From 4f94ccf583d86093b3756f5999de5bfcdff99895 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sat, 14 Feb 2015 16:17:24 +0000 Subject: [PATCH 1/1] Convert wordpress_site to an LWRP --- cookbooks/blog/recipes/default.rb | 6 +- cookbooks/chef/libraries/edit_file.rb | 18 +- cookbooks/switch2osm/recipes/default.rb | 2 +- cookbooks/wordpress/.foodcritic | 2 +- .../wordpress/definitions/wordpress_site.rb | 163 --------------- cookbooks/wordpress/providers/site.rb | 194 ++++++++++++++++++ cookbooks/wordpress/resources/site.rb | 38 ++++ 7 files changed, 249 insertions(+), 174 deletions(-) delete mode 100644 cookbooks/wordpress/definitions/wordpress_site.rb create mode 100644 cookbooks/wordpress/providers/site.rb create mode 100644 cookbooks/wordpress/resources/site.rb diff --git a/cookbooks/blog/recipes/default.rb b/cookbooks/blog/recipes/default.rb index 41970b977..e5fb6f477 100644 --- a/cookbooks/blog/recipes/default.rb +++ b/cookbooks/blog/recipes/default.rb @@ -28,9 +28,9 @@ directory "/srv/blog.openstreetmap.org" do end wordpress_site "blog.openstreetmap.org" do - aliases "blog.osm.org", "blog.openstreetmap.com", - "blog.openstreetmap.net", "blog.openstreetmaps.org", - "blog.osmfoundation.org" + aliases ["blog.osm.org", "blog.openstreetmap.com", + "blog.openstreetmap.net", "blog.openstreetmaps.org", + "blog.osmfoundation.org"] ssl_enabled true directory "/srv/blog.openstreetmap.org/wp" database_name "osm-blog" diff --git a/cookbooks/chef/libraries/edit_file.rb b/cookbooks/chef/libraries/edit_file.rb index a3c892d71..6260c8a40 100644 --- a/cookbooks/chef/libraries/edit_file.rb +++ b/cookbooks/chef/libraries/edit_file.rb @@ -1,11 +1,17 @@ class Chef - class Recipe - def edit_file(file, &block) - Chef::DelayedEvaluator.new do - ::File.new(file).collect do |line| - block.call(line) - end.join("") + module Mixin + module EditFile + def edit_file(file, &block) + Chef::DelayedEvaluator.new do + ::File.new(file).collect do |line| + block.call(line) + end.join("") + end end end end + + class Recipe + include Chef::Mixin::EditFile + end end diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb index 97a1d9530..45eb7f03e 100644 --- a/cookbooks/switch2osm/recipes/default.rb +++ b/cookbooks/switch2osm/recipes/default.rb @@ -22,7 +22,7 @@ include_recipe "wordpress" passwords = data_bag_item("switch2osm", "passwords") wordpress_site "switch2osm.org" do - aliases "www.switch2osm.org", "switch2osm.com", "www.switch2osm.com" + aliases ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"] directory "/srv/switch2osm.org" database_name "switch2osm-blog" database_user "switch2osm-user" diff --git a/cookbooks/wordpress/.foodcritic b/cookbooks/wordpress/.foodcritic index c69240694..3907cff00 100644 --- a/cookbooks/wordpress/.foodcritic +++ b/cookbooks/wordpress/.foodcritic @@ -1 +1 @@ -~FC001 ~FC015 +~FC001 diff --git a/cookbooks/wordpress/definitions/wordpress_site.rb b/cookbooks/wordpress/definitions/wordpress_site.rb deleted file mode 100644 index 08aac28a3..000000000 --- a/cookbooks/wordpress/definitions/wordpress_site.rb +++ /dev/null @@ -1,163 +0,0 @@ -# -# Cookbook Name:: wordpress -# Definition:: wordpress_site -# -# Copyright 2013, OpenStreetMap Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -define :wordpress_site, :action => [:create, :enable] do - name = params[:name] - ssl_enabled = params[:ssl_enabled] || false - ssl_certificate = params[:ssl_certificate] - aliases = Array(params[:aliases]) - urls = Array(params[:urls]) - directory = params[:directory] || "/srv/#{name}" - version = params[:version] || Chef::Wordpress.current_version - database_name = params[:database_name] - database_user = params[:database_user] - database_password = params[:database_password] - database_prefix = params[:database_prefix] || "wp_" - - node.set_unless[:wordpress][:sites][name] = {} - - node.set[:wordpress][:sites][name][:directory] = directory - - node.set_unless[:wordpress][:sites][name][:auth_key] = random_password(64) - node.set_unless[:wordpress][:sites][name][:secure_auth_key] = random_password(64) - node.set_unless[:wordpress][:sites][name][:logged_in_key] = random_password(64) - node.set_unless[:wordpress][:sites][name][:nonce_key] = random_password(64) - node.set_unless[:wordpress][:sites][name][:auth_salt] = random_password(64) - node.set_unless[:wordpress][:sites][name][:secure_auth_salt] = random_password(64) - node.set_unless[:wordpress][:sites][name][:logged_in_salt] = random_password(64) - node.set_unless[:wordpress][:sites][name][:nonce_salt] = random_password(64) - - mysql_user "#{database_user}@localhost" do - password database_password - end - - mysql_database database_name do - permissions "#{database_user}@localhost" => :all - end - - directory directory do - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0755 - end - - subversion directory do - action :sync - repository "http://core.svn.wordpress.org/tags/#{version}" - user node[:wordpress][:user] - group node[:wordpress][:group] - ignore_failure true - notifies :reload, "service[apache2]" - end - - wp_config = edit_file "#{directory}/wp-config-sample.php" do |line| - line.gsub!