2019-08-05 04:56:33 +02:00
|
|
|
import configparser
|
|
|
|
|
import os
|
|
|
|
|
import random
|
|
|
|
|
import shutil
|
|
|
|
|
import string
|
2019-09-02 04:37:13 +02:00
|
|
|
|
2019-09-02 23:23:47 +02:00
|
|
|
import psutil
|
2019-08-05 04:56:33 +02:00
|
|
|
from wo.core.apt_repo import WORepo
|
|
|
|
|
from wo.core.aptget import WOAptGet
|
|
|
|
|
from wo.core.cron import WOCron
|
|
|
|
|
from wo.core.extract import WOExtract
|
|
|
|
|
from wo.core.fileutils import WOFileUtils
|
|
|
|
|
from wo.core.git import WOGit
|
|
|
|
|
from wo.core.logging import Log
|
|
|
|
|
from wo.core.mysql import WOMysql
|
2019-10-03 15:44:23 +02:00
|
|
|
from wo.core.nginxhashbucket import hashbucket
|
2019-08-05 04:56:33 +02:00
|
|
|
from wo.core.services import WOService
|
|
|
|
|
from wo.core.shellexec import CommandExecutionError, WOShellExec
|
2019-09-21 16:42:49 +02:00
|
|
|
from wo.core.sslutils import SSL
|
2019-09-02 04:37:13 +02:00
|
|
|
from wo.core.template import WOTemplate
|
2019-10-02 13:13:32 +02:00
|
|
|
from wo.core.variables import WOVar
|
2019-12-03 19:48:18 +01:00
|
|
|
from wo.core.stackconf import WOConf
|
2020-04-23 16:36:30 +02:00
|
|
|
from wo.core.download import WODownload
|
2024-04-21 12:48:11 +02:00
|
|
|
from wo.core.checkfqdn import WOFqdn
|
2019-08-05 04:56:33 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def pre_pref(self, apt_packages):
|
|
|
|
|
"""Pre settings to do before installation packages"""
|
|
|
|
|
|
2019-09-06 14:27:45 +02:00
|
|
|
if ("mariadb-server" in apt_packages or "mariadb-client" in apt_packages):
|
2019-08-05 04:56:33 +02:00
|
|
|
# add mariadb repository excepted on raspbian and ubuntu 19.04
|
2024-06-04 17:47:25 +02:00
|
|
|
if not (WOVar.wo_distro == 'raspbian'):
|
2019-08-05 04:56:33 +02:00
|
|
|
Log.info(self, "Adding repository for MySQL, please wait...")
|
2019-11-11 19:06:11 +01:00
|
|
|
mysql_pref = (
|
|
|
|
|
"Package: *\nPin: origin mariadb.mirrors.ovh.net"
|
|
|
|
|
"\nPin-Priority: 1000\n")
|
2019-08-05 04:56:33 +02:00
|
|
|
with open('/etc/apt/preferences.d/'
|
|
|
|
|
'MariaDB.pref', 'w') as mysql_pref_file:
|
|
|
|
|
mysql_pref_file.write(mysql_pref)
|
2023-08-13 13:16:39 +02:00
|
|
|
if self.app.config.has_section('mariadb'):
|
|
|
|
|
mariadb_ver = self.app.config.get(
|
|
|
|
|
'mariadb', 'release')
|
2024-06-04 17:47:25 +02:00
|
|
|
wo_mysql_repo_conf = ("deb [signed-by=/etc/apt/keyrings/mariadb-keyring.pgp] "
|
2023-08-13 13:16:39 +02:00
|
|
|
"http://mariadb.mirrors.ovh.net/MariaDB/repo/"
|
2024-06-04 17:47:25 +02:00
|
|
|
f"{mariadb_ver}/{WOVar.wo_distro} {WOVar.wo_platform_codename} main")
|
2023-08-13 13:16:39 +02:00
|
|
|
else:
|
|
|
|
|
wo_mysql_repo_conf = WOVar.wo_mysql_repo
|
|
|
|
|
# APT repositories
|
2024-06-07 14:53:50 +02:00
|
|
|
WORepo.add(self, repo_url=wo_mysql_repo_conf, repo_name="mariadb")
|
2020-10-22 14:34:03 +02:00
|
|
|
if ("mariadb-server" in apt_packages and
|
|
|
|
|
not os.path.exists('/etc/mysql/conf.d/my.cnf')):
|
2019-08-05 04:56:33 +02:00
|
|
|
# generate random 24 characters root password
|
|
|
|
|
chars = ''.join(random.sample(string.ascii_letters, 24))
|
|
|
|
|
# generate my.cnf root credentials
|
|
|
|
|
mysql_config = """
|
|
|
|
|
[client]
|
|
|
|
|
user = root
|
|
|
|
|
password = {chars}
|
2020-11-10 12:54:53 +01:00
|
|
|
socket = /run/mysqld/mysqld.sock
|
2019-08-05 04:56:33 +02:00
|
|
|
""".format(chars=chars)
|
|
|
|
|
config = configparser.ConfigParser()
|
|
|
|
|
config.read_string(mysql_config)
|
|
|
|
|
Log.debug(self, 'Writting configuration into MySQL file')
|
2020-10-22 11:15:20 +02:00
|
|
|
conf_path = "/etc/mysql/conf.d/my.cnf.tmp"
|
2019-08-05 04:56:33 +02:00
|
|
|
os.makedirs(os.path.dirname(conf_path), exist_ok=True)
|
2024-05-17 23:59:50 +02:00
|
|
|
with os.fdopen(os.open(conf_path, os.O_WRONLY | os.O_CREAT, 0o600), 'w', encoding='utf-8') as configfile:
|
2019-08-05 04:56:33 +02:00
|
|
|
config.write(configfile)
|
|
|
|
|
|
|
|
|
|
# add nginx repository
|
2019-10-02 13:13:32 +02:00
|
|
|
if set(WOVar.wo_nginx).issubset(set(apt_packages)):
|
|
|
|
|
if (WOVar.wo_distro == 'ubuntu'):
|
2019-12-04 23:34:03 +01:00
|
|
|
Log.info(self, "Adding repository for NGINX, please wait...")
|
|
|
|
|
WORepo.add(self, ppa=WOVar.wo_nginx_repo)
|
|
|
|
|
Log.debug(self, 'Adding ppa for Nginx')
|
2019-08-05 04:56:33 +02:00
|
|
|
else:
|
2024-06-07 14:53:50 +02:00
|
|
|
if not os.path.exists('/etc/apt/sources.list.d/wordops.list'):
|
2019-10-25 23:58:08 +02:00
|
|
|
Log.info(self, "Adding repository for NGINX, please wait...")
|
|
|
|
|
Log.debug(self, 'Adding repository for Nginx')
|
2024-06-07 14:53:50 +02:00
|
|
|
WORepo.add(self, repo_url=WOVar.wo_nginx_repo, repo_name="wordops")
|
2019-08-05 04:56:33 +02:00
|
|
|
|
|
|
|
|
# add php repository
|
2019-12-03 19:48:18 +01:00
|
|
|
if (('php7.3-fpm' in apt_packages) or
|
2022-12-10 10:37:20 -03:00
|
|
|
('php7.2-fpm' in apt_packages) or
|
|
|
|
|
('php7.4-fpm' in apt_packages) or
|
|
|
|
|
('php8.0-fpm' in apt_packages) or
|
|
|
|
|
('php8.1-fpm' in apt_packages) or
|
2023-11-24 00:11:57 +01:00
|
|
|
('php8.2-fpm' in apt_packages) or
|
|
|
|
|
('php8.3-fpm' in apt_packages)):
|
2019-10-02 13:13:32 +02:00
|
|
|
if (WOVar.wo_distro == 'ubuntu'):
|
2019-08-05 04:56:33 +02:00
|
|
|
Log.debug(self, 'Adding ppa for PHP')
|
2019-12-04 23:34:03 +01:00
|
|
|
Log.info(self, "Adding repository for PHP, please wait...")
|
|
|
|
|
WORepo.add(self, ppa=WOVar.wo_php_repo)
|
2019-08-05 04:56:33 +02:00
|
|
|
else:
|
|
|
|
|
# Add repository for php
|
2019-10-02 13:13:32 +02:00
|
|
|
if (WOVar.wo_platform_codename == 'buster'):
|
2019-08-05 04:56:33 +02:00
|
|
|
php_pref = ("Package: *\nPin: origin "
|
|
|
|
|
"packages.sury.org"
|
|
|
|
|
"\nPin-Priority: 1000\n")
|
2019-10-25 23:58:08 +02:00
|
|
|
with open(
|
|
|
|
|
'/etc/apt/preferences.d/'
|
|
|
|
|
'PHP.pref', mode='w',
|
|
|
|
|
encoding='utf-8') as php_pref_file:
|
2019-08-05 04:56:33 +02:00
|
|
|
php_pref_file.write(php_pref)
|
2024-06-07 14:53:50 +02:00
|
|
|
if not os.path.exists('/etc/apt/sources.list.d/php.list'):
|
2019-10-25 23:58:08 +02:00
|
|
|
Log.debug(self, 'Adding repo_url of php for debian')
|
|
|
|
|
Log.info(self, "Adding repository for PHP, please wait...")
|
2024-06-07 14:53:50 +02:00
|
|
|
WORepo.add(self, repo_url=WOVar.wo_php_repo, repo_name="php")
|
|
|
|
|
|
2019-08-05 04:56:33 +02:00
|
|
|
# add redis repository
|
2019-10-02 13:13:32 +02:00
|
|
|
if set(WOVar.wo_redis).issubset(set(apt_packages)):
|
2024-06-07 14:53:50 +02:00
|
|
|
if not os.path.exists('/etc/apt/sources.list.d/redis.list'):
|
|
|
|
|
WORepo.add(self, repo_url=WOVar.wo_redis_repo, repo_name="redis")
|
2019-10-31 15:42:42 +01:00
|
|
|
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2019-08-27 15:12:01 +02:00
|
|
|
def post_pref(self, apt_packages, packages, upgrade=False):
|
2019-08-05 04:56:33 +02:00
|
|
|
"""Post activity after installation of packages"""
|
|
|
|
|
if (apt_packages):
|
|
|
|
|
# Nginx configuration
|
2019-10-02 13:13:32 +02:00
|
|
|
if set(WOVar.wo_nginx).issubset(set(apt_packages)):
|
2023-08-26 15:27:02 +02:00
|
|
|
Log.wait(self, "Configuring Nginx")
|
2019-08-05 21:48:14 +02:00
|
|
|
# Nginx main configuration
|
2019-08-19 17:40:21 +02:00
|
|
|
ngxcnf = '/etc/nginx/conf.d'
|
|
|
|
|
ngxcom = '/etc/nginx/common'
|
2019-08-19 17:55:46 +02:00
|
|
|
ngxroot = '/var/www/'
|
2019-09-25 14:47:48 +02:00
|
|
|
WOGit.add(self, ["/etc/nginx"], msg="Adding Nginx into Git")
|
2019-12-03 19:48:18 +01:00
|
|
|
data = dict(tls13=True, release=WOVar.wo_version)
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self,
|
2019-08-27 15:12:01 +02:00
|
|
|
'/etc/nginx/nginx.conf',
|
2024-06-08 16:04:57 +02:00
|
|
|
'nginx-core.mustache', data, overwrite=True)
|
2019-08-13 09:46:21 +02:00
|
|
|
|
2019-08-19 17:44:34 +02:00
|
|
|
if not os.path.isfile('{0}/gzip.conf.disabled'.format(ngxcnf)):
|
2019-12-03 19:48:18 +01:00
|
|
|
data = dict(release=WOVar.wo_version)
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self, '{0}/gzip.conf'.format(ngxcnf),
|
2019-08-27 15:12:01 +02:00
|
|
|
'gzip.mustache', data)
|
2019-08-13 09:46:21 +02:00
|
|
|
|
2019-08-19 17:51:11 +02:00
|
|
|
if not os.path.isfile('{0}/brotli.conf'.format(ngxcnf)):
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self,
|
2019-08-27 15:12:01 +02:00
|
|
|
'{0}/brotli.conf.disabled'
|
|
|
|
|
.format(ngxcnf),
|
|
|
|
|
'brotli.mustache', data)
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self, '{0}/tweaks.conf'.format(ngxcnf),
|
2019-08-27 15:12:01 +02:00
|
|
|
'tweaks.mustache', data)
|
2019-08-16 22:57:26 +02:00
|
|
|
|
2019-08-05 04:56:33 +02:00
|
|
|
# Fix for white screen death with NGINX PLUS
|
|
|
|
|
if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
|
|
|
|
|
'SCRIPT_FILENAME'):
|
|
|
|
|
with open('/etc/nginx/fastcgi_params',
|
|
|
|
|
encoding='utf-8', mode='a') as wo_nginx:
|
|
|
|
|
wo_nginx.write('fastcgi_param \tSCRIPT_FILENAME '
|
|
|
|
|
'\t$request_filename;\n')
|
2024-06-11 22:24:34 +02:00
|
|
|
if not WOFileUtils.grep(self, '/etc/nginx/fastcgi_params',
|
|
|
|
|
'HTTP_HOST'):
|
|
|
|
|
WOFileUtils.textappend(self, '/etc/nginx/fastcgi_params',
|
