Fixes on webapps

This commit is contained in:
Marc Aymerich 2015-04-10 15:03:38 +00:00
parent a04f5cc5da
commit 79ae1a79b0
7 changed files with 167 additions and 98 deletions

View file

@ -283,6 +283,9 @@ https://code.djangoproject.com/ticket/24576
* MultiCHoiceField proper serialization * MultiCHoiceField proper serialization
# Apache restart fails: detect if appache running, and execute start # Apache restart fails: detect if appache running, and execute start
# PHP backend is retarded does not detect well the version
# Change crons, create cron for deleted webapps and users # Change crons, create cron for deleted webapps and users
* UNIFY PHP FPM settings name * UNIFY PHP FPM settings name
# virtualhost name name-account?
# php version update should trigger webiste upgrade (wrapper name/fpm config for apache), public root and other config also needs apache to execute
* add a delay to changes on the webserver apache to no overwelm it with backend executions?
# Delete webapps deletes wrapper that may be used for other sites, maybe merging webapps is a bad idea after all?

View file

@ -76,27 +76,44 @@ class PHPBackend(WebAppServiceMixin, ServiceController):
self.delete_webapp_dir(context) self.delete_webapp_dir(context)
def delete_fpm(self, webapp, context): def delete_fpm(self, webapp, context):
# Better not delete a pool used by other apps
if not self.MERGE:
self.append("rm -f %(fpm_path)s" % context) self.append("rm -f %(fpm_path)s" % context)
def delete_fcgid(self, webapp, context): def delete_fcgid(self, webapp, context):
# Better not delete a wrapper used by other apps
if not self.MERGE:
self.append("rm -f %(wrapper_path)s" % context) self.append("rm -f %(wrapper_path)s" % context)
self.append("rm -f %(cmd_options_path)s" % context) self.append("rm -f %(cmd_options_path)s" % context)
def prepare(self):
super(PHPBackend, self).prepare()
# Coordinate apache restart with php backend in order not to overdo it
self.append('echo "PHPBackend" >> /dev/shm/restart.apache2')
def commit(self): def commit(self):
if self.content:
self.append(textwrap.dedent(""" self.append(textwrap.dedent("""
if [[ $UPDATEDFPM == 1 ]]; then if [[ $UPDATEDFPM == 1 ]]; then
service php5-fpm reload service php5-fpm reload
service php5-fpm start service php5-fpm start
fi fi
""") # Coordinate apache restart with apache backend
) locked=1
self.append(textwrap.dedent("""\ state="$(grep -v 'PHPBackend' /dev/shm/restart.apache2)" || locked=0
echo -n "$state" > /dev/shm/restart.apache2
if [[ $UPDATED_APACHE == 1 ]]; then if [[ $UPDATED_APACHE == 1 ]]; then
if [[ $locked == 0 ]]; then
service apache2 reload
else
echo "PHPBackend RESTART" >> /dev/shm/restart.apache2
fi
elif [[ "$state" =~ .*RESTART$ ]]; then
rm /dev/shm/restart.apache2
service apache2 reload service apache2 reload
fi fi
""") """)
) )
super(PHPBackend, self).commit()
def get_fpm_config(self, webapp, context): def get_fpm_config(self, webapp, context):
merge = settings.WEBAPPS_MERGE_PHP_WEBAPPS merge = settings.WEBAPPS_MERGE_PHP_WEBAPPS

View file

@ -1,4 +1,5 @@
import os import os
from collections import OrderedDict
from django.db import models from django.db import models
from django.db.models.signals import pre_save, pre_delete from django.db.models.signals import pre_save, pre_delete
@ -56,9 +57,7 @@ class WebApp(models.Model):
@cached @cached
def get_options(self): def get_options(self):
return { return OrderedDict((opt.name, opt.value) for opt in self.options.all())
opt.name: opt.value for opt in self.options.all()
}
def get_directive(self): def get_directive(self):
return self.type_instance.get_directive() return self.type_instance.get_directive()

