Commit 8aa1bd86 authored by mh's avatar mh
Browse files

introduce a wordpress update script

parent 34bdabc6
#!/bin/env ruby
## methods required by commons
# which option entries beside sftp_user does
# this script need?
def script_option_keys
['webdir']
end
# further settings files used by this script
def script_settings_files_def
{
'update_wordpress.dir' => {
'wp_directory' => '.'
}
}
end
# verify security related things to that script
def script_security
security_fail("Webdir #{options['webdir']} does not exist. Please fix!") unless File.directory?(options['webdir'])
end
# the main method
def run_script
log "Starting wordpress upgrade"
upgrade_wordpress
log "Finished wordpress upgrade"
end
## script specific methods
def wp_directory
@wp_directory ||= load_directory['wp_directory']
end
def file_ist
@file_list ||= "/tmp/#{Process.pid}_#{(0...32).map{65.+(rand(26)).chr}.join('')}"
end
# sanitize that we only get directories
# within the webdirectory. So no one
# can do anything dirty.
def load_directory
load_file('update_wordpress.dirs',['wp_directory']).inject({}) do |res,items|
k,item = items
res[k] = begin
path = File.expand_path(File.join(options['webdir'],item))
if !File.exists?(path) || !File.directory?(path)
log "#{path} is not a directory or doesn't exist. Skipping..."
nil
elsif path.start_with?("#{options['webdir']}")
path
else
log "#{path} is outside the webdir #{options['webdir']}, so we're dropping it"
nil
end
end.flatten.compact
res
end
end
def upgrade_wordpress
# chowns all run user files to the sftp user
# to ensure that we can run the upgrade
sudo(run_user_uid,group_gid) do
cmd("find #{shellescape(path)} -user #{options['run_user']} -type d > #{file_list}")
cmd("find #{shellescape(path)} -user #{options['run_user']} -type f >> #{file_list}")
end
on_filelist(File.read(file_list),run_user_uid) do |p|
FileUtils.chown( options['sftp_user'], options['group'], p)
end
File.delete(file_list)
# run the upgrade as sftp user
sudo(sftp_user_uid,group_gid) do
cmd("/usr/local/sbin/upgrade_wordpress #{shellescape(wp_directory)}")
end
log "Upgrade wordpress in #{wp_directory}"
rescue => e
log "Error while upgrading wordpress in #{wp_directory}: #{e.message}"
end
# this will also trigger the run of the script
require "#{File.expand_path(File.join(File.dirname(__FILE__),'..','common','webscripts'))}"
# manage webhosting scripts for a certain webhosting
define webhosting::user_scripts::manage(
$ensure = 'present',
$base_path = 'absent',
$scripts = 'ALL',
$sftp_user,
$run_user,
$web_group,
$options = {},
$user_scripts_help = 'https://wiki.immerda.ch/index.php/WebhostingUserScripts',
$ensure = 'present',
$base_path = 'absent',
$scripts = 'ALL',
$options = {},
$user_scripts_help = 'https://wiki.immerda.ch/index.php/WebhostingUserScripts',
$user_scripts_admin_address = 'admin@immerda.ch'
){
$scripts_path = $base_path ? {
......@@ -17,59 +18,64 @@ define webhosting::user_scripts::manage(
$default_options = {
'adjust_permissions' => {
'only_webreadable' => [],
'web_writable' => []
}
'web_writable' => [],
},
}
$user_scripts_options = merge($default_options,$options)
file{
"user_scripts_${name}":
path => $scripts_path,
recurse => true,
purge => true,
force => true;
path => $scripts_path,
recurse => true,
purge => true,
force => true;
"incron_adjust_permissions_${name}":
path => "/etc/incron.d/${name}_adjust_permissions";
path => "/etc/incron.d/${name}_adjust_permissions";
"incron_update_mode_${name}":
path => "/etc/incron.d/${name}_update_mode";
path => "/etc/incron.d/${name}_update_mode";
}
if ($ensure == 'absent') {