|
|
|
|
'# Fix for HTTP/3 QUIC HTTP_HOST\n'
|
2024-06-11 22:53:06 +02:00
|
|
|
'fastcgi_param\tHTTP_HOST\t$host;\n')
|
2024-06-11 22:24:34 +02:00
|
|
|
if not WOFileUtils.grep(self, '/etc/nginx/proxy_params',
|
|
|
|
|
'X-Forwarded-Host'):
|
|
|
|
|
WOFileUtils.textappend(self, '/etc/nginx/proxy_params',
|
2024-06-11 22:27:33 +02:00
|
|
|
'proxy_set_header X-Forwarded-Host $host;\n')
|
2024-06-11 22:24:34 +02:00
|
|
|
if not WOFileUtils.grep(self, '/etc/nginx/proxy_params',
|
|
|
|
|
'X-Forwarded-Port'):
|
|
|
|
|
WOFileUtils.textappend(self, '/etc/nginx/proxy_params',
|
2024-06-11 22:27:33 +02:00
|
|
|
'proxy_set_header X-Forwarded-Port $server_port;\n')
|
2019-09-01 20:39:12 +02:00
|
|
|
try:
|
|
|
|
|
data = dict(php="9000", debug="9001",
|
2019-12-03 19:48:18 +01:00
|
|
|
php7="9070", debug7="9170",
|
|
|
|
|
release=WOVar.wo_version)
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(
|
2019-09-01 20:39:12 +02:00
|
|
|
self, '{0}/upstream.conf'.format(ngxcnf),
|
|
|
|
|
'upstream.mustache', data, overwrite=True)
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2019-11-11 19:06:11 +01:00
|
|
|
data = dict(phpconf=(
|
2019-12-03 19:48:18 +01:00
|
|
|
bool(WOAptGet.is_installed(self, 'php7.2-fpm'))),
|
|
|
|
|
release=WOVar.wo_version)
|
2019-11-11 19:06:11 +01:00
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '{0}/stub_status.conf'.format(ngxcnf),
|
|
|
|
|
'stub_status.mustache', data)
|
2019-12-03 19:48:18 +01:00
|
|
|
data = dict(release=WOVar.wo_version)
|
2019-11-11 19:06:11 +01:00
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '{0}/webp.conf'.format(ngxcnf),
|
|
|
|
|
'webp.mustache', data, overwrite=False)
|
2020-09-15 08:24:38 +07:00
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '{0}/avif.conf'.format(ngxcnf),
|
|
|
|
|
'avif.mustache', data, overwrite=False)
|
2019-11-11 19:06:11 +01:00
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self,
|
|
|
|
|
'{0}/map-wp-fastcgi-cache.conf'.format(ngxcnf),
|
|
|
|
|
'map-wp.mustache', data)
|
2019-09-01 20:39:12 +02:00
|
|
|
except CommandExecutionError as e:
|
|
|
|
|
Log.debug(self, "{0}".format(e))
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
# Setup Nginx common directory
|
2019-08-19 17:40:21 +02:00
|
|
|
if not os.path.exists('{0}'.format(ngxcom)):
|
2019-08-05 09:45:08 +02:00
|
|
|
Log.debug(self, 'Creating directory'
|
|
|
|
|
'/etc/nginx/common')
|
|
|
|
|
os.makedirs('/etc/nginx/common')
|
|
|
|
|
|
2019-09-01 20:39:12 +02:00
|
|
|
try:
|
2019-12-03 19:48:18 +01:00
|
|
|
data = dict(release=WOVar.wo_version)
|
2019-08-27 15:12:01 +02:00
|
|
|
|
2019-09-01 20:39:12 +02:00
|
|
|
# Common Configuration
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self,
|
2019-09-01 20:39:12 +02:00
|
|
|
'{0}/locations-wo.conf'
|
|
|
|
|
.format(ngxcom),
|
|
|
|
|
'locations.mustache', data)
|
2022-09-13 15:22:09 +02:00
|
|
|
# traffic advice file
|
|
|
|
|
WOTemplate.deploy(self,
|
|
|
|
|
'/var/www/html/'
|
|
|
|
|
'.well-known/traffic-advice',
|
|
|
|
|
'traffic-advice.mustache', data)
|
2019-08-27 15:12:01 +02:00
|
|
|
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self,
|
2019-09-01 20:39:12 +02:00
|
|
|
'{0}/wpsubdir.conf'
|
|
|
|
|
.format(ngxcom),
|
|
|
|
|
'wpsubdir.mustache', data)
|
2019-08-27 15:12:01 +02:00
|
|
|
|
2023-08-13 13:16:39 +02:00
|
|
|
for wo_php in WOVar.wo_php_versions:
|
2019-12-03 19:48:18 +01:00
|
|
|
data = dict(upstream="{0}".format(wo_php),
|
|
|
|
|
release=WOVar.wo_version)
|
2019-12-08 01:36:08 +01:00
|
|
|
WOConf.nginxcommon(self)
|
2019-08-27 15:12:01 +02:00
|
|
|
|
2019-09-01 20:39:12 +02:00
|
|
|
except CommandExecutionError as e:
|
|
|
|
|
Log.debug(self, "{0}".format(e))
|
2019-08-05 09:45:08 +02:00
|
|
|
|
2019-09-01 16:50:13 +02:00
|
|
|
with open("/etc/nginx/common/release",
|
2019-12-03 19:48:18 +01:00
|
|
|
"w", encoding='utf-8') as release_file:
|
2019-09-01 16:50:13 +02:00
|
|
|
release_file.write("v{0}"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_version))
|
2019-09-01 16:50:13 +02:00
|
|
|
release_file.close()
|
2019-08-05 09:45:08 +02:00
|
|
|
|
|
|
|
|
# Following files should not be overwrited
|
|
|
|
|
|
2019-12-03 19:48:18 +01:00
|
|
|
data = dict(webroot=ngxroot, release=WOVar.wo_version)
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self,
|
2019-08-27 15:12:01 +02:00
|
|
|
'{0}/acl.conf'
|
|
|
|
|
.format(ngxcom),
|
|
|
|
|
'acl.mustache', data, overwrite=False)
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self,
|
2019-08-27 15:12:01 +02:00
|
|
|
'{0}/blockips.conf'
|
|
|
|
|
.format(ngxcnf),
|
|
|
|
|
'blockips.mustache', data, overwrite=False)
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self,
|
2019-08-27 15:12:01 +02:00
|
|
|
'{0}/fastcgi.conf'
|
|
|
|
|
.format(ngxcnf),
|
2019-09-01 16:50:13 +02:00
|
|
|
'fastcgi.mustache', data, overwrite=True)
|
2019-08-05 09:45:08 +02:00
|
|
|
|
|
|
|
|
# add redis cache format if not already done
|
|
|
|
|
if (os.path.isfile("/etc/nginx/nginx.conf") and
|
|
|
|
|
not os.path.isfile("/etc/nginx/conf.d"
|
|
|
|
|
"/redis.conf")):
|
|
|
|
|
with open("/etc/nginx/conf.d/"
|
|
|
|
|
"redis.conf", "a") as redis_file:
|
2019-08-31 14:18:38 +02:00
|
|
|
redis_file.write(
|
|
|
|
|
"# Log format Settings\n"
|
|
|
|
|
"log_format rt_cache_redis "
|
|
|
|
|
"'$remote_addr "
|
|
|
|
|
"$upstream_response_time "
|
|
|
|
|
"$srcache_fetch_status "
|
|
|
|
|
"[$time_local] '\n"
|
2024-06-11 22:49:53 +02:00
|
|
|
"'$host \"$request\" $status"
|
2019-08-31 14:18:38 +02:00
|
|
|
" $body_bytes_sent '\n"
|
|
|
|
|
"'\"$http_referer\" "
|
|
|
|
|
"\"$http_user_agent\"';\n")
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2019-12-05 20:36:18 +01:00
|
|
|
if not os.path.exists('/etc/nginx/bots.d'):
|
|
|
|
|
WOFileUtils.textwrite(
|
|
|
|
|
self, '/etc/nginx/conf.d/variables-hash.conf',
|
|
|
|
|
'variables_hash_max_size 4096;\n'
|
|
|
|
|
'variables_hash_bucket_size 4096;')
|
|
|
|
|
|
|
|
|
|
# Nginx-Plus does not have nginx
|
|
|
|
|
# package structure like this
|
|
|
|
|
# So creating directories
|
2019-08-05 09:45:08 +02:00
|
|
|
if not os.path.exists('/etc/nginx/sites-available'):
|
|
|
|
|
Log.debug(self, 'Creating directory'
|
|
|
|
|
'/etc/nginx/sites-available')
|
|
|
|
|
os.makedirs('/etc/nginx/sites-available')
|
|
|
|
|
|
|
|
|
|
if not os.path.exists('/etc/nginx/sites-enabled'):
|
|
|
|
|
Log.debug(self, 'Creating directory'
|
|
|
|
|
'/etc/nginx/sites-available')
|
|
|
|
|
os.makedirs('/etc/nginx/sites-enabled')
|
|
|
|
|
|
2019-09-02 04:37:13 +02:00
|
|
|
# 22222 port settings
|
2020-02-26 10:01:27 +01:00
|
|
|
if os.path.exists('/etc/nginx/sites-available/22222'):
|
|
|
|
|
Log.debug(self, "looking for the current backend port")
|
|
|
|
|
for line in open('/etc/nginx/sites-available/22222',
|
|
|
|
|
encoding='utf-8'):
|
|
|
|
|
if 'listen' in line:
|
|
|
|
|
listen_line = line.strip()
|
|
|
|
|
break
|
|
|
|
|
port = (listen_line).split(' ')
|
|
|
|
|
current_backend_port = (port[1]).strip()
|
|
|
|
|
else:
|
|
|
|
|
current_backend_port = '22222'
|
|
|
|
|
|
|
|
|
|
if 'current_backend_port' not in locals():
|
|
|
|
|
current_backend_port = '22222'
|
|
|
|
|
|
2020-01-13 18:24:18 +01:00
|
|
|
data = dict(webroot=ngxroot,
|
2020-02-26 10:01:27 +01:00
|
|
|
release=WOVar.wo_version, port=current_backend_port)
|
|
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self,
|
|
|
|
|
'/etc/nginx/sites-available/22222',
|
|
|
|
|
'22222.mustache', data, overwrite=True)
|
|
|
|
|
|
2019-09-02 04:37:13 +02:00
|
|
|
passwd = ''.join([random.choice
|
|
|
|
|
(string.ascii_letters + string.digits)
|
|
|
|
|
for n in range(24)])
|
|
|
|
|
if not os.path.isfile('/etc/nginx/htpasswd-wo'):
|
2019-08-05 09:45:08 +02:00
|
|
|
try:
|
2019-08-31 14:18:38 +02:00
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, "printf \"WordOps:"
|
2022-09-16 17:19:18 +02:00
|
|
|
"$(openssl passwd -apr1 "
|
2019-08-31 14:18:38 +02:00
|
|
|
"{password} 2> /dev/null)\n\""
|
|
|
|
|
"> /etc/nginx/htpasswd-wo "
|
|
|
|
|
"2>/dev/null"
|
|
|
|
|
.format(password=passwd))
|
2019-08-05 09:45:08 +02:00
|
|
|
except CommandExecutionError as e:
|
|
|
|
|
Log.debug(self, "{0}".format(e))
|
|
|
|
|
Log.error(self, "Failed to save HTTP Auth")
|
2019-09-02 04:37:13 +02:00
|
|
|
if not os.path.islink('/etc/nginx/sites-enabled/22222'):
|
|
|
|
|
# Create Symbolic link for 22222
|
2019-08-31 14:18:38 +02:00
|
|
|
WOFileUtils.create_symlink(
|
|
|
|
|
self, ['/etc/nginx/'
|
|
|
|
|
'sites-available/'
|
|
|
|
|
'22222',
|
|
|
|
|
'/etc/nginx/'
|
|
|
|
|
'sites-enabled/'
|
|
|
|
|
'22222'])
|
2019-09-06 14:27:45 +02:00
|
|
|
# Create log and cert folder and softlinks
|
|
|
|
|
if not os.path.exists('{0}22222/logs'
|
|
|
|
|
.format(ngxroot)):
|
|
|
|
|
Log.debug(self, "Creating directory "
|
|
|
|
|
"{0}22222/logs "
|
|
|
|
|
.format(ngxroot))
|
|
|
|
|
os.makedirs('{0}22222/logs'
|
2019-08-31 14:18:38 +02:00
|
|
|
.format(ngxroot))
|
|
|
|
|
|
2019-09-06 14:27:45 +02:00
|
|
|
if not os.path.exists('{0}22222/cert'
|
|
|
|
|
.format(ngxroot)):
|
|
|
|
|
Log.debug(self, "Creating directory "
|
|
|
|
|
"{0}22222/cert"
|
|
|
|
|
.format(ngxroot))
|
|
|
|
|
os.makedirs('{0}22222/cert'
