uawdijnntqw1x1x1
IP : 216.73.216.74
Hostname : www.vorobey-market.ru
Kernel : Linux www.vorobey-market.ru 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64
Disable Function : None :)
OS : Linux
PATH:
/
home
/
..
/
etc
/
init.d
/
bvat.ori.201801121718
/
/
#!/bin/bash #==================================================================== # Run level information: # # chkconfig: 2345 99 99 # description: Bitrix Virtual Appliance Tuning & Configuration Script # processname: bvat export LANG=en_US.UTF-8 export PATH=/sbin:/bin:/usr/sbin:/usr/bin OS_TYPE=$(cat /etc/redhat-release | grep CentOS -c) [[ $OS_TYPE -eq 0 ]] && exit 1 OS_VERSION=$(cat /etc/redhat-release | \ sed -e "s/CentOS Linux release//;s/CentOS release // " | cut -d'.' -f1) # Virtualization Types and Arch IS_OPENVZ=$( [[ -f /proc/user_beancounters ]] && echo 1 || echo 0 ) HW_TYPE=default [[ $IS_OPENVZ -gt 0 ]] && HW_TYPE=openvz IS_X86_64=$(uname -a | grep -wc 'x86_64') INIT_FLAG=/root/BX_INITIAL_SETUP MYSQL_CNF=/root/.my.cnf # logging LOG_DIR=/opt/webdir/logs [[ ! -d $LOG_DIR ]] && mkdir -p $LOG_DIR LOGS_FILE=$LOG_DIR/bvat.log [[ -z $DEBUG ]] && DEBUG=0 [[ -f $LOGS_FILE ]] && echo -n "" > $LOGS_FILE log_to_file(){ log_message="${1}" notice="${2:-INFO}" printf "%20s: %5s [%s] %s\n" \ "$(date +"%Y/%m/%d %H:%M:%S")" $$ "$notice" "$log_message" >> $LOGS_FILE [[ $DEBUG -gt 0 ]] && \ printf "%20s: %5s [%s] %s\n" \ "$(date +"%Y/%m/%d %H:%M:%S")" $$ "$notice" "$log_message" 1>&2 } # get available memory on board get_available_memory(){ AVAILABLE_MEMORY=$(free | grep Mem | awk '{print $2}') if [[ $IS_OPENVZ -gt 0 ]]; then if [[ -z $AVAILABLE_MEMORY ]]; then mem4kblock=`cat /proc/user_beancounters | \ grep vmguarpages|awk '{print $4}'` mem4kblock2=`cat /proc/user_beancounters | \ grep privvmpages|awk '{print $4}'` if [[ ${mem4kblock2} -gt ${mem4kblock} ]]; then AVAILABLE_MEMORY=$(echo "${mem4kblock} * 4"|bc) else AVAILABLE_MEMORY=$(echo "${mem4kblock2} * 4"|bc) fi fi fi } get_php_settings(){ PHP_CMD=$(which php) APACHE_CMD=$(which httpd) # 5.4, 5.6, 7.0 and etc PHP_VERSION=$($PHP_CMD -v | \ egrep -o "PHP [0-9\.]+" | awk '{print $2}' | \ awk -F'.' '{printf "%d.%d", $1, $2}') APACHE_VERSION=$($APACHE_CMD -v | \ egrep -o "Apache/[0-9\.]+" | awk -F'/' '{print $2}' | \ awk -F'.' '{printf "%d.%d", $1,$2}') IS_APCU_PHP=$($PHP_CMD -m 2>/dev/null | grep -wc apcu) IS_OPCACHE_PHP=$($PHP_CMD -m 2>/dev/null | grep -wc OPcache) } # generate random password randpw(){ local len="${1:-20}" if [[ $DEBUG -eq 0 ]]; then </dev/urandom tr -dc '?!@&\-_+@%\(\)\{\}\[\]=0-9a-zA-Z' | head -c20; echo "" else </dev/urandom tr -dc '?!