def siteurlhttps(self, domain):
wo_site_webroot = ('/var/www/{0}'.format(domain))
WOFileUtils.chdir(self, '{0}/htdocs/'.format(wo_site_webroot))
if WOShellExec.cmd_exec(
self, "{0} --allow-root core is-installed".format(
WOVar.wo_wpcli_path)):
wo_siteurl = (WOShellExec.cmd_exec_stdout(
self, "{0} option get siteurl ".format(WOVar.wo_wpcli_path) +
"--allow-root --quiet"))
test_url = re.split(":", wo_siteurl)
if not (test_url[0] == 'https'):
Log.wait(self, "Updating site url with https")
try:
WOShellExec.cmd_exec(
self, "{0} option update siteurl "
"\'https://{1}\' --allow-root".format(
WOVar.wo_wpcli_path, domain))
WOShellExec.cmd_exec(
self, "{0} option update home "
"\'https://{1}\' --allow-root".format(
WOVar.wo_wpcli_path, domain))
WOShellExec.cmd_exec(
self, "{0} search-replace \'http://{1}\'"
"\'https://{1}\' --skip-columns=guid "
"--skip-tables=wp_users".format(
WOVar.wo_wpcli_path, domain))
except Exception as e:
Log.debug(self, str(e))
Log.failed(self, "Updating site url with https")
else:
Log.valide(self, "Updating site url with https")
def deploycert(self, wo_domain_name):
"""Deploy Let's Encrypt certificates with acme.sh"""
if not os.path.isfile('/etc/letsencrypt/renewal/{0}_ecc/fullchain.cer'.
format(wo_domain_name)):
Log.error(self, 'Certificate not found. Deployment canceled')
Log.debug(self,
"Cert deployment for domain: {0}".format(wo_domain_name))
try:
Log.wait(self, "Deploying SSL cert")
if WOShellExec.cmd_exec(
self,
"mkdir -p {0}/{1} && {2} --install-cert -d {1} --ecc "
"--cert-file {0}/{1}/cert.pem --key-file {0}/{1}/key.pem "
"--fullchain-file {0}/{1}/fullchain.pem "
"--ca-file {0}/{1}/ca.pem --reloadcmd \"nginx -t && "
"service nginx restart\" ".format(WOVar.wo_ssl_live,
wo_domain_name,
WOAcme.wo_acme_exec)):
Log.valide(self, "Deploying SSL cert")
else:
Log.failed(self, "Deploying SSL cert")
Log.error(self, "Unable to deploy certificate")
if os.path.isdir('/var/www/{0}/conf/nginx'.format(wo_domain_name)):
sslconf = open(
"/var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name),
encoding='utf-8',
mode='w')
sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n"
"ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n".format(
WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf',
'/etc/letsencrypt'):
Log.info(self, "Securing WordOps backend with current cert")
sslconf = open("/var/www/22222/conf/nginx/ssl.conf",
encoding='utf-8',
mode='w')
sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n".format(
WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder")
except IOError as e:
Log.debug(self, str(e))
Log.debug(self, "Error occured while generating " "ssl.conf")
return 0
def setupletsencrypt(self, acme_domains, acmedata):
"""Issue SSL certificates with acme.sh"""
# check acme.sh is installed
WOAcme.check_acme(self)
# define variables
all_domains = '\' -d \''.join(acme_domains)
wo_acme_dns = acmedata['acme_dns']
keylenght = acmedata['keylength']
if acmedata['dns'] is True:
acme_mode = "--dns {0}".format(wo_acme_dns)
validation_mode = "DNS mode with {0}".format(wo_acme_dns)
if acmedata['dnsalias'] is True:
acme_mode = acme_mode + \
" --challenge-alias {0}".format(acmedata['acme_alias'])
else:
acme_mode = "-w /var/www/html"
validation_mode = "Webroot challenge"
Log.debug(self, "Validation : Webroot mode")
if not os.path.isdir('/var/www/html/.well-known/acme-challenge'):
WOFileUtils.mkdir(self,
'/var/www/html/.well-known/acme-challenge')
WOFileUtils.chown(self,
'/var/www/html/.well-known',
'www-data',
'www-data',
recursive=True)
WOFileUtils.chmod(self,
'/var/www/html/.well-known',
0o750,
recursive=True)
Log.info(self, "Validation mode : {0}".format(validation_mode))
Log.wait(self, "Issuing SSL cert with acme.sh")
if not WOShellExec.cmd_exec(
self, "{0} ".format(WOAcme.wo_acme_exec) +
"--issue -d '{0}' {1} -k {2} -f".format(
all_domains, acme_mode, keylenght)):
Log.failed(self, "Issuing SSL cert with acme.sh")
if acmedata['dns'] is True:
Log.error(
self, "Please make sure your properly "
"set your DNS API credentials for acme.sh\n"
"If you are using sudo, use \"sudo -E wo\"")
