_web_server = 1;
}
function verify_server_cmd() {
diff --git a/http/nginx/nginx_simple_include.conf b/http/nginx/nginx_simple_include.conf
index f9ff2d8..9f058c1 100644
--- a/http/nginx/nginx_simple_include.conf
+++ b/http/nginx/nginx_simple_include.conf
@@ -1,168 +1,85 @@
#######################################################
-### nginx.conf site pre 0.7.27 vhost include start
+### nginx.conf site standard vhost include start
#######################################################
###
### deny crawlers without 403 response
###
- if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) {
+ if ( $http_user_agent ~* (?:HTTrack|HTMLParser|libwww|wget) ) {
return 444;
}
###
- ### deny bots on never cached uri without 403 response
+ ### deny not compatible request methods without 405 response
###
- location ~* ^/(user)|(admin) {
- if ($http_user_agent ~* (crawl|goog|bot) ) {
+ if ( $request_method !~ ^(?:GET|HEAD|POST)$ ) {
return 444;
- }
- #try_files $uri $uri/ @cache;
- if (!-e $request_filename) {
- break;
- }
- error_page 404 = @cache;
- }
-
- ###
- ### catch all unspecified requests
- ###
- location / {
- #try_files $uri $uri/ @cache;
- if (!-e $request_filename) {
- break;
- }
- error_page 404 = @cache;
}
-
- ###
- ### boost compatible cache check
- ###
- location @cache {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
- }
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
- }
- error_page 405 = @drupal;
- add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
- add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
- add_header X-Header "Boost Citrus 1.9";
- charset utf-8;
- #try_files /cache/normal/$host${uri}_$args.html @drupal;
- if (-f $document_root/cache/normal/$host${uri}_$args.html) {
- rewrite ^/(.+)$ /cache/normal/$host${uri}_$args.html last;
- break;
- }
- error_page 404 = @drupal;
- }
-
- ###
- ### send all not cached requests to drupal with clean URLs support
- ###
- location @drupal {
- if (!-e $request_filename) {
- rewrite ^/\?q=([^.]+)$ /index.php?q=$1 last;
- rewrite ^/(.*)$ /index.php?q=$1 last;
- break;
- }
- }
-
- ###
- ### deny listed requests for security reasons
- ###
- location ~* (/\..*|settings\.php$|\.(htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(Entries.*|Repository|Root|Tag|Template))$ {
- deny all;
- }
-
+
###
- ### deny php files here for security reasons (remove 'sites' to allow civicrm install)
+ ### fix for Aegir & .info .pl domain ext
###
- location ~* /(files|themes|sites)/.*\.php$ {
- deny all;
+ location ~* ^/(?:hosting) {
+ access_log off;
+ try_files $uri @cache;
}
-
- ###
- ### deny direct access to backups
+
###
- location ~* ^/sites/(.*)/files/backup_migrate/ {
- deny all;
- }
-
+ ### deny listed requests for security reasons without 403 response
###
- ### send all non-static requests to php-fpm
- ###
- location ~ \.php$ {
- if ( $uri !~ "/(files|themes|sites)/") {
- fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
- }
- error_page 404 = @drupal;
+ location ~* (/\..*|settings\.php$|\.(?:git|htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)$|^(?:Entries.*|Repository|Root|Tag|Template))$ {
+ return 444;
}
###
- ### make css files compatible with boost caching
+ ### make css files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
- location ~ \.css$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ location ~* \.css$ {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @uncached;
access_log off;
expires max; #if using aggregator
add_header X-Header "Boost Citrus 2.1";
- #try_files /cache/perm/$host${uri}_.css $uri =404;
- if (-f $document_root/cache/perm/$host${uri}_$args.html) {
- rewrite ^/(.+)$ /cache/perm/$host${uri}_$args.html last;
- break;
- }
- error_page 404 = @drupal;
+ try_files /cache/perm/$host${uri}_.css $uri =404;
}
###
- ### make js files compatible with boost caching
+ ### make js files compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
- location ~ \.js$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ location ~* \.js$ {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @uncached;
access_log off;
expires max; # if using aggregator
add_header X-Header "Boost Citrus 2.2";
- #try_files /cache/perm/$host${uri}_.js $uri =404;
- if (-f $document_root/cache/perm/$host${uri}_$args.html) {
- rewrite ^/(.+)$ /cache/perm/$host${uri}_$args.html last;
- break;
- }
- error_page 404 = @drupal;
+ try_files /cache/perm/$host${uri}_.js $uri =404;
}
###
- ### make json compatible with boost caching
+ ### make json compatible with boost caching - nginx 0.7.27 or newer required with try_files support
###
- location ~ \.json$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ location ~* \.json$ {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @uncached;
access_log off;
expires max; ### if using aggregator
add_header X-Header "Boost Citrus 2.3";
- #try_files /cache/normal/$host${uri}_.json $uri =404;
- if (-f $document_root/cache/normal/$host${uri}_$args.html) {
- rewrite ^/(.+)$ /cache/normal/$host${uri}_$args.html last;
- break;
- }
- error_page 404 = @drupal;
+ try_files /cache/normal/$host${uri}_.json $uri =404;
}
###
@@ -174,108 +91,209 @@
}
###
- ### imagecache and (f)ckeditor support
+ ### imagecache, imagecache_external and (f)ckeditor support
###
- location ~* /(files/imagecache)|(fckeditor)|(ckeditor)/ {
+ location ~* /(?:external|system|files/imagecache|files/styles|f?ckeditor)/ {
access_log off;
expires 30d;
# fix common problems with old paths after import from standalone to Aegir multisite
- rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4/$5 last;
- rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/images/(.*)$ /sites/$1/files/imagecache/$2/images/$3 last;
- #try_files $uri @drupal;
- if (!-e $request_filename) {
- break;
- }
- error_page 404 = @drupal;
+ rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$host/files/imagecache/$2/$3 last;
+ rewrite ^/files/imagecache/(.*)$ /sites/$host/files/imagecache/$1 last;
+ rewrite ^/files/styles/(.*)$ /sites/$host/files/styles/$1 last;
+ try_files $uri @drupal;
}
###
### serve & no-log static files & images directly, without all standard drupal rewrites, php-fpm etc.
###
- location ~* ^.+\.(jpg|jpeg|gif|png|ico|swf|pdf|doc|xls|tiff|tif|txt|shtml|cgi|bat|pl|dll|asp|exe|class)$ {
+ location ~* ^.+\.(?:jpe?g|gif|png|ico|swf|pdf|doc|xls|tiff?|txt|cgi|bat|pl|dll|aspx?|exe|class)$ {
access_log off;
expires 30d;
- # allow files to be accessed without /sites/fqdn/
- rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
- #try_files $uri =404;
- if (!-e $request_filename) {
- break;
- }
- error_page 404 /50x.html;
+ # allow files/images/downloads to be accessed without /sites/fqdn/
+ rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
+ rewrite ^/images/(.*)$ /sites/$host/files/images/$1 last;
+ rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last;
+ try_files $uri =404;
