Your IP : 216.73.216.74
| Current Path : /etc/init.d/ |
|
|
| Current File : //etc/init.d/bvat.ori.201801121718 |
#!/bin/bash
#====================================================================
# Run level information:
#
# chkconfig: 2345 99 99
# description: Bitrix Virtual Appliance Tuning & Configuration Script
# processname: bvat
export LANG=en_US.UTF-8
export PATH=/sbin:/bin:/usr/sbin:/usr/bin
OS_TYPE=$(cat /etc/redhat-release | grep CentOS -c)
[[ $OS_TYPE -eq 0 ]] && exit 1
OS_VERSION=$(cat /etc/redhat-release | \
sed -e "s/CentOS Linux release//;s/CentOS release // " | cut -d'.' -f1)
# Virtualization Types and Arch
IS_OPENVZ=$( [[ -f /proc/user_beancounters ]] && echo 1 || echo 0 )
HW_TYPE=default
[[ $IS_OPENVZ -gt 0 ]] && HW_TYPE=openvz
IS_X86_64=$(uname -a | grep -wc 'x86_64')
INIT_FLAG=/root/BX_INITIAL_SETUP
MYSQL_CNF=/root/.my.cnf
# logging
LOG_DIR=/opt/webdir/logs
[[ ! -d $LOG_DIR ]] && mkdir -p $LOG_DIR
LOGS_FILE=$LOG_DIR/bvat.log
[[ -z $DEBUG ]] && DEBUG=0
[[ -f $LOGS_FILE ]] && echo -n "" > $LOGS_FILE
log_to_file(){
log_message="${1}"
notice="${2:-INFO}"
printf "%20s: %5s [%s] %s\n" \
"$(date +"%Y/%m/%d %H:%M:%S")" $$ "$notice" "$log_message" >> $LOGS_FILE
[[ $DEBUG -gt 0 ]] && \
printf "%20s: %5s [%s] %s\n" \
"$(date +"%Y/%m/%d %H:%M:%S")" $$ "$notice" "$log_message" 1>&2
}
# get available memory on board
get_available_memory(){
AVAILABLE_MEMORY=$(free | grep Mem | awk '{print $2}')
if [[ $IS_OPENVZ -gt 0 ]]; then
if [[ -z $AVAILABLE_MEMORY ]]; then
mem4kblock=`cat /proc/user_beancounters | \
grep vmguarpages|awk '{print $4}'`
mem4kblock2=`cat /proc/user_beancounters | \
grep privvmpages|awk '{print $4}'`
if [[ ${mem4kblock2} -gt ${mem4kblock} ]]; then
AVAILABLE_MEMORY=$(echo "${mem4kblock} * 4"|bc)
else
AVAILABLE_MEMORY=$(echo "${mem4kblock2} * 4"|bc)
fi
fi
fi
}
get_php_settings(){
PHP_CMD=$(which php)
APACHE_CMD=$(which httpd)
# 5.4, 5.6, 7.0 and etc
PHP_VERSION=$($PHP_CMD -v | \
egrep -o "PHP [0-9\.]+" | awk '{print $2}' | \
awk -F'.' '{printf "%d.%d", $1, $2}')
APACHE_VERSION=$($APACHE_CMD -v | \
egrep -o "Apache/[0-9\.]+" | awk -F'/' '{print $2}' | \
awk -F'.' '{printf "%d.%d", $1,$2}')
IS_APCU_PHP=$($PHP_CMD -m 2>/dev/null | grep -wc apcu)
IS_OPCACHE_PHP=$($PHP_CMD -m 2>/dev/null | grep -wc OPcache)
}
