Difference between revisions of "Moodle Initial Script"

From Tech Wiki
Jump to navigation Jump to search
(Created page with "'''Here is the Initial Script for the Moodle Stack:''' <pre> #! /bin/bash #### ## INITIAL.SH #### # ToDo # tcp window size # cherokee and stuff # at job mail support fo...")
 
 
Line 666: Line 666:
 
</pre>
 
</pre>
  
 +
[[Category:Moodle]]
 
[[Category:Nginx]]
 
[[Category:Nginx]]
 
[[Category:PHP]]
 
[[Category:PHP]]

Latest revision as of 17:27, 30 April 2016

Here is the Initial Script for the Moodle Stack:

#! /bin/bash
####
##   INITIAL.SH
####
# ToDo
#   tcp window size
# cherokee and stuff
#   at job mail support for tuning checkup
#   this stuff:
#       echo deadline > /sys/block/sda/queue/scheduler
#       echo noop > /sys/block/sda/queue/scheduler
#       cat /proc/sys/vm/swappiness
#       echo 0 > cat /proc/sys/vm/swappiness
#       sysctl -p
#   ktune
#   compcache
#   Dane tmpfs init
#   chef?!?
#   disable repos
#   gzip_vary on; https://developers.google.com/speed/docs/best-practices/caching?hl=sv#LeverageProxyCaching
#   sed '-' out of dbname
###

####                                                    ####
## Edit stuff below this point if you don't want defaults ##
####                                                    ####

#Write your own domain in, just leave out the www
#Can be left blank to use example.com as a standin
DOMAIN=""
#IP can be ext, int or write it in yourself
IP="ext"
#Change SSL to "yes" if you want the nginx SSL section including
SSL="yes"

####                                                        ####
## Don't edit stuff below here if you want the script to work ##
####                                                        ####

unset HISTFILE

###
# Quick bc install for some of the vars
###

yum install bc at -y
service atd start
chkconfig atd on

# Other utils that don't come as default
yum install tcpdump lsof wget telnet -y

####
# Also pwgen
####
yum install epel-release -y
yum install pwgen --enablerepo=epel -y

###
# Variables 'n' shit
###

if [ -z ${DOMAIN} ]
   then
        DOMAIN="example.com"
fi

if [ "$IP" = "int" ]
    then
# '-m1' to return first match only
        IP=`ip a|egrep -m1 '(172\.|192.168\.|10\.0\.)'|awk '{print $2}'|sed -e 's_/.*__'`
elif [ "$IP" = "ext" ]
    then
        IP=`curl -s icanhazip.com`
fi

ARCH=`arch`
THREADCON=$(echo 2*$(grep -c "processor" /proc/cpuinfo)+2|bc)
NGINXWORKER=$(grep -c "processor" /proc/cpuinfo)
POOLSIZE=$(echo $(echo $(grep MemTot /proc/meminfo |awk '{print $2}')/2|bc)k)
DOMNODOT=`echo $DOMAIN| sed 's/\.//g'`
BACKEND=$(echo $(echo $DOMNODOT)backend)
USERPASS=`pwgen -cn1`
MOODLEUSER="admin-$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 2)"
MOODLEPASS=`pwgen -cn1`
MYSQL=`echo $DOMNODOT|sed -n 's/^\(......\).*/\1/p'`
MYSQL="${MYSQL}$(cat /dev/urandom | tr -dc '0-9a-zA-Z' | head -c 4)"
MYSQLPASS=`pwgen -cn1`
MYSQLROOTPASS=`pwgen -cn1`
USERNAME=$(echo $DOMNODOT|cut -c 1-15)
USERNAME="${USERNAME}$(cat /dev/urandom|tr -dc '0-9a-z'| head -c 6)"
DBNAME=`echo $DOMNODOT|sed 's/-//g'`