(/database_name_here/, database_name) - line.gsub!(/username_here/, database_user) - line.gsub!(/password_here/, database_password) - line.gsub!(/wp_/, database_prefix) - - line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_key]}'") - line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_key]}'") - line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_key]}'") - line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_key]}'") - line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_salt]}'") - line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_salt]}'") - line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_salt]}'") - line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_salt]}'") - - if line =~ /define\('WP_DEBUG'/ - line += "\n" - line += "/**\n" - line += " * Don't allow file editing.\n" - line += " */\n" - line += "define('DISALLOW_FILE_EDIT', true);\n" - if ssl_enabled - line += "define('FORCE_SSL_LOGIN', true);\n" - line += "define('FORCE_SSL_ADMIN', true);\n" - end - end - - line - end - - file "#{directory}/wp-config.php" do - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0644 - content wp_config - notifies :reload, "service[apache2]" - end - - directory "#{directory}/wp-content/uploads" do - owner "www-data" - group "www-data" - mode 0755 - end - - file "#{directory}/sitemap.xml" do - action :delete - end - - file "#{directory}/sitemap.xml.gz" do - action :delete - end - - cookbook_file "#{directory}/googlefac54c35e800caab.html" do - cookbook "wordpress" - owner node[:wordpress][:user] - group node[:wordpress][:group] - mode 0644 - backup false - end - - apache_site name do - cookbook "wordpress" - template "apache.erb" - directory directory - variables :aliases => aliases, :urls => urls, - :ssl_enabled => ssl_enabled, :ssl_certificate => ssl_certificate - notifies :reload, "service[apache2]" - end - - http_request "http://#{name}/wp-admin/upgrade.php" do - action :nothing - url "http://#{name}/wp-admin/upgrade.php?step=1" - subscribes :get, "subversion[#{directory}]" - end - - wordpress_plugin "wp-fail2ban" do - site name - end - - script "#{directory}/wp-content/plugins/wp-fail2ban" do - action :nothing - interpreter "php" - cwd directory - user "wordpress" - code <<-EOS - - EOS - subscribes :run, "subversion[#{directory}/wp-content/plugins/wp-fail2ban]" - end -end diff --git a/cookbooks/wordpress/providers/site.rb b/cookbooks/wordpress/providers/site.rb new file mode 100644 index 000000000..9ed0697c2 --- /dev/null +++ b/cookbooks/wordpress/providers/site.rb @@ -0,0 +1,194 @@ +# +# Cookbook Name:: wordpress +# Provider:: wordpress_site +# +# Copyright 2015, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "securerandom" + +include Chef::Mixin::EditFile + +def whyrun_supported? + true +end + +use_inline_resources + +action :create do + version = new_resource.version || Chef::Wordpress.current_version + + node.set_unless[:wordpress][:sites][new_resource.name] = {} + + node.set[:wordpress][:sites][new_resource.name][:directory] = site_directory + + node.set_unless[:wordpress][:sites][new_resource.name][:auth_key] = SecureRandom.base64(48) + node.set_unless[:wordpress][:sites][new_resource.name][:secure_auth_key] = SecureRandom.base64(48) + node.set_unless[:wordpress][:sites][new_resource.name][:logged_in_key] = SecureRandom.base64(48) + node.set_unless[:wordpress][:sites][new_resource.name][:nonce_key] = SecureRandom.base64(48) + node.set_unless[:wordpress][:sites][new_resource.name][:auth_salt] = SecureRandom.base64(48) + node.set_unless[:wordpress][:sites][new_resource.name][:secure_auth_salt] = SecureRandom.base64(48) + node.set_unless[:wordpress][:sites][new_resource.name][:logged_in_salt] = SecureRandom.base64(48) + node.set_unless[:wordpress][:sites][new_resource.name][:nonce_salt] = SecureRandom.base64(48) + + mysql_user "#{new_resource.database_user}@localhost" do + password new_resource.database_password + end + + mysql_database new_resource.database_name do + permissions "#{new_resource.database_user}@localhost" => :all + end + + directory site_directory do + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0755 + end + + subversion site_directory do + action :sync + repository "http://core.svn.wordpress.org/tags/#{version}" + user node[:wordpress][:user] + group node[:wordpress][:group] + ignore_failure true + end + + wp_config = edit_file "#{site_directory}/wp-config-sample.php" do |line| + line.gsub!