From 2ab250f2ba2f9640d3b844efde331154c4ce537e Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Wed, 23 Oct 2019 01:59:10 +0200 Subject: [PATCH] Linux tweak integration in wo --- install | 45 +------------------------ setup.py | 2 +- wo/cli/plugins/site.py | 3 +- wo/cli/plugins/stack.py | 3 +- wo/cli/plugins/stack_pref.py | 64 ++++++++++++++++++++++++++++++++++++ 5 files changed, 70 insertions(+), 47 deletions(-) diff --git a/install b/install index 9b8fdfc..01380a9 100755 --- a/install +++ b/install @@ -141,9 +141,6 @@ readonly TIME=$(date +"$TIME_FORMAT") readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.gz" readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz" readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz" -readonly wo_lxc=$(grep "container=lxc" /proc/1/environ) -readonly wo_wsl=$(grep "wsl" /proc/1/environ) -readonly wo_arch="$(uname -m)" if [ -x /usr/local/bin/ee ]; then ee_migration=1 @@ -610,42 +607,6 @@ wo_remove_ee_cron() { } -wo_tweak_kernel() { - local wo_distro_version - wo_distro_version=$(lsb_release -sc) - if [ "$wo_arch" = "x86_64" ] && [ -z "$wo_lxc" ] && [ -z "$wo_wsl" ]; then - rm -f /etc/sysctl.d/60-ubuntu-nginx-web-server.conf - wget -qO /etc/sysctl.d/60-wo-tweaks.conf https://raw.githubusercontent.com/WordOps/WordOps/"$wo_branch"/wo/cli/templates/sysctl.mustache - if [ "$wo_distro_version" = "bionic" ] || [ "$wo_distro_version" = "disco" ] || [ "$wo_distro_version" = "buster" ]; then - modprobe tcp_bbr && echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf - echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-wo-tweaks.conf - else - modprobe tcp_htcp && echo 'tcp_htcp' >> /etc/modules-load.d/htcp.conf - echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-wo-tweaks.conf - fi - # apply sysctl tweaks - sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf - fi -} - -wo_systemd_tweak() { - - if [ ! -x /opt/wo-kernel.sh ]; then - # download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup - wget -qO /opt/wo-kernel.sh https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-script.mustache - chmod +x /opt/wo-kernel.sh - wget -qO /lib/systemd/system/wo-kernel.service https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-service.mustache - systemctl enable wo-kernel.service - systemctl start wo-kernel.service - fi - - LIMIT_CHECK=$(grep "500000" /etc/security/limits.conf) - if [ -z "$LIMIT_CHECK" ]; then - echo -e "* hard nofile 500000\n* soft nofile 500000\nroot hard nofile 500000\nroot soft nofile 500000\n" >> /etc/security/limits.conf - fi - -} - wo_domain_suffix() { curl -m 10 --retry 3 -sL https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat } @@ -780,7 +741,7 @@ else _run wo_timesync # skip steps if travis if [ -z "$wo_travis" ]; then - _run wo_download "Downloading WordOps" + #_run wo_download "Downloading WordOps" wo_git_config _run wo_install "Installing WordOps" else @@ -791,10 +752,6 @@ else _run wo_clean_ee "Cleaning previous EasyEngine install" fi _run wo_install_acme_sh - _run wo_tweak_kernel "Applying Kernel tweaks" - if [ ! -f /opt/wo-kernel.sh ]; then - _run wo_systemd_tweak "Adding systemd service tweak" - fi if [ -x /usr/sbin/nginx ]; then _run wo_nginx_tweak fi diff --git a/setup.py b/setup.py index 786954d..bc3b692 100644 --- a/setup.py +++ b/setup.py @@ -1,10 +1,10 @@ import glob import os +import sys from setuptools import find_packages, setup - # read the contents of your README file this_directory = os.path.abspath(os.path.dirname(__file__)) with open(os.path.join(this_directory, 'README.md'), encoding='utf-8') as f: diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index d293c3b..bbb6b8e 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -905,8 +905,9 @@ class WOSiteUpdateController(CementBaseController): choices=('on', 'off'), const='on', nargs='?')), (['--ngxblocker'], - dict(help="enable