File["user_scripts_${name}","incron_adjust_permissions_${name}","incron_update_mode_${name}"]{
ensure => 'absent',
File["user_scripts_${name}","incron_adjust_permissions_${name}",
"incron_update_mode_${name}"]{
ensure => 'absent',
}
} else {
require ::webhosting::user_scripts
File["user_scripts_${name}"]{
ensure => directory,
owner => root,
group => $web_group,
mode => 0440
owner => root,
group => $web_group,
mode => '0440',
}
file{ "${scripts_path}/vhost.options":
content => template('webhosting/user_scripts/vhost.options.erb'),
owner => root, group => $web_group, mode => 0440
content => template('webhosting/user_scripts/vhost.options.erb'),
owner => root,
group => $web_group,
mode => '0440';
}
if ('adjust_permissions' in $scripts) or ($scripts == 'ALL') {
file{
"${scripts_path}/adjust_permissions":
ensure => directory,
owner => $sftp_user, group => $web_group, mode => 0600;
ensure => directory,
owner => $sftp_user,
group => $web_group,
mode => '0600';
"${scripts_path}/adjust_permissions/adjust_permissions.dirs":
content => template('webhosting/user_scripts/adjust_permissions/adjust_permissions.dirs.erb'),
replace => false,
owner => $sftp_user, group => $web_group, mode => 0600;
"${scripts_path}/adjust_permissions/adjust_permissions.options":
ensure => absent;
owner => $sftp_user,
group => $web_group,
mode => '0600';
}
File["incron_adjust_permissions_${name}"] {
content => "${scripts_path}/adjust_permissions/ IN_CREATE /opt/webhosting_user_scripts/common/run_incron.sh \$@ \$#\n",
owner => root,
group => 0,
mode => 0400,
owner => root,
group => 0,
mode => '0400',
require => File["${scripts_path}/adjust_permissions"],
}
} else {
......@@ -77,17 +83,46 @@ define webhosting::user_scripts::manage(
ensure => 'absent',
}
}
if ('update_wordpress' in $scripts) or ($scripts == 'ALL') {
require wordpress::base
file{
"${scripts_path}/update_wordpress":
ensure => directory,
owner => $sftp_user,
group => $web_group,
mode => '0600';
"${scripts_path}/update_wordpress/update_wordpress.dir":
content => template('webhosting/user_scripts/update_wordpress/update_wordpress.dir.erb'),
replace => false,
owner => $sftp_user,
group => $web_group,
mode => '0600';
}
File["incron_update_wordpress_${name}"] {
content => "${scripts_path}/update_wordpress/ IN_CREATE /opt/webhosting_user_scripts/common/run_incron.sh \$@ \$#\n",
owner => root,
group => 0,
mode => '0400',
require => File["${scripts_path}/update_wordpress"],
}
} else {
File["incron_update_wordpress_${name}"]{
ensure => 'absent',
}
}
if ('update_mode' in $scripts) or ($scripts == 'ALL') {
file{
"${scripts_path}/update_mode":
ensure => directory,
owner => $sftp_user, group => $web_group, mode => 0600;
owner => $sftp_user,
group => $web_group,
mode => '0600';
}
File["incron_update_mode_${name}"] {
content => "${scripts_path}/update_mode/ IN_CREATE /opt/webhosting_user_scripts/common/run_incron.sh \$@ \$#\n",
owner => root,
group => 0,
mode => 0400,
owner => root,
group => 0,
mode => '0400',
require => File["${scripts_path}/update_mode"],
}
} else {
......
# The update_wordpress script easily updates
# a wordpress installation for your.
# It will first backup your installation, then
# update the core, all plugins, themes and so on.
#
# This configuration file allows you to configure
# the location if your wordpress installation.
# NOTE: this must be a relative path to your www/
# directory!
# In most of the times you don't need to adjust
# the only allowed option `wp_directory`.
---
wp_directory: '.'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment