#!/bin/bash ###----------------------------------------### ### ### Barracuda Aegir Installer ### ### Copyright (C) 2010-2014 Omega8.cc ### noc@omega8.cc www.omega8.cc ### ### This program is free software. You can ### redistribute it and/or modify it under ### the terms of the GNU GPL as published by ### the Free Software Foundation, version 2 ### or later. ### ### This program is distributed in the hope ### that it will be useful, but WITHOUT ANY ### WARRANTY; without even the implied ### warranty of MERCHANTABILITY or FITNESS ### FOR A PARTICULAR PURPOSE. See the GNU GPL ### for more details. ### ### You should have received a copy of the ### GNU GPL along with this program. ### If not, see http://www.gnu.org/licenses/ ### ### Code: https://code.aegir.cc/aegir ### ###----------------------------------------### ###----------------------------------------### ### HOW-TO: run it with bash, not with sh ### ###----------------------------------------### ### ### $ bash BARRACUDA.sh.txt ### ###----------------------------------------### ### EDITME ### ###----------------------------------------### ### ### Enter your valid e-mail address below. ### _MY_EMAIL="notify@omega8.cc" ###----------------------------------------### ### EASY SETUP ### ###----------------------------------------### ### ### You can configure all options manually ### or simply use 'EASY PUBLIC SETUP MODE' for ### standard install or 'EASY LOCALHOST MODE' ### for local install. See below for details. ### ###----------------------------------------### ### EASY PUBLIC SETUP MODE ### ###----------------------------------------### ### ### Useful only during initial system setup. ### Enabled by default since BOA-2.0.3 ### ### It will skip all prompts and configure ### Barracuda with only some options/services ### enabled, as listed below: ### ### _XTRAS_LIST="CSF CHV FTP" ### _HTTP_WILDCARD=YES ### _AUTOPILOT=YES ### _DEBUG_MODE=NO ### _AEGIR_VERSION=HEAD ### _DB_SERVER=MariaDB ### _SSH_PORT=22 ### _DNS_SETUP_TEST=YES ### _THIS_DB_HOST=localhost ### _SMTP_RELAY_TEST=YES ### _MY_OWNIP=automatically-discovered ### _MY_HOSTN=$_EASY_HOSTNAME ### _MY_FRONT=master.$_EASY_HOSTNAME ### ### To disable, change this to NO below. ### _EASY_PUBLIC=YES ### ### Please enter your FQDN hostname below. ### ### It should already point to your server ### IP address with DNS wildcard configured, ### so you may need to wait for propagation ### on the Internet before it will work. ### ### See for reference: http://bit.ly/UM2nRb ### ### NOTE! You shouldn't use "mydomain.org" ### as your hostname. It should be some ### subdomain, like "server.mydomain.org" ### ### You *don't* need to configure your server ### hostname, since Barracuda will do that ### for you, automatically. ### _EASY_HOSTNAME="wildcard-enabled-hostname" ###----------------------------------------### ### ### STOP! NO NEED TO CONFIGURE ANYTHING BELOW ### IF _EASY_PUBLIC MODE HAS BEEN ENABLED. ### ###----------------------------------------### ###----------------------------------------### ### EASY LOCALHOST SETUP MODE ### ###----------------------------------------### ### ### Useful only during initial system setup. ### ### It will skip all prompts and configure ### Barracuda with only safe options/services ### enabled, as listed below: ### ### _XTRAS_LIST="CHV" ### _HTTP_WILDCARD=YES ### _AUTOPILOT=YES ### _DEBUG_MODE=NO ### _AEGIR_VERSION=HEAD ### _DB_SERVER=MariaDB ### _SSH_PORT=22 ### _DNS_SETUP_TEST=NO ### _THIS_DB_HOST=localhost ### _SMTP_RELAY_TEST=NO ### _LOCAL_NETWORK_IP="127.0.1.1" ### _LOCAL_NETWORK_HN="aegir.local" ### _MY_OWNIP="127.0.1.1" ### _MY_HOSTN="aegir.local" ### _MY_FRONT="aegir.local" ### ### Thanks to local DNS wildcard, you will be ### able to use many levels of subdomains for ### created sites, for example: ### site.aegir.local, abc.xyz.site.aegir.local ### This wildcard will rely only on the local, ### basic DNS system, without any need to use ### external DNS. ### ### To enable, change this to YES below ### and make sure that _EASY_PUBLIC option ### above is set to NO (it's YES by default). ### _EASY_LOCALHOST=NO ###----------------------------------------### ### ### STOP! NO NEED TO CONFIGURE ANYTHING BELOW ### IF EITHER _EASY_LOCALHOST OR _EASY_PUBLIC ### MODE HAS BEEN ENABLED. ### ###----------------------------------------### ###----------------------------------------### ### MANUAL INSTALL MODE ### ###----------------------------------------### ### ### You can configure all options manually ### below when both 'EASY PUBLIC SETUP MODE' ### and 'EASY LOCALHOST MODE' are *disabled* ### ###----------------------------------------### ### PHP MULTI INSTALL ### ###----------------------------------------### ### ### By default Barracuda installs only PHP 5.3 ### but this option allows you to install also ### other experimental PHP versions and then ### choose different version for PHP-FPM and ### PHP-CLI per Aegir Master and per Satellite ### Instance with variables: _PHP_FPM_VERSION ### and _PHP_CLI_VERSION. ### ### Available options: 5.5, 5.4, 5.3, 5.2 ### ### Example: _PHP_MULTI_INSTALL="5.3 5.5" ### ### Note that removing any version from this ### list once it is already installed, will ### NOT uninstall anything. ### ### Do not confuse this with other settings ### _PHP_FPM_VERSION and _PHP_CLI_VERSION, ### which are used to define version to be ### used by Master or Satellite Instance. ### _PHP_MULTI_INSTALL="5.3" ###----------------------------------------### ### PHP-FPM VERSION ### ###----------------------------------------### ### ### You can choose PHP-FPM version per Aegir ### Master and Satellite Instance - both on ### install and upgrade. ### ### Available options (if installed): ### ### _PHP_FPM_VERSION=5.5 ### _PHP_FPM_VERSION=5.4 ### _PHP_FPM_VERSION=5.3 ### _PHP_FPM_VERSION=5.2 ### ### Note that 5.3 will be set automatically ### if you specify any other, not installed ### version. ### _PHP_FPM_VERSION=5.3 ###----------------------------------------### ### PHP-CLI VERSION ### ###----------------------------------------### ### ### You can choose PHP-CLI version per Aegir ### Master and Satellite Instance - both on ### install and upgrade. ### ### Available options (if installed): ### ### _PHP_CLI_VERSION=5.5 ### _PHP_CLI_VERSION=5.4 ### _PHP_CLI_VERSION=5.3 ### _PHP_CLI_VERSION=5.2 ### ### Note that 5.3 will be set automatically ### if you specify any other, not installed ### version. ### _PHP_CLI_VERSION=5.3 ###----------------------------------------### ### XTRAS INSTALL MODE ### ###----------------------------------------### ### ### You can use wildcard "ALL" to install ### some default xtras or configure the list ### as explained below. ### ### Note: the "ALL" wildcard is not default! ### ### When combined with _AUTOPILOT=YES option ### you can speed up the process and still ### control which xtras will be installed, ### using the symbols listed below. ### ### Xtras included with "ALL" wildcard: ### ### CGP --- Collectd Graph Panel ### CHV --- Chive DB Manager ### CSF --- Firewall ### CSS --- Compass Tools ### FTP --- Pure-FTPd server with forced FTPS ### WMN --- Webmin Control Panel ### ### Xtras which need to be listed explicitly: ### ### BDD --- SQL Buddy DB Manager ### BND --- Bind9 DNS Server ### BZR --- Bazaar ### FMG --- FFmpeg support ### GIT --- Latest Git from sources ### SR1 --- Apache Solr 1 with Jetty 7 ### SR3 --- Apache Solr 3 with Jetty 8 ### SR4 --- Apache Solr 4 with Jetty 8 or 9 ### ### Examples: ### ### _XTRAS_LIST="" ### _XTRAS_LIST="ALL" ### _XTRAS_LIST="ALL GIT SR3" ### _XTRAS_LIST="CSF CGP CHV FTP" ### ### Note that removing any item from this ### list once it is already installed, will ### NOT uninstall anything. ### _XTRAS_LIST="CSF CHV FTP" ###----------------------------------------### ### NEW RELIC INSTALL ### ###----------------------------------------### ### ### Enter your New Relic license key to get ### it installed and enabled automatically. ### _NEWRELIC_KEY="" ###----------------------------------------### ### SCOUT APP INSTALL ### ###----------------------------------------### ### ### Enter your Scout App license key to get ### it installed and enabled automatically. ### _SCOUT_KEY="" ###----------------------------------------### ### HTTP LISTENING MODE ### ###----------------------------------------### ### ### With disabled wildcard mode Nginx would ### listen only on defined or discovered IP ### address, while with now default wildcard, ### it will listen on all available IPs. ### This may be useful in some environments ### like localhost install or Amazon EC2 ### with dynamic local IP and separate public ### IP not available on the local interface. ### ### Note: this option works only on initial ### install. You can't change this on upgrade ### because it could cause serious issues. ### ### To not use wildcard mode, change this to: ### ### _HTTP_WILDCARD=NO ### _HTTP_WILDCARD=YES ###----------------------------------------### ### AUTOPILOT MODE ### ###----------------------------------------### ### ### To disable all Yes/no prompts and just run ### everything as-is, change it to YES. ### ### _AUTOPILOT=YES ### _AUTOPILOT=NO ###----------------------------------------### ### UPGRADE OPTIONS ### ###----------------------------------------### ### ### Use YES to upgrade system only and skip ### Aegir Master Instance upgrade. ### _SYSTEM_UPGRADE_ONLY=NO ### ### Use YES to upgrade Aegir Master Instance ### only and skip system upgrade. ### _AEGIR_UPGRADE_ONLY=NO ### ### You can force Nginx, PHP and/or DB server ### reinstall, even if there are no updates ### available, when set to YES. ### _NGX_FORCE_REINSTALL=NO _PHP_FORCE_REINSTALL=NO _SQL_FORCE_REINSTALL=NO ### ### Use YES to force installing everything ### from sources again, even if there are ### no updates available. ### _FULL_FORCE_REINSTALL=NO ### ### Use YES to run major system upgrade ### from Debian Squeeze to Debian Wheezy. ### _SQUEEZE_TO_WHEEZY=NO ### ### Use YES to run major system upgrade ### from Debian Lenny to Debian Squeeze. ### _LENNY_TO_SQUEEZE=NO ### ### Use YES to run migration from Tomcat 6 ### to Jetty 7 with Apache Solr 1.4.1 ### _TOMCAT_TO_JETTY=NO ###----------------------------------------### ### DRUSH DEBUG MODE ### ###----------------------------------------### ### ### When set to YES it will run Aegir Master ### Instance install/upgrade with -d option, ### displaying complete Drush backend report. ### ### _DEBUG_MODE=YES ### _DEBUG_MODE=NO ###----------------------------------------### ### AEGIR BARRACUDA VERSION ### ###----------------------------------------### ### ### By default latest release version will ### be installed. Please never use HEAD (dev) ### version on any production server. ### The HEAD can be occasionally broken ### and should be used **only** for testing! ### ### _AEGIR_VERSION=HEAD ### _AEGIR_VERSION=BOA-2.2.5 ### _AEGIR_VERSION=HEAD ###----------------------------------------### ### DB SERVER ### ###----------------------------------------### ### ### Barracuda no longer supports Percona since ### 2.2.0 release. If you have used Percona ### before, Barracuda will force upgrade to ### MariaDB and PHP rebuild, automatically. ### _DB_SERVER=MariaDB ###----------------------------------------### ### DB SERIES ### ###----------------------------------------### ### ### You can choose MariaDB 5.5 or new 10.0 ### ### Note that on Ubuntu 14.04 LTS Trusty we ### force the only available 10.0 version. ### _DB_SERIES=5.5 ###----------------------------------------### ### REDIS LISTEN MODE ### ###----------------------------------------### ### ### If set to PORT (old default) Redis will ### listen on standard port and 127.0.0.1 IP. ### ### You can also change this option to SOCKET ### to improve caching backend performance. ### ### When set to any other IP address, it will ### switch ALL your Aegir Satellite Instances ### along with your Aegir Master Instance from ### local Redis server to the remote Redis ### server you have installed in your network. ### It will also permanently disable your ### local Redis server. Make sure to specify ### correct IP when using this mode and also ### modify /etc/csf/csf.conf to allow outgoing ### TCP connections via port 6379. ### _REDIS_LISTEN_MODE=PORT ###----------------------------------------### ### SSH CUSTOM PORT ### ###----------------------------------------### ### ### Change this if you want to use non-default ### port for SSH and SFTP connections. ### ### Changing the port will alter also your ### server firewall (csf) settings, both on ### install and upgrade, unless you are using ### _CUSTOM_CONFIG_CSF=YES option. ### _SSH_PORT=22 ###----------------------------------------### ### LOCAL DEBIAN OR UBUNTU MIRROR ### ###----------------------------------------### ### ### Modify this if you prefer to use some ### mirror you know is the best / the fastest ### in your server location. For example: ### ### _LOCAL_DEBIAN_MIRROR=ftp.au.debian.org ### _LOCAL_UBUNTU_MIRROR=au.archive.ubuntu.com ### ### To search for the fastest mirror around ### the globe, use empty variables: ### ### _LOCAL_DEBIAN_MIRROR="" ### _LOCAL_UBUNTU_MIRROR="" ### ### Note that searching around the globe is ### no longer enabled by default! ### ### Note also that it may hang and later cause ### broken upgrades if some tested mirror ### responds with unexpected delay instead of ### just respond or not, so it is better ### to use reliable mirrors you know, ### or leave default values. ### _LOCAL_DEBIAN_MIRROR=ftp.debian.org _LOCAL_UBUNTU_MIRROR=archive.ubuntu.com ###----------------------------------------### ### FORCE PREFERRED GIT REPOSITORY ### ###----------------------------------------### ### ### Use this when you are experiencing issues ### trying to connect to the default github ### repository. Valid options: ### ### _FORCE_GIT_MIRROR=github ### _FORCE_GIT_MIRROR=drupal ### _FORCE_GIT_MIRROR=gitorious ### ### Note: with forced mirror the script will ### not try to connect and then switch to ### alternate mirror. It will simply fail ### if the forced mirror doesn't respond. ### ### We recommend github as it is much faster, ### often 10x than drupal and gitorious. ### _FORCE_GIT_MIRROR="" ###----------------------------------------### ### DNS MANUAL CONFIG ### ###----------------------------------------### ### ### Starting with release 0.4-alpha9 Aegir ### requires proper DNS configuration ### of your server. Your hostname has to be ### FQDN and has to match your server IP. ### ### This script is trying to discover your ### DNS details and allow or deny the install, ### if something doesn't look right. ### ### This script will also use your FQDN ### hostname as a web address of your Aegir ### frontend (control panel) by default. ### ### You may want to change the automatic ### defaults by setting up your IP address, ### your FQDN hostname and your Aegir frontend ### web address below - it is recommended! ### ### It may be useful when you are using local ### environment with custom settings in your ### /etc/hosts, when you have more than one ### public IPs on eth0 and you wish to use ### non-default (first) IP address, or when ### you want to use non-hostname (sub)domain ### to access your Aegir frontend. ### ### It is also useful when you plan to use ### available in Barracuda optional installs ### of Chive, SQL Buddy and Collectd, since ### all of them will use subdomains in the ### server hostname and it will not work ### when your hostname domain DNS is not ### under your control (like many default ### hostnames and reverse DNS provided by ### VPS hosting companies). ### ### Please change *all 3 values* if you wish ### to customize this automatic setup. ### ### Example: ### ### _MY_OWNIP=192.168.0.108 ### _MY_HOSTN=server.mydomain.com ### _MY_FRONT=aegir.mydomain.com ### ### NOTE: ### ### If you will use your custom DNS settings, ### they will be still validated, therefore ### make sure your _MY_HOSTN and _MY_FRONT ### both matches your _MY_OWNIP or the script ### will fail to install Aegir (unless you ### will disable the DNS test completely ### below in _DNS_SETUP_TEST). ### _MY_OWNIP="" _MY_HOSTN="" _MY_FRONT="" ###----------------------------------------### ### DNS SETUP TEST ### ###----------------------------------------### ### ### If you don't want to test your DNS ### because of some custom local setup ### you know is correct (like DynDNS) ### but the script can't validate it with its ### standard ifconfig tests, set this to: ### ### _DNS_SETUP_TEST=NO ### ### There is no guarantee it will work. ### _DNS_SETUP_TEST=YES ###----------------------------------------### ### DATABASE CUSTOM HOST ### ###----------------------------------------### ### ### If you prefer, you can set the database ### to be connected via FQDN pointing to your ### public IP instead of default "localhost". ### ### Note: the "FQDN" is a keyword. ### Don't replace it with a real hostname. ### ### For local or Amazon based installs with ### local/dynamic IP address it is recommended ### to use default "localhost" option. ### ### Available options: ### ### _THIS_DB_HOST=localhost ### _THIS_DB_HOST=FQDN ### _THIS_DB_HOST=localhost ###----------------------------------------### ### SMTP CONNECTION TEST ### ###----------------------------------------### ### ### If you don't want to test outgoing SMTP ### connections, change _SMTP_RELAY_TEST ### value to "NO". ### _SMTP_RELAY_TEST=YES ###----------------------------------------### ### SMTP RELAY HOST - ONLY WHEN REQUIRED ### ###----------------------------------------### ### ### _SMTP_RELAY_HOST="smtp.your.relay.net" ### _SMTP_RELAY_HOST="" ###----------------------------------------### ### LOCALHOST ON LOCAL NETWORK ### ###----------------------------------------### ### ### When enabled, it will force your Nginx web ### server to listen only on local IP with ### local, non-FQDN hostname, for example: ### ### _LOCAL_NETWORK_IP=10.10.80.80 ### _LOCAL_NETWORK_HN=aegir.local ### ### In this example "aegir.local" will be used ### as your hostname and all connections and ### grants will use "aegir.local" instead of ### FQDN. Also your Aegir Master Instance ### will be available at http://aegir.local ### ### This option is useful when your server is ### available only in your local network ### without any public IP address assigned/ ### available on any eth interface. This also ### means it should work as a handy local ### setup on your wirelessly connected laptop ### or netbook, with improved DNS cache ### support - pdnsd will save results in file. ### ### In this case you could use 127.0.1.1 as ### _LOCAL_NETWORK_IP to avoid issues with ### DHCP changing your assigned IP on the fly ### and to avoid conflicts with some other ### services listening on 127.0.0.1 ### ### This option works only with initial ### install and is disabled on upgrade. ### ### When used, it will override all defined ### above _MY_OWNIP, _MY_HOSTN and _MY_FRONT ### values. ### ### It will also disable all DNS and SMTP ### relay tests automatically. ### ### Note that for non-local installs with ### private and/or dynamic IPs on servers ### behind some NAT, you should instead use ### _HTTP_WILDCARD=YES above and leave ### _LOCAL_NETWORK_IP and _LOCAL_NETWORK_HN ### empty. ### _LOCAL_NETWORK_IP="" _LOCAL_NETWORK_HN="" ###----------------------------------------### ### ADVANCED CONFIGURATION OPTIONS ### ###----------------------------------------### ### ### Change to YES if you want the running ### daily script to fix permissions on all ### files belonging to hosted sites an their ### platforms (and any shared code). ### ### Note that this feature is no longer ### enabled by default, because it may cause ### load spikes if you host many sites on ### some weak VPS with disk I/O shortages. ### _PERMISSIONS_FIX=NO ### ### Change to NO if you don't want the running ### daily script to enable/disable modules in ### all hosted sites without 'dev.' in their ### main domain name, as listed in the ### docs/MODULES.txt ### ### This options is now smart enough to check ### if the module is defined as required by any ### other module or feature and will skip such ### module automatically, to avoid disabling ### innocent modules via feature or any other ### dependency. ### ### Note that if you disable this option, you ### will automatically disable also the user ### register protection check/feature: ### https://omega8.cc/node/273 ### _MODULES_FIX=YES ### ### List modules to never disable via running ### daily script to enable/disable modules in ### all hosted sites without 'dev.' in their ### main domain name, as listed in the ### docs/MODULES.txt ### ### Requires: _MODULES_FIX=YES ### ### Example: _MODULES_SKIP="dblog update" ### ### While any module detected as required ### will not be disabled anyway, this option ### allows you to whitelist modules which ### otherwise would get disabled. ### _MODULES_SKIP="" ### ### Use YES only if both "randpass 32 esc" ### and "randpass 32 alnum" commands produce ### well looking, strong passwords and not ### some binary garbage, which is typically ### a sign of unreliable /dev/urandom. ### See: https://drupal.org/node/1952042 ### ### By default new passwords are generated ### with "pwgen -v -s -1" command. ### _STRONG_PASSWORDS=NO ### ### Extra packages to install. Useful to ### specify packages not included by default ### which could be otherwise removed because ### of some conflicts due to the aggressive ### Barracuda behaviour: apt-get autoremove -y ### _EXTRA_PACKAGES="" ### ### Use YES to avoid overwriting configuration ### for listed services on upgrade. ### _CUSTOM_CONFIG_CSF=NO _CUSTOM_CONFIG_LSHELL=NO _CUSTOM_CONFIG_PHP52=NO _CUSTOM_CONFIG_PHP53=NO _CUSTOM_CONFIG_PHP54=NO _CUSTOM_CONFIG_PHP55=NO _CUSTOM_CONFIG_REDIS=NO _CUSTOM_CONFIG_SQL=NO ### ### You can define custom list of functions ### to disable besides those already denied ### in the system level 'disable_functions'. ### ### Note: If this option is left empty, BOA ### will deny access also to function: ### ### passthru ### ### If _PHP_FPM_DENY is *not* empty, its value ### will *replace* default 'passthru', so any ### denied function must be listed explicitly. ### ### WARNING! Do not add here 'shell_exec' ### or you will break cron for all sites ### including all hosted on all Satellite ### Instances. The 'shell_exec' function is ### also required by Collectd Graph Panel, ### if installed. ### ### This option affects only Aegir Master ### Instance plus all scripts running outside ### of Octopus Satellite Instances. ### ### Example: ### ### _PHP_FPM_DENY="passthru,popen,system" ### ### Note that while it will improve security ### it will also break modules which rely ### on any of disabled functions. ### _PHP_FPM_DENY="" ### ### We highly recommend to enable this option ### to improve system security when certain ### PHP functions, especially: exec, passthru, ### shell_exec,system,proc_open,popen are not ### disabled via option _PHP_FPM_DENY above. ### ### WARNING! This option is very aggressive ### and can break any extra service or binary ### you have installed which BOA doesn't ### manage and the binary has system group ### set to 'root'. BOA will not touch any ### binary which has non-root group or has ### setgid or setuid permissions. ### _STRICT_BIN_PERMISSIONS=YES ### ### Define the amount of RAM you want to keep ### reserved for other services installed which ### are not controlled by BOA, so it will ### assume that available RAM is the value of ### $_RAM - $_RESERVED_RAM (in MB). ### ### Example for 256MB: _RESERVED_RAM=256 ### _RESERVED_RAM=0 ### ### CiviCRM 4.2 and newer requires more SQL ### privileges (the SUPER which can't be added ### for obvious security reasons) or binary ### logging disabled. Otherwise almost all ### Aegir tasks against any site with CiviCRM ### system active will fail, so we disable ### binary logging by default. It will also ### improve system performance on servers ### with slower/lower disks I/O. ### ### You can still enable it, if you prefer, ### by changing it to _DB_BINARY_LOG=YES ### below or in the /root/.barracuda.cnf file, ### but you must first stop mysql service ### and delete or move away all existing files ### from the /var/log/mysql/ directory, so it ### will start fresh logs after it has been ### disabled during previous system upgrade. ### ### Note: this option is ignored if the option ### _CUSTOM_CONFIG_SQL is set to YES. ### _DB_BINARY_LOG=NO ### ### BOA already outsources most of cache* ### tables to Redis, disables accesslog and ### dblog by default, so for many typical ### Drupal sites MyISAM will provide better ### speed and much lower memory usage - ### typically only 1/3 of memory and binary ### space used by InnoDB. ### ### However, MyISAM can't recover itself ### on the fly like InnoDB, and if it will ### crash, it will have to wait for the ### self-healing monitor to detect the crash ### and run auto-repair. ### ### Note that Drupal 7 forces InnoDB. ### ### You can easily convert any site to-MyISAM ### or to-InnoDB with `sqlmagic` tool. ### ### Note: this option is ignored if the option ### _CUSTOM_CONFIG_SQL is set to YES. ### _DB_ENGINE=InnoDB ### ### Allows to change InnoDB log file size, ### which requires special procedure. ### ### Accepted value must be an integer between ### 10 and 500 (in megabytes). ### ### Note: if _CUSTOM_CONFIG_SQL is set to YES, ### this option will be ignored. ### ### Example: _INNODB_LOG_FILE_SIZE=50 ### _INNODB_LOG_FILE_SIZE=AUTO ### ### Set max 1 min load per CPU core before blocking ### spiders temporarily, until the load stabilizes. ### _CPU_SPIDER_RATIO=3 ### ### Set max 1 min load per CPU core before disabling ### Nginx temporarily, until the load stabilizes. ### _CPU_MAX_RATIO=6 ### ### Set max 1 min load per CPU core before killing ### all running PHP, Drush, Wget and Curl processes ### until the load stabilizes. ### ### This shouldn't affect any innocent Aegir tasks, ### including cron for sites, because the system ### never starts them anyway, if the average load ### in the last minute is higher than 3.5 ### _CPU_CRIT_RATIO=9 ### ### Set max allowed page views from one IP ### out of last 500. Note that it will lock ### the access completely for 1 hour on the ### firewall level in /etc/csf/csf.deny ### _NGINX_DOS_LIMIT=300 ### ### Experimental LDAP support is available ### via third-party Nginx module. To enable ### change this option to _NGINX_LDAP=YES ### below or in the /root/.barracuda.cnf file. ### _NGINX_LDAP=NO ### ### NAXSI means Nginx Anti XSS & SQL Injection ### and is a third-party Nginx module not used ### by default. If you want to test / use it, ### change this option to _NGINX_NAXSI=YES ### below or in the /root/.barracuda.cnf file. ### _NGINX_NAXSI=NO ### ### When set to YES, it will also force ### OpenSSL ans cURL re-install from sources ### on systems other than Debian Wheezy, ### which already comes with required ### OpenSSL 1.0.1+ by default. ### _NGINX_SPDY=NO ### ### When set to YES, it will also force ### OpenSSL ans cURL re-install from sources ### on systems other than Debian Wheezy, ### which already comes with required ### OpenSSL 1.0.1+ by default. ### _NGINX_FORWARD_SECRECY=NO ### ### Use this only when you need to always ### compile in some extra/custom module(s). ### _NGINX_EXTRA_CONF="" ### ### Use this only when you need to always ### compile in some extra PHP extension. ### _PHP_EXTRA_CONF="" ### ### Change to YES to always compile in ### MongoDB driver. Works for PHP 5.3 only. ### _PHP_MONGODB=NO ### ### Change to YES to always compile in ### GEOS extension. Works for PHP 5.3 only. ### Warning: experimental only! See issue: ### https://drupal.org/node/1913488 ### _PHP_GEOS=NO ### ### When set to YES, it will force ### OpenSSL, OpenSSH and cURL re-install ### from sources. ### ### Debian Wheezy already comes with latest ### OpenSSL 1.0.1+ by default, so this option ### will be ignored on this system. ### _SSL_FROM_SOURCES=NO ### ### When set to YES it will force OpenSSH ### re-install from sources. Do NOT use ### if you don't have a serial console ### access to the machine or VPS! ### _SSH_FROM_SOURCES=NO ### ### AUTO will default to values calculated ### on the fly and based on available RAM. ### You can force workers number for Nginx ### and PHP-FPM here. ### _NGINX_WORKERS=AUTO _PHP_FPM_WORKERS=AUTO ### ### Max default TTL for Speed Booster Cache. ### It will affect all Aegir Instances, but ### it is used only for spiders and with not ### enabled by default control file per site ### or per platform modules/cache_hour/YES.txt ### _SPEED_VALID_MAX=3600 ###----------------------------------------### ### STOCK AEGIR TESTING ### ###----------------------------------------### ### ### Change to YES to try Stock Aegir 2.x with ### Drush 5.x - without any BOA specific ### modifications or improvements. This option ### is enabled on command line when you type ### "stock" instead of "mini", "max" or "ask". ### _USE_STOCK=NO ###----------------------------------------### ### DON'T EDIT ANYTHING BELOW THIS LINE ### ###----------------------------------------### _INSTALLER_VERSION=BOA-2.2.6-dev ### ### Software versions ### _BZR_VERSION=2.6.0 _CGP_VERSION=master-30-03-2014 _CHIVE_VERSION=1.3 _CURL_VERSION=7.37.0 _DRUSH_VERSION=mini-4-14-03-2014 _DRUSH6_VERSION=mini-6-31-05-2014 _DRUSH7_VERSION=head-7-10-03-2014 _GEOS_VERSION=3.4.2 _GIT_VERSION=1.9.1 _IMAGICK_VERSION=3.1.2 _IONCUBE_VERSION=4.5.3 _JETTY_7_VERSION=7.6.14.v20131031 _JETTY_8_VERSION=8.1.14.v20131031 _JETTY_9_VERSION=9.1.3.v20140225 _LSHELL_VERSION=0.9.16.5-om8 _MAILPARSE_VERSION=2.1.6 _MARIADB_10_VERSION=10.0.11 _MARIADB_5_VERSION=5.5.38 _MONGO_VERSION=1.4.5 _MSS_VERSION=1.33 _NGINX_VERSION=1.7.1 _OPENSSH_VERSION=6.6p1 _OPENSSL_VERSION=1.0.1h _PERCONA_VERSION=5.5.36 _PHP52_API=20060613 _PHP52_VERSION=5.2.17 _PHP53_API=20090626 _PHP53_VERSION=5.3.28 _PHP54_API=20100525 _PHP54_VERSION=5.4.29 _PHP55_API=20121212 _PHP55_VERSION=5.5.13 _PHPREDIS_VERSION=master-22-03-2014 _PURE_FTPD_VERSION=1.0.36 _REDIS_VERSION=2.8.10 _RUBY_VERSION=2.1.2 _SOLR_1_VERSION=1.4.1 _SOLR_3_VERSION=3.6.2 _SOLR_4_VERSION=4.2.0 _UPLOADPROGRESS_VERSION=1.0.3.1 _VNSTAT_VERSION=1.11 _ZEND_OPCACHE_VERSION=master-28-05-2014 _ZLIB_VERSION=1.2.8 if [ "$_USE_STOCK" = "YES" ] ; then _DRUSH_VERSION="$_DRUSH6_VERSION" fi ### ### Variables ### _CUSTOM_NAME=nginx _FORCE_REDIS_RESTART=NO _LOC_REL_VERSION="" _NOW=`date +%y%m%d-%H%M` _PURGE_ALL_THISHTIP=NO _PURGE_MODE=ON _SPINNER=YES PATH=/usr/local/bin:/usr/local/sbin:/opt/local/bin:/usr/bin:/usr/sbin:/bin:/sbin SHELL=/bin/bash if [ -n "${STY+x}" ]; then _SPINNER=NO fi ###---### Avoid too many questions # export DEBIAN_FRONTEND=noninteractive if [ -z "${TERM+x}" ]; then export TERM=vt100 fi # ###---### Functions # # Noticeable messages. msg () { echo "Barracuda [`date`] ==> $*" } # Simple prompt. prompt_yes_no () { if [ "$_AUTOPILOT" = "YES" ] ; then return 0 else while true ; do printf "$* [Y/n] " read answer if [ -z "$answer" ] ; then return 0 fi case $answer in [Yy]|[Yy][Ee][Ss]) return 0 ;; [Nn]|[Nn][Oo]) return 1 ;; *) echo "Please answer yes or no" ;; esac done fi } # # Prompt to confirm choice. prompt_confirm_choice () { read -p "$1 [$2]:" _CONFIRMED_ANSWER if [ -z "$_CONFIRMED_ANSWER" ] ; then _CONFIRMED_ANSWER=$2 fi } # # Stop on error. # set -e ### disable this for debugging # # Success msg. success () { msg "$1 Succeeded" } # # Error msg. fatal () { echo " " msg "Fatal Error Occurred: $1" msg "Cannot continue installation" exit 1 } # # Not supported OS. not_supported_os () { msg "== FATAL ERROR ==" msg "Invalid install script or OS used" msg "It is not any supported Debian or Ubuntu version" msg "You need Debian - Squeeze (recommended) or Wheezy" msg "or Ubuntu - Precise or Lucid" exit 1 } # # Perform an action, log it, and run the spinner throughout. runner () { CMD="$1" touch busy if [ "$_SPINNER" = "YES" ] ; then bash $_SRCDIR/spinner busy & fi if $CMD >> $_LOG; then rm busy sleep 1 success "$CMD:" return 0 else rm busy sleep 1 echo "$CMD failed. Error (if any): $?" echo " " echo "Displaying the last 15 lines of $_LOG to help troubleshoot this problem" echo "If you see any error with advice to run 'dpkg --configure -a', run this" echo "command first and choose default answer, then run this installer again" echo " " tail -15 $_LOG return 1 fi } # # Small spinner. mrun () { CMD="$1" touch busy if [ "$_SPINNER" = "YES" ] ; then bash $_SRCDIR/spinner busy & fi if $CMD >> $_LOG; then rm busy sleep 1 return 0 fi } # # Silent runner. st_runner () { CMD="$1" touch busy if [ "$_SPINNER" = "YES" ] ; then bash $_SRCDIR/spinner busy & fi if $CMD >> $_LOG; then rm busy sleep 1 return 0 else rm busy sleep 1 echo "$CMD failed. Error (if any): $?" echo " " echo "Displaying the last 15 lines of $_LOG to help troubleshoot this problem" echo "If you see any error with advice to run 'dpkg --configure -a', run this" echo "command first and choose default answer, then run this installer again" echo " " tail -15 $_LOG return 1 fi } # # Remove dangerous stuff from the string. sanitize_string () { echo "$1" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@\&\|\*]//g; s/\(['"'"'\]\)//g' } # # Find correct IP. find_correct_ip () { _LOC_IP=`echo $(getent ahostsv4 $_LOC_DOM) | cut -d: -f2 | awk '{ print $1}'` } # # Extract archive. extract_archive () { if [ ! -z $1 ] ; then case $1 in *.tar.bz2) tar xjf $1 ;; *.tar.gz) tar xzf $1 ;; *.bz2) bunzip2 $1 ;; *.rar) unrar x $1 ;; *.gz) gunzip -q $1 ;; *.tar) tar xf $1 ;; *.tbz2) tar xjf $1 ;; *.tgz) tar xzf $1 ;; *.zip) unzip -qq $1 ;; *.Z) uncompress $1 ;; *.7z) 7z x $1 ;; *) echo "'$1' cannot be extracted via >extract<" ;; esac rm -f $1 fi } # # Download and extract archive from dev mirror. get_dev_arch () { if [ ! -z $1 ] ; then curl -L --max-redirs 10 -k -s -O --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/dev/$1" extract_archive "$1" fi } # # Download and extract from dev/version mirror. get_dev_ext () { if [ ! -z $1 ] ; then curl -L --max-redirs 10 -k -s -O --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/dev/$_AEGIR_VERSION/$1" extract_archive "$1" fi } # # Download and extract from dev/contrib mirror. get_dev_contrib () { if [ ! -z $1 ] ; then curl -L --max-redirs 10 -k -s -O --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/dev/contrib/$1" extract_archive "$1" fi } # # Download and extract archive from dev/src mirror. get_dev_src () { if [ ! -z $1 ] ; then curl -L --max-redirs 10 -k -s -O --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/dev/src/$1" extract_archive "$1" fi } # # Check repo status. check_git_repos_status () { _GITHUB_WORKS=NO _DRUPAL_WORKS=NO _GITORIOUS_WORKS=NO if [ "$_FORCE_GIT_MIRROR" = "github" ] ; then msg "INFO: We will use forced GitHub repository without testing connection" _GITHUB_WORKS=YES _DRUPAL_WORKS=NO _GITORIOUS_WORKS=NO sleep 1 elif [ "$_FORCE_GIT_MIRROR" = "drupal" ] ; then msg "INFO: We will use forced Drupal mirror without testing connection" _GITHUB_WORKS=NO _DRUPAL_WORKS=YES _GITORIOUS_WORKS=NO sleep 1 elif [ "$_FORCE_GIT_MIRROR" = "gitorious" ] ; then msg "INFO: We will use forced Gitorious mirror without testing connection" _GITHUB_WORKS=NO _DRUPAL_WORKS=NO _GITORIOUS_WORKS=YES sleep 1 else msg "INFO: Testing repository mirror servers availability..." sleep 1 _GITHUB_WORKS=YES _DRUPAL_WORKS=YES _GITORIOUS_WORKS=YES if ! netcat -w 8 -z github.com 9418 ; then _GITHUB_WORKS=NO msg "WARN: The GitHub master repository server doesn't respond..." elif ! netcat -w 8 -z git.drupal.org 80 ; then _DRUPAL_WORKS=NO msg "WARN: The Drupal mirror repository server doesn't respond..." elif ! netcat -w 8 -z code.aegir.cc 9418 ; then _GITORIOUS_WORKS=NO msg "WARN: The Gitorious mirror repository server doesn't respond..." fi fi if [ "$_GITHUB_WORKS" = "YES" ] ; then _BOA_REPO_NAME="boa" _BOA_REPO_GIT_URL="git://github.com/omega8cc" msg "INFO: GitHub master repository will be used" elif [ "$_DRUPAL_WORKS" = "YES" ] ; then _BOA_REPO_NAME="barracuda" _BOA_REPO_GIT_URL="http://git.drupal.org/project" msg "INFO: Drupal mirror repository will be used" elif [ "$_GITORIOUS_WORKS" = "YES" ] ; then _BOA_REPO_NAME="barracuda-octopus" _BOA_REPO_GIT_URL="git://code.aegir.cc/aegir" msg "INFO: Gitorious mirror repository will be used" else cat < /dev/null fi fi } # # Fix php.ini files to add mailparse.so fix_php_ini_mailparse () { if [ -e "$_THIS_FILE" ] ; then _MAILPARSE_INI_TEST=$(grep "extension=mailparse.so" $_THIS_FILE) if [[ "$_MAILPARSE_INI_TEST" =~ "extension=mailparse.so" ]] ; then _DO_NOTHING=YES else echo "extension=mailparse.so" >> $_THIS_FILE fi fi } # # Fix php.ini files to add jsmin.so fix_php_ini_jsmin () { if [ -e "$_THIS_FILE" ] ; then _JSMIN_INI_TEST=$(grep "extension=jsmin.so" $_THIS_FILE) if [[ "$_JSMIN_INI_TEST" =~ "extension=jsmin.so" ]] ; then _DO_NOTHING=YES else echo "extension=jsmin.so" >> $_THIS_FILE fi fi } # # Fix php.ini files to add redis.so fix_php_ini_redis () { if [ -e "$_THIS_FILE" ] ; then _REDIS_INI_TEST=$(grep "extension=redis.so" $_THIS_FILE) if [[ "$_REDIS_INI_TEST" =~ "extension=redis.so" ]] ; then _DO_NOTHING=YES else echo "extension=redis.so" >> $_THIS_FILE fi fi } # # Forced Redis password update. forced_redis_password_update () { msg "INFO: Generating random password for Redis server" touch /root/.redis.pass.txt chmod 0600 /root/.redis.pass.txt &> /dev/null _ESC_RPASS="" _LEN_RPASS=0 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then _ESC_RPASS=$(randpass 32 alnum) _ESC_RPASS=`echo -n $_ESC_RPASS | tr -d "\n"` _LEN_RPASS=$(echo ${#_ESC_RPASS}) fi if [ -z "$_ESC_RPASS" ] || [ $_LEN_RPASS -lt 19 ] ; then _ESC_RPASS=`pwgen -v -s -1` _ESC_RPASS=`echo -n $_ESC_RPASS | tr -d "\n"` _ESC_RPASS=`sanitize_string "$_ESC_RPASS"` fi echo "$_ESC_RPASS" > /root/.redis.pass.txt touch /var/xdrago/log/sec-redis-pass-$_INSTALLER_VERSION-$_NOW-new-a.log _FORCE_REDIS_RESTART=YES sed -i "s/^# requirepass /requirepass /g" /etc/redis/redis.conf &> /dev/null sed -i "s/^requirepass.*/requirepass $_ESC_RPASS/g" /etc/redis/redis.conf &> /dev/null chown redis:redis /etc/redis/redis.conf chmod 0600 /etc/redis/redis.conf } # # Fix Redis mode. fix_redis_mode () { mkdir -p /var/run/redis chown redis:redis /var/run/redis if [ "$_CUSTOM_CONFIG_REDIS" = "NO" ] || [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then _REDIS_LISTEN_MODE=SOCKET fi if [ "$_REDIS_LISTEN_MODE" = "SOCKET" ] ; then sed -i "s/redis_client_host/redis_client_socket/g" /data/conf/global.inc &> /dev/null sed -i "s/ = '127.0.0.1';/= '\/var\/run\/redis\/redis.sock';/g" /data/conf/global.inc &> /dev/null sed -i "s/^port 0/port 6379/g" /etc/redis/redis.conf &> /dev/null sed -i "s/^# bind 127.0.0.1/bind 127.0.0.1/g" /etc/redis/redis.conf &> /dev/null sed -i "s/^# unixsocket/unixsocket/g" /etc/redis/redis.conf &> /dev/null elif [ "$_REDIS_LISTEN_MODE" = "PORT" ] || [ "$_REDIS_LISTEN_MODE" = "127.0.0.1" ] ; then _DO_NOTHING=YES else _REDIS_LISTEN_MODE=${_REDIS_LISTEN_MODE//[^0-9.]