From: Tom Hughes Date: Wed, 2 Oct 2013 21:26:32 +0000 (+0100) Subject: Add wordpress cookbook X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/2c854e9952890a119750a187479eb2701107705f?hp=5127e1fd6790edcb0ad3ef3c237808610b0e1f72;ds=sidebyside Add wordpress cookbook --- diff --git a/cookbooks/wordpress/README.rdoc b/cookbooks/wordpress/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/wordpress/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/wordpress/attributes/default.rb b/cookbooks/wordpress/attributes/default.rb new file mode 100644 index 000000000..615e08925 --- /dev/null +++ b/cookbooks/wordpress/attributes/default.rb @@ -0,0 +1,13 @@ +# Enable the "wordpress" role +default[:accounts][:users][:wordpress][:status] = :role + +# Use prefork as PHP is to dumb for anything else +default[:apache][:mpm] = "prefork" + +# Make sure httpclient and php_serialize are installed +default[:chef][:gems] |= [ "httpclient", "php_serialize" ] + +# Set wordpress defaults +default[:wordpress][:user] = "wordpress" +default[:wordpress][:group] = "wordpress" +default[:wordpress][:sites] = {} diff --git a/cookbooks/wordpress/definitions/wordpress_plugin.rb b/cookbooks/wordpress/definitions/wordpress_plugin.rb new file mode 100644 index 000000000..abc20c388 --- /dev/null +++ b/cookbooks/wordpress/definitions/wordpress_plugin.rb @@ -0,0 +1,69 @@ +# +# Cookbook Name:: wordpress +# Definition:: wordpress_plugin +# +# Copyright 2013, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :wordpress_plugin, :action => [ :enable ] do + name = params[:name] + site = params[:site] + site_directory = node[:wordpress][:sites][site][:directory] + plugin_directory = "#{site_directory}/wp-content/plugins/#{name}" + source = params[:source] + + if source + remote_directory plugin_directory do + cookbook "wordpress" + source source + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0755 + files_owner node[:wordpress][:user] + files_group node[:wordpress][:group] + files_mode 0755 + end + else + unless repository = params[:repository] + version = params[:version] || Chef::Wordpress.current_plugin_version(name) + + if version =~ /trunk/ + repository = "http://plugins.svn.wordpress.org/#{name}/trunk" + else + repository = "http://plugins.svn.wordpress.org/#{name}/tags/#{version}" + end + end + + if repository =~ /\.git$/ + git plugin_directory do + action :sync + repository repository + revision params[:revision] + user node[:wordpress][:user] + group node[:wordpress][:group] + notifies :reload, "service[apache2]" + end + else + subversion plugin_directory do + action :sync + repository repository + user node[:wordpress][:user] + group node[:wordpress][:group] + ignore_failure repository.start_with?("http://plugins.svn.wordpress.org/") + notifies :reload, "service[apache2]" + end + end + end +end diff --git a/cookbooks/wordpress/definitions/wordpress_site.rb b/cookbooks/wordpress/definitions/wordpress_site.rb new file mode 100644 index 000000000..b418f9615 --- /dev/null +++ b/cookbooks/wordpress/definitions/wordpress_site.rb @@ -0,0 +1,138 @@ +# +# Cookbook Name:: wordpress +# Definition:: wordpress_site +# +# Copyright 2013, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :wordpress_site, :action => [ :create, :enable ] do + name = params[:name] + aliases = Array(params[:aliases]) + urls = Array(params[:urls]) + directory = params[:directory] || "/srv/#{name}" + version = params[:version] || Chef::Wordpress.current_version + database_name = params[:database_name] + database_user = params[:database_user] + database_password = params[:database_password] + database_prefix = params[:database_prefix] || "wp_" + + node.set_unless[:wordpress][:sites][name] = {} + + node.set[:wordpress][:sites][name][:directory] = directory + + node.set_unless[:wordpress][:sites][name][:auth_key] = random_password(64) + node.set_unless[:wordpress][:sites][name][:secure_auth_key] = random_password(64) + node.set_unless[:wordpress][:sites][name][:logged_in_key] = random_password(64) + node.set_unless[:wordpress][:sites][name][:nonce_key] = random_password(64) + node.set_unless[:wordpress][:sites][name][:auth_salt] = random_password(64) + node.set_unless[:wordpress][:sites][name][:secure_auth_salt] = random_password(64) + node.set_unless[:wordpress][:sites][name][:logged_in_salt] = random_password(64) + node.set_unless[:wordpress][:sites][name][:nonce_salt] = random_password(64) + + mysql_user "#{database_user}@localhost" do + password database_password + end + + mysql_database database_name do + permissions "#{database_user}@localhost" => :all + end + + directory directory do + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0755 + end + + subversion directory do + action :sync + repository "http://core.svn.wordpress.org/tags/#{version}" + user node[:wordpress][:user] + group node[:wordpress][:group] + ignore_failure true + notifies :reload, "service[apache2]" + end + + file "#{directory}/wp-config.php" do + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0644 + content_from_file "#{directory}/wp-config-sample.php" do |line| + line.gsub!(/database_name_here/, database_name) + line.gsub!(/username_here/, database_user) + line.gsub!(/password_here/, database_password) + line.gsub!(/wp_/, database_prefix) + + line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_key]}'") + line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_key]}'") + line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_key]}'") + line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_key]}'") + line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_salt]}'") + line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_salt]}'") + line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_salt]}'") + line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_salt]}'") + + if line =~ /define\('WP_DEBUG'/ + line += "\n" + line += "/**\n" + line += " * Don't allow file editing.\n" + line += " */\n" + line += "define('DISALLOW_FILE_EDIT', true);\n" + end + + line + end + notifies :reload, "service[apache2]" + end + + directory "#{directory}/wp-content/uploads" do + owner "www-data" + group "www-data" + mode 0755 + end + + file "#{directory}/sitemap.xml" do + owner "www-data" + group "www-data" + mode 0644 + end + + file "#{directory}/sitemap.xml.gz" do + owner "www-data" + group "www-data" + mode 0644 + end + + cookbook_file "#{directory}/googlefac54c35e800caab.html" do + cookbook "wordpress" + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0644 + backup false + end + + apache_site name do + cookbook "wordpress" + template "apache.erb" + directory directory + variables :aliases => aliases, :urls => urls + notifies :reload, "service[apache2]" + end + + http_request "http://#{name}/wp-admin/upgrade.php" do + action :nothing + url "http://#{name}/wp-admin/upgrade.php?step=1" + subscribes :get, "subversion[#{directory}]" + end +end diff --git a/cookbooks/wordpress/definitions/wordpress_theme.rb b/cookbooks/wordpress/definitions/wordpress_theme.rb new file mode 100644 index 000000000..efdcbe9b6 --- /dev/null +++ b/cookbooks/wordpress/definitions/wordpress_theme.rb @@ -0,0 +1,64 @@ +# +# Cookbook Name:: wordpress +# Definition:: wordpress_theme +# +# Copyright 2013, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :wordpress_theme, :action => [ :enable ] do + name = params[:name] + site = params[:site] + site_directory = node[:wordpress][:sites][site][:directory] + theme_directory = "#{site_directory}/wp-content/themes/#{name}" + source = params[:source] + + if source + remote_directory theme_directory do + cookbook "wordpress" + source source + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0755 + files_owner node[:wordpress][:user] + files_group node[:wordpress][:group] + files_mode 0644 + end + else + unless repository = params[:repository] + version = params[:version] || node[:wordpress][:plugins][name][:version] + repository = "http://themes.svn.wordpress.org/#{name}/#{version}" + end + + if repository =~ /\.git$/ + git theme_directory do + action :sync + repository repository + revision params[:revision] + user node[:wordpress][:user] + group node[:wordpress][:group] + notifies :reload, "service[apache2]" + end + else + subversion theme_directory do + action :sync + repository repository + user node[:wordpress][:user] + group node[:wordpress][:group] + ignore_failure repository.start_with?