(/database_name_here/, new_resource.database_name) + line.gsub!(/username_here/, new_resource.database_user) + line.gsub!(/password_here/, new_resource.database_password) + line.gsub!(/wp_/, new_resource.database_prefix) + + line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:auth_key]}'") + line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:secure_auth_key]}'") + line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:logged_in_key]}'") + line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:nonce_key]}'") + line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:auth_salt]}'") + line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:secure_auth_salt]}'") + line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:logged_in_salt]}'") + line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.name][:nonce_salt]}'") + + if line =~ /define\('WP_DEBUG'/ + line += "\n" + line += "/**\n" + line += " * Don't allow file editing.\n" + line += " */\n" + line += "define('DISALLOW_FILE_EDIT', true);\n" + if new_resource.ssl_enabled + line += "define('FORCE_SSL_LOGIN', true);\n" + line += "define('FORCE_SSL_ADMIN', true);\n" + end + end + + line + end + + file "#{site_directory}/wp-config.php" do + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0644 + content wp_config + end + + directory "#{site_directory}/wp-content/uploads" do + owner "www-data" + group "www-data" + mode 0755 + end + + file "#{site_directory}/sitemap.xml" do + action :delete + end + + file "#{site_directory}/sitemap.xml.gz" do + action :delete + end + + cookbook_file "#{site_directory}/googlefac54c35e800caab.html" do + cookbook "wordpress" + owner node[:wordpress][:user] + group node[:wordpress][:group] + mode 0644 + backup false + end + + apache_site new_resource.name do + cookbook "wordpress" + template "apache.erb" + directory site_directory + variables :aliases => Array(new_resource.aliases), + :urls => new_resource.urls, + :ssl_enabled => new_resource.ssl_enabled, + :ssl_certificate => new_resource.ssl_certificate + reload_apache false + end + + http_request "http://#{new_resource.name}/wp-admin/upgrade.php" do + action :nothing + url "http://#{new_resource.name}/wp-admin/upgrade.php?step=1" + subscribes :get, "subversion[#{site_directory}]" + end + + wordpress_plugin "wp-fail2ban" do + site new_resource.name + reload_apache false + end + + script "#{site_directory}/wp-content/plugins/wp-fail2ban" do + action :nothing + interpreter "php" + cwd site_directory + user "wordpress" + code <<-EOS + + EOS + subscribes :run, "wordpress_plugin[wp-fail2ban]" + end +end + +action :delete do + wordpress_plugin "wp-fail2ban" do + action :delete + site new_resource.name + reload_apache false + end + + apache_site new_resource.name do + action :delete + reload_apache false + end + + directory site_directory do + action :delete + recursive true + end + + mysql_database new_resource.database_name do + action :drop + end + + mysql_user "#{new_resource.database_user}@localhost" do + action :drop + end +end + +def site_directory + new_resource.directory || "/srv/#{new_resource.name}" +end diff --git a/cookbooks/wordpress/resources/site.rb b/cookbooks/wordpress/resources/site.rb new file mode 100644 index 000000000..4e712da34 --- /dev/null +++ b/cookbooks/wordpress/resources/site.rb @@ -0,0 +1,38 @@ +# +# Cookbook Name:: wordpress +# Resource:: wordpress_site +# +# Copyright 2015, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :create, :delete +default_action :create + +attribute :name, :kind_of => String, :name_attribute => true +attribute :aliases, :kind_of => [String, Array] +attribute :directory, :kind_of => String +attribute :version, :kind_of => String +attribute :database_name, :kind_of => String, :required => true +attribute :database_user, :kind_of => String, :required => true +attribute :database_password, :kind_of => String, :required => true +attribute :database_prefix, :kind_of => String, :default => "wp_" +attribute :ssl_enabled, :kind_of => [TrueClass, FalseClass], :default => false +attribute :ssl_certificate, :kind_of => String +attribute :urls, :kind_of => Hash, :default => {} +attribute :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true + +def after_created + notifies :reload, "service[apache2]" if reload_apache +end -- 2.43.2