]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/civicrm/recipes/default.rb
Make nftables block various invalid TCP flag combinations
[chef.git] / cookbooks / civicrm / recipes / default.rb
index 116f5c8bebea1f5e37c3276ea3db3c6e8543c324..89ba93a42b060cbb75fbb19d5e559d1227c94c0b 100644 (file)
@@ -1,14 +1,14 @@
 #
-# Cookbook Name:: civicrm
+# Cookbook:: civicrm
 # Recipe:: default
 #
-# Copyright 2011, OpenStreetMap Foundation
+# Copyright:: 2011, OpenStreetMap Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # limitations under the License.
 #
 
-include_recipe "drupal"
+include_recipe "wordpress"
 include_recipe "mysql"
 
+package %w[
+  php-xml
+  php-curl
+  rsync
+  wkhtmltopdf
+  php-bcmath
+  php-intl
+]
+
+cache_dir = Chef::Config[:file_cache_path]
+
 passwords = data_bag_item("civicrm", "passwords")
 
 database_password = passwords["database"]
-admin_password = passwords["admin"]
-site_key = passwords["key"]
+site_key = passwords["site_key"]
+cred_keys = passwords["cred_keys"]
+sign_keys = passwords["sign_keys"]
 
 mysql_user "civicrm@localhost" do
   password database_password
@@ -34,133 +46,161 @@ mysql_database "civicrm" do
   permissions "civicrm@localhost" => :all
 end
 
-drupal_site "crm.osmfoundation.org" do
-  title "CiviCRM"
+wordpress_site "join.osmfoundation.org" do
+  aliases "crm.osmfoundation.org"
   database_name "civicrm"
-  database_username "civicrm"
+  database_user "civicrm"
   database_password database_password
-  admin_password admin_password
+  fpm_prometheus_port 11301
 end
 
-directory "/usr/local/share/civicrm" do
-  owner "root"
-  group "root"
-  mode "0755"
+wordpress_theme "osmblog-wp-theme" do
+  site "join.osmfoundation.org"
+  repository "https://github.com/osmfoundation/osmblog-wp-theme.git"
 end
 
-civicrm_version = node[:civicrm][:version]
-civicrm_directory = "/usr/local/share/civicrm/#{civicrm_version}"
+wordpress_plugin "registration-honeypot" do
+  site "join.osmfoundation.org"
+end
 
-subversion civicrm_directory do
-  action :export
-  repository "http://svn.civicrm.org/civicrm/tags/tarballs/#{node[:civicrm][:version]}"
-  user "root"
-  group "root"
+wordpress_plugin "contact-form-7" do
+  site "join.osmfoundation.org"
 end
 
-link "/usr/share/drupal7/sites/all/modules/civicrm" do
-  to "/usr/local/share/civicrm/#{node[:civicrm][:version]}"
+wordpress_plugin "civicrm-admin-utilities" do
+  site "join.osmfoundation.org"
 end
 
-directory "/data/crm.osmfoundation.org/civicrm" do
-  owner "www-data"
-  group "www-data"
-  mode "0775"
-end
-
-ruby_block "#{civicrm_directory}/civicrm.settings.php" do
-  block do
-    out = File.new("#{civicrm_directory}/civicrm.settings.php", "w")
-
-    File.foreach("#{civicrm_directory}/templates/CRM/common/civicrm.settings.php.tpl") do |line|
-      line.gsub!(/%%cms%%/, "Drupal")
-      line.gsub!(/%%CMSdbUser%%/, "civicrm")
-      line.gsub!(/%%CMSdbPass%%/, database_password)
-      line.gsub!(/%%CMSdbHost%%/, "localhost")
-      line.gsub!(/%%CMSdbName%%/, "civicrm")
-      line.gsub!(/%%dbUser%%/, "civicrm")
-      line.gsub!(/%%dbPass%%/, database_password)
-      line.gsub!(/%%dbHost%%/, "localhost")
-      line.gsub!(/%%dbName%%/, "civicrm")
-      line.gsub!(/%%crmRoot%%/, "/usr/share/drupal7/sites/all/modules/civicrm")
-      line.gsub!(/%%templateCompileDir%%/, "/data/crm.osmfoundation.org/civicrm")
-      line.gsub!(/%%baseURL%%/, "http://crm.osmfoundation.org/")
-      line.gsub!(/%%siteKey%%/, site_key)
-
-      out.print(line)
-    end
-
-    out.close
-  end
+civicrm_version = node[:civicrm][:version]
+civicrm_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm"
 
-  not_if do
-    File.exist?("#{civicrm_directory}/civicrm.settings.php") and
-    File.mtime("#{civicrm_directory}/civicrm.settings.php") >= File.mtime("#{civicrm_directory}/templates/CRM/common/civicrm.settings.php.tpl")
-  end
+directory "/opt/civicrm-#{civicrm_version}" do
+  owner "wordpress"
+  group "wordpress"
+  mode "755"
 end
 
-link "/etc/drupal/7/sites/crm.osmfoundation.org/civicrm.settings.php" do
-  to "#{civicrm_directory}/civicrm.settings.php"
+remote_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
+  action :create_if_missing
+  source "https://download.civicrm.org/civicrm-#{civicrm_version}-wordpress.zip"
+  owner "wordpress"
+  group "wordpress"
+  mode "644"
+  backup false
 end
 
