X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/f9d53e7e6edee2ead816ddc414da38c62f55ab23..abdeb8abcc779ec996fd57f0fa4978dce4565a8f:/cookbooks/civicrm/recipes/default.rb diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb index 3cd6bbf61..0a7ae17b8 100644 --- a/cookbooks/civicrm/recipes/default.rb +++ b/cookbooks/civicrm/recipes/default.rb @@ -21,17 +21,23 @@ include_recipe "wordpress" include_recipe "mysql" package %w[ + php-xml + php-curl rsync - unzip wkhtmltopdf + php-bcmath + php-intl ] cache_dir = Chef::Config[:file_cache_path] passwords = data_bag_item("civicrm", "passwords") +wp2fa_encrypt_keys = data_bag_item("civicrm", "wp2fa_encrypt_keys") database_password = passwords["database"] -site_key = passwords["key"] +site_key = passwords["site_key"] +cred_keys = passwords["cred_keys"] +sign_keys = passwords["sign_keys"] mysql_user "civicrm@localhost" do password database_password @@ -41,34 +47,46 @@ mysql_database "civicrm" do permissions "civicrm@localhost" => :all end -wordpress_site "join.osmfoundation.org" do - aliases "crm.osmfoundation.org" +ssl_certificate "join.osmfoundation.org" do + domains [ "join.osmfoundation.org", "crm.osmfoundation.org", + "supporting.osmfoundation.org", "support.osmfoundation.org", + "support.openstreetmap.org", "supporting.osm.org", + "support.osm.org"] + notifies :reload, "service[apache2]" +end + +apache_site "join.osmfoundation.org" do + template "apache.erb" +end + +wordpress_site "supporting.openstreetmap.org" do + # Do not add aliases as this causes issues with civicrm PHP sessions database_name "civicrm" database_user "civicrm" database_password database_password + wp2fa_encrypt_key wp2fa_encrypt_keys["key"] + fpm_prometheus_port 11301 end wordpress_theme "osmblog-wp-theme" do - site "join.osmfoundation.org" - repository "https://github.com/harry-wood/osmblog-wp-theme.git" + site "supporting.openstreetmap.org" + repository "https://github.com/osmfoundation/osmblog-wp-theme.git" end wordpress_plugin "registration-honeypot" do - site "join.osmfoundation.org" + site "supporting.openstreetmap.org" end -wordpress_plugin "sitepress-multilingual-cms" do - site "join.osmfoundation.org" - repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git" - not_if { ENV["TEST_KITCHEN"] } +wordpress_plugin "contact-form-7" do + site "supporting.openstreetmap.org" end -wordpress_plugin "contact-form-7" do - site "join.osmfoundation.org" +wordpress_plugin "civicrm-admin-utilities" do + site "supporting.openstreetmap.org" end civicrm_version = node[:civicrm][:version] -civicrm_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm" +civicrm_directory = "/srv/supporting.openstreetmap.org/wp-content/plugins/civicrm" directory "/opt/civicrm-#{civicrm_version}" do owner "wordpress" @@ -94,22 +112,22 @@ remote_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do backup false end -execute "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do +archive_file "#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" do action :nothing - command "unzip -o -qq #{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip" - cwd "/opt/civicrm-#{civicrm_version}" - user "wordpress" + destination "/opt/civicrm-#{civicrm_version}" + overwrite true + owner "wordpress" group "wordpress" - subscribes :run, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately + subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately end -execute "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do +archive_file "#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" do action :nothing - command "tar -zxf #{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz" - cwd "/opt/civicrm-#{civicrm_version}/civicrm" - user "wordpress" + destination "/opt/civicrm-#{civicrm_version}/civicrm" + overwrite true + owner "wordpress" group "wordpress" - subscribes :run, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately + subscribes :extract, "remote_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately end execute "/opt/civicrm-#{civicrm_version}/civicrm" do @@ -117,17 +135,17 @@ execute "/opt/civicrm-#{civicrm_version}/civicrm" do command "rsync --archive --delete /opt/civicrm-#{civicrm_version}/civicrm/ #{civicrm_directory}" user "wordpress" group "wordpress" - subscribes :run, "execute[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately - subscribes :run, "execute[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately + subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-wordpress.zip]", :immediately + subscribes :run, "archive_file[#{cache_dir}/civicrm-#{civicrm_version}-l10n.tar.gz]", :immediately end -directory "/srv/join.osmfoundation.org/wp-content/uploads" do +directory "/srv/supporting.openstreetmap.org/wp-content/uploads" do owner "www-data" group "www-data" mode "755" end -extensions_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm-extensions" +extensions_directory = "/srv/supporting.openstreetmap.org/wp-content/plugins/civicrm-extensions" directory extensions_directory do owner "wordpress" @@ -140,7 +158,6 @@ node[:civicrm][:extensions].each_value do |details| action :sync repository details[:repository] revision details[:revision] - depth 1 user "wordpress" group "wordpress" end @@ -157,10 +174,12 @@ settings = edit_file "#{civicrm_directory}/civicrm/templates/CRM/common/civicrm. line.gsub!(/%%dbHost%%/, "localhost") line.gsub!(/%%dbName%%/, "civicrm") line.gsub!(/%%crmRoot%%/, "#{civicrm_directory}/civicrm/") - line.gsub!(/%%templateCompileDir%%/, "/srv/join.osmfoundation.org/wp-content/uploads/civicrm/templates_c/") - line.gsub!(/%%baseURL%%/, "http://join.osmfoundation.org/") + line.gsub!(/%%templateCompileDir%%/, "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm/templates_c/") + line.gsub!(/%%baseURL%%/, "http://supporting.openstreetmap.org/") line.gsub!(/%%siteKey%%/, site_key) - line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/join.osmfoundation.org');") + line.gsub!(/%%credKeys%%/, cred_keys) + line.gsub!(/%%signKeys%%/, sign_keys) + line.gsub!(%r{// *define\('CIVICRM_CMSDIR', '/path/to/install/root/'\);}, "define('CIVICRM_CMSDIR', '/srv/supporting.openstreetmap.org');") line end @@ -172,11 +191,24 @@ file "#{civicrm_directory}/civicrm.settings.php" do content settings end -cron_d "osmf-crm" do - minute "*/15" +systemd_service "osmf-crm-jobs" do + description "Run CRM jobs" + exec_start "/usr/bin/php #{civicrm_directory}/civicrm/bin/cli.php -s supporting.openstreetmap.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute" user "www-data" - command "php #{civicrm_directory}/civicrm/bin/cli.php -s join.osmfoundation.org -u batch -p \"#{passwords['batch']}\" -e Job -a execute 2>&1 | egrep -v '^PHP (Deprecated|Warning):'" - mailto "admins@openstreetmap.org" + sandbox :enable_network => true + memory_deny_write_execute false + restrict_address_families "AF_UNIX" + read_write_paths "/srv/supporting.openstreetmap.org/wp-content/uploads/civicrm" +end + +systemd_timer "osmf-crm-jobs" do + description "Run CRM jobs" + on_boot_sec "15m" + on_unit_inactive_sec "15m" +end + +service "osmf-crm-jobs.timer" do + action [:enable, :start] end template "/etc/cron.daily/osmf-crm-backup" do