Add wordpress cookbook
authorTom Hughes <tom@compton.nu>
Wed, 2 Oct 2013 21:26:32 +0000 (22:26 +0100)
committerTom Hughes <tom@compton.nu>
Wed, 2 Oct 2013 21:26:32 +0000 (22:26 +0100)
cookbooks/wordpress/README.rdoc [new file with mode: 0644]
cookbooks/wordpress/attributes/default.rb [new file with mode: 0644]
cookbooks/wordpress/definitions/wordpress_plugin.rb [new file with mode: 0644]
cookbooks/wordpress/definitions/wordpress_site.rb [new file with mode: 0644]
cookbooks/wordpress/definitions/wordpress_theme.rb [new file with mode: 0644]
cookbooks/wordpress/files/default/googlefac54c35e800caab.html [new file with mode: 0644]
cookbooks/wordpress/libraries/wordpress.rb [new file with mode: 0644]
cookbooks/wordpress/metadata.rb [new file with mode: 0644]
cookbooks/wordpress/recipes/default.rb [new file with mode: 0644]
cookbooks/wordpress/templates/default/apache.erb [new file with mode: 0644]

diff --git a/cookbooks/wordpress/README.rdoc b/cookbooks/wordpress/README.rdoc
new file mode 100644 (file)
index 0000000..3de2ec7
--- /dev/null
@@ -0,0 +1,8 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:
+
diff --git a/cookbooks/wordpress/attributes/default.rb b/cookbooks/wordpress/attributes/default.rb
new file mode 100644 (file)
index 0000000..615e089
--- /dev/null
@@ -0,0 +1,13 @@
+# Enable the "wordpress" role
+default[:accounts][:users][:wordpress][:status] = :role
+
+# Use prefork as PHP is to dumb for anything else
+default[:apache][:mpm] = "prefork"
+
+# Make sure httpclient and php_serialize are installed
+default[:chef][:gems] |= [ "httpclient", "php_serialize" ]
+
+# Set wordpress defaults
+default[:wordpress][:user] = "wordpress"
+default[:wordpress][:group] = "wordpress"
+default[:wordpress][:sites] = {}
diff --git a/cookbooks/wordpress/definitions/wordpress_plugin.rb b/cookbooks/wordpress/definitions/wordpress_plugin.rb
new file mode 100644 (file)
index 0000000..abc20c3
--- /dev/null
@@ -0,0 +1,69 @@
+#
+# Cookbook Name:: wordpress
+# Definition:: wordpress_plugin
+#
+# Copyright 2013, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :wordpress_plugin, :action => [ :enable ] do
+  name = params[:name]
+  site = params[:site]
+  site_directory = node[:wordpress][:sites][site][:directory]
+  plugin_directory = "#{site_directory}/wp-content/plugins/#{name}"
+  source = params[:source]
+
+  if source
+    remote_directory plugin_directory do
+      cookbook "wordpress"
+      source source
+      owner node[:wordpress][:user]
+      group node[:wordpress][:group]
+      mode 0755
+      files_owner node[:wordpress][:user]
+      files_group node[:wordpress][:group]
+      files_mode 0755
+    end
+  else
+    unless repository = params[:repository]
+      version = params[:version] || Chef::Wordpress.current_plugin_version(name)
+
+      if version =~ /trunk/
+        repository = "http://plugins.svn.wordpress.org/#{name}/trunk"
+      else
+        repository = "http://plugins.svn.wordpress.org/#{name}/tags/#{version}"
+      end
+    end
+
+    if repository =~ /\.git$/
+      git plugin_directory do
+        action :sync
+        repository repository
+        revision params[:revision]
+        user node[:wordpress][:user]
+        group node[:wordpress][:group]
+        notifies :reload, "service[apache2]"
+      end
+    else
+      subversion plugin_directory do
+        action :sync
+        repository repository
+        user node[:wordpress][:user]
+        group node[:wordpress][:group]
+        ignore_failure repository.start_with?("http://plugins.svn.wordpress.org/")
+        notifies :reload, "service[apache2]"
+      end
+    end
+  end
+end
diff --git a/cookbooks/wordpress/definitions/wordpress_site.rb b/cookbooks/wordpress/definitions/wordpress_site.rb
new file mode 100644 (file)
index 0000000..b418f96
--- /dev/null
@@ -0,0 +1,138 @@
+#
+# Cookbook Name:: wordpress
+# Definition:: wordpress_site
+#
+# Copyright 2013, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :wordpress_site, :action => [ :create, :enable ] do
+  name = params[:name]
+  aliases = Array(params[:aliases])
+  urls = Array(params[:urls])
+  directory = params[:directory] || "/srv/#{name}"
+  version = params[:version] || Chef::Wordpress.current_version
+  database_name = params[:database_name]
+  database_user = params[:database_user]
+  database_password = params[:database_password]
+  database_prefix = params[:database_prefix] || "wp_"
+
+  node.set_unless[:wordpress][:sites][name] = {}
+
+  node.set[:wordpress][:sites][name][:directory] = directory
+
+  node.set_unless[:wordpress][:sites][name][:auth_key] = random_password(64)
