2
0
mirror of https://github.com/frappe/bench.git synced 2025-01-09 00:21:23 +00:00

Merge branch 'playbooks-update' of github.com:gavindsouza/bench into playbooks-update

This commit is contained in:
Gavin D'souza 2019-12-18 10:51:27 +05:30
commit c88940d5fc
8 changed files with 65 additions and 31 deletions

View File

@ -1,11 +1,13 @@
import click
import sys, os
import sys
import os
from bench.config.common_site_config import get_config, update_config
from bench.app import pull_all_apps, is_version_upgrade, validate_branch
from bench.utils import (update_bench, validate_upgrade, pre_upgrade, post_upgrade, before_update,
update_requirements, update_node_packages, backup_all_sites, patch_sites, build_assets,
restart_supervisor_processes, restart_systemd_processes)
from bench import patches
from six.moves import reload_module
@click.command('update')
@ -88,13 +90,8 @@ def _update(pull=False, patch=False, build=False, update_bench=False, auto=False
pre_upgrade(version_upgrade[1], version_upgrade[2], bench_path=bench_path)
import bench.utils, bench.app
print('Reloading bench...')
if sys.version_info >= (3, 4):
import importlib
importlib.reload(bench.utils)
importlib.reload(bench.app)
else:
reload(bench.utils)
reload(bench.app)
reload_module(bench.utils)
reload_module(bench.app)
if patch:
print('Patching sites...')

View File

@ -81,7 +81,7 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True)
def setup_crontab():
job_command = 'sudo service nginx stop && /opt/certbot-auto renew && sudo service nginx start'
job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"'
system_crontab = CronTab(tabfile='/etc/crontab', user=True)
if job_command not in str(system_crontab):
job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month")
@ -148,9 +148,9 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
try:
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
email_param=email_param))
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
email_param=email_param))
except CommandFailedError:
print("There was a problem trying to setup SSL")
@ -161,7 +161,7 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
"wildcard": {
"domain": domain,
"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
}
}
@ -171,4 +171,4 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
make_nginx_conf(bench_path)
print("Restrting Nginx service")
service('nginx', 'restart')

View File

@ -1,5 +1,6 @@
import os, json, click, random, string, hashlib
from bench.utils import get_sites, get_bench_name, exec_cmd
from six import string_types
def make_nginx_conf(bench_path, yes=False):
from bench import env
@ -214,7 +215,7 @@ def get_sites_with_config(bench_path):
if dns_multitenant and site_config.get('domains'):
for domain in site_config.get('domains'):
# domain can be a string or a dict with 'domain', 'ssl_certificate', 'ssl_certificate_key'
if isinstance(domain, str) or isinstance(domain, unicode):
if isinstance(domain, string_types):
domain = { 'domain': domain }
domain['name'] = site
@ -227,7 +228,7 @@ def get_sites_with_config(bench_path):
def use_wildcard_certificate(bench_path, ret):
'''
stored in common_site_config.json as:
"wildcard": {
"wildcard": {
"domain": "*.erpnext.com",
"ssl_certificate": "/path/to/erpnext.com.cert",
"ssl_certificate_key": "/path/to/erpnext.com.key"

View File

@ -12,7 +12,12 @@ map {{ from_variable }} {{ to_variable }} {
{%- macro server_block(bench_name, port, server_names, site_name, sites_path, ssl_certificate, ssl_certificate_key) %}
server {
{% if ssl_certificate and ssl_certificate_key %}
listen {{ port }} ssl;
{% else %}
listen {{ port }};
{% endif %}
server_name
{% for name in server_names -%}
{{ name }}
@ -30,12 +35,20 @@ server {
ssl_certificate {{ ssl_certificate }};
ssl_certificate_key {{ ssl_certificate_key }};
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
{% endif %}
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location /assets {
try_files $uri =404;
@ -59,6 +72,10 @@ server {
location / {
rewrite ^(.+)/$ $1 permanent;
rewrite ^(.+)/index\.html$ $1 permanent;
rewrite ^(.+)\.html$ $1 permanent;
location ~ ^/files/.*.(htm|html|svg|xml) {
add_header Content-disposition "attachment";
try_files /{{ site_name }}/public/$uri @webserver;

View File

@ -503,6 +503,10 @@ def update_npm_packages(bench_path='.'):
def install_requirements(pip, req_file, user=False):
if os.path.exists(req_file):
# sys.real_prefix exists only in a virtualenv
if hasattr(sys, 'real_prefix'):
user = False
user_flag = "--user" if user else ""
exec_cmd("{pip} install {user_flag} -q -U -r {req_file}".format(pip=pip, user_flag=user_flag, req_file=req_file))
@ -723,12 +727,6 @@ def update_translations(app, lang):
print('downloaded for', app, lang)
def download_chart_of_accounts():
charts_dir = os.path.join('apps', "erpnext", "erpnext", 'accounts', 'chart_of_accounts', "submitted")
csv_file = os.path.join(translations_dir, lang + '.csv')
url = "https://translate.erpnext.com/files/{}-{}.csv".format(app, lang)
r = requests.get(url, stream=True)
r.raise_for_status()
def print_output(p):
while p.poll() is None:

View File

@ -142,7 +142,7 @@ def install_bench(args):
shutil.rmtree(tmp_bench_repo)
def check_distribution_compatibility():
supported_dists = {'ubuntu': [14, 15, 16, 18, 19], 'debian': [8, 9],
supported_dists = {'ubuntu': [14, 15, 16, 18, 19], 'debian': [8, 9, 10],
'centos': [7], 'macos': [10.9, 10.10, 10.11, 10.12]}
dist_name, dist_version = get_distribution_info()
@ -389,7 +389,7 @@ def parse_commandline_args():
# set passwords
parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password')
parser.add_argument('--mariadb-version', dest='mariadb_version', default='10.2', help='Specify mariadb version')
parser.add_argument('--mariadb-version', dest='mariadb_version', default='10.4', help='Specify mariadb version')
parser.add_argument('--admin-password', dest='admin_password', help='Set admin password')
parser.add_argument('--bench-name', dest='bench_name', help='Create bench with specified name. Default name is frappe-bench')

View File

@ -13,7 +13,7 @@
state: present
when: ansible_distribution_version is version_compare('8', 'lt')
- name: install pillow prerequisites for Debian >= 8
- name: install pillow prerequisites for Debian 8
apt:
pkg:
- libjpeg62-turbo-dev
@ -21,7 +21,28 @@
- tcl8.5-dev
- tk8.5-dev
state: present
when: ansible_distribution_version is version_compare('8', 'ge')
when: ansible_distribution_version is version_compare('8', 'eq')
- name: install pillow prerequisites for Debian 9
apt:
pkg:
- libjpeg62-turbo-dev
- libtiff5-dev
- tcl8.5-dev
- tk8.5-dev
state: present
when: ansible_distribution_version is version_compare('9', 'eq')
- name: install pillow prerequisites for Debian >= 10
apt:
pkg:
- libjpeg62-turbo-dev
- libtiff5-dev
- tcl8.6-dev
- tk8.6-dev
state: present
when: ansible_distribution_version is version_compare('10', 'ge')
- name: install pdf prerequisites debian
apt:
@ -30,4 +51,4 @@
state: present
force: yes
...
...

View File

@ -9,4 +9,4 @@
package:
name: nodejs
state: present
...
...