diff --git a/README.txt b/README.txt index 2196fe8d7ff824df5bd7050a2f321acd33358c28..616a169ba04628037b9748ec0ba42ccfa0885c90 100644 --- a/README.txt +++ b/README.txt @@ -6,10 +6,11 @@ This is the backend of the Aegir hosting system. The front end and back end are designed to be run separately, and each front end will also be able to drive multiple back ends. -The most up to date information regarding the project and its goal -can be found in the Aegir wiki page: +The most up to date information regarding the project and its goals +can be found on the Aegir website and the community portal: - http://groups.drupal.org/aegir/overview + http://aegirproject.org + http://community.aegirproject.org To install Aegir, you should follow the INSTALL.txt document in docs/. The HINTS_.txt files can be useful if you have a specific @@ -20,8 +21,8 @@ To upgrade Aegir, follow the UPGRADE.txt document in docs/. The core of the documentation in docs/ should be sufficient to get you started. If you have further questions or are having trouble with Aegir, -head for the documentation wiki: +head for the documentation: - http://groups.drupal.org/aegir-hosting-system/documentation + http://community.aegirproject.org/notebook -Other documentation for developpers is also available in docs/. +Other documentation for developers is also available in docs/. diff --git a/aegir.make b/aegir.make index f923a0b609dd43cd914593447282a8fc9928e4c9..e25eb28e4ee5fc650d5d2ff59d54d8c6e8a0274c 100644 --- a/aegir.make +++ b/aegir.make @@ -4,6 +4,6 @@ api = 2 projects[drupal][type] = "core" projects[hostmaster][type] = "profile" -projects[hostmaster][download][type] = "git" -projects[hostmaster][download][url] = "git://git.aegirproject.org/hostmaster.git" -projects[hostmaster][download][branch] = "master" +projects[hostmaster][download][type] = "get" +projects[hostmaster][download][url] = "http://files.aegirproject.org/hostmaster-0.4-rc1.tgz" +projects[hostmaster][download][directory_name] = "hostmaster" diff --git a/db/db.drush.inc b/db/db.drush.inc index be9f2ea4b1c4e6b8e97a7d818bc87292cf55e2d9..82e09c1f7fdd70ef228756940204db103c8db3eb 100644 --- a/db/db.drush.inc +++ b/db/db.drush.inc @@ -71,7 +71,7 @@ class provisionService_db extends provisionService { function suggest_db_name() { $uri = $this->context->uri; - $suggest_base = substr(str_replace(array('.', '-'), '' , ereg_replace('^www\.', '', $uri)), 0, 16); + $suggest_base = substr(str_replace(array('.', '-'), '' , preg_replace('/^www\./', '', $uri)), 0, 16); if (!$this->database_exists($suggest_base)) { return $suggest_base; @@ -91,8 +91,10 @@ class provisionService_db extends provisionService { /** * Generate a new mysql database and user account for the specified credentials */ - function create_site_database() { - $creds = $this->generate_site_credentials(); + function create_site_database($creds = array()) { + if (!sizeof($creds)) { + $creds = $this->generate_site_credentials(); + } extract($creds); if (!$this->can_create_database()) { @@ -150,12 +152,14 @@ class provisionService_db extends provisionService { } - function import_site_database($dump_file = null) { + function import_site_database($dump_file = null, $creds = array()) { if (is_null($dump_file)) { $dump_file = d()->site_path . '/database.sql'; } - $creds = $this->fetch_site_credentials(); + if (!sizeof($creds)) { + $creds = $this->fetch_site_credentials(); + } $exists = provision_file()->exists($dump_file) ->succeed('Found database dump at @path.') diff --git a/db/mysql/mysql_service.inc b/db/mysql/mysql_service.inc index 10dccaabe4040865643cdd62aec5b9d7da7c755c..cc92ea44d183f85b6a603e57710f7b6bb14db163 100644 --- a/db/mysql/mysql_service.inc +++ b/db/mysql/mysql_service.inc @@ -14,6 +14,8 @@ class provisionService_db_mysql extends provisionService_db_pdo { } function database_exists($name) { + // An underscore in a LIKE clause is a single character wildcard, escape it. + $name = str_replace('_', '\_', $name); $result = $this->query("SHOW DATABASES LIKE '%s'", $name); if ($result) { return $result->fetchColumn(0); @@ -88,7 +90,7 @@ class provisionService_db_mysql extends provisionService_db_pdo { } function grant_host(provisionContext_server $server) { - $command = sprintf('mysql -u intntnllyInvalid -h %s -P %s', + $command = sprintf('mysql -u intntnllyInvalid -h %s -P %s -e ""', escapeshellarg($this->server->remote_host), escapeshellarg($this->server->db_port)); @@ -124,6 +126,13 @@ class provisionService_db_mysql extends provisionService_db_pdo { * We go through all this trouble to hide the password from the commandline, * it's the most secure way (apart from writing a temporary file, which would * create conflicts in parallel runs) + * + * XXX: this needs to be refactored so it: + * - works even if /dev/fd/3 doesn't exit + * - has a meaningful name (we're talking about reading and writing + * dumps here, really, or at least call mysql and mysqldump, not + * just any command) + * - can be pushed upstream to drush (http://drupal.org/node/671906) */ function safe_shell_exec($cmd, $db_host, $db_user, $db_passwd, $dump_file = null) { $mycnf = sprintf('[client] @@ -141,6 +150,7 @@ port=%s 2 => array("pipe", "w"), // stderr is a file to write to 3 => array("pipe", "r"), // fd3 is our special file descriptor where we pass credentials ); + $pipes = array(); $process = proc_open($cmd, $descriptorspec, $pipes); $this->safe_shell_exec_output = ''; if (is_resource($process)) { diff --git a/dns/dns.drush.inc b/dns/dns.drush.inc index 79554cd498997fa678ac2a02c04240564b82591f..6b600342f1685bdc6959fb8d6040482deb5f48ee 100644 --- a/dns/dns.drush.inc +++ b/dns/dns.drush.inc @@ -41,6 +41,9 @@ function drush_dns_provision_zone($action, $zone, $name = null, $type = null, $d break; case 'rr-add': $record = d()->service('dns')->config('zone', $zone)->record_get($name); + if (!is_array($record[$type])) { + $record[$type] = array(); + } $record[$type] = array_merge($record[$type], array($destination)); $status = d()->service('dns')->config('zone', $zone)->record_set($name, $record)->write(); break; @@ -281,7 +284,7 @@ class provisionService_dns extends provisionService { if ($status) { drush_log(dt("creating zone configuration on slaves")); - $status = $this->_each_server("create_zone", $zone); + $status = $this->_each_server("create_zone", array($zone)); } return $status; } @@ -295,7 +298,7 @@ class provisionService_dns extends provisionService { if ($status) { drush_log(dt("deleting zone configuration from slaves")); - $status = $this->_each_server("delete_zone", $zone); + $status = $this->_each_server("delete_zone", array($zone)); } return $status; } diff --git a/docs/HINTS_OSX.txt b/docs/HINTS_OSX.txt index dd6d1cbbe6ee52f9ee7d2d718a66c86d66c791ef..951136c26d690b743d30a96e44d961a11d72b414 100644 --- a/docs/HINTS_OSX.txt +++ b/docs/HINTS_OSX.txt @@ -62,7 +62,11 @@ The first two commands below are optional but recommended. Shell commands:: sudo port selfupdate sudo port upgrade outdated - sudo port install apache2 mysql5-server git-core unzip php52 +mysql5 + sudo port install apache2 mysql5-server git-core unzip php52 php5-posix \ + php5-gd php5-apc +mysql5 + +php5-apc is optional, but highly recommended as it will significantly increase +PHP performance. Watch the output of the last port command carefully, as there are usually some boring tasks for you to perform once the install is @@ -76,7 +80,13 @@ Next we'll create the aegir user and add it to the _www group. This part is very different on Mac OS X than Linux or most other Unices. Must be a NeXTism. The command we will use he is "dscl", which is a short for Directory Service Command Line. In OSX 10.3 and -earlier, that command is "nicl" (short for Net Info Command Line). +earlier, that command is "nicl" (short for Net Info Command Line). It is also +possible to create the user using the "Workgroup Manager" utility included with +OS X Server. To obtain Workgroup Manager for the OS X Client, download the +"Server Admin Tools" from Apple. For example, for Mac OS X 10.6, the admin tools +can be found at: + +http://support.apple.com/downloads/Server_Admin_Tools_10_6 Shell commands:: sudo dscl . -create /Users/aegir NFSHomeDirectory /var/aegir diff --git a/docs/INSTALL.txt b/docs/INSTALL.txt index 5f7448f6e1ebb78a389a65279873293cd26a049f..9a7e62ac03c2ced7ef0cbb337249cc228af90cd1 100644 --- a/docs/INSTALL.txt +++ b/docs/INSTALL.txt @@ -16,7 +16,7 @@ fairly simple. It's 3 basic steps:: 1. Install requirements 2. Configure system requirements, which include:: * create a Aegir user - * configure Apache, MySQL, DNS, etc + * configure Apache (or Nginx with PHP-FPM), MySQL, DNS, etc 3. Run the install script. Those steps are detailed below. The following instructions provide example @@ -32,10 +32,11 @@ bullet-point summary of the steps required for the installation. In case of conflict between INSTALL.txt and other documentation, INSTALL.txt should be considered the canonical source of information. -Also note that those instructions setup a complete Aegir system. If you want -to only setup a new server, it should be sufficient to install requirement -(step 1) and configure them (step 2). You will just need the --backend-only flag -to avoid installing the frontend on the server. +Also note that these instructions setup a complete Aegir system. If you want +to only setup a new remote web/db server, it should be sufficient to install +requirements (step 1), configure them (step 2) and follow the Remote server +how-to which you can find at http://community.aegirproject.org/node/30. + 1. Install software requirements ================================ @@ -51,6 +52,9 @@ The level of access required to be able to configure this system is very far beyond what is commonly available to users with shared hosting. Commands are assumed to be run as root user. +A standard umask of 022 is assumed. This is the default on most systems. + + Web server ---------- @@ -60,6 +64,15 @@ need root access to that server and the server must be reserved for Aegir. Sharing the server with other control panels such as Cpanel, Plesk or AlternC will very likely create problems and is not supported. +Aegir also supports Nginx web server, but requires at least version 0.7.27 or +newer. Since Nginx doesn't provide php-cgi or php-fpm (recommended) modules, +you will need to install and run php-fpm server separately. You can find +useful examples and tips in the third party Barracuda installer available +at http://gitorious.org/aegir/barracuda-octopus. Note: this third party +installer is not supported by the core Aegir developers, but you can find +helpful community support at http://community.aegirproject.org. + + PHP 5.2 ------- @@ -73,12 +86,15 @@ load. As a result, we suggest using PHP 5.2 for the time-being. See http://drupal.org/node/360605 (amongst other issues) for details. + Database server --------------- You will require a database server, obviously. Aegir currently only supports -MySQL. It is preferable to use a dedicated server since Aegir will create -database users and will require a privileged user. +MySQL and MariaDB. It is preferable to use a dedicated (not shared-hosting) +server since Aegir will create database users and will require the use of the +MySQL 'root' user. + Mail transfer agent ------------------- @@ -90,6 +106,7 @@ email". Additional messages will