|
2019-08-31 14:18:38 +02:00
|
|
|
.format(ngxroot))
|
|
|
|
|
|
2019-09-06 14:27:45 +02:00
|
|
|
if not os.path.isdir('{0}22222/conf/nginx'
|
|
|
|
|
.format(ngxroot)):
|
|
|
|
|
Log.debug(self, "Creating directory "
|
|
|
|
|
"{0}22222/conf/nginx"
|
|
|
|
|
.format(ngxroot))
|
|
|
|
|
os.makedirs('{0}22222/conf/nginx'
|
2019-08-31 14:18:38 +02:00
|
|
|
.format(ngxroot))
|
|
|
|
|
|
2019-09-06 14:27:45 +02:00
|
|
|
WOFileUtils.create_symlink(
|
|
|
|
|
self,
|
|
|
|
|
['/var/log/nginx/'
|
|
|
|
|
'22222.access.log',
|
|
|
|
|
'{0}22222/'
|
|
|
|
|
'logs/access.log'
|
|
|
|
|
.format(ngxroot)]
|
|
|
|
|
)
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2019-09-06 14:27:45 +02:00
|
|
|
WOFileUtils.create_symlink(
|
|
|
|
|
self,
|
|
|
|
|
['/var/log/nginx/'
|
|
|
|
|
'22222.error.log',
|
|
|
|
|
'{0}22222/'
|
|
|
|
|
'logs/error.log'
|
|
|
|
|
.format(ngxroot)]
|
|
|
|
|
)
|
|
|
|
|
if (not os.path.isfile('{0}22222/cert/22222.key'
|
|
|
|
|
.format(ngxroot))):
|
2019-09-06 16:13:46 +02:00
|
|
|
SSL.selfsignedcert(self, proftpd=False, backend=True)
|
2019-09-06 14:27:45 +02:00
|
|
|
|
2020-02-07 15:03:42 +01:00
|
|
|
if not os.path.exists('{0}22222/conf/nginx/ssl.conf'
|
2019-09-06 14:27:45 +02:00
|
|
|
.format(ngxroot)):
|
|
|
|
|
with open("/var/www/22222/conf/nginx/"
|
|
|
|
|
"ssl.conf", "w") as php_file:
|
|
|
|
|
php_file.write("ssl_certificate "
|
|
|
|
|
"/var/www/22222/cert/22222.crt;\n"
|
|
|
|
|
"ssl_certificate_key "
|
2022-06-15 11:31:28 +02:00
|
|
|
"/var/www/22222/cert/22222.key;\n"
|
|
|
|
|
"ssl_stapling off;\n")
|
2019-09-01 20:39:12 +02:00
|
|
|
|
2024-04-21 12:48:11 +02:00
|
|
|
server_ip = WOFqdn.get_server_ip(self)
|
|
|
|
|
if server_ip is None:
|
2024-04-21 18:18:13 +02:00
|
|
|
server_ip = WOVar.wo_fqdn
|
2019-08-27 15:12:01 +02:00
|
|
|
|
2019-08-31 01:02:16 +02:00
|
|
|
if set(["nginx"]).issubset(set(apt_packages)):
|
|
|
|
|
print("WordOps backend configuration was successful\n"
|
|
|
|
|
"You can access it on : https://{0}:22222"
|
|
|
|
|
.format(server_ip))
|
|
|
|
|
print("HTTP Auth User Name: WordOps" +
|
|
|
|
|
"\nHTTP Auth Password : {0}".format(passwd))
|
|
|
|
|
WOService.reload_service(self, 'nginx')
|
|
|
|
|
else:
|
|
|
|
|
self.msg = (self.msg + ["HTTP Auth User "
|
|
|
|
|
"Name: WordOps"] +
|
|
|
|
|
["HTTP Auth Password : {0}"
|
|
|
|
|
.format(passwd)])
|
2024-06-01 19:10:41 +02:00
|
|
|
self.msg = (self.msg + [f'WordOps backend is available on https://{server_ip}:22222 '
|
2024-05-23 15:30:05 +02:00
|
|
|
f'or https://{WOVar.wo_fqdn}:22222'])
|
2019-08-27 15:12:01 +02:00
|
|
|
|
2022-09-18 20:32:55 +02:00
|
|
|
data = dict(release=WOVar.wo_version)
|
|
|
|
|
WOTemplate.deploy(self, '/opt/cf-update.sh',
|
|
|
|
|
'cf-update.mustache',
|
|
|
|
|
data, overwrite=True)
|
|
|
|
|
WOFileUtils.chmod(self, "/opt/cf-update.sh", 0o775)
|
|
|
|
|
Log.debug(self, 'Creating Cloudflare.conf')
|
|
|
|
|
WOShellExec.cmd_exec(self, '/opt/cf-update.sh')
|
|
|
|
|
WOCron.setcron_weekly(self, '/opt/cf-update.sh '
|
|
|
|
|
'> /dev/null 2>&1',
|
|
|
|
|
comment='Cloudflare IP refresh cronjob '
|
|
|
|
|
'added by WordOps')
|
2019-08-27 15:12:01 +02:00
|
|
|
|
|
|
|
|
# Nginx Configation into GIT
|
2019-09-27 11:58:02 +02:00
|
|
|
if not WOService.restart_service(self, 'nginx'):
|
|
|
|
|
try:
|
|
|
|
|
hashbucket(self)
|
|
|
|
|
WOService.restart_service(self, 'nginx')
|
|
|
|
|
except Exception:
|
|
|
|
|
Log.warn(
|
|
|
|
|
self, "increasing nginx server_names_hash_bucket_size "
|
|
|
|
|
"do not fix the issue")
|
|
|
|
|
Log.info(self, "Rolling back to previous configuration")
|
|
|
|
|
WOGit.rollback(self, ["/etc/nginx"])
|
|
|
|
|
if not WOService.restart_service(self, 'nginx'):
|
|
|
|
|
Log.error(
|
|
|
|
|
self, "There is an error in Nginx configuration.\n"
|
|
|
|
|
"Use the command nginx -t to identify "
|
|
|
|
|
"the cause of this issue", False)
|
2019-10-03 15:44:23 +02:00
|
|
|
else:
|
2023-08-26 15:27:02 +02:00
|
|
|
Log.valide(self, "Configuring Nginx")
|
2019-10-03 15:44:23 +02:00
|
|
|
WOGit.add(self, ["/etc/nginx"], msg="Adding Nginx into Git")
|
2019-10-23 12:24:30 +02:00
|
|
|
if not os.path.isdir('/etc/systemd/system/nginx.service.d'):
|
2019-10-23 13:47:04 +02:00
|
|
|
WOFileUtils.mkdir(self,
|
|
|
|
|
'/etc/systemd/system/nginx.service.d')
|
2019-10-23 12:24:30 +02:00
|
|
|
if not os.path.isdir(
|
|
|
|
|
'/etc/systemd/system/nginx.service.d/limits.conf'):
|
|
|
|
|
with open(
|
|
|
|
|
'/etc/systemd/system/nginx.service.d/limits.conf',
|
|
|
|
|
encoding='utf-8', mode='w') as ngx_limit:
|
|
|
|
|
ngx_limit.write('[Service]\nLimitNOFILE=500000')
|
|
|
|
|
WOShellExec.cmd_exec(self, 'systemctl daemon-reload')
|
|
|
|
|
WOService.restart_service(self, 'nginx')
|
2019-08-05 09:45:08 +02:00
|
|
|
|
2023-08-05 10:48:56 +02:00
|
|
|
# php conf
|
|
|
|
|
php_list = []
|
2023-08-13 15:07:26 +02:00
|
|
|
for version in list(WOVar.wo_php_versions.values()):
|
2023-08-26 14:18:45 +02:00
|
|
|
package_name = 'php' + version + '-fpm'
|
2023-08-13 13:16:39 +02:00
|
|
|
if package_name in apt_packages:
|
|
|
|
|
php_list.append([version])
|
2023-08-05 10:48:56 +02:00
|
|
|
|
|
|
|
|
for php_version in php_list:
|
2019-09-25 14:47:48 +02:00
|
|
|
WOGit.add(self, ["/etc/php"], msg="Adding PHP into Git")
|
2023-08-26 15:27:02 +02:00
|
|
|
Log.wait(self, "Configuring php{0}-fpm".format(php_version[0]))
|
2019-08-19 18:45:30 +02:00
|
|
|
ngxroot = '/var/www/'
|
2019-12-03 19:48:18 +01:00
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
# Create log directories
|
2023-08-05 11:02:24 +02:00
|
|
|
if not os.path.exists('/var/log/php/{0}/'.format(php_version[0])):
|
2023-08-05 10:48:56 +02:00
|
|
|
Log.debug(
|
|
|
|
|
self, 'Creating directory /var/log/php/{0}/'
|
2023-08-05 11:02:24 +02:00
|
|
|
.format(php_version[0]))
|
|
|
|
|
os.makedirs('/var/log/php/{0}/'.format(php_version[0]))
|
2023-08-05 10:48:56 +02:00
|
|
|
|
|
|
|
|
if not os.path.isfile(
|
2023-08-05 11:02:24 +02:00
|
|
|
'/etc/php/{0}/fpm/php.ini.orig'.format(php_version[0])):
|
2023-08-05 10:48:56 +02:00
|
|
|
WOFileUtils.copyfile(self,
|
|
|
|
|
'/etc/php/{0}/fpm/php.ini'.format(
|
2023-08-05 11:02:24 +02:00
|
|
|
php_version[0]),
|
2023-08-05 10:48:56 +02:00
|
|
|
'/etc/php/{0}/fpm/php.ini.orig'
|
2023-08-05 11:02:24 +02:00
|
|
|
.format(php_version[0]))
|
2023-08-05 10:48:56 +02:00
|
|
|
|
|
|
|
|
# Parse etc/php/x.x/fpm/php.ini
|
2019-08-05 12:25:00 +02:00
|
|
|
config = configparser.ConfigParser()
|
|
|
|
|
Log.debug(self, "configuring php file "
|
2023-08-05 11:02:24 +02:00
|
|
|
"/etc/php/{0}/fpm/php.ini".format(php_version[0]))
|
|
|
|
|
config.read('/etc/php/{0}/fpm/php.ini.orig'.format(php_version[0]))
|
2019-08-05 12:25:00 +02:00
|
|
|
config['PHP']['expose_php'] = 'Off'
|
|
|
|
|
config['PHP']['post_max_size'] = '100M'
|
|
|
|
|
config['PHP']['upload_max_filesize'] = '100M'
|
|
|
|
|
config['PHP']['max_execution_time'] = '300'
|
|
|
|
|
config['PHP']['max_input_time'] = '300'
|
|
|
|
|
config['PHP']['max_input_vars'] = '20000'
|
2019-10-02 13:13:32 +02:00
|
|
|
config['Date']['date.timezone'] = WOVar.wo_timezone
|
2019-08-05 12:25:00 +02:00
|
|
|
config['opcache']['opcache.enable'] = '1'
|
|
|
|
|
config['opcache']['opcache.interned_strings_buffer'] = '8'
|
|
|
|
|
config['opcache']['opcache.max_accelerated_files'] = '10000'
|
|
|
|
|
config['opcache']['opcache.memory_consumption'] = '256'
|
|
|
|
|
config['opcache']['opcache.save_comments'] = '1'
|
|
|
|
|
config['opcache']['opcache.revalidate_freq'] = '5'
|
|
|
|
|
config['opcache']['opcache.consistency_checks'] = '0'
|
|
|
|
|
config['opcache']['opcache.validate_timestamps'] = '1'
|
2023-08-05 11:02:24 +02:00
|
|
|
with open('/etc/php/{0}/fpm/php.ini'.format(php_version[0]),
|
2019-08-05 12:25:00 +02:00
|
|
|
encoding='utf-8', mode='w') as configfile:
|
|
|
|
|
Log.debug(self, "Writting php configuration into "
|
2023-08-05 11:02:24 +02:00
|
|
|
"/etc/php/{0}/fpm/php.ini".format(php_version[0]))
|
2019-08-05 12:25:00 +02:00
|
|
|
config.write(configfile)
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2023-08-05 10:48:56 +02:00
|
|
|
# Render php-fpm pool template for phpx.x
|
2023-08-05 11:02:24 +02:00
|
|
|
data = dict(pid="/run/php/php{0}-fpm.pid".format(php_version[0]),
|
2023-08-05 10:48:56 +02:00
|
|
|
error_log="/var/log/php{0}-fpm.log".format(
|
2023-08-05 11:02:24 +02:00
|
|
|
php_version[0]),
|
2023-08-05 10:48:56 +02:00
|
|
|
include="/etc/php/{0}/fpm/pool.d/*.conf"
|
2023-08-05 11:02:24 +02:00
|
|
|
.format(php_version[0]))
|
2019-09-25 13:05:23 +02:00
|
|
|
WOTemplate.deploy(
|
2023-08-05 11:02:24 +02:00
|
|
|
self, '/etc/php/{0}/fpm/php-fpm.conf'.format(php_version[0]),
|
2019-09-25 13:05:23 +02:00
|
|
|
'php-fpm.mustache', data)
|
2023-08-05 11:02:24 +02:00
|
|
|
php_short = php_version[0].replace(".", "")
|
2023-08-05 10:48:56 +02:00
|
|
|
data = dict(pool='www-php{0}'.format(php_short),
|
|
|
|
|
listen='php{0}-fpm.sock'.format(php_short),
|
2019-09-25 13:05:23 +02:00
|
|
|
user='www-data',
|
|
|
|
|
group='www-data', listenuser='root',
|
|
|
|
|
listengroup='www-data', openbasedir=True)
|
2023-08-05 10:48:56 +02:00
|
|
|