return False
else:
Log.error(
self, "Your domain is properly configured "
"but acme.sh was unable to issue certificate.\n"
"You can find more informations in "
"/var/log/wo/wordops.log")
return False
else:
Log.valide(self, "Issuing SSL cert with acme.sh")
return True
def start_service(self, service_name):
"""
start service
Similar to `service xyz start`
"""
try:
if service_name in ['nginx']:
Log.wait(self, "Testing Nginx configuration ")
# Check Nginx configuration before executing command
sub = subprocess.Popen('nginx -t',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=True)
output = sub.communicate()
if 'emerg' not in str(output):
Log.valide(self, "Testing Nginx configuration ")
Log.wait(self, "Starting Nginx")
service_cmd = ('service {0} start'.format(service_name))
retcode = subprocess.getstatusoutput(service_cmd)
if retcode[0] == 0:
Log.valide(self, "Starting Nginx ")
return True
else:
Log.failed(self, "Starting Nginx")
else:
Log.failed(self, "Testing Nginx configuration ")
return False
else:
service_cmd = ('service {0} start'.format(service_name))
Log.info(self, "Start : {0:10}".format(service_name), end='')
retcode = subprocess.getstatusoutput(service_cmd)
if retcode[0] == 0:
Log.info(
self, "[" + Log.ENDC + Log.OKGREEN + "OK" + Log.ENDC +
Log.OKBLUE + "]")
return True
else:
Log.debug(self, "{0}".format(retcode[1]))
Log.info(self,
"[" + Log.FAIL + "Failed" + Log.OKBLUE + "]")
return False
except OSError as e:
Log.debug(self, "{0}".format(e))
Log.error(self,
"\nFailed to start service {0}".format(service_name))
def restart_service(self, service_name):
"""
Restart service
Similar to `service xyz restart`
"""
try:
if service_name in ['nginx']:
Log.wait(self, "Testing Nginx configuration ")
# Check Nginx configuration before executing command
sub = subprocess.Popen('nginx -t',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=True)
output, error_output = sub.communicate()
if 'emerg' not in str(error_output):
Log.valide(self, "Testing Nginx configuration ")
Log.wait(self, "Restarting Nginx ")
service_cmd = ('service {0} restart'.format(service_name))
retcode = subprocess.getstatusoutput(service_cmd)
if retcode[0] == 0:
Log.valide(self, "Restarting Nginx ")
return True
else:
Log.failed(self, "Testing Nginx configuration ")
return False
else:
service_cmd = ('service {0} restart'.format(service_name))
Log.wait(self, "Restarting {0:10}".format(service_name))
retcode = subprocess.getstatusoutput(service_cmd)
if retcode[0] == 0:
Log.valide(self, "Restarting {0:10}".format(service_name))
return True
else:
Log.debug(self, "{0}".format(retcode[1]))
Log.failed(self, "Restarting {0:10}".format(service_name))
return False
except OSError as e:
Log.debug(self, "{0} {1}".format(e.errno, e.strerror))
Log.error(self,
"\nFailed to restart service : {0}".format(service_name))
def setupletsencrypt(self, acme_domains, acmedata):
"""Issue SSL certificates with acme.sh"""
all_domains = '\' -d \''.join(acme_domains)
wo_acme_dns = acmedata['acme_dns']
keylenght = acmedata['keylength']
if acmedata['dns'] is True:
acme_mode = "--dns {0}".format(wo_acme_dns)
validation_mode = "DNS mode with {0}".format(wo_acme_dns)
if acmedata['dnsalias'] is True:
acme_mode = acme_mode + \
" --challenge-alias {0}".format(acmedata['acme_alias'])
else:
acme_mode = "-w /var/www/html"
validation_mode = "Webroot challenge"
Log.debug(self, "Validation : Webroot mode")
Log.info(self, "Validation mode : {0}".format(validation_mode))
Log.wait(self, "Issuing SSL cert with acme.sh")
if not WOShellExec.cmd_exec(
self, "{0} ".format(WOAcme.wo_acme_exec) +
"--issue -d '{0}' {1} -k {2} -f".format(
all_domains, acme_mode, keylenght)):
Log.failed(self, "Issuing SSL cert with acme.sh")
if acmedata['dns'] is True:
Log.error(
self, "Please make sure your properly "
"set your DNS API credentials for acme.sh")
return False
else:
Log.error(
self, "Your domain is properly configured "
"but acme.sh was unable to issue certificate.\n"
"You can find more informations in "
"/var/log/wo/wordops.log")
return False
else:
Log.valide(self, "Issuing SSL cert with acme.sh")
return True