# generate random password
randpw(){
local len="${1:-20}"
if [[ $DEBUG -eq 0 ]]; then
</dev/urandom tr -dc '?!@&\-_+@%\(\)\{\}\[\]=0-9a-zA-Z' | head -c20; echo ""
else
</dev/urandom tr -dc '?!@&\-_+@%\(\)\{\}\[\]=' | head -c20; echo ""
fi
}
# copy-paste from mysql_secure_installation; you can find explanation in that script
basic_single_escape () {
echo "$1" | sed 's/\(['"'"'\]\)/\\\1/g'
}
# Centos7:
# mysql-community-server => mysql-community
# Percona-Server-server => percona
# MariaDB-server => MariaDB
# mariadb-server => mariadb
# Centos6:
# mysql-server => mysql
get_mysql_package(){
[[ -n $MYSQL_PACKAGE ]] && return 0
PACKAGES_LIST=$(rpm -qa)
MYSQL_PACKAGE=not_installed
MYSQL_SERVICE=not_installed
MYSQL_VERSION=not_installed
if [[ $(echo "$PACKAGES_LIST" | grep -c '^mysql-community-server') -gt 0 ]]; then
MYSQL_PACKAGE=mysql-community-server
MYSQL_SERVICE=mysqld
elif [[ $(echo "$PACKAGES_LIST" | grep -c '^Percona-Server-server') -gt 0 ]]; then
MYSQL_PACKAGE=Percona-Server-server
MYSQL_SERVICE=mysqld
elif [[ $(echo "$PACKAGES_LIST" | grep -c '^MariaDB-server') -gt 0 ]]; then
MYSQL_PACKAGE=MariaDB-server
MYSQL_SERVICE=mariadb
elif [[ $(echo "$PACKAGES_LIST" | grep -c '^mariadb-server') -gt 0 ]]; then
MYSQL_PACKAGE=mariadb-server
MYSQL_SERVICE=mariadb
elif [[ $(echo "$PACKAGES_LIST" | grep -c '^mysql-server') -gt 0 ]]; then
MYSQL_PACKAGE=mysql-server
MYSQL_SERVICE=mysqld
else
return 1
fi
MYSQL_VERSION=$(rpm -qa --queryformat '%{version}' ${MYSQL_PACKAGE}* | head -1 )
}
# generate client mysql config
my_config(){
local cfg="${1:-$MYSQL_CNF}"
echo "# mysql bvat config file" > $cfg
echo "[client]" >> $cfg
echo "user=root" >> $cfg
local esc_pass=$(basic_single_escape "$MYSQL_ROOTPW")
echo "password='$esc_pass'" >> $cfg
echo "socket=/var/lib/mysqld/mysqld.sock" >> $cfg
}
# run query
my_query(){
local query="${1}"
local cfg="${2:-$MYSQL_CNF}"
[[ -z $query ]] && return 1
local tmp_f=$(mktemp /tmp/XXXXX_command)
echo "$query" > $tmp_f
mysql --defaults-file=$cfg < $tmp_f >> $LOGS_FILE 2>&1
mysql_rtn=$?
rm -f $tmp_f
return $mysql_rtn
}
# query and result
my_select(){
local query="${1}"
local cfg="${2:-$MYSQL_CNF}"
[[ -z $query ]] && return 1
local tmp_f=$(mktemp /tmp/XXXXX_command)
echo "$query" > $tmp_f
mysql --defaults-file=$cfg < $tmp_f
mysql_rtn=$?