-template "#{civicrm_directory}/settings_location.php" do
-  source "settings_location.php.erb"
-  owner "root"
-  group "root"
-  mode "0644"
+remote_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
+  action :create_if_missing
+  source "https://download.civicrm.org/civicrm-#{civicrm_version}-l10n.tar.gz"
+  owner "wordpress"
+  group "wordpress"
+  mode "644"
+  backup false
 end
 
-execute "civicrm-load-acl" do
+archive_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do
   action :nothing
-  command "mysql --user=civicrm --password=#{database_password} civicrm < sql/civicrm_acl.mysql"
-  cwd "/usr/share/drupal7/sites/all/modules/civicrm"
-  user "root"
-  group "root"
+  destination "/opt/civicrm-#{civicrm_version}"
+  overwrite true
+  owner "wordpress"
+  group "wordpress"
+  subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
 end
 
-execute "civicrm-load-data" do
+archive_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do
   action :nothing
-  command "mysql --user=civicrm --password=#{database_password} civicrm < sql/civicrm_data.mysql"
-  cwd "/usr/share/drupal7/sites/all/modules/civicrm"
-  user "root"
-  group "root"
-  notifies :run, resources(:execute => "civicrm-load-acl")
+  destination "/opt/civicrm-#{civicrm_version}/civicrm"
+  overwrite true
+  owner "wordpress"
+  group "wordpress"
+  subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
 end
 
-execute "civicrm-load" do
+execute "/opt/civicrm-#{civicrm_version}/civicrm" do
   action :nothing
-  command "mysql --user=civicrm --password=#{database_password} civicrm < sql/civicrm.mysql"
-  cwd "/usr/share/drupal7/sites/all/modules/civicrm"
-  user "root"
-  group "root"
-  notifies :run, resources(:execute => "civicrm-load-data")
+  command "rsync --archive --delete /opt/civicrm-#{civicrm_version}/civicrm/ #{civicrm_directory}"
+  user "wordpress"
+  group "wordpress"
+  subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately
+  subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately
 end
 
-execute "civicrm-gencode" do
-  command "php GenCode.php"
-  cwd "#{civicrm_directory}/xml"
-  user "root"
-  group "root"
-  creates "#{civicrm_directory}/civicrm-version.php"
-  notifies :run, resources(:execute => "civicrm-load")
-end
-
-directory "/data/crm.osmfoundation.org/civicrm/en_US" do
+directory "/srv/join.osmfoundation.org/wp-content/uploads" do
   owner "www-data"
   group "www-data"
-  mode "0775"
+  mode "755"
 end
 
-directory "/data/crm.osmfoundation.org/civicrm/en_US/ConfigAndLog" do
-  owner "www-data"
-  group "www-data"
-  mode "0775"
+extensions_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm-extensions"
+
+directory extensions_directory do
+  owner "wordpress"
+  group "wordpress"
+  mode "755"
+end
+
+node[:civicrm][:extensions].each_value do |details|
+  git "#{extensions_directory}/#{details[:name]}" do
+    action :sync
+    repository details[:repository]
+    revision details[:revision]
+    user "wordpress"
+    group "wordpress"
+  end
+end
+
+settings = edit_file "#{civicrm_directory}/civicrm/templates/CRM/common/civicrm.settings.php.template" do |line|
+  line.gsub!(/%%cms%%/, "WordPress")
+  line.gsub!(/%%CMSdbUser%%/, "civicrm")
+  line.gsub!(/%%CMSdbPass%%/, database_password)
+  line.gsub!(/%%CMSdbHost%%/, "localhost")
+  line.gsub!(/%%CMSdbName%%/, "civicrm")
+  line.gsub!(/%%dbUser%%/, "civicrm")
+  line.gsub!(/%%dbPass%%/, database_password)
+  line.gsub!(/%%dbHost%%/, "localhost")
+  line.gsub!(/%%dbName%%/, "civicrm")
+  line.gsub!(/%%crmRoot%%/, "#{civicrm_directory}/civicrm/")
+  line.gsub!(/%%templateCompileDir%%/, "/srv/join.osmfoundation.org/wp-content/uploads/civicrm/templates_c/")
+  line.gsub!(/%%baseURL%%/, "http://join.osmfoundation.org/")
+  line.gsub!(/%%siteKey%%/, site_key)
+  line.gsub!(/%%credKeys%%/, cred_keys)
+  line.gsub!(/%%signKeys%%/, sign_keys)
+  line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/join.osmfoundation.org');")
+
+  line
+end
+
+file "#{civicrm_directory}/civicrm.settings.php" do
+  owner "wordpress"
+  group "wordpress"
+  mode "644"
+  content settings
+end
+
+systemd_service "osmf-crm-jobs" do
+  description "Run CRM jobs"
+  exec_start "/usr/bin/php #{civicrm_directory}/civicrm/bin/cli.php -s join.osmfoundation.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute"
+  user "www-data"
+  sandbox :enable_network => true
+  memory_deny_write_execute false
+  restrict_address_families "AF_UNIX"
+  read_write_paths "/srv/join.osmfoundation.org/wp-content/uploads/civicrm"
+end
+
+systemd_timer "osmf-crm-jobs" do
+  description "Run CRM jobs"
+  on_boot_sec "15m"
+  on_unit_inactive_sec "15m"
+end
+
+service "osmf-crm-jobs.timer" do
+  action [:enable, :start]
 end
 
 template "/etc/cron.daily/osmf-crm-backup" do
   source "backup.cron.erb"
   owner "root"
   group "root"
-  mode 0750
-  variable :passwords => passwords
+  mode "750"
+  variables :passwords => passwords
 end