@&\-_+@%\(\)\{\}\[\]=' | head -c20; echo "" fi } # copy-paste from mysql_secure_installation; you can find explanation in that script basic_single_escape () { echo "$1" | sed 's/\(['"'"'\]\)/\\\1/g' } # Centos7: # mysql-community-server => mysql-community # Percona-Server-server => percona # MariaDB-server => MariaDB # mariadb-server => mariadb # Centos6: # mysql-server => mysql get_mysql_package(){ [[ -n $MYSQL_PACKAGE ]] && return 0 PACKAGES_LIST=$(rpm -qa) MYSQL_PACKAGE=not_installed MYSQL_SERVICE=not_installed MYSQL_VERSION=not_installed if [[ $(echo "$PACKAGES_LIST" | grep -c '^mysql-community-server') -gt 0 ]]; then MYSQL_PACKAGE=mysql-community-server MYSQL_SERVICE=mysqld elif [[ $(echo "$PACKAGES_LIST" | grep -c '^Percona-Server-server') -gt 0 ]]; then MYSQL_PACKAGE=Percona-Server-server MYSQL_SERVICE=mysqld elif [[ $(echo "$PACKAGES_LIST" | grep -c '^MariaDB-server') -gt 0 ]]; then MYSQL_PACKAGE=MariaDB-server MYSQL_SERVICE=mariadb elif [[ $(echo "$PACKAGES_LIST" | grep -c '^mariadb-server') -gt 0 ]]; then MYSQL_PACKAGE=mariadb-server MYSQL_SERVICE=mariadb elif [[ $(echo "$PACKAGES_LIST" | grep -c '^mysql-server') -gt 0 ]]; then MYSQL_PACKAGE=mysql-server MYSQL_SERVICE=mysqld else return 1 fi MYSQL_VERSION=$(rpm -qa --queryformat '%{version}' ${MYSQL_PACKAGE}* | head -1 ) } # generate client mysql config my_config(){ local cfg="${1:-$MYSQL_CNF}" echo "# mysql bvat config file" > $cfg echo "[client]" >> $cfg echo "user=root" >> $cfg local esc_pass=$(basic_single_escape "$MYSQL_ROOTPW") echo "password='$esc_pass'" >> $cfg echo "socket=/var/lib/mysqld/mysqld.sock" >> $cfg } # run query my_query(){ local query="${1}" local cfg="${2:-$MYSQL_CNF}" [[ -z $query ]] && return 1 local tmp_f=$(mktemp /tmp/XXXXX_command) echo "$query" > $tmp_f mysql --defaults-file=$cfg < $tmp_f >> $LOGS_FILE 2>&1 mysql_rtn=$? rm -f $tmp_f return $mysql_rtn } # query and result my_select(){ local query="${1}" local cfg="${2:-$MYSQL_CNF}" [[ -z $query ]] && return 1 local tmp_f=$(mktemp /tmp/XXXXX_command) echo "$query" > $tmp_f mysql --defaults-file=$cfg < $tmp_f mysql_rtn=$? rm -f $tmp_f return $mysql_rtn } my_additional_security(){ # delete anonymous users my_query "DELETE FROM mysql.user WHERE User='';" [[ $? -eq 0 ]] && \ log_to_file "Remove anonymous users in mysql service" # remove remote root my_query "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" [[ $? -eq 0 ]] && \ log_to_file "Disable remote root access in mysql service" # remove test database my_query "DROP DATABASE test;" [[ $? -eq 0 ]] && \ log_to_file "Remove DB test" my_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" [[ $? -eq 0 ]] && \ log_to_file "Remove all privileges on test DBs" # flush privileges my_query "FLUSH PRIVILEGES;" [[ $? -eq 0 ]] && \ log_to_file "Reload mysql privileges" } # generate root password # return 0 - generate new root password # return 1 - settings are left as is my_generate_rootpw(){ # test root has empty password MYSQL_ROOTPW='' local my_temp=$MYSQL_CNF.temp my_config "$my_temp" my_query "status;" "$my_temp" [[ $? -gt 0 ]] && return 1 log_to_file "Test empty root password - pass" # generate root password and update mysql settings MYSQL_ROOTPW=$(randpw) local esc_pass=$(basic_single_escape "$MYSQL_ROOTPW") my_query \ "UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root'; FLUSH