def update_site_core(project='pantheon', keep=None):
"""Update Drupal core (from Drupal or Pressflow, to latest Pressflow).
keep: Option when merge fails:
'ours': Keep local changes when there are conflicts.
'theirs': Keep upstream changes when there are conflicts.
'force': Leave failed merge in working-tree (manual resolve).
None: Reset to ORIG_HEAD if merge fails.
"""
updater = update.Updater(project, 'dev')
try:
result = updater.core_update(keep)
updater.drupal_updatedb()
updater.permissions_update()
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateCore')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateCore')
postback.write_build_data('update_site_core', result)
if result['merge'] == 'success':
# Send drupal version information.
status.drupal_update_status(project)
status.git_repo_status(project)
def update_site_core(project='pantheon', keep=None):
"""Update Drupal core (from Drupal or Pressflow, to latest Pressflow).
keep: Option when merge fails:
'ours': Keep local changes when there are conflicts.
'theirs': Keep upstream changes when there are conflicts.
'force': Leave failed merge in working-tree (manual resolve).
None: Reset to ORIG_HEAD if merge fails.
"""
updater = update.Updater(project, 'dev')
try:
result = updater.core_update(keep)
updater.drupal_updatedb()
updater.permissions_update()
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateCore')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateCore')
postback.write_build_data('update_site_core', result)
if result['merge'] == 'success':
# Send drupal version information.
status.drupal_update_status(project)
status.git_repo_status(project)
def remove_backup(archive):
try:
backup.remove(archive)
except:
jenkinstools.junit_error(traceback.format_exc(), 'RemoveBackup')
raise
else:
jenkinstools.junit_pass('Removal successful.', 'RemoveBackup')
def remove_backup(archive):
try:
backup.remove(archive)
except:
jenkinstools.junit_error(traceback.format_exc(), 'RemoveBackup')
raise
else:
jenkinstools.junit_pass('Removal successful.', 'RemoveBackup')
def git_status(project, environment):
"""Return git status
"""
updater = update.Updater(project, environment)
try:
updater.run_command('git status')
except:
jenkinstools.junit_error(traceback.format_exc(), 'GitStatus')
raise
else:
jenkinstools.junit_pass('', 'GitStatus')
def git_status(project, environment):
"""Return git status
"""
updater = update.Updater(project, environment)
try:
updater.run_command('git status')
except:
jenkinstools.junit_error(traceback.format_exc(), 'GitStatus')
raise
else:
jenkinstools.junit_pass('', 'GitStatus')
def update_files(project, environment, source_env):
"""Update the files in project/environment using files from source_env.
"""
updater = update.Updater(project, environment)
try:
updater.files_update(source_env)
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateFiles')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateFiles')
def update_files(project, environment, source_env):
"""Update the files in project/environment using files from source_env.
"""
updater = update.Updater(project, environment)
try:
updater.files_update(source_env)
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateFiles')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateFiles')
def rebuild_environment(project, environment):
"""Rebuild the project/environment with files and data from 'live'.
"""
updater = update.Updater(project, environment)
try:
updater.files_update('live')
updater.data_update('live')
except:
jenkinstools.junit_error(traceback.format_exc(), 'RebuildEnv')
raise
else:
jenkinstools.junit_pass('Rebuild successful.', 'RebuildEnv')
def rebuild_environment(project, environment):
"""Rebuild the project/environment with files and data from 'live'.
"""
updater = update.Updater(project, environment)
try:
updater.files_update('live')
updater.data_update('live')
except:
jenkinstools.junit_error(traceback.format_exc(), 'RebuildEnv')
raise
else:
jenkinstools.junit_pass('Rebuild successful.', 'RebuildEnv')
def backup_site(archive_name, project='pantheon'):
archive = backup.PantheonBackup(archive_name, project)
try:
archive.backup_files()
archive.backup_data()
archive.backup_repo()
archive.backup_config(version=0)
archive.make_archive()
archive.move_archive()
archive.cleanup()
except:
jenkinstools.junit_error(traceback.format_exc(), 'BackupSite')
raise
else:
jenkinstools.junit_pass('Backup successful.', 'BackupSite')
def backup_site(archive_name, project='pantheon'):
archive = backup.PantheonBackup(archive_name, project)
try:
archive.backup_files()
archive.backup_data()
archive.backup_repo()
archive.backup_config(version=0)
archive.make_archive()
archive.move_archive()
archive.cleanup()
except:
jenkinstools.junit_error(traceback.format_exc(), 'BackupSite')
raise
else:
jenkinstools.junit_pass('Backup successful.', 'BackupSite')
def install_site(project='pantheon', profile='pantheon', version=6, **kw):
""" Create a new Drupal installation.