show that site has been removed because of this problem. To remedy the situation simply install an MTA like sendmail, postfix, or exim and do the minimal configuration. + Other utilities: sudo, rsync, git and unzip ------------------------------ @@ -102,13 +119,14 @@ The jQueryUI library is used in the Aegir UI, unzip is required to extract it. Sudo is required to allow the aegir user the limited privilege to restart the webserver when required. Rsync is used to sync files to remote servers. + Summary ------- This may vary according to your platform, but under a Debian derivative, you can install all those packages using the following. -Shell commands:: +Shell commands as root:: apt-get install apache2 php5 php5-cli php5-gd php5-mysql mysql-server \ postfix sudo rsync git-core unzip @@ -148,6 +166,7 @@ the resolved IP address to be the '127.0.0.1' loopback address. If you intend to manage multiple servers using Aegir, you will need to make sure that the IP address is the public IP of this server. + Aegir user ---------- @@ -168,7 +187,7 @@ username if desired. In addition we will create a directory layout for Aegir configuration and backups. -Shell commands:: +Shell commands as root:: adduser --system --group --home /var/aegir aegir adduser aegir www-data #make aegir a user of group www-data @@ -194,7 +213,6 @@ Change the memory_limit directive in /etc/php5/apache2/php.ini to read:: memory_limit = 128M ; Maximum amount of memory a script may consume (128MB) - Apache configuration -------------------- @@ -226,21 +244,47 @@ file. /etc/sudoers configuration:: aegir ALL=NOPASSWD: /usr/sbin/apache2ctl + +Nginx configuration +-------------------- + +Aegir assumes standard Nginx configuration is available on the server, and +generates its own configuration files. The way we enable this is by +symlinking a single file which contains all the configuration necessary. +In Debian-based systems, you should symlink this file inside +``/etc/nginx/conf.d`` that will be parsed on startup. + +Shell command as root:: + + ln -s /var/aegir/config/nginx.conf /etc/nginx/conf.d/aegir.conf + +**Do not reload/restart Nginx after running these commands, it will fail.** +The installer script creates the configuration file referenced by the newly +created symlink. + +The aegir user needs to have sudo access. Add the relevant line to your sudoers +file. + +/etc/sudoers configuration:: + aegir ALL=NOPASSWD: /etc/init.d/nginx + + Remote web servers ------------------ Any number of remote web servers may be configured. They need an aegir user and Apache configuration as above, with the same user name and directory paths. SSH public/private keys should be set up so hostmaster's Aegir user can access -remote web Aegir users with no passwords. The above apache configuration needs -to be performed to. +remote web Aegir users with no passwords. The above Apache configuration needs +to be performed too. They will also need a login shell, which can be modified using the ``chsh`` command. -Shell command as root:: +Shell commands as root:: chsh -s /bin/sh aegir apt-get install rsync apache2 php5 php5-cli php5-mysql + Database configuration ---------------------- @@ -256,9 +300,9 @@ Now you need to restart mysql, to clear any caches. Shell command as root:: /etc/init.d/mysql restart -The installer will prompt you for your MySQL root user password. It will -not store this information, but instead use it to generate a new super -user account for the aegir system. +The installer will prompt you for your MySQL root user password. The root +user will be used to make administrative tasks such as creating new databases, +and granting and revoking access to those databases for sites. Even though MySQL is now listening on all IP's, it will not allow invalid users to connect to the databases, without the correct user accounts configured. @@ -267,18 +311,26 @@ If you are concerned about MySQL being accessible in this way, you can also configure your firewall to only allow incoming connections from certain addresses. This is outside the scope of this document however. + 3. Run the install script ========================= -This section deals with the actual installation of Aegir. +This section deals with the actual installation of Aegir. You can +install aegir in one of two ways: one assumes you have already +downloaded drush and provision, while the other will do that for you. + + +3.1 Installing aegir with only the install.sh script +---------------------------------------------------- There is an install script that takes care of installing the right packages and preparing the backend and frontend install for you. That script needs to be run -as the aegir user created above. This file is available in Provision or can be -downloaded through the web with this command:: +as the aegir user created above, so it needs to be placed somewhere that the +aegir user can access in order to execute it. This file is available in +Provision or can be downloaded through the web with this command:: -Shell commands:: - wget -O install.sh 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=install.sh.txt;hb=HEAD' +Shell command:: + wget -O install.sh 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=install.sh.txt;hb=provision-0.4-rc1' By default, the install script will install the "correct" version of Aegir (ie. if it was downloaded through git, it will install the version from the @@ -286,21 +338,54 @@ git master branch. If you downloaded an official release, it should install the official release.). You can modify which version to install by editing the AEGIR_VERSION variable in the script. -Shell commands:: - su -s /bin/sh aegir -c "sh install.sh aegir.example.com" +Shell command for Apache version:: + su -s /bin/sh aegir -c "sh install.sh" + +Shell command for Nginx version:: + su -s /bin/sh aegir -c "sh install.sh --http_service_type=nginx" Note you must run the above command as root or prefix with sudo. -Be sure to change 'aegir.example.com' to match the URI of your site. +You will be prompted for the information necessary to complete the +installation. + +Once you have run install.sh once, drush and provision should be +installed and you can use the more powerful hostmaster-install command +to retry the install if it failed the first time. + + +3.2 Installing aegir with drush and provision installed +------------------------------------------------------- + +If you have already downloaded drush and provision, you can just install +provision in the commands directory of Drush (either ~aegir/.drush or +/usr/share/drush/commands), if that's not already done. Once provision +is properly installed, you can install all other aegir components using +the hostmaster-install command. + +Shell command:: + + drush hostmaster-install --version=HEAD + +You will be prompted for the required information if not provided on the +commandline. See the inline help for the available options:: + + drush help hostmaster-install + +It is imperative that you provide a valid FQDN to the installer. This is used +for database GRANTs. Remote web servers depend on the FQDN being resolvable +in order to connect back to your Aegir master server if it is used as your +database server for managed sites. + +Upon completion of the installation, the traditional Drupal 'Welcome' e-mail +will be sent to the e-mail address specified by --client_email=(your e-mail) +or if not provided as a command line switch, the address prompted by the +installer process. This e-mail address will also be used as the default e-mail +address of the first user and client in Aegir, but can be changed later. -You can append '--client_email=you@example.com' to keep from being prompted for -an e-mail address during install. The traditional Drupal 'Welcome' e-mail will -be sent to this e-mail address upon completion of the installation. This e-mail -address will also be used as the default e-mail address of the first user and -client in Aegir, but can be changed later. Checkpoint / Finished! ------------ +---------------------- At this point, you have checked out all the code and setup your basic Drupal system (Drupal core, hosting, hostmaster and eldir) that will be the Aegir diff --git a/docs/UPGRADE.txt b/docs/UPGRADE.txt index 778ee90aeac766baac93051f06d02e1b10162051..3d053980b2af8ef06c5390b212bcbfdf1d58a936 100644 --- a/docs/UPGRADE.txt +++ b/docs/UPGRADE.txt @@ -35,6 +35,7 @@ To become aegir user you can issue this command:: Note that /bin/sh is an example. You may wish to instead use the shell of your choice, i.e /bin/bash +A standard umask of 022 is assumed. This is the default on most systems. Upgrade script ============== @@ -50,10 +51,19 @@ the bottom of this document before attempting to run the upgrade.sh script, as the script will assume you have your system set up appropriately to handle the upgrade process. -You can download and run the upgrade.sh script with the following. +You can download the upgrade.sh script with the following command. + +Make sure you download it to somewhere that the aegir user can access in order +to execute it. + +Shell commands:: + wget -O upgrade.sh.txt 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=provision-0.4-rc1' + +You may need to edit the script to set any variables that are different from the +defaults. Pay particular attention to the OLD_DRUPAL_DIR variable, as you may be +upgrading from a different release to the default here. Shell commands:: - wget -O upgrade.sh.txt 'http://git.aegirproject.org/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=HEAD' su -s /bin/sh aegir -c "sh upgrade.sh.txt aegir.example.com" Remember to replace aegir.example.com with the domain of your Aegir installation. @@ -76,20 +86,20 @@ you are reading this document. Shell commands:: - export AEGIR_VERSION=HEAD - export AEGIR_DIR=/var/aegir - export DRUPAL_DIR=$AEGIR_DIR/hostmaster-$AEGIR_VERSION + export AEGIR_VERSION=0.4-rc1 + export AEGIR_HOME="$HOME" + export DRUPAL_DIR=$AEGIR_HOME/hostmaster-$AEGIR_VERSION export DRUSH_VERSION=6.x-3.3 - export DRUSH_MAKE_VERSION=6.x-2.0-beta9 + export DRUSH_MAKE_VERSION=6.x-2.0-beta11 export AEGIR_DOMAIN=aegir.example.com - export OLD_DRUPAL_DIR=$AEGIR_DIR/hostmaster-0.4-alpha9 + export OLD_DRUPAL_DIR=$AEGIR_HOME/hostmaster-0.4-beta2 This document also assumes drush is installed properly and we use an environment variable to simplify the documentation again. Shell commands:: - export DRUSH="php $AEGIR_DIR/drush/drush.php" + export DRUSH="php $AEGIR_HOME/drush/drush.php" Generic upgrade instructions ============================ @@ -124,7 +134,7 @@ frontend. Shell commands:: - cd $AEGIR_DIR + cd $AEGIR_HOME mv drush drush.bak wget http://ftp.drupal.org/files/projects/drush-$DRUSH_VERSION.tar.gz gunzip -c drush-$DRUSH_VERSION.tar.gz | tar -xf - @@ -157,7 +167,6 @@ releases to the latest applicable versions. Once you have upgraded the backend, and you have installed drush_make you will need to run the hostmaster migrate command. - Shell commands:: cd $OLD_DRUPAL_DIR @@ -175,6 +184,11 @@ will be halted as it is necessary for the task queue to be processed. The command above will fetch the latest stable Drupal release, so it can simply be run again when a new security release of Drupal is made available. +If you have customized your Aegir installation and are maintaining your own +makefile, you can use the --makefile flag so the platform is created with +another makefile than the default. Be warned that this may create problems if +the makefile doesn't include the right Aegir modules. + Version-specific upgrade notes ============================== @@ -221,7 +235,7 @@ Finally, set an $AEGIR_IP environment variable for use in the Database configuration step below. Shell commands as root:: - AEGIR_IP=`resolveip $AEGIR_HOST` + AEGIR_IP=`resolveip $AEGIR_HOST | awk {'print $6'}` 0.4 - unzip dependency ---------------------- @@ -264,8 +278,8 @@ You need to re-use the pasword you had for the account before. Shell commands:: - mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@$AEGIR_HOST IDENTIFIED BY 'xxxx' WITH GRANT OPTION;" - mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@$AEGIR_IP IDENTIFIED BY 'xxxx' WITH GRANT OPTION;" + mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@'$AEGIR_HOST' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;" + mysql -u root -p -e "GRANT ALL ON *.