rm -f $tmp_f
return $mysql_rtn
}
my_additional_security(){
# delete anonymous users
my_query "DELETE FROM mysql.user WHERE User='';"
[[ $? -eq 0 ]] && \
log_to_file "Remove anonymous users in mysql service"
# remove remote root
my_query "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
[[ $? -eq 0 ]] && \
log_to_file "Disable remote root access in mysql service"
# remove test database
my_query "DROP DATABASE test;"
[[ $? -eq 0 ]] && \
log_to_file "Remove DB test"
my_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
[[ $? -eq 0 ]] && \
log_to_file "Remove all privileges on test DBs"
# flush privileges
my_query "FLUSH PRIVILEGES;"
[[ $? -eq 0 ]] && \
log_to_file "Reload mysql privileges"
}
# generate root password
# return 0 - generate new root password
# return 1 - settings are left as is
my_generate_rootpw(){
# test root has empty password
MYSQL_ROOTPW=''
local my_temp=$MYSQL_CNF.temp
my_config "$my_temp"
my_query "status;" "$my_temp"
[[ $? -gt 0 ]] && return 1
log_to_file "Test empty root password - pass"
# generate root password and update mysql settings
MYSQL_ROOTPW=$(randpw)
local esc_pass=$(basic_single_escape "$MYSQL_ROOTPW")
my_query \
"UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root'; FLUSH PRIVILEGES;" \
"$my_temp"
if [[ $? -eq 0 ]]; then
log_to_file "MySQL password update successfully"
rm -f $my_temp
else
log_to_file "MySQL password upadte failed"
rm -f $my_temp
return 1
fi
# create /root/.my.cnf and save settings
my_config
log_to_file "Update config file"
# configure additional options
my_additional_security
log_to_file "Main configuration mysql security is complete"
}
my_generate_sitepw(){
local site_dir="${1:-/home/bitrix/www}"
local site_dbcon="$site_dir/bitrix/php_interface/dbconn.php"
local site_settings="$site_dir/bitrix/.settings.php"
local site_db=$(cat $site_dbcon | \
grep -v '^#\|^$\|^;' | grep -w DBName | \
awk -F'=' '{print $2}' | sed -e 's/"//g;s/;//;s/\s\+//')
[[ -f $site_dbcon && -f $site_settings ]] || return 1
# test root login in config files
is_root_dbcon=$(cat $site_dbcon | grep -v '\(^$\|^;\|^#\)' | \
grep -w "DBLogin" | grep -wc root)
is_root_settings=$(cat $site_settings | grep -v '\(^$\|^;\|^#\)' | \
grep -w "login" | grep -wc root)
[[ ( $is_root_dbcon -eq 0 ) && ( $is_root_settings -eq 0 ) ]] && return 1
# create db, if not exist
[[ ! -d "/var/lib/mysql/$site_db" ]] && \
my_query "CREATE DATABASE $site_db"
# create user for site
user_id=0
user_base=bitrix
user_select=
while [[ -z $user_select ]]; do
log_to_file "Testing user=${user_base}${user_id}"
user_tmp=$(mktemp /tmp/XXXXXX_user)
is_user=0
my_select "SELECT User FROM mysql.user WHERE User='${user_base}${user_id}'" > $user_tmp 2>&1
if [[ $? -gt 0 ]]; then
log_to_file "Cannot test existence mysql user"
rm -f $user_tmp
return 1
else
is_user=$(cat $user_tmp | grep -wc "${user_base}${user_id}")
fi
[[ $is_user -eq 0 ]] && \
user_select="${user_base}${user_id}"
user_id=$(( $user_id + 1 ))
done
BITRIX_PW=$(randpw)
log_to_file "Generate user name=$user_select for default site"
# create user and its grants
esc_pass=$(basic_single_escape "$BITRIX_PW")
[[ $DEBUG -gt 0 ]] && echo "name=$user_select password=$BITRIX_PW esc_password=$esc_pass"
my_query "CREATE USER '$user_select'@'localhost' IDENTIFIED BY '$esc_pass';"
if [[ $? -gt 0 ]]; then
log_to_file "Cannot create user=$user_select"
return 1
else