/} if [ ! -z "$_REDIS_LISTEN_MODE" ] ; then if [[ "$_REDIS_LISTEN_MODE" =~ "192.168." ]] || [[ "$_REDIS_LISTEN_MODE" =~ "172.16." ]] || [[ "$_REDIS_LISTEN_MODE" =~ "127.0." ]] ; then sed -i "s/^bind 127.0.0.1/bind $_REDIS_LISTEN_MODE/g" /etc/redis/redis.conf &> /dev/null sed -i "s/'127.0.0.1'/'$_REDIS_LISTEN_MODE'/g" /data/conf/global.inc &> /dev/null else sed -i "s/'127.0.0.1'/'$_REDIS_LISTEN_MODE'/g" /data/conf/global.inc &> /dev/null service redis-server stop &> /dev/null update-rc.d -f redis-server remove &> /dev/null service redis stop &> /dev/null update-rc.d -f redis remove &> /dev/null mv -f /etc/init.d/redis /etc/init.d/redis-off &> /dev/null mv -f /etc/init.d/redis-server /etc/init.d/redis-server-off &> /dev/null killall -9 redis-server &> /dev/null rm -f /var/run/redis/redis.pid rm -f /var/xdrago/memcache.sh* &> /dev/null killall -9 memcached &> /dev/null msg "INFO: Remote Redis IP set to $_REDIS_LISTEN_MODE with local instance disabled" fi fi fi fi } # # Set or update Redis password. update_redis_password () { if [ -e "/etc/redis/redis.conf" ] ; then if [ ! -e "/var/xdrago/log/sec-redis-pass-$_INSTALLER_VERSION-$_NOW-new-a.log" ] ; then if [ ! -e "/root/.redis.no.new.password.cnf" ] || [ ! -e "/root/.redis.pass.txt" ] ; then forced_redis_password_update fi fi fi if [ -e "/root/.redis.pass.txt" ] && [ -e "/etc/redis/redis.conf" ] ; then if [ -z "$_ESC_RPASS" ] ; then RPASS=`cat /root/.redis.pass.txt` RPASS=`echo -n $RPASS | tr -d "\n"` else RPASS="$_ESC_RPASS" fi _REDIS_PWD_TEST=`grep "'$RPASS'" /data/conf/global.inc 2>&1` if [[ "$_REDIS_PWD_TEST" =~ "'$RPASS'" ]] ; then _DO_NOTHING=YES else if [ ! -z "$RPASS" ] ; then mkdir -p /data/conf cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc /data/conf/global.inc sed -i "s/isfoobared/$RPASS/g" /data/conf/global.inc &> /dev/null fi fi if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then ln -sf /data/conf/global.inc /var/aegir/config/includes/global.inc fi fix_redis_mode fi } # # Install Redis from sources. install_redis_src () { msg "INFO: Installing Redis update for $_THIS_OS/$_THIS_RV..." if [ ! -e "/var/lib/redis" ] ; then st_runner "adduser --system --group redis" 2> /dev/null fi cd /var/opt rm -f -r redis* get_dev_src "redis-$_REDIS_VERSION.tar.gz" if [ -e "/var/lib/redis" ] ; then mrun "service redis-server stop" &> /dev/null killall -9 redis-server &> /dev/null fi rm -f /usr/local/bin/redis* rm -f /usr/bin/redis* cd redis-$_REDIS_VERSION st_runner "make --quiet" 2> /dev/null st_runner "make --quiet PREFIX=/usr install" 2> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/redis-server /etc/init.d/redis-server chmod 755 /etc/init.d/redis-server &> /dev/null st_runner "update-rc.d redis-server defaults" &> /dev/null mkdir -p /var/run/redis chown redis:redis /var/run/redis mkdir -p /var/log/redis chown redis:redis /var/log/redis mkdir -p /var/lib/redis chown redis:redis /var/lib/redis rm -f /var/lib/redis/* mkdir -p /etc/redis if [ -e "/etc/redis/redis.conf" ] && [ "$_STATUS" = "UPGRADE" ] ; then if [ "$_CUSTOM_CONFIG_REDIS" = "NO" ] || [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [ "$_REDIS_INSTALL_MISMATCH" = "YES" ] || [ ! -e "/var/xdrago/log/redis-$_REDIS_VERSION-$_INSTALLER_VERSION-one.log" ] ; then cp -af /etc/redis/redis.conf /etc/redis/redis.conf-pre-$_INSTALLER_VERSION-$_NOW cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/redis.conf /etc/redis/redis.conf fi fi else if [ ! -e "/etc/redis/redis.conf" ] || [ "$_REDIS_INSTALL_MISMATCH" = "YES" ] || [ ! -e "/var/xdrago/log/redis-$_REDIS_VERSION-$_INSTALLER_VERSION-one.log" ] ; then if [ -e "/etc/redis/redis.conf" ] ; then cp -af /etc/redis/redis.conf /etc/redis/redis.conf-pre-$_INSTALLER_VERSION-$_NOW fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/redis.conf /etc/redis/redis.conf fi fi update_redis_password touch /var/xdrago/log/redis-$_REDIS_VERSION-$_INSTALLER_VERSION-one.log } # # Set xterm. set_xterm () { _XTERM_TEST=$(grep $_INSTALLER_VERSION /root/.bashrc) if [[ "$_XTERM_TEST" =~ "$_INSTALLER_VERSION" ]] ; then sed -i "s/^export TERM=.*/export TERM=xterm-color/g" /root/.bashrc &> /dev/null fi } # # Kill nash-hotplug. kill_nash () { _L_VM_TEST=`uname -a 2>&1` if [[ "$_L_VM_TEST" =~ beng ]] ; then _DO_NOTHING=YES else _NASH_TEST=$(grep nash-hotplug /etc/rc.local) if [[ "$_NASH_TEST" =~ "nash-hotplug" ]] ; then _DO_NOTHING=YES else cp -af /etc/rc.local /etc/rc.local.bak.$_NOW sed -i "s/exit 0//g" /etc/rc.local &> /dev/null echo "killall -9 nash-hotplug" >> /etc/rc.local echo "exit 0" >> /etc/rc.local killall -9 nash-hotplug &> /dev/null fi fi } # # Fix FTPS PAM where required. fix_ftps_pam () { if [ ! -e "/etc/ftpusers" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/ftpusers /etc/ftpusers fi if [ "$_REL_VERSION" = "lenny" ] ; then _DO_NOTHING=YES else sed -i "s/pam_stack.so/pam_unix.so/g" /etc/pam.d/pure-ftpd &> /dev/null sed -i "s/ service=system-auth//g" /etc/pam.d/pure-ftpd &> /dev/null fi } # # Fix FTPS and SFTP access on modern systems. fix_sftp_ftps_modern () { if [ "$_REL_VERSION" != "lenny" ] ; then _LSHELL_PATH_TEST=$(grep "/usr/bin/lshell" /etc/shells) if [[ "$_LSHELL_PATH_TEST" =~ "/usr/bin/lshell" ]] ; then _DO_NOTHING=YES else echo "/usr/bin/lshell" >> /etc/shells ### we don't need this replace, so it is here just for reference: ### sed -i "s/usr\/bin\/lshell/usr\/local\/bin\/lshell/g" /etc/passwd &> /dev/null fi fi if [ ! -e "/var/xdrago/log/mss-build-$_MSS_VERSION-$_INSTALLER_VERSION.log" ] || [ ! -e "/etc/ssh/sftp_config" ] || [ ! -e "/usr/bin/MySecureShell" ] || [ "$_SSL_INSTALL_REQUIRED" = "YES" ] ; then msg "INFO: Installing MySecureShell $_MSS_VERSION..." cd /var/opt rm -f -r mysecureshell* get_dev_src "mysecureshell-$_MSS_VERSION.tar.gz" cd /var/opt/mysecureshell-$_MSS_VERSION st_runner "sh ./configure" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "sh ./install.sh yesall" 2> /dev/null echo "mss-$_MSS_VERSION $_NOW" > /var/xdrago/log/mss-build-$_MSS_VERSION-$_INSTALLER_VERSION.log cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/sftp_config /etc/ssh/sftp_config mrun "service ssh restart" &> /dev/null fi if [ -e "/usr/bin/MySecureShell" ] && [ -e "/etc/ssh/sftp_config" ] ; then _MSS_TEST=$(grep "lshell" /etc/passwd) if [[ "$_MSS_TEST" =~ "lshell" ]] ; then sed -i "s/usr\/.*\/lshell/usr\/bin\/MySecureShell/g" /etc/passwd &> /dev/null fi fi _MSS_PATH_TEST=$(grep "/usr/bin/MySecureShell" /etc/shells) if [[ "$_MSS_PATH_TEST" =~ "/usr/bin/MySecureShell" ]] ; then _DO_NOTHING=YES else echo "/usr/bin/MySecureShell" >> /etc/shells fi if [ ! -e "/var/xdrago/log/fixed-sftp-idle.log" ] ; then sed -i "s/IdleTimeOut.*/IdleTimeOut 15m/g" /etc/ssh/sftp_config &> /dev/null mrun "service ssh reload" &> /dev/null echo fixed-sftp-idle > /var/xdrago/log/fixed-sftp-idle.log fi } # # Disable Old Purge Cruft Machine. disable_old_purge_cruft_machine () { if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] || [ -e "/root/.host8.cnf" ] ; then sed -i "s/.*purge_cruft.*//g" /etc/crontab &> /dev/null sed -i "/^$/d" /etc/crontab &> /dev/null fi } # # Enable Weekly Usage Monitor (Monday). enable_weekly_usage_monitor () { if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then sed -i "s/.*weekly.sh.*//g" /etc/crontab &> /dev/null sed -i "/^$/d" /etc/crontab &> /dev/null echo "28 6 * * 7 root bash /var/xdrago/weekly.sh >/dev/null 2>&1" >> /etc/crontab fi } # # Fix php.ini file to add newrelic.ini fix_php_ini_newrelic () { _NR_TPL="/opt/tmp/$_BOA_REPO_NAME/aegir/conf/newrelic.ini" if [ -e "$_THIS_FILE" ] ; then _NEWRELIC_INI_TEST_A=$(grep "extension=newrelic.so" $_THIS_FILE) if [[ "$_NEWRELIC_INI_TEST_A" =~ "extension=newrelic.so" ]] ; then _DO_NOTHING=YES else cat $_NR_TPL >> $_THIS_FILE fi _NEWRELIC_INI_TEST_B=$(grep "newrelic.framework.drupal.modules" $_THIS_FILE) if [[ "$_NEWRELIC_INI_TEST_B" =~ "newrelic.framework.drupal.modules" ]] ; then _DO_NOTHING=YES else echo "newrelic.framework.drupal.modules = 1" >> $_THIS_FILE fi sed -i "s/REPLACE_WITH_REAL_KEY/$_NEWRELIC_KEY/g" $_THIS_FILE &> /dev/null sed -i "s/license_key=//g" $_THIS_FILE &> /dev/null fi } # # Fix all php.ini files to add newrelic.ini fix_php_ini_newrelic_all () { if [ -e "/etc/newrelic/newrelic.cfg" ] ; then if [ -z "$_NEWRELIC_KEY" ] ; then _NEWRELIC_KEY=`grep license_key /etc/newrelic/newrelic.cfg` _NEWRELIC_KEY=`echo -n $_NEWRELIC_KEY | tr -d "\n"` fi _THIS_FILE=/opt/php52/etc/php52.ini fix_php_ini_newrelic _THIS_FILE=/opt/php52/lib/php.ini fix_php_ini_newrelic _THIS_FILE=/opt/php53/etc/php53.ini fix_php_ini_newrelic _THIS_FILE=/opt/php53/lib/php.ini fix_php_ini_newrelic _THIS_FILE=/opt/php54/etc/php54.ini fix_php_ini_newrelic _THIS_FILE=/opt/php54/lib/php.ini fix_php_ini_newrelic _THIS_FILE=/opt/php55/etc/php55.ini fix_php_ini_newrelic _THIS_FILE=/opt/php55/lib/php.ini fix_php_ini_newrelic fi } # # Fix FMP php.ini file to add opcache.so fix_php_ini_opcache () { if [ -e "$_THIS_FILE" ] ; then if [ "$1" = "55" ] ; then if [[ "$_ZEND_OPCACHE_VERSION" =~ "master" ]] ; then _OPCACHE_SRC=YES else _OPCACHE_SRC=NO fi fi _OPCACHE_INI_TEST=$(grep "opcache.so" $_THIS_FILE) if [[ "$_OPCACHE_INI_TEST" =~ "opcache.so" ]] ; then _DO_NOTHING=YES else echo ";" >> $_THIS_FILE echo "; Zend OPcache" >> $_THIS_FILE if [ "$1" = "55" ] && [ "$_OPCACHE_SRC" = "NO" ] ; then echo "extension=opcache.so" >> $_THIS_FILE else echo "zend_extension=\"$_OPCACHE_SO\"" >> $_THIS_FILE fi echo "opcache.enable=1" >> $_THIS_FILE echo "opcache.memory_consumption=181" >> $_THIS_FILE echo "opcache.interned_strings_buffer=8" >> $_THIS_FILE echo "opcache.max_accelerated_files=64000" >> $_THIS_FILE echo "opcache.revalidate_freq=60" >> $_THIS_FILE echo "opcache.enable_file_override=1" >> $_THIS_FILE echo "opcache.inherited_hack=1" >> $_THIS_FILE echo "opcache.dups_fix=1" >> $_THIS_FILE echo "opcache.log_verbosity_level=0" >> $_THIS_FILE echo "opcache.fast_shutdown=1" >> $_THIS_FILE echo ";" >> $_THIS_FILE fi fi } # # Fix all FMP php.ini files to add Zend OPcache fix_php_ini_opcache_all () { _THIS_FILE=/opt/php52/etc/php52.ini _OPCACHE_SO="/opt/php52/lib/php/extensions/no-debug-non-zts-$_PHP52_API/opcache.so" fix_php_ini_opcache "52" _THIS_FILE=/opt/php53/etc/php53.ini _OPCACHE_SO="/opt/php53/lib/php/extensions/no-debug-non-zts-$_PHP53_API/opcache.so" fix_php_ini_opcache "53" _THIS_FILE=/opt/php54/etc/php54.ini _OPCACHE_SO="/opt/php54/lib/php/extensions/no-debug-non-zts-$_PHP54_API/opcache.so" fix_php_ini_opcache "54" _THIS_FILE=/opt/php55/etc/php55.ini _OPCACHE_SO="/opt/php55/lib/php/extensions/no-debug-non-zts-$_PHP55_API/opcache.so" fix_php_ini_opcache "55" } # # Fix php.ini file to add geos.so fix_php_ini_geos () { if [ -e "$_THIS_FILE" ] ; then _GEOS_INI_TEST=$(grep "extension=geos.so" $_THIS_FILE) if [[ "$_GEOS_INI_TEST" =~ "extension=geos.so" ]] ; then _DO_NOTHING=YES else echo "extension=geos.so" >> $_THIS_FILE fi fi } # # Fix 5.3 php.ini files to add geos.so fix_php_ini_geos_all () { if [ "$_PHP_GEOS" = "YES" ] || [[ "$_XTRAS_LIST" =~ "GEO" ]] ; then _THIS_FILE=/opt/php53/etc/php53.ini fix_php_ini_geos _THIS_FILE=/opt/php53/lib/php.ini fix_php_ini_geos fi } # # Fix php.ini file to add mongo.so fix_php_ini_mongo () { if [ -e "$_THIS_FILE" ] ; then _MONGODB_INI_TEST=$(grep "extension=mongo.so" $_THIS_FILE) if [[ "$_MONGODB_INI_TEST" =~ "extension=mongo.so" ]] ; then _DO_NOTHING=YES else echo "extension=mongo.so" >> $_THIS_FILE fi fi } # # Fix 5.3 php.ini files to add mongo.so fix_php_ini_mongo_all () { if [ "$_PHP_MONGODB" = "YES" ] || [[ "$_XTRAS_LIST" =~ "MNG" ]] ; then _THIS_FILE=/opt/php53/etc/php53.ini fix_php_ini_mongo _THIS_FILE=/opt/php53/lib/php.ini fix_php_ini_mongo fi } # # Update PHP Config. update_php_conf () { if [ -z "$_THISHTIP" ] ; then _LOC_DOM="$_THISHOST" find_correct_ip _THISHTIP="$_LOC_IP" fi if [ ! -e "/opt/etc/fpm" ] || [ ! -e "/opt/etc/fpm/fpm-pool-common.conf" ] ; then mkdir -p /opt/etc/fpm fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/fpm-pool-common.conf /opt/etc/fpm/fpm-pool-common.conf if [ ! -e "/var/www/www55" ] ; then adduser --system --group --home /var/www/www55 www55 &> /dev/null usermod -aG www-data www55 &> /dev/null fi if [ ! -e "/opt/php55/etc/php55.ini" ] || [ ! -e "/opt/php55/etc/pool.d/www55.conf" ] ; then mkdir -p /opt/php55/etc/pool.d cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php55.ini /opt/php55/etc/php55.ini fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/fpm55-pool-www.conf /opt/php55/etc/pool.d/www55.conf if [ ! -e "/var/www/www54" ] ; then adduser --system --group --home /var/www/www54 www54 &> /dev/null usermod -aG www-data www54 &> /dev/null fi if [ ! -e "/opt/php54/etc/php54.ini" ] || [ ! -e "/opt/php54/etc/pool.d/www54.conf" ] ; then mkdir -p /opt/php54/etc/pool.d cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php54.ini /opt/php54/etc/php54.ini fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/fpm54-pool-www.conf /opt/php54/etc/pool.d/www54.conf if [ ! -e "/var/www/www53" ] ; then adduser --system --group --home /var/www/www53 www53 &> /dev/null usermod -aG www-data www53 &> /dev/null fi if [ ! -e "/opt/php53/etc/php53.ini" ] || [ ! -e "/opt/php53/etc/pool.d/www53.conf" ] ; then mkdir -p /opt/php53/etc/pool.d cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php53.ini /opt/php53/etc/php53.ini fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/fpm53-pool-www.conf /opt/php53/etc/pool.d/www53.conf if [ ! -e "/opt/php52/etc/php52.ini" ] ; then mkdir -p /opt/php52/etc cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php52.ini /opt/php52/etc/php52.ini fi if [ ! -e "/opt/php55/lib/php.ini" ] ; then mkdir -p /opt/php55/lib cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php55-cli.ini /opt/php55/lib/php.ini fi if [ ! -e "/opt/php54/lib/php.ini" ] ; then mkdir -p /opt/php54/lib cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php54-cli.ini /opt/php54/lib/php.ini fi if [ ! -e "/opt/php53/lib/php.ini" ] ; then mkdir -p /opt/php53/lib cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php53-cli.ini /opt/php53/lib/php.ini fi if [ ! -e "/opt/php52/lib/php.ini" ] ; then mkdir -p /opt/php52/lib cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php52-cli.ini /opt/php52/lib/php.ini fi if [ "$_CUSTOM_CONFIG_PHP55" = "NO" ] || [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then cp -af /opt/php55/etc/php55.ini /var/backups/dragon/t/etc-php55.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php55.ini /opt/php55/etc/php55.ini &> /dev/null cp -af /opt/php55/lib/php.ini /var/backups/dragon/t/lib-php55.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php55-cli.ini /opt/php55/lib/php.ini &> /dev/null fi if [ "$_CUSTOM_CONFIG_PHP54" = "NO" ] || [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then cp -af /opt/php54/etc/php54.ini /var/backups/dragon/t/etc-php54.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php54.ini /opt/php54/etc/php54.ini &> /dev/null cp -af /opt/php54/lib/php.ini /var/backups/dragon/t/lib-php54.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php54-cli.ini /opt/php54/lib/php.ini &> /dev/null fi if [ "$_CUSTOM_CONFIG_PHP53" = "NO" ] || [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then cp -af /opt/php53/etc/php53.ini /var/backups/dragon/t/etc-php53.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php53.ini /opt/php53/etc/php53.ini &> /dev/null cp -af /opt/php53/lib/php.ini /var/backups/dragon/t/lib-php53.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php53-cli.ini /opt/php53/lib/php.ini &> /dev/null fi if [ "$_CUSTOM_CONFIG_PHP52" = "NO" ] || [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then cp -af /opt/php52/etc/php52.ini /var/backups/dragon/t/etc-php52.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php52.ini /opt/php52/etc/php52.ini &> /dev/null cp -af /opt/php52/lib/php.ini /var/backups/dragon/t/lib-php52.ini-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php52-cli.ini /opt/php52/lib/php.ini &> /dev/null fi ### cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php55-fpm.conf /opt/php55/etc/php55-fpm.conf &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php54-fpm.conf /opt/php54/etc/php54-fpm.conf &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php53-fpm.conf /opt/php53/etc/php53-fpm.conf &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php52-fpm.conf /opt/php52/etc/php52-fpm.conf &> /dev/null ### sed -i "s/listen.allowed_clients =.*/listen.allowed_clients = 127.0.0.1,$_THISHTIP/g" /opt/etc/fpm/fpm-pool-common.conf &> /dev/null sed -i "s/>127.0.0.1127.0.0.1,$_THISHTIP\ /dev/null sed -i "s/listen.mode =.*/listen.mode = 0660/g" /opt/etc/fpm/fpm-pool-common.conf &> /dev/null ### _THIS_FILE=/opt/php55/etc/php55.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse _THIS_FILE=/opt/php55/lib/php.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse _THIS_FILE=/opt/php54/etc/php54.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse _THIS_FILE=/opt/php54/lib/php.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse _THIS_FILE=/opt/php53/etc/php53.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse _THIS_FILE=/opt/php53/lib/php.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse _THIS_FILE=/opt/php52/etc/php52.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse _THIS_FILE=/opt/php52/lib/php.ini fix_php_ini_redis fix_php_ini_jsmin fix_php_ini_suhosin fix_php_ini_mailparse rm -f /etc/php5/conf.d/{opcache.ini,apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null fix_php_ini_newrelic_all fix_php_ini_geos_all fix_php_ini_mongo_all fix_php_ini_opcache_all ### sed -i "s/^zlib.output_compression.*/zlib.output_compression = Off/g" /opt/php52/etc/php52.ini &> /dev/null sed -i "s/^zlib.output_compression.*/zlib.output_compression = Off/g" /opt/php52/lib/php.ini &> /dev/null sed -i "s/^zlib.output_compression.*/zlib.output_compression = Off/g" /opt/php53/etc/php53.ini &> /dev/null sed -i "s/^zlib.output_compression.*/zlib.output_compression = Off/g" /opt/php53/lib/php.ini &> /dev/null ### sed -i "s/.*zlib.output_compression_level/;zlib.output_compression_level/g" /opt/php52/etc/php52.ini &> /dev/null sed -i "s/.*zlib.output_compression_level/;zlib.output_compression_level/g" /opt/php52/lib/php.ini &> /dev/null sed -i "s/.*zlib.output_compression_level/;zlib.output_compression_level/g" /opt/php53/etc/php53.ini &> /dev/null sed -i "s/.*zlib.output_compression_level/;zlib.output_compression_level/g" /opt/php53/lib/php.ini &> /dev/null ### } # # Update innodb_log_file_size. update_innodb_log_file_size () { msg "INFO: InnoDB log file will be set to $_INNODB_LOG_FILE_SIZE_MB, please wait..." mrun "service mysql stop" &> /dev/null mrun "sleep 5" if [ ! -e "/var/run/mysqld/mysqld.sock" ] && [ ! -e "/var/run/mysqld/mysqld.pid" ] ; then mkdir -p /var/backups/old-sql-ib-log-$_NOW mrun "sleep 5" mv -f /var/lib/mysql/ib_logfile0 /var/backups/old-sql-ib-log-$_NOW/ &> /dev/null mv -f /var/lib/mysql/ib_logfile1 /var/backups/old-sql-ib-log-$_NOW/ &> /dev/null sed -i "s/.*innodb_log_file_size.*/innodb_log_file_size = $_INNODB_LOG_FILE_SIZE_MB/g" /etc/mysql/my.cnf &> /dev/null mrun "sleep 5" fi mrun "service mysql start" &> /dev/null } # # Update SQL Config. update_sql_conf () { sed -i "s/.