View file

@ -56,7 +56,7 @@ class PHPAppOption(AppOption):
super(PHPAppOption, self).validate() super(PHPAppOption, self).validate()
if self.deprecated: if self.deprecated:
php_version = self.instance.webapp.type_instance.get_php_version_number() php_version = self.instance.webapp.type_instance.get_php_version_number()
if php_version and php_version > self.deprecated: if php_version and self.deprecated and float(php_version) > self.deprecated:
raise ValidationError( raise ValidationError(
_("This option is deprecated since PHP version %s.") % str(self.deprecated) _("This option is deprecated since PHP version %s.") % str(self.deprecated)
) )
@ -76,7 +76,8 @@ class Timeout(AppOption):
# FPM pm.request_terminate_timeout # FPM pm.request_terminate_timeout
# PHP max_execution_time ini # PHP max_execution_time ini
verbose_name = _("Process timeout") verbose_name = _("Process timeout")
help_text = _("Maximum time in seconds allowed for a request to complete (a number between 0 and 999).") help_text = _("Maximum time in seconds allowed for a request to complete (a number between 0 and 999).<br>"
"Also sets <tt>max_request_time</tt> when php-cgi is used.")
regex = r'^[0-9]{1,3}$' regex = r'^[0-9]{1,3}$'
group = AppOption.PROCESS group = AppOption.PROCESS
@ -94,7 +95,7 @@ class Processes(AppOption):
class PHPEnabledFunctions(PHPAppOption): class PHPEnabledFunctions(PHPAppOption):
name = 'enabled_functions' name = 'enabled_functions'
verbose_name = _("Enabled functions") verbose_name = _("Enabled functions")
help_text = ' '.join(settings.WEBAPPS_PHP_DISABLED_FUNCTIONS) help_text = ','.join(settings.WEBAPPS_PHP_DISABLED_FUNCTIONS)
regex = r'^[\w\.,-]+$' regex = r'^[\w\.,-]+$'
@ -235,21 +236,21 @@ class PHPPostMaxSize(PHPAppOption):
class PHPSendmailPath(PHPAppOption): class PHPSendmailPath(PHPAppOption):
name = 'sendmail_path' name = 'sendmail_path'
verbose_name = _("sendmail_path") verbose_name = _("Sendmail path")
help_text = _("Where the sendmail program can be found.") help_text = _("Where the sendmail program can be found.")
regex = r'^[^ ]+$' regex = r'^[^ ]+$'
class PHPSessionBugCompatWarn(PHPAppOption): class PHPSessionBugCompatWarn(PHPAppOption):
name = 'session.bug_compat_warn' name = 'session.bug_compat_warn'
verbose_name = _("session.bug_compat_warn") verbose_name = _("Session bug compat warning")
help_text = _("Enables an PHP bug on session initialization for legacy behaviour (On or Off).") help_text = _("Enables an PHP bug on session initialization for legacy behaviour (On or Off).")
regex = r'^(On|Off|on|off)$' regex = r'^(On|Off|on|off)$'
class PHPSessionAutoStart(PHPAppOption): class PHPSessionAutoStart(PHPAppOption):
name = 'session.auto_start' name = 'session.auto_start'
verbose_name = _("session.auto_start") verbose_name = _("Session auto start")
help_text = _("Specifies whether the session module starts a session automatically on request " help_text = _("Specifies whether the session module starts a session automatically on request "
"startup (On or Off).") "startup (On or Off).")
regex = r'^(On|Off|on|off)$' regex = r'^(On|Off|on|off)$'
@ -287,7 +288,7 @@ class PHPSuhosinRequestMaxVars(PHPAppOption):
class PHPSuhosinSessionEncrypt(PHPAppOption): class PHPSuhosinSessionEncrypt(PHPAppOption):
name = 'suhosin.session.encrypt' name = 'suhosin.session.encrypt'
verbose_name = _("suhosin.session.encrypt") verbose_name = _("Suhosin session encrypt")
help_text = _("On or Off") help_text = _("On or Off")
regex = r'^(On|Off|on|off)$' regex = r'^(On|Off|on|off)$'
@ -301,13 +302,13 @@ class PHPSuhosinSimulation(PHPAppOption):
class PHPSuhosinExecutorIncludeWhitelist(PHPAppOption): class PHPSuhosinExecutorIncludeWhitelist(PHPAppOption):
name = 'suhosin.executor.include.whitelist' name = 'suhosin.executor.include.whitelist'
verbose_name = _("suhosin.executor.include.whitelist") verbose_name = _("Suhosin executor include whitelist")
regex = r'.*$' regex = r'.*$'
class PHPUploadMaxFileSize(PHPAppOption): class PHPUploadMaxFileSize(PHPAppOption):
name = 'upload_max_filesize' name = 'upload_max_filesize'
verbose_name = _("upload_max_filesize") verbose_name = _("Upload max filezise")
help_text = _("Value between 0M and 999M.") help_text = _("Value between 0M and 999M.")
regex = r'^[0-9]{1,3}M$' regex = r'^[0-9]{1,3}M$'

