Difference between revisions of "Moodle Initial Script"
Jump to navigation
Jump to search
Adam.birds (talk | contribs) (Created page with "'''Here is the Initial Script for the Moodle Stack:''' <pre> #! /bin/bash #### ## INITIAL.SH #### # ToDo # tcp window size # cherokee and stuff # at job mail support fo...") |
Adam.birds (talk | contribs) |
||
| Line 666: | Line 666: | ||
</pre> | </pre> | ||
| + | [[Category:Moodle]] | ||
[[Category:Nginx]] | [[Category:Nginx]] | ||
[[Category:PHP]] | [[Category:PHP]] | ||
Latest revision as of 17:27, 30 April 2016
Here is the Initial Script for the Moodle Stack:
#! /bin/bash
####
## INITIAL.SH
####
# ToDo
# tcp window size
# cherokee and stuff
# at job mail support for tuning checkup
# this stuff:
# echo deadline > /sys/block/sda/queue/scheduler
# echo noop > /sys/block/sda/queue/scheduler
# cat /proc/sys/vm/swappiness
# echo 0 > cat /proc/sys/vm/swappiness
# sysctl -p
# ktune
# compcache
# Dane tmpfs init
# chef?!?
# disable repos
# gzip_vary on; https://developers.google.com/speed/docs/best-practices/caching?hl=sv#LeverageProxyCaching
# sed '-' out of dbname
###
#### ####
## Edit stuff below this point if you don't want defaults ##
#### ####
#Write your own domain in, just leave out the www
#Can be left blank to use example.com as a standin
DOMAIN=""
#IP can be ext, int or write it in yourself
IP="ext"
#Change SSL to "yes" if you want the nginx SSL section including
SSL="yes"
#### ####
## Don't edit stuff below here if you want the script to work ##
#### ####
unset HISTFILE
###
# Quick bc install for some of the vars
###
yum install bc at -y
service atd start
chkconfig atd on
# Other utils that don't come as default
yum install tcpdump lsof wget telnet -y
####
# Also pwgen
####
yum install epel-release -y
yum install pwgen --enablerepo=epel -y
###
# Variables 'n' shit
###
if [ -z ${DOMAIN} ]
then
DOMAIN="example.com"
fi
if [ "$IP" = "int" ]
then
# '-m1' to return first match only
IP=`ip a|egrep -m1 '(172\.|192.168\.|10\.0\.)'|awk '{print $2}'|sed -e 's_/.*__'`
elif [ "$IP" = "ext" ]
then
IP=`curl -s icanhazip.com`
fi
ARCH=`arch`
THREADCON=$(echo 2*$(grep -c "processor" /proc/cpuinfo)+2|bc)
NGINXWORKER=$(grep -c "processor" /proc/cpuinfo)
POOLSIZE=$(echo $(echo $(grep MemTot /proc/meminfo |awk '{print $2}')/2|bc)k)
DOMNODOT=`echo $DOMAIN| sed 's/\.//g'`
BACKEND=$(echo $(echo $DOMNODOT)backend)
USERPASS=`pwgen -cn1`
MOODLEUSER="admin-$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 2)"
MOODLEPASS=`pwgen -cn1`
MYSQL=`echo $DOMNODOT|sed -n 's/^\(......\).*/\1/p'`
MYSQL="${MYSQL}$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 4)"
MYSQLPASS=`pwgen -cn1`
MYSQLROOTPASS=`pwgen -cn1`
USERNAME=$(echo $DOMNODOT|cut -c 1-15)
USERNAME="${USERNAME}$(cat /dev/urandom|tr -dc '0-9a-z'| head -c 6)"
DBNAME=`echo $DOMNODOT|sed 's/-//g'`
#install atomic
wget -q -O - http://www.atomicorp.com/installers/atomic | sed -e '/check_input "Enable repo/d' -e 's/query=$INPUTTEXT/query="yes"/g'|NON_INT=1 sh
sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum.repos.d/atomic.repo
if [[ "`grep "release 7" /etc/redhat-release`" =~ "release 7" ]]; then
yum -y install https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-14.ius.centos7.noarch.rpm
yum -y install php56u-gd php56u-cli php56u-devel php56u-fpm php56u-process php56u-soap php56u-pecl-jsonc php56u-pdo php56u php56u-mysqlnd php56u-gmp php56u-opcache php56u-pear php56u-common php56u-xmlrpc php56u-odbc php56u-mbstring php56u-ldap php56u-pecl-jsonc-devel php56u-xml php56u-pgsql php56u-intl php56u-mcrypt openldap-devel openldap-clients openldap-servers openldap openldap-servers-sql
else
yum -y install https://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-14.ius.centos6.noarch.rpm
yum -y install php56u-gd php56u-cli php56u-devel php56u-fpm php56u-process php56u-soap php56u-pecl-jsonc php56u-pdo php56u php56u-mysqlnd php56u-gmp php56u-opcache php56u-pear php56u-common php56u-xmlrpc php56u-odbc php56u-mbstring php56u-ldap php56u-pecl-jsonc-devel php56u-xml php56u-pgsql php56u-intl php56u-mcrypt openldap-devel openldap-clients openldap-servers openldap openldap-servers-sql