*check_for_crashed_tables/#check_for_crashed_tables/g" /etc/mysql/debian-start &> /dev/null if [ "$_CUSTOM_CONFIG_SQL" = "NO" ] || [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [ "$_CUSTOM_CONFIG_SQL" = "YES" ] ; then _DO_NOTHING=YES else cp -af /etc/mysql/my.cnf /var/backups/dragon/t/my.cnf-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/my.cnf.txt /etc/mysql/my.cnf _INNODB_LOG_FILE_SIZE=${_INNODB_LOG_FILE_SIZE//[^0-9]/} if [ ! -z "$_INNODB_LOG_FILE_SIZE" ] ; then if [ "$_INNODB_LOG_FILE_SIZE" -ge "10" ] && [ "$_INNODB_LOG_FILE_SIZE" -lt "501" ] ; then _INNODB_LOG_FILE_SIZE_MB="${_INNODB_LOG_FILE_SIZE}M" _INNODB_LOG_FILE_SIZE_TEST=$(grep "^innodb_log_file_size" /var/backups/dragon/t/my.cnf-pre-$_INSTALLER_VERSION-$_NOW) if [[ "$_INNODB_LOG_FILE_SIZE_TEST" =~ "= $_INNODB_LOG_FILE_SIZE_MB" ]] ; then _INNODB_LOG_FILE_SIZE_SAME=YES else _INNODB_LOG_FILE_SIZE_SAME=NO fi fi fi sed -i "s/.*slow_query_log/#slow_query_log/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*long_query_time/#long_query_time/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*slow_query_log_file/#slow_query_log_file/g" /etc/mysql/my.cnf &> /dev/null if [ ! -e "/etc/mysql/skip-name-resolve.txt" ] ; then sed -i "s/.*skip-name-resolve/#skip-name-resolve/g" /etc/mysql/my.cnf &> /dev/null fi fi fi mv -f /etc/mysql/my.cnf-pre* /var/backups/dragon/t/ &> /dev/null sed -i "s/.*default-table-type/#default-table-type/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*language/#language/g" /etc/mysql/my.cnf &> /dev/null _THIS_DB_SERVER_TEST=`mysql -V 2>&1` if [[ "$_THIS_DB_SERVER_TEST" =~ "5.5." ]] || [[ "$_THIS_DB_SERVER_TEST" =~ "10.0" ]] ; then _DO_NOTHING=YES else sed -i "s/.*lc_messages_dir /#lc_messages_dir /g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*lc_messages /#lc_messages /g" /etc/mysql/my.cnf &> /dev/null fi if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then sed -i "s/.*innodb_lazy_drop_table /#innodb_lazy_drop_table /g" /etc/mysql/my.cnf &> /dev/null fi if [ "$_CUSTOM_CONFIG_SQL" = "NO" ] ; then if [ "$_DB_BINARY_LOG" = "NO" ] ; then bash /var/xdrago/purge_binlogs.sh &> /dev/null sed -i "s/.*purge_binlogs.*//g" /var/spool/cron/crontabs/root &> /dev/null sed -i "/^$/d" /var/spool/cron/crontabs/root &> /dev/null sed -i "s/^log_bin/#log_bin/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^expire_logs_days/#expire_logs_days/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^max_binlog_size/#max_binlog_size/g" /etc/mysql/my.cnf &> /dev/null elif [ "$_DB_BINARY_LOG" = "YES" ] ; then sed -i "s/.*log_bin/log_bin/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*expire_logs_days/expire_logs_days/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*max_binlog_size/max_binlog_size/g" /etc/mysql/my.cnf &> /dev/null fi if [ "$_DB_ENGINE" = "MyISAM" ] || [ "$_DB_ENGINE" = "InnoDB" ] ; then sed -i "s/^default_storage_engine.*/default_storage_engine = $_DB_ENGINE/g" /etc/mysql/my.cnf &> /dev/null fi if [ ! -z "$_INNODB_LOG_FILE_SIZE" ] ; then if [ "$_INNODB_LOG_FILE_SIZE" -ge "10" ] && [ "$_INNODB_LOG_FILE_SIZE" -lt "501" ] ; then _INNODB_LOG_FILE_SIZE_MB="${_INNODB_LOG_FILE_SIZE}M" _INNODB_LOG_FILE_SIZE_TEST=$(grep "^innodb_log_file_size" /etc/mysql/my.cnf) if [[ "$_INNODB_LOG_FILE_SIZE_TEST" =~ "= $_INNODB_LOG_FILE_SIZE_MB" ]] ; then _DO_NOTHING=YES else if [ "$_INNODB_LOG_FILE_SIZE_SAME" = "YES" ] ; then sed -i "s/.*innodb_log_file_size.*/innodb_log_file_size = $_INNODB_LOG_FILE_SIZE_MB/g" /etc/mysql/my.cnf &> /dev/null else update_innodb_log_file_size fi fi fi fi fi } # # Update Nginx Config. update_nginx_conf () { if [ ! -e "/var/xdrago/log/nginx-config-fixed-$_INSTALLER_VERSION" ] && [ -d "/var/aegir" ] ; then if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx.conf" ] && [ -e "/etc/nginx/nginx.conf" ] ; then mv -f /etc/nginx/nginx.conf-* /var/backups/dragon/t/ &> /dev/null mv -f /etc/nginx/mime.types-pre-* /var/backups/dragon/t/ &> /dev/null mv -f /etc/nginx/nginx.conf /var/backups/dragon/t/nginx.conf-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx.conf /etc/nginx/nginx.conf touch /var/xdrago/log/nginx-config-fixed-$_INSTALLER_VERSION fi fi if [ -e "/var/aegir/config/server_master/nginx/pre.d" ] && [ "$_PURGE_MODE" = "ON" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_speed_purge.conf /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf fi } # # Update global.inc Config. update_global_inc_conf () { if [ -e "/data/conf/global.inc" ] ; then mv -f /data/conf/global.inc /data/conf/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc /data/conf/global.inc sed -i "s/3600/$_SPEED_VALID_MAX/g" /data/conf/global.inc &> /dev/null fi } # # Fix this on upgrade. fix_on_upgrade () { sed -i "s/loglevel.*/loglevel warning/g" /etc/redis/redis.conf &> /dev/null sed -i "s/^TLS.*/TLS 2/g" /usr/local/etc/pure-ftpd.conf &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/clean-boa-env /etc/init.d/clean-boa-env chmod 755 /etc/init.d/clean-boa-env &> /dev/null st_runner "update-rc.d clean-boa-env defaults" &> /dev/null kill_nash fix_sftp_ftps_modern fix_ftps_pam disable_old_purge_cruft_machine enable_weekly_usage_monitor update_php_conf update_sql_conf update_nginx_conf update_global_inc_conf update_redis_password } # # Validate server public IP. validate_public_ip () { if [ "$_VMFAMILY" = "AWS" ] ; then _LOC_DOM="$_MY_HOSTN" find_correct_ip _MY_OWNIP="$_LOC_IP" fi if [ ! -z "$_LOCAL_NETWORK_IP" ] ; then if [ -z "$_LOCAL_NETWORK_HN" ] ; then msg "FATAL ERROR: you must specify also _LOCAL_NETWORK_HN" exit 1 else _MY_OWNIP="$_LOCAL_NETWORK_IP" _MY_HOSTN="$_LOCAL_NETWORK_HN" _MY_FRONT="$_LOCAL_NETWORK_HN" _THISHTIP="$_LOCAL_NETWORK_IP" fi else _ETH_TEST=`ifconfig 2>&1` if [[ "$_ETH_TEST" =~ "venet0" ]] ; then _IFCONFIG="venet0" elif [ -e "/proc/bean_counters" ] ; then _IFCONFIG="venet0" else _IFCONFIG="eth0" fi if [ "$_DNS_SETUP_TEST" = "YES" ] ; then if [ -z "$_MY_OWNIP" ] ; then _THISHTIP=`ifconfig $_IFCONFIG | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` if [[ "$_THISHTIP" =~ "127.0.0." ]] ; then _THISHTIP=`ifconfig ${_IFCONFIG}:0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` fi else _THISHTIP="$_MY_OWNIP" fi else if [ -z "$_MY_OWNIP" ] && [ ! -z "$_MY_HOSTN" ] ; then _LOC_DOM="$_MY_HOSTN" find_correct_ip _THISHTIP="$_LOC_IP" else _THISHTIP="$_MY_OWNIP" fi fi fi } # # Validate server IP for xtras. validate_xtras_ip () { if [ "$_VMFAMILY" = "AWS" ] ; then _LOC_DOM="$_MY_HOSTN" find_correct_ip _MY_OWNIP="$_LOC_IP" fi if [ "$_HTTP_WILDCARD" = "YES" ] ; then _XTRAS_THISHTIP="*" else _ETH_TEST=`ifconfig 2>&1` if [[ "$_ETH_TEST" =~ "venet0" ]] ; then _IFCONFIG="venet0" elif [ -e "/proc/bean_counters" ] ; then _IFCONFIG="venet0" else _IFCONFIG="eth0" fi if [ "$_DNS_SETUP_TEST" = "YES" ] ; then if [ -z "$_MY_OWNIP" ] ; then _XTRAS_THISHTIP=`ifconfig $_IFCONFIG | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` if [[ "$_XTRAS_THISHTIP" =~ "127.0.0." ]] ; then _XTRAS_THISHTIP=`ifconfig ${_IFCONFIG}:0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` fi else _XTRAS_THISHTIP="$_MY_OWNIP" fi else if [ -z "$_MY_OWNIP" ] ; then if [ -e "/usr/bin/sipcalc" ] ; then if [ -z "$_THISHTIP" ] ; then _LOC_DOM="$_THISHOST" find_correct_ip _THISHTIP="$_LOC_IP" fi _IP_TEST=`sipcalc $_THISHTIP 2>&1` if [[ "$_IP_TEST" =~ "ERR" ]] ; then _IP_TEST_RESULT=FAIL _XTRAS_THISHTIP="*" else _IP_TEST_RESULT=OK _XTRAS_THISHTIP="$_THISHTIP" fi else _XTRAS_THISHTIP="$_THISHTIP" fi else _XTRAS_THISHTIP="$_MY_OWNIP" fi fi if [ -z "$_XTRAS_THISHTIP" ] ; then _XTRAS_THISHTIP="*" fi fi } # # Validate server IP for purge vhost. validate_purge_ip () { if [ "$_PURGE_ALL_THISHTIP" = "YES" ] ; then _PURGE_THISHTIP="0.0.0.0/0" else _ETH_TEST=`ifconfig 2>&1` if [[ "$_ETH_TEST" =~ "venet0" ]] ; then _IFCONFIG="venet0" elif [ -e "/proc/bean_counters" ] ; then _IFCONFIG="venet0" else _IFCONFIG="eth0" fi if [ "$_DNS_SETUP_TEST" = "YES" ] ; then if [ -z "$_MY_OWNIP" ] ; then _PURGE_THISHTIP=`ifconfig $_IFCONFIG | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` if [[ "$_PURGE_THISHTIP" =~ "127.0.0." ]] ; then _PURGE_THISHTIP=`ifconfig ${_IFCONFIG}:0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` fi else _PURGE_THISHTIP="$_MY_OWNIP" fi else if [ -z "$_MY_OWNIP" ] ; then if [ -e "/usr/bin/sipcalc" ] ; then if [ -z "$_THISHTIP" ] ; then _LOC_DOM="$_THISHOST" find_correct_ip _THISHTIP="$_LOC_IP" fi _IP_TEST=`sipcalc $_THISHTIP 2>&1` if [[ "$_IP_TEST" =~ "ERR" ]] ; then _IP_TEST_RESULT=FAIL _PURGE_THISHTIP="0.0.0.0/0" else _IP_TEST_RESULT=OK _PURGE_THISHTIP="$_THISHTIP" fi else _PURGE_THISHTIP="$_THISHTIP" fi else _PURGE_THISHTIP="$_MY_OWNIP" fi fi if [ -z "$_PURGE_THISHTIP" ] ; then _PURGE_THISHTIP="0.0.0.0/0" fi fi } # # Validate local server IP. validate_local_ip () { if [ "$_HTTP_WILDCARD" = "YES" ] ; then _LOCAL_THISHTIP=all else _ETH_TEST=`ifconfig 2>&1` if [[ "$_ETH_TEST" =~ "venet0" ]] ; then _IFCONFIG="venet0" elif [ -e "/proc/bean_counters" ] ; then _IFCONFIG="venet0" else _IFCONFIG="eth0" fi if [ "$_DNS_SETUP_TEST" = "YES" ] ; then if [ -z "$_MY_OWNIP" ] ; then _LOCAL_THISHTIP=`ifconfig $_IFCONFIG | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` if [[ "$_LOCAL_THISHTIP" =~ "127.0.0." ]] ; then _LOCAL_THISHTIP=`ifconfig ${_IFCONFIG}:0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` fi else _LOCAL_THISHTIP="$_MY_OWNIP" fi else if [ -z "$_MY_OWNIP" ] ; then if [ -e "/usr/bin/sipcalc" ] ; then if [ -z "$_THISHTIP" ] ; then _LOC_DOM="$_THISHOST" find_correct_ip _THISHTIP="$_LOC_IP" fi _IP_TEST=`sipcalc $_THISHTIP 2>&1` if [[ "$_IP_TEST" =~ "ERR" ]] ; then _IP_TEST_RESULT=FAIL _LOCAL_THISHTIP=all else _IP_TEST_RESULT=OK _LOCAL_THISHTIP="$_THISHTIP" fi else _LOCAL_THISHTIP="$_THISHTIP" fi else _LOCAL_THISHTIP="$_MY_OWNIP" fi fi if [ -z "$_LOCAL_THISHTIP" ] ; then _LOCAL_THISHTIP=all fi fi } # # Sub Force advanced Nginx configuration. sub_force_advanced_nginx_config () { if [ -d "$_THIS_NGX_PATH" ] ; then if [ "$_USE_STOCK" = "NO" ] ; then sed -i "s/data.*post.d/var\/aegir\/config\/includes/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null sed -i "s/data.*post.d/var\/aegir\/config\/includes/g" $_THIS_NGX_PATH/nginx_modern_include.conf &> /dev/null sed -i "s/data.*post.d/var\/aegir\/config\/includes/g" $_THIS_NGX_PATH/nginx_legacy_include.conf &> /dev/null fi if [ "$_PHP_FPM_VERSION" != "5.2" ] && [ -e "/opt/php${_PHP_SV}/etc/php${_PHP_SV}-fpm.conf" ] ; then if [ "$_USE_STOCK" = "NO" ] ; then if [ "$_PHP_CN" = "www53" ] ; then sed -i "s/unix:cron:fastcgi.socket;/127.0.0.1:9090;/g" $_THIS_NGX_PATH/nginx_modern_include.conf &> /dev/null sed -i "s/unix:cron:fastcgi.socket;/127.0.0.1:9090;/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null else sed -i "s/127.0.0.1:.*;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" $_THIS_NGX_PATH/nginx_modern_include.conf &> /dev/null sed -i "s/127.0.0.1:.*;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null sed -i "s/127.0.0.1:.*;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" /var/aegir/config/includes/nginx_compact_include.conf &> /dev/null sed -i "s/unix:cron:fastcgi.socket;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" $_THIS_NGX_PATH/nginx_modern_include.conf &> /dev/null sed -i "s/unix:cron:fastcgi.socket;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null fi else sed -i "s/127.0.0.1:.*;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" $_THIS_NGX_PATH/nginx_vhost_common.conf &> /dev/null if [ "${_PHP_CN}" = "www53" ] ; then sed -i "s/unix:cron:fastcgi.socket;/127.0.0.1:9090;/g" $_THIS_NGX_PATH/nginx_vhost_common.conf &> /dev/null else sed -i "s/unix:cron:fastcgi.socket;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" $_THIS_NGX_PATH/nginx_vhost_common.conf &> /dev/null fi fi else if [ "$_USE_STOCK" = "NO" ] ; then sed -i "s/127.0.0.1:.*;/127.0.0.1:9000;/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null sed -i "s/unix:cron:fastcgi.socket;/127.0.0.1:9000;/g" $_THIS_NGX_PATH/nginx_octopus_include.conf &> /dev/null sed -i "s/127.0.0.1:.*;/127.0.0.1:9000;/g" /var/aegir/config/includes/nginx_compact_include.conf &> /dev/null else sed -i "s/127.0.0.1:.*;/127.0.0.1:9000;/g" $_THIS_NGX_PATH/nginx_vhost_common.conf &> /dev/null sed -i "s/unix:cron:fastcgi.socket;/127.0.0.1:9000;/g" $_THIS_NGX_PATH/nginx_vhost_common.conf &> /dev/null fi fi if [ "$_PHP_LEGACY_FREE" = "YES" ] || [ "$_PHP_FPM_VERSION" != "5.2" ] ; then if [ "$_PHP_CN" = "www53" ] ; then sed -i "s/127.0.0.1:.*;/127.0.0.1:9090;/g" $_THIS_NGX_PATH/nginx_legacy_include.conf &> /dev/null else sed -i "s/127.0.0.1:.*;/unix:\/var\/run\/${_PHP_CN}.fpm.socket;/g" $_THIS_NGX_PATH/nginx_legacy_include.conf &> /dev/null fi fi fi } # # Force advanced Nginx configuration. force_advanced_nginx_config () { cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_compact_include.conf /var/aegir/config/includes/nginx_compact_include.conf validate_local_ip &> /dev/null _THIS_NGX_PATH=/var/aegir/.drush/sys/provision/http/Provision/Service/http sub_force_advanced_nginx_config _THIS_NGX_PATH=/var/aegir/config/includes sub_force_advanced_nginx_config sed -i "s/ 90;/ 180;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null if [ "$_NGINX_SPDY" = "YES" ] ; then sed -i "s/:443;/:443 ssl spdy;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/:443;/:443 ssl spdy;/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null fi _SSL_INSTALLED=`openssl version 2>&1 | tr -d "\n" | cut -d" " -f2 | awk '{ print $1}'` if [ "$_SSL_INSTALLED" = "$_OPENSSL_VERSION" ] &&[ "$_NGINX_FORWARD_SECRECY" = "YES" ] ; then _ALLOW_NGINX_FORWARD_SECRECY=YES _SSL_PROTOCOLS="SSLv3 TLSv1 TLSv1.1 TLSv1.2;" _SSL_CIPHERS="EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:\!aNULL:\!eNULL:\!LOW:\!3DES:\!MD5:\!EXP:\!PSK:\!SRP:\!DSS:+RC4:RC4;" else _ALLOW_NGINX_FORWARD_SECRECY=NO fi if [ "$_ALLOW_NGINX_FORWARD_SECRECY" = "YES" ] ; then sed -i "s/ssl_protocols .*/ssl_protocols $_SSL_PROTOCOLS/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/ssl_protocols .*/ssl_protocols $_SSL_PROTOCOLS/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/ssl_ciphers .*/ssl_ciphers $_SSL_CIPHERS/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/ssl_ciphers .*/ssl_ciphers $_SSL_CIPHERS/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null fi if [ -e "/var/aegir/config/includes" ] && [ "$_USE_STOCK" = "NO" ] ; then if [ ! -L "/var/aegir/config/includes/nginx_advanced_include.conf" ] ; then ln -sf /var/aegir/config/includes/nginx_octopus_include.conf /var/aegir/config/includes/nginx_advanced_include.conf fi if [ ! -L "/var/aegir/config/includes/nginx_simple_include.conf" ] ; then ln -sf /var/aegir/config/includes/nginx_legacy_include.conf /var/aegir/config/includes/nginx_simple_include.conf fi fi chown aegir:aegir /var/aegir/config/includes/* chown aegir:aegir /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/* if [ ! -e "/data/conf/nginx_high_load_off.conf" ] ; then mkdir -p /data/conf cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_high_load_off.conf /data/conf/nginx_high_load_off.conf chmod 644 /data/conf/nginx_high_load_off.conf &> /dev/null fi if [ -e "/root/.high_traffic.cnf" ] ; then sed -i "s/access_log .*/access_log /var/log/nginx/access.log main buffer=32k;/g" /var/aegir/config/server_master/nginx.conf &> /dev/null fi } # # Tune Web Sever configuration. tune_web_server_config () { _LIM_FPM="$_L_PHP_FPM_WORKERS" if [ "$_LIM_FPM" -lt "24" ] ; then if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then _LIM_FPM=24 fi fi let "_PROCESS_MAX_FPM = (($_LIM_FPM * 5))" let "_CHILD_MAX_FPM = (($_LIM_FPM * 2))" if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then _DO_NOTHING=YES else _PHP_FPM_WORKERS=${_PHP_FPM_WORKERS//[^0-9]/} if [ ! -z "$_PHP_FPM_WORKERS" ] && [ "$_PHP_FPM_WORKERS" -gt "0" ] ; then _CHILD_MAX_FPM="$_PHP_FPM_WORKERS" fi fi let "_START_LEGACY_FPM = (($_LIM_FPM - 21))" if [ "$_START_LEGACY_FPM" -lt "3" ] ; then _START_LEGACY_FPM=3 fi sed -i "s/process.max =.*/process.max = $_PROCESS_MAX_FPM/g" /opt/php55/etc/php55-fpm.conf &> /dev/null sed -i "s/process.max =.*/process.max = $_PROCESS_MAX_FPM/g" /opt/php54/etc/php54-fpm.conf &> /dev/null sed -i "s/process.max =.*/process.max = $_PROCESS_MAX_FPM/g" /opt/php53/etc/php53-fpm.conf &> /dev/null sed -i "s/pm.max_children =.*/pm.max_children = $_CHILD_MAX_FPM/g" /opt/php55/etc/pool.d/www55.conf &> /dev/null sed -i "s/pm.max_children =.*/pm.max_children = $_CHILD_MAX_FPM/g" /opt/php54/etc/pool.d/www54.conf &> /dev/null sed -i "s/pm.max_children =.*/pm.max_children = $_CHILD_MAX_FPM/g" /opt/php53/etc/pool.d/www53.conf &> /dev/null sed -i "s/max_children\">.*$_START_LEGACY_FPM /dev/null if [ ! -z "$_PHP_FPM_DENY" ] ; then sed -i "s/passthru,/$_PHP_FPM_DENY,/g" /opt/php55/etc/pool.d/www55.conf &> /dev/null sed -i "s/passthru,/$_PHP_FPM_DENY,/g" /opt/php54/etc/pool.d/www54.conf &> /dev/null sed -i "s/passthru,/$_PHP_FPM_DENY,/g" /opt/php53/etc/pool.d/www53.conf &> /dev/null fi sed -i "s/,getenv,/,/g" /opt/php*/etc/php*.ini &> /dev/null sed -i "s/,getenv,/,/g" /opt/php*/etc/pool.d/*.conf &> /dev/null sed -i "s/,getenv,/,/g" /var/xdrago/conf/fpm-pool-foo.conf &> /dev/null sed -i "s/,create_function,/,/g" /opt/php*/etc/php*.ini &> /dev/null sed -i "s/,create_function,/,/g" /opt/php*/etc/pool.d/*.conf &> /dev/null sed -i "s/,create_function,/,/g" /var/xdrago/conf/fpm-pool-foo.conf &> /dev/null sed -i "s/assert,//g" /opt/php*/etc/php*.ini &> /dev/null sed -i "s/,assert,/,/g" /opt/php*/etc/pool.d/*.conf &> /dev/null sed -i "s/,assert,/,/g" /var/xdrago/conf/fpm-pool-foo.conf &> /dev/null sed -i "s/:\/srv:\/usr\/bin\"/:\/srv:\/usr\/bin:\/opt\/tika:\/opt\/tika7:\/opt\/tika8:\/opt\/tika9\"/g" /opt/php*/etc/pool.d/*.conf &> /dev/null sed -i "s/:\/srv:\/usr\/bin\"/:\/srv:\/usr\/bin:\/opt\/tika:\/opt\/tika7:\/opt\/tika8:\/opt\/tika9\"/g" /var/xdrago/conf/fpm-pool-foo.conf &> /dev/null sed -i "s/:\/opt\/tika9\"/:\/opt\/tika9:\/opt\/php52:\/opt\/php53:\/opt\/php54:\/opt\/php55\"/g" /opt/php*/etc/pool.d/*.conf &> /dev/null sed -i "s/:\/opt\/tika9\"/:\/opt\/tika9:\/opt\/php52:\/opt\/php53:\/opt\/php54:\/opt\/php55\"/g" /var/xdrago/conf/fpm-pool-foo.conf &> /dev/null sed -i "s/drush_log(t('Contrib latestDir/drush_log(dt('Contrib latestDir/g" /data/disk/*/.drush/sys/provision/platform/verify.provision.inc &> /dev/null sed -i "s/drush_log(t('Contrib latestDir/drush_log(dt('Contrib latestDir/g" /var/aegir/.drush/sys/provision/platform/verify.provision.inc &> /dev/null _ZOP_INI_TEST=$(grep "^opcache.enable=1" /opt/php*/etc/php*.ini) if [[ "$_ZOP_INI_TEST" =~ "opcache.enable=1" ]] ; then _DO_NOTHING=YES else sed -i "s/opcache.fast_shutdown=1/opcache.fast_shutdown=1\nopcache.enable=1/g" /opt/php*/etc/php*.ini &> /dev/null fi # PHP-FPM INI sed -i "s/^default_socket_timeout =.*/default_socket_timeout = 180/g" /opt/php*/etc/php*.ini &> /dev/null sed -i "s/^max_execution_time =.*/max_execution_time = 180/g" /opt/php*/etc/php*.ini &> /dev/null sed -i "s/^max_input_time =.*/max_input_time = 180/g" /opt/php*/etc/php*.ini &> /dev/null # Redis config should sync with PHP-FPM sed -i "s/^timeout .*/timeout 180/g" /etc/redis/redis.conf &> /dev/null # PHP-CLI INI sed -i "s/^default_socket_timeout =.*/default_socket_timeout = 3600/g" /opt/php*/lib/php.ini &> /dev/null sed -i "s/^max_execution_time =.*/max_execution_time = 3600/g" /opt/php*/lib/php.ini &> /dev/null sed -i "s/^max_input_time =.*/max_input_time = 3600/g" /opt/php*/lib/php.ini &> /dev/null if [ ! -z "$_L_NGINX_WORKERS" ] ; then sed -i "s/worker_processes.*/worker_processes $_L_NGINX_WORKERS;/g" /etc/nginx/nginx.conf &> /dev/null else sed -i "s/worker_processes.