#install atomic
wget -q -O - http://www.atomicorp.com/installers/atomic | sed -e '/check_input "Enable repo/d' -e 's/query=$INPUTTEXT/query="yes"/g'|NON_INT=1 sh
sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum.repos.d/atomic.repo

if [[ "`grep "release 7" /etc/redhat-release`" =~ "release 7" ]]; then
  yum -y install https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-14.ius.centos7.noarch.rpm
  yum -y install php56u-gd php56u-cli php56u-devel php56u-fpm php56u-process php56u-soap php56u-pecl-jsonc php56u-pdo php56u php56u-mysqlnd php56u-gmp php56u-opcache php56u-pear php56u-common php56u-xmlrpc php56u-odbc php56u-mbstring php56u-ldap php56u-pecl-jsonc-devel php56u-xml php56u-pgsql php56u-intl php56u-mcrypt openldap-devel openldap-clients openldap-servers openldap openldap-servers-sql
else
  yum -y install https://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-14.ius.centos6.noarch.rpm
  yum -y install php56u-gd php56u-cli php56u-devel php56u-fpm php56u-process php56u-soap php56u-pecl-jsonc php56u-pdo php56u php56u-mysqlnd php56u-gmp php56u-opcache php56u-pear php56u-common php56u-xmlrpc php56u-odbc php56u-mbstring php56u-ldap php56u-pecl-jsonc-devel php56u-xml php56u-pgsql php56u-intl php56u-mcrypt openldap-devel openldap-clients openldap-servers openldap openldap-servers-sql
fi


# todo install epel nicer? from their epel-release rpm?
sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/epel.repo

#yum -y install php-mcrypt-5.3* --enablerepo=epel


###
# Check httpd isn't going to mess stuff up
###

service httpd stop
chkconfig httpd off

###
# Same with cherokee
###

rpm -e --nodeps cherokee

###
# misc atop vim screen install
###

yum install atop vim-enhanced screen -y
chkconfig atop on
service atop start

###
# Time to get memcached on
###
yum install memcached -y
service memcached start
chkconfig memcached on

###
# And then redis...
###
yum -y install redis
service redis start
chkconfig redis on

###
# Now for nginx
###

echo "
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=0
enabled=1
" >> /etc/yum.repos.d/nginx.repo
yum install nginx -y
chkconfig nginx on

###
# Install apc/memcache
# Also zlib-devel for memcache
###

yum install gcc make zlib-devel pcre-devel -y
# need to install memcache-beta to make sure its v3.0.6 for memcache
printf "\n" |pecl install memcache-beta
# redis module, just in case
printf "\n" |pecl install redis

echo "
extension=memcache.so
" > /etc/php.d/memcache.ini

echo "
extension=redis.so
" >> /etc/php.d/redis.ini


###
# PHP tweaks
###

sed -e "s_;date.timezone =_date.timezone = \"Europe/London\"_g" \
-e "s/memory_limit = 128M/memory_limit = 512M/" \
-e "s/max_execution_time = 30/max_execution_time = 600/" \
-e "s/session.save_handler = files/session.save_handler = memcache/" \
-e '/session.save_path = "\//c\session.save_path = "tcp:\/\/127.0.0.1:11211"'  \
-e "s/short_open_tag = Off/short_open_tag = On/"\
 /etc/php.ini  > /etc/php.ini.new && mv -f /etc/php.ini.new /etc/php.ini

#fixpath for moodle
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo = 0/g' /etc/php.ini


###
# For testing purposes, installing mysql first
###

#yum install mysql mysql-server -y
#service mysqld start

###
# Percona Swap-out
###

yum -y install http://www.percona.com/downloads/percona-release/redhat/0.1-3/percona-release-0.1-3.noarch.rpm
service mysqld stop
rpm -e --nodeps mysql mysql-server
cp -rp /var/lib/mysql /var/lib/mysql.copy
rm -rf /var/lib/mysql
yum install Percona-Server-client-56 Percona-Server-server-56 Percona-Server-shared-compat -y
service mysql start
chkconfig mysql on
mysql_upgrade
service mysql stop

###
# MySQL optimisations
###

cat /dev/null > /etc/my.cnf

echo "
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql

# Start of Base Moodle Optimisation
innodb_flush_log_at_trx_commit = 2
innodb_flush_method = O_DIRECT
innodb_file_per_table
innodb_thread_concurrency = $THREADCON
query_cache_size = 128M
query_cache_limit = 8M
thread_cache_size = 64
key_buffer_size = 512M
max_allowed_packet = 64M
table_open_cache = 512
sort_buffer_size = 4M
read_buffer_size = 4M
read_rnd_buffer_size = 2M
myisam_sort_buffer_size = 64M
max_heap_table_size = 128M
tmp_table_size = 128M
query_cache_type = 1
wait_timeout = 300
max_connections = 200
innodb_buffer_pool_size = $POOLSIZE
# End of Base Moodle Optimisation