fi
# todo install epel nicer? from their epel-release rpm?
sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo
#yum -y install php-mcrypt-5.3* --enablerepo=epel
###
# Check httpd isn't going to mess stuff up
###
service httpd stop
chkconfig httpd off
###
# Same with cherokee
###
rpm -e --nodeps cherokee
###
# misc atop vim screen install
###
yum install atop vim-enhanced screen -y
chkconfig atop on
service atop start
###
# Time to get memcached on
###
yum install memcached -y
service memcached start
chkconfig memcached on
###
# And then redis...
###
yum -y install redis
service redis start
chkconfig redis on
###
# Now for nginx
###
echo "
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1
" >> /etc/yum.repos.d/nginx.repo
yum install nginx -y
chkconfig nginx on
###
# Install apc/memcache
# Also zlib-devel for memcache
###
yum install gcc make zlib-devel pcre-devel -y
# need to install memcache-beta to make sure its v3.0.6 for memcache
printf "\n" |pecl install memcache-beta
# redis module, just in case
printf "\n" |pecl install redis
echo "
extension=memcache.so
" > /etc/php.d/memcache.ini
echo "
extension=redis.so
" >> /etc/php.d/redis.ini
###
# PHP tweaks
###
sed -e "s_;date.timezone =_date.timezone = \"Europe/London\"_g" \
-e "s/memory_limit = 128M/memory_limit = 512M/" \
-e "s/max_execution_time = 30/max_execution_time = 600/" \
-e "s/session.save_handler = files/session.save_handler = memcache/" \
-e '/session.save_path = "\//c\session.save_path = "tcp:\/\/127.0.0.1:11211"' \
-e "s/short_open_tag = Off/short_open_tag = On/"\
/etc/php.ini > /etc/php.ini.new && mv -f /etc/php.ini.new /etc/php.ini
#fixpath for moodle
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/g' /etc/php.ini
###
# For testing purposes, installing mysql first
###
#yum install mysql mysql-server -y
#service mysqld start
###
# Percona Swap-out
###
yum -y install http://www.percona.com/downloads/percona-release/redhat/0.1-3/percona-release-0.1-3.noarch.rpm
service mysqld stop
rpm -e --nodeps mysql mysql-server
cp -rp /var/lib/mysql /var/lib/mysql.copy
rm -rf /var/lib/mysql
yum install Percona-Server-client-56 Percona-Server-server-56 Percona-Server-shared-compat -y
service mysql start
chkconfig mysql on
mysql_upgrade
service mysql stop
###
# MySQL optimisations
###
cat /dev/null > /etc/my.cnf
echo "
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Start of Base Moodle Optimisation
innodb_flush_log_at_trx_commit = 2
innodb_flush_method = O_DIRECT
innodb_file_per_table
innodb_thread_concurrency = $THREADCON
query_cache_size = 128M
query_cache_limit = 8M
thread_cache_size = 64
key_buffer_size = 512M
max_allowed_packet = 64M
table_open_cache = 512
sort_buffer_size = 4M
read_buffer_size = 4M
read_rnd_buffer_size = 2M
myisam_sort_buffer_size = 64M
max_heap_table_size = 128M
tmp_table_size = 128M
query_cache_type = 1
wait_timeout = 300
max_connections = 200
innodb_buffer_pool_size = $POOLSIZE
# End of Base Moodle Optimisation
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[client]
socket=/var/lib/mysql/mysql.sock
" >> /etc/my.cnf
service mysql start
###
# nginx shit
###
cat /dev/null > /etc/nginx/nginx.conf
echo "
user nginx;
worker_processes $NGINXWORKER;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens on;
log_format main '\$remote_addr - \$remote_user [\$time_local] \"\$request \"'
'\$status \$body_bytes_sent \"\$http_referer\" '
'\"\$http_user_agent\" \"\$http_x_forwarded_for\"'
'[RT:\$request_time] [C:\$connection]';
access_log /var/log/nginx/access.log main buffer=32k flush=300;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
autoindex off;
