From: Tom Hughes Date: Tue, 21 Nov 2017 22:56:16 +0000 (+0000) Subject: Modernise wordpress LWRPs X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/1934f47340e1cdd2ffb814c1d9b77d28a3fa621a Modernise wordpress LWRPs --- diff --git a/cookbooks/wordpress/providers/plugin.rb b/cookbooks/wordpress/providers/plugin.rb deleted file mode 100644 index 68c17275b..000000000 --- a/cookbooks/wordpress/providers/plugin.rb +++ /dev/null @@ -1,87 +0,0 @@ -# -# Cookbook Name:: wordpress -# Provider:: wordpress_plugin -# -# Copyright 2015, OpenStreetMap Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -def whyrun_supported? - true -end - -use_inline_resources - -action :create do - if new_resource.source - remote_directory plugin_directory do - cookbook "wordpress" - source new_resource.source - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0o755 - files_owner node[:wordpress][:user] - files_group node[:wordpress][:group] - files_mode 0o755 - end - else - plugin_repository = new_resource.repository || default_repository - - if plugin_repository.end_with?(".git") - git plugin_directory do - action :sync - repository plugin_repository - revision new_resource.revision - user node[:wordpress][:user] - group node[:wordpress][:group] - end - else - subversion plugin_directory do - action :sync - repository plugin_repository - user node[:wordpress][:user] - group node[:wordpress][:group] - ignore_failure plugin_repository.start_with?("http://plugins.svn.wordpress.org/") - end - end - end -end - -action :delete do - directory plugin_directory do - action :delete - recursive true - end -end - -private - -def site_directory - node[:wordpress][:sites][new_resource.site][:directory] -end - -def plugin_directory - "#{site_directory}/wp-content/plugins/#{new_resource.name}" -end - -def default_repository - version = new_resource.version || - Chef::Wordpress.current_plugin_version(new_resource.name) - - if version =~ /trunk/ - "http://plugins.svn.wordpress.org/#{new_resource.name}/trunk" - else - "http://plugins.svn.wordpress.org/#{new_resource.name}/tags/#{version}" - end -end diff --git a/cookbooks/wordpress/providers/site.rb b/cookbooks/wordpress/providers/site.rb deleted file mode 100644 index 79f96b5d2..000000000 --- a/cookbooks/wordpress/providers/site.rb +++ /dev/null @@ -1,198 +0,0 @@ -# -# Cookbook Name:: wordpress -# Provider:: wordpress_site -# -# Copyright 2015, OpenStreetMap Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require "securerandom" - -include Chef::Mixin::EditFile - -def whyrun_supported? - true -end - -use_inline_resources - -action :create do - version = new_resource.version || Chef::Wordpress.current_version - - node.normal_unless[:wordpress][:sites][new_resource.name] = {} - - node.normal[:wordpress][:sites][new_resource.name][:directory] = site_directory - - node.normal_unless[:wordpress][:sites][new_resource.name][:auth_key] = SecureRandom.base64(48) - node.normal_unless[:wordpress][:sites][new_resource.name][:secure_auth_key] = SecureRandom.base64(48) - node.normal_unless[:wordpress][:sites][new_resource.name][:logged_in_key] = SecureRandom.base64(48) - node.normal_unless[:wordpress][:sites][new_resource.name][:nonce_key] = SecureRandom.base64(48) - node.normal_unless[:wordpress][:sites][new_resource.name][:auth_salt] = SecureRandom.base64(48) - node.normal_unless[:wordpress][:sites][new_resource.name][:secure_auth_salt] = SecureRandom.base64(48) - node.normal_unless[:wordpress][:sites][new_resource.name][:logged_in_salt] = SecureRandom.base64(48) - node.normal_unless[:wordpress][:sites][new_resource.name][:nonce_salt] = SecureRandom.base64(48) - - mysql_user "#{new_resource.database_user}@localhost" do - password new_resource.database_password - end - - mysql_database new_resource.database_name do - permissions "#{new_resource.database_user}@localhost" => :all - end - - directory site_directory do - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0o755 - end - - subversion site_directory do - action :sync - repository "http://core.svn.wordpress.org/tags/#{version}" - user node[:wordpress][:user] - group node[:wordpress][:group] - ignore_failure true - end - - wp_config = edit_file "#{site_directory}/wp-config-sample.php" do |line| - line.gsub!