WOTemplate.deploy(self, '/etc/php/{0}/fpm/pool.d/www.conf'
|
2023-08-05 11:02:24 +02:00
|
|
|
.format(php_version[0]),
|
2019-09-25 13:05:23 +02:00
|
|
|
'php-pool.mustache', data)
|
2023-08-05 10:48:56 +02:00
|
|
|
data = dict(pool='www-two-php{0}'.format(php_short),
|
|
|
|
|
listen='php{0}-two-fpm.sock'.format(php_short),
|
2019-09-25 13:05:23 +02:00
|
|
|
user='www-data',
|
|
|
|
|
group='www-data', listenuser='root',
|
|
|
|
|
listengroup='www-data', openbasedir=True)
|
2023-08-05 10:48:56 +02:00
|
|
|
WOTemplate.deploy(self,
|
|
|
|
|
'/etc/php/{0}/fpm/pool.d/www-two.conf'.format(
|
2023-08-05 11:02:24 +02:00
|
|
|
php_version[0]),
|
2019-09-25 13:05:23 +02:00
|
|
|
'php-pool.mustache', data)
|
2019-08-05 12:25:00 +02:00
|
|
|
|
2023-08-05 10:48:56 +02:00
|
|
|
# Generate /etc/php/x.x/fpm/pool.d/debug.conf
|
|
|
|
|
WOFileUtils.copyfile(self,
|
|
|
|
|
"/etc/php/{0}/fpm/pool.d/www.conf".format(
|
2023-08-05 11:02:24 +02:00
|
|
|
php_version[0]),
|
2023-08-05 10:48:56 +02:00
|
|
|
"/etc/php/{0}/fpm/pool.d/debug.conf"
|
2023-08-05 11:02:24 +02:00
|
|
|
.format(php_version[0]))
|
2023-08-05 10:48:56 +02:00
|
|
|
WOFileUtils.searchreplace(self,
|
|
|
|
|
"/etc/php/{0}/fpm/pool.d/"
|
2023-08-05 11:02:24 +02:00
|
|
|
"debug.conf".format(php_version[0]),
|
2023-08-05 10:48:56 +02:00
|
|
|
"[www-php{0}]".format(php_short),
|
|
|
|
|
"[debug]")
|
2019-08-05 12:25:00 +02:00
|
|
|
config = configparser.ConfigParser()
|
2023-08-05 10:48:56 +02:00
|
|
|
config.read(
|
2023-08-05 11:02:24 +02:00
|
|
|
'/etc/php/{0}/fpm/pool.d/debug.conf'.format(php_version[0]))
|
2023-08-05 10:48:56 +02:00
|
|
|
config['debug']['listen'] = '127.0.0.1:91{0}'.format(php_short)
|
2019-08-05 12:25:00 +02:00
|
|
|
config['debug']['rlimit_core'] = 'unlimited'
|
2023-08-05 10:48:56 +02:00
|
|
|
config['debug']['slowlog'] = '/var/log/php/{0}/slow.log'.format(
|
2023-08-05 11:02:24 +02:00
|
|
|
php_version[0])
|
2019-08-05 12:25:00 +02:00
|
|
|
config['debug']['request_slowlog_timeout'] = '10s'
|
2023-08-05 11:02:24 +02:00
|
|
|
with open('/etc/php/{0}/fpm/pool.d/debug.conf'
|
|
|
|
|
.format(php_version[0]),
|
2019-08-05 12:25:00 +02:00
|
|
|
encoding='utf-8', mode='w') as confifile:
|
2023-08-05 10:48:56 +02:00
|
|
|
Log.debug(self,
|
|
|
|
|
"writting PHP configuration into "
|
|
|
|
|
"/etc/php/{0}/fpm/pool.d/debug.conf"
|
2023-08-05 11:02:24 +02:00
|
|
|
.format(php_version[0]))
|
2019-08-05 12:25:00 +02:00
|
|
|
config.write(confifile)
|
|
|
|
|
|
2023-08-05 11:02:24 +02:00
|
|
|
with open("/etc/php/{0}/fpm/pool.d/debug.conf"
|
|
|
|
|
.format(php_version[0]),
|
2019-08-05 12:25:00 +02:00
|
|
|
encoding='utf-8', mode='a') as myfile:
|
|
|
|
|
myfile.write("php_admin_value[xdebug.profiler_output_dir] "
|
|
|
|
|
"= /tmp/ \nphp_admin_value[xdebug.profiler_"
|
|
|
|
|
"output_name] = cachegrind.out.%p-%H-%R "
|
|
|
|
|
"\nphp_admin_flag[xdebug.profiler_enable"
|
|
|
|
|
"_trigger] = on \nphp_admin_flag[xdebug."
|
|
|
|
|
"profiler_enable] = off\n")
|
|
|
|
|
|
|
|
|
|
# Disable xdebug
|
|
|
|
|
if not WOShellExec.cmd_exec(self, "grep -q \';zend_extension\'"
|
2023-08-05 10:48:56 +02:00
|
|
|
" /etc/php/{0}/mods-available/"
|
2023-08-05 11:02:24 +02:00
|
|
|
"xdebug.ini".format(php_version[0])):
|
2023-08-05 10:48:56 +02:00
|
|
|
WOFileUtils.searchreplace(self, "/etc/php/{0}/"
|
2019-08-05 12:25:00 +02:00
|
|
|
"mods-available/"
|
2023-08-05 11:02:24 +02:00
|
|
|
"xdebug.ini".format(php_version[0]),
|
2019-08-05 12:25:00 +02:00
|
|
|
"zend_extension",
|
|
|
|
|
";zend_extension")
|
|
|
|
|
|
|
|
|
|
# PHP and Debug pull configuration
|
|
|
|
|
if not os.path.exists('{0}22222/htdocs/fpm/status/'
|
2019-08-19 17:40:21 +02:00
|
|
|
.format(ngxroot)):
|
2019-08-05 12:25:00 +02:00
|
|
|
Log.debug(self, 'Creating directory '
|
|
|
|
|
'{0}22222/htdocs/fpm/status/ '
|
2019-08-19 17:40:21 +02:00
|
|
|
.format(ngxroot))
|
2019-08-05 12:25:00 +02:00
|
|
|
os.makedirs('{0}22222/htdocs/fpm/status/'
|
2019-08-19 17:40:21 +02:00
|
|
|
.format(ngxroot))
|
2023-08-05 10:48:56 +02:00
|
|
|
open('{0}22222/htdocs/fpm/status/debug{1}'
|
|
|
|
|
.format(ngxroot, php_short),
|
2019-09-01 20:39:12 +02:00
|
|
|
encoding='utf-8', mode='a').close()
|
2023-08-05 10:48:56 +02:00
|
|
|
open('{0}22222/htdocs/fpm/status/php{1}'
|
|
|
|
|
.format(ngxroot, php_short),
|
2019-09-01 20:39:12 +02:00
|
|
|
encoding='utf-8', mode='a').close()
|
2019-08-05 12:25:00 +02:00
|
|
|
|
|
|
|
|
# Write info.php
|
|
|
|
|
if not os.path.exists('{0}22222/htdocs/php/'
|
2019-08-19 17:40:21 +02:00
|
|
|
.format(ngxroot)):
|
2019-08-05 12:25:00 +02:00
|
|
|
Log.debug(self, 'Creating directory '
|
|
|
|
|
'{0}22222/htdocs/php/ '
|
2019-08-19 17:40:21 +02:00
|
|
|
.format(ngxroot))
|
2019-08-05 12:25:00 +02:00
|
|
|
os.makedirs('{0}22222/htdocs/php'
|
2019-08-19 17:40:21 +02:00
|
|
|
.format(ngxroot))
|
2019-08-05 12:25:00 +02:00
|
|
|
|
2019-09-01 20:39:12 +02:00
|
|
|
with open("{0}22222/htdocs/php/info.php"
|
|
|
|
|
.format(ngxroot),
|
|
|
|
|
encoding='utf-8', mode='w') as myfile:
|
|
|
|
|
myfile.write("<?php\nphpinfo();\n?>")
|
2019-08-05 12:25:00 +02:00
|
|
|
|
2023-08-05 10:48:56 +02:00
|
|
|
# write opcache clean for phpxx
|
2019-12-04 23:34:03 +01:00
|
|
|
if not os.path.exists('{0}22222/htdocs/cache/opcache'
|
|
|
|
|
.format(ngxroot)):
|
|
|
|
|
os.makedirs('{0}22222/htdocs/cache/opcache'
|
|
|
|
|
.format(ngxroot))
|
|
|
|
|
WOFileUtils.textwrite(
|
2023-08-05 10:48:56 +02:00
|
|
|
self, '{0}22222/htdocs/cache/opcache/php{1}.php'
|
|
|
|
|
.format(ngxroot, php_short),
|
2019-12-04 23:34:03 +01:00
|
|
|
'<?php opcache_reset(); ?>')
|
|
|
|
|
|
2019-08-17 13:40:28 +02:00
|
|
|
WOFileUtils.chown(self, "{0}22222/htdocs"
|
2019-08-19 18:45:30 +02:00
|
|
|
.format(ngxroot),
|
2019-08-26 18:05:26 +02:00
|
|
|
'www-data',
|
|
|
|
|
'www-data', recursive=True)
|
2019-12-10 18:42:27 +01:00
|
|
|
|
|
|
|
|
# enable imagick php extension
|
|
|
|
|
WOShellExec.cmd_exec(self, 'phpenmod -v ALL imagick')
|
|
|
|
|
|
2019-10-03 15:44:23 +02:00
|
|
|
# check service restart or rollback configuration
|
2023-08-05 10:48:56 +02:00
|
|
|
if not WOService.restart_service(self,
|
2023-08-05 11:02:24 +02:00
|
|
|
'php{0}-fpm'
|
|
|
|
|
.format(php_version[0])):
|
2019-12-03 19:48:18 +01:00
|
|
|
WOGit.rollback(self, ["/etc/php"], msg="Rollback PHP")
|
|
|
|
|
else:
|
2024-05-23 15:30:05 +02:00
|
|
|
Log.valide(
|
|
|
|
|
self, "Configuring php{0}-fpm".format(php_version[0]))
|
2019-12-03 19:48:18 +01:00
|
|
|
WOGit.add(self, ["/etc/php"], msg="Adding PHP into Git")
|
|
|
|
|
|
|
|
|
|
if os.path.exists('/etc/nginx/conf.d/upstream.conf'):
|
|
|
|
|
if not WOFileUtils.grepcheck(
|
|
|
|
|
self, '/etc/nginx/conf.d/upstream.conf',
|
2023-08-05 10:48:56 +02:00
|
|
|
'php{0}'.format(php_short)):
|
2022-12-10 10:37:20 -03:00
|
|
|
data = dict(php="9000", debug="9001",
|
|
|
|
|
php7="9070", debug7="9170",
|
|
|
|
|
php8="9080", debug8="9180",
|
|
|
|
|
release=WOVar.wo_version)
|
|
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '/etc/nginx/conf.d/upstream.conf',
|
|
|
|
|
'upstream.mustache', data, True)
|
|
|
|
|
WOConf.nginxcommon(self)
|
|
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
# create mysql config if it doesn't exist
|
2019-09-06 14:37:47 +02:00
|
|
|
if "mariadb-server" in apt_packages:
|
2019-09-25 14:47:48 +02:00
|
|
|
WOGit.add(self, ["/etc/mysql"], msg="Adding MySQL into Git")
|
2020-11-10 16:28:04 +01:00
|
|
|
if not os.path.exists("/etc/mysql/my.cnf"):
|
2019-08-05 09:45:08 +02:00
|
|
|
config = ("[mysqld]\nwait_timeout = 30\n"
|
|
|
|
|
"interactive_timeout=60\nperformance_schema = 0"
|
|
|
|
|
"\nquery_cache_type = 1")
|
|
|
|
|
config_file = open("/etc/mysql/my.cnf",
|
|
|
|
|
encoding='utf-8', mode='w')
|
|
|
|
|
config_file.write(config)
|
|
|
|
|
config_file.close()
|
2019-09-04 18:33:13 +02:00
|
|
|
else:
|
2020-01-30 12:35:38 +01:00
|
|
|
# make sure root account have all privileges
|
2020-10-22 12:05:01 +02:00
|
|
|
if os.path.exists('/etc/mysql/conf.d/my.cnf.tmp'):
|
2019-12-03 19:48:18 +01:00
|
|
|
try:
|
|
|
|
|
config = configparser.ConfigParser()
|
2020-10-22 11:15:20 +02:00
|
|
|
config.read('/etc/mysql/conf.d/my.cnf.tmp')
|
2019-12-03 19:48:18 +01:00
|
|
|
chars = config['client']['password']
|
2020-10-22 11:04:23 +02:00
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self,
|
|
|
|
|
'mysql -e "SET PASSWORD = '
|
2020-11-10 12:54:53 +01:00
|
|
|
'PASSWORD(\'{0}\'); flush privileges;"'
|
2022-09-13 15:52:50 +02:00
|
|
|
.format(chars), log=False)
|
2020-10-22 11:15:20 +02:00
|
|
|
WOFileUtils.mvfile(
|
|
|
|
|
self, '/etc/mysql/conf.d/my.cnf.tmp',
|
|
|
|
|
'/etc/mysql/conf.d/my.cnf')
|
2019-12-03 19:48:18 +01:00
|
|
|
except CommandExecutionError:
|
|
|
|
|
Log.error(self, "Unable to set MySQL password")
|
2020-10-22 20:39:25 +02:00
|
|
|
WOGit.add(self, ["/etc/mysql"],
|
|
|
|
|
msg="Adding MySQL into Git")
|
2020-11-10 12:54:53 +01:00
|
|
|
elif os.path.exists('/etc/mysql/conf.d/my.cnf'):
|
|
|
|
|
if ((WOAptGet.is_installed(
|
2022-09-08 20:49:35 +02:00
|
|
|
self,
|
2022-09-09 11:18:14 +02:00
|
|
|
'mariadb-server-{0}'.format(WOVar.mariadb_ver))) and
|
2020-11-10 12:54:53 +01:00
|
|
|
not (WOFileUtils.grepcheck(