}
###
### serve & log bigger media/static/archive files directly, without all standard drupal rewrites, php-fpm etc.
###
- location ~* ^.+\.(avi|mpg|mpeg|mov|wmv|mp3|mp4|m4a|flv|wav|midi|zip|gz|rar)$ {
+ location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|t?gz|rar)$ {
expires 30d;
- # allow files to be accessed without /sites/fqdn/
- rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
- #try_files $uri =404;
- if (!-e $request_filename) {
- break;
- }
- error_page 404 /50x.html;
+ # allow files/downloads to be accessed without /sites/fqdn/
+ rewrite ^/files/(.*)$ /sites/$host/files/$1 last;
+ rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last;
+ try_files $uri =404;
+ }
+
+ ###
+ ### serve & no-log some static files as is, without forcing default_type
+ ###
+ location ~* /(?:cross-?domain)\.xml$ {
+ access_log off;
+ expires 30d;
+ add_header X-Header "Barracuda Octopus 1.0";
+ try_files $uri =404;
+ }
+
+ ###
+ ### allow some known php files (like serve.php in the ad module)
+ ###
+ location ~* /(?:modules|libraries)/(?:ad|tinybrowser|f?ckeditor|tinymce|wysiwyg_spellcheck)/.*\.php$ {
+ access_log off;
+ try_files $uri =404;
+ fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
+ }
+
+ ###
+ ### deny listed requests for security reasons without 403 response
+ ###
+ location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|script|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) {
+ return 444;
}
###
- ### make feeds compatible with boost caching and set correct mime type
+ ### make feeds compatible with boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
location ~* \.xml$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @drupal;
+ access_log off;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
- add_header X-Header "Boost Citrus 2.4";
+ add_header X-Header "Boost Citrus 2.4";
charset utf-8;
types { }
default_type application/rss+xml;
- #try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal;
- if (-f $document_root/cache/normal/$host${uri}_.xml) {
- rewrite ^/(.+)$ /cache/normal/$host${uri}_.xml last;
- break;
- }
- error_page 404 = @drupal;
+ try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal;
}
###
- ### make feeds compatible with Boost caching and set correct mime type
+ ### make feeds compatible with Boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support
###
location ~* /feed$ {
- if ( $request_method !~ ^(GET|HEAD)$ ) {
- return 405;
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- if ($http_cookie ~ "DRUPAL_UID") {
- return 405;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
}
error_page 405 = @drupal;
+ access_log off;
add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
add_header X-Header "Boost Citrus 2.5";
charset utf-8;
types { }
default_type application/rss+xml;
- #try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal;
- if (-f $document_root/cache/normal/$host${uri}_.xml) {
- rewrite ^/(.+)$ /cache/normal/$host${uri}_.xml last;
- break;
+ try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal;
+ }
+
+ ###
+ ### deny php env display
+ ###
+ location ~* /admin/reports/status/.+ {
+ access_log off;
+ rewrite ^ http://$host/admin/reports/status permanent;
+ }
+
+ ###
+ ### deny cache details display
+ ###
+ location ~* /admin/reports/cache {
+ access_log off;
+ rewrite ^ http://$host/admin/reports/status permanent;
+ }
+
+ ###
+ ### deny phpinfo details display
+ ###
+ location ~* /devel/(?:phpinfo|php) {
+ access_log off;
+ rewrite ^ http://$host/admin/reports/status permanent;
+ }
+
+ ###
+ ### deny bots on never cached uri without 403 response
+ ###
+ location ~* ^/(?:user|admin|node/add) {
+ if ( $http_user_agent ~* (?:crawl|goog|yahoo|spider|bot|yandex) ) {
+ return 444;
+ }
+ access_log off;
+ try_files $uri @cache;
+ }
+
+ ###
+ ### deny direct access to backups
+ ###
+ location ~* ^/sites/.*/files/backup_migrate/ {
+ access_log off;
+ deny all;
+ }
+
+ ###
+ ### deny direct access to private downloads
+ ###
+ location ~* ^/sites/.*/private/ {
+ access_log off;
+ deny all;
+ }
+
+ ###
+ ### catch all unspecified requests
+ ###
+ location / {
+ try_files $uri @cache;
+ }
+
+ ###
+ ### boost compatible cache check - nginx 0.7.27 or newer required with try_files support
+ ###
+ location @cache {
+ if ( $request_method !~ ^(?:GET|HEAD)$ ) {
+ return 405;
}
- error_page 404 = @drupal;
+ if ( $http_cookie ~ "DRUPAL_UID" ) {
+ return 405;
+ }
+ error_page 405 = @drupal;
+ add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT";
+ add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
+ add_header X-Header "Boost Citrus 1.9";
+ charset utf-8;
+ try_files /cache/normal/$host${uri}_$args.html @drupal;
+ }
+
+ ###
+ ### send all not cached requests to drupal with clean URLs support
+ ###
+ location @drupal {
+ rewrite ^/(.*)$ /index.php?q=$1 last;
+ }
+
+ ###
+ ### send all non-static requests to php-fpm, restricted to known php files
+ ###
+ location ~* ^/(?:index|boost_stats|update|authorize|xmlrpc)\.php$ {
+ try_files $uri @drupal; ### check for existence of php file first
+ fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000
}
###
- ### helper location for static files 404 error
+ ### deny access to any not listed above php files
###
- location = /50x.html {
- root /var/www/nginx-default;
+ location ~* ^.+\.php$ {
+ deny all;
}
#######################################################
-### nginx.conf site pre 0.7.27 vhost include end
+### nginx.conf site standard vhost include end
#######################################################
diff --git a/http/nginx/server.tpl.php b/http/nginx/server.tpl.php
index 8a8b988..9c69d54 100644
--- a/http/nginx/server.tpl.php
+++ b/http/nginx/server.tpl.php
@@ -25,26 +25,54 @@
fastcgi_param REDIRECT_STATUS 200;
fastcgi_index index.php;
+ ## Default index files
+ index index.php index.html;
+
## Size Limits
client_body_buffer_size 64k;
client_header_buffer_size 32k;
- client_max_body_size 50m;
+ client_max_body_size 100m;
large_client_header_buffers 32 32k;
connection_pool_size 256;
request_pool_size 4k;
- server_names_hash_bucket_size 128;
+ server_names_hash_bucket_size 512;
+ server_names_hash_max_size 8192;
types_hash_max_size 8192;
- types_hash_bucket_size 128;
+ types_hash_bucket_size 512;
+ fastcgi_buffer_size 128k;
+ fastcgi_buffers 256 4k;
+ fastcgi_busy_buffers_size 256k;
+ fastcgi_temp_file_write_size 256k;
## Timeouts
client_body_timeout 60;
client_header_timeout 60;
send_timeout 60;
+ lingering_time 30;
+ lingering_timeout 5;
+ fastcgi_connect_timeout 60;
+ fastcgi_send_timeout 300;
+ fastcgi_read_timeout 300;
+ ## Open File Performance
+ open_file_cache max=8000 inactive=30s;
+ open_file_cache_valid 60s;
+ open_file_cache_min_uses 3;
+ open_file_cache_errors on;
+
+ ## FastCGI Caching
+ fastcgi_cache_path /var/lib/nginx/speed
+ levels=2:2:2
+ keys_zone=speed:50m
+ inactive=8h
+ max_size=1g;
+
## General Options
ignore_invalid_headers on;
limit_zone gulag $binary_remote_addr 10m;
recursive_error_pages on;
+ reset_timedout_connection on;
+ fastcgi_intercept_errors on;
## TCP options
tcp_nopush on;
@@ -55,19 +83,21 @@
## Compression
gzip_buffers 16 8k;
- gzip_comp_level 9;
+ gzip_comp_level 5;
gzip_http_version 1.1;
gzip_min_length 10;
- gzip_types text/plain text/css image/png image/gif image/jpeg application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
+ gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.";
-<?php
-if ($server->nginx_has_gzip) {
- print ' gzip_static on\;';
+<?php
+$nginx_has_gzip = drush_get_option('nginx_has_gzip');
+if ($nginx_has_gzip) {
+ print " gzip_static on;\n";
}
-if ($server->nginx_has_upload_progress) {
- print ' upload_progress uploads 1m\;';
+$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
+if ($nginx_has_upload_progress) {
+ print " upload_progress uploads 1m;\n";
}
?>
diff --git a/http/nginx/vhost.tpl.php b/http/nginx/vhost.tpl.php
index 4a4242d..a7ef4f3 100644
--- a/http/nginx/vhost.tpl.php
+++ b/http/nginx/vhost.tpl.php
@@ -1,25 +1,35 @@
-server {
-<?php
- print " include " . $server->include_path . "/fastcgi_params.conf;\n";
+<?php
+if ($ssl_redirection || $this->redirection) {
+ // Redirect all aliases to the main http url using separate vhosts blocks to avoid if{} in Nginx.