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[client]
socket=/var/lib/mysql/mysql.sock
" >> /etc/my.cnf

service mysql start

###
# nginx shit
###

cat /dev/null > /etc/nginx/nginx.conf

echo "
user              nginx;
worker_processes  $NGINXWORKER;
error_log         /var/log/nginx/error.log;
pid               /var/run/nginx.pid;

events {
    worker_connections  1024;
    multi_accept        on;
    use                 epoll;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_tokens on;

    log_format  main  '\$remote_addr - \$remote_user [\$time_local] \"\$request \"'
                      '\$status \$body_bytes_sent \"\$http_referer\" '
                      '\"\$http_user_agent\" \"\$http_x_forwarded_for\"'
                      '[RT:\$request_time] [C:\$connection]';
    access_log  /var/log/nginx/access.log main buffer=32k flush=300;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    autoindex off;
    map \$scheme \$fastcgi_https { ## Detect when HTTPS is used
        default off;
        https on;
    }

    # Dirty fix as some Magento scripts (admin) take up-to 10 minutes!
    fastcgi_read_timeout 600;
    fastcgi_send_timeout 600;

    #big header fixes
    proxy_buffers 8 16k;
    proxy_buffer_size 32k;
    fastcgi_buffers 16 16k;
    fastcgi_buffer_size 32k;

    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 15m;
    large_client_header_buffers 2 1k;

    keepalive_timeout  60;

    gzip  on;
    gzip_comp_level 9;
    gzip_proxied any;
    gzip_types      text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
    gzip_min_length 20;

    open_file_cache          max=10000 inactive=5m;
    open_file_cache_valid    2m;
    open_file_cache_min_uses 1;
    open_file_cache_errors   on;

    # Load config files from the /etc/nginx/conf.d directory
    include /etc/nginx/conf.d/*.conf;

}
" >> /etc/nginx/nginx.conf

###
# SSL Offloading fix
###

echo "
if (\$http_x_forwarded_proto = \"https\") { ## Safety net to catch SSL-Offloading
    set \$fastcgi_https \"on\";
}
" >> /etc/nginx/ssl_offloading.inc


###
# Adding first domain
###
if [ "$SSL" = "no" ]; then
  echo "
	# Uncomment the server definition below should you wish to
	# redirect from $DOMAIN to www.$DOMAIN
	#server {
	#    listen $IP;
	#    server_name $DOMAIN;
	#    #rewrite / \$scheme://www.\$host\$request_uri permanent;
	#}

	#
	# Change this backend name (and the socket pointer)
	# as additional virtual hosts are added. This should
	# point to the spawn-fcgi wrapper running as the
	# appropriate user.
	#
	upstream $BACKEND {
	   server unix:/var/run/php-fcgi-$DOMNODOT.sock;
	}

	server {
    listen $IP:80;
    server_name $DOMAIN *.$DOMAIN;
    root /var/www/vhosts/$DOMAIN/htdocs;

    location / {
      index index.html index.php;
      try_files \$uri \$uri/ @handler;
      expires 30d;
    }

    location /app/                { deny all; }
    location /includes/           { deny all; }
    location /media/downloadable/ { deny all; }
    location /pkginfo/            { deny all; }
    location /report/config.xml   { deny all; }
    location /var/                { deny all; }

    location  /. {
      return 404;
    }

    location @handler {
      rewrite / /index.php;
    }

    location /dataroot/ {
      internal;
      alias /var/www/vhosts/$DOMAIN/moodledata/;
    }

    include \"ssl_offloading.inc\";

    location ~ [^/]\.php(/|$) {
      fastcgi_split_path_info  ^(.+\.php)(/.+)$;
      fastcgi_index            index.php;
      fastcgi_pass             $BACKEND;
      include                  fastcgi_params;
      fastcgi_param   PATH_INFO       \$fastcgi_path_info;
      fastcgi_param   SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
    }

