From: Grant Slater Date: Tue, 1 Aug 2023 20:34:05 +0000 (+0100) Subject: Add clone civicrm-staging cookbook X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/2f1208a2f1796191ac32543b9b949d1c607dcd15 Add clone civicrm-staging cookbook --- diff --git a/.kitchen.yml b/.kitchen.yml index ad7fbe7c8..8e2603d2d 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,6 +22,7 @@ provisioner: chef_license: accept data_bags_path: test/data_bags slow_resource_report: true + clean_dokken_sandbox: true verifier: root_path: /opt/verifier @@ -81,6 +82,9 @@ suites: - name: civicrm run_list: - recipe[civicrm::default] + - name: civicrm-staging + run_list: + - recipe[civicrm-staging::default] - name: clamav run_list: - recipe[clamav::default] diff --git a/cookbooks/civicrm-staging/README.md b/cookbooks/civicrm-staging/README.md new file mode 100644 index 000000000..7b50ee6e7 --- /dev/null +++ b/cookbooks/civicrm-staging/README.md @@ -0,0 +1,4 @@ +# CiviCRM Cookbook + +This cookbook installs CiviCRM for Wordpress, and configures it for use with +join-staging.osmfoundation.org for OSMF memberships. diff --git a/cookbooks/civicrm-staging/attributes/default.rb b/cookbooks/civicrm-staging/attributes/default.rb new file mode 100644 index 000000000..6474cc900 --- /dev/null +++ b/cookbooks/civicrm-staging/attributes/default.rb @@ -0,0 +1,45 @@ +default[:civicrm_staging][:version] = "5.63.2" + +default[:civicrm_staging][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount" +default[:civicrm_staging][:extensions][:cividiscount][:repository] = "https://lab.civicrm.org/extensions/cividiscount.git" +default[:civicrm_staging][:extensions][:cividiscount][:revision] = "3.8.8" + +default[:civicrm_staging][:extensions][:osm][:name] = "de.systopia.osm" +default[:civicrm_staging][:extensions][:osm][:repository] = "https://github.com/systopia/de.systopia.osm.git" +default[:civicrm_staging][:extensions][:osm][:revision] = "1.3" + +default[:civicrm_staging][:extensions][:emailapi][:name] = "org.civicoop.emailapi" +default[:civicrm_staging][:extensions][:emailapi][:repository] = "https://lab.civicrm.org/extensions/emailapi.git" +default[:civicrm_staging][:extensions][:emailapi][:revision] = "2.9" + +default[:civicrm_staging][:extensions][:civiruleshttppost][:name] = "org.civicoop.civiruleshttppost" +default[:civicrm_staging][:extensions][:civiruleshttppost][:repository] = "https://github.com/CiviCooP/org.civicoop.civiruleshttppost.git" +default[:civicrm_staging][:extensions][:civiruleshttppost][:revision] = "e2c7de5f0fee319b9fca8adb1d1e122202bd2bec" + +default[:civicrm_staging][:extensions][:civirules][:name] = "org.civicoop.civirules" +default[:civicrm_staging][:extensions][:civirules][:repository] = "https://lab.civicrm.org/extensions/civirules.git" +default[:civicrm_staging][:extensions][:civirules][:revision] = "2.49" + +default[:civicrm_staging][:extensions][:mailchimp][:name] = "uk.co.vedaconsulting.mailchimp" +default[:civicrm_staging][:extensions][:mailchimp][:repository] = "https://github.com/veda-consulting/uk.co.vedaconsulting.mailchimp.git" +default[:civicrm_staging][:extensions][:mailchimp][:revision] = "0065ee6de2c2d653e49d10e9563349e8ffb1f9be" + +default[:civicrm_staging][:extensions][:username][:name] = "org.openstreetmap.username" +default[:civicrm_staging][:extensions][:username][:repository] = "https://github.com/grischard/org.openstreetmap.username.git" +default[:civicrm_staging][:extensions][:username][:revision] = "master" + +default[:civicrm_staging][:extensions][:donotsendreportemail][:name] = "org.civicrm.donotsendreportemail" +default[:civicrm_staging][:extensions][:donotsendreportemail][:repository] = "https://github.com/pradpnayak/org.civicrm.donotsendreportemail.git" +default[:civicrm_staging][:extensions][:donotsendreportemail][:revision] = "3b31c2e0c62183872c7ecd244395fb8dcfbd5dbb" + +default[:civicrm_staging][:extensions][:shoreditch][:name] = "org.civicrm.shoreditch" +default[:civicrm_staging][:extensions][:shoreditch][:repository] = "https://github.com/civicrm/org.civicrm.shoreditch.git" +default[:civicrm_staging][:extensions][:shoreditch][:revision] = "1.0.0-beta.12" + +default[:civicrm_staging][:extensions][:membershipextra][:name] = "com.skvare.membershipextra" +default[:civicrm_staging][:extensions][:membershipextra][:repository] = "https://github.com/lemniscus/com.skvare.membershipextra.git" +default[:civicrm_staging][:extensions][:membershipextra][:revision] = "1593911d6bfe184b45d59773fed27bab69cbb93a" + +default[:civicrm_staging][:extensions][:osmfverifycontributor][:name] = "osmf-verify-contributor" +default[:civicrm_staging][:extensions][:osmfverifycontributor][:repository] = "https://github.com/openstreetmap/osmf-verify-contributor.git" +default[:civicrm_staging][:extensions][:osmfverifycontributor][:revision] = "bb0cd61783033fb2e108c30e47224e5a818987f8" diff --git a/cookbooks/civicrm-staging/metadata.rb b/cookbooks/civicrm-staging/metadata.rb new file mode 100644 index 000000000..b32b136aa --- /dev/null +++ b/cookbooks/civicrm-staging/metadata.rb @@ -0,0 +1,10 @@ +name "civicrm-staging" +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache-2.0" +description "Installs and configures CiviCRM" + +version "1.0.0" +supports "ubuntu" +depends "wordpress" +depends "mysql" diff --git a/cookbooks/civicrm-staging/recipes/default.rb b/cookbooks/civicrm-staging/recipes/default.rb new file mode 100644 index 000000000..8a68c228f --- /dev/null +++ b/cookbooks/civicrm-staging/recipes/default.rb @@ -0,0 +1,208 @@ +# +# Cookbook:: civicrm +# Recipe:: default +# +# Copyright:: 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "wordpress" +include_recipe "mysql" + +package %w[ + php-xml + php-curl + rsync + wkhtmltopdf + php-bcmath + php-intl +] + +cache_dir = Chef::Config[:file_cache_path] + +passwords = data_bag_item("civicrm-staging", "passwords") +wp2fa_encrypt_keys = data_bag_item("civicrm-staging", "wp2fa_encrypt_keys") + +database_password = passwords["database"] +site_key = passwords["site_key"] +cred_keys = passwords["cred_keys"] +sign_keys = passwords["sign_keys"] + +mysql_user "civicrm-staging@localhost" do + password database_password +end + +mysql_database "civicrm-staging" do + permissions "civicrm-staging@localhost" => :all +end + +wordpress_site "join-staging.osmfoundation.org" do + aliases "crm-staging.osmfoundation.org" + database_name "civicrm-staging" + database_user "civicrm-staging" + database_password database_password + wp2fa_encrypt_key wp2fa_encrypt_keys["key"] + fpm_prometheus_port 11301 +end + +wordpress_theme "osmblog-wp-theme" do + site "join-staging.osmfoundation.org" + repository "https://github.com/osmfoundation/osmblog-wp-theme.git" +end + +wordpress_plugin "registration-honeypot" do + site "join-staging.osmfoundation.org" +end + +wordpress_plugin "contact-form-7" do + site "join-staging.osmfoundation.org" +end + +wordpress_plugin "civicrm-admin-utilities" do + site "join-staging.osmfoundation.org" +end + +civicrm_version = node[:civicrm_staging][:version] +civicrm_directory = "/srv/join-staging.osmfoundation.org/wp-content/plugins/civicrm" + +directory "/opt/civicrm-staging-#{civicrm_version}" do + owner "wordpress" + group "wordpress" + mode "755" +end + +remote_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do + action :create_if_missing + source "https://download.civicrm.org/civicrm-#{civicrm_version}-wordpress.zip" + owner "wordpress" + group "wordpress" + mode "644" + backup false +end + +remote_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do + action :create_if_missing + source "https://download.civicrm.org/civicrm-#{civicrm_version}-l10n.tar.gz" + owner "wordpress" + group "wordpress" + mode "644" + backup false +end + +archive_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do + action :nothing + destination "/opt/civicrm-staging-#{civicrm_version}" + overwrite true + owner "wordpress" + group "wordpress" + subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately +end + +archive_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do + action :nothing + destination "/opt/civicrm-staging-#{civicrm_version}/civicrm" + overwrite true + owner "wordpress" + group "wordpress" + subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately +end + +execute "/opt/civicrm-staging-#{civicrm_version}/civicrm" do + action :nothing + command "rsync --archive --delete /opt/civicrm-staging-#{civicrm_version}/civicrm/ #{civicrm_directory}" + user "wordpress" + group "wordpress" + subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately + subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately +end + +directory "/srv/join-staging.osmfoundation.org/wp-content/uploads" do + owner "www-data" + group "www-data" + mode "755" +end + +extensions_directory = "/srv/join-staging.osmfoundation.org/wp-content/plugins/civicrm-extensions" + +directory extensions_directory do + owner "wordpress" + group "wordpress" + mode "755" +end + +node[:civicrm_staging][:extensions].each_value do |details| + git "#{extensions_directory}/#{details[:name]}" do + action :sync + repository details[:repository] + revision details[:revision] + user "wordpress" + group "wordpress" + end +end + +settings = edit_file "#{civicrm_directory}/civicrm/templates/CRM/common/civicrm.settings.php.template" do |line| + line.gsub!(/%%cms%%/, "WordPress") + line.gsub!(/%%CMSdbUser%%/, "civicrm-staging") + line.gsub!(/%%CMSdbPass%%/, database_password) + line.gsub!(/%%CMSdbHost%%/, "localhost") + line.gsub!(/%%CMSdbName%%/, "civicrm-staging") + line.gsub!(/%%dbUser%%/, "civicrm-staging") + line.gsub!(/%%dbPass%%/, database_password) + line.gsub!(/%%dbHost%%/, "localhost") + line.gsub!(/%%dbName%%/, "civicrm-staging") + line.gsub!(/%%crmRoot%%/, "#{civicrm_directory}/civicrm/") + line.gsub!(/%%templateCompileDir%%/, "/srv/join-staging.osmfoundation.org/wp-content/uploads/civicrm/templates_c/") + line.gsub!(/%%baseURL%%/, "http://join-staging.osmfoundation.org/") + line.gsub!(/%%siteKey%%/, site_key) + line.gsub!(/%%credKeys%%/, cred_keys) + line.gsub!(/%%signKeys%%/, sign_keys) + line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/join-staging.osmfoundation.org');") + + line +end + +file "#{civicrm_directory}/civicrm.settings.php" do + owner "wordpress" + group "wordpress" + mode "644" + content settings +end + +# systemd_service "osmf-crm-staging-jobs" do +# description "Run CRM staging jobs" +# exec_start "/usr/bin/php #{civicrm_directory}/civicrm/bin/cli.php -s join-staging.osmfoundation.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute" +# user "www-data" +# sandbox :enable_network => true +# memory_deny_write_execute false +# restrict_address_families "AF_UNIX" +# read_write_paths "/srv/join-staging.osmfoundation.org/wp-content/uploads/civicrm" +# end + +# systemd_timer "osmf-crm-staging-jobs" do +# description "Run CRM staging jobs" +# on_boot_sec "15m" +# on_unit_inactive_sec "15m" +# end + +# service "osmf-crm-jobs-staging.timer" do +# action [:enable, :start] +# end + +# template "/etc/cron.daily/osmf-crm-staging-backup" do +# source "backup.cron.erb" +# owner "root" +# group "root" +# mode "750" +# variables :passwords => passwords +# end diff --git a/cookbooks/civicrm-staging/templates/default/backup.cron.erb b/cookbooks/civicrm-staging/templates/default/backup.cron.erb new file mode 100644 index 000000000..13457a64f --- /dev/null +++ b/cookbooks/civicrm-staging/templates/default/backup.cron.erb @@ -0,0 +1,21 @@ +#!