PRIVILEGES;" \ "$my_temp" if [[ $? -eq 0 ]]; then log_to_file "MySQL password update successfully" rm -f $my_temp else log_to_file "MySQL password upadte failed" rm -f $my_temp return 1 fi # create /root/.my.cnf and save settings my_config log_to_file "Update config file" # configure additional options my_additional_security log_to_file "Main configuration mysql security is complete" } my_generate_sitepw(){ local site_dir="${1:-/home/bitrix/www}" local site_dbcon="$site_dir/bitrix/php_interface/dbconn.php" local site_settings="$site_dir/bitrix/.settings.php" local site_db=$(cat $site_dbcon | \ grep -v '^#\|^$\|^;' | grep -w DBName | \ awk -F'=' '{print $2}' | sed -e 's/"//g;s/;//;s/\s\+//') [[ -f $site_dbcon && -f $site_settings ]] || return 1 # test root login in config files is_root_dbcon=$(cat $site_dbcon | grep -v '\(^$\|^;\|^#\)' | \ grep -w "DBLogin" | grep -wc root) is_root_settings=$(cat $site_settings | grep -v '\(^$\|^;\|^#\)' | \ grep -w "login" | grep -wc root) [[ ( $is_root_dbcon -eq 0 ) && ( $is_root_settings -eq 0 ) ]] && return 1 # create db, if not exist [[ ! -d "/var/lib/mysql/$site_db" ]] && \ my_query "CREATE DATABASE $site_db" # create user for site user_id=0 user_base=bitrix user_select= while [[ -z $user_select ]]; do log_to_file "Testing user=${user_base}${user_id}" user_tmp=$(mktemp /tmp/XXXXXX_user) is_user=0 my_select "SELECT User FROM mysql.user WHERE User='${user_base}${user_id}'" > $user_tmp 2>&1 if [[ $? -gt 0 ]]; then log_to_file "Cannot test existence mysql user" rm -f $user_tmp return 1 else is_user=$(cat $user_tmp | grep -wc "${user_base}${user_id}") fi [[ $is_user -eq 0 ]] && \ user_select="${user_base}${user_id}" user_id=$(( $user_id + 1 )) done BITRIX_PW=$(randpw) log_to_file "Generate user name=$user_select for default site" # create user and its grants esc_pass=$(basic_single_escape "$BITRIX_PW") [[ $DEBUG -gt 0 ]] && echo "name=$user_select password=$BITRIX_PW esc_password=$esc_pass" my_query "CREATE USER '$user_select'@'localhost' IDENTIFIED BY '$esc_pass';" if [[ $? -gt 0 ]]; then log_to_file "Cannot create user=$user_select" return 1 else log_to_file "Create user=$user_select" fi my_query "GRANT ALL PRIVILEGES ON $site_db.* TO '$user_select'@'localhost';" if [[ $? -gt 0 ]]; then log_to_file "Cannot grant access rights to user=$user_select" return 1 else log_to_file "Grant access rights to user=$user_select" fi # replace option in the config files # because special chars we give up on sed tool DBPassword_line=$(grep -n "^\s*\$DBPassword" $site_dbcon | awk -F':' '{print $1}') [[ -z $DBPassword_line ]] && \ log_to_file "Cannot find DBPassword option in $site_dbcon" && \ return 1 { head -n $(( $DBPassword_line-1 )) $site_dbcon echo "\$DBPassword = '$esc_pass';" tail -n +$(( $DBPassword_line+1 )) $site_dbcon } | \ sed -e "s/\$DBLogin.