*/worker_processes 4;/g" /etc/nginx/nginx.conf &> /dev/null fi } # # Tune memory limits for SQL server. tune_sql_memory_limits () { if [ ! -e "/var/opt/mysqltuner-$_INSTALLER_VERSION-$_NOW.txt" ] ; then msg "INFO: Running MySQLTuner check on all databases..." msg "NOTE! This step may take a LONG time, please wait..." rm -f /var/opt/mysqltuner* ### curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl" -o /var/opt/mysqltuner.pl curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/dev/mysqltuner.pl" -o /var/opt/mysqltuner.pl if [ ! -e "/var/opt/mysqltuner.pl" ] ; then mrun "sleep 60" curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/dev/mysqltuner.pl" -o /var/opt/mysqltuner.pl fi if [ -e "/var/opt/mysqltuner.pl" ] ; then perl /var/opt/mysqltuner.pl > /var/opt/mysqltuner-$_INSTALLER_VERSION-$_NOW.txt 2>&1 fi fi if [ -e "/var/opt/mysqltuner.pl" ] && [ -e "/var/opt/mysqltuner-$_INSTALLER_VERSION-$_NOW.txt" ] ; then _REC_MYISAM_MEM=`cat /var/opt/mysqltuner-$_INSTALLER_VERSION-$_NOW.txt | grep "Data in MyISAM tables" | cut -d: -f2 | awk '{ print $1}'` _REC_INNODB_MEM=`cat /var/opt/mysqltuner-$_INSTALLER_VERSION-$_NOW.txt | grep "Data in InnoDB tables" | cut -d: -f2 | awk '{ print $1}'` ###--------------------### if [ ! -z "$_REC_MYISAM_MEM" ] ; then _RAW_MYISAM_MEM=`echo $_REC_MYISAM_MEM | sed "s/[A-Z]//g"` if [[ "$_REC_MYISAM_MEM" =~ "G" ]] ; then let "_RAW_MYISAM_MEM = (($_RAW_MYISAM_MEM * 1024))" fi if [ "$_RAW_MYISAM_MEM" -gt "$_USE_SQL" ] ; then _USE_MYISAM_MEM="$_USE_SQL" else _USE_MYISAM_MEM="$_RAW_MYISAM_MEM" fi _USE_MYISAM_MEM="${_USE_MYISAM_MEM}M" sed -i "s/^key_buffer_size.*/key_buffer_size = $_USE_MYISAM_MEM/g" /etc/mysql/my.cnf &> /dev/null else _USE_MYISAM_MEM="64M" sed -i "s/^key_buffer_size.*/key_buffer_size = $_USE_MYISAM_MEM/g" /etc/mysql/my.cnf &> /dev/null fi ###--------------------### if [ ! -z "$_REC_INNODB_MEM" ] ; then _RAW_INNODB_MEM=`echo $_REC_INNODB_MEM | sed "s/[A-Z]//g"` if [[ "$_REC_INNODB_MEM" =~ "G" ]] ; then let "_RAW_INNODB_MEM = (($_RAW_INNODB_MEM * 1024))" fi if [ "$_RAW_INNODB_MEM" -gt "$_USE_SQL" ] ; then _USE_INNODB_MEM="$_USE_SQL" else _USE_INNODB_MEM="$_RAW_INNODB_MEM" fi _INNODB_BPI="0" _INNODB_BPI=`echo "scale=0; $_USE_INNODB_MEM/1024" | bc`; if [ "$_INNODB_BPI" -gt "1" ] ; then sed -i "s/innodb_file_per_table = 1/innodb_file_per_table = 1\ninnodb_buffer_pool_instances = $_INNODB_BPI/g" /etc/mysql/my.cnf &> /dev/null fi _USE_INNODB_MEM="${_USE_INNODB_MEM}M" sed -i "s/^innodb_buffer_pool_size.*/innodb_buffer_pool_size = $_USE_INNODB_MEM/g" /etc/mysql/my.cnf &> /dev/null else _USE_INNODB_MEM="64M" sed -i "s/^innodb_buffer_pool_size.*/innodb_buffer_pool_size = $_USE_INNODB_MEM/g" /etc/mysql/my.cnf &> /dev/null fi else sed -i "s/= 181/= $_USE_SQL/g" /etc/mysql/my.cnf &> /dev/null fi } # # Tune memory limits for PHP-FPM, Nginx and MariaDB. tune_memory_limits () { _ETH_TEST=`ifconfig 2>&1` _VM_TEST=`uname -a 2>&1` if [[ "$_ETH_TEST" =~ "venet0" ]] ; then _VMFAMILY="VZ" elif [ -e "/proc/bean_counters" ] ; then _VMFAMILY="VZ" elif [[ "$_THISHOST" =~ ".host8." ]] && [ -e "/boot/grub/menu.lst" ] ; then _VMFAMILY="TG" elif [[ "$_THISHOST" =~ ".host8." ]] && [ -e "/boot/grub/grub.cfg" ] ; then _VMFAMILY="TG" else _VMFAMILY="XEN" fi if [[ "$_VM_TEST" =~ beng ]] ; then _VMFAMILY="VS" fi if [[ "$_AWS_TEST_A" =~ "cloudimg" ]] || [[ "$_AWS_TEST_B" =~ "cloudconfig" ]] ; then _VMFAMILY="AWS" fi _CPU_INFO=$(grep -c processor /proc/cpuinfo) _CPU_INFO=${_CPU_INFO//[^0-9]/} _NPROC_TEST=$(which nproc) if [ -z "$_NPROC_TEST" ] ; then _CPU_NR="$_CPU_INFO" else _CPU_NR=`nproc` fi _CPU_NR=${_CPU_NR//[^0-9]/} if [ ! -z "$_CPU_NR" ] && [ ! -z "$_CPU_INFO" ] && [ "$_CPU_NR" -gt "$_CPU_INFO" ] && [ "$_CPU_INFO" -gt "0" ] ; then _CPU_NR="$_CPU_INFO" fi if [ -z "$_CPU_NR" ] || [ "$_CPU_NR" -lt "1" ] ; then _CPU_NR=1 fi let "_CPU_MX = (($_CPU_NR * 2))" if [ "$_CPU_MX" -lt "4" ] ; then _CPU_MX=4 fi let "_CPU_TG = (($_CPU_NR / 2))" if [ "$_CPU_TG" -lt "4" ] ; then _CPU_TG=4 fi let "_CPU_VS = (($_CPU_NR / 12))" if [ "$_CPU_VS" -lt "2" ] ; then _CPU_VS=2 fi _RAM=`free -mto | grep Mem: | awk '{ print $2 }'` if [ "$_RESERVED_RAM" -gt "0" ] ; then let "_RAM = (($_RAM - $_RESERVED_RAM))" fi let "_USE = (($_RAM / 4))" if [ "$_VMFAMILY" = "VS" ] || [[ "$_THISHOST" =~ ".host8." ]] ; then if [ "$_VMFAMILY" = "VS" ] ; then if [ -e "/root/.tg.cnf" ] ; then let "_USE_SQL = (($_RAM / 12))" else let "_USE_SQL = (($_RAM / 24))" fi else let "_USE_SQL = (($_RAM / 8))" fi else let "_USE_SQL = (($_RAM / 8))" fi _TMP_SQL="${_USE_SQL}M" let "_SRT_SQL = (($_USE_SQL * 2))" _SRT_SQL="${_SRT_SQL}K" if [ "$_USE" -ge "512" ] && [ "$_USE" -lt "1024" ] ; then _USE_PHP=512 _USE_OPC=512 _PRC_SQL=20 _QCE_SQL=128M _RND_SQL=8M _JBF_SQL=4M if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then _L_PHP_FPM_WORKERS=12 else _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS fi if [ "$_NGINX_WORKERS" = "AUTO" ] ; then _L_NGINX_WORKERS=$_CPU_MX else _L_NGINX_WORKERS=$_NGINX_WORKERS fi elif [ "$_USE" -ge "1024" ] ; then if [ "$_VMFAMILY" = "XEN" ] || [ "$_VMFAMILY" = "AWS" ] ; then _USE_PHP=512 _USE_OPC=1024 _PRC_SQL=30 _QCE_SQL=128M _RND_SQL=8M _JBF_SQL=4M if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then _L_PHP_FPM_WORKERS=24 else _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS fi if [ "$_NGINX_WORKERS" = "AUTO" ] ; then _L_NGINX_WORKERS=$_CPU_MX else _L_NGINX_WORKERS=$_NGINX_WORKERS fi elif [ "$_VMFAMILY" = "VS" ] || [ "$_VMFAMILY" = "TG" ] ; then if [ -e "/boot/grub/grub.cfg" ] || [ -e "/boot/grub/menu.lst" ] || [ -e "/root/.tg.cnf" ] ; then _USE_PHP=1024 _USE_OPC=1024 _PRC_SQL=50 _QCE_SQL=128M _RND_SQL=8M _JBF_SQL=4M if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then _L_PHP_FPM_WORKERS=24 else _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS fi if [ "$_NGINX_WORKERS" = "AUTO" ] ; then _L_NGINX_WORKERS=$_CPU_TG else _L_NGINX_WORKERS=$_NGINX_WORKERS fi sed -i "s/64000/128000/g" /opt/php53/etc/php55.ini &> /dev/null sed -i "s/64000/128000/g" /opt/php53/etc/php54.ini &> /dev/null sed -i "s/64000/128000/g" /opt/php53/etc/php53.ini &> /dev/null sed -i "s/64000/128000/g" /opt/php52/etc/php52.ini &> /dev/null else _USE_PHP=1024 _USE_OPC=1024 _PRC_SQL=25 _QCE_SQL=64M _RND_SQL=2M _JBF_SQL=2M if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then _L_PHP_FPM_WORKERS=6 else _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS fi if [ "$_NGINX_WORKERS" = "AUTO" ] ; then _L_NGINX_WORKERS=$_CPU_VS else _L_NGINX_WORKERS=$_NGINX_WORKERS fi fi else _USE_PHP=256 _USE_OPC=256 _PRC_SQL=10 _QCE_SQL=32M _RND_SQL=2M _JBF_SQL=2M if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then _L_PHP_FPM_WORKERS=12 else _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS fi if [ "$_NGINX_WORKERS" = "AUTO" ] ; then _L_NGINX_WORKERS=$_CPU_MX else _L_NGINX_WORKERS=$_NGINX_WORKERS fi fi else _USE_PHP="$_USE" _USE_OPC="$_USE" _PRC_SQL=10 _QCE_SQL=32M _RND_SQL=1M _JBF_SQL=1M if [ "$_PHP_FPM_WORKERS" = "AUTO" ] ; then _L_PHP_FPM_WORKERS=6 else _L_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS fi if [ "$_NGINX_WORKERS" = "AUTO" ] ; then _L_NGINX_WORKERS=$_CPU_MX else _L_NGINX_WORKERS=$_NGINX_WORKERS fi fi _USE_JETTY="-Xmx${_USE_OPC}m" if [ "$_VMFAMILY" = "VZ" ] ; then _USE_OPC=64 fi let "_USE_FPM = (($_USE_PHP / 2))" if [ "$_USE_FPM" -lt "196" ] ; then _USE_FPM=196 fi if [ "$_USE_PHP" -lt "196" ] ; then _USE_PHP=196 fi if [ ! -e "/var/xdrago/conf/fpm-pool-foo.conf" ] ; then mkdir -p /var/xdrago/conf fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/fpm-pool-foo.conf /var/xdrago/conf/fpm-pool-foo.conf if [ -e "/opt/etc/fpm/fpm-pool-common.conf" ] ; then sed -i "s/256/$_USE_FPM/g" /opt/etc/fpm/fpm-pool-common.conf &> /dev/null fi if [ -e "/opt/php55/etc/php55.ini" ] ; then sed -i "s/256/$_USE_FPM/g" /opt/php55/etc/php55.ini &> /dev/null sed -i "s/181/$_USE_OPC/g" /opt/php55/etc/php55.ini &> /dev/null sed -i "s/256/$_USE_PHP/g" /opt/php55/lib/php.ini &> /dev/null sed -i "s/256/$_USE_PHP/g" /opt/php55/etc/pool.d/www55.conf &> /dev/null fi if [ -e "/opt/php54/etc/php54.ini" ] ; then sed -i "s/256/$_USE_FPM/g" /opt/php54/etc/php54.ini &> /dev/null sed -i "s/181/$_USE_OPC/g" /opt/php54/etc/php54.ini &> /dev/null sed -i "s/256/$_USE_PHP/g" /opt/php54/lib/php.ini &> /dev/null sed -i "s/256/$_USE_PHP/g" /opt/php54/etc/pool.d/www54.conf &> /dev/null fi if [ -e "/opt/php53/etc/php53.ini" ] ; then sed -i "s/256/$_USE_FPM/g" /opt/php53/etc/php53.ini &> /dev/null sed -i "s/181/$_USE_OPC/g" /opt/php53/etc/php53.ini &> /dev/null sed -i "s/256/$_USE_PHP/g" /opt/php53/lib/php.ini &> /dev/null sed -i "s/256/$_USE_PHP/g" /opt/php53/etc/pool.d/www53.conf &> /dev/null fi if [ -e "/opt/php52/etc/php52.ini" ] ; then sed -i "s/256/$_USE_FPM/g" /opt/php52/etc/php52.ini &> /dev/null sed -i "s/181/$_USE_OPC/g" /opt/php52/etc/php52.ini &> /dev/null sed -i "s/256/$_USE_PHP/g" /opt/php52/lib/php.ini &> /dev/null fi if [ "$_CUSTOM_CONFIG_SQL" = "NO" ] ; then tune_sql_memory_limits sed -i "s/= 191/= $_PRC_SQL/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^tmp_table_size.*/tmp_table_size = $_TMP_SQL/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^max_heap_table_size.*/max_heap_table_size = $_TMP_SQL/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^myisam_sort_buffer_size.*/myisam_sort_buffer_size = $_SRT_SQL/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^query_cache_size.*/query_cache_size = $_QCE_SQL/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^read_rnd_buffer_size.*/read_rnd_buffer_size = $_RND_SQL/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/^join_buffer_size.*/join_buffer_size = $_JBF_SQL/g" /etc/mysql/my.cnf &> /dev/null fi _MAX_MEM_REDIS="${_USE_OPC}MB" sed -i "s/^maxmemory .*/maxmemory $_MAX_MEM_REDIS/g" /etc/redis/redis.conf &> /dev/null if [ -e "/etc/default/jetty9" ] && [ -e "/opt/solr4" ] ; then sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home=\/opt\/solr4 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty9 &> /dev/null fi if [ -e "/etc/default/jetty8" ] && [ -e "/opt/solr3" ] ; then sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home=\/opt\/solr3 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty8 &> /dev/null fi if [ -e "/etc/default/jetty7" ] && [ -e "/opt/solr1" ] ; then sed -i "s/^JAVA_OPTIONS.*/JAVA_OPTIONS=\"-Xms8m $_USE_JETTY -Djava.awt.headless=true -Dsolr.solr.home=\/opt\/solr1 \$JAVA_OPTIONS\" # Options/g" /etc/default/jetty7 &> /dev/null fi tune_web_server_config } # # Fix locales. fix_locales () { _LOCALE_TEST=BROKEN _LOC_TEST=`locale 2>&1` if [[ "$_LOC_TEST" =~ LANGUAGE=.*UTF-8 ]] && [[ "$_LOC_TEST" =~ LANG=.*UTF-8 ]] ; then _LOCALE_TEST=OK fi if [[ "$_LOC_TEST" =~ "Cannot" ]] ; then _LOCALE_TEST=BROKEN fi if [ "$_LOCALE_TEST" = "BROKEN" ] ; then msg "WARNING!" cat < /dev/null update-locale &> /dev/null localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 &> /dev/null echo "LANG=en_US.UTF-8" > /etc/default/locale if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt" ] ; then cp -af /root/.bashrc /root/.bashrc.bak.$_NOW cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt /root/.bashrc set_xterm fi echo "export LANG=en_US.UTF-8" >> /root/.bashrc echo "export LANGUAGE=en_US.UTF-8" >> /root/.bashrc echo "export LC_ALL=\"\"" >> /root/.bashrc export LANG=en_US.UTF-8 export LANGUAGE=en_US.UTF-8 export LC_ALL="" else if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt" ] ; then cp -af /root/.bashrc /root/.bashrc.bak.$_NOW cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/boa.bashrc.txt /root/.bashrc set_xterm fi locale-gen en_US en_US.UTF-8 &> /dev/null update-locale &> /dev/null localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 &> /dev/null fi } # # Read or create Barracuda cnf file. barracuda_cnf () { if [ ! -e "/root/.barracuda.cnf" ] ; then if [[ "$_MY_EMAIL" =~ "omega8.cc" ]] ; then _CHECK_HOST=`uname -n` if [ -e "/root/.host8.cnf" ] || [[ "$_CHECK_HOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else _DB_SERVER=MariaDB fi else msg "EXIT: You must enter **your** valid e-mail address in the _MY_EMAIL variable" msg "EXIT: Bye (1)" exit 1 fi fi if [ "$_DB_SERIES" = "10.0" ] ; then _MARIADB_VERSION="$_MARIADB_10_VERSION" else _DB_SERIES=5.5 _MARIADB_VERSION="$_MARIADB_5_VERSION" fi msg "INFO: Creating your /root/.barracuda.cnf config file" sleep 1 echo "###" > /root/.barracuda.cnf echo "### Configuration created on $_NOW" >> /root/.barracuda.cnf echo "### with Barracuda version $_INSTALLER_VERSION" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "### NOTE: the group of settings displayed bellow will *not* be overridden" >> /root/.barracuda.cnf echo "### on upgrade by the Barracuda script nor by this configuration file." >> /root/.barracuda.cnf echo "### They can be defined only on initial Barracuda install." >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_HTTP_WILDCARD=$_HTTP_WILDCARD" >> /root/.barracuda.cnf echo "_LOCAL_NETWORK_HN=\"$_LOCAL_NETWORK_HN\"" >> /root/.barracuda.cnf echo "_LOCAL_NETWORK_IP=\"$_LOCAL_NETWORK_IP\"" >> /root/.barracuda.cnf echo "_MY_FRONT=\"$_MY_FRONT\"" >> /root/.barracuda.cnf echo "_MY_HOSTN=\"$_MY_HOSTN\"" >> /root/.barracuda.cnf echo "_MY_OWNIP=\"$_MY_OWNIP\"" >> /root/.barracuda.cnf echo "_SMTP_RELAY_HOST=\"$_SMTP_RELAY_HOST\"" >> /root/.barracuda.cnf echo "_SMTP_RELAY_TEST=$_SMTP_RELAY_TEST" >> /root/.barracuda.cnf echo "_THIS_DB_HOST=$_THIS_DB_HOST" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "### NOTE: the group of settings displayed bellow" >> /root/.barracuda.cnf echo "### will *override* all listed settings in the Barracuda script," >> /root/.barracuda.cnf echo "### both on initial install and upgrade." >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_AUTOPILOT=$_AUTOPILOT" >> /root/.barracuda.cnf echo "_DEBUG_MODE=$_DEBUG_MODE" >> /root/.barracuda.cnf echo "_MY_EMAIL=\"$_MY_EMAIL\"" >> /root/.barracuda.cnf echo "_XTRAS_LIST=\"$_XTRAS_LIST\"" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_MODULES_FIX=$_MODULES_FIX" >> /root/.barracuda.cnf echo "_MODULES_SKIP=\"$_MODULES_SKIP\"" >> /root/.barracuda.cnf echo "_PERMISSIONS_FIX=$_PERMISSIONS_FIX" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_CPU_CRIT_RATIO=$_CPU_CRIT_RATIO" >> /root/.barracuda.cnf echo "_CPU_MAX_RATIO=$_CPU_MAX_RATIO" >> /root/.barracuda.cnf echo "_CPU_SPIDER_RATIO=$_CPU_SPIDER_RATIO" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_DB_BINARY_LOG=$_DB_BINARY_LOG" >> /root/.barracuda.cnf echo "_DB_ENGINE=$_DB_ENGINE" >> /root/.barracuda.cnf echo "_DB_SERIES=$_DB_SERIES" >> /root/.barracuda.cnf echo "_DB_SERVER=$_DB_SERVER" >> /root/.barracuda.cnf echo "_INNODB_LOG_FILE_SIZE=$_INNODB_LOG_FILE_SIZE" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_DNS_SETUP_TEST=$_DNS_SETUP_TEST" >> /root/.barracuda.cnf echo "_EXTRA_PACKAGES=$_EXTRA_PACKAGES" >> /root/.barracuda.cnf echo "_FORCE_GIT_MIRROR=\"$_FORCE_GIT_MIRROR\"" >> /root/.barracuda.cnf echo "_LOCAL_DEBIAN_MIRROR=\"$_LOCAL_DEBIAN_MIRROR\"" >> /root/.barracuda.cnf echo "_LOCAL_UBUNTU_MIRROR=\"$_LOCAL_UBUNTU_MIRROR\"" >> /root/.barracuda.cnf echo "_NEWRELIC_KEY=$_NEWRELIC_KEY" >> /root/.barracuda.cnf echo "_SCOUT_KEY=$_SCOUT_KEY" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_NGINX_DOS_LIMIT=$_NGINX_DOS_LIMIT" >> /root/.barracuda.cnf echo "_NGINX_EXTRA_CONF=\"$_NGINX_EXTRA_CONF\"" >> /root/.barracuda.cnf echo "_NGINX_FORWARD_SECRECY=$_NGINX_FORWARD_SECRECY" >> /root/.barracuda.cnf echo "_NGINX_LDAP=$_NGINX_LDAP" >> /root/.barracuda.cnf echo "_NGINX_NAXSI=$_NGINX_NAXSI" >> /root/.barracuda.cnf echo "_NGINX_SPDY=$_NGINX_SPDY" >> /root/.barracuda.cnf echo "_NGINX_WORKERS=$_NGINX_WORKERS" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_PHP_CLI_VERSION=$_PHP_CLI_VERSION" >> /root/.barracuda.cnf echo "_PHP_EXTRA_CONF=\"$_PHP_EXTRA_CONF\"" >> /root/.barracuda.cnf echo "_PHP_FPM_DENY=\"$_PHP_FPM_DENY\"" >> /root/.barracuda.cnf echo "_PHP_FPM_VERSION=$_PHP_FPM_VERSION" >> /root/.barracuda.cnf echo "_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS" >> /root/.barracuda.cnf echo "_PHP_GEOS=$_PHP_GEOS" >> /root/.barracuda.cnf echo "_PHP_MONGODB=$_PHP_MONGODB" >> /root/.barracuda.cnf echo "_PHP_MULTI_INSTALL=\"$_PHP_MULTI_INSTALL\"" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_REDIS_LISTEN_MODE=$_REDIS_LISTEN_MODE" >> /root/.barracuda.cnf echo "_RESERVED_RAM=$_RESERVED_RAM" >> /root/.barracuda.cnf echo "_SPEED_VALID_MAX=$_SPEED_VALID_MAX" >> /root/.barracuda.cnf echo "_SSH_FROM_SOURCES=$_SSH_FROM_SOURCES" >> /root/.barracuda.cnf echo "_SSH_PORT=$_SSH_PORT" >> /root/.barracuda.cnf echo "_SSL_FROM_SOURCES=$_SSL_FROM_SOURCES" >> /root/.barracuda.cnf echo "_STRICT_BIN_PERMISSIONS=$_STRICT_BIN_PERMISSIONS" >> /root/.barracuda.cnf echo "_STRONG_PASSWORDS=$_STRONG_PASSWORDS" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_CSF=$_CUSTOM_CONFIG_CSF" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_LSHELL=$_CUSTOM_CONFIG_LSHELL" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_PHP52=$_CUSTOM_CONFIG_PHP52" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_PHP53=$_CUSTOM_CONFIG_PHP53" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_PHP54=$_CUSTOM_CONFIG_PHP54" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_PHP55=$_CUSTOM_CONFIG_PHP55" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_REDIS=$_CUSTOM_CONFIG_REDIS" >> /root/.barracuda.cnf echo "_CUSTOM_CONFIG_SQL=$_CUSTOM_CONFIG_SQL" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "_AEGIR_UPGRADE_ONLY=$_AEGIR_UPGRADE_ONLY" >> /root/.barracuda.cnf echo "_SYSTEM_UPGRADE_ONLY=$_SYSTEM_UPGRADE_ONLY" >> /root/.barracuda.cnf echo "_USE_STOCK=$_USE_STOCK" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf echo "### Configuration created on $_NOW" >> /root/.barracuda.cnf echo "### with Barracuda version $_INSTALLER_VERSION" >> /root/.barracuda.cnf echo "###" >> /root/.barracuda.cnf _CHECK_HOST=`uname -n` _CHECK_OS=$(grep "Ubuntu.*LTS" /etc/issue.net) if [[ "$_CHECK_OS" =~ "Ubuntu" ]] ; then _CHECK_OS=ULTS fi if [ "$_CHECK_OS" = "ULTS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else _R_M=BND _XTRAS_LIST=${_XTRAS_LIST%%${_R_M}} sed -i "s/^_XTRAS_LIST=.*/_XTRAS_LIST=\"$_XTRAS_LIST\"/g" /root/.barracuda.cnf &> /dev/null fi fi sed -i "s/^_DB_SERVER=.*/_DB_SERVER=MariaDB/g" /root/.barracuda.cnf &> /dev/null if [ -e "/root/.host8.cnf" ] || [[ "$_CHECK_HOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else sed -i "s/^_AUTOPILOT=.*/_AUTOPILOT=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_DB_ENGINE=.*/_DB_ENGINE=InnoDB/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_DB_SERVER=.*/_DB_SERVER=MariaDB/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_DEBUG_MODE=.*/_DEBUG_MODE=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_LOCAL_DEBIAN_MIRROR=.*/_LOCAL_DEBIAN_MIRROR=\"ftp.debian.org\"/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_MY_EMAIL=.*/_MY_EMAIL=\"notify\@omega8.cc\"/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_STRONG_PASSWORDS=.*/_STRONG_PASSWORDS=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_USE_STOCK=.*/_USE_STOCK=NO/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.*.octopus.cnf &> /dev/null sed -i "s/^_STRONG_PASSWORDS=.*/_STRONG_PASSWORDS=YES/g" /root/.*.octopus.cnf &> /dev/null sed -i "s/^_USE_STOCK=.*/_USE_STOCK=NO/g" /root/.*.octopus.cnf &> /dev/null if [[ "$_CHECK_HOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [ "$_VMFAMILY" = "VS" ] ; then sed -i "s/^_CPU_CRIT_RATIO=.*/_CPU_CRIT_RATIO=3/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_CPU_MAX_RATIO=.*/_CPU_MAX_RATIO=2/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_CPU_SPIDER_RATIO=.