project: Installation namespace.
profile: The installation type (e.g. pantheon/openatrium)
version: Major drupal version.
"""
data = {'profile': profile, 'project': project, 'version': version}
handler = _get_profile_handler(**data)
try:
handler.build(**data)
except:
jenkinstools.junit_error(traceback.format_exc(), 'InstallSite')
raise
else:
jenkinstools.junit_pass('', 'InstallSite')
def configure():
'''configure the Pantheon system.'''
server = pantheon.PantheonServer()
try:
_test_for_previous_run()
_check_connectivity(server)
_configure_certificates()
_configure_server(server)
_configure_postfix(server)
_restart_services(server)
_configure_iptables(server)
_configure_git_repo()
_mark_incep(server)
_report()
except:
jenkinstools.junit_error(traceback.format_exc(), 'Configure')
raise
else:
jenkinstools.junit_pass('Configure successful.', 'Configure')
def onramp_site(project='pantheon', url=None, profile=None, **kw):
"""Create a new Drupal installation.
project: Installation namespace.
profile: The installation type (e.g. pantheon/openatrium)
**kw: Optional dictionary of values to process on installation.
"""
archive = onramp.download(url)
location = onramp.extract(archive)
handler = _get_handler(profile, project, location)
try:
handler.build(location)
except:
jenkinstools.junit_error(traceback.format_exc(), 'OnrampSite')
raise
else:
jenkinstools.junit_pass('', 'OnrampSite')
def configure():
'''configure the Pantheon system.'''
server = pantheon.PantheonServer()
try:
_test_for_previous_run()
_check_connectivity(server)
_configure_certificates()
_configure_server(server)
_configure_postfix(server)
_restart_services(server)
_configure_iptables(server)
_configure_git_repo()
_mark_incep(server)
_report()
except:
jenkinstools.junit_error(traceback.format_exc(), 'Configure')
raise
else:
jenkinstools.junit_pass('Configure successful.', 'Configure')
def onramp_site(project='pantheon', url=None, profile=None, **kw):
"""Create a new Drupal installation.
project: Installation namespace.
profile: The installation type (e.g. pantheon/openatrium)
**kw: Optional dictionary of values to process on installation.
"""
archive = onramp.download(url)
location = onramp.extract(archive)
handler = _get_handler(profile, project, location)
try:
handler.build(location)
except:
jenkinstools.junit_error(traceback.format_exc(), 'OnrampSite')
raise
else:
jenkinstools.junit_pass('', 'OnrampSite')
def install_site(project='pantheon', profile='pantheon', version=6, **kw):
""" Create a new Drupal installation.
project: Installation namespace.
profile: The installation type (e.g. pantheon/openatrium)
version: Major drupal version.
"""
data = {'profile': profile,
'project': project,
'version': version}
handler = _get_profile_handler(**data)
try:
handler.build(**data)
except:
jenkinstools.junit_error(traceback.format_exc(), 'InstallSite')
raise
else:
jenkinstools.junit_pass('', 'InstallSite')
def update_data(project, environment, source_env, updatedb='True'):
"""Update the data in project/environment using data from source_env.
"""
updater = update.Updater(project, environment)
try:
updater.data_update(source_env)
# updatedb is passed in as a string so we have to evaluate it
if eval(string.capitalize(updatedb)):
updater.drupal_updatedb()
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateData')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateData')
# The server has a 2min delay before updates to the index are processed
with settings(warn_only=True):
local("drush @%s_%s solr-reindex" % (project, environment))
local("drush @%s_%s cron" % (project, environment))
def update_data(project, environment, source_env, updatedb='True'):
"""Update the data in project/environment using data from source_env.