* to 'aegir_root'@'$AEGIR_IP' IDENTIFIED BY 'xxxx' WITH GRANT OPTION;" 0.4 - Apache configuration @@ -278,8 +292,7 @@ and a single apache.conf. The vhost.d directory is for virtual hosts, platform.d is for platform-specific configuration and apache.conf is the server-wide configuration file. -After you have completed the migration process as outlined above, -you will need to change the line you added to either the httpd.conf file +You will need to change the line you added to either the httpd.conf file or /etc/apache2/conf.d/aegir file during installation. Open your httpd.conf file and modify:: @@ -290,11 +303,11 @@ To read :: Include /var/aegir/config/apache.conf -If you are upgrading from 0.4 releases between alpha8 and alpha14, you will -need to rename your conf.d directory to post.d in Apache and pre.d in +If you are upgrading from 0.4 releases between alpha8 and (including) alpha14, +you will need to rename your conf.d directory to post.d in Apache and pre.d in Nginx. Example, in Apache:: mv /var/aegir/config/server_master/apache/{conf.d,post.d} Now log into Aegir, and verify the hostmaster platform. This will generate -the correct apache.conf file and restart apache. +the correct apache.conf file and restart Apache. diff --git a/http/apache_ssl/vhost_ssl_disabled.tpl.php b/http/apache_ssl/vhost_ssl_disabled.tpl.php new file mode 100644 index 0000000000000000000000000000000000000000..52e6ee85220cc7d02c75e178340cc04e9a1875d3 --- /dev/null +++ b/http/apache_ssl/vhost_ssl_disabled.tpl.php @@ -0,0 +1,35 @@ +ssl_enabled && $this->ssl_key) : ?> + + > + site_mail) : ?> + ServerAdmin site_mail; ?> + + + DocumentRoot root; ?> + + ServerName uri; ?> + + # Enable SSL handling. + + SSLEngine on + + SSLCertificateFile + + SSLCertificateKeyFile + +aliases)) { + print "\n ServerAlias " . implode("\n ServerAlias ", $this->aliases) . "\n"; + } +?> + + RewriteEngine on + # the ? at the end is to remove any query string in the original url + RewriteRule ^(.*)$ platform->server->web_disable_url . '/' . $this->uri ?>? + + + + + diff --git a/http/http.drush.inc b/http/http.drush.inc index 3f12b56cf6565383b31307f798bf775842766037..2f3b81164643c0a56a5f4899736b85bcd6d65b94 100644 --- a/http/http.drush.inc +++ b/http/http.drush.inc @@ -104,8 +104,8 @@ class provisionService_http_public extends provisionService_http { // Redirection urls - $this->server->setProperty('web_disable_url', $this->server->master_url .'/hosting/disabled'); - $this->server->setProperty('web_maintenance_url', $this->server->master_url .'/hosting/maintenance'); + $this->server->web_disable_url = rtrim($this->server->master_url, '/') .'/hosting/disabled'; + $this->server->web_maintenance_url = rtrim($this->server->master_url, '/') .'/hosting/maintenance'; if (!is_null($this->application_name)) { @@ -114,6 +114,7 @@ class provisionService_http_public extends provisionService_http { $this->server->http_postd_path = "{$app_dir}/post.d"; $this->server->http_platformd_path = "{$app_dir}/platform.d"; $this->server->http_vhostd_path = "{$app_dir}/vhost.d"; + $this->server->http_platforms_path = "{$this->server->aegir_root}/platforms"; } } @@ -142,7 +143,12 @@ class provisionService_http_public extends provisionService_http { provision_file()->create_dir($this->server->http_vhostd_path , dt("Webserver virtual host configuration"), 0700); $this->sync($this->server->http_vhostd_path, array( 'exclude' => $this->server->http_vhostd_path . '/*', // Make sure remote directory is created - )); + )); + + provision_file()->create_dir($this->server->http_platforms_path, dt("Platforms"), 0755); + $this->sync($this->server->http_platforms_path, array( + 'exclude' => $this->server->http_platforms_path . '/*', // Make sure remote directory is created + )); } parent::verify_server_cmd(); diff --git a/http/nginx/nginx_advanced_include.conf b/http/nginx/nginx_advanced_include.conf index a29e6e27aa85ec993216e7348e1b102f1d035bcb..92089b997d3a37bebc2bb107f2839dab898865ba 100644 --- a/http/nginx/nginx_advanced_include.conf +++ b/http/nginx/nginx_advanced_include.conf @@ -5,18 +5,15 @@ ### ### deny crawlers without 403 response ### - if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) { + if ( $http_user_agent ~* (?:HTTrack|HTMLParser|libwww|wget) ) { return 444; } ### - ### deny bots on never cached uri without 403 response + ### deny not compatible request methods without 405 response ### - location ~* ^/(user)|(admin) { - if ($http_user_agent ~* (crawl|goog|bot) ) { + if ( $request_method !~ ^(?:GET|HEAD|POST)$ ) { return 444; - } - try_files $uri $uri/ @cache; } ### @@ -24,84 +21,39 @@ ### http://drupal.org/project/filefield_nginx_progress ### http://github.com/masterzen/nginx-upload-progress-module ### - location ~ (.*)/x-progress-id:(\w*) { + location ~ (?:.*)/x-progress-id:(?:\w*) { + access_log off; rewrite ^(.*)/x-progress-id:(\w*) $1?X-Progress-ID=$2; } location ^~ /progress { + access_log off; report_uploads uploads; } - - ### - ### catch all unspecified requests - ### - location / { - try_files $uri $uri/ @cache; - } - - ### - ### boost compatible cache check - nginx 0.7.27 or newer required with try_files support - ### - location @cache { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; - } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; - } - error_page 405 = @drupal; - add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; - add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; - add_header X-Header "Boost Citrus 1.9"; - charset utf-8; - try_files /cache/normal/$host${uri}_$args.html @drupal; - } - - ### - ### send all not cached requests to drupal with clean URLs support - ### - location @drupal { - rewrite ^/(.*)$ /index.php?q=$1 last; - } - - ### - ### deny listed requests for security reasons - ### - location ~* (/\..*|settings\.php$|\.(htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(Entries.*|Repository|Root|Tag|Template))$ { - deny all; - } ### - ### deny php files here for security reasons (remove 'sites' to allow civicrm install) + ### fix for Aegir & .info .pl domain ext ### - location ~* /(files|themes|sites)/.*\.php$ { - deny all; + location ~* ^/(?:hosting) { + access_log off; + try_files $uri @cache; } - + ### - ### deny direct access to backups - ### - location ~* ^/sites/(.*)/files/backup_migrate/ { - deny all; - } - + ### deny listed requests for security reasons without 403 response ### - ### send all non-static requests to php-fpm - ### - location ~ \.php$ { - try_files $uri @drupal; ### check for existence of php file first - fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000 - track_uploads uploads 60s; ### required for upload progress + location ~* (/\..*|settings\.php$|\.(?:git|htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)$|^(?:Entries.*|Repository|Root|Tag|Template))$ { + return 444; } ### ### make css files compatible with boost caching - nginx 0.7.27 or newer required with try_files support ### - location ~ \.css$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + location ~* \.css$ { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @uncached; access_log off; @@ -113,12 +65,12 @@ ### ### make js files compatible with boost caching - nginx 0.7.27 or newer required with try_files support ### - location ~ \.js$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + location ~* \.js$ { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @uncached; access_log off; @@ -130,12 +82,12 @@ ### ### make json compatible with boost caching - nginx 0.7.27 or newer required with try_files support ### - location ~ \.json$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + location ~* \.json$ { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @uncached; access_log off; @@ -153,55 +105,83 @@ } ### - ### imagecache, crossdomain file for flash and (f)ckeditor support + ### imagecache, imagecache_external and (f)ckeditor support ### - location ~* /(files/imagecache)|(fckeditor)|(ckeditor)|(crossdomain)|(cross-domain)/ { + location ~* /(?:external|system|files/imagecache|files/styles|f?ckeditor)/ { access_log off; expires 30d; # fix common problems with old paths after import from standalone to Aegir multisite - rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4/$5 last; - rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4 last; - rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$1/files/imagecache/$2/$3 last; - rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/images/(.*)$ /sites/$1/files/imagecache/$2/images/$3 last; - rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/www\.(.*)/files/(.*)$ /sites/$1/files/imagecache/$2/$4 last; + rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$host/files/imagecache/$2/$3 last; + rewrite ^/files/imagecache/(.*)$ /sites/$host/files/imagecache/$1 last; + rewrite ^/files/styles/(.*)$ /sites/$host/files/styles/$1 last; try_files $uri @drupal; } ### ### serve & no-log static files & images directly, without all standard drupal rewrites, php-fpm etc. ### - location ~* ^.+\.(jpg|jpeg|gif|png|ico|swf|pdf|doc|xls|tiff|tif|txt|shtml|cgi|bat|pl|dll|asp|exe|class)$ { + location ~* ^.+\.(?:jpe?g|gif|png|ico|swf|pdf|doc|xls|tiff?|txt|cgi|bat|pl|dll|aspx?|exe|class)$ { access_log off; expires 30d; - # allow files to be accessed without /sites/fqdn/ - rewrite ^/files/(.*)$ /sites/$host/files/$1 last; + # allow files/images/downloads to be accessed without /sites/fqdn/ + rewrite ^/files/(.*)$ /sites/$host/files/$1 last; + rewrite ^/images/(.*)$ /sites/$host/files/images/$1 last; + rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last; try_files $uri =404; } ### ### serve & log bigger media/static/archive files directly, without all standard drupal rewrites, php-fpm etc. ### - location ~* ^.+\.(avi|mpg|mpeg|mov|wmv|mp3|mp4|m4a|flv|wav|midi|zip|gz|rar)$ { + location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|t?gz|rar)$ { + expires 30d; + # allow files/downloads to be accessed without /sites/fqdn/ + rewrite ^/files/(.*)$ /sites/$host/files/$1 last; + rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last; + try_files $uri =404; + } + + ### + ### serve & no-log some static files as is, without forcing default_type + ### + location ~* /(?:cross-?domain)\.xml$ { + access_log off; expires 30d; - # allow files to be accessed without /sites/fqdn/ - rewrite ^/files/(.