mirror of
https://github.com/frappe/bench.git
synced 2025-01-09 08:30:39 +00:00
Merge branch 'playbooks-update' of github.com:gavindsouza/bench into playbooks-update
This commit is contained in:
commit
c88940d5fc
@ -1,11 +1,13 @@
|
|||||||
import click
|
import click
|
||||||
import sys, os
|
import sys
|
||||||
|
import os
|
||||||
from bench.config.common_site_config import get_config, update_config
|
from bench.config.common_site_config import get_config, update_config
|
||||||
from bench.app import pull_all_apps, is_version_upgrade, validate_branch
|
from bench.app import pull_all_apps, is_version_upgrade, validate_branch
|
||||||
from bench.utils import (update_bench, validate_upgrade, pre_upgrade, post_upgrade, before_update,
|
from bench.utils import (update_bench, validate_upgrade, pre_upgrade, post_upgrade, before_update,
|
||||||
update_requirements, update_node_packages, backup_all_sites, patch_sites, build_assets,
|
update_requirements, update_node_packages, backup_all_sites, patch_sites, build_assets,
|
||||||
restart_supervisor_processes, restart_systemd_processes)
|
restart_supervisor_processes, restart_systemd_processes)
|
||||||
from bench import patches
|
from bench import patches
|
||||||
|
from six.moves import reload_module
|
||||||
|
|
||||||
|
|
||||||
@click.command('update')
|
@click.command('update')
|
||||||
@ -88,13 +90,8 @@ def _update(pull=False, patch=False, build=False, update_bench=False, auto=False
|
|||||||
pre_upgrade(version_upgrade[1], version_upgrade[2], bench_path=bench_path)
|
pre_upgrade(version_upgrade[1], version_upgrade[2], bench_path=bench_path)
|
||||||
import bench.utils, bench.app
|
import bench.utils, bench.app
|
||||||
print('Reloading bench...')
|
print('Reloading bench...')
|
||||||
if sys.version_info >= (3, 4):
|
reload_module(bench.utils)
|
||||||
import importlib
|
reload_module(bench.app)
|
||||||
importlib.reload(bench.utils)
|
|
||||||
importlib.reload(bench.app)
|
|
||||||
else:
|
|
||||||
reload(bench.utils)
|
|
||||||
reload(bench.app)
|
|
||||||
|
|
||||||
if patch:
|
if patch:
|
||||||
print('Patching sites...')
|
print('Patching sites...')
|
||||||
|
@ -81,7 +81,7 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True)
|
|||||||
|
|
||||||
|
|
||||||
def setup_crontab():
|
def setup_crontab():
|
||||||
job_command = 'sudo service nginx stop && /opt/certbot-auto renew && sudo service nginx start'
|
job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"'
|
||||||
system_crontab = CronTab(tabfile='/etc/crontab', user=True)
|
system_crontab = CronTab(tabfile='/etc/crontab', user=True)
|
||||||
if job_command not in str(system_crontab):
|
if job_command not in str(system_crontab):
|
||||||
job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month")
|
job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month")
|
||||||
@ -148,9 +148,9 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
|
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
|
||||||
--server https://acme-v02.api.letsencrypt.org/directory \
|
--server https://acme-v02.api.letsencrypt.org/directory \
|
||||||
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
|
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
|
||||||
email_param=email_param))
|
email_param=email_param))
|
||||||
|
|
||||||
except CommandFailedError:
|
except CommandFailedError:
|
||||||
print("There was a problem trying to setup SSL")
|
print("There was a problem trying to setup SSL")
|
||||||
@ -161,7 +161,7 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
|||||||
"wildcard": {
|
"wildcard": {
|
||||||
"domain": domain,
|
"domain": domain,
|
||||||
"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
|
"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
|
||||||
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
|
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -171,4 +171,4 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
|||||||
make_nginx_conf(bench_path)
|
make_nginx_conf(bench_path)
|
||||||
print("Restrting Nginx service")
|
print("Restrting Nginx service")
|
||||||
service('nginx', 'restart')
|
service('nginx', 'restart')
|
||||||
|
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
import os, json, click, random, string, hashlib
|