"""
updater = update.Updater(project, environment)
try:
updater.data_update(source_env)
# updatedb is passed in as a string so we have to evaluate it
if eval(string.capitalize(updatedb)):
updater.drupal_updatedb()
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateData')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateData')
# The server has a 2min delay before updates to the index are processed
with settings(warn_only=True):
local("drush @%s_%s solr-reindex" % (project, environment))
local("drush @%s_%s cron" % (project, environment))
def update_code(project, environment, tag=None, message=None):
""" Update the working-tree for project/environment.
"""
if not tag:
tag = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
if not message:
message = 'Tagging as %s for release.' % tag
updater = update.Updater(project, environment)
try:
updater.test_tag(tag)
updater.code_update(tag, message)
updater.drupal_updatedb()
updater.permissions_update()
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateCode')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateCode')
# Send back repo status and drupal update status
status.git_repo_status(project)
status.drupal_update_status(project)
def update_code(project, environment, tag=None, message=None):
""" Update the working-tree for project/environment.
"""
if not tag:
tag = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
if not message:
message = 'Tagging as %s for release.' % tag
updater = update.Updater(project, environment)
try:
updater.test_tag(tag)
updater.code_update(tag, message)
updater.drupal_updatedb()
updater.permissions_update()
except:
jenkinstools.junit_error(traceback.format_exc(), 'UpdateCode')
raise
else:
jenkinstools.junit_pass('Update successful.', 'UpdateCode')
# Send back repo status and drupal update status
status.git_repo_status(project)
status.drupal_update_status(project)
def configure_permissions(base_domain = "example.com",
require_group = None,
server_host = None):
try:
server = pantheon.PantheonServer()
if not server_host:
server_host = "auth." + base_domain
ldap_domain = _ldap_domain_to_ldap(base_domain)
values = {'ldap_domain':ldap_domain,'server_host':server_host}
template = pantheon.get_template('ldap-auth-config.preseed.cfg')
ldap_auth_conf = pantheon.build_template(template, values)
with tempfile.NamedTemporaryFile() as temp_file:
temp_file.write(ldap_auth_conf)
temp_file.seek(0)
local("sudo debconf-set-selections " + temp_file.name)
# /etc/ldap/ldap.conf
template = pantheon.get_template('openldap.ldap.conf')
openldap_conf = pantheon.build_template(template, values)
with open('/etc/ldap/ldap.conf', 'w') as f:
f.write(openldap_conf)
# /etc/ldap.conf
template = pantheon.get_template('pam.ldap.conf')
ldap_conf = pantheon.build_template(template, values)
with open('/etc/ldap.conf', 'w') as f:
f.write(ldap_conf)
# Restrict by group
allow = ['root', 'sudo', 'hermes']
if require_group:
allow.append(require_group)
with open('/etc/ssh/sshd_config', 'a') as f:
f.write('\nAllowGroups %s\n' % (' '.join(allow)))
f.write('UseLPK yes\n')
f.write('LpkLdapConf /etc/ldap.conf\n')
local("auth-client-config -t nss -p lac_ldap")
with open('/etc/sudoers.d/002_pantheon_users', 'w') as f:
f.write("# This file was generated by PANTHEON.\n")
f.write("# PLEASE DO NOT EDIT THIS FILE DIRECTLY.\n#\n")
f.write("# Additional sudoer directives can be added in: " + \
"/etc/sudoers.d/003_pantheon_extra\n")
f.write("\n%" + '%s ALL=(ALL) ALL' % require_group)
local('chmod 0440 /etc/sudoers.d/002_pantheon_users')
# Add LDAP user to www-data, and ssl-cert groups.
ssl_group = "ssl-cert"
local('usermod -aG %s,%s %s' % (server.web_group, ssl_group, require_group))