*)$ /sites/$host/files/$1 last; + add_header X-Header "Barracuda Octopus 1.0"; try_files $uri =404; } + ### + ### allow some known php files (like serve.php in the ad module) + ### + location ~* /(?:modules|libraries)/(?:ad|tinybrowser|f?ckeditor|tinymce|wysiwyg_spellcheck)/.*\.php$ { + access_log off; + try_files $uri =404; + fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000 + } + + ### + ### deny listed requests for security reasons without 403 response + ### + location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|script|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) { + return 444; + } + ### ### make feeds compatible with boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support ### location ~* \.xml$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @drupal; + access_log off; add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; - add_header X-Header "Boost Citrus 2.4"; + add_header X-Header "Boost Citrus 2.4"; charset utf-8; types { } default_type application/rss+xml; @@ -212,13 +192,14 @@ ### make feeds compatible with Boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support ### location ~* /feed$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @drupal; + access_log off; add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; add_header X-Header "Boost Citrus 2.5"; @@ -228,6 +209,105 @@ try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal; } + ### + ### deny php env display + ### + location ~* /admin/reports/status/.+ { + access_log off; + rewrite ^ http://$host/admin/reports/status permanent; + } + + ### + ### deny cache details display + ### + location ~* /admin/reports/cache { + access_log off; + rewrite ^ http://$host/admin/reports/status permanent; + } + + ### + ### deny phpinfo details display + ### + location ~* /devel/(?:phpinfo|php) { + access_log off; + rewrite ^ http://$host/admin/reports/status permanent; + } + + ### + ### deny bots on never cached uri without 403 response + ### + location ~* ^/(?:user|admin|node/add) { + if ( $http_user_agent ~* (?:crawl|goog|yahoo|spider|bot|yandex) ) { + return 444; + } + access_log off; + try_files $uri @cache; + } + + ### + ### deny direct access to backups + ### + location ~* ^/sites/.*/files/backup_migrate/ { + access_log off; + deny all; + } + + ### + ### deny direct access to private downloads + ### + location ~* ^/sites/.*/private/ { + access_log off; + deny all; + } + + ### + ### catch all unspecified requests + ### + location / { + try_files $uri @cache; + } + + ### + ### boost compatible cache check - nginx 0.7.27 or newer required with try_files support + ### + location @cache { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; + } + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; + } + error_page 405 = @drupal; + add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; + add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; + add_header X-Header "Boost Citrus 1.9"; + charset utf-8; + try_files /cache/normal/$host${uri}_$args.html @drupal; + } + + ### + ### send all not cached requests to drupal with clean URLs support + ### + location @drupal { + rewrite ^/(.*)$ /index.php?q=$1 last; + } + + ### + ### send all non-static requests to php-fpm, restricted to known php files + ### + location ~* ^/(?:index|boost_stats|update|authorize|xmlrpc)\.php$ { + try_files $uri @drupal; ### check for existence of php file first + fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000 + track_uploads uploads 60s; ### required for upload progress + } + + ### + ### deny access to any not listed above php files + ### + location ~* ^.+\.php$ { + deny all; + } + ####################################################### ### nginx.conf site standard vhost include end ####################################################### diff --git a/http/nginx/nginx_service.inc b/http/nginx/nginx_service.inc index 0acf70d2ab6e69e0aafa6c1cef750814b45c6fcb..a9814498e377f8a3a3d9d1d61f701482a91f058a 100644 --- a/http/nginx/nginx_service.inc +++ b/http/nginx/nginx_service.inc @@ -22,8 +22,9 @@ class provisionService_http_nginx extends provisionService_http_public { $this->server->shell_exec('nginx -V'); $this->server->nginx_has_gzip = preg_match("/(with-http_gzip_static_module)/", implode('', drush_shell_exec_output()), $match); $this->server->nginx_has_upload_progress = preg_match("/(nginx-upload-progress-module)/", implode('', drush_shell_exec_output()), $match); - $this->server->nginx_has_new_version = preg_match("/(nginx\/0\.8\.)/", implode('', drush_shell_exec_output()), $match); - + $this->server->nginx_has_new_version = preg_match("/(Barracuda\/0\.9\.)/", implode('', drush_shell_exec_output()), $match); + $this->server->provision_db_cloaking = FALSE; + $this->server->nginx_web_server = 1; } function verify_server_cmd() { diff --git a/http/nginx/nginx_simple_include.conf b/http/nginx/nginx_simple_include.conf index f9ff2d8b1e35ae4245c17fca62894898bea68dc5..9f058c1fa1855e7bcdfd00ef5986b335f03acba6 100644 --- a/http/nginx/nginx_simple_include.conf +++ b/http/nginx/nginx_simple_include.conf @@ -1,168 +1,85 @@ ####################################################### -### nginx.conf site pre 0.7.27 vhost include start +### nginx.conf site standard vhost include start ####################################################### ### ### deny crawlers without 403 response ### - if ($http_user_agent ~* (HTTrack|HTMLParser|libwww) ) { + if ( $http_user_agent ~* (?:HTTrack|HTMLParser|libwww|wget) ) { return 444; } ### - ### deny bots on never cached uri without 403 response + ### deny not compatible request methods without 405 response ### - location ~* ^/(user)|(admin) { - if ($http_user_agent ~* (crawl|goog|bot) ) { + if ( $request_method !~ ^(?:GET|HEAD|POST)$ ) { return 444; - } - #try_files $uri $uri/ @cache; - if (!-e $request_filename) { - break; - } - error_page 404 = @cache; - } - - ### - ### catch all unspecified requests - ### - location / { - #try_files $uri $uri/ @cache; - if (!-e $request_filename) { - break; - } - error_page 404 = @cache; } - - ### - ### boost compatible cache check - ### - location @cache { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; - } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; - } - error_page 405 = @drupal; - add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; - add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; - add_header X-Header "Boost Citrus 1.9"; - charset utf-8; - #try_files /cache/normal/$host${uri}_$args.html @drupal; - if (-f $document_root/cache/normal/$host${uri}_$args.html) { - rewrite ^/(.+)$ /cache/normal/$host${uri}_$args.html last; - break; - } - error_page 404 = @drupal; - } - - ### - ### send all not cached requests to drupal with clean URLs support - ### - location @drupal { - if (!-e $request_filename) { - rewrite ^/\?q=([^.]+)$ /index.php?q=$1 last; - rewrite ^/(.*)$ /index.php?q=$1 last; - break; - } - } - - ### - ### deny listed requests for security reasons - ### - location ~* (/\..*|settings\.php$|\.(htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(Entries.*|Repository|Root|Tag|Template))$ { - deny all; - } - + ### - ### deny php files here for security reasons (remove 'sites' to allow civicrm install) + ### fix for Aegir & .info .pl domain ext ### - location ~* /(files|themes|sites)/.*\.php$ { - deny all; + location ~* ^/(?:hosting) { + access_log off; + try_files $uri @cache; } - - ### - ### deny direct access to backups + ### - location ~* ^/sites/(.*)/files/backup_migrate/ { - deny all; - } - + ### deny listed requests for security reasons without 403 response ### - ### send all non-static requests to php-fpm - ### - location ~ \.php$ { - if ( $uri !~ "/(files|themes|sites)/") { - fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000 - } - error_page 404 = @drupal; + location ~* (/\..*|settings\.php$|\.(?:git|htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)$|^(?:Entries.*|Repository|Root|Tag|Template))$ { + return 444; } ### - ### make css files compatible with boost caching + ### make css files compatible with boost caching - nginx 0.7.27 or newer required with try_files support ### - location ~ \.css$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + location ~* \.css$ { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @uncached; access_log off; expires max; #if using aggregator add_header X-Header "Boost Citrus 2.1"; - #try_files /cache/perm/$host${uri}_.css $uri =404; - if (-f $document_root/cache/perm/$host${uri}_$args.html) { - rewrite ^/(.+)$ /cache/perm/$host${uri}_$args.html last; - break; - } - error_page 404 = @drupal; + try_files /cache/perm/$host${uri}_.css $uri =404; } ### - ### make js files compatible with boost caching + ### make js files compatible with boost caching - nginx 0.7.27 or newer required with try_files support ### - location ~ \.js$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + location ~* \.js$ { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @uncached; access_log off; expires max; # if using aggregator add_header X-Header "Boost Citrus 2.2"; - #try_files /cache/perm/$host${uri}_.js $uri =404; - if (-f $document_root/cache/perm/$host${uri}_$args.html) { - rewrite ^/(.+)$ /cache/perm/$host${uri}_$args.html last; - break; - } - error_page 404 = @drupal; + try_files /cache/perm/$host${uri}_.js $uri =404; } ### - ### make json compatible with boost caching + ### make json compatible with boost caching - nginx 0.7.27 or newer required with try_files support ### - location ~ \.json$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + location ~* \.json$ { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @uncached; access_log off; expires max; ### if using aggregator add_header X-Header "Boost Citrus 2.3"; - #try_files /cache/normal/$host${uri}_.json $uri =404; - if (-f $document_root/cache/normal/$host${uri}_$args.html) { - rewrite ^/(.+)$ /cache/normal/$host${uri}_$args.html last; - break; - } - error_page 404 = @drupal; + try_files /cache/normal/$host${uri}_.json $uri =404; } ### @@ -174,108 +91,209 @@ } ### - ### imagecache and (f)ckeditor support + ### imagecache, imagecache_external and (f)ckeditor support ### - location ~* /(files/imagecache)|(fckeditor)|(ckeditor)/ { + location ~* /(?:external|system|files/imagecache|files/styles|f?ckeditor)/ { access_log off; expires 30d; # fix common problems with old paths after import from standalone to Aegir multisite - rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)/(.*)/(.*)$ /sites/$1/files/imagecache/$2/$3/$4/$5 last; - rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/images/(.*)$ /sites/$1/files/imagecache/$2/images/$3 last; - #try_files $uri @drupal; - if (!-e $request_filename) { - break; - } - error_page 404 = @drupal; + rewrite ^/sites/(.*)/files/imagecache/(.*)/sites/default/files/(.*)$ /sites/$host/files/imagecache/$2/$3 last; + rewrite ^/files/imagecache/(.*)$ /sites/$host/files/imagecache/$1 last; + rewrite ^/files/styles/(.*)$ /sites/$host/files/styles/$1 last; + try_files $uri @drupal; } ### ### serve & no-log static files & images directly, without all standard drupal rewrites, php-fpm etc. ### - location ~* ^.+\.(jpg|jpeg|gif|png|ico|swf|pdf|doc|xls|tiff|tif|txt|shtml|cgi|bat|pl|dll|asp|exe|class)$ { + location ~* ^.+\.(?:jpe?g|gif|png|ico|swf|pdf|doc|xls|tiff?|txt|cgi|bat|pl|dll|aspx?|exe|class)$ { access_log off; expires 30d; - # allow files to be accessed without /sites/fqdn/ - rewrite ^/files/(.