(/database_name_here/, new_resource.database_name) - line.gsub!(/username_here/, new_resource.database_user) - line.gsub!(/password_here/, new_resource.database_password) - line.gsub!(/wp_/, new_resource.database_prefix) - - line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:auth_key]}'") - line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:secure_auth_key]}'") - line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:logged_in_key]}'") - line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:nonce_key]}'") - line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:auth_salt]}'") - line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:secure_auth_salt]}'") - line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:logged_in_salt]}'") - line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:nonce_salt]}'") - - if line =~ /define\('WP_DEBUG'/ - line += "\n" - line += "/**\n" - line += " * Don't allow file editing.\n" - line += " */\n" - line += "define('DISALLOW_FILE_EDIT', true);\n" - if new_resource.ssl_enabled - line += "define('FORCE_SSL_LOGIN', true);\n" - line += "define('FORCE_SSL_ADMIN', true);\n" - end - end - - line - end - - file "#{site_directory}/wp-config.php" do - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0o644 - content wp_config - end - - directory "#{site_directory}/wp-content/uploads" do - owner "www-data" - group "www-data" - mode 0o755 - end - - file "#{site_directory}/sitemap.xml" do - action :delete - end - - file "#{site_directory}/sitemap.xml.gz" do - action :delete - end - - cookbook_file "#{site_directory}/googlefac54c35e800caab.html" do - cookbook "wordpress" - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0o644 - backup false - end - - ssl_certificate new_resource.name do - domains [new_resource.name] + Array(new_resource.aliases) - only_if { new_resource.ssl_enabled } - end - - apache_site new_resource.name do - cookbook "wordpress" - template "apache.erb" - directory site_directory - variables :aliases => Array(new_resource.aliases), - :urls => new_resource.urls, - :ssl_enabled => new_resource.ssl_enabled - reload_apache false - end - - http_request "http://#{new_resource.name}/wp-admin/upgrade.php" do - action :nothing - url "http://#{new_resource.name}/wp-admin/upgrade.php?step=1" - subscribes :get, "subversion[#{site_directory}]" - end - - wordpress_plugin "wp-fail2ban" do - site new_resource.name - reload_apache false - end - - script "#{site_directory}/wp-content/plugins/wp-fail2ban" do - action :nothing - interpreter "php" - cwd site_directory - user "wordpress" - code <<-WP_FAIL2BAN - - WP_FAIL2BAN - subscribes :run, "wordpress_plugin[wp-fail2ban]" - end -end - -action :delete do - wordpress_plugin "wp-fail2ban" do - action :delete - site new_resource.name - reload_apache false - end - - apache_site new_resource.name do - action :delete - reload_apache false - end - - directory site_directory do - action :delete - recursive true - end - - mysql_database new_resource.database_name do - action :drop - end - - mysql_user "#{new_resource.database_user}@localhost" do - action :drop - end -end - -def site_directory - new_resource.directory || "/srv/#{new_resource.name}" -end diff --git a/cookbooks/wordpress/providers/theme.rb b/cookbooks/wordpress/providers/theme.rb deleted file mode 100644 index b5427ea1a..000000000 --- a/cookbooks/wordpress/providers/theme.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Cookbook Name:: wordpress -# Provider:: wordpress_theme -# -# Copyright 2015, OpenStreetMap Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -def whyrun_supported? - true -end - -use_inline_resources - -action :create do - if new_resource.source - remote_directory theme_directory do - cookbook "wordpress" - source new_resource.source - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0o755 - files_owner node[:wordpress][:user] - files_group node[:wordpress][:group] - files_mode 0o644 - end - else - theme_repository = new_resource.repository || default_repository - - if theme_repository.end_with?