View file

@ -110,6 +110,7 @@ WEBAPPS_UNDER_CONSTRUCTION_PATH = getattr(settings, 'WEBAPPS_UNDER_CONSTRUCTION_
# WEBAPPS_TYPES[webapp_type] = value # WEBAPPS_TYPES[webapp_type] = value
WEBAPPS_PHP_DISABLED_FUNCTIONS = getattr(settings, 'WEBAPPS_PHP_DISABLED_FUNCTION', [ WEBAPPS_PHP_DISABLED_FUNCTIONS = getattr(settings, 'WEBAPPS_PHP_DISABLED_FUNCTION', [
'exec', 'exec',
'passthru', 'passthru',

View file

@ -1,5 +1,6 @@
import os import os
import re import re
from collections import OrderedDict
from django import forms from django import forms
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
@ -60,16 +61,16 @@ class PHPApp(AppType):
@cached @cached
def get_php_options(self): def get_php_options(self):
php_version = self.get_php_version_number() php_version = float(self.get_php_version_number())
php_options = AppOption.get_option_groups()[AppOption.PHP] php_options = AppOption.get_option_groups()[AppOption.PHP]
return [op for op in php_options if getattr(self, 'deprecated', 999) > php_version] return [op for op in php_options if (op.deprecated or 999) > php_version]
def get_php_init_vars(self, merge=False): def get_php_init_vars(self, merge=False):
""" """
process php options for inclusion on php.ini process php options for inclusion on php.ini
per_account=True merges all (account, webapp.type) options per_account=True merges all (account, webapp.type) options
""" """
init_vars = {} init_vars = OrderedDict()
options = self.instance.options.all() options = self.instance.options.all()
if merge: if merge:
# Get options from the same account and php_version webapps # Get options from the same account and php_version webapps
@ -108,6 +109,7 @@ class PHPApp(AppType):
context = super(PHPApp, self).get_directive_context() context = super(PHPApp, self).get_directive_context()
context.update({ context.update({
'php_version': self.get_php_version(), 'php_version': self.get_php_version(),
'php_version_number': self.get_php_version_number(),
}) })
return context return context
@ -134,4 +136,4 @@ class PHPApp(AppType):
raise ValueError("No version number matches for '%s'" % php_version) raise ValueError("No version number matches for '%s'" % php_version)
if len(number) > 1: if len(number) > 1:
raise ValueError("Multiple version number matches for '%s'" % php_version) raise ValueError("Multiple version number matches for '%s'" % php_version)
return float(number[0]) return number[0]