HSTS for site secured with letsencrypt", + dict(help="enable Ultimate Nginx bad bot blocker", action='store' or 'store_const', + choices=('on', 'off'), const='on', nargs='?')), (['--proxy'], dict(help="update to proxy site", nargs='+')), diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index 8dacd32..de3c606 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -5,7 +5,7 @@ import os from cement.core.controller import CementBaseController, expose from wo.cli.plugins.stack_migrate import WOStackMigrateController -from wo.cli.plugins.stack_pref import post_pref, pre_pref +from wo.cli.plugins.stack_pref import post_pref, pre_pref, pre_stack from wo.cli.plugins.stack_services import WOStackStatusController from wo.cli.plugins.stack_upgrade import WOStackUpgradeController from wo.core.aptget import WOAptGet @@ -485,6 +485,7 @@ class WOStackController(CementBaseController): Log.debug(self, "{0}".format(e)) if (apt_packages) or (packages): + pre_stack(self) if (apt_packages): Log.debug(self, "Calling pre_pref") pre_pref(self, apt_packages) diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 0127746..18cf67a 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -1362,3 +1362,67 @@ def post_pref(self, apt_packages, packages, upgrade=False): WOShellExec.cmd_exec(self, '/usr/local/sbin/install-ngxblocker -x') WOFileUtils.chmod( self, "/usr/local/sbin/update-ngxblocker", 0o700) + + +def pre_stack(self): + """Inital server configuration and tweak""" + # wo sysctl tweaks + Log.wait(self, 'Applying Linux tweaks') + wo_arch = os.uname()[4] + if os.path.isfile('/proc/1/environ'): + wo_lxc = WOFileUtils.grepcheck( + self, '/proc/1/environ', 'container=lxc') + wo_wsl = WOFileUtils.grepcheck( + self, '/proc/1/environ', 'wsl') + if os.path.isfile('/etc/sysctl.d/60-ubuntu-nginx-web-server.conf'): + WOFileUtils.rm(self, '/etc/sysctl.d/60-ubuntu-nginx-web-server.conf') + if wo_arch == 'x86_64': + if (wo_lxc is not True) and (wo_wsl is not True): + data = dict() + WOTemplate.deploy( + self, '/etc/sysctl.d/60-wo-tweaks.conf', + 'sysctl.mustache', data, True) + if (WOVar.wo_platform_codename == 'bionic' or + WOVar.wo_platform_codename == 'disco' or + WOVar.wo_platform_codename == 'buster'): + if WOShellExec.cmd_exec(self, 'modprobe tcp_bbr'): + with open("/etc/modules-load.d/bbr.conf", + encoding='utf-8', mode='w') as bbr_file: + bbr_file.write('tcp_bbr') + with open("/etc/sysctl.d/60-wo-tweaks.conf", + encoding='utf-8', mode='a') as sysctl_file: + sysctl_file.write( + '\nnet.ipv4.tcp_congestion_control = bbr' + '\nnet.ipv4.tcp_notsent_lowat = 16384') + else: + if WOShellExec.cmd_exec(self, 'modprobe tcp_htcp'): + with open("/etc/modules-load.d/htcp.conf", + encoding='utf-8', mode='w') as bbr_file: + bbr_file.write('tcp_htcp') + with open("/etc/sysctl.d/60-wo-tweaks.conf", + encoding='utf-8', mode='a') as sysctl_file: + sysctl_file.write( + '\nnet.ipv4.tcp_congestion_control = htcp') + WOShellExec.cmd_exec( + self, 'sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf') + # sysctl tweak service + if not os.path.isfile('/opt/wo-kernel.sh'): + data = dict() + WOTemplate.deploy(self, '/opt/wo-kernel.sh', + 'wo-kernel-script.mustache', data) + if not os.path.isfile('/lib/systemd/system/wo-kernel.service'): + WOTemplate.deploy( + self, '/lib/systemd/system/wo-kernel.service', + 'wo-kernel-service.mustache') + WOShellExec.cmd_exec(self, 'systemctl enable wo-kernel.service') + WOShellExec.cmd_exec(self, 'systemctl start wo-kernel.service') + # open_files_limit tweak + if not WOFileUtils.grepcheck(self, '/etc/security/limits.conf', '500000'): + with open("/etc/security/limits.conf", + encoding='utf-8', mode='w') as limit_file: + limit_file.write( + '* hard nofile 500000\n' + '* soft nofile 500000\n' + 'root hard nofile 500000\n' + 'root soft nofile 500000\n') + Log.valide(self, 'Applying Linux tweaks')