Fixes on webapps

This commit is contained in:
Marc Aymerich 2015-04-10 15:03:38 +00:00
parent a04f5cc5da
commit 79ae1a79b0
7 changed files with 167 additions and 98 deletions

View File

@ -283,6 +283,9 @@ https://code.djangoproject.com/ticket/24576
* MultiCHoiceField proper serialization
# Apache restart fails: detect if appache running, and execute start
# PHP backend is retarded does not detect well the version
# Change crons, create cron for deleted webapps and users
* UNIFY PHP FPM settings name
# virtualhost name name-account?
# php version update should trigger webiste upgrade (wrapper name/fpm config for apache), public root and other config also needs apache to execute
* add a delay to changes on the webserver apache to no overwelm it with backend executions?
# Delete webapps deletes wrapper that may be used for other sites, maybe merging webapps is a bad idea after all?

View File

@ -76,27 +76,44 @@ class PHPBackend(WebAppServiceMixin, ServiceController):
self.delete_webapp_dir(context)
def delete_fpm(self, webapp, context):
# Better not delete a pool used by other apps
if not self.MERGE:
self.append("rm -f %(fpm_path)s" % context)
def delete_fcgid(self, webapp, context):
# Better not delete a wrapper used by other apps
if not self.MERGE:
self.append("rm -f %(wrapper_path)s" % context)
self.append("rm -f %(cmd_options_path)s" % context)
def prepare(self):
super(PHPBackend, self).prepare()
# Coordinate apache restart with php backend in order not to overdo it
self.append('echo "PHPBackend" >> /dev/shm/restart.apache2')
def commit(self):
if self.content:
self.append(textwrap.dedent("""
if [[ $UPDATEDFPM == 1 ]]; then
service php5-fpm reload
service php5-fpm start
fi
""")
)
self.append(textwrap.dedent("""\
# Coordinate apache restart with apache backend
locked=1
state="$(grep -v 'PHPBackend' /dev/shm/restart.apache2)" || locked=0
echo -n "$state" > /dev/shm/restart.apache2
if [[ $UPDATED_APACHE == 1 ]]; then
if [[ $locked == 0 ]]; then
service apache2 reload
else
echo "PHPBackend RESTART" >> /dev/shm/restart.apache2
fi
elif [[ "$state" =~ .*RESTART$ ]]; then
rm /dev/shm/restart.apache2
service apache2 reload
fi
""")
)
super(PHPBackend, self).commit()
def get_fpm_config(self, webapp, context):
merge = settings.WEBAPPS_MERGE_PHP_WEBAPPS

View File

@ -1,4 +1,5 @@
import os
from collections import OrderedDict
from django.db import models
from django.db.models.signals import pre_save, pre_delete
@ -56,9 +57,7 @@ class WebApp(models.Model):
@cached
def get_options(self):
return {
opt.name: opt.value for opt in self.options.all()
}
return OrderedDict((opt.name, opt.value) for opt in self.options.all())
def get_directive(self):
return self.type_instance.get_directive()