View file

@ -19,6 +19,7 @@ class Apache2Backend(ServiceController):
model = 'websites.Website' model = 'websites.Website'
related_models = ( related_models = (
('websites.Content', 'website'), ('websites.Content', 'website'),
('webapps.WebApp', 'website_set'),
) )
verbose_name = _("Apache 2") verbose_name = _("Apache 2")
@ -41,9 +42,9 @@ class Apache2Backend(ServiceController):
return Template(textwrap.dedent("""\ return Template(textwrap.dedent("""\
<VirtualHost {{ ip }}:{{ port }}> <VirtualHost {{ ip }}:{{ port }}>
IncludeOptional /etc/apache2/site[s]-override/{{ site_unique_name }}.con[f] IncludeOptional /etc/apache2/site[s]-override/{{ site_unique_name }}.con[f]
ServerName {{ site.domains.all|first }}\ ServerName {{ server_name }}\
{% if site.domains.all|slice:"1:" %} {% if server_alias %}
ServerAlias {{ site.domains.all|slice:"1:"|join:' ' }}{% endif %}\ ServerAlias {{ server_alias|join:' ' }}{% endif %}\
{% if access_log %} {% if access_log %}
CustomLog {{ access_log }} common{% endif %}\ CustomLog {{ access_log }} common{% endif %}\
{% if error_log %} {% if error_log %}
@ -59,9 +60,9 @@ class Apache2Backend(ServiceController):
context['port'] = self.HTTP_PORT context['port'] = self.HTTP_PORT
return Template(textwrap.dedent(""" return Template(textwrap.dedent("""
<VirtualHost {{ ip }}:{{ port }}> <VirtualHost {{ ip }}:{{ port }}>
ServerName {{ site.domains.all|first }}\ ServerName {{ server_name }}\
{% if site.domains.all|slice:"1:" %} {% if server_alias %}
ServerAlias {{ site.domains.all|slice:"1:"|join:' ' }}{% endif %}\ ServerAlias {{ server_alias|join:' ' }}{% endif %}\
{% if access_log %} {% if access_log %}
CustomLog {{ access_log }} common{% endif %}\ CustomLog {{ access_log }} common{% endif %}\
{% if error_log %} {% if error_log %}
@ -75,6 +76,7 @@ class Apache2Backend(ServiceController):
def save(self, site): def save(self, site):
context = self.get_context(site) context = self.get_context(site)
if context['server_name']:
apache_conf = '# %(banner)s\n' % context apache_conf = '# %(banner)s\n' % context
if site.protocol in (site.HTTP, site.HTTP_AND_HTTPS): if site.protocol in (site.HTTP, site.HTTP_AND_HTTPS):
apache_conf += self.render_virtual_host(site, context, ssl=False) apache_conf += self.render_virtual_host(site, context, ssl=False)
@ -92,16 +94,49 @@ class Apache2Backend(ServiceController):
UPDATED=1 UPDATED=1
}""") % context }""") % context
) )
self.enable_or_disable(site) if context['server_name'] and site.active:
self.append(textwrap.dedent("""\
if [[ ! -f %(sites_enabled)s ]]; then
a2ensite %(site_unique_name)s.conf
UPDATED=1
fi""") % context
)
else:
self.append(textwrap.dedent("""\
if [[ -f %(sites_enabled)s ]]; then
a2dissite %(site_unique_name)s.conf;
UPDATED=1
fi""") % context
)
def delete(self, site): def delete(self, site):
context = self.get_context(site) context = self.get_context(site)
self.append("a2dissite %(site_unique_name)s.conf && UPDATED=1" % context) self.append("a2dissite %(site_unique_name)s.conf && UPDATED=1" % context)
self.append("rm -f %(sites_available)s" % context) self.append("rm -f %(sites_available)s" % context)
def prepare(self):
super(Apache2Backend, self).prepare()
# Coordinate apache restart with php backend in order not to overdo it
self.append('echo "Apache2Backend" >> /dev/shm/restart.apache2')
def commit(self): def commit(self):
""" reload Apache2 if necessary """ """ reload Apache2 if necessary """
self.append('if [[ $UPDATED == 1 ]]; then service apache2 reload; fi') self.append(textwrap.dedent("""\
locked=1