+  node.set_unless[:wordpress][:sites][name][:secure_auth_key] = random_password(64)
+  node.set_unless[:wordpress][:sites][name][:logged_in_key] = random_password(64)
+  node.set_unless[:wordpress][:sites][name][:nonce_key] = random_password(64)
+  node.set_unless[:wordpress][:sites][name][:auth_salt] = random_password(64)
+  node.set_unless[:wordpress][:sites][name][:secure_auth_salt] = random_password(64)
+  node.set_unless[:wordpress][:sites][name][:logged_in_salt] = random_password(64)
+  node.set_unless[:wordpress][:sites][name][:nonce_salt] = random_password(64)
+
+  mysql_user "#{database_user}@localhost" do
+    password database_password
+  end
+
+  mysql_database database_name do
+    permissions "#{database_user}@localhost" => :all
+  end
+
+  directory directory do
+    owner node[:wordpress][:user]
+    group node[:wordpress][:group]
+    mode 0755
+  end
+
+  subversion directory do
+    action :sync
+    repository "http://core.svn.wordpress.org/tags/#{version}"
+    user node[:wordpress][:user]
+    group node[:wordpress][:group]
+    ignore_failure true
+    notifies :reload, "service[apache2]"
+  end
+
+  file "#{directory}/wp-config.php" do
+    owner node[:wordpress][:user]
+    group node[:wordpress][:group]
+    mode 0644
+    content_from_file "#{directory}/wp-config-sample.php" do |line|
+      line.gsub!(/database_name_here/, database_name)
+      line.gsub!(/username_here/, database_user)
+      line.gsub!(/password_here/, database_password)
+      line.gsub!(/wp_/, database_prefix)
+
+      line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_key]}'")
+      line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_key]}'")
+      line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_key]}'")
+      line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_key]}'")
+      line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_salt]}'")
+      line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_salt]}'")
+      line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_salt]}'")
+      line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_salt]}'")
+
+      if line =~ /define\('WP_DEBUG'/
+        line += "\n"
+        line += "/**\n"
+        line += " * Don't allow file editing.\n"
+        line += " */\n"
+        line += "define('DISALLOW_FILE_EDIT', true);\n"
+      end
+
+      line
+    end
+    notifies :reload, "service[apache2]"
+  end
+
+  directory "#{directory}/wp-content/uploads" do
+    owner "www-data"
+    group "www-data"
+    mode 0755
+  end
+
+  file "#{directory}/sitemap.xml" do
+    owner "www-data"
+    group "www-data"
+    mode 0644
+  end
+
+  file "#{directory}/sitemap.xml.gz" do
+    owner "www-data"
+    group "www-data"
+    mode 0644
+  end
+
+  cookbook_file "#{directory}/googlefac54c35e800caab.html" do
+    cookbook "wordpress"
+    owner node[:wordpress][:user]
+    group node[:wordpress][:group]
+    mode 0644
+    backup false
+  end
+
+  apache_site name do
+    cookbook "wordpress"
+    template "apache.erb"
+    directory directory
+    variables :aliases => aliases, :urls => urls
+    notifies :reload, "service[apache2]"
+  end
+
+  http_request "http://#{name}/wp-admin/upgrade.php" do
+    action :nothing
+    url "http://#{name}/wp-admin/upgrade.php?step=1"
+    subscribes :get, "subversion[#{directory}]"
+  end
+end
diff --git a/cookbooks/wordpress/definitions/wordpress_theme.rb b/cookbooks/wordpress/definitions/wordpress_theme.rb
new file mode 100644 (file)
index 0000000..efdcbe9
--- /dev/null
@@ -0,0 +1,64 @@
+#
+# Cookbook Name:: wordpress
+# Definition:: wordpress_theme
+#
+# Copyright 2013, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :wordpress_theme, :action => [ :enable ] do
+  name = params[:name]
+  site = params[:site]
+  site_directory = node[:wordpress][:sites][site][:directory]
+  theme_directory = "#{site_directory}/wp-content/themes/#{name}"
+  source = params[:source]
+
+  if source
+    remote_directory theme_directory do
+      cookbook "wordpress"
+      source source
+      owner node[:wordpress][:user]
+      group node[:wordpress][:group]
+      mode 0755
+      files_owner node[:wordpress][:user]
+      files_group node[:wordpress][:group]
+      files_mode 0644
+    end
+  else
+    unless repository = params[:repository]
+      version = params[:version] || node[:wordpress][:plugins][name][:version]
+      repository = "http://themes.svn.wordpress.org/#{name}/#{version}"
+    end
+
+    if repository =~ /\.git$/
+      git theme_directory do
+        action :sync
+        repository repository
+        revision params[:revision]