|
|
|
|
|
self, '/etc/mysql/conf.d/my.cnf', 'socket'))):
|
|
|
|
|
try:
|
|
|
|
|
config = configparser.ConfigParser()
|
|
|
|
|
config.read('/etc/mysql/conf.d/my.cnf')
|
|
|
|
|
chars = config['client']['password']
|
|
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self,
|
|
|
|
|
'mysql -e "ALTER USER root@localhost '
|
|
|
|
|
'IDENTIFIED VIA unix_socket OR '
|
|
|
|
|
'mysql_native_password; '
|
|
|
|
|
'SET PASSWORD = PASSWORD(\'{0}\'); '
|
2022-09-13 15:52:50 +02:00
|
|
|
'flush privileges;"'.format(chars), log=False)
|
2020-11-10 12:54:53 +01:00
|
|
|
WOFileUtils.textappend(
|
|
|
|
|
self, '/etc/mysql/conf.d/my.cnf',
|
|
|
|
|
'socket = /run/mysqld/mysqld.sock')
|
|
|
|
|
except CommandExecutionError:
|
|
|
|
|
Log.error(self, "Unable to set MySQL password")
|
|
|
|
|
WOGit.add(self, ["/etc/mysql"],
|
|
|
|
|
msg="Adding MySQL into Git")
|
|
|
|
|
|
2020-10-22 20:39:25 +02:00
|
|
|
Log.wait(self, "Tuning MariaDB configuration")
|
2019-09-04 18:40:11 +02:00
|
|
|
if not os.path.isfile("/etc/mysql/my.cnf.default-pkg"):
|
|
|
|
|
WOFileUtils.copyfile(self, "/etc/mysql/my.cnf",
|
|
|
|
|
"/etc/mysql/my.cnf.default-pkg")
|
2019-08-05 14:22:20 +02:00
|
|
|
wo_ram = psutil.virtual_memory().total / (1024 * 1024)
|
2019-08-26 18:05:26 +02:00
|
|
|
# set InnoDB variable depending on the RAM available
|
2019-10-30 04:23:20 +01:00
|
|
|
wo_ram_innodb = int(wo_ram * 0.3)
|
|
|
|
|
wo_ram_log_buffer = int(wo_ram_innodb * 0.25)
|
|
|
|
|
wo_ram_log_size = int(wo_ram_log_buffer * 0.5)
|
2019-09-04 19:44:57 +02:00
|
|
|
if (wo_ram < 2000):
|
2019-09-04 18:33:13 +02:00
|
|
|
wo_innodb_instance = int(1)
|
|
|
|
|
tmp_table_size = int(32)
|
2019-09-04 19:44:57 +02:00
|
|
|
elif (wo_ram > 2000) and (wo_ram < 64000):
|
2019-10-30 04:23:20 +01:00
|
|
|
wo_innodb_instance = int(wo_ram / 1000)
|
2019-09-04 19:44:57 +02:00
|
|
|
tmp_table_size = int(128)
|
|
|
|
|
elif (wo_ram > 64000):
|
2019-09-04 18:33:13 +02:00
|
|
|
wo_innodb_instance = int(64)
|
|
|
|
|
tmp_table_size = int(256)
|
2020-10-22 11:04:23 +02:00
|
|
|
mariadbconf = bool(not os.path.exists(
|
|
|
|
|
'/etc/mysql/mariadb.conf.d/50-server.cnf'))
|
2019-09-04 18:33:13 +02:00
|
|
|
data = dict(
|
|
|
|
|
tmp_table_size=tmp_table_size, inno_log=wo_ram_log_size,
|
|
|
|
|
inno_buffer=wo_ram_innodb,
|
|
|
|
|
inno_log_buffer=wo_ram_log_buffer,
|
2020-10-22 11:04:23 +02:00
|
|
|
innodb_instances=wo_innodb_instance,
|
2020-10-22 12:05:01 +02:00
|
|
|
newmariadb=mariadbconf, release=WOVar.wo_version)
|
2020-05-04 17:26:10 +02:00
|
|
|
if os.path.exists('/etc/mysql/mariadb.conf.d/50-server.cnf'):
|
|
|
|
|
WOTemplate.deploy(
|
2020-10-22 12:05:01 +02:00
|
|
|
self, '/etc/mysql/mariadb.conf.d/50-server.cnf',
|
|
|
|
|
'my.mustache', data)
|
2020-05-04 17:26:10 +02:00
|
|
|
else:
|
|
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '/etc/mysql/my.cnf', 'my.mustache', data)
|
2019-08-05 14:22:20 +02:00
|
|
|
# replacing default values
|
|
|
|
|
Log.debug(self, "Tuning MySQL configuration")
|
2019-10-28 14:53:15 +01:00
|
|
|
if os.path.isdir('/etc/systemd/system/mariadb.service.d'):
|
|
|
|
|
if not os.path.isfile(
|
|
|
|
|
'/etc/systemd/system/'
|
|
|
|
|
'mariadb.service.d/limits.conf'):
|
|
|
|
|
WOFileUtils.textwrite(
|
|
|
|
|
self,
|
|
|
|
|
'/etc/systemd/system/'
|
|
|
|
|
'mariadb.service.d/limits.conf',
|
|
|
|
|
'[Service]\nLimitNOFILE=500000')
|
|
|
|
|
WOShellExec.cmd_exec(self, 'systemctl daemon-reload')
|
2020-10-22 20:39:25 +02:00
|
|
|
Log.valide(self, "Tuning MySQL configuration")
|
2019-08-26 18:05:26 +02:00
|
|
|
# set innodb_buffer_pool_instances depending
|
|
|
|
|
# on the amount of RAM
|
2019-10-28 14:53:15 +01:00
|
|
|
|
2022-09-08 21:18:42 +02:00
|
|
|
WOService.restart_service(self, 'mariadb')
|
2020-10-22 20:39:25 +02:00
|
|
|
|
2020-10-22 11:15:20 +02:00
|
|
|
# WOFileUtils.mvfile(self, '/var/lib/mysql/ib_logfile0',
|
|
|
|
|
# '/var/lib/mysql/ib_logfile0.bak')
|
|
|
|
|
# WOFileUtils.mvfile(self, '/var/lib/mysql/ib_logfile1',
|
|
|
|
|
# '/var/lib/mysql/ib_logfile1.bak')
|
2019-08-05 14:22:20 +02:00
|
|
|
|
|
|
|
|
WOCron.setcron_weekly(self, 'mysqlcheck -Aos --auto-repair '
|
|
|
|
|
'> /dev/null 2>&1',
|
|
|
|
|
comment='MySQL optimization cronjob '
|
|
|
|
|
'added by WordOps')
|
|
|
|
|
WOGit.add(self, ["/etc/mysql"], msg="Adding MySQL into Git")
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
# create fail2ban configuration files
|
2019-12-04 23:34:03 +01:00
|
|
|
if "fail2ban" in apt_packages:
|
2019-12-03 19:48:18 +01:00
|
|
|
WOService.restart_service(self, 'fail2ban')
|
2020-01-30 17:07:42 +01:00
|
|
|
if os.path.exists('/etc/fail2ban'):
|
2020-01-30 12:35:38 +01:00
|
|
|
WOGit.add(self, ["/etc/fail2ban"],
|
|
|
|
|
msg="Adding Fail2ban into Git")
|
2023-08-26 14:33:59 +02:00
|
|
|
Log.wait(self, "Configuring Fail2Ban")
|
2020-08-07 15:39:46 +02:00
|
|
|
nginxf2b = bool(os.path.exists('/var/log/nginx'))
|
|
|
|
|
data = dict(release=WOVar.wo_version, nginx=nginxf2b)
|
2020-01-30 15:37:56 +01:00
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self,
|
|
|
|
|
'/etc/fail2ban/jail.d/custom.conf',
|
|
|
|
|
'fail2ban.mustache',
|
2020-08-07 16:12:20 +02:00
|
|
|
data, overwrite=True)
|
2020-01-30 15:37:56 +01:00
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self,
|
|
|
|
|
'/etc/fail2ban/filter.d/wo-wordpress.conf',
|
|
|
|
|
'fail2ban-wp.mustache',
|
|
|
|
|
data, overwrite=False)
|
|
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self,
|
|
|
|
|
'/etc/fail2ban/filter.d/nginx-forbidden.conf',
|
|
|
|
|
'fail2ban-forbidden.mustache',
|
|
|
|
|
data, overwrite=False)
|
2019-08-20 13:53:41 +02:00
|
|
|
|
2020-08-07 16:07:31 +02:00
|
|
|
if not WOShellExec.cmd_exec(self, 'fail2ban-client reload'):
|
2020-01-30 17:07:42 +01:00
|
|
|
WOGit.rollback(
|
|
|
|
|
self, ['/etc/fail2ban'], msg="Rollback f2b config")
|
|
|
|
|
WOService.restart_service(self, 'fail2ban')
|
|
|
|
|
else:
|
2023-08-26 14:33:59 +02:00
|
|
|
Log.valide(self, "Configuring Fail2Ban")
|
2020-01-30 17:07:42 +01:00
|
|
|
WOGit.add(self, ["/etc/fail2ban"],
|
|
|
|
|
msg="Adding Fail2ban into Git")
|
2019-08-05 04:56:33 +02:00
|
|
|
|
|
|
|
|
# Proftpd configuration
|
2019-09-06 14:37:47 +02:00
|
|
|
if "proftpd-basic" in apt_packages:
|
2019-09-25 14:47:48 +02:00
|
|
|
WOGit.add(self, ["/etc/proftpd"],
|
|
|
|
|
msg="Adding ProFTPd into Git")
|
2019-08-05 04:56:33 +02:00
|
|
|
if os.path.isfile("/etc/proftpd/proftpd.conf"):
|
|
|
|
|
Log.debug(self, "Setting up Proftpd configuration")
|
2022-10-24 15:01:51 +02:00
|
|
|
data = dict()
|
|
|
|
|
WOTemplate.deploy(self,
|
|
|
|
|
'/etc/proftpd/proftpd.conf',
|
|
|
|
|
'proftpd.mustache', data)
|
2019-08-05 04:56:33 +02:00
|
|
|
# proftpd TLS configuration
|
|
|
|
|
if not os.path.isdir("/etc/proftpd/ssl"):
|
|
|
|
|
WOFileUtils.mkdir(self, "/etc/proftpd/ssl")
|
2019-09-06 16:13:46 +02:00
|
|
|
SSL.selfsignedcert(self, proftpd=True, backend=False)
|
2019-08-05 04:56:33 +02:00
|
|
|
WOFileUtils.chmod(self, "/etc/proftpd/ssl/proftpd.key", 0o700)
|
|
|
|
|
WOFileUtils.chmod(self, "/etc/proftpd/ssl/proftpd.crt", 0o700)
|
|
|
|
|
data = dict()
|
2019-09-25 14:30:29 +02:00
|
|
|
WOTemplate.deploy(self, '/etc/proftpd/tls.conf',
|
|
|
|
|
'proftpd-tls.mustache', data)
|
2019-08-05 04:56:33 +02:00
|
|
|
WOService.restart_service(self, 'proftpd')
|
|
|
|
|
|
2019-09-24 12:09:43 +02:00
|
|
|
if os.path.isfile('/etc/ufw/ufw.conf'):
|
|
|
|
|
# add rule for proftpd with UFW
|
|
|
|
|
if WOFileUtils.grepcheck(
|
|
|
|
|
self, '/etc/ufw/ufw.conf', 'ENABLED=yes'):
|
|
|
|
|
try:
|
|
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, "ufw limit 21")
|
|
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, "ufw allow 49000:50000/tcp")
|
|
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, "ufw reload")
|
|
|
|
|
except Exception as e:
|
|
|
|
|
Log.debug(self, "{0}".format(e))
|
|
|
|
|
Log.error(self, "Unable to add UFW rules")
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2020-01-30 12:35:38 +01:00
|
|
|
if ((os.path.exists("/etc/fail2ban/jail.d/custom.conf")) and
|
|
|
|
|
(not WOFileUtils.grepcheck(
|
2019-09-01 13:59:27 +02:00
|
|
|
self, "/etc/fail2ban/jail.d/custom.conf",
|
|
|
|
|
"proftpd"))):
|
2019-08-05 04:56:33 +02:00
|
|
|
with open("/etc/fail2ban/jail.d/custom.conf",
|
|
|
|
|
encoding='utf-8', mode='a') as f2bproftpd:
|
|
|
|
|
f2bproftpd.write("\n\n[proftpd]\nenabled = true\n")
|
|
|
|
|
WOService.reload_service(self, 'fail2ban')
|
|
|
|
|
|
2019-10-03 15:44:23 +02:00
|
|
|
if not WOService.reload_service(self, 'proftpd'):
|
|
|
|
|
WOGit.rollback(self, ["/etc/proftpd"],
|
|
|
|
|
msg="Rollback ProFTPd")
|
|
|
|
|
else:
|
|
|
|
|
WOGit.add(self, ["/etc/proftpd"],
|
|
|
|
|
msg="Adding ProFTPd into Git")
|
2019-08-05 04:56:33 +02:00
|
|
|
|
2020-10-14 14:50:05 +02:00
|
|
|
# Sendmail configuration
|
|
|
|
|
if "sendmail" in apt_packages:
|
|
|
|
|
if (os.path.exists("/usr/bin/yes") and
|
|
|
|
|
os.path.exists("/usr/sbin/sendmailconfig")):
|
|
|
|
|
Log.wait(self, "Configuring Sendmail")
|
|
|
|
|
if WOShellExec.cmd_exec(self, "yes 'y' | sendmailconfig"):
|
|
|
|
|
Log.valide(self, "Configuring Sendmail")
|
|
|
|
|
else:
|
|
