mirror of
https://github.com/frappe/bench.git
synced 2025-01-24 07:28:25 +00:00
Merge branch 'playbooks-update' of github.com:gavindsouza/bench into playbooks-update
This commit is contained in:
commit
c88940d5fc
@ -1,11 +1,13 @@
|
||||
import click
|
||||
import sys, os
|
||||
import sys
|
||||
import os
|
||||
from bench.config.common_site_config import get_config, update_config
|
||||
from bench.app import pull_all_apps, is_version_upgrade, validate_branch
|
||||
from bench.utils import (update_bench, validate_upgrade, pre_upgrade, post_upgrade, before_update,
|
||||
update_requirements, update_node_packages, backup_all_sites, patch_sites, build_assets,
|
||||
restart_supervisor_processes, restart_systemd_processes)
|
||||
from bench import patches
|
||||
from six.moves import reload_module
|
||||
|
||||
|
||||
@click.command('update')
|
||||
@ -88,13 +90,8 @@ def _update(pull=False, patch=False, build=False, update_bench=False, auto=False
|
||||
pre_upgrade(version_upgrade[1], version_upgrade[2], bench_path=bench_path)
|
||||
import bench.utils, bench.app
|
||||
print('Reloading bench...')
|
||||
if sys.version_info >= (3, 4):
|
||||
import importlib
|
||||
importlib.reload(bench.utils)
|
||||
importlib.reload(bench.app)
|
||||
else:
|
||||
reload(bench.utils)
|
||||
reload(bench.app)
|
||||
reload_module(bench.utils)
|
||||
reload_module(bench.app)
|
||||
|
||||
if patch:
|
||||
print('Patching sites...')
|
||||
|
@ -81,7 +81,7 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True)
|
||||
|
||||
|
||||
def setup_crontab():
|
||||
job_command = 'sudo service nginx stop && /opt/certbot-auto renew && sudo service nginx start'
|
||||
job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"'
|
||||
system_crontab = CronTab(tabfile='/etc/crontab', user=True)
|
||||
if job_command not in str(system_crontab):
|
||||
job = system_crontab.new(command=job_command, comment="Renew lets-encrypt every month")
|
||||
@ -148,9 +148,9 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
||||
|
||||
try:
|
||||
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
|
||||
--server https://acme-v02.api.letsencrypt.org/directory \
|
||||
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
|
||||
email_param=email_param))
|
||||
--server https://acme-v02.api.letsencrypt.org/directory \
|
||||
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
|
||||
email_param=email_param))
|
||||
|
||||
except CommandFailedError:
|
||||
print("There was a problem trying to setup SSL")
|
||||
@ -161,7 +161,7 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
||||
"wildcard": {
|
||||
"domain": domain,
|
||||
"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
|
||||
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
|
||||
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
|
||||
}
|
||||
}
|
||||
|
||||
@ -171,4 +171,4 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
||||
make_nginx_conf(bench_path)
|
||||
print("Restrting Nginx service")
|
||||
service('nginx', 'restart')
|
||||
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
import os, json, click, random, string, hashlib
|
||||
from bench.utils import get_sites, get_bench_name, exec_cmd
|
||||
from six import string_types
|
||||
|
||||
def make_nginx_conf(bench_path, yes=False):
|
||||
from bench import env
|
||||
@ -214,7 +215,7 @@ def get_sites_with_config(bench_path):
|
||||
if dns_multitenant and site_config.get('domains'):
|
||||
for domain in site_config.get('domains'):
|
||||
# domain can be a string or a dict with 'domain', 'ssl_certificate', 'ssl_certificate_key'
|
||||
if isinstance(domain, str) or isinstance(domain, unicode):
|
||||
if isinstance(domain, string_types):
|
||||
domain = { 'domain': domain }
|
||||
|
||||
domain['name'] = site
|
||||
@ -227,7 +228,7 @@ def get_sites_with_config(bench_path):
|
||||
def use_wildcard_certificate(bench_path, ret):
|
||||
'''
|
||||
stored in common_site_config.json as:
|
||||
"wildcard": {
|
||||
"wildcard": {
|
||||
"domain": "*.erpnext.com",
|
||||
"ssl_certificate": "/path/to/erpnext.com.cert",
|
||||
"ssl_certificate_key": "/path/to/erpnext.com.key"
|
||||
|
@ -12,7 +12,12 @@ map {{ from_variable }} {{ to_variable }} {
|
||||
|
||||
{%- macro server_block(bench_name, port, server_names, site_name, sites_path, ssl_certificate, ssl_certificate_key) %}
|
||||
server {
|
||||
{% if ssl_certificate and ssl_certificate_key %}
|
||||
listen {{ port }} ssl;