state="$(grep -v 'Apache2Backend' /dev/shm/restart.apache2)" || locked=0
echo -n "$state" > /dev/shm/restart.apache2
if [[ $UPDATED == 1 ]]; then
if [[ $locked == 0 ]]; then
service apache2 reload
else
echo "Apache2Backend RESTART" >> /dev/shm/restart.apache2
fi
elif [[ "$state" =~ .*RESTART$ ]]; then
rm /dev/shm/restart.apache2
service apache2 reload
fi""")
)
super(Apache2Backend, self).commit()
def get_directives(self, directive, context): def get_directives(self, directive, context):
method, args = directive[0], directive[1:] method, args = directive[0], directive[1:]
@ -122,9 +157,15 @@ class Apache2Backend(ServiceController):
def get_static_directives(self, context, app_path): def get_static_directives(self, context, app_path):
context['app_path'] = os.path.normpath(app_path % context) context['app_path'] = os.path.normpath(app_path % context)
location = "%(location)s/" % context directive = self.get_location_filesystem_map(context)
directive = "Alias %(location)s/ %(app_path)s/" % context return [
return [(location, directive)] (context['location'], directive),
]
def get_location_filesystem_map(self, context):
if not context['location']:
return 'DocumentRoot %(app_path)s' % context
return 'Alias %(location)s %(app_path)s' % context
def get_fpm_directives(self, context, socket, app_path): def get_fpm_directives(self, context, socket, app_path):
if ':' in socket: if ':' in socket:
@ -139,28 +180,28 @@ class Apache2Backend(ServiceController):
'app_path': os.path.normpath(app_path), 'app_path': os.path.normpath(app_path),
'socket': socket, 'socket': socket,
}) })
location = "%(location)s/" % context directives = "ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target}\n".format(target=target) % context
directives = textwrap.dedent("""\ directives += self.get_location_filesystem_map(context)
ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target} return [
Alias %(location)s/ %(app_path)s/""".format(target=target) % context (context['location'], directives),
) ]
return [(location, directives)]
def get_fcgid_directives(self, context, app_path, wrapper_path): def get_fcgid_directives(self, context, app_path, wrapper_path):
context.update({ context.update({
'app_path': os.path.normpath(app_path), 'app_path': os.path.normpath(app_path),
'wrapper_path': wrapper_path, 'wrapper_path': wrapper_path,
}) })
location = "%(location)s/" % context directives = self.get_location_filesystem_map(context)
directives = textwrap.dedent("""\ directives += textwrap.dedent("""
Alias %(location)s/ %(app_path)s/
ProxyPass %(location)s/ ! ProxyPass %(location)s/ !
<Directory %(app_path)s/> <Directory %(app_path)s/>
Options +ExecCGI Options +ExecCGI
AddHandler fcgid-script .php AddHandler fcgid-script .php
FcgidWrapper %(wrapper_path)s FcgidWrapper %(wrapper_path)s
</Directory>""") % context </Directory>""") % context
return [(location, directives)] return [
(context['location'], directives),
]
def get_ssl(self, directives): def get_ssl(self, directives):
cert = directives.get('ssl-cert') cert = directives.get('ssl-cert')
@ -177,7 +218,9 @@ class Apache2Backend(ServiceController):
config += "SSLCertificateKeyFile %s\n" % key[0] config += "SSLCertificateKeyFile %s\n" % key[0]
if ca: if ca:
config += "SSLCACertificateFile %s\n" % ca[0] config += "SSLCACertificateFile %s\n" % ca[0]
return [('', config)] return [
('', config),
]
def get_security(self, directives): def get_security(self, directives):
security = [] security = []
@ -201,20 +244,27 @@ class Apache2Backend(ServiceController):