(".git") - git theme_directory do - action :sync - repository theme_repository - revision new_resource.revision - user node[:wordpress][:user] - group node[:wordpress][:group] - end - else - subversion theme_directory do - action :sync - repository theme_repository - user node[:wordpress][:user] - group node[:wordpress][:group] - ignore_failure theme_repository.start_with?("http://themes.svn.wordpress.org/") - end - end - end -end - -action :delete do - directory theme_directory do - action :delete - recursive true - end -end - -private - -def site_directory - node[:wordpress][:sites][new_resource.site][:directory] -end - -def theme_directory - "#{site_directory}/wp-content/themes/#{new_resource.name}" -end - -def default_repository - "http://themes.svn.wordpress.org/#{new_resource.name}/#{new_resource.version}" -end diff --git a/cookbooks/wordpress/resources/plugin.rb b/cookbooks/wordpress/resources/plugin.rb index a1f5ad729..5b3d2b4e7 100644 --- a/cookbooks/wordpress/resources/plugin.rb +++ b/cookbooks/wordpress/resources/plugin.rb @@ -17,16 +17,78 @@ # limitations under the License. # -actions :create, :delete default_action :create -attribute :name, :kind_of => String, :name_attribute => true -attribute :site, :kind_of => String, :required => true -attribute :source, :kind_of => String -attribute :version, :kind_of => String -attribute :repository, :kind_of => String -attribute :revision, :kind_of => String -attribute :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true +property :plugin, :kind_of => String, :name_attribute => true +property :site, :kind_of => String, :required => true +property :source, :kind_of => String +property :version, :kind_of => String +property :repository, :kind_of => String +property :revision, :kind_of => String +property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true + +action :create do + if new_resource.source + remote_directory plugin_directory do + cookbook "wordpress" + source new_resource.source + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0o755 + files_owner node[:wordpress][:user] + files_group node[:wordpress][:group] + files_mode 0o755 + end + else + plugin_repository = new_resource.repository || default_repository + + if plugin_repository.end_with?(".git") + git plugin_directory do + action :sync + repository plugin_repository + revision new_resource.revision + user node[:wordpress][:user] + group node[:wordpress][:group] + end + else + subversion plugin_directory do + action :sync + repository plugin_repository + user node[:wordpress][:user] + group node[:wordpress][:group] + ignore_failure plugin_repository.start_with?("http://plugins.svn.wordpress.org/") + end + end + end +end + +action :delete do + directory plugin_directory do + action :delete + recursive true + end +end + +action_class do + def site_directory + node[:wordpress][:sites][new_resource.site][:directory] + end + + def plugin_directory + "#{site_directory}/wp-content/plugins/#{new_resource.plugin}" + end + + def default_repository + version = new_resource.version || + Chef::Wordpress.current_plugin_version(new_resource.plugin) + + if version =~ /trunk/ + "http://plugins.svn.wordpress.org/#{new_resource.plugin}/trunk" + else + "http://plugins.svn.wordpress.org/#{new_resource.plugin}/tags/#{version}" + end + end +end def after_created notifies :reload, "service[apache2]" if reload_apache diff --git a/cookbooks/wordpress/resources/site.rb b/cookbooks/wordpress/resources/site.rb index a5e19a1ef..2705bac2a 100644 --- a/cookbooks/wordpress/resources/site.rb +++ b/cookbooks/wordpress/resources/site.rb @@ -17,20 +17,195 @@ # limitations under the License. # -actions :create, :delete +require "securerandom" + default_action :create -attribute :name, :kind_of => String, :name_attribute => true -attribute :aliases, :kind_of => [String, Array] -attribute :directory, :kind_of => String -attribute :version, :kind_of => String -attribute :database_name, :kind_of => String, :required => true -attribute :database_user, :kind_of => String, :required => true -attribute :database_password, :kind_of => String, :required => true -attribute :database_prefix, :kind_of => String, :default => "wp_" -attribute :ssl_enabled, :kind_of => [TrueClass, FalseClass], :default => false -attribute :urls, :kind_of => Hash, :default => {} -attribute :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true +property :site, :kind_of => String, :name_attribute => true +property :aliases, :kind_of => [String, Array] +property :directory, :kind_of => String +property :version, :kind_of => String +property :database_name, :kind_of => String, :required => true +property :database_user, :kind_of => String, :required => true +property :database_password, :kind_of => String, :required => true +property :database_prefix, :kind_of => String, :default => "wp_" +property :ssl_enabled, :kind_of => [TrueClass, FalseClass], :default => false +property :urls, :kind_of => Hash, :default => {} +property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true + +action :create do + version = new_resource.version || Chef::Wordpress.current_version + + node.normal_unless[:wordpress][:sites][new_resource.site] = {} + + node.normal[:wordpress][:sites][new_resource.site][:directory] = site_directory + + node.normal_unless[:wordpress][:sites][new_resource.site][:auth_key] = SecureRandom.base64(48) + node.normal_unless[:wordpress][:sites][new_resource.site][:secure_auth_key] = SecureRandom.base64(48) + node.normal_unless[:wordpress][:sites][new_resource.site][:logged_in_key] = SecureRandom.base64(48) + node.normal_unless[:wordpress][:sites][new_resource.site][:nonce_key] = SecureRandom.base64(48) + node.normal_unless[:wordpress][:sites][new_resource.site][:auth_salt] = SecureRandom.base64(48) + node.normal_unless[:wordpress][:sites][new_resource.site][:secure_auth_salt] = SecureRandom.base64(48) + node.normal_unless[:wordpress][:sites][new_resource.site][:logged_in_salt] = SecureRandom.base64(48) + node.normal_unless[:wordpress][:sites][new_resource.site][:nonce_salt] = SecureRandom.base64(48) + + mysql_user "#{new_resource.database_user}@localhost" do + password new_resource.database_password + end + + mysql_database new_resource.database_name do + permissions "#{new_resource.database_user}@localhost" => :all + end + + declare_resource :directory, site_directory do + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0o755 + end + + subversion site_directory do + action :sync + repository "http://core.svn.wordpress.org/tags/#{version}" + user node[:wordpress][:user] + group node[:wordpress][:group] + ignore_failure true + end + + wp_config = edit_file "#{site_directory}/wp-config-sample.php" do |line| + line.gsub!(/database_name_here/, new_resource.database_name) + line.gsub!(/username_here/, new_resource.database_user) + line.gsub!(/password_here/, new_resource.database_password) + line.gsub!(/wp_/, new_resource.database_prefix) + + line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:auth_key]}'") + line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:secure_auth_key]}'") + line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:logged_in_key]}'") + line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:nonce_key]}'") + line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:auth_salt]}'") + line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:secure_auth_salt]}'") + line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:logged_in_salt]}'") + line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:nonce_salt]}'") + + if line =~ /define\('WP_DEBUG'/ + line += "\n" + line += "/**\n" + line += " * Don't allow file editing.