\+/\$DBLogin \= \'$user_select\'\;/g" \ > $site_dbcon.tmp mv $site_dbcon.tmp $site_dbcon chown bitrix:bitrix $site_dbcon chmod 640 $site_dbcon log_to_file "Update $site_dbcon" password_line=$(grep -n "^\s*'password'" $site_settings | awk -F':' '{print $1}') [[ -z $password_line ]] && \ log_to_file "Cannot find password option in $site_settings" && \ return 1 { head -n $(( $password_line-1 )) $site_settings echo " 'password' => '$esc_pass'," tail -n +$(( $password_line+1 )) $site_settings } | \ sed -e "s/'login' => '.\+',/'login' => '$user_select',/g" \ > $site_settings.tmp mv $site_settings.tmp $site_settings chown bitrix:bitrix $site_settings chmod 640 $site_settings log_to_file "Update $site_settings" } # intial/first boot configuration script # - set mysql root password # - set mysql user and password for default bitrix site bx_init(){ # generate root password and update security options my_generate_rootpw # generate bitrix password for default site my_generate_sitepw } start(){ log_to_file "Start server configuration by Bitrix-Env" log_to_file "OS info: version=$OS_VERSION type=$OS_TYPE x86_64=$IS_X86_64" # get system memory on board get_available_memory log_to_file "Maximum available memory=${AVAILABLE_MEMORY}KB" # directories that used for installation install_directories="/etc/mysql/conf.d /etc/httpd/bx/conf" for install_dir in $install_directories; do if [[ ! -d $install_dir ]]; then mkdir -p $install_dir log_to_file "Create direcory=$install_dir" fi done # create config that depends on installed RAM MEMORY_LIMITS="256:512:1024:1536:2048:3072:4096:5120:6144:7168:8192:9216:10240:11264:12288:13312:14336:15360:16384:65536" CONFIG_SRC_DIR=/etc/ansible/bvat_conf/$HW_TYPE CONFIG_FILES="/etc/httpd/bx/conf/prefork.conf /etc/mysql/conf.d/bvat.cnf /etc/php.d/apc.ini" min_mb=0 memory_mb=$(echo "${AVAILABLE_MEMORY}/1024"|bc) [[ ( $IS_X86_64 -eq 0 ) && ( $memory_mb -gt 4096 ) ]] && \ memory_mb=4096 log_to_file "Desired config values between ${min_mb}MB and ${memory_mb}MB" # get PHP info get_php_settings log_to_file "PHP info: version=$PHP_VERSION is_apcu=$IS_APCU_PHP is_opcache=$IS_OPCACHE_PHP" # determine the version of the configuration file, which is suitable to the system mysql_restart=0 httpd_restart=0 for max_mb in $(echo $MEMORY_LIMITS | \ sed -e 's/:/ /g;' ); do # test boundaries if [[ ( $memory_mb -gt $min_mb ) && \ ( $memory_mb -le $max_mb ) ]]; then for config in $CONFIG_FILES; do log_to_file "Processing config=$config for system with memory_max=$max_mb" config_bn=$(basename $config) config_source=$CONFIG_SRC_DIR/${max_mb}_$config_bn if [[ ! -f $config_source ]]; then log_to_file "Not found source config=$config_source" else md5_config="not_exists" [[ -f $config ]] && \ md5_config=$( md5sum $config | awk '{print $1}') md5_config_source=$(md5sum $config_source | awk '{print $1}') if [[ $md5_config != "$md5_config_source" ]]; then cp -f $config_source $config if [[ $? -gt 0 ]]; then log_to_file "Cannot copy $config_source to $config" else log_to_file "Copy $config_source to $config" [[ $(echo "$config" | grep -wc mysql) -gt 0 ]] && \ mysql_restart=1 [[ $(echo "$config" | grep -wc "\(php\|httpd\)") -gt 0 ]] && \ httpd_restart=1 fi fi fi done fi min_mb=$max_mb done # restart services if [[ $mysql_restart -gt 0 ]]; then get_mysql_package if [[ $OS_VERSION -eq 7 ]]; then systemctl restart $MYSQL_SERVICE >> $LOGS_FILE 2>&1 else service mysqld restart >> $LOGS_FILE 2>&1 fi fi if [[ $httpd_restart -gt 0 ]]; then if [[ $OS_VERSION -eq 7 ]]; then systemctl restart httpd >> $LOGS_FILE 2>&1 else service httpd restart >> $LOGS_FILE 2>&1 fi fi # replaces MaxClients options for httpd 2.4 if [[ "$APACHE_VERSION" == "2.4" ]]; then sed -i 's/MaxClients/MaxRequestWorkers/g' /etc/httpd/bx/conf/prefork.conf log_to_file "Replace MaxClient option in config=/etc/httpd/bx/conf/prefork.conf" fi # increase max_input_vars for php 5.4 and above if [[ $(echo "$PHP_VERSION" | egrep -c '^(5\.[456]|7\.[0-9])$') ]]; then sed -i 's/max_input_vars = 4000/max_input_vars = 10000/' /etc/php.d/bitrixenv.ini log_to_file "Increase max_input_vars value in /etc/php.d/bitrixenv.ini" fi # configure apcu module if [[ ( $IS_APCU_PHP -gt 0 ) && ( -f /etc/php.d/apc.ini ) ]]; then sed -i 's/apc.so/apcu.so/' /etc/php.d/apc.ini if [[ "$PHP_VERSION" == "5.4" ]]; then mv -f /etc/php.d/apc.ini /etc/php.d/apcu.ini elif [[ "$PHP_VERSION" == "5.6" ]]; then mv -f /etc/php.d/apc.ini /etc/php.d/40-apcu.ini elif [[ "$PHP_VERSION" == "7.0" ]]; then mv -f /etc/php.d/apc.ini /etc/php.d/40-apcu.ini fi fi # configure opcache module if [[ $IS_OPCACHE_PHP -gt 0 ]]; then opcache_template=/etc/ansible/bvat_conf/opcache.ini.bx opcache_memory_mb=$(echo "$memory_mb" | \ awk '{printf "%.2f", $1/8}' | awk -F'.' '{print $1}') [[ $opcache_memory_mb -lt 64 ]] && opcache_memory_mb=64 [[ $opcache_memory_mb -gt 2048 ]] && opcache_memory_mb=2048 opcache_config=/etc/php.d/opcache.ini [[ "$PHP_VERSION" == "5.6" ]] && opcache_config=/etc/php.d/10-opcache.ini [[ "$PHP_VERSION" == "7.0" ]] && opcache_config=/etc/php.d/10-opcache.ini # delete old config file; if there is one [[ ( "$PHP_VERSION" == "5.6" ) && \ ( -f /etc/php.d/opcache.ini ) ]] && \ rm -f /etc/php.d/opcache.ini # update opcache config if [[ -f $opcache_template ]]; then cat $opcache_template | \ sed -e "s:__MEMORY__:$opcache_memory_mb:;" \ > $opcache_config 2>/dev/null && \ log_to_file "Update opcache config=$opcache_config" fi fi # disable or enable xmpp daemon if [[ -f /etc/init.d/xmpp ]]; then if [[ $memory_mb -le 512 ]]; then chkconfig xmpp off else chkconfig xmpp on fi fi chmod 0664 /etc/php.d/*.ini ulimit -n 10240 # change issue message (that used in login screen) /opt/webdir/bin/bx_motd > /etc/issue 2>/dev/null # generate root password and site user password if [[ -f $INIT_FLAG ]]; then bx_init rm -f $INIT_FLAG fi } test_f(){ DEBUG=1 bx_init } ### main action=$1 [[ -z $action ]] && action=start case "$1" in start|restart|"") start ;; stop) # No-op ;; test) test_f ;; *) echo "Error: argument '$1' not supported" >&2 exit 3 ;; esac exit 0
/home/../etc/init.d/bvat.ori.201801121718