  }
	" >> /etc/nginx/conf.d/$DOMAIN.conf
else
  echo "
  # Uncomment the server definition below should you wish to
  # redirect from $DOMAIN to www.$DOMAIN
  #server {
  #    listen $IP;
  #    server_name $DOMAIN;
  #    #rewrite / \$scheme://www.\$host\$request_uri permanent;
  #}

  #
  # Change this backend name (and the socket pointer)
  # as additional virtual hosts are added. This should
  # point to the spawn-fcgi wrapper running as the
  # appropriate user.
  #
  upstream $BACKEND {
    server unix:/var/run/php-fcgi-$DOMNODOT.sock;
  }

  server {
    listen $IP:80;
    listen $IP:443 ssl;
    server_name $DOMAIN *.$DOMAIN;
    root /var/www/vhosts/$DOMAIN/htdocs;

    ssl_certificate      /etc/nginx/ssl/$DOMAIN.crt;
    ssl_certificate_key  /etc/nginx/ssl/$DOMAIN.key;
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers          RC4-SHA:!HIGH:!ADH;

    location / {
      index index.html index.php;
      try_files \$uri \$uri/ @handler;
      expires 30d;
    }

    location /app/                { deny all; }
    location /includes/           { deny all; }
    location /media/downloadable/ { deny all; }
    location /pkginfo/            { deny all; }
    location /report/config.xml   { deny all; }
    location /var/                { deny all; }

    location  /. {
      return 404;
    }

    location @handler {
      rewrite / /index.php;
    }

    location /dataroot/ {
      internal;
      alias /var/www/vhosts/$DOMAIN/moodledata/;
    }

    include \"ssl_offloading.inc\";

    location ~ [^/]\.php(/|$) {
      fastcgi_split_path_info  ^(.+\.php)(/.+)$;
      fastcgi_index            index.php;
      fastcgi_pass             $BACKEND;
      include                  fastcgi_params;
      fastcgi_param   PATH_INFO       \$fastcgi_path_info;
      fastcgi_param   SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
    }

  }
  " >> /etc/nginx/conf.d/$DOMAIN.conf

        mkdir -p /etc/nginx/ssl

        #generate self signed for placeholder
        openssl genrsa 2048 > /etc/nginx/ssl/$DOMAIN.key
        openssl req -new -key /etc/nginx/ssl/$DOMAIN.key -x509 -days 365 -out /etc/nginx/ssl/$DOMAIN.crt -batch
fi

mkdir -p /var/www/vhosts/$DOMAIN/htdocs
useradd -d /var/www/vhosts/$DOMAIN -s /sbin/nologin $USERNAME
echo $USERPASS|passwd --stdin $USERNAME
touch /var/www/vhosts/$DOMAIN/phpfpm-slow.log
touch /var/www/vhosts/$DOMAIN/phpfpm-error.log
chown -R $USERNAME:$USERNAME /var/www/vhosts/$DOMAIN

###
# Clean up nginx
###

rm -f /etc/nginx/conf.d/default.conf
rm -f /etc/nginx/conf.d/example_ssl.conf

###
# PHP time
###

rm -f /etc/php-fpm.d/*
chkconfig php-fpm on

echo "
[$DOMNODOT]

listen = '/var/run/php-fcgi-$DOMNODOT.sock'
;listen.backlog = -1
listen.allowed_clients = 127.0.0.1
listen.owner = nginx
listen.group = nginx
;listen.mode = 0666

user = $USERNAME
group = $USERNAME

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 2000
;pm.status_path = /status

;ping.path = /ping
;ping.response = pong

;request_terminate_timeout = 0
;request_slowlog_timeout = 0
slowlog = /var/www/vhosts/$DOMAIN/phpfpm-slow.log

;rlimit_files = 1024
;rlimit_core = 0

;chroot =

;chdir = /var/www

;catch_workers_output = yes

;env[HOSTNAME] = \$HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

php_admin_value[error_log] =  /var/www/vhosts/$DOMAIN/phpfpm-error.log
php_admin_flag[log_errors] = on
" >> /etc/php-fpm.d/$DOMNODOT.conf