|
|
|
Log.failed(self, "Configuring Sendmail")
|
|
|
|
|
|
2019-09-20 14:21:42 +02:00
|
|
|
if "ufw" in apt_packages:
|
|
|
|
|
# check if ufw is already enabled
|
|
|
|
|
if not WOFileUtils.grep(self,
|
|
|
|
|
'/etc/ufw/ufw.conf', 'ENABLED=yes'):
|
|
|
|
|
Log.wait(self, "Configuring UFW")
|
|
|
|
|
# check if ufw script is already created
|
|
|
|
|
if not os.path.isfile("/opt/ufw.sh"):
|
|
|
|
|
data = dict()
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self, '/opt/ufw.sh',
|
2019-09-20 14:21:42 +02:00
|
|
|
'ufw.mustache',
|
|
|
|
|
data, overwrite=False)
|
|
|
|
|
WOFileUtils.chmod(self, "/opt/ufw.sh", 0o700)
|
|
|
|
|
# setup ufw rules
|
|
|
|
|
WOShellExec.cmd_exec(self, "bash /opt/ufw.sh")
|
|
|
|
|
Log.valide(self, "Configuring UFW")
|
|
|
|
|
else:
|
|
|
|
|
Log.info(self, "UFW is already installed and enabled")
|
|
|
|
|
|
2019-08-31 12:18:16 +02:00
|
|
|
# Redis configuration
|
2019-09-06 14:37:47 +02:00
|
|
|
if "redis-server" in apt_packages:
|
2019-08-31 12:18:16 +02:00
|
|
|
if os.path.isfile("/etc/nginx/conf.d/upstream.conf"):
|
|
|
|
|
if not WOFileUtils.grep(self, "/etc/nginx/conf.d/"
|
|
|
|
|
"upstream.conf",
|
|
|
|
|
"redis"):
|
|
|
|
|
with open("/etc/nginx/conf.d/upstream.conf",
|
|
|
|
|
"a") as redis_file:
|
|
|
|
|
redis_file.write("upstream redis {\n"
|
|
|
|
|
" server 127.0.0.1:6379;\n"
|
|
|
|
|
" keepalive 10;\n}\n")
|
|
|
|
|
|
|
|
|
|
if os.path.isfile("/etc/nginx/nginx.conf"):
|
|
|
|
|
if not os.path.isfile("/etc/nginx/conf.d/redis.conf"):
|
|
|
|
|
with open("/etc/nginx/conf.d/redis.conf",
|
|
|
|
|
"a") as redis_file:
|
2019-09-01 13:59:27 +02:00
|
|
|
redis_file.write(
|
|
|
|
|
"# Log format Settings\n"
|
|
|
|
|
"log_format rt_cache_redis '$remote_addr "
|
|
|
|
|
"$upstream_response_time $srcache_fetch_status "
|
2024-06-11 22:49:53 +02:00
|
|
|
"[$time_local] '\n '$host \"$request\" "
|
2019-09-01 13:59:27 +02:00
|
|
|
"$status $body_bytes_sent '\n'\"$http_referer\" "
|
|
|
|
|
"\"$http_user_agent\"';\n")
|
2019-08-31 12:18:16 +02:00
|
|
|
# set redis.conf parameter
|
|
|
|
|
# set maxmemory 10% for ram below 512MB and 20% for others
|
|
|
|
|
# set maxmemory-policy allkeys-lru
|
|
|
|
|
# enable systemd service
|
2019-09-25 14:47:48 +02:00
|
|
|
WOGit.add(self, ["/etc/redis"],
|
|
|
|
|
msg="Adding Redis into Git")
|
2019-08-31 12:18:16 +02:00
|
|
|
Log.debug(self, "Enabling redis systemd service")
|
|
|
|
|
WOShellExec.cmd_exec(self, "systemctl enable redis-server")
|
|
|
|
|
if (os.path.isfile("/etc/redis/redis.conf") and
|
2019-08-31 14:18:38 +02:00
|
|
|
(not WOFileUtils.grep(self, "/etc/redis/redis.conf",
|
|
|
|
|
"WordOps"))):
|
2019-09-06 14:47:50 +02:00
|
|
|
Log.wait(self, "Tuning Redis configuration")
|
2019-08-31 12:18:16 +02:00
|
|
|
with open("/etc/redis/redis.conf",
|
2019-08-20 13:53:41 +02:00
|
|
|
"a") as redis_file:
|
2019-09-25 14:47:48 +02:00
|
|
|
redis_file.write("\n# WordOps v3.9.9\n")
|
2019-08-31 12:18:16 +02:00
|
|
|
wo_ram = psutil.virtual_memory().total / (1024 * 1024)
|
|
|
|
|
if wo_ram < 1024:
|
|
|
|
|
Log.debug(self, "Setting maxmemory variable to "
|
|
|
|
|
"{0} in redis.conf"
|
2019-10-30 04:23:20 +01:00
|
|
|
.format(int(wo_ram * 1024 * 1024 * 0.1)))
|
2019-10-30 06:21:49 +01:00
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self,
|
|
|
|
|
"/etc/redis/redis.conf",
|
|
|
|
|
"# maxmemory <bytes>",
|
|
|
|
|
"maxmemory {0}"
|
|
|
|
|
.format
|
|
|
|
|
(int(wo_ram * 1024 * 1024 * 0.1)))
|
2019-08-20 13:53:41 +02:00
|
|
|
|
2019-08-31 12:18:16 +02:00
|
|
|
else:
|
|
|
|
|
Log.debug(self, "Setting maxmemory variable to {0} "
|
|
|
|
|
"in redis.conf"
|
2019-10-30 04:23:20 +01:00
|
|
|
.format(int(wo_ram * 1024 * 1024 * 0.2)))
|
|
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self,
|
|
|
|
|
"/etc/redis/redis.conf",
|
|
|
|
|
"# maxmemory <bytes>",
|
|
|
|
|
"maxmemory {0}"
|
|
|
|
|
.format
|
|
|
|
|
(int(wo_ram * 1024 * 1024 * 0.2)))
|
2019-08-31 12:18:16 +02:00
|
|
|
|
|
|
|
|
Log.debug(
|
|
|
|
|
self, "Setting maxmemory-policy variable to "
|
|
|
|
|
"allkeys-lru in redis.conf")
|
2019-09-01 13:59:27 +02:00
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self, "/etc/redis/redis.conf",
|
|
|
|
|
"# maxmemory-policy noeviction",
|
|
|
|
|
"maxmemory-policy allkeys-lru")
|
2019-08-31 12:18:16 +02:00
|
|
|
Log.debug(
|
|
|
|
|
self, "Setting tcp-backlog variable to "
|
|
|
|
|
"in redis.conf")
|
2019-08-07 03:05:32 +02:00
|
|
|
WOFileUtils.searchreplace(self,
|
|
|
|
|
"/etc/redis/redis.conf",
|
2019-08-31 12:18:16 +02:00
|
|
|
"tcp-backlog 511",
|
|
|
|
|
"tcp-backlog 32768")
|
|
|
|
|
WOFileUtils.chown(self, '/etc/redis/redis.conf',
|
|
|
|
|
'redis', 'redis', recursive=False)
|
2019-09-06 14:47:50 +02:00
|
|
|
Log.valide(self, "Tuning Redis configuration")
|
2019-10-03 15:44:23 +02:00
|
|
|
if not WOService.restart_service(self, 'redis-server'):
|
|
|
|
|
WOGit.rollback(self, ["/etc/redis"], msg="Rollback Redis")
|
|
|
|
|
else:
|
|
|
|
|
WOGit.add(self, ["/etc/redis"], msg="Adding Redis into Git")
|
2019-08-31 12:18:16 +02:00
|
|
|
|
2019-08-31 12:47:35 +02:00
|
|
|
# ClamAV configuration
|
2019-10-02 13:13:32 +02:00
|
|
|
if set(WOVar.wo_clamav).issubset(set(apt_packages)):
|
2019-08-31 14:23:29 +02:00
|
|
|
Log.debug(self, "Setting up freshclam cronjob")
|
2019-08-31 12:47:35 +02:00
|
|
|
if not os.path.isfile("/opt/freshclam.sh"):
|
2019-08-31 14:27:47 +02:00
|
|
|
data = dict()
|
2019-09-23 16:35:20 +02:00
|
|
|
WOTemplate.deploy(self, '/opt/freshclam.sh',
|
2019-08-31 12:47:35 +02:00
|
|
|
'freshclam.mustache',
|
|
|
|
|
data, overwrite=False)
|
|
|
|
|
WOFileUtils.chmod(self, "/opt/freshclam.sh", 0o775)
|
2019-08-31 14:27:47 +02:00
|
|
|
WOCron.setcron_weekly(self, '/opt/freshclam.sh '
|
|
|
|
|
'> /dev/null 2>&1',
|
|
|
|
|
comment='ClamAV freshclam cronjob '
|
|
|
|
|
'added by WordOps')
|
2019-08-26 18:05:26 +02:00
|
|
|
|
2019-11-02 19:37:52 +01:00
|
|
|
# nanorc
|
2020-10-15 13:24:00 +02:00
|
|
|
if 'nano' in apt_packages:
|
2019-11-02 19:37:52 +01:00
|
|
|
Log.debug(self, 'Setting up nanorc')
|
|
|
|
|
WOGit.clone(self, 'https://github.com/scopatz/nanorc.git',
|
|
|
|
|
'/usr/share/nano-syntax-highlighting')
|
|
|
|
|
if os.path.exists('/etc/nanorc'):
|
|
|
|
|
Log.debug(
|
|
|
|
|
self, 'including nano syntax highlighting to /etc/nanorc')
|
|
|
|
|
if not WOFileUtils.grepcheck(self, '/etc/nanorc',
|
|
|
|
|
'nano-syntax-highlighting'):
|
|
|
|
|
WOFileUtils.textappend(
|
|
|
|
|
self, '/etc/nanorc', 'include /usr/share/'
|
|
|
|
|
'nano-syntax-highlighting/*.nanorc')
|
|
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
if (packages):
|
2019-08-29 20:02:35 +02:00
|
|
|
# WP-CLI
|
2019-08-05 09:45:08 +02:00
|
|
|
if any('/usr/local/bin/wp' == x[1] for x in packages):
|
|
|
|
|
Log.debug(self, "Setting Privileges"
|
|
|
|
|
" to /usr/local/bin/wp file ")
|
|
|
|
|
WOFileUtils.chmod(self, "/usr/local/bin/wp", 0o775)
|
|
|
|
|
|
2019-08-29 20:02:35 +02:00
|
|
|
# PHPMyAdmin
|
2019-08-05 09:45:08 +02:00
|
|
|
if any('/var/lib/wo/tmp/pma.tar.gz' == x[1]
|
|
|
|
|
for x in packages):
|
2020-04-23 16:36:30 +02:00
|
|
|
wo_phpmyadmin = WODownload.pma_release(self)
|
2019-08-05 09:45:08 +02:00
|
|
|
WOExtract.extract(
|
|
|
|
|
self, '/var/lib/wo/tmp/pma.tar.gz', '/var/lib/wo/tmp/')
|
|
|
|
|
Log.debug(self, 'Extracting file /var/lib/wo/tmp/pma.tar.gz to '
|
|
|
|
|
'location /var/lib/wo/tmp/')
|
|
|
|
|
if not os.path.exists('{0}22222/htdocs/db'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot)):
|
2019-08-05 09:45:08 +02:00
|
|
|
Log.debug(self, "Creating new directory "
|
|
|
|
|
"{0}22222/htdocs/db"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
os.makedirs('{0}22222/htdocs/db'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
if not os.path.exists('{0}22222/htdocs/db/pma/'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot)):
|
2020-04-23 16:36:30 +02:00
|
|
|
shutil.move('/var/lib/wo/tmp/phpMyAdmin-{0}'
|
|
|
|
|
'-all-languages/'
|
|
|
|
|
.format(wo_phpmyadmin),
|
2019-08-05 09:45:08 +02:00
|
|
|
'{0}22222/htdocs/db/pma/'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
shutil.copyfile('{0}22222/htdocs/db/pma'
|
|
|
|
|
'/config.sample.inc.php'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-05 09:45:08 +02:00
|
|
|
'{0}22222/htdocs/db/pma/config.inc.php'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
Log.debug(self, 'Setting Blowfish Secret Key '
|
|
|
|
|
'FOR COOKIE AUTH to '
|
|
|
|
|
'{0}22222/htdocs/db/pma/config.inc.php file '
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
blowfish_key = ''.join([random.choice
|
|
|
|
|
(string.ascii_letters +
|
|
|
|
|
string.digits)
|
2019-08-17 14:18:03 +02:00
|
|
|
for n in range(32)])
|
2019-08-05 09:45:08 +02:00
|
|
|
WOFileUtils.searchreplace(self,
|
|
|
|
|
'{0}22222/htdocs/db/pma'
|
|
|
|
|
'/config.inc.php'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-05 09:45:08 +02:00
|
|
|
"$cfg[\'blowfish_secret\']"
|
|
|
|
|
" = \'\';",
|
|
|
|
|
"$cfg[\'blowfish_secret\']"
|
|
|
|
|
" = \'{0}\';"
|
|
|
|
|
.format(blowfish_key))
|
|
|
|
|
Log.debug(self, 'Setting HOST Server For Mysql to '
|
|
|
|
|
'{0}22222/htdocs/db/pma/config.inc.php file '