/bin/sh + +# DO NOT EDIT - This file is being maintained by Chef + +T=$(mktemp -d -t -p /var/tmp osmf-crm-staging.XXXXXXXXXX) +D=$(date +%Y-%m-%d) +B=osmf-crm-staging-$D.tar.gz + +mkdir $T/osmf-crm-staging-$D +echo '[mysqldump]' > $T/mysqldump.opts +echo 'user=civicrm-staging' >> $T/mysqldump.opts +echo 'password=<%= @passwords["database"] %>' >> $T/mysqldump.opts +mysqldump --defaults-file=$T/mysqldump.opts --opt --skip-lock-tables --no-tablespaces civicrm-staging > $T/osmf-crm-staging-$D/civicrm-staging.sql +ln -s /srv/join-staging.osmfoundation.org $T/osmf-crm-staging-$D/www + +export RSYNC_RSH="ssh -ax" + +nice tar --create --dereference --directory=$T osmf-crm-staging-$D | nice gzip --rsyncable -9 > $T/$B +nice rsync --preallocate --fuzzy $T/$B backup::backup + +rm -rf $T diff --git a/roles/crm-staging.rb b/roles/crm-staging.rb new file mode 100644 index 000000000..5b1271eb7 --- /dev/null +++ b/roles/crm-staging.rb @@ -0,0 +1,44 @@ +name "crm-staging" +description "Role applied to CRM staging server" + +default_attributes( + :accounts => { + :users => { + :stereo => { :status => :administrator } + } + }, + :exim => { + :smarthost_name => "no-such-domain.openstreetmap.org", + # :local_domains => ["join.osmfoundation.org"], + # :routes => { + # :join_return => { + # :comment => "return@join.osmfoundation.org", + # :domains => ["join.osmfoundation.org"], + # :local_parts => ["return"], + # :maildir => "/var/mail/crm-return", + # :user => "www-data", + # :group => "mail" + # }, + # :join_mail => { + # :comment => "mail@join.osmfoundation.org", + # :domains => ["join.osmfoundation.org"], + # :local_parts => ["mail"], + # :maildir => "/var/mail/crm-mail", + # :user => "www-data", + # :group => "mail" + # } + # }, + :trusted_users => ["www-data"] + }, + :mysql => { + :settings => { + :mysqld => { + :log_bin_trust_function_creators => 1 + } + } + } +) + +run_list( + "recipe[civicrm-staging]" +) diff --git a/test/data_bags/civicrm-staging/passwords.json b/test/data_bags/civicrm-staging/passwords.json new file mode 100644 index 000000000..bcd1ad409 --- /dev/null +++ b/test/data_bags/civicrm-staging/passwords.json @@ -0,0 +1,9 @@ +{ + "id": "passwords", + "database": "database-password", + "admin": "admin-password", + "site_key": "site_key", + "cred_keys": "cred_keys", + "sign_keys": "sign_keys", + "batch": "batch" +} diff --git a/test/data_bags/civicrm-staging/wp2fa_encrypt_keys.json b/test/data_bags/civicrm-staging/wp2fa_encrypt_keys.json new file mode 100644 index 000000000..bfca5cd03 --- /dev/null +++ b/test/data_bags/civicrm-staging/wp2fa_encrypt_keys.json @@ -0,0 +1,4 @@ +{ + "id": "wp2fa_encrypt_keys", + "key": "iPWRI6ZJ6Q0CuLA8+FsVQw==" +} diff --git a/test/integration/civicrm-staging/serverspec/apache_spec.rb b/test/integration/civicrm-staging/serverspec/apache_spec.rb new file mode 100644 index 000000000..dcd625ae5 --- /dev/null +++ b/test/integration/civicrm-staging/serverspec/apache_spec.rb @@ -0,0 +1,21 @@ +require "serverspec" + +# Required by serverspec +set :backend, :exec + +describe package("apache2") do + it { should be_installed } +end + +describe service("apache2") do + it { should be_enabled } + it { should be_running } +end + +describe port(80) do + it { should be_listening.with("tcp6") } +end + +describe port(443) do + it { should be_listening.with("tcp6") } +end