*)$ /sites/$host/files/$1 last; - #try_files $uri =404; - if (!-e $request_filename) { - break; - } - error_page 404 /50x.html; + # allow files/images/downloads to be accessed without /sites/fqdn/ + rewrite ^/files/(.*)$ /sites/$host/files/$1 last; + rewrite ^/images/(.*)$ /sites/$host/files/images/$1 last; + rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last; + try_files $uri =404; } ### ### serve & log bigger media/static/archive files directly, without all standard drupal rewrites, php-fpm etc. ### - location ~* ^.+\.(avi|mpg|mpeg|mov|wmv|mp3|mp4|m4a|flv|wav|midi|zip|gz|rar)$ { + location ~* ^.+\.(?:avi|mpe?g|mov|wmv|mp3|mp4|m4a|ogg|flv|wav|midi|zip|t?gz|rar)$ { expires 30d; - # allow files to be accessed without /sites/fqdn/ - rewrite ^/files/(.*)$ /sites/$host/files/$1 last; - #try_files $uri =404; - if (!-e $request_filename) { - break; - } - error_page 404 /50x.html; + # allow files/downloads to be accessed without /sites/fqdn/ + rewrite ^/files/(.*)$ /sites/$host/files/$1 last; + rewrite ^/downloads/(.*)$ /sites/$host/files/downloads/$1 last; + try_files $uri =404; + } + + ### + ### serve & no-log some static files as is, without forcing default_type + ### + location ~* /(?:cross-?domain)\.xml$ { + access_log off; + expires 30d; + add_header X-Header "Barracuda Octopus 1.0"; + try_files $uri =404; + } + + ### + ### allow some known php files (like serve.php in the ad module) + ### + location ~* /(?:modules|libraries)/(?:ad|tinybrowser|f?ckeditor|tinymce|wysiwyg_spellcheck)/.*\.php$ { + access_log off; + try_files $uri =404; + fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000 + } + + ### + ### deny listed requests for security reasons without 403 response + ### + location ~* (?:delete.+from|insert.+into|select.+from|union.+select|onload|script|\.php.+src|system\(.+|iframe|document\.cookie|alert|\;|\.\.) { + return 444; } ### - ### make feeds compatible with boost caching and set correct mime type + ### make feeds compatible with boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support ### location ~* \.xml$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @drupal; + access_log off; add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; - add_header X-Header "Boost Citrus 2.4"; + add_header X-Header "Boost Citrus 2.4"; charset utf-8; types { } default_type application/rss+xml; - #try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal; - if (-f $document_root/cache/normal/$host${uri}_.xml) { - rewrite ^/(.+)$ /cache/normal/$host${uri}_.xml last; - break; - } - error_page 404 = @drupal; + try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal; } ### - ### make feeds compatible with Boost caching and set correct mime type + ### make feeds compatible with Boost caching and set correct mime type - nginx 0.7.27 or newer required with try_files support ### location ~* /feed$ { - if ( $request_method !~ ^(GET|HEAD)$ ) { - return 405; + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - if ($http_cookie ~ "DRUPAL_UID") { - return 405; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; } error_page 405 = @drupal; + access_log off; add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; add_header X-Header "Boost Citrus 2.5"; charset utf-8; types { } default_type application/rss+xml; - #try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal; - if (-f $document_root/cache/normal/$host${uri}_.xml) { - rewrite ^/(.+)$ /cache/normal/$host${uri}_.xml last; - break; + try_files /cache/normal/$host${uri}_.xml /cache/normal/$host${uri}_.html $uri @drupal; + } + + ### + ### deny php env display + ### + location ~* /admin/reports/status/.+ { + access_log off; + rewrite ^ http://$host/admin/reports/status permanent; + } + + ### + ### deny cache details display + ### + location ~* /admin/reports/cache { + access_log off; + rewrite ^ http://$host/admin/reports/status permanent; + } + + ### + ### deny phpinfo details display + ### + location ~* /devel/(?:phpinfo|php) { + access_log off; + rewrite ^ http://$host/admin/reports/status permanent; + } + + ### + ### deny bots on never cached uri without 403 response + ### + location ~* ^/(?:user|admin|node/add) { + if ( $http_user_agent ~* (?:crawl|goog|yahoo|spider|bot|yandex) ) { + return 444; + } + access_log off; + try_files $uri @cache; + } + + ### + ### deny direct access to backups + ### + location ~* ^/sites/.*/files/backup_migrate/ { + access_log off; + deny all; + } + + ### + ### deny direct access to private downloads + ### + location ~* ^/sites/.*/private/ { + access_log off; + deny all; + } + + ### + ### catch all unspecified requests + ### + location / { + try_files $uri @cache; + } + + ### + ### boost compatible cache check - nginx 0.7.27 or newer required with try_files support + ### + location @cache { + if ( $request_method !~ ^(?:GET|HEAD)$ ) { + return 405; } - error_page 404 = @drupal; + if ( $http_cookie ~ "DRUPAL_UID" ) { + return 405; + } + error_page 405 = @drupal; + add_header Expires "Tue, 24 Jan 1984 08:00:00 GMT"; + add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; + add_header X-Header "Boost Citrus 1.9"; + charset utf-8; + try_files /cache/normal/$host${uri}_$args.html @drupal; + } + + ### + ### send all not cached requests to drupal with clean URLs support + ### + location @drupal { + rewrite ^/(.*)$ /index.php?q=$1 last; + } + + ### + ### send all non-static requests to php-fpm, restricted to known php files + ### + location ~* ^/(?:index|boost_stats|update|authorize|xmlrpc)\.php$ { + try_files $uri @drupal; ### check for existence of php file first + fastcgi_pass 127.0.0.1:9000; ### php-fpm listening on port 9000 } ### - ### helper location for static files 404 error + ### deny access to any not listed above php files ### - location = /50x.html { - root /var/www/nginx-default; + location ~* ^.+\.php$ { + deny all; } ####################################################### -### nginx.conf site pre 0.7.27 vhost include end +### nginx.conf site standard vhost include end ####################################################### diff --git a/http/nginx/server.tpl.php b/http/nginx/server.tpl.php index 8a8b98817a7775d491bd319646bd3a666691a986..9c69d546fd477a02df9856f3befaccffe7c6aca3 100644 --- a/http/nginx/server.tpl.php +++ b/http/nginx/server.tpl.php @@ -25,26 +25,54 @@ fastcgi_param REDIRECT_STATUS 200; fastcgi_index index.php; + ## Default index files + index index.php index.html; + ## Size Limits client_body_buffer_size 64k; client_header_buffer_size 32k; - client_max_body_size 50m; + client_max_body_size 100m; large_client_header_buffers 32 32k; connection_pool_size 256; request_pool_size 4k; - server_names_hash_bucket_size 128; + server_names_hash_bucket_size 512; + server_names_hash_max_size 8192; types_hash_max_size 8192; - types_hash_bucket_size 128; + types_hash_bucket_size 512; + fastcgi_buffer_size 128k; + fastcgi_buffers 256 4k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; ## Timeouts client_body_timeout 60; client_header_timeout 60; send_timeout 60; + lingering_time 30; + lingering_timeout 5; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + ## Open File Performance + open_file_cache max=8000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 3; + open_file_cache_errors on; + + ## FastCGI Caching + fastcgi_cache_path /var/lib/nginx/speed + levels=2:2:2 + keys_zone=speed:50m + inactive=8h + max_size=1g; + ## General Options ignore_invalid_headers on; limit_zone gulag $binary_remote_addr 10m; recursive_error_pages on; + reset_timedout_connection on; + fastcgi_intercept_errors on; ## TCP options tcp_nopush on; @@ -55,19 +83,21 @@ ## Compression gzip_buffers 16 8k; - gzip_comp_level 9; + gzip_comp_level 5; gzip_http_version 1.1; gzip_min_length 10; - gzip_types text/plain text/css image/png image/gif image/jpeg application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip_vary on; gzip_proxied any; gzip_disable "MSIE [1-6]\."; -nginx_has_gzip) { - print ' gzip_static on\;'; +nginx_has_upload_progress) { - print ' upload_progress uploads 1m\;'; +$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress'); +if ($nginx_has_upload_progress) { + print " upload_progress uploads 1m;\n"; } ?> diff --git a/http/nginx/vhost.tpl.php b/http/nginx/vhost.tpl.php index 4a4242d8c021decc6cf1f9f59948ab958345acd4..a7ef4f30a600999fadb2b430a08d37484fcce979 100644 --- a/http/nginx/vhost.tpl.php +++ b/http/nginx/vhost.tpl.php @@ -1,25 +1,35 @@ -server { -include_path . "/fastcgi_params.conf;\n"; +redirection) { + // Redirect all aliases to the main http url using separate vhosts blocks to avoid if{} in Nginx. + foreach ($this->aliases as $alias_url) { + print "server {\n"; + print " listen {$ip_address}:{$http_port};\n"; + print " server_name {$alias_url};\n"; + print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n"; + print "}\n"; + } +} ?> + +server { + include include_path}"; ?>/fastcgi_params.conf; limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address listen ; - server_name uri . ' ' . implode(' ', $this->aliases); ?>; - root root; ?>; - index index.php index.html; + server_name uri; ?>redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> ; + root root}"; ?>; redirection || $ssl_redirection) { if ($ssl_redirection && !$this->redirection) { // redirect aliases in non-ssl to the same alias on ssl. - print "\n rewrite ^/(.*)$ https://\$host/$1 permanent;\n"; + print "\n rewrite ^ https://\$host\$request_uri? permanent;\n"; } elseif ($ssl_redirection && $this->redirection) { // redirect all aliases + main uri to the main https uri. - print "\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n"; + print "\n rewrite ^ https://{$this->uri}\$request_uri? permanent;\n"; } elseif (!$ssl_redirection && $this->redirection) { - // Redirect all aliases to the main http url. - print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ http://{$this->uri}/$1 permanent;\n }\n"; if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) { print " include " . $server->include_path . "/nginx_advanced_include.conf;\n"; } diff --git a/http/nginx/vhost_disabled.tpl.php b/http/nginx/vhost_disabled.tpl.php index d1495077758fe611ee7a0f06468924c9f7f21f48..6ac7bfd4add49a6dc833c2e5eedcbe33125a19cf 100644 --- a/http/nginx/vhost_disabled.tpl.php +++ b/http/nginx/vhost_disabled.tpl.php @@ -1,11 +1,8 @@ server { listen ; server_name uri . ' ' . implode(' ', $this->aliases); ?>; - root root; ?>; - index index.php index.html; - location / { - root /var/www/nginx-default; - index index.html index.htm; - rewrite ^/(.*)$ platform->server->web_disable_url . '/' . $this->uri ?>? permanent; - } + root /var/www/nginx-default; + index index.html index.htm; + + ### Dont't reveal Aegir front-end URL here. } diff --git a/http/nginx_ssl/vhost_ssl.tpl.php b/http/nginx_ssl/vhost_ssl.tpl.php index c2ee59f30e616a21381229cbf98d46f0382deba8..036ccb822f9567ee3cf8cf22a365e01e3d034bbc 100644 --- a/http/nginx_ssl/vhost_ssl.tpl.php +++ b/http/nginx_ssl/vhost_ssl.tpl.php @@ -1,28 +1,36 @@ ssl_enabled && $this->ssl_key) : ?> -server { -include_path . "/fastcgi_ssl_params.conf;\n"; +redirection) { + // Redirect all aliases to the main https url using separate vhosts blocks to avoid if{} in Nginx. + foreach ($this->aliases as $alias_url) { + print "server {\n"; + print " listen {$ip_address}:{$http_ssl_port};\n"; + print " server_name {$alias_url};\n"; + print " rewrite ^ \$scheme://{$this->uri}\$request_uri? permanent;\n"; + print "}\n"; + } +} ?