map \$scheme \$fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
# Dirty fix as some Magento scripts (admin) take up-to 10 minutes!
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
#big header fixes
proxy_buffers 8 16k;
proxy_buffer_size 32k;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 15m;
large_client_header_buffers 2 1k;
keepalive_timeout 60;
gzip on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
gzip_min_length 20;
open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
}
" >> /etc/nginx/nginx.conf
###
# SSL Offloading fix
###
echo "
if (\$http_x_forwarded_proto = \"https\") { ## Safety net to catch SSL-Offloading
set \$fastcgi_https \"on\";
}
" >> /etc/nginx/ssl_offloading.inc
###
# Adding first domain
###
if [ "$SSL" = "no" ]; then
echo "
# Uncomment the server definition below should you wish to
# redirect from $DOMAIN to www.$DOMAIN
#server {
# listen $IP;
# server_name $DOMAIN;
# #rewrite / \$scheme://www.\$host\$request_uri permanent;
#}
#
# Change this backend name (and the socket pointer)
# as additional virtual hosts are added. This should
# point to the spawn-fcgi wrapper running as the
# appropriate user.
#
upstream $BACKEND {
server unix:/var/run/php-fcgi-$DOMNODOT.sock;
}
server {
listen $IP:80;
server_name $DOMAIN *.$DOMAIN;
root /var/www/vhosts/$DOMAIN/htdocs;
location / {
index index.html index.php;
try_files \$uri \$uri/ @handler;
expires 30d;
}
location /app/ { deny all; }
location /includes/ { deny all; }
location /media/downloadable/ { deny all; }
location /pkginfo/ { deny all; }
location /report/config.xml { deny all; }
location /var/ { deny all; }
location /. {
return 404;
}
location @handler {
rewrite / /index.php;
}
location /dataroot/ {
internal;
alias /var/www/vhosts/$DOMAIN/moodledata/;
}
include \"ssl_offloading.inc\";
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass $BACKEND;
include fastcgi_params;
fastcgi_param PATH_INFO \$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
}
" >> /etc/nginx/conf.d/$DOMAIN.conf
else
echo "
# Uncomment the server definition below should you wish to
# redirect from $DOMAIN to www.$DOMAIN
#server {
# listen $IP;
# server_name $DOMAIN;
# #rewrite / \$scheme://www.\$host\$request_uri permanent;
#}
#
# Change this backend name (and the socket pointer)
# as additional virtual hosts are added. This should
# point to the spawn-fcgi wrapper running as the
# appropriate user.
#
upstream $BACKEND {
server unix:/var/run/php-fcgi-$DOMNODOT.sock;
}
server {
listen $IP:80;
listen $IP:443 ssl;
server_name $DOMAIN *.$DOMAIN;
root /var/www/vhosts/$DOMAIN/htdocs;
ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;
ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4-SHA:!HIGH:!ADH;
location / {
index index.html index.php;
try_files \$uri \$uri/ @handler;
expires 30d;
}
location /app/ { deny all; }
location /includes/ { deny all; }
location /media/downloadable/ { deny all; }
location /pkginfo/ { deny all; }
location /report/config.xml { deny all; }
location /var/ { deny all; }
location /. {
return 404;
}
location @handler {
rewrite / /index.php;
}
location /dataroot/ {
internal;
alias /var/www/vhosts/$DOMAIN/moodledata/;
}
include \"ssl_offloading.inc\";
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass $BACKEND;
include fastcgi_params;
fastcgi_param PATH_INFO \$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
}
" >> /etc/nginx/conf.d/$DOMAIN.conf
mkdir -p /etc/nginx/ssl
#generate self signed for placeholder
openssl genrsa 2048 > /etc/nginx/ssl/$DOMAIN.key
openssl req -new -key /etc/nginx/ssl/$DOMAIN.key -x509 -days 365 -out /etc/nginx/ssl/$DOMAIN.crt -batch
fi
mkdir -p /var/www/vhosts/$DOMAIN/htdocs
useradd -d /var/www/vhosts/$DOMAIN -s /sbin/nologin $USERNAME
echo $USERPASS|passwd --stdin $USERNAME
touch /var/www/vhosts/$DOMAIN/phpfpm-slow.log
touch /var/www/vhosts/$DOMAIN/phpfpm-error.log
chown -R $USERNAME:$USERNAME /var/www/vhosts/$DOMAIN