View File

@ -56,7 +56,7 @@ class PHPAppOption(AppOption):
super(PHPAppOption, self).validate()
if self.deprecated:
php_version = self.instance.webapp.type_instance.get_php_version_number()
if php_version and php_version > self.deprecated:
if php_version and self.deprecated and float(php_version) > self.deprecated:
raise ValidationError(
_("This option is deprecated since PHP version %s.") % str(self.deprecated)
)
@ -76,7 +76,8 @@ class Timeout(AppOption):
# FPM pm.request_terminate_timeout
# PHP max_execution_time ini
verbose_name = _("Process timeout")
help_text = _("Maximum time in seconds allowed for a request to complete (a number between 0 and 999).")
help_text = _("Maximum time in seconds allowed for a request to complete (a number between 0 and 999).<br>"
"Also sets <tt>max_request_time</tt> when php-cgi is used.")
regex = r'^[0-9]{1,3}$'
group = AppOption.PROCESS
@ -94,7 +95,7 @@ class Processes(AppOption):
class PHPEnabledFunctions(PHPAppOption):
name = 'enabled_functions'
verbose_name = _("Enabled functions")
help_text = ' '.join(settings.WEBAPPS_PHP_DISABLED_FUNCTIONS)
help_text = ','.join(settings.WEBAPPS_PHP_DISABLED_FUNCTIONS)
regex = r'^[\w\.,-]+$'
@ -235,21 +236,21 @@ class PHPPostMaxSize(PHPAppOption):
class PHPSendmailPath(PHPAppOption):
name = 'sendmail_path'
verbose_name = _("sendmail_path")
verbose_name = _("Sendmail path")
help_text = _("Where the sendmail program can be found.")
regex = r'^[^ ]+$'
class PHPSessionBugCompatWarn(PHPAppOption):
name = 'session.bug_compat_warn'
verbose_name = _("session.bug_compat_warn")
verbose_name = _("Session bug compat warning")
help_text = _("Enables an PHP bug on session initialization for legacy behaviour (On or Off).")
regex = r'^(On|Off|on|off)$'
class PHPSessionAutoStart(PHPAppOption):
name = 'session.auto_start'
verbose_name = _("session.auto_start")
verbose_name = _("Session auto start")
help_text = _("Specifies whether the session module starts a session automatically on request "
"startup (On or Off).")
regex = r'^(On|Off|on|off)$'
@ -287,7 +288,7 @@ class PHPSuhosinRequestMaxVars(PHPAppOption):
class PHPSuhosinSessionEncrypt(PHPAppOption):
name = 'suhosin.session.encrypt'
verbose_name = _("suhosin.session.encrypt")
verbose_name = _("Suhosin session encrypt")
help_text = _("On or Off")
regex = r'^(On|Off|on|off)$'
@ -301,13 +302,13 @@ class PHPSuhosinSimulation(PHPAppOption):
class PHPSuhosinExecutorIncludeWhitelist(PHPAppOption):
name = 'suhosin.executor.include.whitelist'
verbose_name = _("suhosin.executor.include.whitelist")
verbose_name = _("Suhosin executor include whitelist")
regex = r'.*$'
class PHPUploadMaxFileSize(PHPAppOption):
name = 'upload_max_filesize'
verbose_name = _("upload_max_filesize")
verbose_name = _("Upload max filezise")
help_text = _("Value between 0M and 999M.")
regex = r'^[0-9]{1,3}M$'

View File

@ -110,6 +110,7 @@ WEBAPPS_UNDER_CONSTRUCTION_PATH = getattr(settings, 'WEBAPPS_UNDER_CONSTRUCTION_
# WEBAPPS_TYPES[webapp_type] = value
WEBAPPS_PHP_DISABLED_FUNCTIONS = getattr(settings, 'WEBAPPS_PHP_DISABLED_FUNCTION', [
'exec',
'passthru',

View File

@ -1,5 +1,6 @@
import os
import re
from collections import OrderedDict
from django import forms
from django.utils.translation import ugettext_lazy as _
@ -60,16 +61,16 @@ class PHPApp(AppType):
@cached
def get_php_options(self):
php_version = self.get_php_version_number()
php_version = float(self.get_php_version_number())
php_options = AppOption.get_option_groups()[AppOption.PHP]
return [op for op in php_options if getattr(self, 'deprecated', 999) > php_version]
return [op for op in php_options if (op.deprecated or 999) > php_version]
def get_php_init_vars(self, merge=False):
"""
process php options for inclusion on php.ini
per_account=True merges all (account, webapp.type) options
"""
init_vars = {}
init_vars = OrderedDict()
options = self.instance.options.all()
if merge:
# Get options from the same account and php_version webapps
@ -108,6 +109,7 @@ class PHPApp(AppType):
context = super(PHPApp, self).get_directive_context()
context.update({
'php_version': self.get_php_version(),
'php_version_number': self.get_php_version_number(),
})
return context
@ -134,4 +136,4 @@ class PHPApp(AppType):
raise ValueError("No version number matches for '%s'" % php_version)
if len(number) > 1:
raise ValueError("Multiple version number matches for '%s'" % php_version)
return float(number[0])
return number[0]