+ foreach ($this->aliases as $alias_url) {
+ print "server {\n";
+ print " listen {$ip_address}:{$http_port};\n";
+ print " server_name {$alias_url};\n";
+ print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
+ print "}\n";
+ }
+}
?>
+
+server {
+ include <?php print "{$server->include_path}"; ?>/fastcgi_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print $ip_address . ':' . $http_port; ?>;
- server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
- root <?php print $this->root; ?>;
- index index.php index.html;
+ server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
+ root <?php print "{$this->root}"; ?>;
<?php
+$nginx_has_new_version = drush_get_option('nginx_has_new_version');
+$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
if ($this->redirection || $ssl_redirection) {
if ($ssl_redirection && !$this->redirection) {
// redirect aliases in non-ssl to the same alias on ssl.
- print "\n rewrite ^/(.*)$ https://\$host/$1 permanent;\n";
+ print "\n rewrite ^ https://\$host\$request_uri? permanent;\n";
}
elseif ($ssl_redirection && $this->redirection) {
// redirect all aliases + main uri to the main https uri.
- print "\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n";
+ print "\n rewrite ^ https://{$this->uri}\$request_uri? permanent;\n";
}
elseif (!$ssl_redirection && $this->redirection) {
- // Redirect all aliases to the main http url.
- print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ http://{$this->uri}/$1 permanent;\n }\n";
if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
diff --git a/http/nginx/vhost_disabled.tpl.php b/http/nginx/vhost_disabled.tpl.php
index d149507..6ac7bfd 100644
--- a/http/nginx/vhost_disabled.tpl.php
+++ b/http/nginx/vhost_disabled.tpl.php
@@ -1,11 +1,8 @@
server {
listen <?php print $ip_address . ':' . $http_port; ?>;
server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
- root <?php print $this->root; ?>;
- index index.php index.html;
- location / {
- root /var/www/nginx-default;
- index index.html index.htm;
- rewrite ^/(.*)$ <?php print $this->platform->server->web_disable_url . '/' . $this->uri ?>? permanent;
- }
+ root /var/www/nginx-default;
+ index index.html index.htm;
+
+ ### Dont't reveal Aegir front-end URL here.
}
diff --git a/http/nginx_ssl/vhost_ssl.tpl.php b/http/nginx_ssl/vhost_ssl.tpl.php
index c2ee59f..036ccb8 100644
--- a/http/nginx_ssl/vhost_ssl.tpl.php
+++ b/http/nginx_ssl/vhost_ssl.tpl.php
@@ -1,28 +1,36 @@
<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
-server {
-<?php
- print " include " . $server->include_path . "/fastcgi_ssl_params.conf;\n";
+<?php
+if ($this->redirection) {
+ // Redirect all aliases to the main https url using separate vhosts blocks to avoid if{} in Nginx.
+ foreach ($this->aliases as $alias_url) {
+ print "server {\n";
+ print " listen {$ip_address}:{$http_ssl_port};\n";
+ print " server_name {$alias_url};\n";
+ print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n";
+ print "}\n";
+ }
+}
?>
+
+server {
+ include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
- server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
- root <?php print $this->root; ?>;
- index index.php index.html;
+ server_name <?php print $this->uri; ?><?php if (!$this->redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> <?php print $alias_url; ?><?php endif; endforeach; endif; ?>;
+ root <?php print "{$this->root}"; ?>;
ssl on;
ssl_certificate <?php print $ssl_cert; ?>;
ssl_certificate_key <?php print $ssl_cert_key; ?>;
- ssl_protocols SSLv2 SSLv3 TLSv1;
- ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+ ssl_protocols SSLv3 TLSv1;
+ ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
<?php
- if ($this->redirection) {
- // Redirect all aliases to the main https url.
- print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n }\n";
- }
- if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) {
+$nginx_has_new_version = drush_get_option('nginx_has_new_version');
+$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress');
+ if ($nginx_has_new_version || $nginx_has_upload_progress) {
print " include " . $server->include_path . "/nginx_advanced_include.conf;\n";
}
else {
diff --git a/http/nginx_ssl/vhost_ssl_disabled.tpl.php b/http/nginx_ssl/vhost_ssl_disabled.tpl.php
new file mode 100644
index 0000000..3747921
--- /dev/null
+++ b/http/nginx_ssl/vhost_ssl_disabled.tpl.php
@@ -0,0 +1,27 @@
+
+<?php if ($this->ssl_enabled && $this->ssl_key) : ?>
+
+server {
+ include <?php print "{$server->include_path}"; ?>/fastcgi_ssl_params.conf;
+ limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address
+ listen <?php print "{$ip_address}:{$http_ssl_port}"; ?>;
+ server_name <?php print $this->uri . ' ' . implode(' ', $this->aliases); ?>;
+ root /var/www/nginx-default;
+ index index.html index.htm;
+ ssl on;
+ ssl_certificate <?php print $ssl_cert; ?>;
+ ssl_certificate_key <?php print $ssl_cert_key; ?>;
+ ssl_protocols SSLv3 TLSv1;
+ ssl_ciphers HIGH:!ADH:!MD5;
+ ssl_prefer_server_ciphers on;
+ keepalive_timeout 70;
+
+ ### Dont't reveal Aegir front-end URL here.
+}
+
+<?php endif; ?>
+
+<?php
+ // Generate the standard virtual host too.
+ include('http/nginx/vhost_disabled.tpl.php');
+?>
diff --git a/install.hostmaster.inc b/install.hostmaster.inc
index 0b4a8e2..5fba5f3 100644
--- a/install.hostmaster.inc
+++ b/install.hostmaster.inc
@@ -4,36 +4,147 @@
* @file install the hostmaster system
*/
-function drush_provision_hostmaster_install($site = NULL) {
+function drush_provision_hostmaster_install_validate($site = NULL) {
+ // set defaults for this whole script
+ // those are settings that are not prompted to the user but still overridable
+ drush_set_default('version', provision_version());
+ $version = drush_get_option('version');
+ $aegir_root = drush_set_default('aegir_root', drush_server_home());
+ drush_set_default('root', $aegir_root . '/' . 'hostmaster-' . $version);
+ drush_set_default('r', drush_get_option('root'));
+ drush_set_default('script_user', provision_current_user());
+ drush_set_default('web_group', _provision_default_web_group());
+ drush_set_default('http_service_type', 'apache');
+ drush_set_default('drush_make_version', '6.x-2.0-beta11');
+ drush_set_default('aegir_db_user', 'root');
+ $aegir_db_user = drush_get_option('aegir_db_user');
+ drush_set_default('makefile', $aegir_root . '/.drush/provision/aegir.make');
+
+ drush_print("Aegir $version automated install script");
+ drush_print("==============================================================================");
+
+ if (!$site || !drush_get_option('aegir_host', NULL) || !drush_get_option('aegir_db_pass', NULL) || filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) {
+ drush_print("Some settings have not been provided and will now be prompted.
+Don't worry: you will get to review those settings after the final install");
+ }
+ // now we prompt the user for settings if not provided or not sane
if (!$site) {
- $site = drush_prompt(dt("Aegir domain name"), "aegir.example.com");
+ $site = drush_prompt(dt("Aegir frontend URL"), provision_fqdn());
+ }
+ drush_set_option('site', $site);
+
+ drush_set_default('aegir_host', provision_fqdn());
+ drush_set_default('aegir_db_host', 'localhost');
+
+ if (is_null(drush_get_option('aegir_db_pass', NULL))) {
+ // XXX: may not be portable everywhere?