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
WOFileUtils.searchreplace(self,
|
|
|
|
|
'{0}22222/htdocs/db/pma'
|
|
|
|
|
'/config.inc.php'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-05 09:45:08 +02:00
|
|
|
"$cfg[\'Servers\'][$i][\'host\']"
|
|
|
|
|
" = \'localhost\';", "$cfg"
|
2019-08-23 17:11:43 +02:00
|
|
|
"[\'Servers\'][$i][\'host\'] "
|
|
|
|
|
"= \'{0}\';"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_mysql_host))
|
2019-08-05 04:56:33 +02:00
|
|
|
Log.debug(self, 'Setting Privileges of webroot permission to '
|
2019-08-17 13:40:28 +02:00
|
|
|
'{0}22222/htdocs/db/pma file '
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-17 13:40:28 +02:00
|
|
|
WOFileUtils.chown(self, '{0}22222/htdocs'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-26 18:05:26 +02:00
|
|
|
'www-data',
|
|
|
|
|
'www-data',
|
2019-08-05 04:56:33 +02:00
|
|
|
recursive=True)
|
|
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
# composer install and phpmyadmin update
|
|
|
|
|
if any('/var/lib/wo/tmp/composer-install' == x[1]
|
|
|
|
|
for x in packages):
|
2019-09-24 00:11:26 +02:00
|
|
|
Log.wait(self, "Installing composer")
|
2019-08-05 09:45:08 +02:00
|
|
|
WOShellExec.cmd_exec(self, "php -q /var/lib/wo"
|
|
|
|
|
"/tmp/composer-install "
|
|
|
|
|
"--install-dir=/var/lib/wo/tmp/")
|
|
|
|
|
shutil.copyfile('/var/lib/wo/tmp/composer.phar',
|
|
|
|
|
'/usr/local/bin/composer')
|
|
|
|
|
WOFileUtils.chmod(self, "/usr/local/bin/composer", 0o775)
|
2019-09-24 00:11:26 +02:00
|
|
|
Log.valide(self, "Installing composer")
|
2019-09-01 13:59:27 +02:00
|
|
|
if ((os.path.isdir("/var/www/22222/htdocs/db/pma")) and
|
|
|
|
|
(not os.path.isfile('/var/www/22222/htdocs/db/'
|
|
|
|
|
'pma/composer.lock'))):
|
2019-09-24 00:11:26 +02:00
|
|
|
Log.wait(self, "Updating phpMyAdmin")
|
2019-08-31 14:18:38 +02:00
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, "/usr/local/bin/composer update "
|
2019-09-21 16:42:49 +02:00
|
|
|
"--no-plugins --no-scripts -n --no-dev -d "
|
|
|
|
|
"/var/www/22222/htdocs/db/pma/")
|
2019-08-31 14:18:38 +02:00
|
|
|
WOFileUtils.chown(
|
|
|
|
|
self, '{0}22222/htdocs/db/pma'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-31 14:18:38 +02:00
|
|
|
'www-data',
|
|
|
|
|
'www-data',
|
|
|
|
|
recursive=True)
|
2019-09-24 00:11:26 +02:00
|
|
|
Log.valide(self, "Updating phpMyAdmin")
|
2019-08-31 14:18:38 +02:00
|
|
|
if not os.path.exists('{0}22222/htdocs/cache/'
|
|
|
|
|
'redis/phpRedisAdmin'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot)):
|
2019-08-31 14:18:38 +02:00
|
|
|
Log.debug(self, "Creating new directory "
|
|
|
|
|
"{0}22222/htdocs/cache/redis"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-31 14:18:38 +02:00
|
|
|
os.makedirs('{0}22222/htdocs/cache/redis/phpRedisAdmin'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-09-01 13:59:27 +02:00
|
|
|
if not os.path.isfile('/var/www/22222/htdocs/cache/redis/'
|
|
|
|
|
'phpRedisAdmin/composer.lock'):
|
2019-09-21 16:42:49 +02:00
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, "/usr/local/bin/composer "
|
|
|
|
|
"create-project --no-plugins --no-scripts -n -s dev "
|
|
|
|
|
"erik-dubbelboer/php-redis-admin "
|
|
|
|
|
"/var/www/22222/htdocs/cache/redis/phpRedisAdmin")
|
2019-09-01 13:59:27 +02:00
|
|
|
WOFileUtils.chown(self, '{0}22222/htdocs'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-09-01 13:59:27 +02:00
|
|
|
'www-data',
|
|
|
|
|
'www-data',
|
|
|
|
|
recursive=True)
|
2019-08-31 14:18:38 +02:00
|
|
|
|
2019-08-29 20:02:35 +02:00
|
|
|
# MySQLtuner
|
2019-08-16 22:44:47 +02:00
|
|
|
if any('/usr/bin/mysqltuner' == x[1]
|
|
|
|
|
for x in packages):
|
|
|
|
|
Log.debug(self, "CHMOD MySQLTuner in /usr/bin/mysqltuner")
|
|
|
|
|
WOFileUtils.chmod(self, "/usr/bin/mysqltuner", 0o775)
|
|
|
|
|
|
2019-10-28 20:07:38 +01:00
|
|
|
# cheat.sh
|
|
|
|
|
if any('/usr/local/bin/cht.sh' == x[1]
|
|
|
|
|
for x in packages):
|
|
|
|
|
Log.debug(self, "CHMOD cht.sh in /usr/local/bin/cht.sh")
|
|
|
|
|
WOFileUtils.chmod(self, "/usr/local/bin/cht.sh", 0o775)
|
|
|
|
|
if WOFileUtils.grepcheck(self, '/etc/bash_completion.d/cht.sh',
|
|
|
|
|
'cht_complete cht.sh'):
|
|
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self, '/etc/bash_completion.d/cht.sh',
|
|
|
|
|
'_cht_complete cht.sh',
|
|
|
|
|
'_cht_complete cheat')
|
|
|
|
|
if not os.path.islink('/usr/local/bin/cheat'):
|
|
|
|
|
WOFileUtils.create_symlink(
|
|
|
|
|
self, ['/usr/local/bin/cht.sh', '/usr/local/bin/cheat'])
|
|
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
# netdata install
|
|
|
|
|
if any('/var/lib/wo/tmp/kickstart.sh' == x[1]
|
|
|
|
|
for x in packages):
|
2019-09-24 00:11:26 +02:00
|
|
|
Log.wait(self, "Installing Netdata")
|
|
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, "bash /var/lib/wo/tmp/kickstart.sh "
|
2024-05-31 22:22:08 +02:00
|
|
|
"--dont-wait --stable-channel",
|
2022-02-01 14:46:58 +01:00
|
|
|
errormsg='', log=False)
|
2019-09-24 00:11:26 +02:00
|
|
|
Log.valide(self, "Installing Netdata")
|
2023-08-13 11:45:49 +02:00
|
|
|
|
2019-09-01 13:59:27 +02:00
|
|
|
# disable mail notifications
|
2024-05-31 22:22:08 +02:00
|
|
|
if os.path.exists('/usr/lib/netdata/conf.d/health_alarm_notify.conf'):
|
2023-08-13 11:45:49 +02:00
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self, "/usr/lib/netdata/conf.d/health_alarm_notify.conf",
|
|
|
|
|
'SEND_EMAIL="YES"',
|
|
|
|
|
'SEND_EMAIL="NO"')
|
|
|
|
|
|
2024-05-31 22:22:08 +02:00
|
|
|
if os.path.exists('/etc/netdata/orig/health_alarm_notify.conf'):
|
2023-08-21 16:17:24 +02:00
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self, "/etc/netdata/orig/health_alarm_notify.conf",
|
|
|
|
|
'SEND_EMAIL="YES"',
|
|
|
|
|
'SEND_EMAIL="NO"')
|
2023-09-19 20:50:41 +02:00
|
|
|
if self.app.config.has_section('mysql'):
|
|
|
|
|
wo_grant_host = self.app.config.get('mysql', 'grant-host')
|
|
|
|
|
else:
|
|
|
|
|
wo_grant_host = 'localhost'
|
2019-09-01 13:59:27 +02:00
|
|
|
# check if mysql credentials are available
|
2024-06-07 16:51:53 +02:00
|
|
|
if (WOMysql.mariadb_ping(self)
|
2023-09-19 20:50:41 +02:00
|
|
|
and wo_grant_host == 'localhost'):
|
2019-09-01 13:59:27 +02:00
|
|
|
try:
|
|
|
|
|
WOMysql.execute(
|
|
|
|
|
self,
|
2019-12-06 13:09:45 +01:00
|
|
|
"DELETE FROM mysql.user WHERE User = 'netdata';",
|
2019-09-01 13:59:27 +02:00
|
|
|
log=False)
|
|
|
|
|
WOMysql.execute(
|
|
|
|
|
self,
|
2019-12-06 13:09:45 +01:00
|
|
|
"create user 'netdata'@'127.0.0.1';",
|
|
|
|
|
log=False)
|
|
|
|
|
WOMysql.execute(
|
|
|
|
|
self,
|
|
|
|
|
"grant usage on *.* to 'netdata'@'127.0.0.1';",
|
2019-09-01 13:59:27 +02:00
|
|
|
log=False)
|
|
|
|
|
WOMysql.execute(
|
|
|
|
|
self, "flush privileges;",
|
|
|
|
|
log=False)
|
2019-09-24 00:11:26 +02:00
|
|
|
except Exception as e:
|
2019-09-01 13:59:27 +02:00
|
|
|
Log.debug(self, "{0}".format(e))
|
|
|
|
|
Log.info(
|
|
|
|
|
self, "fail to setup mysql user for netdata")
|
|
|
|
|
WOService.restart_service(self, 'netdata')
|
2019-08-05 09:45:08 +02:00
|
|
|
|
|
|
|
|
# WordOps Dashboard
|
|
|
|
|
if any('/var/lib/wo/tmp/wo-dashboard.tar.gz' == x[1]
|
|
|
|
|
for x in packages):
|
2019-09-01 16:50:13 +02:00
|
|
|
Log.debug(self, "Extracting wo-dashboard.tar.gz "
|
|
|
|
|
"to location {0}22222/htdocs/"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-09-01 16:50:13 +02:00
|
|
|
WOExtract.extract(self, '/var/lib/wo/tmp/'
|
|
|
|
|
'wo-dashboard.tar.gz',
|
|
|
|
|
'{0}22222/htdocs'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-09-01 16:50:13 +02:00
|
|
|
wo_wan = os.popen("/sbin/ip -4 route get 8.8.8.8 | "
|
|
|
|
|
"grep -oP \"dev [^[:space:]]+ \" "
|
|
|
|
|
"| cut -d ' ' -f 2").read()
|
|
|
|
|
if (wo_wan != 'eth0' and wo_wan != ''):
|
|
|
|
|
WOFileUtils.searchreplace(self,
|
2019-09-22 14:11:12 +02:00
|
|
|
"{0}22222/htdocs/index.html"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-09-01 16:50:13 +02:00
|
|
|
"eth0",
|
|
|
|
|
"{0}".format(wo_wan))
|
2019-08-05 09:45:08 +02:00
|
|
|
Log.debug(self, "Setting Privileges to "
|
2019-09-01 16:50:13 +02:00
|
|
|
"{0}22222/htdocs"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-17 13:40:28 +02:00
|
|
|
WOFileUtils.chown(self, '{0}22222/htdocs'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-26 18:05:26 +02:00
|
|
|
'www-data',
|
|
|
|
|
'www-data',
|
2019-08-05 04:56:33 +02:00
|
|
|
recursive=True)
|
2019-08-05 09:45:08 +02:00
|
|
|
|
2019-09-01 16:50:13 +02:00
|
|
|
# Extplorer FileManager
|
|
|
|
|
if any('/var/lib/wo/tmp/extplorer.tar.gz' == x[1]
|
|
|
|
|
for x in packages):
|
|
|
|
|
Log.debug(self, "Extracting extplorer.tar.gz "
|
|
|
|
|
"to location {0}22222/htdocs/files"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-09-01 16:50:13 +02:00
|
|
|
WOExtract.extract(self, '/var/lib/wo/tmp/extplorer.tar.gz',
|
|
|
|
|
'/var/lib/wo/tmp/')
|
|
|
|
|
shutil.move('/var/lib/wo/tmp/extplorer-{0}'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_extplorer),
|
2019-09-01 16:50:13 +02:00
|
|
|
'{0}22222/htdocs/files'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-09-01 16:50:13 +02:00
|
|
|
Log.debug(self, "Setting Privileges to "