View File

@ -19,6 +19,7 @@ class Apache2Backend(ServiceController):
model = 'websites.Website'
related_models = (
('websites.Content', 'website'),
('webapps.WebApp', 'website_set'),
)
verbose_name = _("Apache 2")
@ -41,9 +42,9 @@ class Apache2Backend(ServiceController):
return Template(textwrap.dedent("""\
<VirtualHost {{ ip }}:{{ port }}>
IncludeOptional /etc/apache2/site[s]-override/{{ site_unique_name }}.con[f]
ServerName {{ site.domains.all|first }}\
{% if site.domains.all|slice:"1:" %}
ServerAlias {{ site.domains.all|slice:"1:"|join:' ' }}{% endif %}\
ServerName {{ server_name }}\
{% if server_alias %}
ServerAlias {{ server_alias|join:' ' }}{% endif %}\
{% if access_log %}
CustomLog {{ access_log }} common{% endif %}\
{% if error_log %}
@ -59,9 +60,9 @@ class Apache2Backend(ServiceController):
context['port'] = self.HTTP_PORT
return Template(textwrap.dedent("""
<VirtualHost {{ ip }}:{{ port }}>
ServerName {{ site.domains.all|first }}\
{% if site.domains.all|slice:"1:" %}
ServerAlias {{ site.domains.all|slice:"1:"|join:' ' }}{% endif %}\
ServerName {{ server_name }}\
{% if server_alias %}
ServerAlias {{ server_alias|join:' ' }}{% endif %}\
{% if access_log %}
CustomLog {{ access_log }} common{% endif %}\
{% if error_log %}
@ -75,6 +76,7 @@ class Apache2Backend(ServiceController):
def save(self, site):
context = self.get_context(site)
if context['server_name']:
apache_conf = '# %(banner)s\n' % context
if site.protocol in (site.HTTP, site.HTTP_AND_HTTPS):
apache_conf += self.render_virtual_host(site, context, ssl=False)
@ -92,16 +94,49 @@ class Apache2Backend(ServiceController):
UPDATED=1
}""") % context
)
self.enable_or_disable(site)
if context['server_name'] and site.active:
self.append(textwrap.dedent("""\
if [[ ! -f %(sites_enabled)s ]]; then
a2ensite %(site_unique_name)s.conf
UPDATED=1
fi""") % context
)
else:
self.append(textwrap.dedent("""\
if [[ -f %(sites_enabled)s ]]; then
a2dissite %(site_unique_name)s.conf;
UPDATED=1
fi""") % context
)
def delete(self, site):
context = self.get_context(site)
self.append("a2dissite %(site_unique_name)s.conf && UPDATED=1" % context)
self.append("rm -f %(sites_available)s" % context)
def prepare(self):
super(Apache2Backend, self).prepare()
# Coordinate apache restart with php backend in order not to overdo it
self.append('echo "Apache2Backend" >> /dev/shm/restart.apache2')
def commit(self):
""" reload Apache2 if necessary """
self.append('if [[ $UPDATED == 1 ]]; then service apache2 reload; fi')
self.append(textwrap.dedent("""\
locked=1
state="$(grep -v 'Apache2Backend' /dev/shm/restart.apache2)" || locked=0
echo -n "$state" > /dev/shm/restart.apache2
if [[ $UPDATED == 1 ]]; then
if [[ $locked == 0 ]]; then
service apache2 reload
else
echo "Apache2Backend RESTART" >> /dev/shm/restart.apache2
fi
elif [[ "$state" =~ .*RESTART$ ]]; then
rm /dev/shm/restart.apache2
service apache2 reload
fi""")
)
super(Apache2Backend, self).commit()
def get_directives(self, directive, context):
method, args = directive[0], directive[1:]
@ -122,9 +157,15 @@ class Apache2Backend(ServiceController):
def get_static_directives(self, context, app_path):
context['app_path'] = os.path.normpath(app_path % context)
location = "%(location)s/" % context
directive = "Alias %(location)s/ %(app_path)s/" % context
return [(location, directive)]
directive = self.get_location_filesystem_map(context)
return [
(context['location'], directive),
]
def get_location_filesystem_map(self, context):
if not context['location']:
return 'DocumentRoot %(app_path)s' % context
return 'Alias %(location)s %(app_path)s' % context
def get_fpm_directives(self, context, socket, app_path):
if ':' in socket:
@ -139,28 +180,28 @@ class Apache2Backend(ServiceController):
'app_path': os.path.normpath(app_path),
'socket': socket,
})
location = "%(location)s/" % context
