Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Linux tweak integration in wo

Browse Source
This commit is contained in:
VirtuBox
2019-10-23 01:59:10 +02:00
parent 8ae8f0ee7d
commit 2ab250f2ba
5 changed files with 70 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
install
View File

@@ -141,9 +141,6 @@ readonly TIME=$(date +"$TIME_FORMAT")
readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.gz" readonly NGINX_BACKUP_FILE="/var/lib/wo-backup/nginx-backup.$TIME.tar.gz"
readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz" readonly EE_BACKUP_FILE="/var/lib/wo-backup/ee-backup.$TIME.tar.gz"
readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz" readonly WO_BACKUP_FILE="/var/lib/wo-backup/wo-backup.$TIME.tar.gz"
readonly wo_lxc=$(grep "container=lxc" /proc/1/environ)
readonly wo_wsl=$(grep "wsl" /proc/1/environ)
readonly wo_arch="$(uname -m)"
if [ -x /usr/local/bin/ee ]; then if [ -x /usr/local/bin/ee ]; then
ee_migration=1 ee_migration=1
@@ -610,42 +607,6 @@ wo_remove_ee_cron() {
} }
wo_tweak_kernel() {
local wo_distro_version
wo_distro_version=$(lsb_release -sc)
if [ "$wo_arch" = "x86_64" ] && [ -z "$wo_lxc" ] && [ -z "$wo_wsl" ]; then
rm -f /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
wget -qO /etc/sysctl.d/60-wo-tweaks.conf https://raw.githubusercontent.com/WordOps/WordOps/"$wo_branch"/wo/cli/templates/sysctl.mustache
if [ "$wo_distro_version" = "bionic" ] || [ "$wo_distro_version" = "disco" ] || [ "$wo_distro_version" = "buster" ]; then
modprobe tcp_bbr && echo 'tcp_bbr' >> /etc/modules-load.d/bbr.conf
echo -e '\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_notsent_lowat = 16384' >> /etc/sysctl.d/60-wo-tweaks.conf
else
modprobe tcp_htcp && echo 'tcp_htcp' >> /etc/modules-load.d/htcp.conf
echo 'net.ipv4.tcp_congestion_control = htcp' >> /etc/sysctl.d/60-wo-tweaks.conf
fi
# apply sysctl tweaks
sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf
fi
}
wo_systemd_tweak() {
if [ ! -x /opt/wo-kernel.sh ]; then
# download and setup wo-kernel systemd service to apply kernel tweaks for netdata and redis on server startup
wget -qO /opt/wo-kernel.sh https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-script.mustache
chmod +x /opt/wo-kernel.sh
wget -qO /lib/systemd/system/wo-kernel.service https://raw.githubusercontent.com/WordOps/WordOps/updating-configuration/wo/cli/templates/wo-kernel-service.mustache
systemctl enable wo-kernel.service
systemctl start wo-kernel.service
fi
LIMIT_CHECK=$(grep "500000" /etc/security/limits.conf)
if [ -z "$LIMIT_CHECK" ]; then
echo -e "* hard nofile 500000\n* soft nofile 500000\nroot hard nofile 500000\nroot soft nofile 500000\n" >> /etc/security/limits.conf
fi
}
wo_domain_suffix() { wo_domain_suffix() {
curl -m 10 --retry 3 -sL https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat curl -m 10 --retry 3 -sL https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat | sed '/^\/\//d' | sed '/^$/d' | sed 's/^\s+//g' > /var/lib/wo/public_suffix_list.dat
} }
@@ -780,7 +741,7 @@ else
_run wo_timesync _run wo_timesync
# skip steps if travis # skip steps if travis
if [ -z "$wo_travis" ]; then if [ -z "$wo_travis" ]; then
_run wo_download "Downloading WordOps" #_run wo_download "Downloading WordOps"
wo_git_config wo_git_config
_run wo_install "Installing WordOps" _run wo_install "Installing WordOps"
else else
@@ -791,10 +752,6 @@ else
_run wo_clean_ee "Cleaning previous EasyEngine install" _run wo_clean_ee "Cleaning previous EasyEngine install"
fi fi
_run wo_install_acme_sh _run wo_install_acme_sh
_run wo_tweak_kernel "Applying Kernel tweaks"
if [ ! -f /opt/wo-kernel.sh ]; then
_run wo_systemd_tweak "Adding systemd service tweak"
fi
if [ -x /usr/sbin/nginx ]; then if [ -x /usr/sbin/nginx ]; then
_run wo_nginx_tweak _run wo_nginx_tweak
fi fi

2
setup.py
View File

@@ -1,10 +1,10 @@
import glob import glob
import os import os
import sys
from setuptools import find_packages, setup from setuptools import find_packages, setup
# read the contents of your README file # read the contents of your README file
this_directory = os.path.abspath(os.path.dirname(__file__)) this_directory = os.path.abspath(os.path.dirname(__file__))
with open(os.path.join(this_directory, 'README.md'), encoding='utf-8') as f: with open(os.path.join(this_directory, 'README.md'), encoding='utf-8') as f:

3
wo/cli/plugins/site.py
View File

@@ -905,8 +905,9 @@ class WOSiteUpdateController(CementBaseController):
choices=('on', 'off'), choices=('on', 'off'),
const='on', nargs='?')), const='on', nargs='?')),
(['--ngxblocker'], (['--ngxblocker'],
dict(help="enable HSTS for site secured with letsencrypt", dict(help="enable Ultimate Nginx bad bot blocker",
action='store' or 'store_const', action='store' or 'store_const',
choices=('on', 'off'),
const='on', nargs='?')), const='on', nargs='?')),
(['--proxy'], (['--proxy'],
dict(help="update to proxy site", nargs='+')), dict(help="update to proxy site", nargs='+')),

