Provision Plesk Integration

A module for loosely integrating Provision (part of the Aegir hosting system) with Parallels Plesk.

New Drush Commands

This module provides the following new commands for Drush:

plesk-setup-drupal

Set-up the specified client's document root folder to access the current Drupal site. This is done by means of symlinks to the shared Drupal platform/install; the Drupal site remains in its current location to allow it to be maintained by Aegir.

plesk-discover-db

Inform Plesk about the database that corresponds to the current Drupal site, so that the database is associated with the appropriate client's account and can be managed and monitored within Plesk. This is useful if Aegir automatically created the database for the site (as is the typical case) because it allows you to leverage the additional quota and reporting tools Plesk offers, while freeing you from having to create each database and user account manually for each site.

plesk-reset-pf-perm

Reset all of the permissions and ownership of the current Drupal install to default values appropriate for your Aegir and Plesk environment. This is useful if the current permissions are causing clients to have trouble accessing their Drupal sites.

This will cause all sites under the sites/ folder to lose their owners. After running this command, you will need to restore appropriate ownership to clients.

New Drush Sub-Modules

In addition, this module provides the following sub-modules that make it easier to use Aegir to maintain Drupal sites that are monitored by Plesk and owned by hosting customers:

site_owner_preservation

Extends Provision to allow it to work with Drupal sites that are not owned by the Aegir user account. To do this, this module allows Provision to take ownership of a site before it performs any operation (verify, clone, migrate, etc), and then to restore ownership to the original user at the end of the operation.

This makes it easier to give a user control over his or her Drupal install and to enforce hard, user-based quotas, while still giving the administrator the flexibility to use Aegir for maintenance.

hardened_modules

Provides a Drupal core patch and functionality for restricting Provision from loading custom user modules during provisioning operations. This prevents users from being able to write custom modules that take advantage of having elevated privileges when bootstrapped by Aegir and Provision.

ownership_utils

A module that provides Provision with an API for taking ownership of files and folders. This is used by site_owner_preservation.

Installation

More detailed documentation, including step-by-step documentation on how to set-up Aegir, install this module, and use it in conjunction with mpm-itk will be forthcoming shortly. In the mean time, you will need to perform the following steps:

1. Install Aegir 0.4 Alpha 6, if you haven't already.
2. Ensure that the Apache configuration files generated by Aegir are processed before the ones generated by Plesk. To do this, symlink /etc/httpd/conf.d/zz005_aegir.conf to ~aegir/config/apache.conf. This should take the place of whatever symlink you created when installing Aegir.
3. Set-up Apache to use mpm_itk. This is necessary so that each Drupal site runs with its owner's credentials.
4. Download this module and extract it in a safe, temporary place.
5. Copy the provision_plesk folder that was extracted in the previous step to the .drush folder used by Aegir (~aegir/.drush).
6. Optionally copy the file sbin/aegir_chown.php to /usr/local/sbin/aegir_chown (note the lack of the .php extension), and set the mode on the file so that it is executable. This wrapper script restricts which files Aegir can take ownership of, in case Aegir is compromised.
7. Give the Aegir user account (usually "aegir") permission to use sudo without a password to run "/usr/local/sbin/aegir_chown" (or "/usr/bin/sudo" if you skipped the previous step). This is required in order for Aegir to be able to take ownership of sites during provisioning operations.
8. Apply the patch in patches/provision-0.4/platform_AllowOverride.patch to Provision to allow users to use .htaccess files. This patch is required because this setup still requires the use of the Drupal .htaccess file for each site.
9. Optionally apply the patch in modules/hardened_modules/patches/drupal-6.16/module.inc.patch to lock-down what modules are loaded by Provision. This patch is strongly recommended as it prevents a code execution vulnerability.
10. Overwrite the templates in ~aegir/.drush/provision with the corresponding templates from ~aegir/.drush/provision_plesk/templates. These template files have been customized to produce virtual host configuration files that are compatible with what Plesk normally generates.
11. Have Aegir Verify all existing sites to re-generate their configuration files.

This module is a work-in-progress, but has been tested with Aegir 0.4 Alpha 6 and Plesk 8.6 running on CentOS 5.2. The module may also work with Aegir 0.3, though it is discouraged.

This project is developed and sponsored by Red Bottle Design, LLC.

If you like this module, please consider making a donation to Red Bottle Design, LLC.