> + +server { + include include_path}"; ?>/fastcgi_ssl_params.conf; limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address listen ; - server_name uri . ' ' . implode(' ', $this->aliases); ?>; - root root; ?>; - index index.php index.html; + server_name uri; ?>redirection && is_array($this->aliases)) : foreach ($this->aliases as $alias_url) : if (trim($alias_url)) : ?> ; + root root}"; ?>; ssl on; ssl_certificate ; ssl_certificate_key ; - ssl_protocols SSLv2 SSLv3 TLSv1; - ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 70; redirection) { - // Redirect all aliases to the main https url. - print "\n if (\$host !~ ^({$this->uri})$ ) {\n rewrite ^/(.*)$ https://{$this->uri}/$1 permanent;\n }\n"; - } - if ($server->nginx_has_new_version || $server->nginx_has_upload_progress) { +$nginx_has_new_version = drush_get_option('nginx_has_new_version'); +$nginx_has_upload_progress = drush_get_option('nginx_has_upload_progress'); + if ($nginx_has_new_version || $nginx_has_upload_progress) { print " include " . $server->include_path . "/nginx_advanced_include.conf;\n"; } else { diff --git a/http/nginx_ssl/vhost_ssl_disabled.tpl.php b/http/nginx_ssl/vhost_ssl_disabled.tpl.php new file mode 100644 index 0000000000000000000000000000000000000000..37479213cb1bc7ba914f48217db2cc41e8a0e13e --- /dev/null +++ b/http/nginx_ssl/vhost_ssl_disabled.tpl.php @@ -0,0 +1,27 @@ + +ssl_enabled && $this->ssl_key) : ?> + +server { + include include_path}"; ?>/fastcgi_ssl_params.conf; + limit_conn gulag 10; # like mod_evasive - this allows max 10 simultaneous connections from one IP address + listen ; + server_name uri . ' ' . implode(' ', $this->aliases); ?>; + root /var/www/nginx-default; + index index.html index.htm; + ssl on; + ssl_certificate ; + ssl_certificate_key ; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:!ADH:!MD5; + ssl_prefer_server_ciphers on; + keepalive_timeout 70; + + ### Dont't reveal Aegir front-end URL here. +} + + + + diff --git a/install.hostmaster.inc b/install.hostmaster.inc index 0b4a8e24ecc582817134f2a0df3fccab0c614328..5fba5f3ebaa88e0985b12505d8cd0b702555dfc3 100644 --- a/install.hostmaster.inc +++ b/install.hostmaster.inc @@ -4,36 +4,147 @@ * @file install the hostmaster system */ -function drush_provision_hostmaster_install($site = NULL) { +function drush_provision_hostmaster_install_validate($site = NULL) { + // set defaults for this whole script + // those are settings that are not prompted to the user but still overridable + drush_set_default('version', provision_version()); + $version = drush_get_option('version'); + $aegir_root = drush_set_default('aegir_root', drush_server_home()); + drush_set_default('root', $aegir_root . '/' . 'hostmaster-' . $version); + drush_set_default('r', drush_get_option('root')); + drush_set_default('script_user', provision_current_user()); + drush_set_default('web_group', _provision_default_web_group()); + drush_set_default('http_service_type', 'apache'); + drush_set_default('drush_make_version', '6.x-2.0-beta11'); + drush_set_default('aegir_db_user', 'root'); + $aegir_db_user = drush_get_option('aegir_db_user'); + drush_set_default('makefile', $aegir_root . '/.drush/provision/aegir.make'); + + drush_print("Aegir $version automated install script"); + drush_print("=============================================================================="); + + if (!$site || !drush_get_option('aegir_host', NULL) || !drush_get_option('aegir_db_pass', NULL) || filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) { + drush_print("Some settings have not been provided and will now be prompted. +Don't worry: you will get to review those settings after the final install"); + } + // now we prompt the user for settings if not provided or not sane if (!$site) { - $site = drush_prompt(dt("Aegir domain name"), "aegir.example.com"); + $site = drush_prompt(dt("Aegir frontend URL"), provision_fqdn()); + } + drush_set_option('site', $site); + + drush_set_default('aegir_host', provision_fqdn()); + drush_set_default('aegir_db_host', 'localhost'); + + if (is_null(drush_get_option('aegir_db_pass', NULL))) { + // XXX: may not be portable everywhere? + system('stty -echo'); + drush_set_option('aegir_db_pass', drush_prompt(dt('MySQL privileged user ("!root") password', array('!root' => $aegir_db_user)))); + system('stty echo'); + print "\n"; // add a newline since the user's didn't print + } + + if (drush_get_option('aegir_host') == 'localhost') { + $default_email = 'webmaster@example.com'; + } else { + $default_email = 'webmaster@' . drush_get_option('aegir_host'); + } + while (!filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) { + $client_email = drush_prompt(dt("Admin user e-mail"), $default_email); + drush_set_option('client_email', $client_email); } - $version = drush_get_option('version', 'HEAD'); - $aegir_root = drush_get_option('aegir_root', drush_server_home()); - $platform = drush_get_option(array('r', 'root'), $aegir_root . '/' . 'hostmaster-' . $version); + drush_print(dt(' +This script will operate the following changes in your system: + +1. Create server-level configuration directories +2. Download drush_make +3. Create the Hostmaster frontend platform +4. Install the frontend site +5. Setup the dispatcher (a user cron job) + +We are making the following assumptions: + * you have read INSTALL.txt and prepared the platform accordingly + * the FQDN of this machine is valid and resolves + * you are executing this script as your "aegir" user + +The following settings will be used: + Aegir frontend URL: !site + Master server FQDN: !fqdn + Aegir root: !home + Aegir user: !user + Web group: !web + Web server: !web_server + Aegir DB host: !db_host + Aegir DB user: !db_user + Aegir DB password: !db_pass + Drush make version: !drush_make + Aegir version: !version + Aegir platform path: !root + Aegir makefile: !makefile + Client email: !email +', array('!site' => $site, + '!fqdn' => drush_get_option('aegir_host'), + '!home' => drush_get_option('aegir_root'), + '!user' => drush_get_option('script_user'), + '!web' => drush_get_option('web_group'), + '!web_server' => drush_get_option('http_service_type'), + '!db_host' => drush_get_option('aegir_db_host'), + '!db_user' => drush_get_option('aegir_db_user'), + '!db_pass' => is_null(drush_get_option('aegir_db_pass', NULL, 'process')) ? '' : '', + '!drush_make' => drush_get_option('drush_make_version'), + '!version' => drush_get_option('version'), + '!root' => drush_get_option(array('r', 'root')), + '!makefile' => drush_get_option('makefile'), + '!email' => drush_get_option('client_email'), + ))); + + if (!drush_confirm(dt('Do you really want to proceed with the install'))) { + return drush_set_error('PROVISION_CANCEL_INSTALL', dt('Installation aborted by user')); + } - $aegir_host = drush_get_option('aegir_host', php_uname('n'), 'options'); - $aegir_db_pass = drush_get_option('aegir_db_pass', 'pass', 'options'); - $aegir_db_user = drush_get_option('aegir_db_user', 'aegir_root', 'options'); - $master_db = sprintf("mysql://%s:%s@%s",$aegir_db_user, $aegir_db_pass, $aegir_host); + return TRUE; +} - // TODO: support creation of an external db server +function drush_provision_hostmaster_install($site = NULL) { + $version = drush_get_option('version'); + $site = drush_get_option('site', provision_fqdn()); + $aegir_root = drush_get_option('aegir_root'); + $platform = drush_get_option(array('r', 'root')); + + $aegir_db_user = drush_get_option('aegir_db_user'); + $aegir_db_pass = drush_get_option('aegir_db_pass'); + $server = '@server_master'; - drush_backend_invoke_args("provision-save", array($server), array( + $master_context = array( 'context_type' => 'server', // files - 'remote_host' => $aegir_host, + 'remote_host' => drush_get_option('aegir_host'), 'aegir_root' => $aegir_root, - 'script_user' => drush_get_option('script_user', provision_current_user()), + 'script_user' => drush_get_option('script_user'), // apache or nginx or.. - 'http_service_type' => drush_get_option('http_service_type', 'apache', 'options'), - 'web_group' => drush_get_option('web_group', _provision_default_web_group()), + 'http_service_type' => drush_get_option('http_service_type'), + 'web_group' => drush_get_option('web_group'), 'master_url' => "http://" . $site, - // mysql - 'db_service_type' => 'mysql', - 'master_db' => $master_db, - )); + ); + + $master_db = sprintf("mysql://%s:%s@%s",$aegir_db_user, $aegir_db_pass, drush_get_option('aegir_db_host')); + if (drush_get_option('aegir_host') == drush_get_option('aegir_db_host')) { + $master_context['db_service_type'] = 'mysql'; + $master_context['master_db'] = $master_db; + $dbserver = $server; + } else { + $dbserver = '@server_' . drush_get_option('aegir_db_host'); + $dbserver_context = array( + 'remote_host' => drush_get_option('aegir_db_host'), + 'context_type' => 'server', + 'db_service_type' => 'mysql', + 'master_db' => $master_db, + ); + drush_backend_invoke_args("provision-save", array($dbserver), $dbserver_context); + provision_backend_invoke($dbserver, 'provision-verify'); + } + drush_backend_invoke_args("provision-save", array($server), $master_context); provision_backend_invoke($server, 'provision-verify'); // exit if an error has occured. @@ -46,7 +157,7 @@ function drush_provision_hostmaster_install($site = NULL) { } if (!function_exists('drush_make_drush_command')) { - drush_backend_invoke('dl', array('drush_make-' . drush_get_option('drush_make_version', '6.x-2.0-beta9'), 'destination' => $aegir_root . '/.drush/')); + drush_backend_invoke('dl', array('drush_make-' . drush_get_option('drush_make_version'), 'destination' => $aegir_root . '/.drush/')); } $platform_name = '@platform_hostmaster'; @@ -55,25 +166,25 @@ function drush_provision_hostmaster_install($site = NULL) { 'server' => $server, 'web_server' => $server, 'root' => $platform, - 'makefile' => $aegir_root . '/.drush/provision/aegir.make', + 'makefile' => drush_get_option('makefile'), )); - provision_backend_invoke($platform_name, 'provision-verify'); + // propagate working-copy args downward + $options = array(); + if (drush_get_option('working-copy')) { + $options['working-copy'] = 1; + } + provision_backend_invoke($platform_name, 'provision-verify', array(), $options); // exit if an error has occured. if (drush_get_error()) { return false; } - while (!filter_var(drush_get_option('client_email'), FILTER_VALIDATE_EMAIL)) { - $client_email = drush_prompt(dt("Admin user e-mail"), "you@example.com"); - drush_set_option('client_email', $client_email); - } - $site_name = '@hostmaster'; drush_backend_invoke_args("provision-save", array($site_name), array( 'context_type' => 'site', 'platform' => $platform_name, - 'db_server' => $server, + 'db_server' => $dbserver, 'uri' => $site, 'client_email' => drush_get_option('client_email'), 'profile' => 'hostmaster', diff --git a/install.sh.txt b/install.sh.txt index 5702c0bd7a50bdf0ebc18a1f6f5d0dc2694000f5..a5d42db1be115d19fa51f000c9c1512c4c4d281a 100644 --- a/install.sh.txt +++ b/install.sh.txt @@ -22,16 +22,14 @@ ######################################################################## # This script takes the following steps: # -# 1. prompt for confirmation -# 2. downloads drush in $AEGIR_HOME -# 3. downloads