("http://themes.svn.wordpress.org/") + notifies :reload, "service[apache2]" + end + end + end +end diff --git a/cookbooks/wordpress/files/default/googlefac54c35e800caab.html b/cookbooks/wordpress/files/default/googlefac54c35e800caab.html new file mode 100644 index 000000000..550556d3d --- /dev/null +++ b/cookbooks/wordpress/files/default/googlefac54c35e800caab.html @@ -0,0 +1 @@ +google-site-verification: googlefac54c35e800caab.html diff --git a/cookbooks/wordpress/libraries/wordpress.rb b/cookbooks/wordpress/libraries/wordpress.rb new file mode 100644 index 000000000..8ebb1460c --- /dev/null +++ b/cookbooks/wordpress/libraries/wordpress.rb @@ -0,0 +1,43 @@ +require 'chef/mixin/command' + +class Chef + module Wordpress + extend Chef::Mixin::Command + + @api_responses = {} + @svn_responses = {} + + def self.current_version + core_version_check["offers"].first["current"] + end + + def self.current_plugin_version(name) + if svn_cat("http://plugins.svn.wordpress.org/#{name}/trunk/readme.txt") =~ /Stable tag:\s*([^\s\r]*)[\s\r]*/ + $1 + else + "trunk" + end + end + + private + + def self.core_version_check + api_get("http://api.wordpress.org/core/version-check/1.6") + end + + def self.api_get(url) + @api_responses[url] ||= ::PHP.unserialize(::HTTPClient.new.get_content(url)) + end + + def self.svn_cat(url) + unless @svn_responses[url] + status, stdout, stderr = output_of_command("svn cat #{url}", {}) + handle_command_failures(status, "STDOUT: #{stdout}\nSTDERR: #{stderr}", :output_on_failure => true) + + @svn_responses[url] = stdout.force_encoding("UTF-8") + end + + @svn_responses[url] + end + end +end diff --git a/cookbooks/wordpress/metadata.rb b/cookbooks/wordpress/metadata.rb new file mode 100644 index 000000000..440b8e40c --- /dev/null +++ b/cookbooks/wordpress/metadata.rb @@ -0,0 +1,9 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures Wordpress" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" +depends "chef" +depends "mysql" diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb new file mode 100644 index 000000000..36485d244 --- /dev/null +++ b/cookbooks/wordpress/recipes/default.rb @@ -0,0 +1,32 @@ +# +# Cookbook Name:: wordpress +# Recipe:: default +# +# Copyright 2013, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache" +include_recipe "chef::gems" +include_recipe "mysql" + +package "subversion" + +package "php5" +package "php5-mysql" + +package "php-apc" + +apache_module "php5" +apache_module "rewrite" diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb new file mode 100644 index 000000000..1af8f3bb3 --- /dev/null +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -0,0 +1,63 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + DocumentRoot <%= @directory %> +<% @urls.each do |url,directory| -%> + Alias <%= url %> <%= directory %> +<% end -%> + + php_admin_value open_basedir <%= @directory %>/:/usr/share/php/:/tmp/ + php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open" + php_value upload_max_filesize 70M + php_value post_max_size 100M + + > + RewriteEngine on + + RewriteRule ^wp-admin/includes/ - [F,L] + RewriteRule !^wp-includes/ - [S=3] + RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] + RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] + RewriteRule ^wp-includes/theme-compat/ - [F,L] + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule . /index.php [L] + Options -Indexes + + + /wp-config.php> + Order allow,deny + Deny from all + + + /uploads> + AllowOverride None + AddType text/plain .html .htm .shtml + php_admin_flag engine off + + + + Order allow,deny + Deny from all + + + + Order allow,deny + Deny from all + + + + Order allow,deny + Deny from all + +