*/_CPU_SPIDER_RATIO=1/g" /root/.barracuda.cnf &> /dev/null fi sed -i "s/^_MODULES_FIX=.*/_MODULES_FIX=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_NGINX_FORWARD_SECRECY=.*/_NGINX_FORWARD_SECRECY=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_NGINX_SPDY=.*/_NGINX_SPDY=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_PERMISSIONS_FIX=.*/_PERMISSIONS_FIX=YES/g" /root/.barracuda.cnf &> /dev/null if [ -x "/opt/php55/bin/php" ] ; then sed -i "s/^_PHP_CLI_VERSION=.*/_PHP_CLI_VERSION=5.5/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_PHP_FPM_VERSION=.*/_PHP_FPM_VERSION=5.5/g" /root/.barracuda.cnf &> /dev/null fi sed -i "s/^_REDIS_LISTEN_MODE=.*/_REDIS_LISTEN_MODE=SOCKET/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_SSH_FROM_SOURCES=.*/_SSH_FROM_SOURCES=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_STRICT_BIN_PERMISSIONS=.*/_STRICT_BIN_PERMISSIONS=YES/g" /root/.barracuda.cnf &> /dev/null fi fi fi else msg "INFO: Reading your /root/.barracuda.cnf config file" sleep 1 msg "NOTE! Please review all config options displayed below" msg "NOTE! It will *override* all settings in the Barracuda script" sed -i "s/_SPEED_VALID_MAX=300/_SPEED_VALID_MAX=3600/g" /root/.barracuda.cnf &> /dev/null _USE_SPEED_BOOSTER_TEST=$(grep _USE_SPEED_BOOSTER /root/.barracuda.cnf) if [[ "$_USE_SPEED_BOOSTER_TEST" =~ "_USE_SPEED_BOOSTER" ]] ; then sed -i "s/.*_USE_SPEED_BOOSTER.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _NGINX_WORKERS_TEST=$(grep _NGINX_WORKERS /root/.barracuda.cnf) if [[ "$_NGINX_WORKERS_TEST" =~ "_NGINX_WORKERS" ]] ; then _DO_NOTHING=YES else echo "_NGINX_WORKERS=$_NGINX_WORKERS" >> /root/.barracuda.cnf fi _PHP_FPM_WORKERS_TEST=$(grep _PHP_FPM_WORKERS /root/.barracuda.cnf) if [[ "$_PHP_FPM_WORKERS_TEST" =~ "_PHP_FPM_WORKERS" ]] ; then _DO_NOTHING=YES else echo "_PHP_FPM_WORKERS=$_PHP_FPM_WORKERS" >> /root/.barracuda.cnf fi _PHP_INSTALL_NEW_TEST=$(grep _PHP_INSTALL_NEW /root/.barracuda.cnf) if [[ "$_PHP_INSTALL_NEW_TEST" =~ "_PHP_INSTALL_NEW" ]] ; then sed -i "s/.*_PHP_INSTALL_NEW.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _PHP_CLI_LEGACY_IF_USED_A=`grep "5\.2" /data/disk/*/log/cli.txt 2>&1` _PHP_CLI_LEGACY_IF_USED_B=`grep "5\.2" /data/disk/*/static/control/cli.info 2>&1` _PHP_CLI_LEGACY_IF_USED_C=`grep "CLI.*5\.2" /root/.*.octopus.cnf 2>&1` if [[ "$_PHP_CLI_LEGACY_IF_USED_A" =~ "5.2" ]] || [[ "$_PHP_CLI_LEGACY_IF_USED_B" =~ "5.2" ]] || [[ "$_PHP_CLI_LEGACY_IF_USED_C" =~ "5.2" ]] ; then _PHP_CLI_LEGACY_FREE=NO msg "Legacy PHP-CLI 5.2 is used on this system" else _PHP_CLI_LEGACY_FREE=YES msg "Legacy PHP-CLI 5.2 is not used on this system" fi _PHP_FPM_LEGACY_IF_USED_A=`grep "5\.2" /data/disk/*/log/fpm.txt 2>&1` _PHP_FPM_LEGACY_IF_USED_B=`grep "5\.2" /data/disk/*/static/control/fpm.info 2>&1` _PHP_FPM_LEGACY_IF_USED_C=`grep "FPM.*5\.2" /root/.*.octopus.cnf 2>&1` if [[ "$_PHP_FPM_LEGACY_IF_USED_A" =~ "5.2" ]] || [[ "$_PHP_FPM_LEGACY_IF_USED_B" =~ "5.2" ]] || [[ "$_PHP_FPM_LEGACY_IF_USED_C" =~ "5.2" ]] ; then _PHP_FPM_LEGACY_FREE=NO msg "Legacy PHP-FPM 5.2 is used on this system" else _PHP_FPM_LEGACY_FREE=YES msg "Legacy PHP-FPM 5.2 is not used on this system" fi if [ "$_PHP_CLI_LEGACY_FREE" = "YES" ] && [ "$_PHP_FPM_LEGACY_FREE" = "YES" ] ; then _PHP_LEGACY_FREE=YES else _PHP_LEGACY_FREE=NO fi _PHP_MULTI_INSTALL_TEST=$(grep _PHP_MULTI_INSTALL /root/.barracuda.cnf) if [ "$_PHP_LEGACY_FREE" = "YES" ] ; then if [[ "$_PHP_MULTI_INSTALL_TEST" =~ "5.2" ]] ; then _DO_NOTHING=YES else if [ -e "/etc/init.d/php-fpm" ] ; then mrun "service php-fpm stop" &> /dev/null update-rc.d -f php-fpm remove &> /dev/null rm -f /etc/init.d/php-fpm fi if [ -e "/etc/init.d/php52-fpm" ] ; then mrun "service php52-fpm stop" &> /dev/null update-rc.d -f php52-fpm remove &> /dev/null rm -f /etc/init.d/php52-fpm fi killall -9 php-cgi &> /dev/null fi fi if [[ "$_PHP_MULTI_INSTALL_TEST" =~ "_PHP_MULTI_INSTALL" ]] && [ ! -z "$_PHP_MULTI_INSTALL" ] ; then _DO_NOTHING=YES else _CHECK_HOST=`uname -n` _L_VMFAMILY=XEN _L_VM_TEST=`uname -a 2>&1` if [[ "$_L_VM_TEST" =~ beng ]] ; then _L_VMFAMILY="VS" fi if [[ "$_CHECK_HOST" =~ ".host8." ]] || [ "$_L_VMFAMILY" = "VS" ] ; then _PHP_MULTI_INSTALL="5.5 5.4 5.3" fi if [ "$_PHP_LEGACY_FREE" = "NO" ] && [ -x "/usr/local/bin/php52" ] ; then if [[ "$_PHP_MULTI_INSTALL_TEST" =~ "5.2" ]] ; then _DO_NOTHING=YES else _PHP_MULTI_INSTALL="$_PHP_MULTI_INSTALL 5.2" fi rm -f /var/backups/php52 mv -f /usr/local/bin/php52 /var/backups/ &> /dev/null ln -s /opt/php52/bin/php /usr/local/bin/php52 fi echo "_PHP_MULTI_INSTALL=\"$_PHP_MULTI_INSTALL\"" >> /root/.barracuda.cnf fi if [ "$_PHP_LEGACY_FREE" = "NO" ] && [ -x "/usr/local/bin/php52" ] ; then if [[ "$_PHP_MULTI_INSTALL_TEST" =~ "5.2" ]] ; then _DO_NOTHING=YES else _PHP_MULTI_INSTALL="$_PHP_MULTI_INSTALL 5.2" fi fi _PHP_MODERN_ONLY_TEST=$(grep _PHP_MODERN_ONLY /root/.barracuda.cnf) if [[ "$_PHP_MODERN_ONLY_TEST" =~ "_PHP_MODERN_ONLY" ]] ; then sed -i "s/.*_PHP_MODERN_ONLY.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _PHP_FPM_VERSION_TEST=$(grep _PHP_FPM_VERSION /root/.barracuda.cnf) if [[ "$_PHP_FPM_VERSION_TEST" =~ "_PHP_FPM_VERSION" ]] ; then _DO_NOTHING=YES else echo "_PHP_FPM_VERSION=$_PHP_FPM_VERSION" >> /root/.barracuda.cnf fi _PHP_CLI_VERSION_TEST=$(grep _PHP_CLI_VERSION /root/.barracuda.cnf) if [[ "$_PHP_CLI_VERSION_TEST" =~ "_PHP_CLI_VERSION" ]] ; then _DO_NOTHING=YES else echo "_PHP_CLI_VERSION=$_PHP_CLI_VERSION" >> /root/.barracuda.cnf fi _LOAD_LIMIT_ONE_TEST=$(grep _LOAD_LIMIT_ONE /root/.barracuda.cnf) if [[ "$_LOAD_LIMIT_ONE_TEST" =~ "_LOAD_LIMIT_ONE" ]] ; then sed -i "s/.*_LOAD_LIMIT_ONE.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _LOAD_LIMIT_TWO_TEST=$(grep _LOAD_LIMIT_TWO /root/.barracuda.cnf) if [[ "$_LOAD_LIMIT_TWO_TEST" =~ "_LOAD_LIMIT_TWO" ]] ; then sed -i "s/.*_LOAD_LIMIT_TWO.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _CUSTOM_CONFIG_LSHELL_TEST=$(grep _CUSTOM_CONFIG_LSHELL /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_LSHELL_TEST" =~ "_CUSTOM_CONFIG_LSHELL" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_LSHELL=$_CUSTOM_CONFIG_LSHELL" >> /root/.barracuda.cnf fi _CUSTOM_CONFIG_CSF_TEST=$(grep _CUSTOM_CONFIG_CSF /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_CSF_TEST" =~ "_CUSTOM_CONFIG_CSF" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_CSF=$_CUSTOM_CONFIG_CSF" >> /root/.barracuda.cnf fi _CUSTOM_CONFIG_SQL_TEST=$(grep _CUSTOM_CONFIG_SQL /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_SQL_TEST" =~ "_CUSTOM_CONFIG_SQL" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_SQL=$_CUSTOM_CONFIG_SQL" >> /root/.barracuda.cnf fi _CUSTOM_CONFIG_PHP55_TEST=$(grep _CUSTOM_CONFIG_PHP55 /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_PHP55_TEST" =~ "_CUSTOM_CONFIG_PHP55" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_PHP55=$_CUSTOM_CONFIG_PHP55" >> /root/.barracuda.cnf fi _CUSTOM_CONFIG_PHP54_TEST=$(grep _CUSTOM_CONFIG_PHP54 /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_PHP54_TEST" =~ "_CUSTOM_CONFIG_PHP54" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_PHP54=$_CUSTOM_CONFIG_PHP54" >> /root/.barracuda.cnf fi _CUSTOM_CONFIG_PHP53_TEST=$(grep _CUSTOM_CONFIG_PHP53 /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_PHP53_TEST" =~ "_CUSTOM_CONFIG_PHP53" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_PHP53=$_CUSTOM_CONFIG_PHP53" >> /root/.barracuda.cnf fi _CUSTOM_CONFIG_PHP52_TEST=$(grep _CUSTOM_CONFIG_PHP52 /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_PHP52_TEST" =~ "_CUSTOM_CONFIG_PHP52" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_PHP52=$_CUSTOM_CONFIG_PHP52" >> /root/.barracuda.cnf fi _SPEED_VALID_MAX_TEST=$(grep _SPEED_VALID_MAX /root/.barracuda.cnf) if [[ "$_SPEED_VALID_MAX_TEST" =~ "_SPEED_VALID_MAX" ]] ; then _DO_NOTHING=YES else echo "_SPEED_VALID_MAX=$_SPEED_VALID_MAX" >> /root/.barracuda.cnf fi _NGINX_DOS_LIMIT_TEST=$(grep _NGINX_DOS_LIMIT /root/.barracuda.cnf) if [[ "$_NGINX_DOS_LIMIT_TEST" =~ "_NGINX_DOS_LIMIT" ]] ; then _DO_NOTHING=YES else echo "_NGINX_DOS_LIMIT=$_NGINX_DOS_LIMIT" >> /root/.barracuda.cnf fi _CPU_SPIDER_RATIO_TEST=$(grep _CPU_SPIDER_RATIO /root/.barracuda.cnf) if [[ "$_CPU_SPIDER_RATIO_TEST" =~ "_CPU_SPIDER_RATIO" ]] ; then _DO_NOTHING=YES else echo "_CPU_SPIDER_RATIO=$_CPU_SPIDER_RATIO" >> /root/.barracuda.cnf fi _CPU_MAX_RATIO_TEST=$(grep _CPU_MAX_RATIO /root/.barracuda.cnf) if [[ "$_CPU_MAX_RATIO_TEST" =~ "_CPU_MAX_RATIO" ]] ; then _DO_NOTHING=YES else echo "_CPU_MAX_RATIO=$_CPU_MAX_RATIO" >> /root/.barracuda.cnf fi _CPU_CRIT_RATIO_TEST=$(grep _CPU_CRIT_RATIO /root/.barracuda.cnf) if [[ "$_CPU_CRIT_RATIO_TEST" =~ "_CPU_CRIT_RATIO" ]] ; then _DO_NOTHING=YES else echo "_CPU_CRIT_RATIO=$_CPU_CRIT_RATIO" >> /root/.barracuda.cnf fi _SYSTEM_UPGRADE_ONLY_TEST=$(grep _SYSTEM_UPGRADE_ONLY /root/.barracuda.cnf) if [[ "$_SYSTEM_UPGRADE_ONLY_TEST" =~ "_SYSTEM_UPGRADE_ONLY" ]] ; then _DO_NOTHING=YES else echo "_SYSTEM_UPGRADE_ONLY=$_SYSTEM_UPGRADE_ONLY" >> /root/.barracuda.cnf fi _AEGIR_UPGRADE_ONLY_TEST=$(grep _AEGIR_UPGRADE_ONLY /root/.barracuda.cnf) if [[ "$_AEGIR_UPGRADE_ONLY_TEST" =~ "_AEGIR_UPGRADE_ONLY" ]] ; then _DO_NOTHING=YES else echo "_AEGIR_UPGRADE_ONLY=$_AEGIR_UPGRADE_ONLY" >> /root/.barracuda.cnf fi _USE_MEMCACHED_TEST=$(grep _USE_MEMCACHED /root/.barracuda.cnf) if [[ "$_USE_MEMCACHED_TEST" =~ "_USE_MEMCACHED" ]] ; then sed -i "s/.*_USE_MEMCACHED.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _CUSTOM_CONFIG_REDIS_TEST=$(grep _CUSTOM_CONFIG_REDIS /root/.barracuda.cnf) if [[ "$_CUSTOM_CONFIG_REDIS_TEST" =~ "_CUSTOM_CONFIG_REDIS" ]] ; then _DO_NOTHING=YES else echo "_CUSTOM_CONFIG_REDIS=$_CUSTOM_CONFIG_REDIS" >> /root/.barracuda.cnf fi _BUILD_FROM_SRC_TEST=$(grep _BUILD_FROM_SRC /root/.barracuda.cnf) if [[ "$_BUILD_FROM_SRC_TEST" =~ "_BUILD_FROM_SRC" ]] ; then sed -i "s/.*_BUILD_FROM_SRC.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _USE_RESTRICTED_WWW_SHELL_TEST=$(grep _USE_RESTRICTED_WWW_SHELL /root/.barracuda.cnf) if [[ "$_USE_RESTRICTED_WWW_SHELL_TEST" =~ "_USE_RESTRICTED_WWW_SHELL" ]] ; then sed -i "s/.*_USE_RESTRICTED_WWW_SHELL.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _NEWRELIC_KEY_TEST=$(grep _NEWRELIC_KEY /root/.barracuda.cnf) if [[ "$_NEWRELIC_KEY_TEST" =~ "_NEWRELIC_KEY" ]] ; then _DO_NOTHING=YES else if [ ! -z "$_NEWRELIC_KEY" ] ; then echo "_NEWRELIC_KEY=$_NEWRELIC_KEY" >> /root/.barracuda.cnf else if [ -e "/etc/newrelic/newrelic.cfg" ] ; then _NEWRELIC_KEY=`grep license_key /etc/newrelic/newrelic.cfg` _NEWRELIC_KEY=`echo -n $_NEWRELIC_KEY | tr -d "\n"` echo "_NEWRELIC_KEY=$_NEWRELIC_KEY" >> /root/.barracuda.cnf sed -i "s/license_key=//g" /root/.barracuda.cnf &> /dev/null fi fi fi _SCOUT_KEY_TEST=$(grep _SCOUT_KEY /root/.barracuda.cnf) if [[ "$_SCOUT_KEY_TEST" =~ "_SCOUT_KEY" ]] ; then _DO_NOTHING=YES else echo "_SCOUT_KEY=$_SCOUT_KEY" >> /root/.barracuda.cnf fi _USE_STOCK_TEST=$(grep _USE_STOCK /root/.barracuda.cnf) if [[ "$_USE_STOCK_TEST" =~ "_USE_STOCK" ]] ; then _DO_NOTHING=YES else echo "_USE_STOCK=$_USE_STOCK" >> /root/.barracuda.cnf fi _EXTRA_PACKAGES_TEST=$(grep _EXTRA_PACKAGES /root/.barracuda.cnf) if [[ "$_EXTRA_PACKAGES_TEST" =~ "_EXTRA_PACKAGES" ]] ; then _DO_NOTHING=YES else echo "_EXTRA_PACKAGES=$_EXTRA_PACKAGES" >> /root/.barracuda.cnf fi _PHP_EXTRA_CONF_TEST=$(grep _PHP_EXTRA_CONF /root/.barracuda.cnf) if [[ "$_PHP_EXTRA_CONF_TEST" =~ "_PHP_EXTRA_CONF" ]] ; then _DO_NOTHING=YES else echo "_PHP_EXTRA_CONF=\"$_PHP_EXTRA_CONF\"" >> /root/.barracuda.cnf fi _PHP_FPM_DENY_TEST=$(grep _PHP_FPM_DENY /root/.barracuda.cnf) if [[ "$_PHP_FPM_DENY_TEST" =~ "_PHP_FPM_DENY" ]] ; then _DO_NOTHING=YES else echo "_PHP_FPM_DENY=\"$_PHP_FPM_DENY\"" >> /root/.barracuda.cnf fi _STRONG_PASSWORDS_TEST=$(grep _STRONG_PASSWORDS /root/.barracuda.cnf) if [[ "$_STRONG_PASSWORDS_TEST" =~ "_STRONG_PASSWORDS" ]] ; then _DO_NOTHING=YES else echo "_STRONG_PASSWORDS=$_STRONG_PASSWORDS" >> /root/.barracuda.cnf fi _DB_BINARY_LOG_TEST=$(grep _DB_BINARY_LOG /root/.barracuda.cnf) if [[ "$_DB_BINARY_LOG_TEST" =~ "_DB_BINARY_LOG" ]] ; then _DO_NOTHING=YES else echo "_DB_BINARY_LOG=$_DB_BINARY_LOG" >> /root/.barracuda.cnf fi _INNODB_LOG_FILE_SIZE_TEST=$(grep _INNODB_LOG_FILE_SIZE /root/.barracuda.cnf) if [[ "$_INNODB_LOG_FILE_SIZE_TEST" =~ "_INNODB_LOG_FILE_SIZE" ]] ; then _DO_NOTHING=YES else echo "_INNODB_LOG_FILE_SIZE=$_INNODB_LOG_FILE_SIZE" >> /root/.barracuda.cnf fi _DB_ENGINE_TEST=$(grep _DB_ENGINE /root/.barracuda.cnf) if [[ "$_DB_ENGINE_TEST" =~ "_DB_ENGINE" ]] ; then _DO_NOTHING=YES else echo "_DB_ENGINE=$_DB_ENGINE" >> /root/.barracuda.cnf fi _REDIS_LISTEN_MODE_TEST=$(grep _REDIS_LISTEN_MODE /root/.barracuda.cnf) if [[ "$_REDIS_LISTEN_MODE_TEST" =~ "_REDIS_LISTEN_MODE" ]] ; then _DO_NOTHING=YES else echo "_REDIS_LISTEN_MODE=$_REDIS_LISTEN_MODE" >> /root/.barracuda.cnf fi _NGINX_LDAP_TEST=$(grep _NGINX_LDAP /root/.barracuda.cnf) if [[ "$_NGINX_LDAP_TEST" =~ "_NGINX_LDAP" ]] ; then _DO_NOTHING=YES else echo "_NGINX_LDAP=$_NGINX_LDAP" >> /root/.barracuda.cnf fi _NGINX_NAXSI_TEST=$(grep _NGINX_NAXSI /root/.barracuda.cnf) if [[ "$_NGINX_NAXSI_TEST" =~ "_NGINX_NAXSI" ]] ; then _DO_NOTHING=YES else echo "_NGINX_NAXSI=$_NGINX_NAXSI" >> /root/.barracuda.cnf fi _NGINX_SPDY_TEST=$(grep _NGINX_SPDY /root/.barracuda.cnf) if [[ "$_NGINX_SPDY_TEST" =~ "_NGINX_SPDY" ]] ; then _DO_NOTHING=YES else echo "_NGINX_SPDY=$_NGINX_SPDY" >> /root/.barracuda.cnf fi _NGINX_FORWARD_SECRECY_TEST=$(grep _NGINX_FORWARD_SECRECY /root/.barracuda.cnf) if [[ "$_NGINX_FORWARD_SECRECY_TEST" =~ "_NGINX_FORWARD_SECRECY" ]] ; then _DO_NOTHING=YES else echo "_NGINX_FORWARD_SECRECY=$_NGINX_FORWARD_SECRECY" >> /root/.barracuda.cnf fi _PHP_GEOS_TEST=$(grep _PHP_GEOS /root/.barracuda.cnf) if [[ "$_PHP_GEOS_TEST" =~ "_PHP_GEOS" ]] ; then _DO_NOTHING=YES else echo "_PHP_GEOS=$_PHP_GEOS" >> /root/.barracuda.cnf fi _PHP_MONGODB_TEST=$(grep _PHP_MONGODB /root/.barracuda.cnf) if [[ "$_PHP_MONGODB_TEST" =~ "_PHP_MONGODB" ]] ; then _DO_NOTHING=YES else echo "_PHP_MONGODB=$_PHP_MONGODB" >> /root/.barracuda.cnf fi _PHP_ZEND_OPCACHE_TEST=$(grep _PHP_ZEND_OPCACHE /root/.barracuda.cnf) if [[ "$_PHP_ZEND_OPCACHE_TEST" =~ "_PHP_ZEND_OPCACHE" ]] ; then sed -i "s/.*_PHP_ZEND_OPCACHE.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _PERMISSIONS_FIX_TEST=$(grep _PERMISSIONS_FIX /root/.barracuda.cnf) if [[ "$_PERMISSIONS_FIX_TEST" =~ "_PERMISSIONS_FIX" ]] ; then _DO_NOTHING=YES else echo "_PERMISSIONS_FIX=$_PERMISSIONS_FIX" >> /root/.barracuda.cnf fi _MODULES_FIX_TEST=$(grep _MODULES_FIX /root/.barracuda.cnf) if [[ "$_MODULES_FIX_TEST" =~ "_MODULES_FIX" ]] ; then _DO_NOTHING=YES else echo "_MODULES_FIX=$_MODULES_FIX" >> /root/.barracuda.cnf fi _MODULES_SKIP_TEST=$(grep _MODULES_SKIP /root/.barracuda.cnf) if [[ "$_MODULES_SKIP_TEST" =~ "_MODULES_SKIP" ]] ; then _DO_NOTHING=YES else echo "_MODULES_SKIP=\"$_MODULES_SKIP\"" >> /root/.barracuda.cnf fi _SSL_FROM_SOURCES_TEST=$(grep _SSL_FROM_SOURCES /root/.barracuda.cnf) if [[ "$_SSL_FROM_SOURCES_TEST" =~ "_SSL_FROM_SOURCES" ]] ; then _DO_NOTHING=YES else echo "_SSL_FROM_SOURCES=$_SSL_FROM_SOURCES" >> /root/.barracuda.cnf fi _SSH_FROM_SOURCES_TEST=$(grep _SSH_FROM_SOURCES /root/.barracuda.cnf) if [[ "$_SSH_FROM_SOURCES_TEST" =~ "_SSH_FROM_SOURCES" ]] ; then _DO_NOTHING=YES else echo "_SSH_FROM_SOURCES=$_SSH_FROM_SOURCES" >> /root/.barracuda.cnf fi _RESERVED_RAM_TEST=$(grep _RESERVED_RAM /root/.barracuda.cnf) if [[ "$_RESERVED_RAM_TEST" =~ "_RESERVED_RAM" ]] ; then _DO_NOTHING=YES else echo "_RESERVED_RAM=$_RESERVED_RAM" >> /root/.barracuda.cnf fi _STRICT_BIN_PERMISSIONS_TEST=$(grep _STRICT_BIN_PERMISSIONS /root/.barracuda.cnf) if [[ "$_STRICT_BIN_PERMISSIONS_TEST" =~ "_STRICT_BIN_PERMISSIONS" ]] ; then _DO_NOTHING=YES else echo "_STRICT_BIN_PERMISSIONS=$_STRICT_BIN_PERMISSIONS" >> /root/.barracuda.cnf fi _DB_SERIES_TEST=$(grep _DB_SERIES /root/.barracuda.cnf) if [[ "$_DB_SERIES_TEST" =~ "_DB_SERIES" ]] ; then _DO_NOTHING=YES else echo "_DB_SERIES=$_DB_SERIES" >> /root/.barracuda.cnf fi sleep 1 _CHECK_HOST=`uname -n` _CHECK_OS=$(grep "Ubuntu.*LTS" /etc/issue.net) if [[ "$_CHECK_OS" =~ "Ubuntu" ]] ; then _CHECK_OS=ULTS fi if [ "$_CHECK_OS" = "ULTS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else _R_M=BND _XTRAS_LIST=${_XTRAS_LIST%%${_R_M}} sed -i "s/^_XTRAS_LIST=.*/_XTRAS_LIST=\"$_XTRAS_LIST\"/g" /root/.barracuda.cnf &> /dev/null fi fi sed -i "s/^_DB_SERVER=.*/_DB_SERVER=MariaDB/g" /root/.barracuda.cnf &> /dev/null if [ -e "/root/.host8.cnf" ] || [[ "$_CHECK_HOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else sed -i "s/^_AUTOPILOT=.*/_AUTOPILOT=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_DB_ENGINE=.*/_DB_ENGINE=InnoDB/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_DB_SERVER=.*/_DB_SERVER=MariaDB/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_DEBUG_MODE=.*/_DEBUG_MODE=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_LOCAL_DEBIAN_MIRROR=.*/_LOCAL_DEBIAN_MIRROR=\"ftp.debian.org\"/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_MY_EMAIL=.*/_MY_EMAIL=\"notify\@omega8.cc\"/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_STRONG_PASSWORDS=.*/_STRONG_PASSWORDS=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_USE_STOCK=.*/_USE_STOCK=NO/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_FORCE_GIT_MIRROR=.*/_FORCE_GIT_MIRROR=\"\"/g" /root/.*.octopus.cnf &> /dev/null sed -i "s/^_STRONG_PASSWORDS=.*/_STRONG_PASSWORDS=YES/g" /root/.*.octopus.cnf &> /dev/null sed -i "s/^_USE_STOCK=.*/_USE_STOCK=NO/g" /root/.*.octopus.cnf &> /dev/null if [[ "$_CHECK_HOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [ "$_VMFAMILY" = "VS" ] ; then sed -i "s/^_CPU_CRIT_RATIO=.*/_CPU_CRIT_RATIO=3/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_CPU_MAX_RATIO=.*/_CPU_MAX_RATIO=2/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_CPU_SPIDER_RATIO=.*/_CPU_SPIDER_RATIO=1/g" /root/.barracuda.cnf &> /dev/null fi sed -i "s/^_MODULES_FIX=.*/_MODULES_FIX=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_NGINX_FORWARD_SECRECY=.*/_NGINX_FORWARD_SECRECY=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_NGINX_SPDY=.*/_NGINX_SPDY=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_PERMISSIONS_FIX=.*/_PERMISSIONS_FIX=YES/g" /root/.barracuda.cnf &> /dev/null if [ -x "/opt/php55/bin/php" ] ; then sed -i "s/^_PHP_CLI_VERSION=.*/_PHP_CLI_VERSION=5.5/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_PHP_FPM_VERSION=.*/_PHP_FPM_VERSION=5.5/g" /root/.barracuda.cnf &> /dev/null fi sed -i "s/^_REDIS_LISTEN_MODE=.*/_REDIS_LISTEN_MODE=SOCKET/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_SSH_FROM_SOURCES=.*/_SSH_FROM_SOURCES=YES/g" /root/.barracuda.cnf &> /dev/null sed -i "s/^_STRICT_BIN_PERMISSIONS=.*/_STRICT_BIN_PERMISSIONS=YES/g" /root/.barracuda.cnf &> /dev/null fi fi fi sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null echo " " while read line ; do echo "$line" done < /root/.barracuda.cnf echo " " if [ -e "/root/.barracuda.cnf" ] ; then source /root/.barracuda.cnf fi if [ "$_DB_SERIES" = "10.0" ] ; then _MARIADB_VERSION="$_MARIADB_10_VERSION" else _DB_SERIES=5.5 _MARIADB_VERSION="$_MARIADB_5_VERSION" fi _CHECK_HOST=`uname -n` if [[ "$_MY_EMAIL" =~ "omega8.cc" ]] ; then if [ -e "/root/.host8.cnf" ] || [[ "$_CHECK_HOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else _DB_SERVER=MariaDB fi else msg "EXIT: You must enter **your** valid e-mail address in the _MY_EMAIL variable" msg "EXIT: stored in the /root/.barracuda.cnf config file" msg "EXIT: Bye (2)" exit 1 fi fi _NGX_FORCE_REINSTALL_TEST=$(grep _NGX_FORCE_REINSTALL /root/.barracuda.cnf) if [[ "$_NGX_FORCE_REINSTALL_TEST" =~ "_NGX_FORCE_REINSTALL" ]] ; then sed -i "s/.