log_to_file "Create user=$user_select"
fi
my_query "GRANT ALL PRIVILEGES ON $site_db.* TO '$user_select'@'localhost';"
if [[ $? -gt 0 ]]; then
log_to_file "Cannot grant access rights to user=$user_select"
return 1
else
log_to_file "Grant access rights to user=$user_select"
fi
# replace option in the config files
# because special chars we give up on sed tool
DBPassword_line=$(grep -n "^\s*\$DBPassword" $site_dbcon | awk -F':' '{print $1}')
[[ -z $DBPassword_line ]] && \
log_to_file "Cannot find DBPassword option in $site_dbcon" && \
return 1
{
head -n $(( $DBPassword_line-1 )) $site_dbcon
echo "\$DBPassword = '$esc_pass';"
tail -n +$(( $DBPassword_line+1 )) $site_dbcon
} | \
sed -e "s/\$DBLogin.\+/\$DBLogin \= \'$user_select\'\;/g" \
> $site_dbcon.tmp
mv $site_dbcon.tmp $site_dbcon
chown bitrix:bitrix $site_dbcon
chmod 640 $site_dbcon
log_to_file "Update $site_dbcon"
password_line=$(grep -n "^\s*'password'" $site_settings | awk -F':' '{print $1}')
[[ -z $password_line ]] && \
log_to_file "Cannot find password option in $site_settings" && \
return 1
{
head -n $(( $password_line-1 )) $site_settings
echo " 'password' => '$esc_pass',"
tail -n +$(( $password_line+1 )) $site_settings
} | \
sed -e "s/'login' => '.\+',/'login' => '$user_select',/g" \
> $site_settings.tmp
mv $site_settings.tmp $site_settings
chown bitrix:bitrix $site_settings
chmod 640 $site_settings
log_to_file "Update $site_settings"
}
# intial/first boot configuration script
# - set mysql root password
# - set mysql user and password for default bitrix site
bx_init(){
# generate root password and update security options
my_generate_rootpw
# generate bitrix password for default site
my_generate_sitepw
}
start(){
log_to_file "Start server configuration by Bitrix-Env"
log_to_file "OS info: version=$OS_VERSION type=$OS_TYPE x86_64=$IS_X86_64"
# get system memory on board
get_available_memory
log_to_file "Maximum available memory=${AVAILABLE_MEMORY}KB"
# directories that used for installation
install_directories="/etc/mysql/conf.d /etc/httpd/bx/conf"
for install_dir in $install_directories; do
if [[ ! -d $install_dir ]]; then
mkdir -p $install_dir
log_to_file "Create direcory=$install_dir"
fi
done
# create config that depends on installed RAM
MEMORY_LIMITS="256:512:1024:1536:2048:3072:4096:5120:6144:7168:8192:9216:10240:11264:12288:13312:14336:15360:16384:65536"
CONFIG_SRC_DIR=/etc/ansible/bvat_conf/$HW_TYPE
CONFIG_FILES="/etc/httpd/bx/conf/prefork.conf /etc/mysql/conf.d/bvat.cnf /etc/php.d/apc.ini"
min_mb=0
memory_mb=$(echo "${AVAILABLE_MEMORY}/1024"|bc)
[[ ( $IS_X86_64 -eq 0 ) && ( $memory_mb -gt 4096 ) ]] && \
memory_mb=4096
log_to_file "Desired config values between ${min_mb}MB and ${memory_mb}MB"
# get PHP info
get_php_settings
log_to_file "PHP info: version=$PHP_VERSION is_apcu=$IS_APCU_PHP is_opcache=$IS_OPCACHE_PHP"
# determine the version of the configuration file, which is suitable to the system
mysql_restart=0
httpd_restart=0
for max_mb in $(echo $MEMORY_LIMITS | \
sed -e 's/:/ /g;' ); do
# test boundaries
if [[ ( $memory_mb -gt $min_mb ) && \
( $memory_mb -le $max_mb ) ]]; then
for config in $CONFIG_FILES; do
log_to_file "Processing config=$config for system with memory_max=$max_mb"
config_bn=$(basename $config)
config_source=$CONFIG_SRC_DIR/${max_mb}_$config_bn
if [[ ! -f $config_source ]]; then
log_to_file "Not found source config=$config_source"