import os, json, click, random, string, hashlib
|
||||||
from bench.utils import get_sites, get_bench_name, exec_cmd
|
from bench.utils import get_sites, get_bench_name, exec_cmd
|
||||||
|
from six import string_types
|
||||||
|
|
||||||
def make_nginx_conf(bench_path, yes=False):
|
def make_nginx_conf(bench_path, yes=False):
|
||||||
from bench import env
|
from bench import env
|
||||||
@ -214,7 +215,7 @@ def get_sites_with_config(bench_path):
|
|||||||
if dns_multitenant and site_config.get('domains'):
|
if dns_multitenant and site_config.get('domains'):
|
||||||
for domain in site_config.get('domains'):
|
for domain in site_config.get('domains'):
|
||||||
# domain can be a string or a dict with 'domain', 'ssl_certificate', 'ssl_certificate_key'
|
# domain can be a string or a dict with 'domain', 'ssl_certificate', 'ssl_certificate_key'
|
||||||
if isinstance(domain, str) or isinstance(domain, unicode):
|
if isinstance(domain, string_types):
|
||||||
domain = { 'domain': domain }
|
domain = { 'domain': domain }
|
||||||
|
|
||||||
domain['name'] = site
|
domain['name'] = site
|
||||||
@ -227,7 +228,7 @@ def get_sites_with_config(bench_path):
|
|||||||
def use_wildcard_certificate(bench_path, ret):
|
def use_wildcard_certificate(bench_path, ret):
|
||||||
'''
|
'''
|
||||||
stored in common_site_config.json as:
|
stored in common_site_config.json as:
|
||||||
"wildcard": {
|
"wildcard": {
|
||||||
"domain": "*.erpnext.com",
|
"domain": "*.erpnext.com",
|
||||||
"ssl_certificate": "/path/to/erpnext.com.cert",
|
"ssl_certificate": "/path/to/erpnext.com.cert",
|
||||||
"ssl_certificate_key": "/path/to/erpnext.com.key"
|
"ssl_certificate_key": "/path/to/erpnext.com.key"
|
||||||
|
@ -12,7 +12,12 @@ map {{ from_variable }} {{ to_variable }} {
|
|||||||
|
|
||||||
{%- macro server_block(bench_name, port, server_names, site_name, sites_path, ssl_certificate, ssl_certificate_key) %}
|
{%- macro server_block(bench_name, port, server_names, site_name, sites_path, ssl_certificate, ssl_certificate_key) %}
|
||||||
server {
|
server {
|
||||||
|
{% if ssl_certificate and ssl_certificate_key %}
|
||||||
|
listen {{ port }} ssl;
|
||||||
|
{% else %}
|
||||||
listen {{ port }};
|
listen {{ port }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
server_name
|
server_name
|
||||||
{% for name in server_names -%}
|
{% for name in server_names -%}
|
||||||
{{ name }}
|
{{ name }}
|
||||||
@ -30,12 +35,20 @@ server {
|
|||||||
ssl_certificate {{ ssl_certificate }};
|
ssl_certificate {{ ssl_certificate }};
|
||||||
ssl_certificate_key {{ ssl_certificate_key }};
|
ssl_certificate_key {{ ssl_certificate_key }};
|
||||||
ssl_session_timeout 5m;
|
ssl_session_timeout 5m;
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_session_cache shared:SSL:10m;
|
||||||
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
|
ssl_session_tickets off;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
||||||
|
ssl_ecdh_curve secp384r1;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
add_header X-Frame-Options "SAMEORIGIN";
|
||||||
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
|
||||||
location /assets {
|
location /assets {
|
||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
@ -59,6 +72,10 @@ server {
|
|||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
|
||||||
|
rewrite ^(.+)/$ $1 permanent;
|
||||||
|
rewrite ^(.+)/index\.html$ $1 permanent;
|
||||||
|
rewrite ^(.+)\.html$ $1 permanent;
|
||||||
|
|
||||||
location ~ ^/files/.*.(htm|html|svg|xml) {
|
location ~ ^/files/.*.(htm|html|svg|xml) {
|
||||||
add_header Content-disposition "attachment";
|
add_header Content-disposition "attachment";
|
||||||
try_files /{{ site_name }}/public/$uri @webserver;
|
try_files /{{ site_name }}/public/$uri @webserver;
|
||||||
|
@ -503,6 +503,10 @@ def update_npm_packages(bench_path='.'):
|
|||||||
|
|
||||||
def install_requirements(pip, req_file, user=False):
|
def install_requirements(pip, req_file, user=False):
|
||||||
if os.path.exists(req_file):
|
if os.path.exists(req_file):
|
||||||
|
# sys.real_prefix exists only in a virtualenv
|
||||||
|
if hasattr(sys, 'real_prefix'):
|
||||||
|
user = False
|
||||||
|
|
||||||
user_flag = "--user" if user else ""
|
user_flag = "--user" if user else ""
|
||||||