*_NGX_FORCE_REINSTALL.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _PHP_FORCE_REINSTALL_TEST=$(grep _PHP_FORCE_REINSTALL /root/.barracuda.cnf) if [[ "$_PHP_FORCE_REINSTALL_TEST" =~ "_PHP_FORCE_REINSTALL" ]] ; then sed -i "s/.*_PHP_FORCE_REINSTALL.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _SQL_FORCE_REINSTALL_TEST=$(grep _SQL_FORCE_REINSTALL /root/.barracuda.cnf) if [[ "$_SQL_FORCE_REINSTALL_TEST" =~ "_SQL_FORCE_REINSTALL" ]] ; then sed -i "s/.*_SQL_FORCE_REINSTALL.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi _FULL_FORCE_REINSTALL_TEST=$(grep _FULL_FORCE_REINSTALL /root/.barracuda.cnf) if [[ "$_FULL_FORCE_REINSTALL_TEST" =~ "_FULL_FORCE_REINSTALL" ]] ; then sed -i "s/.*_FULL_FORCE_REINSTALL.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null fi if [ "$_DRUSH_VERSION" = "mini-4-14-03-2014" ] ; then _DRUSH_CC_REQ=NO else _DRUSH_CC_REQ=YES fi if [ "$_STATUS" = "INIT" ] ; then if prompt_yes_no "Do you want to proceed with the install?" ; then true else echo "Installation aborted by you" exit 1 fi else if prompt_yes_no "Do you want to proceed with the upgrade?" ; then true else echo "Upgrade aborted by you" exit 1 fi fi fi } # # Running aptitude full-upgrade. run_aptitude_full_upgrade () { msg "INFO: Running aptitude full-upgrade, please wait..." st_runner "dpkg --configure --force-all -a" 2> /dev/null st_runner "aptitude update -y" &> /dev/null _THIS_DB_SERVER_TEST=`mysql -V 2>&1` if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] && [ ! -e "/var/xdrago/log/fixed-mytop-mariadb.log" ] ; then st_runner "aptitude remove mytop -y" &> /dev/null st_runner "apt-get purge mytop -y --force-yes" &> /dev/null rm -f /usr/bin/mytop echo "fixed-mytop-mariadb" > /var/xdrago/log/fixed-mytop-mariadb.log fi st_runner "aptitude full-upgrade -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold" 2> /dev/null if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] && [ -e "/var/xdrago/log/fixed-mytop-mariadb.log" ] ; then st_runner "$_INSTAPP mytop" 2> /dev/null fi } # # Running silent aptitude full-upgrade. run_silent_aptitude_full_upgrade () { msg "INFO: Running silent aptitude full-upgrade, please wait..." mrun "dpkg --configure --force-all -a" 2> /dev/null mrun "aptitude update -y" &> /dev/null mrun "aptitude full-upgrade -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --allow-unauthenticated" 2> /dev/null } # # Install IonCube. install_ioncube () { ###--------------------### if [ ! -e "/var/xdrago/log/ioncube-$_IONCUBE_VERSION.log" ] || [ ! -e "/usr/local/ioncube" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then mkdir -p /usr/local/ioncube _X86_64_TEST=`uname -m` if [ "$_X86_64_TEST" = "x86_64" ] ; then SYSTEMARCH="x86_64" msg "INFO: Installing IonCube $SYSTEMARCH version for PHP-FPM..." cd /var/opt rm -f -r ioncube_loaders* get_dev_arch "ioncube_loaders_lin_x86-64.tar.gz" else SYSTEMARCH="x86" msg "INFO: Installing IonCube $SYSTEMARCH version for PHP-FPM..." cd /var/opt rm -f -r ioncube_loaders* get_dev_arch "ioncube_loaders_lin_x86.tar.gz" fi rm -f /usr/local/ioncube/* cp -af /var/opt/ioncube/* /usr/local/ioncube/ &> /dev/null echo "ioncube-$_IONCUBE_VERSION" > /var/xdrago/log/ioncube-$_IONCUBE_VERSION.log fi } # # Install PHP extensions. install_php_extensions () { ###--------------------### if [ "$1" = "55" ] ; then if [[ "$_ZEND_OPCACHE_VERSION" =~ "master" ]] ; then _OPCACHE_SRC=YES else _OPCACHE_SRC=NO fi fi if [ "$1" = "55" ] && [ "$_OPCACHE_SRC" = "NO" ] ; then _DO_NOTHING=YES else msg "INFO: Installing Zend OPcache for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r zendopcache* get_dev_src "zendopcache-$_ZEND_OPCACHE_VERSION.tar.gz" cd /var/opt/zendopcache-$_ZEND_OPCACHE_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "zendopcache-$_ZEND_OPCACHE_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/zendopcache-$_ZEND_OPCACHE_VERSION-$_LOC_PHP_VERSION.log fi ###--------------------### msg "INFO: Installing PhpRedis for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r phpredis* get_dev_src "phpredis-$_PHPREDIS_VERSION.tar.gz" cd /var/opt/phpredis st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "phpredis $_PHPREDIS_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/phpredis-$_PHPREDIS_VERSION-$_LOC_PHP_VERSION.log ###--------------------### msg "INFO: Installing UploadProgress for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r uploadprogress* get_dev_src "uploadprogress-$_UPLOADPROGRESS_VERSION.tgz" cd /var/opt/uploadprogress-$_UPLOADPROGRESS_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "uploadprogress-$_UPLOADPROGRESS_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/uploadprogress-$_UPLOADPROGRESS_VERSION-$_LOC_PHP_VERSION.log ###--------------------### msg "INFO: Installing JSMin for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt if [ "$_LOC_PHP_VERSION" = "5.2.17" ] ; then rm -f -r php-jsmin* get_dev_src "php-jsmin-1.0.tgz" cd /var/opt/php-jsmin-1.0 else rm -f -r pecl-jsmin* get_dev_src "pecl-jsmin-0.1.1.tar.gz" cd /var/opt/pecl-jsmin-0.1.1 fi st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "php-jsmin $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/php-pecl-jsmin-$_LOC_PHP_VERSION.log ###--------------------### if [ "$_PHP_GEOS" = "YES" ] || [[ "$_XTRAS_LIST" =~ "GEO" ]] ; then if [ "$1" = "53" ] ; then msg "INFO: Installing GEOS PHP extension for PHP-FPM $_LOC_PHP_VERSION, please wait..." if [ ! -e "/var/xdrago/log/geos-$_INSTALLER_VERSION.log" ] ; then st_runner "apt-get update -y --force-yes" &> /dev/null st_runner "$_INSTAPP libgeos-dev libgeos-c1 phpunit" 2> /dev/null echo "geos-$_INSTALLER_VERSION" > /var/xdrago/log/geos-$_INSTALLER_VERSION.log fi cd /var/opt rm -f -r geos* get_dev_src "geos-$_GEOS_VERSION.tar.bz2" cd geos-$_GEOS_VERSION if [ "$1" = "55" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php55/g' &> /dev/null elif [ "$1" = "54" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php54/g' &> /dev/null elif [ "$1" = "53" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php53/g' &> /dev/null elif [ "$1" = "52" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php52/g' &> /dev/null fi st_runner "sh ./configure --enable-php" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "php-geos $_GEOS_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/php-geos-$_GEOS_VERSION-$_LOC_PHP_VERSION.log fi fi ###--------------------### if [ "$_PHP_MONGODB" = "YES" ] || [[ "$_XTRAS_LIST" =~ "MNG" ]] ; then if [ "$1" = "53" ] ; then msg "INFO: Installing MongoDB PHP driver for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r mongo* get_dev_src "mongo-$_MONGO_VERSION.tgz" cd /var/opt/mongo-$_MONGO_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "php-mongo $_MONGO_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/php-mongo-$_MONGO_VERSION-$_LOC_PHP_VERSION.log fi fi ###--------------------### msg "INFO: Installing Imagick for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r imagick* get_dev_src "imagick-$_IMAGICK_VERSION.tgz" cd /var/opt/imagick-$_IMAGICK_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "imagick-$_IMAGICK_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/imagick-$_IMAGICK_VERSION-$_LOC_PHP_VERSION.log ###--------------------### msg "INFO: Installing MailParse for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r mailparse* get_dev_src "mailparse-$_MAILPARSE_VERSION.tgz" cd /var/opt/mailparse-$_MAILPARSE_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "mailparse-$_MAILPARSE_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/mailparse-$_MAILPARSE_VERSION-$_LOC_PHP_VERSION.log } # # Update extensions for PHP built from sources. update_php_extensions () { ###--------------------### if [ ! -e "/var/xdrago/log/zendopcache-$_ZEND_OPCACHE_VERSION-$_LOC_PHP_VERSION.log" ] ; then if [ "$1" = "55" ] ; then if [[ "$_ZEND_OPCACHE_VERSION" =~ "master" ]] ; then _OPCACHE_SRC=YES else _OPCACHE_SRC=NO fi fi if [ "$1" = "55" ] && [ "$_OPCACHE_SRC" = "NO" ] ; then _DO_NOTHING=YES else msg "INFO: Installing Zend OPcache upgrade for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r zendopcache* get_dev_src "zendopcache-$_ZEND_OPCACHE_VERSION.tar.gz" cd /var/opt/zendopcache-$_ZEND_OPCACHE_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "zendopcache-$_ZEND_OPCACHE_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/zendopcache-$_ZEND_OPCACHE_VERSION-$_LOC_PHP_VERSION.log fi fi ###--------------------### if [ ! -e "/var/xdrago/log/phpredis-$_PHPREDIS_VERSION-$_LOC_PHP_VERSION.log" ] ; then msg "INFO: Installing PhpRedis upgrade for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r phpredis* get_dev_src "phpredis-$_PHPREDIS_VERSION.tar.gz" cd /var/opt/phpredis st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "phpredis $_PHPREDIS_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/phpredis-$_PHPREDIS_VERSION-$_LOC_PHP_VERSION.log fi ###--------------------### if [ ! -e "/var/xdrago/log/uploadprogress-$_UPLOADPROGRESS_VERSION-$_LOC_PHP_VERSION.log" ] ; then msg "INFO: Installing UploadProgress upgrade for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r uploadprogress* get_dev_src "uploadprogress-$_UPLOADPROGRESS_VERSION.tgz" cd /var/opt/uploadprogress-$_UPLOADPROGRESS_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "uploadprogress-$_UPLOADPROGRESS_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/uploadprogress-$_UPLOADPROGRESS_VERSION-$_LOC_PHP_VERSION.log fi ###--------------------### if [ ! -e "/var/xdrago/log/php-pecl-jsmin-$_LOC_PHP_VERSION.log" ] ; then msg "INFO: Installing JSMin upgrade for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt if [ "$_LOC_PHP_VERSION" = "5.2.17" ] ; then rm -f -r php-jsmin* get_dev_src "php-jsmin-1.0.tgz" cd /var/opt/php-jsmin-1.0 else rm -f -r pecl-jsmin* get_dev_src "pecl-jsmin-0.1.1.tar.gz" cd /var/opt/pecl-jsmin-0.1.1 fi st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "php-jsmin $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/php-pecl-jsmin-$_LOC_PHP_VERSION.log fi ###--------------------### if [ "$_PHP_GEOS" = "YES" ] || [[ "$_XTRAS_LIST" =~ "GEO" ]] ; then if [ "$1" = "53" ] && [ ! -e "/var/xdrago/log/php-geos-$_GEOS_VERSION-$_LOC_PHP_VERSION.log" ] ; then msg "INFO: Installing GEOS PHP extension upgrade for PHP-FPM $_LOC_PHP_VERSION, please wait..." if [ ! -e "/var/xdrago/log/geos-$_INSTALLER_VERSION.log" ] ; then st_runner "apt-get update -y --force-yes" &> /dev/null st_runner "$_INSTAPP libgeos-dev libgeos-c1 phpunit" 2> /dev/null echo "geos-$_INSTALLER_VERSION" > /var/xdrago/log/geos-$_INSTALLER_VERSION.log fi cd /var/opt rm -f -r geos* get_dev_src "geos-$_GEOS_VERSION.tar.bz2" cd geos-$_GEOS_VERSION if [ "$1" = "55" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php55/g' &> /dev/null elif [ "$1" = "54" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php54/g' &> /dev/null elif [ "$1" = "53" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php53/g' &> /dev/null elif [ "$1" = "52" ] ; then find . -type f -print0 | xargs -0 sed -i 's/\/usr\/local/\/opt\/php52/g' &> /dev/null fi st_runner "sh ./configure --enable-php" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "php-geos $_GEOS_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/php-geos-$_GEOS_VERSION-$_LOC_PHP_VERSION.log fi fi ###--------------------### if [ "$_PHP_MONGODB" = "YES" ] || [[ "$_XTRAS_LIST" =~ "MNG" ]] ; then if [ "$1" = "53" ] && [ ! -e "/var/xdrago/log/php-mongo-$_MONGO_VERSION-$_LOC_PHP_VERSION.log" ] ; then msg "INFO: Installing MongoDB PHP driver upgrade for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r mongo* get_dev_src "mongo-$_MONGO_VERSION.tgz" cd /var/opt/mongo-$_MONGO_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "php-mongo $_MONGO_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/php-mongo-$_MONGO_VERSION-$_LOC_PHP_VERSION.log fi fi ###--------------------### if [ ! -e "/var/xdrago/log/imagick-$_IMAGICK_VERSION-$_LOC_PHP_VERSION.log" ] ; then msg "INFO: Installing Imagick upgrade for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r imagick* get_dev_src "imagick-$_IMAGICK_VERSION.tgz" cd /var/opt/imagick-$_IMAGICK_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "imagick-$_IMAGICK_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/imagick-$_IMAGICK_VERSION-$_LOC_PHP_VERSION.log fi ###--------------------### if [ ! -e "/var/xdrago/log/mailparse-$_MAILPARSE_VERSION-$_LOC_PHP_VERSION.log" ] ; then msg "INFO: Installing MailParse upgrade for PHP-FPM $_LOC_PHP_VERSION..." cd /var/opt rm -f -r mailparse* get_dev_src "mailparse-$_MAILPARSE_VERSION.tgz" cd /var/opt/mailparse-$_MAILPARSE_VERSION st_runner "$_LOC_PHP_PATH/phpize" 2> /dev/null st_runner "sh ./configure --with-php-config=$_LOC_PHP_PATH/php-config" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null echo "mailparse-$_MAILPARSE_VERSION $_LOC_PHP_VERSION $_NOW" > /var/xdrago/log/mailparse-$_MAILPARSE_VERSION-$_LOC_PHP_VERSION.log fi } # # Install legacy PHP version install_php_legacy () { ###--------------------### msg "INFO: Installing PHP-FPM $_PHP_VERSION" msg "NOTE! This step may take longer than 8 minutes, please wait..." cd /var/opt rm -f -r php* rm -f /etc/init.d/php-fpm* rm -f /etc/init.d/php$1-fpm* get_dev_src "php-$_PHP_VERSION.tar.gz" get_dev_src "php-$_PHP_VERSION-fpm-0.5.14.diff.gz" cat php-$_PHP_VERSION-fpm-0.5.14.diff | patch -d php-$_PHP_VERSION -p1 &> /dev/null msg "INFO: Installing PHP-FPM $_PHP_VERSION part 1/3" cd /var/opt/php-$_PHP_VERSION st_runner "sh ./buildconf --force" 2> /dev/null if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "oneiric" ] ; then patch -p1 < /opt/tmp/$_BOA_REPO_NAME/aegir/patches/disable_SSLv2_for_openssl_1_0_0.patch &> /dev/null fi msg "INFO: Installing PHP-FPM $_PHP_VERSION part 2/3" st_runner "sh ./configure --quiet --prefix=/opt/php$1 --enable-fpm --enable-fastcgi --with-mysql=/usr --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-mysqli=/usr/bin/mysql_config --enable-force-cgi-redirect --enable-discard-path --with-zlib --with-curl --with-curlwrappers --with-gd --enable-gd-native-ttf --with-jpeg-dir=/usr --with-png-dir=/usr --with-freetype-dir=/usr --with-t1lib=/usr --with-pear --with-imap --with-imap-ssl --with-openssl --with-pdo-mysql=/usr --enable-exif --enable-soap --enable-ftp --enable-zip --enable-mbstring --enable-pcntl --enable-bcmath --enable-calendar --with-kerberos --with-xsl --with-mcrypt --with-xmlrpc $_PHP_EXTRA" 2> /dev/null msg "INFO: Installing PHP-FPM $_PHP_VERSION part 3/3" st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null _LOC_PHP_VERSION="$_PHP_VERSION" _LOC_PHP_PATH=/opt/php$1/bin install_php_extensions "$1" echo "libcurl4-openssl-dev" > /var/xdrago/log/libcurl4-openssl-dev-fix.log _THIS_DB_SERVER_TEST=`mysql -V 2>&1` if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then echo "$_MARIADB_VERSION-MariaDB" > /var/xdrago/log/installed-$_PHP_VERSION-$_MARIADB_VERSION-MariaDB.log else echo "$_PERCONA_VERSION-Percona" > /var/xdrago/log/installed-$_PHP_VERSION-$_PERCONA_VERSION-Percona.log fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php$1-fpm /etc/init.d/php$1-fpm chmod 755 /etc/init.d/php$1-fpm st_runner "update-rc.d php$1-fpm defaults" &> /dev/null echo "php$1-rebuild-$_INSTALLER_VERSION" > /var/xdrago/log/php$1-rebuild-$_INSTALLER_VERSION } # # Install modern PHP version install_php_multi () { if [ "$1" = "52" ] ; then install_php_legacy "$1" else if [ "$1" != "55" ] ; then _PHP_EXTRA="$_PHP_EXTRA --with-curlwrappers" fi ###--------------------### msg "INFO: Installing PHP-FPM $_PHP_VERSION" msg "NOTE! This step may take longer than 8 minutes, please wait..." cd /var/opt rm -f -r php* get_dev_src "php-$_PHP_VERSION.tar.gz" msg "INFO: Installing PHP-FPM $_PHP_VERSION part 1/3" cd /var/opt/php-$_PHP_VERSION st_runner "sh ./buildconf --force" 2> /dev/null if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "oneiric" ] ; then patch -p1 < /opt/tmp/$_BOA_REPO_NAME/aegir/patches/disable_SSLv2_for_openssl_1_0_0.patch &> /dev/null fi ### cd sapi/fpm/fpm ### patch -p1 < /opt/tmp/$_BOA_REPO_NAME/aegir/patches/fpm_main.c.patch &> /dev/null ### cd /var/opt/php-$_PHP_VERSION msg "INFO: Installing PHP-FPM $_PHP_VERSION part 2/3" if [ "$1" = "55" ] ; then _PHP_EXTRA="$_PHP_EXTRA --enable-opcache" fi st_runner "sh ./configure --quiet --prefix=/opt/php$1 --enable-fpm --with-mysql=/usr --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-mysqli=/usr/bin/mysql_config --with-zlib --with-curl --with-gd --enable-gd-native-ttf --with-jpeg-dir=/usr --with-png-dir=/usr --with-freetype-dir=/usr --with-t1lib=/usr --with-pear --with-imap --with-imap-ssl --with-openssl --with-pdo-mysql=/usr --enable-exif --enable-soap --enable-ftp --enable-zip --enable-mbstring --enable-pcntl --enable-bcmath --enable-calendar --with-kerberos --with-xsl --with-mcrypt --with-xmlrpc --with-fpm-user=www-data --with-fpm-group=www-data $_PHP_EXTRA" 2> /dev/null msg "INFO: Installing PHP-FPM $_PHP_VERSION part 3/3" sed -i "s/^EXTRA_LIBS = -lcrypt/EXTRA_LIBS = -llber -lcrypt/g" Makefile 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null if [ -f "/usr/bin/php" ] && [ -f "/opt/php$1/bin/php" ] ; then mv -f /usr/bin/php /usr/bin/php-old &> /dev/null ln -sf /opt/php$1/bin/php /usr/bin/php if [ -f "/usr/bin/phpize" ] && [ -f "/opt/php$1/bin/phpize" ] && [ ! -L "/opt/php$1/bin/phpize" ] ; then mv -f /usr/bin/phpize /usr/bin/phpize-old &> /dev/null ln -sf /opt/php$1/bin/phpize /usr/bin/phpize fi fi _LOC_PHP_VERSION="$_PHP_VERSION" _LOC_PHP_PATH=/opt/php$1/bin install_php_extensions "$1" _THIS_DB_SERVER_TEST=`mysql -V 2>&1` if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then echo "$_MARIADB_VERSION-MariaDB" > /var/xdrago/log/installed-$_PHP_VERSION-$_MARIADB_VERSION-MariaDB.log else echo "$_PERCONA_VERSION-Percona" > /var/xdrago/log/installed-$_PHP_VERSION-$_PERCONA_VERSION-Percona.log fi rm -f /etc/init.d/php$1-fpm* cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php$1-fpm /etc/init.d/php$1-fpm chmod 755 /etc/init.d/php$1-fpm st_runner "update-rc.d php$1-fpm defaults" &> /dev/null fi } # # Update PHP extensions update_php_multi () { _LOC_PHP_VERSION="$_PHP_VERSION" _LOC_PHP_PATH="/opt/php$1/bin" update_php_extensions "$1" } # # Install latest Git. install_latest_git () { if [[ "$_XTRAS_LIST" =~ "GIT" ]] || [ "$_REL_VERSION" = "lenny" ] || [ "$_SSB_SRC" = "YES" ] ; then _GIT_TEST=$(git --version) if [[ "$_GIT_TEST" =~ "git version $_GIT_VERSION" ]] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then _DO_NOTHING=YES else msg "INFO: Installing latest Git from sources, please wait..." cd /var/opt rm -f -r git* get_dev_src "git-$_GIT_VERSION.tar.gz" cd /var/opt/git-$_GIT_VERSION st_runner "make configure" 2> /dev/null st_runner "sh ./configure --without-tcltk --quiet" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null mv -f /usr/bin/git /usr/bin/git-old ln -sf /usr/local/bin/git /usr/bin/git cd /var/opt fi fi } # # Check apt updates. check_apt_updates () { for Update in `/usr/bin/apt-get -q -y --force-yes --allow-unauthenticated -s dist-upgrade | grep ^Inst | cut -d\ -f2 | sort` do case $Update in *libcurl*) _YP_PHP=YES ;; *libmysql*) _UP_PHP=YES ;; *libssl*) _YP_PHP=YES ;; *linux-*) _UP_LNX=YES ;; *mariadb*) _UP_PHP=YES ;; *newrelic*) _UP_NRC=YES ;; *openjdk*) _UP_JDK=YES ;; *openssl*) _YP_PHP=YES ;; *percona*) _UP_PHP=YES ;; *) ;; esac done if [ "$_YP_PHP" = "YES" ] ; then if [ "$_NGINX_SPDY" = "YES" ] || [ "$_SSL_FROM_SOURCES" = "YES" ] || [ "$_NGINX_FORWARD_SECRECY" = "YES" ] ; then if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then _UP_PHP=YES else _UP_PHP=NO fi else _UP_PHP=YES fi fi } # # Generate provision backend db_passwd. provision_backend_dbpass_generate () { _ESC_APASS="" _LEN_APASS=0 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then _ESC_APASS=$(randpass 32 esc) _ESC_APASS=`echo -n $_ESC_APASS | tr -d "\n"` _ENC_APASS=$(python -c "import urllib; print urllib.quote('''$_ESC_APASS''')") _LEN_APASS=$(echo ${#_ESC_APASS}) fi if [ -z "$_ESC_APASS" ] || [ $_LEN_APASS -lt 19 ] ; then _ESC_APASS=`pwgen -v -s -1` _ESC_APASS=`echo -n $_ESC_APASS | tr -d "\n"` _ESC_APASS=`sanitize_string "$_ESC_APASS"` _ENC_APASS="$_ESC_APASS" fi echo "$_ESC_APASS" > $_L_SYS chown aegir:aegir $_L_SYS &> /dev/null chmod 0600 $_L_SYS _AEGIR_HOST=`uname -n` _RESOLVEIP=`echo $(getent ahostsv4 $_AEGIR_HOST) | cut -d: -f2 | awk '{ print $1}' 2> /dev/null` if [ -z "$_RESOLVEIP" ] ; then msg "FATAL ERROR:: This server does not have a hostname that resolves to an IP address" msg "FATAL ERROR:: Aborting Barracuda installer NOW!" touch /opt/tmp/status-Barracuda-FAIL exit 1 fi _ESC="\`%\`.