redirect = "RedirectMatch %s %s" % (location, target) redirect = "RedirectMatch %s %s" % (location, target)
else: else:
redirect = "Redirect %s %s" % (location, target) redirect = "Redirect %s %s" % (location, target)
redirects.append((location, redirect)) redirects.append(
(location, redirect)
)
return redirects return redirects
def get_proxies(self, directives): def get_proxies(self, directives):
proxies = [] proxies = []
for proxy in directives.get('proxy', []): for proxy in directives.get('proxy', []):
location, target = proxy.split() proxy = proxy.split()
location = proxy[0]
target = proxy[1]
options = ' '.join(proxy[2:])
location = normurlpath(location) location = normurlpath(location)
proxy = textwrap.dedent("""\ proxy = textwrap.dedent("""\
ProxyPass {location}/ {target} ProxyPass {location}/ {target} {options}
ProxyPassReverse {location}/ {target}""".format( ProxyPassReverse {location}/ {target}""".format(
location=location, target=target) location=location, target=target, options=options)
)
proxies.append(
(location, proxy)
) )
proxies.append((location, proxy))
return proxies return proxies
def get_saas(self, directives): def get_saas(self, directives):
@ -229,23 +279,6 @@ class Apache2Backend(ServiceController):
saas += self.get_directives(directive, context) saas += self.get_directives(directive, context)
return saas return saas
def enable_or_disable(self, site):
context = self.get_context(site)
if site.is_active:
self.append(textwrap.dedent("""\
if [[ ! -f %(sites_enabled)s ]]; then
a2ensite %(site_unique_name)s.conf
UPDATED=1
fi""") % context
)
else:
self.append(textwrap.dedent("""\
if [[ -f %(sites_enabled)s ]]; then
a2dissite %(site_unique_name)s.conf;
UPDATED=1
fi""") % context
)
def get_username(self, site): def get_username(self, site):
option = site.get_directives().get('user_group') option = site.get_directives().get('user_group')
if option: if option:
@ -259,10 +292,21 @@ class Apache2Backend(ServiceController):
return group return group
return site.get_groupname() return site.get_groupname()
def get_server_names(self, site):
server_name = None
server_alias = []
for domain in site.domains.all():
if not server_name and not domain.name.startswith('*'):
server_name = domain.name
else:
server_alias.append(domain.name)
return server_name, server_alias
def get_context(self, site): def get_context(self, site):
base_apache_conf = settings.WEBSITES_BASE_APACHE_CONF base_apache_conf = settings.WEBSITES_BASE_APACHE_CONF
sites_available = os.path.join(base_apache_conf, 'sites-available') sites_available = os.path.join(base_apache_conf, 'sites-available')
sites_enabled = os.path.join(base_apache_conf, 'sites-enabled') sites_enabled = os.path.join(base_apache_conf, 'sites-enabled')
server_name, server_alias = self.get_server_names(site)
context = { context = {
'site': site, 'site': site,
'site_name': site.name, 'site_name': site.name,
@ -270,6 +314,8 @@ class Apache2Backend(ServiceController):
'site_unique_name': '0-'+site.unique_name, 'site_unique_name': '0-'+site.unique_name,
'user': self.get_username(site), 'user': self.get_username(site),
'group': self.get_groupname(site), 'group': self.get_groupname(site),
'server_name': server_name,
'server_alias': server_alias,
# TODO remove '0-' # TODO remove '0-'
'sites_enabled': "%s.conf" % os.path.join(sites_enabled, '0-'+site.unique_name), 'sites_enabled': "%s.conf" % os.path.join(sites_enabled, '0-'+site.unique_name),
'sites_available': "%s.conf" % os.path.join(sites_available, '0-'+site.unique_name), 'sites_available': "%s.conf" % os.path.join(sites_available, '0-'+site.unique_name),