def siteurlhttps(self, domain): wo_site_webroot = ('/var/www/{0}'.format(domain)) WOFileUtils.chdir(self, '{0}/htdocs/'.format(wo_site_webroot)) if WOShellExec.cmd_exec( self, "{0} --allow-root core is-installed".format( WOVar.wo_wpcli_path)): wo_siteurl = (WOShellExec.cmd_exec_stdout( self, "{0} option get siteurl ".format(WOVar.wo_wpcli_path) + "--allow-root --quiet")) test_url = re.split(":", wo_siteurl) if not (test_url[0] == 'https'): Log.wait(self, "Updating site url with https") try: WOShellExec.cmd_exec( self, "{0} option update siteurl " "\'https://{1}\' --allow-root".format( WOVar.wo_wpcli_path, domain)) WOShellExec.cmd_exec( self, "{0} option update home " "\'https://{1}\' --allow-root".format( WOVar.wo_wpcli_path, domain)) WOShellExec.cmd_exec( self, "{0} search-replace \'http://{1}\'" "\'https://{1}\' --skip-columns=guid " "--skip-tables=wp_users".format( WOVar.wo_wpcli_path, domain)) except Exception as e: Log.debug(self, str(e)) Log.failed(self, "Updating site url with https") else: Log.valide(self, "Updating site url with https")
def deploycert(self, wo_domain_name): """Deploy Let's Encrypt certificates with acme.sh""" if not os.path.isfile('/etc/letsencrypt/renewal/{0}_ecc/fullchain.cer'. format(wo_domain_name)): Log.error(self, 'Certificate not found. Deployment canceled') Log.debug(self, "Cert deployment for domain: {0}".format(wo_domain_name)) try: Log.wait(self, "Deploying SSL cert") if WOShellExec.cmd_exec( self, "mkdir -p {0}/{1} && {2} --install-cert -d {1} --ecc " "--cert-file {0}/{1}/cert.pem --key-file {0}/{1}/key.pem " "--fullchain-file {0}/{1}/fullchain.pem " "--ca-file {0}/{1}/ca.pem --reloadcmd \"nginx -t && " "service nginx restart\" ".format(WOVar.wo_ssl_live, wo_domain_name, WOAcme.wo_acme_exec)): Log.valide(self, "Deploying SSL cert") else: Log.failed(self, "Deploying SSL cert") Log.error(self, "Unable to deploy certificate") if os.path.isdir('/var/www/{0}/conf/nginx'.format(wo_domain_name)): sslconf = open( "/var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name), encoding='utf-8', mode='w') sslconf.write("listen 443 ssl http2;\n" "listen [::]:443 ssl http2;\n" "ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" "ssl_trusted_certificate {0}/{1}/ca.pem;\n" "ssl_stapling_verify on;\n".format( WOVar.wo_ssl_live, wo_domain_name)) sslconf.close() if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf', '/etc/letsencrypt'): Log.info(self, "Securing WordOps backend with current cert") sslconf = open("/var/www/22222/conf/nginx/ssl.conf", encoding='utf-8', mode='w') sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n" "ssl_certificate_key {0}/{1}/key.pem;\n" "ssl_trusted_certificate {0}/{1}/ca.pem;\n" "ssl_stapling_verify on;\n".format( WOVar.wo_ssl_live, wo_domain_name)) sslconf.close() WOGit.add(self, ["/etc/letsencrypt"], msg="Adding letsencrypt folder") except IOError as e: Log.debug(self, str(e)) Log.debug(self, "Error occured while generating " "ssl.conf") return 0
def setupletsencrypt(self, acme_domains, acmedata): """Issue SSL certificates with acme.sh""" # check acme.sh is installed WOAcme.check_acme(self) # define variables all_domains = '\' -d \''.join(acme_domains) wo_acme_dns = acmedata['acme_dns'] keylenght = acmedata['keylength'] if acmedata['dns'] is True: acme_mode = "--dns {0}".format(wo_acme_dns) validation_mode = "DNS mode with {0}".format(wo_acme_dns) if acmedata['dnsalias'] is True: acme_mode = acme_mode + \ " --challenge-alias {0}".format(acmedata['acme_alias']) else: acme_mode = "-w /var/www/html" validation_mode = "Webroot challenge" Log.debug(self, "Validation : Webroot mode") if not os.path.isdir('/var/www/html/.well-known/acme-challenge'): WOFileUtils.mkdir(self, '/var/www/html/.well-known/acme-challenge') WOFileUtils.chown(self, '/var/www/html/.well-known', 'www-data', 'www-data', recursive=True) WOFileUtils.chmod(self, '/var/www/html/.well-known', 0o750, recursive=True) Log.info(self, "Validation mode : {0}".format(validation_mode)) Log.wait(self, "Issuing SSL cert with acme.sh") if not WOShellExec.cmd_exec( self, "{0} ".format(WOAcme.wo_acme_exec) + "--issue -d '{0}' {1} -k {2} -f".format( all_domains, acme_mode, keylenght)): Log.failed(self, "Issuing SSL cert with acme.sh") if acmedata['dns'] is True: Log.error( self, "Please make sure your properly " "set your DNS API credentials for acme.sh\n" "If you are using sudo, use \"sudo -E wo\"") return False else: Log.error( self, "Your domain is properly configured " "but acme.sh was unable to issue certificate.\n" "You can find more informations in " "/var/log/wo/wordops.log") return False else: Log.valide(self, "Issuing SSL cert with acme.sh") return True