# Segfault fix
# Pretty sure this is incredibly irrelevant now, commenting out
#sed -i '/RETVAL=0/ i\export ZEND_DONT_UNLOAD_MODULES=1' /etc/init.d/php-fpm

###
# Create a default DB
###

echo "CREATE DATABASE $DBNAME;" | mysql
echo "GRANT ALL PRIVILEGES ON $DBNAME.* TO '$MYSQL'@'localhost' IDENTIFIED BY '$MYSQLPASS';" | mysql
echo "FLUSH PRIVILEGES;" | mysql

###
# Set the root password for the database
###

echo "SET PASSWORD FOR [email protected]'localhost' = PASSWORD('$MYSQLROOTPASS');" | mysql
echo "FLUSH PRIVILEGES;" | mysql

#Set .my.cnf for default login

touch /root/.my.cnf
cat /dev/null > /root/.my.cnf
echo "
[client]
host = localhost
user = root
password = $MYSQLROOTPASS
" > /root/.my.cnf
mysql_upgrade

###
# FTP stuff
###

yum install vsftpd -y
chkconfig vsftpd on
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/g' /etc/vsftpd/vsftpd.conf
service vsftpd start

#disable atomic
sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/atomic.repo

###
# Install Moodle
###

wget -O /tmp/moodle.tgz https://download.moodle.org/download.php/direct/stable30/moodle-latest-30.tgz
tar --strip 1 -C /var/www/vhosts/$DOMAIN/htdocs/ -xzf /tmp/moodle.tgz
mkdir /var/www/vhosts/$DOMAIN/moodledata
chmod 777 /var/www/vhosts/$DOMAIN/moodledata #Sorry. Moodle reccomended. will be a way around it, need to look into it.
chown -R $USERNAME:$USERNAME /var/www/vhosts/$DOMAIN
find /var/www/vhosts/$DOMAIN/htdocs/ -type f -exec chmod 0644 {} \;
find /var/www/vhosts/$DOMAIN/htdocs/ -type d -exec chmod 0755 {} \;
sudo -u $USERNAME /usr/bin/php /var/www/vhosts/$DOMAIN/htdocs/admin/cli/install.php --chmod=0777 --lang=en --wwwroot=https://$DOMAIN --dataroot=/var/www/vhosts/$DOMAIN/moodledata --dbname=$DBNAME --dbuser=$MYSQL --dbpass=$MYSQLPASS --fullname=$DOMAIN --shortname=$DOMAIN --summary=default --adminuser=$MOODLEUSER --adminpass=$MOODLEPASS [email protected]$DOMAIN --non-interactive --agree-license

crontab -u $USERNAME -l | { cat; echo "* * * * *    /usr/bin/php /var/www/vhosts/$DOMAIN/htdocs/admin/cli/cron.php >/dev/null"; } | crontab -u $USERNAME -

sed -i "/directoryp/a\$CFG->xsendfile = 'X-Accel-Redirect';\n\$CFG->xsendfilealiases = array(\n    '/dataroot/' => \$CFG->dataroot\n);" /var/www/vhosts/$DOMAIN/htdocs/config.php


###
# Start it all up
###

service nginx start
service php-fpm start

echo "
#  $DOMAIN now set up
#  Their username is $USERNAME
#  Their password is $USERPASS
#
#  Their database name is $DBNAME
#  Their DB username is $MYSQL
#  Their DB password is $MYSQLPASS

#  Their Moodle admin user is $MOODLEUSER
#  Their Moodle admin password is $MOODLEPASS
#
#  This file will self destruct in 24 hours.
#
#  Note: MySQL root password set to $MYSQLROOTPASS
" >> /root/finished$DOMAIN

cat /root/finished$DOMAIN
echo "rm -f /root/finished$DOMAIN" | at now + 24 hours

if [ "$SSL" = "yes" ]
    then
        echo "
        # Self signed SSL certificates generated in the following location:
        # /etc/nginx/ssl/$DOMNODOT.key
        # /etc/nginx/ssl/$DOMNODOT.crt
        # So don't forget to replace them with legit ones
        " >> /root/finished$DOMAIN
fi

#Delete self
history -c
rm -f $0