exec_cmd("{pip} install {user_flag} -q -U -r {req_file}".format(pip=pip, user_flag=user_flag, req_file=req_file))
|
exec_cmd("{pip} install {user_flag} -q -U -r {req_file}".format(pip=pip, user_flag=user_flag, req_file=req_file))
|
||||||
|
|
||||||
@ -723,12 +727,6 @@ def update_translations(app, lang):
|
|||||||
|
|
||||||
print('downloaded for', app, lang)
|
print('downloaded for', app, lang)
|
||||||
|
|
||||||
def download_chart_of_accounts():
|
|
||||||
charts_dir = os.path.join('apps', "erpnext", "erpnext", 'accounts', 'chart_of_accounts', "submitted")
|
|
||||||
csv_file = os.path.join(translations_dir, lang + '.csv')
|
|
||||||
url = "https://translate.erpnext.com/files/{}-{}.csv".format(app, lang)
|
|
||||||
r = requests.get(url, stream=True)
|
|
||||||
r.raise_for_status()
|
|
||||||
|
|
||||||
def print_output(p):
|
def print_output(p):
|
||||||
while p.poll() is None:
|
while p.poll() is None:
|
||||||
|
@ -142,7 +142,7 @@ def install_bench(args):
|
|||||||
shutil.rmtree(tmp_bench_repo)
|
shutil.rmtree(tmp_bench_repo)
|
||||||
|
|
||||||
def check_distribution_compatibility():
|
def check_distribution_compatibility():
|
||||||
supported_dists = {'ubuntu': [14, 15, 16, 18, 19], 'debian': [8, 9],
|
supported_dists = {'ubuntu': [14, 15, 16, 18, 19], 'debian': [8, 9, 10],
|
||||||
'centos': [7], 'macos': [10.9, 10.10, 10.11, 10.12]}
|
'centos': [7], 'macos': [10.9, 10.10, 10.11, 10.12]}
|
||||||
|
|
||||||
dist_name, dist_version = get_distribution_info()
|
dist_name, dist_version = get_distribution_info()
|
||||||
@ -389,7 +389,7 @@ def parse_commandline_args():
|
|||||||
|
|
||||||
# set passwords
|
# set passwords
|
||||||
parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password')
|
parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password')
|
||||||
parser.add_argument('--mariadb-version', dest='mariadb_version', default='10.2', help='Specify mariadb version')
|
parser.add_argument('--mariadb-version', dest='mariadb_version', default='10.4', help='Specify mariadb version')
|
||||||
parser.add_argument('--admin-password', dest='admin_password', help='Set admin password')
|
parser.add_argument('--admin-password', dest='admin_password', help='Set admin password')
|
||||||
parser.add_argument('--bench-name', dest='bench_name', help='Create bench with specified name. Default name is frappe-bench')
|
parser.add_argument('--bench-name', dest='bench_name', help='Create bench with specified name. Default name is frappe-bench')
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
state: present
|
state: present
|
||||||
when: ansible_distribution_version is version_compare('8', 'lt')
|
when: ansible_distribution_version is version_compare('8', 'lt')
|
||||||
|
|
||||||
- name: install pillow prerequisites for Debian >= 8
|
- name: install pillow prerequisites for Debian 8
|
||||||
apt:
|
apt:
|
||||||
pkg:
|
pkg:
|
||||||
- libjpeg62-turbo-dev
|
- libjpeg62-turbo-dev
|
||||||
@ -21,7 +21,28 @@
|
|||||||
- tcl8.5-dev
|
- tcl8.5-dev
|
||||||
- tk8.5-dev
|
- tk8.5-dev
|
||||||
state: present
|
state: present
|
||||||
when: ansible_distribution_version is version_compare('8', 'ge')
|
when: ansible_distribution_version is version_compare('8', 'eq')
|
||||||
|
|
||||||
|
- name: install pillow prerequisites for Debian 9
|
||||||
|
apt:
|
||||||
|
pkg:
|
||||||
|
- libjpeg62-turbo-dev
|
||||||
|
- libtiff5-dev
|
||||||
|
- tcl8.5-dev
|
||||||
|
- tk8.5-dev
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_version is version_compare('9', 'eq')
|
||||||
|
|
||||||
|
|
||||||
|
- name: install pillow prerequisites for Debian >= 10
|
||||||
|
apt:
|
||||||
|
pkg:
|
||||||
|
- libjpeg62-turbo-dev
|
||||||
|
- libtiff5-dev
|
||||||
|
- tcl8.6-dev
|
||||||
|
- tk8.6-dev
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_version is version_compare('10', 'ge')
|
||||||
|
|
||||||
- name: install pdf prerequisites debian
|
- name: install pdf prerequisites debian
|
||||||
apt:
|
apt:
|
||||||
@ -30,4 +51,4 @@
|
|||||||
state: present
|
state: present
|
||||||
force: yes
|
force: yes
|
||||||
|
|
||||||
...
|
...
|
||||||
|
@ -9,4 +9,4 @@
|
|||||||
package:
|
package:
|
||||||
name: nodejs
|
name: nodejs
|
||||||
state: present
|
state: present
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user