+ system('stty -echo');
+ drush_set_option('aegir_db_pass', drush_prompt(dt('MySQL privileged user ("!root") password', array('!root' => $aegir_db_user))));
+ system('stty echo');
+ print "\n"; // add a newline since the user's didn't print
+ }
+
+ if (drush_get_option('aegir_host') == 'localhost') {
+ $default_email = 'webmaster@example.com';
+ } else {
+ $default_email = 'webmaster@' . drush_get_option('aegir_host');
+ }
+ while (!filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) {
+ $client_email = drush_prompt(dt("Admin user e-mail"), $default_email);
+ drush_set_option('client_email', $client_email);
}
- $version = drush_get_option('version', 'HEAD');
- $aegir_root = drush_get_option('aegir_root', drush_server_home());
- $platform = drush_get_option(array('r', 'root'), $aegir_root . '/' . 'hostmaster-' . $version);
+ drush_print(dt('
+This script will operate the following changes in your system:
+
+1. Create server-level configuration directories
+2. Download drush_make
+3. Create the Hostmaster frontend platform
+4. Install the frontend site
+5. Setup the dispatcher (a user cron job)
+
+We are making the following assumptions:
+ * you have read INSTALL.txt and prepared the platform accordingly
+ * the FQDN of this machine is valid and resolves
+ * you are executing this script as your "aegir" user
+
+The following settings will be used:
+ Aegir frontend URL: !site
+ Master server FQDN: !fqdn
+ Aegir root: !home
+ Aegir user: !user
+ Web group: !web
+ Web server: !web_server
+ Aegir DB host: !db_host
+ Aegir DB user: !db_user
+ Aegir DB password: !db_pass
+ Drush make version: !drush_make
+ Aegir version: !version
+ Aegir platform path: !root
+ Aegir makefile: !makefile
+ Client email: !email
+', array('!site' => $site,
+ '!fqdn' => drush_get_option('aegir_host'),
+ '!home' => drush_get_option('aegir_root'),
+ '!user' => drush_get_option('script_user'),
+ '!web' => drush_get_option('web_group'),
+ '!web_server' => drush_get_option('http_service_type'),
+ '!db_host' => drush_get_option('aegir_db_host'),
+ '!db_user' => drush_get_option('aegir_db_user'),
+ '!db_pass' => is_null(drush_get_option('aegir_db_pass', NULL, 'process')) ? '<previously set>' : '<prompted>',
+ '!drush_make' => drush_get_option('drush_make_version'),
+ '!version' => drush_get_option('version'),
+ '!root' => drush_get_option(array('r', 'root')),
+ '!makefile' => drush_get_option('makefile'),
+ '!email' => drush_get_option('client_email'),
+ )));
+
+ if (!drush_confirm(dt('Do you really want to proceed with the install'))) {
+ return drush_set_error('PROVISION_CANCEL_INSTALL', dt('Installation aborted by user'));
+ }
- $aegir_host = drush_get_option('aegir_host', php_uname('n'), 'options');
- $aegir_db_pass = drush_get_option('aegir_db_pass', 'pass', 'options');
- $aegir_db_user = drush_get_option('aegir_db_user', 'aegir_root', 'options');
- $master_db = sprintf("mysql://%s:%s@%s",$aegir_db_user, $aegir_db_pass, $aegir_host);
+ return TRUE;
+}
- // TODO: support creation of an external db server
+function drush_provision_hostmaster_install($site = NULL) {
+ $version = drush_get_option('version');
+ $site = drush_get_option('site', provision_fqdn());
+ $aegir_root = drush_get_option('aegir_root');
+ $platform = drush_get_option(array('r', 'root'));
+
+ $aegir_db_user = drush_get_option('aegir_db_user');
+ $aegir_db_pass = drush_get_option('aegir_db_pass');
+
$server = '@server_master';
- drush_backend_invoke_args("provision-save", array($server), array(
+ $master_context = array(
'context_type' => 'server',
// files
- 'remote_host' => $aegir_host,
+ 'remote_host' => drush_get_option('aegir_host'),
'aegir_root' => $aegir_root,
- 'script_user' => drush_get_option('script_user', provision_current_user()),
+ 'script_user' => drush_get_option('script_user'),
// apache or nginx or..
- 'http_service_type' => drush_get_option('http_service_type', 'apache', 'options'),
- 'web_group' => drush_get_option('web_group', _provision_default_web_group()),
+ 'http_service_type' => drush_get_option('http_service_type'),
+ 'web_group' => drush_get_option('web_group'),
'master_url' => "http://" . $site,
- // mysql
- 'db_service_type' => 'mysql',
- 'master_db' => $master_db,
- ));
+ );
+
+ $master_db = sprintf("mysql://%s:%s@%s",$aegir_db_user, $aegir_db_pass, drush_get_option('aegir_db_host'));
+ if (drush_get_option('aegir_host') == drush_get_option('aegir_db_host')) {
+ $master_context['db_service_type'] = 'mysql';
+ $master_context['master_db'] = $master_db;
+ $dbserver = $server;
+ } else {
+ $dbserver = '@server_' . drush_get_option('aegir_db_host');
+ $dbserver_context = array(
+ 'remote_host' => drush_get_option('aegir_db_host'),
+ 'context_type' => 'server',
+ 'db_service_type' => 'mysql',
+ 'master_db' => $master_db,
+ );
+ drush_backend_invoke_args("provision-save", array($dbserver), $dbserver_context);
+ provision_backend_invoke($dbserver, 'provision-verify');
+ }
+ drush_backend_invoke_args("provision-save", array($server), $master_context);
provision_backend_invoke($server, 'provision-verify');
// exit if an error has occured.
@@ -46,7 +157,7 @@ function drush_provision_hostmaster_install($site = NULL) {
}
if (!function_exists('drush_make_drush_command')) {
- drush_backend_invoke('dl', array('drush_make-' . drush_get_option('drush_make_version', '6.x-2.0-beta9'), 'destination' => $aegir_root . '/.drush/'));
+ drush_backend_invoke('dl', array('drush_make-' . drush_get_option('drush_make_version'), 'destination' => $aegir_root . '/.drush/'));
}
$platform_name = '@platform_hostmaster';
@@ -55,25 +166,25 @@ function drush_provision_hostmaster_install($site = NULL) {
'server' => $server,
'web_server' => $server,
'root' => $platform,
- 'makefile' => $aegir_root . '/.drush/provision/aegir.make',
+ 'makefile' => drush_get_option('makefile'),
));
- provision_backend_invoke($platform_name, 'provision-verify');
+ // propagate working-copy args downward
+ $options = array();
+ if (drush_get_option('working-copy')) {
+ $options['working-copy'] = 1;
+ }
+ provision_backend_invoke($platform_name, 'provision-verify', array(), $options);
// exit if an error has occured.