|
|
|
|
|
"{0}22222/htdocs/files"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-09-01 16:50:13 +02:00
|
|
|
WOFileUtils.chown(self, '{0}22222/htdocs'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-09-01 16:50:13 +02:00
|
|
|
'www-data',
|
|
|
|
|
'www-data',
|
|
|
|
|
recursive=True)
|
|
|
|
|
|
2019-08-05 09:45:08 +02:00
|
|
|
# webgrind
|
|
|
|
|
if any('/var/lib/wo/tmp/webgrind.tar.gz' == x[1]
|
|
|
|
|
for x in packages):
|
|
|
|
|
Log.debug(self, "Extracting file webgrind.tar.gz to "
|
|
|
|
|
"location /var/lib/wo/tmp/ ")
|
|
|
|
|
WOExtract.extract(
|
|
|
|
|
self, '/var/lib/wo/tmp/webgrind.tar.gz',
|
|
|
|
|
'/var/lib/wo/tmp/')
|
|
|
|
|
if not os.path.exists('{0}22222/htdocs/php'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot)):
|
2019-08-05 09:45:08 +02:00
|
|
|
Log.debug(self, "Creating directroy "
|
|
|
|
|
"{0}22222/htdocs/php"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
os.makedirs('{0}22222/htdocs/php'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
if not os.path.exists('{0}22222/htdocs/php/webgrind'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot)):
|
2019-08-05 09:45:08 +02:00
|
|
|
shutil.move('/var/lib/wo/tmp/webgrind-master/',
|
|
|
|
|
'{0}22222/htdocs/php/webgrind'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-05 09:45:08 +02:00
|
|
|
|
2019-08-31 14:18:38 +02:00
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self, "{0}22222/htdocs/php/webgrind/"
|
|
|
|
|
"config.php"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-31 14:18:38 +02:00
|
|
|
"/usr/local/bin/dot", "/usr/bin/dot")
|
|
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self, "{0}22222/htdocs/php/webgrind/"
|
|
|
|
|
"config.php"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-31 14:18:38 +02:00
|
|
|
"Europe/Copenhagen",
|
2019-10-02 13:13:32 +02:00
|
|
|
WOVar.wo_timezone)
|
2019-08-31 14:18:38 +02:00
|
|
|
|
|
|
|
|
WOFileUtils.searchreplace(
|
|
|
|
|
self, "{0}22222/htdocs/php/webgrind/"
|
|
|
|
|
"config.php"
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-31 14:18:38 +02:00
|
|
|
"90", "100")
|
2019-08-05 09:45:08 +02:00
|
|
|
|
|
|
|
|
Log.debug(self, "Setting Privileges of webroot permission to "
|
|
|
|
|
"{0}22222/htdocs/php/webgrind/ file "
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot))
|
2019-08-17 13:40:28 +02:00
|
|
|
WOFileUtils.chown(self, '{0}22222/htdocs'
|
2019-10-02 13:13:32 +02:00
|
|
|
.format(WOVar.wo_webroot),
|
2019-08-26 18:05:26 +02:00
|
|
|
'www-data',
|
|
|
|
|
'www-data',
|
2019-08-05 09:45:08 +02:00
|
|
|
recursive=True)
|
|
|
|
|
|
2019-08-26 18:05:26 +02:00
|
|
|
# pt-query-advisor
|
2019-08-05 09:45:08 +02:00
|
|
|
if any('/usr/bin/pt-query-advisor' == x[1]
|
|
|
|
|
for x in packages):
|
|
|
|
|
WOFileUtils.chmod(self, "/usr/bin/pt-query-advisor", 0o775)
|
2019-09-27 01:19:45 +02:00
|
|
|
|
|
|
|
|
# ngxblocker
|
|
|
|
|
if any('/usr/local/sbin/install-ngxblocker' == x[1]
|
|
|
|
|
for x in packages):
|
2019-12-05 20:36:18 +01:00
|
|
|
# remove duplicate directives
|
|
|
|
|
if os.path.exists('/etc/nginx/conf.d/variables-hash.conf'):
|
|
|
|
|
WOFileUtils.rm(self, '/etc/nginx/conf.d/variables-hash.conf')
|
2019-09-27 01:19:45 +02:00
|
|
|
WOFileUtils.chmod(
|
|
|
|
|
self, "/usr/local/sbin/install-ngxblocker", 0o700)
|
|
|
|
|
WOShellExec.cmd_exec(self, '/usr/local/sbin/install-ngxblocker -x')
|
|
|
|
|
WOFileUtils.chmod(
|
|
|
|
|
self, "/usr/local/sbin/update-ngxblocker", 0o700)
|
2019-12-05 20:36:18 +01:00
|
|
|
if not WOService.restart_service(self, 'nginx'):
|
|
|
|
|
Log.error(self, 'ngxblocker install failed')
|
2019-10-23 01:59:10 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def pre_stack(self):
|
|
|
|
|
"""Inital server configuration and tweak"""
|
2019-10-25 23:58:08 +02:00
|
|
|
# remove old sysctl tweak
|
2019-10-23 01:59:10 +02:00
|
|
|
if os.path.isfile('/etc/sysctl.d/60-ubuntu-nginx-web-server.conf'):
|
2019-11-11 19:06:11 +01:00
|
|
|
WOFileUtils.rm(
|
|
|
|
|
self, '/etc/sysctl.d/60-ubuntu-nginx-web-server.conf')
|
|
|
|
|
# check if version.txt exist
|
|
|
|
|
if os.path.exists('/var/lib/wo/version.txt'):
|
|
|
|
|
with open('/var/lib/wo/version.txt',
|
|
|
|
|
mode='r', encoding='utf-8') as wo_ver:
|
|
|
|
|
# check version written in version.txt
|
|
|
|
|
wo_check = bool(wo_ver.read().strip() ==
|
|
|
|
|
'{0}'.format(WOVar.wo_version))
|
|
|
|
|
else:
|
|
|
|
|
wo_check = False
|
|
|
|
|
if wo_check is False:
|
|
|
|
|
# wo sysctl tweaks
|
|
|
|
|
# check system type
|
2019-12-03 19:48:18 +01:00
|
|
|
wo_arch = bool((os.uname()[4]) == 'x86_64')
|
2019-11-11 19:06:11 +01:00
|
|
|
if os.path.isfile('/proc/1/environ'):
|
|
|
|
|
# detect lxc containers
|
|
|
|
|
wo_lxc = WOFileUtils.grepcheck(
|
|
|
|
|
self, '/proc/1/environ', 'container=lxc')
|
|
|
|
|
# detect wsl
|
|
|
|
|
wo_wsl = WOFileUtils.grepcheck(
|
|
|
|
|
self, '/proc/1/environ', 'wsl')
|
|
|
|
|
else:
|
|
|
|
|
wo_wsl = True
|
|
|
|
|
wo_lxc = True
|
2019-10-25 23:58:08 +02:00
|
|
|
|
2019-11-11 19:06:11 +01:00
|
|
|
if (wo_lxc is not True) and (wo_wsl is not True) and (wo_arch is True):
|
2019-10-23 01:59:10 +02:00
|
|
|
data = dict()
|
|
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '/etc/sysctl.d/60-wo-tweaks.conf',
|
|
|
|
|
'sysctl.mustache', data, True)
|
2019-10-25 23:58:08 +02:00
|
|
|
# use tcp_bbr congestion algorithm only on new kernels
|
2023-12-01 16:52:33 +01:00
|
|
|
if (WOVar.wo_platform_codename == 'focal' or
|
2022-09-08 21:03:59 +02:00
|
|
|
WOVar.wo_platform_codename == 'buster' or
|
|
|
|
|
WOVar.wo_platform_codename == 'jammy' or
|
2023-12-01 16:52:33 +01:00
|
|
|
WOVar.wo_platform_codename == 'bullseye' or
|
|
|
|
|
WOVar.wo_platform_codename == 'bookworm'):
|
2019-11-11 19:06:11 +01:00
|
|
|
try:
|
|
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, 'modprobe tcp_bbr')
|
|
|
|
|
with open(
|
|
|
|
|
"/etc/modules-load.d/bbr.conf",
|
|
|
|
|
encoding='utf-8', mode='w') as bbr_file:
|
2019-10-23 01:59:10 +02:00
|
|
|
bbr_file.write('tcp_bbr')
|
2019-11-11 19:06:11 +01:00
|
|
|
with open(
|
|
|
|
|
"/etc/sysctl.d/60-wo-tweaks.conf",
|
|
|
|
|
encoding='utf-8', mode='a') as sysctl_file:
|
2019-10-23 01:59:10 +02:00
|
|
|
sysctl_file.write(
|
|
|
|
|
'\nnet.ipv4.tcp_congestion_control = bbr'
|
|
|
|
|
'\nnet.ipv4.tcp_notsent_lowat = 16384')
|
2019-11-11 19:06:11 +01:00
|
|
|
except OSError as e:
|
|
|
|
|
Log.debug(self, str(e))
|
|
|
|
|
Log.warn(self, "failed to tweak sysctl")
|
2019-10-23 01:59:10 +02:00
|
|
|
else:
|
2019-11-11 19:06:11 +01:00
|
|
|
try:
|
|
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, 'modprobe tcp_htcp')
|
|
|
|
|
with open(
|
|
|
|
|
"/etc/modules-load.d/htcp.conf",
|
|
|
|
|
encoding='utf-8', mode='w') as bbr_file:
|
2019-10-23 01:59:10 +02:00
|
|
|
bbr_file.write('tcp_htcp')
|
2019-11-11 19:06:11 +01:00
|
|
|
with open(
|
|
|
|
|
"/etc/sysctl.d/60-wo-tweaks.conf",
|
|
|
|
|
encoding='utf-8', mode='a') as sysctl_file:
|
2019-10-23 01:59:10 +02:00
|
|
|
sysctl_file.write(
|
|
|
|
|
'\nnet.ipv4.tcp_congestion_control = htcp')
|
2019-11-11 19:06:11 +01:00
|
|
|
except OSError as e:
|
|
|
|
|
Log.debug(self, str(e))
|
|
|
|
|
Log.warn(self, "failed to tweak sysctl")
|
|
|
|
|
|
2019-10-25 23:58:08 +02:00
|
|
|
# apply sysctl tweaks
|
2019-10-23 01:59:10 +02:00
|
|
|
WOShellExec.cmd_exec(
|
|
|
|
|
self, 'sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf')
|
2019-11-11 19:06:11 +01:00
|
|
|
|
|
|
|
|
# sysctl tweak service
|
|
|
|
|
data = dict()
|
|
|
|
|
if not os.path.isfile('/opt/wo-kernel.sh'):
|
|
|
|
|
WOTemplate.deploy(self, '/opt/wo-kernel.sh',
|
|
|
|
|
'wo-kernel-script.mustache', data)
|
2020-05-12 01:42:04 +02:00
|
|
|
WOFileUtils.chmod(self, '/opt/wo-kernel.sh', 0o700)
|
2019-11-11 19:06:11 +01:00
|
|
|
if not os.path.isfile('/lib/systemd/system/wo-kernel.service'):
|
|
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '/lib/systemd/system/wo-kernel.service',
|
|
|
|
|
'wo-kernel-service.mustache', data)
|
|
|
|
|
WOShellExec.cmd_exec(self, 'systemctl enable wo-kernel.service')
|
|
|
|
|
WOService.start_service(self, 'wo-kernel')
|
|
|
|
|
# open_files_limit tweak
|
|
|
|
|
if not WOFileUtils.grepcheck(self,
|
|
|
|
|
'/etc/security/limits.conf', '500000'):
|
|
|
|
|
with open("/etc/security/limits.conf",
|
|
|
|
|
encoding='utf-8', mode='a') as limit_file:
|
|
|
|
|
limit_file.write(
|
|
|
|
|
'* hard nofile 500000\n'
|
|
|
|
|
'* soft nofile 500000\n'
|
|
|
|
|
'root hard nofile 500000\n'
|
|
|
|
|
'root soft nofile 500000\n')
|
|
|
|
|
# custom motd-news
|
|
|
|
|
data = dict()
|
|
|
|
|
# check if update-motd.d directory exist
|
|
|
|
|
if os.path.isdir('/etc/update-motd.d/'):
|
2019-10-27 22:47:28 +01:00
|
|
|
# render custom motd template
|
2019-10-27 21:08:50 +01:00
|
|
|
WOTemplate.deploy(
|
|
|
|
|
self, '/etc/update-motd.d/98-wo-update',
|
|
|
|
|
'wo-update.mustache', data)
|
2019-10-28 20:07:38 +01:00
|
|
|
WOFileUtils.chmod(
|
|
|
|
|
self, "/etc/update-motd.d/98-wo-update", 0o755)
|
2019-11-11 19:06:11 +01:00
|
|
|
with open('/var/lib/wo/version.txt',
|
|
|
|
|
mode='w', encoding='utf-8') as wo_ver:
|
|
|
|
|
wo_ver.write('{0}'.format(WOVar.wo_version))
|