3
wo/cli/plugins/stack.py
View File

@@ -5,7 +5,7 @@ import os
from cement.core.controller import CementBaseController, expose from cement.core.controller import CementBaseController, expose
from wo.cli.plugins.stack_migrate import WOStackMigrateController from wo.cli.plugins.stack_migrate import WOStackMigrateController
from wo.cli.plugins.stack_pref import post_pref, pre_pref from wo.cli.plugins.stack_pref import post_pref, pre_pref, pre_stack
from wo.cli.plugins.stack_services import WOStackStatusController from wo.cli.plugins.stack_services import WOStackStatusController
from wo.cli.plugins.stack_upgrade import WOStackUpgradeController from wo.cli.plugins.stack_upgrade import WOStackUpgradeController
from wo.core.aptget import WOAptGet from wo.core.aptget import WOAptGet
@@ -485,6 +485,7 @@ class WOStackController(CementBaseController):
Log.debug(self, "{0}".format(e)) Log.debug(self, "{0}".format(e))
if (apt_packages) or (packages): if (apt_packages) or (packages):
pre_stack(self)
if (apt_packages): if (apt_packages):
Log.debug(self, "Calling pre_pref") Log.debug(self, "Calling pre_pref")
pre_pref(self, apt_packages) pre_pref(self, apt_packages)

64
wo/cli/plugins/stack_pref.py
View File

@@ -1362,3 +1362,67 @@ def post_pref(self, apt_packages, packages, upgrade=False):
WOShellExec.cmd_exec(self, '/usr/local/sbin/install-ngxblocker -x') WOShellExec.cmd_exec(self, '/usr/local/sbin/install-ngxblocker -x')
WOFileUtils.chmod( WOFileUtils.chmod(
self, "/usr/local/sbin/update-ngxblocker", 0o700) self, "/usr/local/sbin/update-ngxblocker", 0o700)
def pre_stack(self):
"""Inital server configuration and tweak"""
# wo sysctl tweaks
Log.wait(self, 'Applying Linux tweaks')
wo_arch = os.uname()[4]
if os.path.isfile('/proc/1/environ'):
wo_lxc = WOFileUtils.grepcheck(
self, '/proc/1/environ', 'container=lxc')
wo_wsl = WOFileUtils.grepcheck(
self, '/proc/1/environ', 'wsl')
if os.path.isfile('/etc/sysctl.d/60-ubuntu-nginx-web-server.conf'):
WOFileUtils.rm(self, '/etc/sysctl.d/60-ubuntu-nginx-web-server.conf')
if wo_arch == 'x86_64':
if (wo_lxc is not True) and (wo_wsl is not True):
data = dict()
WOTemplate.deploy(
self, '/etc/sysctl.d/60-wo-tweaks.conf',
'sysctl.mustache', data, True)
if (WOVar.wo_platform_codename == 'bionic' or
WOVar.wo_platform_codename == 'disco' or
WOVar.wo_platform_codename == 'buster'):
if WOShellExec.cmd_exec(self, 'modprobe tcp_bbr'):
with open("/etc/modules-load.d/bbr.conf",
encoding='utf-8', mode='w') as bbr_file:
bbr_file.write('tcp_bbr')
with open("/etc/sysctl.d/60-wo-tweaks.conf",
encoding='utf-8', mode='a') as sysctl_file:
sysctl_file.write(
'\nnet.ipv4.tcp_congestion_control = bbr'
'\nnet.ipv4.tcp_notsent_lowat = 16384')
else:
if WOShellExec.cmd_exec(self, 'modprobe tcp_htcp'):
with open("/etc/modules-load.d/htcp.conf",
encoding='utf-8', mode='w') as bbr_file:
bbr_file.write('tcp_htcp')
with open("/etc/sysctl.d/60-wo-tweaks.conf",
encoding='utf-8', mode='a') as sysctl_file:
sysctl_file.write(
'\nnet.ipv4.tcp_congestion_control = htcp')
WOShellExec.cmd_exec(
self, 'sysctl -eq -p /etc/sysctl.d/60-wo-tweaks.conf')
# sysctl tweak service
if not os.path.isfile('/opt/wo-kernel.sh'):
data = dict()
WOTemplate.deploy(self, '/opt/wo-kernel.sh',
'wo-kernel-script.mustache', data)
if not os.path.isfile('/lib/systemd/system/wo-kernel.service'):
WOTemplate.deploy(
self, '/lib/systemd/system/wo-kernel.service',
'wo-kernel-service.mustache')
WOShellExec.cmd_exec(self, 'systemctl enable wo-kernel.service')
WOShellExec.cmd_exec(self, 'systemctl start wo-kernel.service')
# open_files_limit tweak
if not WOFileUtils.grepcheck(self, '/etc/security/limits.conf', '500000'):
with open("/etc/security/limits.conf",
encoding='utf-8', mode='w') as limit_file:
limit_file.write(
'* hard nofile 500000\n'
'* soft nofile 500000\n'
'root hard nofile 500000\n'
'root soft nofile 500000\n')
Log.valide(self, 'Applying Linux tweaks')