def start_service(self, service_name): """ start service Similar to `service xyz start` """ try: if service_name in ['nginx']: Log.wait(self, "Testing Nginx configuration ") # Check Nginx configuration before executing command sub = subprocess.Popen('nginx -t', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) output = sub.communicate() if 'emerg' not in str(output): Log.valide(self, "Testing Nginx configuration ") Log.wait(self, "Starting Nginx") service_cmd = ('service {0} start'.format(service_name)) retcode = subprocess.getstatusoutput(service_cmd) if retcode[0] == 0: Log.valide(self, "Starting Nginx ") return True else: Log.failed(self, "Starting Nginx") else: Log.failed(self, "Testing Nginx configuration ") return False else: service_cmd = ('service {0} start'.format(service_name)) Log.info(self, "Start : {0:10}".format(service_name), end='') retcode = subprocess.getstatusoutput(service_cmd) if retcode[0] == 0: Log.info( self, "[" + Log.ENDC + Log.OKGREEN + "OK" + Log.ENDC + Log.OKBLUE + "]") return True else: Log.debug(self, "{0}".format(retcode[1])) Log.info(self, "[" + Log.FAIL + "Failed" + Log.OKBLUE + "]") return False except OSError as e: Log.debug(self, "{0}".format(e)) Log.error(self, "\nFailed to start service {0}".format(service_name))
def restart_service(self, service_name): """ Restart service Similar to `service xyz restart` """ try: if service_name in ['nginx']: Log.wait(self, "Testing Nginx configuration ") # Check Nginx configuration before executing command sub = subprocess.Popen('nginx -t', stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) output, error_output = sub.communicate() if 'emerg' not in str(error_output): Log.valide(self, "Testing Nginx configuration ") Log.wait(self, "Restarting Nginx ") service_cmd = ('service {0} restart'.format(service_name)) retcode = subprocess.getstatusoutput(service_cmd) if retcode[0] == 0: Log.valide(self, "Restarting Nginx ") return True else: Log.failed(self, "Testing Nginx configuration ") return False else: service_cmd = ('service {0} restart'.format(service_name)) Log.wait(self, "Restarting {0:10}".format(service_name)) retcode = subprocess.getstatusoutput(service_cmd) if retcode[0] == 0: Log.valide(self, "Restarting {0:10}".format(service_name)) return True else: Log.debug(self, "{0}".format(retcode[1])) Log.failed(self, "Restarting {0:10}".format(service_name)) return False except OSError as e: Log.debug(self, "{0} {1}".format(e.errno, e.strerror)) Log.error(self, "\nFailed to restart service : {0}".format(service_name))
def setupletsencrypt(self, acme_domains, acmedata): """Issue SSL certificates with acme.sh""" all_domains = '\' -d \''.join(acme_domains) wo_acme_dns = acmedata['acme_dns'] keylenght = acmedata['keylength'] if acmedata['dns'] is True: acme_mode = "--dns {0}".format(wo_acme_dns) validation_mode = "DNS mode with {0}".format(wo_acme_dns) if acmedata['dnsalias'] is True: acme_mode = acme_mode + \ " --challenge-alias {0}".format(acmedata['acme_alias']) else: acme_mode = "-w /var/www/html" validation_mode = "Webroot challenge" Log.debug(self, "Validation : Webroot mode") Log.info(self, "Validation mode : {0}".format(validation_mode)) Log.wait(self, "Issuing SSL cert with acme.sh") if not WOShellExec.cmd_exec( self, "{0} ".format(WOAcme.wo_acme_exec) + "--issue -d '{0}' {1} -k {2} -f".format( all_domains, acme_mode, keylenght)): Log.failed(self, "Issuing SSL cert with acme.sh") if acmedata['dns'] is True: Log.error( self, "Please make sure your properly " "set your DNS API credentials for acme.sh") return False else: Log.error( self, "Your domain is properly configured " "but acme.sh was unable to issue certificate.\n" "You can find more informations in " "/var/log/wo/wordops.log") return False else: Log.valide(self, "Issuing SSL cert with acme.sh") return True