###
# Clean up nginx
###
rm -f /etc/nginx/conf.d/default.conf
rm -f /etc/nginx/conf.d/example_ssl.conf
###
# PHP time
###
rm -f /etc/php-fpm.d/*
chkconfig php-fpm on
echo "
[$DOMNODOT]
listen = '/var/run/php-fcgi-$DOMNODOT.sock'
;listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
;listen.mode = 0666
user = $USERNAME
group = $USERNAME
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 2000
;pm.status_path = /status
;ping.path = /ping
;ping.response = pong
;request_terminate_timeout = 0
;request_slowlog_timeout = 0
slowlog = /var/www/vhosts/$DOMAIN/phpfpm-slow.log
;rlimit_files = 1024
;rlimit_core = 0
;chroot =
;chdir = /var/www
;catch_workers_output = yes
;env[HOSTNAME] = \$HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
php_admin_value[error_log] = /var/www/vhosts/$DOMAIN/phpfpm-error.log
php_admin_flag[log_errors] = on
" >> /etc/php-fpm.d/$DOMNODOT.conf
# Segfault fix
# Pretty sure this is incredibly irrelevant now, commenting out
#sed -i '/RETVAL=0/ i\export ZEND_DONT_UNLOAD_MODULES=1' /etc/init.d/php-fpm
###
# Create a default DB
###
echo "CREATE DATABASE $DBNAME;" | mysql
echo "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$MYSQL'@'localhost' IDENTIFIED BY '$MYSQLPASS';" | mysql
echo "FLUSH PRIVILEGES;" | mysql
###
# Set the root password for the database
###
echo "SET PASSWORD FOR root@'localhost' = PASSWORD('$MYSQLROOTPASS');" | mysql
echo "FLUSH PRIVILEGES;" | mysql
#Set .my.cnf for default login
touch /root/.my.cnf
cat /dev/null > /root/.my.cnf
echo "
[client]
host = localhost
user = root
password = $MYSQLROOTPASS
" > /root/.my.cnf
mysql_upgrade
###
# FTP stuff
###
yum install vsftpd -y
chkconfig vsftpd on
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd/vsftpd.conf
service vsftpd start
#disable atomic
sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/atomic.repo
###
# Install Moodle
###
wget -O /tmp/moodle.tgz https://download.moodle.org/download.php/direct/stable30/moodle-latest-30.tgz
tar --strip 1 -C /var/www/vhosts/$DOMAIN/htdocs/ -xzf /tmp/moodle.tgz
mkdir /var/www/vhosts/$DOMAIN/moodledata
chmod 777 /var/www/vhosts/$DOMAIN/moodledata #Sorry. Moodle reccomended. will be a way around it, need to look into it.
chown -R $USERNAME:$USERNAME /var/www/vhosts/$DOMAIN
find /var/www/vhosts/$DOMAIN/htdocs/ -type f -exec chmod 0644 {} \;
find /var/www/vhosts/$DOMAIN/htdocs/ -type d -exec chmod 0755 {} \;
sudo -u $USERNAME /usr/bin/php /var/www/vhosts/$DOMAIN/htdocs/admin/cli/install.php --chmod=0777 --lang=en --wwwroot=https://$DOMAIN --dataroot=/var/www/vhosts/$DOMAIN/moodledata --dbname=$DBNAME --dbuser=$MYSQL --dbpass=$MYSQLPASS --fullname=$DOMAIN --shortname=$DOMAIN --summary=default --adminuser=$MOODLEUSER --adminpass=$MOODLEPASS --adminemail=admin@$DOMAIN --non-interactive --agree-license
crontab -u $USERNAME -l | { cat; echo "* * * * * /usr/bin/php /var/www/vhosts/$DOMAIN/htdocs/admin/cli/cron.php >/dev/null"; } | crontab -u $USERNAME -
sed -i "/directoryp/a\$CFG->xsendfile = 'X-Accel-Redirect';\n\$CFG->xsendfilealiases = array(\n '/dataroot/' => \$CFG->dataroot\n);" /var/www/vhosts/$DOMAIN/htdocs/config.php
###
# Start it all up
###
service nginx start
service php-fpm start
echo "
# $DOMAIN now set up
# Their username is $USERNAME
# Their password is $USERPASS
#
# Their database name is $DBNAME
# Their DB username is $MYSQL
# Their DB password is $MYSQLPASS
# Their Moodle admin user is $MOODLEUSER
# Their Moodle admin password is $MOODLEPASS
#
# This file will self destruct in 24 hours.
#
# Note: MySQL root password set to $MYSQLROOTPASS
" >> /root/finished$DOMAIN
cat /root/finished$DOMAIN
echo "rm -f /root/finished$DOMAIN" | at now + 24 hours
if [ "$SSL" = "yes" ]
then
echo "
# Self signed SSL certificates generated in the following location:
# /etc/nginx/ssl/$DOMNODOT.key
# /etc/nginx/ssl/$DOMNODOT.crt
# So don't forget to replace them with legit ones
" >> /root/finished$DOMAIN
fi
#Delete self
history -c
rm -f $0
