def update_site_core(project='pantheon', keep=None): """Update Drupal core (from Drupal or Pressflow, to latest Pressflow). keep: Option when merge fails: 'ours': Keep local changes when there are conflicts. 'theirs': Keep upstream changes when there are conflicts. 'force': Leave failed merge in working-tree (manual resolve). None: Reset to ORIG_HEAD if merge fails. """ updater = update.Updater(project, 'dev') try: result = updater.core_update(keep) updater.drupal_updatedb() updater.permissions_update() except: jenkinstools.junit_error(traceback.format_exc(), 'UpdateCore') raise else: jenkinstools.junit_pass('Update successful.', 'UpdateCore') postback.write_build_data('update_site_core', result) if result['merge'] == 'success': # Send drupal version information. status.drupal_update_status(project) status.git_repo_status(project)
def remove_backup(archive): try: backup.remove(archive) except: jenkinstools.junit_error(traceback.format_exc(), 'RemoveBackup') raise else: jenkinstools.junit_pass('Removal successful.', 'RemoveBackup')
def git_status(project, environment): """Return git status """ updater = update.Updater(project, environment) try: updater.run_command('git status') except: jenkinstools.junit_error(traceback.format_exc(), 'GitStatus') raise else: jenkinstools.junit_pass('', 'GitStatus')
def update_files(project, environment, source_env): """Update the files in project/environment using files from source_env. """ updater = update.Updater(project, environment) try: updater.files_update(source_env) except: jenkinstools.junit_error(traceback.format_exc(), 'UpdateFiles') raise else: jenkinstools.junit_pass('Update successful.', 'UpdateFiles')
def rebuild_environment(project, environment): """Rebuild the project/environment with files and data from 'live'. """ updater = update.Updater(project, environment) try: updater.files_update('live') updater.data_update('live') except: jenkinstools.junit_error(traceback.format_exc(), 'RebuildEnv') raise else: jenkinstools.junit_pass('Rebuild successful.', 'RebuildEnv')
def backup_site(archive_name, project='pantheon'): archive = backup.PantheonBackup(archive_name, project) try: archive.backup_files() archive.backup_data() archive.backup_repo() archive.backup_config(version=0) archive.make_archive() archive.move_archive() archive.cleanup() except: jenkinstools.junit_error(traceback.format_exc(), 'BackupSite') raise else: jenkinstools.junit_pass('Backup successful.', 'BackupSite')
def install_site(project='pantheon', profile='pantheon', version=6, **kw): """ Create a new Drupal installation. project: Installation namespace. profile: The installation type (e.g. pantheon/openatrium) version: Major drupal version. """ data = {'profile': profile, 'project': project, 'version': version} handler = _get_profile_handler(**data) try: handler.build(**data) except: jenkinstools.junit_error(traceback.format_exc(), 'InstallSite') raise else: jenkinstools.junit_pass('', 'InstallSite')
def configure(): '''configure the Pantheon system.''' server = pantheon.PantheonServer() try: _test_for_previous_run() _check_connectivity(server) _configure_certificates() _configure_server(server) _configure_postfix(server) _restart_services(server) _configure_iptables(server) _configure_git_repo() _mark_incep(server) _report() except: jenkinstools.junit_error(traceback.format_exc(), 'Configure') raise else: jenkinstools.junit_pass('Configure successful.', 'Configure')
def onramp_site(project='pantheon', url=None, profile=None, **kw): """Create a new Drupal installation. project: Installation namespace. profile: The installation type (e.g. pantheon/openatrium) **kw: Optional dictionary of values to process on installation. """ archive = onramp.download(url) location = onramp.extract(archive) handler = _get_handler(profile, project, location) try: handler.build(location) except: jenkinstools.junit_error(traceback.format_exc(), 'OnrampSite') raise else: jenkinstools.junit_pass('', 'OnrampSite')
def update_data(project, environment, source_env, updatedb='True'): """Update the data in project/environment using data from source_env. """ updater = update.Updater(project, environment) try: updater.data_update(source_env) # updatedb is passed in as a string so we have to evaluate it if eval(string.capitalize(updatedb)): updater.drupal_updatedb() except: jenkinstools.junit_error(traceback.format_exc(), 'UpdateData') raise else: jenkinstools.junit_pass('Update successful.', 'UpdateData') # The server has a 2min delay before updates to the index are processed with settings(warn_only=True): local("drush @%s_%s solr-reindex" % (project, environment)) local("drush @%s_%s cron" % (project, environment))
def update_code(project, environment, tag=None, message=None): """ Update the working-tree for project/environment. """ if not tag: tag = datetime.datetime.now().strftime('%Y%m%d%H%M%S') if not message: message = 'Tagging as %s for release.' % tag updater = update.Updater(project, environment) try: updater.test_tag(tag) updater.code_update(tag, message) updater.drupal_updatedb() updater.permissions_update() except: jenkinstools.junit_error(traceback.format_exc(), 'UpdateCode') raise else: jenkinstools.junit_pass('Update successful.', 'UpdateCode') # Send back repo status and drupal update status status.git_repo_status(project) status.drupal_update_status(project)