\n" + line += " */\n" + line += "define('DISALLOW_FILE_EDIT', true);\n" + if new_resource.ssl_enabled + line += "define('FORCE_SSL_LOGIN', true);\n" + line += "define('FORCE_SSL_ADMIN', true);\n" + end + end + + line + end + + file "#{site_directory}/wp-config.php" do + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0o644 + content wp_config + end + + declare_resource :directory, "#{site_directory}/wp-content/uploads" do + owner "www-data" + group "www-data" + mode 0o755 + end + + file "#{site_directory}/sitemap.xml" do + action :delete + end + + file "#{site_directory}/sitemap.xml.gz" do + action :delete + end + + cookbook_file "#{site_directory}/googlefac54c35e800caab.html" do + cookbook "wordpress" + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0o644 + backup false + end + + ssl_certificate new_resource.site do + domains [new_resource.site] + Array(new_resource.aliases) + only_if { new_resource.ssl_enabled } + end + + apache_site new_resource.site do + cookbook "wordpress" + template "apache.erb" + directory site_directory + variables :aliases => Array(new_resource.aliases), + :urls => new_resource.urls, + :ssl_enabled => new_resource.ssl_enabled + reload_apache false + end + + http_request "http://#{new_resource.site}/wp-admin/upgrade.php" do + action :nothing + url "http://#{new_resource.site}/wp-admin/upgrade.php?step=1" + subscribes :get, "subversion[#{site_directory}]" + end + + wordpress_plugin "wp-fail2ban" do + site new_resource.site + reload_apache false + end + + script "#{site_directory}/wp-content/plugins/wp-fail2ban" do + action :nothing + interpreter "php" + cwd site_directory + user "wordpress" + code <<-WP_FAIL2BAN + + WP_FAIL2BAN + subscribes :run, "wordpress_plugin[wp-fail2ban]" + end +end + +action :delete do + wordpress_plugin "wp-fail2ban" do + action :delete + site new_resource.site + reload_apache false + end + + apache_site new_resource.site do + action :delete + reload_apache false + end + + declare_resource :directory, site_directory do + action :delete + recursive true + end + + mysql_database new_resource.database_name do + action :drop + end + + mysql_user "#{new_resource.database_user}@localhost" do + action :drop + end +end + +action_class do + include Chef::Mixin::EditFile + + def site_directory + new_resource.directory || "/srv/#{new_resource.site}" + end +end def after_created notifies :reload, "service[apache2]" if reload_apache diff --git a/cookbooks/wordpress/resources/theme.rb b/cookbooks/wordpress/resources/theme.rb index 019b9c612..18e119b1d 100644 --- a/cookbooks/wordpress/resources/theme.rb +++ b/cookbooks/wordpress/resources/theme.rb @@ -17,16 +17,71 @@ # limitations under the License. # -actions :create, :delete default_action :create -attribute :name, :kind_of => String, :name_attribute => true -attribute :site, :kind_of => String, :required => true -attribute :source, :kind_of => String -attribute :version, :kind_of => String -attribute :repository, :kind_of => String -attribute :revision, :kind_of => String -attribute :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true +property :theme, :kind_of => String, :name_attribute => true +property :site, :kind_of => String, :required => true +property :source, :kind_of => String +property :version, :kind_of => String +property :repository, :kind_of => String +property :revision, :kind_of => String +property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true + +action :create do + if new_resource.source + remote_directory theme_directory do + cookbook "wordpress" + source new_resource.source + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0o755 + files_owner node[:wordpress][:user] + files_group node[:wordpress][:group] + files_mode 0o644 + end + else + theme_repository = new_resource.repository || default_repository + + if theme_repository.end_with?(".git") + git theme_directory do + action :sync + repository theme_repository + revision new_resource.revision + user node[:wordpress][:user] + group node[:wordpress][:group] + end + else + subversion theme_directory do + action :sync + repository theme_repository + user node[:wordpress][:user] + group node[:wordpress][:group] + ignore_failure theme_repository.start_with?("http://themes.svn.wordpress.org/") + end + end + end +end + +action :delete do + directory theme_directory do + action :delete + recursive true + end +end + +action_class do + def site_directory + node[:wordpress][:sites][new_resource.site][:directory] + end + + def theme_directory + "#{site_directory}/wp-content/themes/#{new_resource.theme}" + end + + def default_repository + "http://themes.svn.wordpress.org/#{new_resource.theme}/#{new_resource.version}" + end +end def after_created notifies :reload, "service[apache2]" if reload_apache