# Use sed because usermod may fail if the user does not already exist.
#local('sudo sed -i "s/' + ssl_group + ':x:[0-9]*:/\\0' + require_group + ',/g" /etc/group')
# Restart after ldap is configured so openssh-lpk doesn't choke.
local("/etc/init.d/ssh restart")
# Write the group to a file for later reference.
server.set_ldap_group(require_group)
# Make the git repo and www directories writable by the group
local("chown -R %s:%s /var/git/projects" % (require_group, require_group))
local("chmod -R g+w /var/git/projects")
# Make the git repo and www directories writable by the group
local("chown -R %s:%s /var/www" % (require_group, require_group))
local("chmod -R g+w /var/www")
# Set ACLs
set_acl_groupwritability(require_group, '/var/www')
set_acl_groupwritability(require_group, '/var/git/projects')
except:
jenkinstools.junit_error(traceback.format_exc(), 'ConfigPermissions')
raise
else:
jenkinstools.junit_pass('Configuration completed.', 'ConfigurePermissions')
def configure_permissions(base_domain="example.com",
require_group=None,
server_host=None):
try:
server = pantheon.PantheonServer()
if not server_host:
server_host = "auth." + base_domain
ldap_domain = _ldap_domain_to_ldap(base_domain)
values = {'ldap_domain': ldap_domain, 'server_host': server_host}
template = pantheon.get_template('ldap-auth-config.preseed.cfg')
ldap_auth_conf = pantheon.build_template(template, values)
with tempfile.NamedTemporaryFile() as temp_file:
temp_file.write(ldap_auth_conf)
temp_file.seek(0)
local("sudo debconf-set-selections " + temp_file.name)
# /etc/ldap/ldap.conf
template = pantheon.get_template('openldap.ldap.conf')
openldap_conf = pantheon.build_template(template, values)
with open('/etc/ldap/ldap.conf', 'w') as f:
f.write(openldap_conf)
# /etc/ldap.conf
template = pantheon.get_template('pam.ldap.conf')
ldap_conf = pantheon.build_template(template, values)
with open('/etc/ldap.conf', 'w') as f:
f.write(ldap_conf)
# Restrict by group
allow = ['root', 'sudo', 'hermes']
if require_group:
allow.append(require_group)
with open('/etc/ssh/sshd_config', 'a') as f:
f.write('\nAllowGroups %s\n' % (' '.join(allow)))
f.write('UseLPK yes\n')
f.write('LpkLdapConf /etc/ldap.conf\n')
local("auth-client-config -t nss -p lac_ldap")
with open('/etc/sudoers.d/002_pantheon_users', 'w') as f:
f.write("# This file was generated by PANTHEON.\n")
f.write("# PLEASE DO NOT EDIT THIS FILE DIRECTLY.\n#\n")
f.write("# Additional sudoer directives can be added in: " + \
"/etc/sudoers.d/003_pantheon_extra\n")
f.write("\n%" + '%s ALL=(ALL) ALL' % require_group)
local('chmod 0440 /etc/sudoers.d/002_pantheon_users')
# Add LDAP user to www-data, and ssl-cert groups.
ssl_group = "ssl-cert"
local('usermod -aG %s,%s %s' %
(server.web_group, ssl_group, require_group))
# Use sed because usermod may fail if the user does not already exist.
#local('sudo sed -i "s/' + ssl_group + ':x:[0-9]*:/\\0' + require_group + ',/g" /etc/group')
# Restart after ldap is configured so openssh-lpk doesn't choke.
local("/etc/init.d/ssh restart")
# Write the group to a file for later reference.
server.set_ldap_group(require_group)
# Make the git repo and www directories writable by the group
local("chown -R %s:%s /var/git/projects" %
(require_group, require_group))
local("chmod -R g+w /var/git/projects")
# Make the git repo and www directories writable by the group
local("chown -R %s:%s /var/www" % (require_group, require_group))
local("chmod -R g+w /var/www")
# Set ACLs
set_acl_groupwritability(require_group, '/var/www')
set_acl_groupwritability(require_group, '/var/git/projects')
except:
jenkinstools.junit_error(traceback.format_exc(), 'ConfigPermissions')
raise
else:
jenkinstools.junit_pass('Configuration completed.',
'ConfigurePermissions')