if (drush_get_error()) {
return false;
}
- while (!filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) {
- $client_email = drush_prompt(dt("Admin user e-mail"), "you@example.com");
- drush_set_option('client_email', $client_email);
- }
-
$site_name = '@hostmaster';
drush_backend_invoke_args("provision-save", array($site_name), array(
'context_type' => 'site',
'platform' => $platform_name,
- 'db_server' => $server,
+ 'db_server' => $dbserver,
'uri' => $site,
'client_email' => drush_get_option('client_email'),
'profile' => 'hostmaster',
diff --git a/install.sh.txt b/install.sh.txt
index 5702c0b..a5d42db 100644
--- a/install.sh.txt
+++ b/install.sh.txt
@@ -22,16 +22,14 @@
########################################################################
# This script takes the following steps:
#
-# 1. prompt for confirmation
-# 2. downloads drush in $AEGIR_HOME
-# 3. downloads provision in $AEGIR_HOME/.drush
-# 4. delegate the rest of the install to hostmaster-install
+# 1. downloads drush in $AEGIR_HOME
+# 2. downloads provision in $AEGIR_HOME/.drush
+# 3. delegate the rest of the install to hostmaster-install
########################################################################
-# basic variables, change before release
-AEGIR_VERSION="HEAD"
-DRUSH_VERSION=6.x-3.3
-# when adding a variable here, add it to the display below
+# guess the aegir version based on the info file
+AEGIR_VERSION="0.4-rc1"
+DRUSH_VERSION=6.x-3.3
########################################################################
# functions
@@ -41,28 +39,6 @@ msg() {
echo "==> $*"
}
-# simple prompt
-prompt_yes_no() {
- while true ; do
- printf "$* [Y/n] "
- read answer
- if [ -z "$answer" ] ; then
- return 0
- fi
- case $answer in
- [Yy]|[Yy][Ee][Ss])
- return 0
- ;;
- [Nn]|[Nn][Oo])
- return 1
- ;;
- *)
- echo "Please answer yes or no"
- ;;
- esac
- done
-}
-
########################################################################
# Main script
@@ -70,65 +46,11 @@ AEGIR_HOME="$HOME"
AEGIR_HOST=`uname -n`
DRUSH="$AEGIR_HOME/drush/drush.php"
-msg "Aegir $AEGIR_VERSION automated install script"
-
if [ `whoami` = "root" ] ; then
msg "This script should be ran as a non-root user"
exit 1
fi
-_RESOLVEIP=`resolveip $AEGIR_HOST 2> /dev/null`
-
-if [ -z "$_RESOLVEIP" ] ; then
- msg "This server does not have a hostname that resolves to an IP address"
- exit 1
-else
- AEGIR_HOST_IP=`echo $_RESOLVEIP | cut -d: -f2 | awk '{ print $6}'`
- true
-fi
-
-_MYSQLTEST=`mysql -h$AEGIR_HOST_IP -uINVALIDLOGIN -pINVALIDPASS 2>&1 >/dev/null | cat`
-
-if [ -z `echo $_MYSQLTEST | grep -q "ERROR \(2003\|1130\)"` ] ; then
- msg "MySQL is listening on $AEGIR_HOST_IP."
- true
-else
- msg "MySQL is not configured to listen on $AEGIR_HOST_IP."
- exit 1
-fi
-
-msg "This script makes the following assumptions: "
-cat <<EOF
- * you have read INSTALL.txt and prepared the platform accordingly
- * you are executing this script as your "aegir" user
-EOF
-
-if prompt_yes_no "Do you want to proceed with the install?" ; then
- true
-else
- echo "installation aborted by user"
- exit 1
-fi
-
-AEGIR_DB_USER=aegir_root
-AEGIR_DB_PASS=`echo $RANDOM:\`date\`:$AEGIR_HOST | openssl md5 | sed -e 's/(stdin)= //;'`
-
-msg "Aegir will now generate a mysql super user password for you: "
-cat <<EOF
- Username : $AEGIR_DB_USER
- Password : $AEGIR_DB_PASS
- Hostname : $AEGIR_HOST ($AEGIR_HOST_IP)
-
-You will be asked to enter your mysql root user password now :
-EOF
-
-mysql -uroot -p mysql<<EOFMYSQL
-GRANT ALL PRIVILEGES ON *.* TO '$AEGIR_DB_USER'@'$AEGIR_HOST' IDENTIFIED BY '$AEGIR_DB_PASS' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON *.* TO '$AEGIR_DB_USER'@'$AEGIR_HOST_IP' IDENTIFIED BY '$AEGIR_DB_PASS' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON *.* TO '$AEGIR_DB_USER'@'localhost' IDENTIFIED BY '$AEGIR_DB_PASS' WITH GRANT OPTION;
-EOFMYSQL
-
-
# we need to check both because some platforms (like SunOS) return 0 even if the binary is not found
if which drush 2> /dev/null && which drush | grep -v 'no drush in' > /dev/null; then
msg "Drush is in the path, good"
@@ -168,4 +90,4 @@ else
fi
msg "Installing the frontend"
-$DRUSH hostmaster-install --aegir_host=$AEGIR_HOST --aegir_db_user=$AEGIR_DB_USER --aegir_db_pass=$AEGIR_DB_PASS --version=$AEGIR_VERSION $@
+$DRUSH hostmaster-install --version=$AEGIR_VERSION $@
diff --git a/migrate.hostmaster.inc b/migrate.hostmaster.inc
index 142789a..99b308f 100644
--- a/migrate.hostmaster.inc
+++ b/migrate.hostmaster.inc
@@ -14,30 +14,15 @@ This command will operate the following changes in your system:
4. remove the cronjob (crontab -r)
5. attempt a migration to the new platform (provision-migrate)
6. start the Aegir frontend again (hostmaster-resume)
+7. replace the crontab.
We are making the following assumptions:
* you have read UPGRADE.txt
* you are executing this script as your "aegir" user
');
- $go = FALSE;
- while (!$go) {
- $yesno = trim(strtolower(drush_prompt(dt('Do you really want to proceed with the upgrade'), 'Y/n', TRUE)));
-
- switch ($yesno) {
- case 'no':
- case 'n':
- return drush_set_error(dt('Upgrade aborted by user'));
- break;
- case 'yes':
- case 'y':
- case 'y/n':
- $go = TRUE;
- break;
- default:
- drush_print(dt('Please answer "yes" or "no"'));
- break;
- }
+ if (!drush_confirm("Do you really want to proceed with the upgrade?")) {
+ return drush_set_error('PROVISION_CANCEL_MIGRATE', 'Upgrade canceled by user');
}
$data = drush_get_merged_options();
@@ -79,13 +64,18 @@ We are making the following assumptions:
// add a server record :
$server = '@server_master';
+ /**
+ * @deprecated in drush3 it's 'options', in drush 4 it's 'cli', drop
+ * 'options' when we drop drush3 support
+ */
+ $context = drush_get_context('cli') ? 'cli' : 'options';
drush_backend_invoke_args("provision-save", array($server), array(
'context_type' => 'server',
'aegir_root' => dirname(rtrim($data['config_path'], '/')),
'remote_host' => php_uname('n'),
'script_user' => $data['script_user'],
// apache or nginx or..
- 'http_service_type' => drush_get_option('http_service_type', 'apache', 'options'),
+ 'http_service_type' => drush_get_option('http_service_type', 'apache', $context),
'web_group' => $data['web_group'],
'master_url' => $data['master_url'],
'restart_cmd' => $data['restart_cmd'],
@@ -151,9 +141,6 @@ We are making the following assumptions:
function drush_provision_pre_hostmaster_migrate($site, $platform) {
- if (!drush_confirm("This command will replace your crontab entry. continue?")) {
- return drush_set_error('PROVISION_CANCEL_MIGRATE', 'Cancelling');
- }
// wipe out cron entry
exec('crontab -r');
diff --git a/parse.backend.inc b/parse.backend.inc
new file mode 100644
index 0000000..48b6a8b
--- /dev/null
+++ b/parse.backend.inc
@@ -0,0 +1,5 @@
+<?php
+
+function drush_provision_backend_parse() {
+ return drush_backend_parse_output(file_get_contents('php://stdin'), TRUE);
+}
diff --git a/platform/backup.provision.inc b/platform/backup.provision.inc
index 847d3b6..cad361b 100644
--- a/platform/backup.provision.inc
+++ b/platform/backup.provision.inc
@@ -87,6 +87,11 @@ function drush_provision_drupal_provision_backup() {
$command = "tar cpf %s .";
}
$result = drush_shell_exec($command, $backup_file);
+
+ // Get the size of the backup
+ $size = filesize($backup_file);
+ drush_set_option('backup_file_size', $size);
+
chdir($olddir);
if (drush_get_option('cloaking_off_temp', FALSE)) {
diff --git a/platform/backup_delete.provision.inc b/platform/backup_delete.provision.inc
new file mode 100644
index 0000000..9bd4179
--- /dev/null
+++ b/platform/backup_delete.provision.inc
@@ -0,0 +1,26 @@
+<?php
+/**
+ * @file
+ * Provision hooks for the provision backup_delete command.
+ */
+
+/**
+ * Provision backup_delete command
+ *
+ * These are the hooks that will be executed by the drush_invoke function
+ * when deleting a backup file from the backend.
+ */
+
+function drush_provision_drupal_provision_backup_delete($backup = null) {
+ if($backup) {
+ $backups = explode(',', $backup);
+ foreach ($backups as $filename) {
+ $success = provision_file()->unlink($filename)
+ ->succeed('Removed backup file @path')
+ ->fail('Could not remove backup file @path');
+ }
+ }
+ else {
+ drush_set_error(dt('No backup files provided'));
+ }
+}
diff --git a/platform/clone.provision.inc b/platform/clone.provision.inc
index 865d88a..795c046 100644
--- a/platform/clone.provision.inc
+++ b/platform/clone.provision.inc
@@ -46,6 +46,13 @@ function drush_provision_drupal_provision_clone($new_uri, $platform = null) {
$options['aliases'] = array();
$options['redirection'] = 0;
+ // XXX: right now we just drop SSL configuration when cloning, because
+ // we do not check if the site name change is compatible with the
+ // certificate. This can be removed when we a) check for wildcard
+ // certs and b) allow the user to change the cert from the UI.
+ $options['ssl_enabled'] = 0;
+ unset($options['ssl_key']);
+
if ($profile = drush_get_option('profile', FALSE)) {
$options['profile'] = $profile;
}
diff --git a/platform/deploy.provision.inc b/platform/deploy.provision.inc
index 3313a0e..86e9566 100644
--- a/platform/deploy.provision.inc
+++ b/platform/deploy.provision.inc
@@ -145,6 +145,8 @@ function drush_provision_drupal_post_provision_deploy() {
drush_include_engine('drupal', 'deploy');
drush_set_option('packages', _scrub_object(provision_drupal_system_map()), 'site');
_provision_drupal_rebuild_caches();
+ } else {
+ drush_log("could not bootstrap drupal after updatedb");
}
diff --git a/platform/drupal/deploy.inc b/platform/drupal/deploy.inc
index 06ee372..6db72d1 100644
--- a/platform/drupal/deploy.inc
+++ b/platform/drupal/deploy.inc
@@ -2,7 +2,12 @@
// $Id$
$new_url = d()->uri;
-$old_url = drush_get_option('old_uri', $new_url, 'options');
+/**
+ * @deprecated in drush3 it's 'options', in drush 4 it's 'cli', drop
+ * 'options' when we drop drush3 support
+ */
+$context = drush_get_context('cli') ? 'cli' : 'options';
+$old_url = drush_get_option('old_uri', $new_url, $context);
/**
* @file
@@ -17,6 +22,32 @@ drush_log(
db_query("UPDATE {files} SET filepath=replace(filepath, 'sites/%s', 'sites/%s')", $old_url, $new_url);
db_query("UPDATE {users} SET picture = replace(picture, 'sites/%s', 'sites/%s')", $old_url, $new_url);
+db_query("UPDATE {files} SET filepath=replace(filepath, 'sites/default', 'sites/%s')", $new_url);
+db_query("UPDATE {users} SET picture = replace(picture, 'sites/default', 'sites/%s')", $new_url);
variable_set('file_directory_path', "sites/$new_url/files");
variable_set('file_directory_temp', "sites/$new_url/files/tmp");
+// Global theme settings paths.
+if ($var = variable_get('theme_settings', FALSE)) {
+ $var['logo_path'] = str_replace($old_url, $new_url, $var['logo_path']);
+ $var['favicon_path'] = str_replace($old_url, $new_url, $var['favicon_path']);
+ variable_set('theme_settings', $var);
+}
+
+$themes = list_themes();
+foreach (array_keys($themes) as $theme) {
+ // Update logo and favicon paths for each theme.
+ if ($var = variable_get('theme_'. $theme .'_settings', FALSE)) {
+ $var['logo_path'] = str_replace($old_url, $new_url, $var['logo_path']);
+ $var['favicon_path'] = str_replace($old_url, $new_url, $var['favicon_path']);
+ variable_set('theme_'. $theme .'_settings', $var);
+ }
+ // Update color module paths.
+ if (module_exists('color')) {
+ foreach (array('_files', '_logo', '_screenshot', '_stylesheets') as $suffix) {
+ if ($var = variable_get('color_'. $theme . $suffix, FALSE)) {
+ variable_set('color_'. $theme . $suffix, str_replace($old_url, $new_url, $var));
+ }
+ }
+ }
+}
diff --git a/platform/provision_drupal.drush.inc b/platform/provision_drupal.drush.inc
index 482677d..8ebb7b1 100644
--- a/platform/provision_drupal.drush.inc
+++ b/platform/provision_drupal.drush.inc
@@ -101,6 +101,7 @@ function drush_provision_drupal_provision_install_backend() {
function provision_drupal_sync_site() {
d()->service('http')->sync(d()->root, array('exclude-sites' => TRUE));
if (d()->type === 'site') {
+ // Sync all filesystem changes to the remote server.
d()->service('http')->sync(d()->site_path, array('no-delete' => TRUE));
}
}
@@ -174,27 +175,42 @@ function _provision_drupal_create_directories($url = NULL, $profile = NULL) {
$chgrp = array();
// special case: platform. do not handle files dir
if ($url != 'all') {
- $mkdir["sites/$url/files"] = 02770;
- $chgrp["sites/$url/files"] = d('@server_master')->web_group;
+ $mkdir["sites/$url/files"] = 02770;
+ $chgrp["sites/$url/files"] = d('@server_master')->web_group;
- $mkdir["sites/$url/files/tmp"] = 02770;
- $chgrp["sites/$url/files/tmp"] = d('@server_master')->web_group;
+ $mkdir["sites/$url/files/tmp"] = 02770;
+ $chgrp["sites/$url/files/tmp"] = d('@server_master')->web_group;
- $mkdir["sites/$url/files/images"] = 02770;
- $chgrp["sites/$url/files/images"] = d('@server_master')->web_group;
+ $mkdir["sites/$url/files/images"] = 02770;
+ $chgrp["sites/$url/files/images"] = d('@server_master')->web_group;
- $mkdir["sites/$url/files/pictures"] = 02770;
- $chgrp["sites/$url/files/pictures"] = d('@server_master')->web_group;
+ $mkdir["sites/$url/files/pictures"] = 02770;
+ $chgrp["sites/$url/files/pictures"] = d('@server_master')->web_group;
+
+ $mkdir["sites/$url/files/css"] = 02770;
+ $chgrp["sites/$url/files/css"] = d('@server_master')->web_group;
+
+ $mkdir["sites/$url/files/js"] = 02770;
+ $chgrp["sites/$url/files/js"] = d('@server_master')->web_group;
+
+ $mkdir["sites/$url/files/ctools"] = 02770;
+ $chgrp["sites/$url/files/ctools"] = d('@server_master')->web_group;
+
+ $mkdir["sites/$url/files/imagecache"] = 02770;
+ $chgrp["sites/$url/files/imagecache"] = d('@server_master')->web_group;
+
+ $mkdir["sites/$url/files/locations"] = 02770;
+ $chgrp["sites/$url/files/locations"] = d('@server_master')->web_group;
// d7 support
- $mkdir["sites/$url/private"] = 02770;
- $chgrp["sites/$url/private"] = d('@server_master')->web_group;
+ $mkdir["sites/$url/private"] = 02770;
+ $chgrp["sites/$url/private"] = d('@server_master')->web_group;
- $mkdir["sites/$url/private/files"] = 02770;
- $chgrp["sites/$url/private/files"] = d('@server_master')->web_group;
+ $mkdir["sites/$url/private/files"] = 02770;
+ $chgrp["sites/$url/private/files"] = d('@server_master')->web_group;
- $mkdir["sites/$url/private/temp"] = 02770;
- $chgrp["sites/$url/private/temp"] = d('@server_master')->web_group;
+ $mkdir["sites/$url/private/temp"] = 02770;
+ $chgrp["sites/$url/private/temp"] = d('@server_master')->web_group;
}
// These paths should not have recursive operations performed on them.