def configure_permissions(base_domain = "example.com", require_group = None, server_host = None): try: server = pantheon.PantheonServer() if not server_host: server_host = "auth." + base_domain ldap_domain = _ldap_domain_to_ldap(base_domain) values = {'ldap_domain':ldap_domain,'server_host':server_host} template = pantheon.get_template('ldap-auth-config.preseed.cfg') ldap_auth_conf = pantheon.build_template(template, values) with tempfile.NamedTemporaryFile() as temp_file: temp_file.write(ldap_auth_conf) temp_file.seek(0) local("sudo debconf-set-selections " + temp_file.name) # /etc/ldap/ldap.conf template = pantheon.get_template('openldap.ldap.conf') openldap_conf = pantheon.build_template(template, values) with open('/etc/ldap/ldap.conf', 'w') as f: f.write(openldap_conf) # /etc/ldap.conf template = pantheon.get_template('pam.ldap.conf') ldap_conf = pantheon.build_template(template, values) with open('/etc/ldap.conf', 'w') as f: f.write(ldap_conf) # Restrict by group allow = ['root', 'sudo', 'hermes'] if require_group: allow.append(require_group) with open('/etc/ssh/sshd_config', 'a') as f: f.write('\nAllowGroups %s\n' % (' '.join(allow))) f.write('UseLPK yes\n') f.write('LpkLdapConf /etc/ldap.conf\n') local("auth-client-config -t nss -p lac_ldap") with open('/etc/sudoers.d/002_pantheon_users', 'w') as f: f.write("# This file was generated by PANTHEON.\n") f.write("# PLEASE DO NOT EDIT THIS FILE DIRECTLY.\n#\n") f.write("# Additional sudoer directives can be added in: " + \ "/etc/sudoers.d/003_pantheon_extra\n") f.write("\n%" + '%s ALL=(ALL) ALL' % require_group) local('chmod 0440 /etc/sudoers.d/002_pantheon_users') # Add LDAP user to www-data, and ssl-cert groups. ssl_group = "ssl-cert" local('usermod -aG %s,%s %s' % (server.web_group, ssl_group, require_group)) # Use sed because usermod may fail if the user does not already exist. #local('sudo sed -i "s/' + ssl_group + ':x:[0-9]*:/\\0' + require_group + ',/g" /etc/group') # Restart after ldap is configured so openssh-lpk doesn't choke. local("/etc/init.d/ssh restart") # Write the group to a file for later reference. server.set_ldap_group(require_group) # Make the git repo and www directories writable by the group local("chown -R %s:%s /var/git/projects" % (require_group, require_group)) local("chmod -R g+w /var/git/projects") # Make the git repo and www directories writable by the group local("chown -R %s:%s /var/www" % (require_group, require_group)) local("chmod -R g+w /var/www") # Set ACLs set_acl_groupwritability(require_group, '/var/www') set_acl_groupwritability(require_group, '/var/git/projects') except: jenkinstools.junit_error(traceback.format_exc(), 'ConfigPermissions') raise else: jenkinstools.junit_pass('Configuration completed.', 'ConfigurePermissions')
def configure_permissions(base_domain="example.com", require_group=None, server_host=None): try: server = pantheon.PantheonServer() if not server_host: server_host = "auth." + base_domain ldap_domain = _ldap_domain_to_ldap(base_domain) values = {'ldap_domain': ldap_domain, 'server_host': server_host} template = pantheon.get_template('ldap-auth-config.preseed.cfg') ldap_auth_conf = pantheon.build_template(template, values) with tempfile.NamedTemporaryFile() as temp_file: temp_file.write(ldap_auth_conf) temp_file.seek(0) local("sudo debconf-set-selections " + temp_file.name) # /etc/ldap/ldap.conf template = pantheon.get_template('openldap.ldap.conf') openldap_conf = pantheon.build_template(template, values) with open('/etc/ldap/ldap.conf', 'w') as f: f.write(openldap_conf) # /etc/ldap.conf template = pantheon.get_template('pam.ldap.conf') ldap_conf = pantheon.build_template(template, values) with open('/etc/ldap.conf', 'w') as f: f.write(ldap_conf) # Restrict by group allow = ['root', 'sudo', 'hermes'] if require_group: allow.append(require_group) with open('/etc/ssh/sshd_config', 'a') as f: f.write('\nAllowGroups %s\n' % (' '.join(allow))) f.write('UseLPK yes\n') f.write('LpkLdapConf /etc/ldap.conf\n') local("auth-client-config -t nss -p lac_ldap") with open('/etc/sudoers.d/002_pantheon_users', 'w') as f: f.write("# This file was generated by PANTHEON.\n") f.write("# PLEASE DO NOT EDIT THIS FILE DIRECTLY.\n#\n") f.write("# Additional sudoer directives can be added in: " + \ "/etc/sudoers.d/003_pantheon_extra\n") f.write("\n%" + '%s ALL=(ALL) ALL' % require_group) local('chmod 0440 /etc/sudoers.d/002_pantheon_users') # Add LDAP user to www-data, and ssl-cert groups. ssl_group = "ssl-cert" local('usermod -aG %s,%s %s' % (server.web_group, ssl_group, require_group)) # Use sed because usermod may fail if the user does not already exist. #local('sudo sed -i "s/' + ssl_group + ':x:[0-9]*:/\\0' + require_group + ',/g" /etc/group') # Restart after ldap is configured so openssh-lpk doesn't choke. local("/etc/init.d/ssh restart") # Write the group to a file for later reference. server.set_ldap_group(require_group) # Make the git repo and www directories writable by the group local("chown -R %s:%s /var/git/projects" % (require_group, require_group)) local("chmod -R g+w /var/git/projects") # Make the git repo and www directories writable by the group local("chown -R %s:%s /var/www" % (require_group, require_group)) local("chmod -R g+w /var/www") # Set ACLs set_acl_groupwritability(require_group, '/var/www') set_acl_groupwritability(require_group, '/var/git/projects') except: jenkinstools.junit_error(traceback.format_exc(), 'ConfigPermissions') raise else: jenkinstools.junit_pass('Configuration completed.', 'ConfigurePermissions')