provision in $AEGIR_HOME/.drush -# 4. delegate the rest of the install to hostmaster-install +# 1. downloads drush in $AEGIR_HOME +# 2. downloads provision in $AEGIR_HOME/.drush +# 3. delegate the rest of the install to hostmaster-install ######################################################################## -# basic variables, change before release -AEGIR_VERSION="HEAD" -DRUSH_VERSION=6.x-3.3 -# when adding a variable here, add it to the display below +# guess the aegir version based on the info file +AEGIR_VERSION="0.4-rc1" +DRUSH_VERSION=6.x-3.3 ######################################################################## # functions @@ -41,28 +39,6 @@ msg() { echo "==> $*" } -# simple prompt -prompt_yes_no() { - while true ; do - printf "$* [Y/n] " - read answer - if [ -z "$answer" ] ; then - return 0 - fi - case $answer in - [Yy]|[Yy][Ee][Ss]) - return 0 - ;; - [Nn]|[Nn][Oo]) - return 1 - ;; - *) - echo "Please answer yes or no" - ;; - esac - done -} - ######################################################################## # Main script @@ -70,65 +46,11 @@ AEGIR_HOME="$HOME" AEGIR_HOST=`uname -n` DRUSH="$AEGIR_HOME/drush/drush.php" -msg "Aegir $AEGIR_VERSION automated install script" - if [ `whoami` = "root" ] ; then msg "This script should be ran as a non-root user" exit 1 fi -_RESOLVEIP=`resolveip $AEGIR_HOST 2> /dev/null` - -if [ -z "$_RESOLVEIP" ] ; then - msg "This server does not have a hostname that resolves to an IP address" - exit 1 -else - AEGIR_HOST_IP=`echo $_RESOLVEIP | cut -d: -f2 | awk '{ print $6}'` - true -fi - -_MYSQLTEST=`mysql -h$AEGIR_HOST_IP -uINVALIDLOGIN -pINVALIDPASS 2>&1 >/dev/null | cat` - -if [ -z `echo $_MYSQLTEST | grep -q "ERROR \(2003\|1130\)"` ] ; then - msg "MySQL is listening on $AEGIR_HOST_IP." - true -else - msg "MySQL is not configured to listen on $AEGIR_HOST_IP." - exit 1 -fi - -msg "This script makes the following assumptions: " -cat < /dev/null && which drush | grep -v 'no drush in' > /dev/null; then msg "Drush is in the path, good" @@ -168,4 +90,4 @@ else fi msg "Installing the frontend" -$DRUSH hostmaster-install --aegir_host=$AEGIR_HOST --aegir_db_user=$AEGIR_DB_USER --aegir_db_pass=$AEGIR_DB_PASS --version=$AEGIR_VERSION $@ +$DRUSH hostmaster-install --version=$AEGIR_VERSION $@ diff --git a/migrate.hostmaster.inc b/migrate.hostmaster.inc index 142789a0086b4894083d70c7b8cf76d3e52d5022..99b308f43dd73fc055bb137d40e847e5d9d721ec 100644 --- a/migrate.hostmaster.inc +++ b/migrate.hostmaster.inc @@ -14,30 +14,15 @@ This command will operate the following changes in your system: 4. remove the cronjob (crontab -r) 5. attempt a migration to the new platform (provision-migrate) 6. start the Aegir frontend again (hostmaster-resume) +7. replace the crontab. We are making the following assumptions: * you have read UPGRADE.txt * you are executing this script as your "aegir" user '); - $go = FALSE; - while (!$go) { - $yesno = trim(strtolower(drush_prompt(dt('Do you really want to proceed with the upgrade'), 'Y/n', TRUE))); - - switch ($yesno) { - case 'no': - case 'n': - return drush_set_error(dt('Upgrade aborted by user')); - break; - case 'yes': - case 'y': - case 'y/n': - $go = TRUE; - break; - default: - drush_print(dt('Please answer "yes" or "no"')); - break; - } + if (!drush_confirm("Do you really want to proceed with the upgrade?")) { + return drush_set_error('PROVISION_CANCEL_MIGRATE', 'Upgrade canceled by user'); } $data = drush_get_merged_options(); @@ -79,13 +64,18 @@ We are making the following assumptions: // add a server record : $server = '@server_master'; + /** + * @deprecated in drush3 it's 'options', in drush 4 it's 'cli', drop + * 'options' when we drop drush3 support + */ + $context = drush_get_context('cli') ? 'cli' : 'options'; drush_backend_invoke_args("provision-save", array($server), array( 'context_type' => 'server', 'aegir_root' => dirname(rtrim($data['config_path'], '/')), 'remote_host' => php_uname('n'), 'script_user' => $data['script_user'], // apache or nginx or.. - 'http_service_type' => drush_get_option('http_service_type', 'apache', 'options'), + 'http_service_type' => drush_get_option('http_service_type', 'apache', $context), 'web_group' => $data['web_group'], 'master_url' => $data['master_url'], 'restart_cmd' => $data['restart_cmd'], @@ -151,9 +141,6 @@ We are making the following assumptions: function drush_provision_pre_hostmaster_migrate($site, $platform) { - if (!drush_confirm("This command will replace your crontab entry. continue?")) { - return drush_set_error('PROVISION_CANCEL_MIGRATE', 'Cancelling'); - } // wipe out cron entry exec('crontab -r'); diff --git a/parse.backend.inc b/parse.backend.inc new file mode 100644 index 0000000000000000000000000000000000000000..48b6a8b0e65ffb87a5be29d0211905778f89ed70 --- /dev/null +++ b/parse.backend.inc @@ -0,0 +1,5 @@ +unlink($filename) + ->succeed('Removed backup file @path') + ->fail('Could not remove backup file @path'); + } + } + else { + drush_set_error(dt('No backup files provided')); + } +} diff --git a/platform/clone.provision.inc b/platform/clone.provision.inc index 865d88a91e0dcc8227184b099ef6cf67d35beedc..795c04686c7280a12b8017d28a7f0ae87a4490b8 100644 --- a/platform/clone.provision.inc +++ b/platform/clone.provision.inc @@ -46,6 +46,13 @@ function drush_provision_drupal_provision_clone($new_uri, $platform = null) { $options['aliases'] = array(); $options['redirection'] = 0; + // XXX: right now we just drop SSL configuration when cloning, because + // we do not check if the site name change is compatible with the + // certificate. This can be removed when we a) check for wildcard + // certs and b) allow the user to change the cert from the UI. + $options['ssl_enabled'] = 0; + unset($options['ssl_key']); + if ($profile = drush_get_option('profile', FALSE)) { $options['profile'] = $profile; } diff --git a/platform/deploy.provision.inc b/platform/deploy.provision.inc index 3313a0e5499675ef2635109a7d7bdc07ea1b150b..86e9566dd5b9b63b0d0f4e7234c8d3be5b87a48f 100644 --- a/platform/deploy.provision.inc +++ b/platform/deploy.provision.inc @@ -145,6 +145,8 @@ function drush_provision_drupal_post_provision_deploy() { drush_include_engine('drupal', 'deploy'); drush_set_option('packages', _scrub_object(provision_drupal_system_map()), 'site'); _provision_drupal_rebuild_caches(); + } else { + drush_log("could not bootstrap drupal after updatedb"); } diff --git a/platform/drupal/deploy.inc b/platform/drupal/deploy.inc index 06ee37231b380833c7891afe6ff756246c551c06..6db72d1f9022b2083546663dd2cb5373259a4b2f 100644 --- a/platform/drupal/deploy.inc +++ b/platform/drupal/deploy.inc @@ -2,7 +2,12 @@ // $Id$ $new_url = d()->uri; -$old_url = drush_get_option('old_uri', $new_url, 'options'); +/** + * @deprecated in drush3 it's 'options', in drush 4 it's 'cli', drop + * 'options' when we drop drush3 support + */ +$context = drush_get_context('cli') ? 'cli' : 'options'; +$old_url = drush_get_option('old_uri', $new_url, $context); /** * @file @@ -17,6 +22,32 @@ drush_log( db_query("UPDATE {files} SET filepath=replace(filepath, 'sites/%s', 'sites/%s')", $old_url, $new_url); db_query("UPDATE {users} SET picture = replace(picture, 'sites/%s', 'sites/%s')", $old_url, $new_url); +db_query("UPDATE {files} SET filepath=replace(filepath, 'sites/default', 'sites/%s')", $new_url); +db_query("UPDATE {users} SET picture = replace(picture, 'sites/default', 'sites/%s')", $new_url); variable_set('file_directory_path', "sites/$new_url/files"); variable_set('file_directory_temp', "sites/$new_url/files/tmp"); +// Global theme settings paths. +if ($var = variable_get('theme_settings', FALSE)) { + $var['logo_path'] = str_replace($old_url, $new_url, $var['logo_path']); + $var['favicon_path'] = str_replace($old_url, $new_url, $var['favicon_path']); + variable_set('theme_settings', $var); +} + +$themes = list_themes(); +foreach (array_keys($themes) as $theme) { + // Update logo and favicon paths for each theme. + if ($var = variable_get('theme_'. $theme .'_settings', FALSE)) { + $var['logo_path'] = str_replace($old_url, $new_url, $var['logo_path']); + $var['favicon_path'] = str_replace($old_url, $new_url, $var['favicon_path']); + variable_set('theme_'. $theme .'_settings', $var); + } + // Update color module paths. + if (module_exists('color')) { + foreach (array('_files', '_logo', '_screenshot', '_stylesheets') as $suffix) { + if ($var = variable_get('color_'. $theme . $suffix, FALSE)) { + variable_set('color_'. $theme . $suffix, str_replace($old_url, $new_url, $var)); + } + } + } +} diff --git a/platform/provision_drupal.drush.inc b/platform/provision_drupal.drush.inc index 482677d060ebaedf8278fc760d99781aba6e1088..8ebb7b121d4babbaa56c73dc1a606bafa529a241 100644 --- a/platform/provision_drupal.drush.inc +++ b/platform/provision_drupal.drush.inc @@ -101,6 +101,7 @@ function drush_provision_drupal_provision_install_backend() { function provision_drupal_sync_site() { d()->service('http')->sync(d()->root, array('exclude-sites' => TRUE)); if (d()->type === 'site') { + // Sync all filesystem changes to the remote server. d()->service('http')->sync(d()->site_path, array('no-delete' => TRUE)); } } @@ -174,27 +175,42 @@ function _provision_drupal_create_directories($url = NULL, $profile = NULL) { $chgrp = array(); // special case: platform. do not handle files dir if ($url != 'all') { - $mkdir["sites/$url/files"] = 02770; - $chgrp["sites/$url/files"] = d('@server_master')->web_group; + $mkdir["sites/$url/files"] = 02770; + $chgrp["sites/$url/files"] = d('@server_master')->web_group; - $mkdir["sites/$url/files/tmp"] = 02770; - $chgrp["sites/$url/files/tmp"] = d('@server_master')->web_group; + $mkdir["sites/$url/files/tmp"] = 02770; + $chgrp["sites/$url/files/tmp"] = d('@server_master')->web_group; - $mkdir["sites/$url/files/images"] = 02770; - $chgrp["sites/$url/files/images"] = d('@server_master')->web_group; + $mkdir["sites/$url/files/images"] = 02770; + $chgrp["sites/$url/files/images"] = d('@server_master')->web_group; - $mkdir["sites/$url/files/pictures"] = 02770; - $chgrp["sites/$url/files/pictures"] = d('@server_master')->web_group; + $mkdir["sites/$url/files/pictures"] = 02770; + $chgrp["sites/$url/files/pictures"] = d('@server_master')->web_group; + + $mkdir["sites/$url/files/css"] = 02770; + $chgrp["sites/$url/files/css"] = d('@server_master')->web_group; + + $mkdir["sites/$url/files/js"] = 02770; + $chgrp["sites/$url/files/js"] = d('@server_master')->web_group; + + $mkdir["sites/$url/files/ctools"] = 02770; + $chgrp["sites/$url/files/ctools"] = d('@server_master')->web_group; + + $mkdir["sites/$url/files/imagecache"] = 02770; + $chgrp["sites/$url/files/imagecache"] = d('@server_master')->web_group; + + $mkdir["sites/$url/files/locations"] = 02770; + $chgrp["sites/$url/files/locations"] = d('@server_master')->web_group; // d7 support - $mkdir["sites/$url/private"] = 02770; - $chgrp["sites/$url/private"] = d('@server_master')->web_group; + $mkdir["sites/$url/private"] = 02770; + $chgrp["sites/$url/private"] = d('@server_master')->web_group; - $mkdir["sites/$url/private/files"] = 02770; - $chgrp["sites/$url/private/files"] = d('@server_master')->web_group; + $mkdir["sites/$url/private/files"] = 02770; + $chgrp["sites/$url/private/files"] = d('@server_master')->web_group; - $mkdir["sites/$url/private/temp"] = 02770; - $chgrp["sites/$url/private/temp"] = d('@server_master')->web_group; + $mkdir["sites/$url/private/temp"] = 02770; + $chgrp["sites/$url/private/temp"] = d('@server_master')->web_group; } // These paths should not have recursive operations performed on them. diff --git a/platform/provision_drupal_settings.tpl.php b/platform/provision_drupal_settings.tpl.php index 0e0f4541ebcfe96290774c9438752d6913ab246c..88b82a8d100075a6b457b594e8d9520823b33560 100644 --- a/platform/provision_drupal_settings.tpl.php +++ b/platform/provision_drupal_settings.tpl.php @@ -60,7 +60,6 @@ $conf['install_profile'] = 'profile ?