diff --git a/platform/provision_drupal_settings.tpl.php b/platform/provision_drupal_settings.tpl.php
index 0e0f454..88b82a8 100644
--- a/platform/provision_drupal_settings.tpl.php
+++ b/platform/provision_drupal_settings.tpl.php
@@ -60,7 +60,6 @@
$conf['install_profile'] = '<?php print $this->profile ?>';
$conf['file_directory_path'] = 'sites/<?php print $this->uri ?>/files';
$conf['file_directory_temp'] = 'sites/<?php print $this->uri ?>/files/tmp';
- $conf['cache'] = 1;
$conf['clean_url'] = 1;
<?php if (!$this->site_enabled) : ?>
@@ -85,12 +84,12 @@
}
}
- # Additional site configuration settings.
- if (file_exists('<?php print $this->site_path ?>/local.settings.php')) {
- include_once('<?php print $this->site_path ?>/local.settings.php');
- }
-
# Additional host wide configuration settings. Useful for safely specifying configuration settings.
if (file_exists('<?php print $this->platform->server->include_path ?>/global.inc')) {
include_once('<?php print $this->platform->server->include_path ?>/global.inc');
}
+
+ # Additional site configuration settings.
+ if (file_exists('<?php print $this->site_path ?>/local.settings.php')) {
+ include_once('<?php print $this->site_path ?>/local.settings.php');
+ }
diff --git a/platform/verify.provision.inc b/platform/verify.provision.inc
index ab63dc7..f51d173 100644
--- a/platform/verify.provision.inc
+++ b/platform/verify.provision.inc
@@ -46,8 +46,13 @@ function drush_provision_drupal_pre_provision_verify() {
elseif (d()->type === 'platform') {
// create a platform from a makefile, if it doesnt already exist and the makefile does.
if (!provision_file()->exists(d()->root)->status() && !empty(d()->makefile)) {
- drush_log(dt("Platform path does not exists, fetching from drush makefile"));
- drush_backend_invoke("make", array(d()->makefile, d()->root), array('root' => null, 'uri' => null));
+ drush_log(dt("Platform path does not exist, fetching from drush makefile"));
+ $options = array('root' => null, 'uri' => null);
+ // propagate working-copy args downward
+ if (drush_get_option('working-copy')) {
+ $options['working-copy'] = 1;
+ }
+ drush_backend_invoke("make", array(d()->makefile, d()->root), $options);
if (drush_get_error()) {
return drush_set_error("DRUSH_MAKE_FAILED",
"Could not download platform using drush make. No platform present");
diff --git a/provision.api.php b/provision.api.php
index 02b7c6f..da24efd 100644
--- a/provision.api.php
+++ b/provision.api.php
@@ -30,7 +30,7 @@ function drush_hook_provision_services() {
* @param $uri
* URI for the site.
* @param $data
- * Associatiave array of data from provisionConfig_drupal_settings::data.
+ * Associative array of data from provisionConfig_drupal_settings::data.
*
* @return
* Lines to add to the site's settings.php file.
@@ -47,7 +47,7 @@ function drush_hook_provision_drupal_config($uri, $data) {
* To use templating, return an include statement for the template.
*
* @param $data
- * Associatiave array of data from provisionConfig_apache_server::data.
+ * Associative array of data from provisionConfig_apache_server::data.
*
* @return
* Lines to add to the configuration file.
@@ -63,7 +63,7 @@ function drush_hook_provision_apache_server_config($data) {
* To use templating, return an include statement for the template.
*
* @param $data
- * Associatiave array of data from provisionConfig_apache_platform::data.
+ * Associative array of data from provisionConfig_apache_platform::data.
*
* @return
* Lines to add to the configuration file.
@@ -81,7 +81,7 @@ function drush_hook_provision_apache_dir_config($data) {
* @param $uri
* URI for the site.
* @param $data
- * Associatiave array of data from provisionConfig_apache_site::data.
+ * Associative array of data from provisionConfig_apache_site::data.
*
* @return
* Lines to add to the configuration file.
diff --git a/provision.context.inc b/provision.context.inc
index cc14449..84b03ea 100644
--- a/provision.context.inc
+++ b/provision.context.inc
@@ -77,7 +77,7 @@ function provision_context_factory($name) {
$type = 'server';
$record = provision_sitealias_get_record($name);
- $options = array_merge(drush_get_context('stdin'), drush_get_context('options'));
+ $options = array_merge(drush_get_context('stdin'), drush_get_context('options'), drush_get_context('cli'));
if (isset($record['context_type'])) {
$type = $record['context_type'];
@@ -133,7 +133,7 @@ class provisionContext {
*/
function __get($name) {
if ($name == 'options') {
- return array_merge(provision_sitealias_get_record($this->name), array_filter(drush_get_context('stdin')), array_filter(drush_get_context('options')));
+ return array_merge(provision_sitealias_get_record($this->name), array_filter(drush_get_context('stdin')), array_filter(drush_get_context('options')), array_filter(drush_get_context('cli')));
}
if (array_key_exists($name, $this->properties)) {
if (isset($this->oid_map[$name]) && !empty($this->properties[$name])) {
diff --git a/provision.context.server.inc b/provision.context.server.inc
index db7971d..f9764e9 100644
--- a/provision.context.server.inc
+++ b/provision.context.server.inc
@@ -173,14 +173,13 @@ class provisionContext_server extends provisionContext {
'relative' => TRUE,
'keep-dirlinks' => TRUE,
'omit-dir-times' => TRUE,
- 'delete' => TRUE,
), $additional_options);
// We need to do this due to how drush creates the rsync command.
// If the option is present at all , even if false or null, it will
// add it to the command.
- if (!isset($additional_options['no-delete'])) {
+ if (!isset($additional_options['no-delete']) || $additional_options['no-delete'] == FALSE ) {
$options['delete'] = TRUE;
}
diff --git a/provision.drush.inc b/provision.drush.inc
index ab68a67..e8bedbc 100644
--- a/provision.drush.inc
+++ b/provision.drush.inc
@@ -170,6 +170,11 @@ function provision_drush_command() {
'bootstrap' => DRUSH_BOOTSTRAP_DRUPAL_ROOT
);
+ $items['provision-backup_delete'] = array(
+ 'description' => 'Delete a backup file.',
+ 'arguments' => array('backup-file' => dt('The backup file to delete. This will be a gzipped tarball.')),
+ 'bootstrap' => DRUSH_BOOTSTRAP_DRUSH
+ );
$items['hostmaster-migrate'] = array(
'description' => dt('Migrate an instance of the Hostmaster front end to a new platform'),
@@ -203,6 +208,11 @@ function provision_drush_command() {
'example.com' => dt('The url of the site being migrated.')),
);
+ $items['backend-parse'] = array(
+ 'description' => dt('Parse the output of --backend commands to a human readable form'),
+ 'bootstrap' => DRUSH_BOOTSTRAP_DRUSH,
+ );
+
return $items;
}
@@ -227,6 +237,7 @@ function drush_provision_verify() {
function _provision_default_web_group() {
$info = posix_getgrgid(posix_getgid());
$common_groups = array(
+ 'www',
'httpd',
'www-data',
'apache',
diff --git a/provision.inc b/provision.inc
index d545d8d..c096f7d 100644
--- a/provision.inc
+++ b/provision.inc
@@ -43,7 +43,25 @@ function provision_is_local_host($host) {
// your site alias. Note that sometimes 'uname -n' does not return the
// correct value. To fix it, put the correct hostname in /etc/hostname
// and then run 'hostname -F /etc/hostname'.