else
md5_config="not_exists"
[[ -f $config ]] && \
md5_config=$( md5sum $config | awk '{print $1}')
md5_config_source=$(md5sum $config_source | awk '{print $1}')
if [[ $md5_config != "$md5_config_source" ]]; then
cp -f $config_source $config
if [[ $? -gt 0 ]]; then
log_to_file "Cannot copy $config_source to $config"
else
log_to_file "Copy $config_source to $config"
[[ $(echo "$config" | grep -wc mysql) -gt 0 ]] && \
mysql_restart=1
[[ $(echo "$config" | grep -wc "\(php\|httpd\)") -gt 0 ]] && \
httpd_restart=1
fi
fi
fi
done
fi
min_mb=$max_mb
done
# restart services
if [[ $mysql_restart -gt 0 ]]; then
get_mysql_package
if [[ $OS_VERSION -eq 7 ]]; then
systemctl restart $MYSQL_SERVICE >> $LOGS_FILE 2>&1
else
service mysqld restart >> $LOGS_FILE 2>&1
fi
fi
if [[ $httpd_restart -gt 0 ]]; then
if [[ $OS_VERSION -eq 7 ]]; then
systemctl restart httpd >> $LOGS_FILE 2>&1
else
service httpd restart >> $LOGS_FILE 2>&1
fi
fi
# replaces MaxClients options for httpd 2.4
if [[ "$APACHE_VERSION" == "2.4" ]]; then
sed -i 's/MaxClients/MaxRequestWorkers/g' /etc/httpd/bx/conf/prefork.conf
log_to_file "Replace MaxClient option in config=/etc/httpd/bx/conf/prefork.conf"
fi
# increase max_input_vars for php 5.4 and above
if [[ $(echo "$PHP_VERSION" | egrep -c '^(5\.[456]|7\.[0-9])$') ]]; then
sed -i 's/max_input_vars = 4000/max_input_vars = 10000/' /etc/php.d/bitrixenv.ini
log_to_file "Increase max_input_vars value in /etc/php.d/bitrixenv.ini"
fi
# configure apcu module
if [[ ( $IS_APCU_PHP -gt 0 ) && ( -f /etc/php.d/apc.ini ) ]]; then
sed -i 's/apc.so/apcu.so/' /etc/php.d/apc.ini
if [[ "$PHP_VERSION" == "5.4" ]]; then
mv -f /etc/php.d/apc.ini /etc/php.d/apcu.ini
elif [[ "$PHP_VERSION" == "5.6" ]]; then
mv -f /etc/php.d/apc.ini /etc/php.d/40-apcu.ini
elif [[ "$PHP_VERSION" == "7.0" ]]; then
mv -f /etc/php.d/apc.ini /etc/php.d/40-apcu.ini
fi
fi
# configure opcache module
if [[ $IS_OPCACHE_PHP -gt 0 ]]; then
opcache_template=/etc/ansible/bvat_conf/opcache.ini.bx
opcache_memory_mb=$(echo "$memory_mb" | \
awk '{printf "%.2f", $1/8}' | awk -F'.' '{print $1}')
[[ $opcache_memory_mb -lt 64 ]] && opcache_memory_mb=64
[[ $opcache_memory_mb -gt 2048 ]] && opcache_memory_mb=2048
opcache_config=/etc/php.d/opcache.ini
[[ "$PHP_VERSION" == "5.6" ]] && opcache_config=/etc/php.d/10-opcache.ini
[[ "$PHP_VERSION" == "7.0" ]] && opcache_config=/etc/php.d/10-opcache.ini
# delete old config file; if there is one
[[ ( "$PHP_VERSION" == "5.6" ) && \
( -f /etc/php.d/opcache.ini ) ]] && \
rm -f /etc/php.d/opcache.ini
# update opcache config
if [[ -f $opcache_template ]]; then
cat $opcache_template | \
sed -e "s:__MEMORY__:$opcache_memory_mb:;" \
> $opcache_config 2>/dev/null && \
log_to_file "Update opcache config=$opcache_config"
fi
fi
# disable or enable xmpp daemon
if [[ -f /etc/init.d/xmpp ]]; then
if [[ $memory_mb -le 512 ]]; then
chkconfig xmpp off
else
chkconfig xmpp on
fi
fi
chmod 0664 /etc/php.d/*.ini
ulimit -n 10240
# change issue message (that used in login screen)
/opt/webdir/bin/bx_motd > /etc/issue 2>/dev/null
# generate root password and site user password
if [[ -f $INIT_FLAG ]]; then
bx_init
rm -f $INIT_FLAG
fi
}
test_f(){
DEBUG=1
bx_init
}
### main
action=$1
[[ -z $action ]] && action=start
case "$1" in
start|restart|"")
start
;;
stop)
# No-op
;;
test)
test_f
;;
*)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
esac
exit 0