directives = textwrap.dedent("""\
ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target}
Alias %(location)s/ %(app_path)s/""".format(target=target) % context
)
return [(location, directives)]
directives = "ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target}\n".format(target=target) % context
directives += self.get_location_filesystem_map(context)
return [
(context['location'], directives),
]
def get_fcgid_directives(self, context, app_path, wrapper_path):
context.update({
'app_path': os.path.normpath(app_path),
'wrapper_path': wrapper_path,
})
location = "%(location)s/" % context
directives = textwrap.dedent("""\
Alias %(location)s/ %(app_path)s/
directives = self.get_location_filesystem_map(context)
directives += textwrap.dedent("""
ProxyPass %(location)s/ !
<Directory %(app_path)s/>
Options +ExecCGI
AddHandler fcgid-script .php
FcgidWrapper %(wrapper_path)s
</Directory>""") % context
return [(location, directives)]
return [
(context['location'], directives),
]
def get_ssl(self, directives):
cert = directives.get('ssl-cert')
@ -177,7 +218,9 @@ class Apache2Backend(ServiceController):
config += "SSLCertificateKeyFile %s\n" % key[0]
if ca:
config += "SSLCACertificateFile %s\n" % ca[0]
return [('', config)]
return [
('', config),
]
def get_security(self, directives):
security = []
@ -201,20 +244,27 @@ class Apache2Backend(ServiceController):
redirect = "RedirectMatch %s %s" % (location, target)
else:
redirect = "Redirect %s %s" % (location, target)
redirects.append((location, redirect))
redirects.append(
(location, redirect)
)
return redirects
def get_proxies(self, directives):
proxies = []
for proxy in directives.get('proxy', []):
location, target = proxy.split()
proxy = proxy.split()
location = proxy[0]
target = proxy[1]
options = ' '.join(proxy[2:])
location = normurlpath(location)
proxy = textwrap.dedent("""\
ProxyPass {location}/ {target}
ProxyPass {location}/ {target} {options}
ProxyPassReverse {location}/ {target}""".format(
location=location, target=target)
location=location, target=target, options=options)
)
proxies.append(
(location, proxy)
)
proxies.append((location, proxy))
return proxies
def get_saas(self, directives):
@ -229,23 +279,6 @@ class Apache2Backend(ServiceController):
saas += self.get_directives(directive, context)
return saas
def enable_or_disable(self, site):
context = self.get_context(site)
if site.is_active:
self.append(textwrap.dedent("""\
if [[ ! -f %(sites_enabled)s ]]; then
a2ensite %(site_unique_name)s.conf
UPDATED=1
fi""") % context
)
else:
self.append(textwrap.dedent("""\
if [[ -f %(sites_enabled)s ]]; then
a2dissite %(site_unique_name)s.conf;
UPDATED=1
fi""") % context
)
def get_username(self, site):
option = site.get_directives().get('user_group')
if option:
@ -259,10 +292,21 @@ class Apache2Backend(ServiceController):
return group
return site.get_groupname()
def get_server_names(self, site):
server_name = None
server_alias = []
for domain in site.domains.all():
if not server_name and not domain.name.startswith('*'):
server_name = domain.name
else:
server_alias.append(domain.name)
return server_name, server_alias
def get_context(self, site):
base_apache_conf = settings.WEBSITES_BASE_APACHE_CONF
sites_available = os.path.join(base_apache_conf, 'sites-available')
sites_enabled = os.path.join(base_apache_conf, 'sites-enabled')
server_name, server_alias = self.get_server_names(site)
context = {
'site': site,
'site_name': site.name,
@ -270,6 +314,8 @@ class Apache2Backend(ServiceController):
'site_unique_name': '0-'+site.unique_name,
'user': self.get_username(site),
'group': self.get_groupname(site),
'server_name': server_name,
'server_alias': server_alias,
# TODO remove '0-'
'sites_enabled': "%s.conf" % os.path.join(sites_enabled, '0-'+site.unique_name),
'sites_available': "%s.conf" % os.path.join(sites_available, '0-'+site.unique_name),