+        user node[:wordpress][:user]
+        group node[:wordpress][:group]
+        notifies :reload, "service[apache2]"
+      end
+    else
+      subversion theme_directory do
+        action :sync
+        repository repository
+        user node[:wordpress][:user]
+        group node[:wordpress][:group]
+        ignore_failure repository.start_with?("http://themes.svn.wordpress.org/")
+        notifies :reload, "service[apache2]"
+      end
+    end
+  end
+end
diff --git a/cookbooks/wordpress/files/default/googlefac54c35e800caab.html b/cookbooks/wordpress/files/default/googlefac54c35e800caab.html
new file mode 100644 (file)
index 0000000..550556d
--- /dev/null
@@ -0,0 +1 @@
+google-site-verification: googlefac54c35e800caab.html
diff --git a/cookbooks/wordpress/libraries/wordpress.rb b/cookbooks/wordpress/libraries/wordpress.rb
new file mode 100644 (file)
index 0000000..8ebb146
--- /dev/null
@@ -0,0 +1,43 @@
+require 'chef/mixin/command'
+
+class Chef
+  module Wordpress
+    extend Chef::Mixin::Command
+
+    @api_responses = {}
+    @svn_responses = {}
+
+    def self.current_version
+      core_version_check["offers"].first["current"]
+    end
+
+    def self.current_plugin_version(name)
+      if svn_cat("http://plugins.svn.wordpress.org/#{name}/trunk/readme.txt") =~ /Stable tag:\s*([^\s\r]*)[\s\r]*/
+        $1
+      else
+        "trunk"
+      end
+    end
+
+  private
+
+    def self.core_version_check
+      api_get("http://api.wordpress.org/core/version-check/1.6")
+    end
+
+    def self.api_get(url)
+      @api_responses[url] ||= ::PHP.unserialize(::HTTPClient.new.get_content(url))
+    end
+
+    def self.svn_cat(url)
+      unless @svn_responses[url]
+        status, stdout, stderr = output_of_command("svn cat #{url}", {})
+        handle_command_failures(status, "STDOUT: #{stdout}\nSTDERR: #{stderr}", :output_on_failure => true)
+
+        @svn_responses[url] = stdout.force_encoding("UTF-8")
+      end
+
+      @svn_responses[url]
+    end
+  end
+end
diff --git a/cookbooks/wordpress/metadata.rb b/cookbooks/wordpress/metadata.rb
new file mode 100644 (file)
index 0000000..440b8e4
--- /dev/null
@@ -0,0 +1,9 @@
+maintainer        "OpenStreetMap Administrators"
+maintainer_email  "admins@openstreetmap.org"
+license           "Apache 2.0"
+description       "Installs and configures Wordpress"
+long_description  IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version           "1.0.0"
+depends           "apache"
+depends           "chef"
+depends           "mysql"
diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb
new file mode 100644 (file)
index 0000000..36485d2
--- /dev/null
@@ -0,0 +1,32 @@
+#
+# Cookbook Name:: wordpress
+# Recipe:: default
+#
+# Copyright 2013, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache"
+include_recipe "chef::gems"
+include_recipe "mysql"
+
+package "subversion"
+
+package "php5"
+package "php5-mysql"
+
+package "php-apc"
+
+apache_module "php5"
+apache_module "rewrite"
diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
new file mode 100644 (file)
index 0000000..1af8f3b
--- /dev/null
@@ -0,0 +1,63 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+<VirtualHost *:80>
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+
+  ServerAdmin webmaster@openstreetmap.org
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+  DocumentRoot <%= @directory %>
+<% @urls.each do |url,directory| -%>
+  Alias <%= url %> <%= directory %>
+<% end -%>
+
+  php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/
+  php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
+  php_value upload_max_filesize 70M
+  php_value post_max_size 100M
+
+  <Directory <%= @directory %>>
+    RewriteEngine on
+
+    RewriteRule ^wp-admin/includes/ - [F,L]
+    RewriteRule !^wp-includes/ - [S=3]
+    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
+    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
+    RewriteRule ^wp-includes/theme-compat/ - [F,L]
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteRule . /index.php [L]
+    Options -Indexes
+  </Directory>
+
+  <Files <%= @directory %>/wp-config.php>
+    Order allow,deny
+    Deny from all
+  </Files>
+
+  <Directory <%= @directory %>/uploads>
+    AllowOverride None
+    AddType text/plain .html .htm .shtml
+    php_admin_flag engine off
+  </Directory>
+
+  <Directory ~ "\.svn">
+    Order allow,deny
+    Deny from all
+  </Directory>
+
+  <Directory ~ "\.git">
+    Order allow,deny
+    Deny from all
+  </Directory>
+
+  <Files ~ "~$">
+    Order allow,deny
+    Deny from all
+  </Files>
+</VirtualHost>