|
||||
{% else %}
|
||||
listen {{ port }};
|
||||
{% endif %}
|
||||
|
||||
server_name
|
||||
{% for name in server_names -%}
|
||||
{{ name }}
|
||||
@ -30,12 +35,20 @@ server {
|
||||
ssl_certificate {{ ssl_certificate }};
|
||||
ssl_certificate_key {{ ssl_certificate_key }};
|
||||
ssl_session_timeout 5m;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
||||
ssl_ecdh_curve secp384r1;
|
||||
ssl_prefer_server_ciphers on;
|
||||
{% endif %}
|
||||
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
location /assets {
|
||||
try_files $uri =404;
|
||||
@ -59,6 +72,10 @@ server {
|
||||
|
||||
location / {
|
||||
|
||||
rewrite ^(.+)/$ $1 permanent;
|
||||
rewrite ^(.+)/index\.html$ $1 permanent;
|
||||
rewrite ^(.+)\.html$ $1 permanent;
|
||||
|
||||
location ~ ^/files/.*.(htm|html|svg|xml) {
|
||||
add_header Content-disposition "attachment";
|
||||
try_files /{{ site_name }}/public/$uri @webserver;
|
||||
|
@ -503,6 +503,10 @@ def update_npm_packages(bench_path='.'):
|
||||
|
||||
def install_requirements(pip, req_file, user=False):
|
||||
if os.path.exists(req_file):
|
||||
# sys.real_prefix exists only in a virtualenv
|
||||
if hasattr(sys, 'real_prefix'):
|
||||
user = False
|
||||
|
||||
user_flag = "--user" if user else ""
|
||||
exec_cmd("{pip} install {user_flag} -q -U -r {req_file}".format(pip=pip, user_flag=user_flag, req_file=req_file))
|
||||
|
||||
@ -723,12 +727,6 @@ def update_translations(app, lang):
|
||||
|
||||
print('downloaded for', app, lang)
|
||||
|
||||
def download_chart_of_accounts():
|
||||
charts_dir = os.path.join('apps', "erpnext", "erpnext", 'accounts', 'chart_of_accounts', "submitted")
|
||||
csv_file = os.path.join(translations_dir, lang + '.csv')
|
||||
url = "https://translate.erpnext.com/files/{}-{}.csv".format(app, lang)
|
||||
r = requests.get(url, stream=True)
|
||||
r.raise_for_status()
|
||||
|
||||
def print_output(p):
|
||||
while p.poll() is None:
|
||||
|
@ -142,7 +142,7 @@ def install_bench(args):
|
||||
shutil.rmtree(tmp_bench_repo)
|
||||
|
||||
def check_distribution_compatibility():
|
||||
supported_dists = {'ubuntu': [14, 15, 16, 18, 19], 'debian': [8, 9],
|
||||
supported_dists = {'ubuntu': [14, 15, 16, 18, 19], 'debian': [8, 9, 10],
|
||||
'centos': [7], 'macos': [10.9, 10.10, 10.11, 10.12]}
|
||||
|
||||
dist_name, dist_version = get_distribution_info()
|
||||
@ -389,7 +389,7 @@ def parse_commandline_args():
|
||||
|
||||
# set passwords
|
||||
parser.add_argument('--mysql-root-password', dest='mysql_root_password', help='Set mysql root password')
|
||||
parser.add_argument('--mariadb-version', dest='mariadb_version', default='10.2', help='Specify mariadb version')
|
||||
parser.add_argument('--mariadb-version', dest='mariadb_version', default='10.4', help='Specify mariadb version')
|
||||
parser.add_argument('--admin-password', dest='admin_password', help='Set admin password')
|
||||
parser.add_argument('--bench-name', dest='bench_name', help='Create bench with specified name. Default name is frappe-bench')
|
||||
|
||||
|
@ -13,7 +13,7 @@
|
||||
state: present
|
||||
when: ansible_distribution_version is version_compare('8', 'lt')
|
||||
|
||||
- name: install pillow prerequisites for Debian >= 8
|
||||
- name: install pillow prerequisites for Debian 8
|
||||
apt:
|
||||
pkg:
|
||||
- libjpeg62-turbo-dev
|
||||
@ -21,7 +21,28 @@
|
||||
- tcl8.5-dev
|
||||
- tk8.5-dev
|
||||
state: present
|
||||
when: ansible_distribution_version is version_compare('8', 'ge')
|
||||
when: ansible_distribution_version is version_compare('8', 'eq')
|
||||
|
||||
- name: install pillow prerequisites for Debian 9
|
||||
apt:
|
||||
pkg:
|
||||
- libjpeg62-turbo-dev
|
||||
- libtiff5-dev
|
||||
- tcl8.5-dev
|
||||
- tk8.5-dev
|
||||
state: present
|
||||
when: ansible_distribution_version is version_compare('9', 'eq')
|
||||
|
||||
|
||||
- name: install pillow prerequisites for Debian >= 10
|
||||
apt:
|
||||
pkg:
|
||||
- libjpeg62-turbo-dev
|
||||
- libtiff5-dev
|
||||
- tcl8.6-dev
|
||||
- tk8.6-dev
|
||||
state: present
|
||||
when: ansible_distribution_version is version_compare('10', 'ge')
|
||||
|
||||
- name: install pdf prerequisites debian
|
||||
apt:
|
||||
@ -30,4 +51,4 @@
|
||||
state: present
|
||||
force: yes
|
||||
|
||||
...
|
||||
...
|
||||
|
@ -9,4 +9,4 @@
|
||||
package:
|
||||
name: nodejs
|
||||
state: present
|
||||
...
|
||||
...
|
||||
|
Loading…
x
Reference in New Issue
Block a user