- return ($host == 'localhost') || ($host == '127.0.0.1') || ($host == strtolower(php_uname('n'))) || ($host == strtolower(gethostbyaddr(gethostbyname(php_uname('n')))));
+ return ($host == 'localhost') ||
+ ($host == '127.0.0.1') ||
+ (gethostbyname($host) == '127.0.0.1') ||
+ (gethostbyname($host) == '127.0.1.1') || // common setting on
+ // ubuntu and friends
+ ($host == strtolower(php_uname('n'))) ||
+ ($host == provision_fqdn());
+}
+
+/**
+ * return the FQDN of the machine or provided host
+ *
+ * this replicates hostname -f, which is not portable
+ */
+function provision_fqdn($host = null) {
+ if (is_null($host)) {
+ $host = php_uname('n');
+ }
+ return strtolower(gethostbyaddr(gethostbyname($host)));
}
/**
@@ -54,7 +72,7 @@ function provision_is_local_host($host) {
function provision_get_base_url() {
$base_url = 'http://' . d()->uri;
- $http_port = d()->web_server->http_port;
+ $http_port = d()->server->http_port;
if (!is_null($http_port) && ($http_port != 80)) {
$base_url .= ':' . $http_port;
}
@@ -280,6 +298,13 @@ function provision_backend_invoke($target, $command, $arguments = array(), $opti
return drush_backend_invoke_args('@' . ltrim($target, '@') . ' ' . $command, $arguments, $options + array('root' => null, 'uri' => null), $mode);
}
+/**
+ * parse the .ini file to get the aegir version
+ */
+function provision_version() {
+ $ini = parse_ini_file(dirname(__FILE__) . '/provision.info');
+ return $ini['version'];
+}
/**
* A base class for the service and file handling classes that implements
diff --git a/provision.info b/provision.info
new file mode 100644
index 0000000..4314649
--- /dev/null
+++ b/provision.info
@@ -0,0 +1,4 @@
+name=Provision
+description="Aegir backend"
+
+version=0.4-rc1
diff --git a/release.sh b/release.sh
index 35b2be1..1676fbb 100644
--- a/release.sh
+++ b/release.sh
@@ -83,6 +83,10 @@ sed -i'.tmp' -e'/^projects\[hostmaster\]\[download\]\[type\]/s/=.*$/ = "get"/' \
echo changing INSTALL.txt to point to tagged install.sh
sed -i'.tmp' -e"/http:\/\/git.aegirproject.org\/?p=provision.git;a=blob_plain;f=install.sh.txt;hb=HEAD/s/HEAD/provision-$version/" docs/INSTALL.txt && git add docs/INSTALL.txt && rm docs/INSTALL.txt.tmp
+echo changing hostmaster-install version
+sed -i'.tmp' -e"s/version *=.*$/version=$version/" provision.info
+git add provision.info && rm provision.info.tmp
+
echo changing UPGRADE.txt to point to tagged upgrade.sh
sed -i'.tmp' -e"/http:\/\/git.aegirproject.org\/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=HEAD/s/HEAD/provision-$version/" docs/UPGRADE.txt && git add docs/UPGRADE.txt && rm docs/UPGRADE.txt.tmp
diff --git a/upgrade.sh.txt b/upgrade.sh.txt
index 256738f..0232045 100644
--- a/upgrade.sh.txt
+++ b/upgrade.sh.txt
@@ -11,17 +11,17 @@
########################################################################
# basic variables, change before running
-AEGIR_VERSION=HEAD
+AEGIR_VERSION="0.4-rc1"
AEGIR_DOMAIN=aegir.example.com
-AEGIR_DIR=/var/aegir
-DRUPAL_DIR=$AEGIR_DIR/hostmaster-$AEGIR_VERSION
+AEGIR_HOME="$HOME"
+DRUPAL_DIR=$AEGIR_HOME/hostmaster-$AEGIR_VERSION
DRUSH_VERSION=6.x-3.3
-DRUSH_MAKE_VERSION=6.x-2.0-beta9
-OLD_DRUPAL_DIR=$AEGIR_DIR/hostmaster-0.4-alpha14
-DRUSH_DIR=$AEGIR_DIR/drush
+DRUSH_MAKE_VERSION=6.x-2.0-beta11
+OLD_DRUPAL_DIR=$AEGIR_HOME/hostmaster-0.4-beta2
+DRUSH_DIR=$AEGIR_HOME/drush
DRUSH="php $DRUSH_DIR/drush.php"
-BACKUP_DIR=$AEGIR_DIR/pre-upgrade-`date '+%F-%H%M'`
+BACKUP_DIR=$AEGIR_HOME/pre-upgrade-`date '+%F-%H%M'`
########################################################################
# functions
@@ -73,10 +73,10 @@ cat <<EOF
* that the following settings are correct
The Aegir version to upgrade to is $AEGIR_VERSION
-The Aegir home dir is $AEGIR_DIR
+The Aegir home dir is $AEGIR_HOME
The new hostmaster platform will be $DRUPAL_DIR
-The version of Drush is $DRUSH_VERSION
-The version of Drush Make is $DRUSH_MAKE_VERSION
+The version of Drush will be $DRUSH_VERSION
+The version of Drush Make will be $DRUSH_MAKE_VERSION
Your Aegir domain is $AEGIR_DOMAIN
Your old hostmaster platform was $OLD_DRUPAL_DIR
The Drush command is "$DRUSH"
@@ -98,7 +98,7 @@ if [ -d $DRUSH_DIR ]; then
mv $DRUSH_DIR $BACKUP_DIR
fi
-cd $AEGIR_DIR
+cd $AEGIR_HOME
wget http://ftp.drupal.org/files/projects/drush-$DRUSH_VERSION.tar.gz
gunzip -c drush-$DRUSH_VERSION.tar.gz | tar -xf -
rm drush-$DRUSH_VERSION.tar.gz
@@ -120,17 +120,11 @@ else
rm provision-$AEGIR_VERSION.tgz
fi
-# fetch new version of drush_make
-if [ `$DRUSH make --version | grep "$DRUSH_MAKE_VERSION" ` ] ; then
- msg "Correct version of Drush Make already seems to be installed."
-else
- cd $HOME/.drush
- if [ -d "drush_make" ] ; then
- msg "Moving existing drush_make into $BACKUP_DIR"
- mv drush_make $BACKUP_DIR
- fi
- $DRUSH dl drush_make-$DRUSH_MAKE_VERSION --destination="$HOME/.drush"
+if [ -d "drush_make" ] ; then
+ msg "Moving existing drush_make into $BACKUP_DIR"
+ mv drush_make $BACKUP_DIR
fi
+$DRUSH dl drush_make-$DRUSH_MAKE_VERSION --destination="$HOME/.drush"
cd $OLD_DRUPAL_DIR
$DRUSH hostmaster-migrate $AEGIR_DOMAIN $DRUPAL_DIR