>'; $conf['file_directory_path'] = 'sites/uri ?>/files'; $conf['file_directory_temp'] = 'sites/uri ?>/files/tmp'; - $conf['cache'] = 1; $conf['clean_url'] = 1; site_enabled) : ?> @@ -85,12 +84,12 @@ } } - # Additional site configuration settings. - if (file_exists('site_path ?>/local.settings.php')) { - include_once('site_path ?>/local.settings.php'); - } - # Additional host wide configuration settings. Useful for safely specifying configuration settings. if (file_exists('platform->server->include_path ?>/global.inc')) { include_once('platform->server->include_path ?>/global.inc'); } + + # Additional site configuration settings. + if (file_exists('site_path ?>/local.settings.php')) { + include_once('site_path ?>/local.settings.php'); + } diff --git a/platform/verify.provision.inc b/platform/verify.provision.inc index ab63dc712435d1b429a146155b32be68ee4cfe9b..f51d17387d465482d03186616edef3ebe6aeb25c 100644 --- a/platform/verify.provision.inc +++ b/platform/verify.provision.inc @@ -46,8 +46,13 @@ function drush_provision_drupal_pre_provision_verify() { elseif (d()->type === 'platform') { // create a platform from a makefile, if it doesnt already exist and the makefile does. if (!provision_file()->exists(d()->root)->status() && !empty(d()->makefile)) { - drush_log(dt("Platform path does not exists, fetching from drush makefile")); - drush_backend_invoke("make", array(d()->makefile, d()->root), array('root' => null, 'uri' => null)); + drush_log(dt("Platform path does not exist, fetching from drush makefile")); + $options = array('root' => null, 'uri' => null); + // propagate working-copy args downward + if (drush_get_option('working-copy')) { + $options['working-copy'] = 1; + } + drush_backend_invoke("make", array(d()->makefile, d()->root), $options); if (drush_get_error()) { return drush_set_error("DRUSH_MAKE_FAILED", "Could not download platform using drush make. No platform present"); diff --git a/provision.api.php b/provision.api.php index 02b7c6f7b1e3f4fc03dfb705c46947a6cfc5d4ba..da24efd659779126924ecb6ff24ae9c347c66ca8 100644 --- a/provision.api.php +++ b/provision.api.php @@ -30,7 +30,7 @@ function drush_hook_provision_services() { * @param $uri * URI for the site. * @param $data - * Associatiave array of data from provisionConfig_drupal_settings::data. + * Associative array of data from provisionConfig_drupal_settings::data. * * @return * Lines to add to the site's settings.php file. @@ -47,7 +47,7 @@ function drush_hook_provision_drupal_config($uri, $data) { * To use templating, return an include statement for the template. * * @param $data - * Associatiave array of data from provisionConfig_apache_server::data. + * Associative array of data from provisionConfig_apache_server::data. * * @return * Lines to add to the configuration file. @@ -63,7 +63,7 @@ function drush_hook_provision_apache_server_config($data) { * To use templating, return an include statement for the template. * * @param $data - * Associatiave array of data from provisionConfig_apache_platform::data. + * Associative array of data from provisionConfig_apache_platform::data. * * @return * Lines to add to the configuration file. @@ -81,7 +81,7 @@ function drush_hook_provision_apache_dir_config($data) { * @param $uri * URI for the site. * @param $data - * Associatiave array of data from provisionConfig_apache_site::data. + * Associative array of data from provisionConfig_apache_site::data. * * @return * Lines to add to the configuration file. diff --git a/provision.context.inc b/provision.context.inc index cc14449494b1e9a12b38821a6815e7ea0b61c3ea..84b03ea6e7adf664ec2cd45bbd478dcec32ae993 100644 --- a/provision.context.inc +++ b/provision.context.inc @@ -77,7 +77,7 @@ function provision_context_factory($name) { $type = 'server'; $record = provision_sitealias_get_record($name); - $options = array_merge(drush_get_context('stdin'), drush_get_context('options')); + $options = array_merge(drush_get_context('stdin'), drush_get_context('options'), drush_get_context('cli')); if (isset($record['context_type'])) { $type = $record['context_type']; @@ -133,7 +133,7 @@ class provisionContext { */ function __get($name) { if ($name == 'options') { - return array_merge(provision_sitealias_get_record($this->name), array_filter(drush_get_context('stdin')), array_filter(drush_get_context('options'))); + return array_merge(provision_sitealias_get_record($this->name), array_filter(drush_get_context('stdin')), array_filter(drush_get_context('options')), array_filter(drush_get_context('cli'))); } if (array_key_exists($name, $this->properties)) { if (isset($this->oid_map[$name]) && !empty($this->properties[$name])) { diff --git a/provision.context.server.inc b/provision.context.server.inc index db7971dbb3c517d3b85f4eb8d7c0fbe26b33e911..f9764e9f010d38c9831f4f05d455146f82c5355a 100644 --- a/provision.context.server.inc +++ b/provision.context.server.inc @@ -173,14 +173,13 @@ class provisionContext_server extends provisionContext { 'relative' => TRUE, 'keep-dirlinks' => TRUE, 'omit-dir-times' => TRUE, - 'delete' => TRUE, ), $additional_options); // We need to do this due to how drush creates the rsync command. // If the option is present at all , even if false or null, it will // add it to the command. - if (!isset($additional_options['no-delete'])) { + if (!isset($additional_options['no-delete']) || $additional_options['no-delete'] == FALSE ) { $options['delete'] = TRUE; } diff --git a/provision.drush.inc b/provision.drush.inc index ab68a672079d217b5ad59dfbd32eed7137fd1c09..e8bedbc9cb64d120628027a1b989bf5a9626386f 100644 --- a/provision.drush.inc +++ b/provision.drush.inc @@ -170,6 +170,11 @@ function provision_drush_command() { 'bootstrap' => DRUSH_BOOTSTRAP_DRUPAL_ROOT ); + $items['provision-backup_delete'] = array( + 'description' => 'Delete a backup file.', + 'arguments' => array('backup-file' => dt('The backup file to delete. This will be a gzipped tarball.')), + 'bootstrap' => DRUSH_BOOTSTRAP_DRUSH + ); $items['hostmaster-migrate'] = array( 'description' => dt('Migrate an instance of the Hostmaster front end to a new platform'), @@ -203,6 +208,11 @@ function provision_drush_command() { 'example.com' => dt('The url of the site being migrated.')), ); + $items['backend-parse'] = array( + 'description' => dt('Parse the output of --backend commands to a human readable form'), + 'bootstrap' => DRUSH_BOOTSTRAP_DRUSH, + ); + return $items; } @@ -227,6 +237,7 @@ function drush_provision_verify() { function _provision_default_web_group() { $info = posix_getgrgid(posix_getgid()); $common_groups = array( + 'www', 'httpd', 'www-data', 'apache', diff --git a/provision.inc b/provision.inc index d545d8dc07ad6485b647fd5ca858ea22d51cbc52..c096f7d158d7932cf20293fb4a382d0de4ce3584 100644 --- a/provision.inc +++ b/provision.inc @@ -43,7 +43,25 @@ function provision_is_local_host($host) { // your site alias. Note that sometimes 'uname -n' does not return the // correct value. To fix it, put the correct hostname in /etc/hostname // and then run 'hostname -F /etc/hostname'. - return ($host == 'localhost') || ($host == '127.0.0.1') || ($host == strtolower(php_uname('n'))) || ($host == strtolower(gethostbyaddr(gethostbyname(php_uname('n'))))); + return ($host == 'localhost') || + ($host == '127.0.0.1') || + (gethostbyname($host) == '127.0.0.1') || + (gethostbyname($host) == '127.0.1.1') || // common setting on + // ubuntu and friends + ($host == strtolower(php_uname('n'))) || + ($host == provision_fqdn()); +} + +/** + * return the FQDN of the machine or provided host + * + * this replicates hostname -f, which is not portable + */ +function provision_fqdn($host = null) { + if (is_null($host)) { + $host = php_uname('n'); + } + return strtolower(gethostbyaddr(gethostbyname($host))); } /** @@ -54,7 +72,7 @@ function provision_is_local_host($host) { function provision_get_base_url() { $base_url = 'http://' . d()->uri; - $http_port = d()->web_server->http_port; + $http_port = d()->server->http_port; if (!is_null($http_port) && ($http_port != 80)) { $base_url .= ':' . $http_port; } @@ -280,6 +298,13 @@ function provision_backend_invoke($target, $command, $arguments = array(), $opti return drush_backend_invoke_args('@' . ltrim($target, '@') . ' ' . $command, $arguments, $options + array('root' => null, 'uri' => null), $mode); } +/** + * parse the .ini file to get the aegir version + */ +function provision_version() { + $ini = parse_ini_file(dirname(__FILE__) . '/provision.info'); + return $ini['version']; +} /** * A base class for the service and file handling classes that implements diff --git a/provision.info b/provision.info new file mode 100644 index 0000000000000000000000000000000000000000..4314649bc46d304f3a2846817d717c01dc96280f --- /dev/null +++ b/provision.info @@ -0,0 +1,4 @@ +name=Provision +description="Aegir backend" + +version=0.4-rc1 diff --git a/release.sh b/release.sh index 35b2be187594b73296cdd1c3b3874f064e1feb99..1676fbb82ec663e7d64f6c0116026b5c0013f398 100644 --- a/release.sh +++ b/release.sh @@ -83,6 +83,10 @@ sed -i'.tmp' -e'/^projects\[hostmaster\]\[download\]\[type\]/s/=.*$/ = "get"/' \ echo changing INSTALL.txt to point to tagged install.sh sed -i'.tmp' -e"/http:\/\/git.aegirproject.org\/?p=provision.git;a=blob_plain;f=install.sh.txt;hb=HEAD/s/HEAD/provision-$version/" docs/INSTALL.txt && git add docs/INSTALL.txt && rm docs/INSTALL.txt.tmp +echo changing hostmaster-install version +sed -i'.tmp' -e"s/version *=.*$/version=$version/" provision.info +git add provision.info && rm provision.info.tmp + echo changing UPGRADE.txt to point to tagged upgrade.sh sed -i'.tmp' -e"/http:\/\/git.aegirproject.org\/?p=provision.git;a=blob_plain;f=upgrade.sh.txt;hb=HEAD/s/HEAD/provision-$version/" docs/UPGRADE.txt && git add docs/UPGRADE.txt && rm docs/UPGRADE.txt.tmp diff --git a/upgrade.sh.txt b/upgrade.sh.txt index 256738fe9a9a111a3121b6e26897a13cc6413d8c..0232045ed59bae648e898eadaf7bc1db0eca444a 100644 --- a/upgrade.sh.txt +++ b/upgrade.sh.txt @@ -11,17 +11,17 @@ ######################################################################## # basic variables, change before running -AEGIR_VERSION=HEAD +AEGIR_VERSION="0.4-rc1" AEGIR_DOMAIN=aegir.example.com -AEGIR_DIR=/var/aegir -DRUPAL_DIR=$AEGIR_DIR/hostmaster-$AEGIR_VERSION +AEGIR_HOME="$HOME" +DRUPAL_DIR=$AEGIR_HOME/hostmaster-$AEGIR_VERSION DRUSH_VERSION=6.x-3.3 -DRUSH_MAKE_VERSION=6.x-2.0-beta9 -OLD_DRUPAL_DIR=$AEGIR_DIR/hostmaster-0.4-alpha14 -DRUSH_DIR=$AEGIR_DIR/drush +DRUSH_MAKE_VERSION=6.x-2.0-beta11 +OLD_DRUPAL_DIR=$AEGIR_HOME/hostmaster-0.4-beta2 +DRUSH_DIR=$AEGIR_HOME/drush DRUSH="php $DRUSH_DIR/drush.php" -BACKUP_DIR=$AEGIR_DIR/pre-upgrade-`date '+%F-%H%M'` +BACKUP_DIR=$AEGIR_HOME/pre-upgrade-`date '+%F-%H%M'` ######################################################################## # functions @@ -73,10 +73,10 @@ cat <