*" mysqladmin flush-privileges &> /dev/null if [ "$_STATUS" = "INIT" ] ; then mysql -uroot mysql< /dev/null } # # Sync provision backend db_passwd. provision_backend_dbpass_sync () { msg "INFO: Syncing provision backend db_passwd..." _ADBU=aegir_root _L_SYS="/var/aegir/backups/system/.$_ADBU.pass.txt" mv -f $_L_SYS $_L_SYS-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null provision_backend_dbpass_generate if [ ! -z "$_ESC_APASS" ] && [ ! -z "$_ENC_APASS" ] ; then su -s /bin/bash - aegir -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='$_ADBU'\" &> /dev/null" mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$_ADBU';" &> /dev/null sed -i "s/mysql:\/\/$_ADBU:.*/mysql:\/\/$_ADBU:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_localhost.alias.drushrc.php &> /dev/null sed -i "s/mysql:\/\/$_ADBU:.*/mysql:\/\/$_ADBU:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_master.alias.drushrc.php &> /dev/null fi mysqladmin flush-privileges &> /dev/null if [ "$_USE_STOCK" = "YES" ] || [ "$_DRUSH_CC_REQ" = "YES" ] ; then su -s /bin/bash - aegir -c "drush cache-clear drush &> /dev/null" fi if [ -e "/var/aegir/.drush/server_localhost.alias.drushrc.php" ] ; then su -s /bin/bash aegir -c "drush @hostmaster hosting-task @server_localhost verify --force &> /dev/null" else su -s /bin/bash aegir -c "drush @hostmaster hosting-task @server_master verify --force &> /dev/null" fi msg "INFO: Running hosting-dispatch (1/3)..." su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" mrun "sleep 5" msg "INFO: Running hosting-dispatch (2/3)..." su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" mrun "sleep 5" msg "INFO: Running hosting-dispatch (3/3)..." su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" } # # Sync hostmaster frontend db_passwd. hostmaster_frontend_dbpass_sync () { msg "INFO: Syncing hostmaster frontend db_passwd..." _THIS_HM_SPTH=`cat /var/aegir/.drush/hostmaster.alias.drushrc.php | grep "site_path'" | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,']//g"` _THIS_HM_DBUR=`cat $_THIS_HM_SPTH/drushrc.php | grep "options\['db_user'\] = " | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,';]//g"` _THIS_HM_DBPD=`cat $_THIS_HM_SPTH/drushrc.php | grep "options\['db_passwd'\] = " | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,';]//g"` if [ -e "$_THIS_HM_SPTH" ] && [ ! -z "$_THIS_HM_DBUR" ] && [ ! -z "$_THIS_HM_DBPD" ] ; then mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_THIS_HM_DBPD') WHERE User='$_THIS_HM_DBUR';" &> /dev/null fi mysqladmin flush-privileges &> /dev/null } # # Upgrade Aegir Master Instance. upgrade_aegir_master () { if prompt_yes_no "Do you want to upgrade Aegir Master Instance?" ; then true msg "INFO: Running Aegir Master Instance upgrade" rm -f /opt/tmp/testecho* if [ ! -e "/root/.upstart.cnf" ] ; then service cron stop &> /dev/null fi usermod -aG users aegir &> /dev/null if [ ! -d "/var/aegir/.drush/sys/provision/http" ] ; then mkdir -p /var/aegir/.drush/{sys,xts,usr} cd /var/aegir/.drush/sys rm -f -r /var/aegir/.drush/{provision,drush_make} rm -f -r /var/aegir/.drush/sys/{provision,drush_make} curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/stable/tar/provision-$_AEGIR_VERSION.tar.gz" | tar -xzf - get_dev_ext "drush_make.tar.gz" rm -f -r /var/aegir/drush cd /var/aegir get_dev_ext "drush-$_DRUSH_VERSION.tar.gz" find /var/aegir/drush -type d -exec chmod 0755 {} \; &> /dev/null find /var/aegir/drush -type f -exec chmod 0644 {} \; &> /dev/null chmod 755 /var/aegir/drush/drush chmod 755 /var/aegir/drush/drush.php fi _THIS_HM_ROOT=`cat /var/aegir/.drush/hostmaster.alias.drushrc.php | grep "root'" | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,']//g"` _THIS_HM_SITE=`cat /var/aegir/.drush/hostmaster.alias.drushrc.php | grep "site_path'" | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,']//g"` mkdir -p $_THIS_HM_ROOT/sites/all/{modules,themes,libraries} chown -R aegir:aegir $_THIS_HM_ROOT/sites/all _U_HD="/var/aegir/.drush" chattr -i $_U_HD/php.ini &> /dev/null chown -R aegir:aegir /var/aegir/.drush chown -R aegir:aegir /var/aegir/backups chown -R aegir:aegir /var/aegir/clients chown -R aegir:aegir /var/aegir/config chown -R aegir:aegir /var/aegir/drush chown -R aegir $_THIS_HM_ROOT chown -R aegir:www-data $_THIS_HM_SITE/files chmod -R 02775 $_THIS_HM_SITE/files cd /var/aegir cp /opt/tmp/$_BOA_REPO_NAME/aegir/scripts/AegirUpgrade.sh.txt ./ sed -i "s/EDIT_AEGIR_VERSION/$_AEGIR_VERSION/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_BOA_REPO_GIT_URL/$_BOA_REPO_GIT_URLX/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_BOA_REPO_NAME/$_BOA_REPO_NAME/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_DEBUG_MODE/$_DEBUG_MODE/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_DOMAIN/$_THIS_FRONT/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_DRUSH_VERSION/$_DRUSH_VERSION/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_HTTP_WILDCARD/$_HTTP_WILDCARD/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_INSTALLER_VERSION/$_INSTALLER_VERSION/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_PHP_CLI_VERSION/$_PHP_CLI_VERSION/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_PHP_FPM_VERSION/$_PHP_FPM_VERSION/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_STRONG_PASSWORDS/$_STRONG_PASSWORDS/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_THIS_DB_HOST/$_THIS_DB_HOST/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null sed -i "s/EDIT_USE_STOCK/$_USE_STOCK/g" /var/aegir/AegirUpgrade.sh.txt &> /dev/null mysqladmin flush-hosts &> /dev/null provision_backend_dbpass_sync hostmaster_frontend_dbpass_sync su -s /bin/bash - aegir -c "bash AegirUpgrade.sh.txt" if [ -e "/opt/tmp/status-AegirUpgrade-FAIL" ] ; then msg "FATAL ERROR: AegirUpgrade installer failed" msg "FATAL ERROR: Aborting Barracuda installer NOW!" touch /opt/tmp/status-Barracuda-FAIL exit 1 else chattr +i $_U_HD/php.ini &> /dev/null hostmaster_frontend_dbpass_sync sed -i "s/hosting-dispatch.*/hosting-dispatch \>\/dev\/null 2\>\&1/g" /var/spool/cron/crontabs/aegir &> /dev/null fi if [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/var/aegir/config/includes/global.inc" ] ; then mv -f /var/aegir/config/includes/global.inc /var/aegir/config/includes/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null fi mkdir -p /data/conf cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc /data/conf/global.inc sed -i "s/3600/$_SPEED_VALID_MAX/g" /data/conf/global.inc &> /dev/null if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then ln -sf /data/conf/global.inc /var/aegir/config/includes/global.inc fi update_redis_password force_advanced_nginx_config if [ "$_DRUSH_VERSION" = "mini-4-14-03-2014" ] ; then sed -i "s/which one she wants./which one she wants.\n chdir(\$request['base_project_path'])\;/g" /var/aegir/drush/commands/pm/package_handler/wget.inc &> /dev/null fi cd /var/aegir rm -f AegirUpgrade.sh.txt if [ -d "/var/aegir/config/server_master/nginx/conf.d" ] ; then if [ ! -d "/var/aegir/config/server_master/nginx/pre.d" ] ; then cd /var/aegir/config/server_master/nginx cp -a conf.d pre.d else rm -f -r /var/aegir/config/server_master/nginx/conf.d fi if [ -e "/var/aegir/config/server_master/nginx/pre.d/custom_nginx.conf" ] ; then rm -f /var/aegir/config/server_master/nginx/pre.d/custom_nginx.conf fi fi find /var/aegir/host_master/*/profiles/* -type d -exec chmod 0755 {} \; &> /dev/null find /var/aegir/host_master/*/profiles/* -type f -exec chmod 0644 {} \; &> /dev/null find /var/aegir/*/profiles/* -type d -exec chmod 0755 {} \; &> /dev/null find /var/aegir/*/profiles/* -type f -exec chmod 0644 {} \; &> /dev/null chown -R aegir:aegir /var/aegir/.drush &> /dev/null find /var/aegir/.drush -type d -exec chmod 0755 {} \; &> /dev/null find /var/aegir/.drush -type f -exec chmod 0644 {} \; &> /dev/null chmod 0440 /var/aegir/.drush/*.php &> /dev/null chmod 0711 /var/aegir/.drush &> /dev/null msg "INFO: Aegir Master Instance upgrade completed" echo " " else msg "INFO: Aegir Master Instance not upgraded this time" echo " " fi rm -f /var/aegir/*install.sh.txt } # # Check for Linux/Cdorked.A malware and delete if discovered. detect_cdorked_malware () { _C_DORKED=NO _C_FILE=/opt/tmp/$_BOA_REPO_NAME/aegir/helpers/dump_cdorked_config.c if [ -e "$_C_FILE" ] ; then ### msg "INFO: Checking for Linux/Cdorked.A malware..." chattr -ai $(which nginx) &> /dev/null cd /var/backups rm -f -r /var/opt/foo_bar* gcc -o /var/opt/foo_bar /opt/tmp/$_BOA_REPO_NAME/aegir/helpers/dump_cdorked_config.c &> /dev/null _C_DORKED_TEST=$(/var/opt/foo_bar) if [[ "$_C_DORKED_TEST" =~ "No shared memory matching Cdorked signature was found" ]] ; then _DO_NOTHING=YES ### msg "INFO: No Linux/Cdorked.A malware traces found - system clean" else msg "ALRT: Your system is probably infected by Linux/Cdorked.A malware!" msg "ALRT: Please send /var/backups/httpd_cdorked_config.bin file to leveille@eset.com" rm -f $(which nginx) _NGX_FORCE_REINSTALL=YES _C_DORKED=YES fi fi } # # Install or upgrade Nginx. install_upgrade_nginx () { msg "INFO: Testing Nginx version..." if [ "$_STATUS" = "UPGRADE" ] ; then _NGINX_INSTALL_REQUIRED=NO fi if [ -x "/usr/sbin/nginx" ] ; then _NGINX_F_INSTALLED=`/usr/sbin/nginx -v 2>&1 | tr -d "\n" | cut -d" " -f4 | awk '{ print $1}'` _NGINX_V_INSTALLED=`/usr/sbin/nginx -V 2>&1` if [ -z "$_NGINX_F_INSTALLED" ] ; then _NGINX_F_INSTALLED=`/usr/sbin/nginx -v 2>&1 | tr -d "\n" | cut -d" " -f3 | awk '{ print $1}'` fi _NGINX_F_VERSION="$_CUSTOM_NAME/$_NGINX_VERSION" if [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] && [ "$_STATUS" = "UPGRADE" ] ; then _NGINX_INSTALL_REQUIRED=NO msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, OK" elif [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] && [ "$_STATUS" = "INIT" ] ; then _NGINX_INSTALL_REQUIRED=NO msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, OK" elif [ "$_NGINX_F_INSTALLED" != "$_NGINX_F_VERSION" ] ; then _NGINX_INSTALL_REQUIRED=YES msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, upgrade required" fi if [ "$_NGINX_F_INSTALLED" = "$_NGINX_F_VERSION" ] ; then if [[ "$_NGINX_V_INSTALLED" =~ "geoip" ]] ; then _DO_NOTHING=YES else _NGINX_INSTALL_REQUIRED=YES msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include geoip module" fi if [[ "$_NGINX_V_INSTALLED" =~ "nginx-development-kit" ]] ; then _NGINX_INSTALL_REQUIRED=YES msg "INFO: Nginx rebuild required to avoid apt-get overwrite" fi if [[ "$_NGINX_V_INSTALLED" =~ "http_flv_module" ]] && [[ "$_NGINX_V_INSTALLED" =~ "http_mp4_module" ]] ; then _DO_NOTHING=YES else _NGINX_INSTALL_REQUIRED=YES msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include pseudo-streaming support" fi if [ "$_NGINX_LDAP" = "YES" ] ; then if [[ "$_NGINX_V_INSTALLED" =~ "nginx-auth-ldap" ]] ; then _DO_NOTHING=YES else _NGINX_INSTALL_REQUIRED=YES msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include LDAP support" fi fi if [ "$_PURGE_MODE" = "ON" ] ; then if [[ "$_NGINX_V_INSTALLED" =~ "purge" ]] ; then _DO_NOTHING=YES else _NGINX_INSTALL_REQUIRED=YES msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include purge module" fi fi if [ "$_NGINX_NAXSI" = "YES" ] ; then if [[ "$_NGINX_V_INSTALLED" =~ "naxsi" ]] ; then _DO_NOTHING=YES else _NGINX_INSTALL_REQUIRED=YES msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include NAXSI module" fi fi if [ "$_NGINX_SPDY" = "YES" ] ; then if [[ "$_NGINX_V_INSTALLED" =~ "http_spdy_module" ]] ; then _DO_NOTHING=YES else _NGINX_INSTALL_REQUIRED=YES msg "INFO: Installed Nginx version $_NGINX_F_INSTALLED, forced rebuild to include SPDY support" fi fi fi else _NGINX_INSTALL_REQUIRED=YES fi detect_cdorked_malware if [ "$_C_DORKED" = "YES" ] ; then _NGINX_INSTALL_REQUIRED=YES msg "INFO: Nginx rebuild required to remove possible Linux/Cdorked.A malware" fi if [ "$_NGINX_INSTALL_REQUIRED" = "YES" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] || [ "$_NGX_FORCE_REINSTALL" = "YES" ] ; then if [ "$_STATUS" = "UPGRADE" ] ; then msg "INFO: Upgrading Nginx..." else msg "INFO: Installing Nginx..." fi cd /var/opt; rm -f -r nginx* get_dev_src "nginx-upload-progress-module.tar.gz" if [ "$_PURGE_MODE" = "ON" ] ; then get_dev_src "ngx-cache-purge.tar.gz" fi get_dev_src "nginx-$_NGINX_VERSION.tar.gz" sed -i "s/nginx/$_CUSTOM_NAME/g" /var/opt/nginx-$_NGINX_VERSION/src/core/nginx.h &> /dev/null if [ "$_PURGE_MODE" = "ON" ] && [ -z "$_NGINX_EXTRA_CONF" ] ; then _NGINX_EXTRA="--add-module=/var/opt/ngx-cache-purge/" elif [ ! -z "$_NGINX_EXTRA_CONF" ] && [ "$_PURGE_MODE" = "OFF" ] ; then _NGINX_EXTRA="$_NGINX_EXTRA_CONF" elif [ ! -z "$_NGINX_EXTRA_CONF" ] && [ "$_PURGE_MODE" = "ON" ] ; then _NGINX_EXTRA="--add-module=/var/opt/ngx-cache-purge/ $_NGINX_EXTRA_CONF" else _NGINX_EXTRA="" fi if [ -e "/var/opt/nginx-upload-progress-module" ] ; then _NGINX_EXTRA="--add-module=/var/opt/nginx-upload-progress-module/ $_NGINX_EXTRA" fi if [ "$_NGINX_LDAP" = "YES" ] ; then cd /var/opt rm -f -r /var/opt/nginx-auth-ldap* get_dev_src "nginx-auth-ldap.tar.gz" if [ -e "/var/opt/nginx-auth-ldap" ] ; then _NGINX_EXTRA="--add-module=/var/opt/nginx-auth-ldap/ $_NGINX_EXTRA" fi fi if [ "$_NGINX_NAXSI" = "YES" ] ; then cd /var/opt rm -f -r /var/opt/nginx-naxsi* get_dev_src "nginx-naxsi.tar.gz" if [ -e "/var/opt/nginx-naxsi" ] ; then _NGINX_EXTRA="--add-module=/var/opt/nginx-naxsi/naxsi_src/ $_NGINX_EXTRA" fi fi if [ "$_NGINX_SPDY" = "YES" ] ; then _NGINX_EXTRA="--with-http_spdy_module $_NGINX_EXTRA" fi cd /var/opt/nginx-$_NGINX_VERSION st_runner "sh ./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=www-data --group=www-data --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_scgi_module --without-http_uwsgi_module --with-ipv6 --with-http_geoip_module --with-debug $_NGINX_EXTRA" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then _DO_NOTHING=YES elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then _DO_NOTHING=YES else mrun "service nginx stop" &> /dev/null killall -9 nginx &> /dev/null mrun "service nginx start" &> /dev/null fi _NGINX_INSTALL_REQUIRED=NO fi if [ ! -L "/usr/bin/nginx" ] ; then ln -sf /usr/sbin/nginx /usr/bin/nginx fi } # # Install wkhtmltopdf. install_wkhtmltopdf () { ###--------------------### if [ ! -e "/var/xdrago/log/wkhtmltopdf-fix10" ] || [ ! -x "/usr/bin/wkhtmltopdf" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then _X86_64_TEST=`uname -m` if [ "$_X86_64_TEST" = "x86_64" ] ; then SYSTEMARCH="x86_64" msg "INFO: Installing /usr/bin/wkhtmltopdf $SYSTEMARCH version..." cd /var/opt rm -f -r wkhtmltopdf* get_dev_arch "wkhtmltopdf-0.10.0_rc2-static-amd64.tar.bz2" cp -af wkhtmltopdf-amd64 /usr/bin/wkhtmltopdf &> /dev/null chown root:root /usr/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/bin/wkhtmltopdf &> /dev/null else SYSTEMARCH="x86" msg "INFO: Installing /usr/bin/wkhtmltopdf $SYSTEMARCH version..." cd /var/opt rm -f -r wkhtmltopdf* get_dev_arch "wkhtmltopdf-0.10.0_rc2-static-i386.tar.bz2" cp -af wkhtmltopdf-i386 /usr/bin/wkhtmltopdf &> /dev/null chown root:root /usr/bin/wkhtmltopdf &> /dev/null chmod 755 /usr/bin/wkhtmltopdf &> /dev/null fi touch /var/xdrago/log/wkhtmltopdf-fix10 fi } # # Install wkhtmltoimage. install_wkhtmltoimage () { ###--------------------### if [ ! -e "/var/xdrago/log/wkhtmltoimage-fix10" ] || [ ! -x "/usr/bin/wkhtmltoimage" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then _X86_64_TEST=`uname -m` if [ "$_X86_64_TEST" = "x86_64" ] ; then SYSTEMARCH="x86_64" msg "INFO: Installing /usr/bin/wkhtmltoimage $SYSTEMARCH version..." cd /var/opt rm -f -r wkhtmltoimage* get_dev_arch "wkhtmltoimage-0.10.0_rc2-static-amd64.tar.bz2" cp -af wkhtmltoimage-amd64 /usr/bin/wkhtmltoimage &> /dev/null chown root:root /usr/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/bin/wkhtmltoimage &> /dev/null else SYSTEMARCH="x86" msg "INFO: Installing /usr/bin/wkhtmltoimage $SYSTEMARCH version..." cd /var/opt rm -f -r wkhtmltoimage* get_dev_arch "wkhtmltoimage-0.10.0_rc2-static-i386.tar.bz2" cp -af wkhtmltoimage-i386 /usr/bin/wkhtmltoimage &> /dev/null chown root:root /usr/bin/wkhtmltoimage &> /dev/null chmod 755 /usr/bin/wkhtmltoimage &> /dev/null fi touch /var/xdrago/log/wkhtmltoimage-fix10 fi } # # Update php-cli in the cron entry. update_php_cli_cron () { if [ "$_PHP_CLI_VERSION" = "5.5" ] && [ -x "/opt/php55/bin/php" ] ; then sed -i "s/^PATH=.*/PATH=\/opt\/php55\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/g" /var/spool/cron/crontabs/aegir &> /dev/null elif [ "$_PHP_CLI_VERSION" = "5.4" ] && [ -x "/opt/php54/bin/php" ] ; then sed -i "s/^PATH=.*/PATH=\/opt\/php54\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/g" /var/spool/cron/crontabs/aegir &> /dev/null elif [ "$_PHP_CLI_VERSION" = "5.3" ] && [ -x "/opt/php53/bin/php" ] ; then sed -i "s/^PATH=.*/PATH=\/opt\/php53\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/g" /var/spool/cron/crontabs/aegir &> /dev/null elif [ "$_PHP_CLI_VERSION" = "5.2" ] && [ -x "/opt/php52/bin/php" ] ; then sed -i "s/^PATH=.*/PATH=\/opt\/php52\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/g" /var/spool/cron/crontabs/aegir &> /dev/null fi chown aegir:crontab /var/spool/cron/crontabs/aegir &> /dev/null } # # Update New Relic. update_newrelic () { ###--------------------### if [ ! -z "$_NEWRELIC_KEY" ] ; then if [ -e "/etc/newrelic/newrelic.cfg" ] || [ -e "/etc/apt/sources.list.d/newrelic.list" ] ; then msg "INFO: Uninstalling previous version of New Relic Apps and Server Monitor..." cd /var/opt _KEYS_SERVER_TEST=FALSE until [[ "$_KEYS_SERVER_TEST" =~ "GnuPG" ]] ; do rm -f 548C16BF.gpg* wget -q -U iCab http://download.newrelic.com/548C16BF.gpg _KEYS_SERVER_TEST=`grep GnuPG 548C16BF.gpg 2> /dev/null` sleep 2 done cat 548C16BF.gpg | apt-key add - &> /dev/null rm -f 548C16BF.gpg* st_runner "aptitude remove newrelic-php5 newrelic-php5-common newrelic-daemon newrelic-sysmond -y" &> /dev/null st_runner "apt-get autoremove -y --force-yes" &> /dev/null mkdir -p /var/backups/nr mv -f /etc/newrelic /var/backups/nr/etc-newrelic-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null _PHP_EXT_DIR_55="/opt/php55/lib/php/extensions/no-debug-non-zts-$_PHP55_API" _PHP_EXT_DIR_54="/opt/php54/lib/php/extensions/no-debug-non-zts-$_PHP54_API" _PHP_EXT_DIR_53="/opt/php53/lib/php/extensions/no-debug-non-zts-$_PHP53_API" _PHP_EXT_DIR_52="/opt/php52/lib/php/extensions/no-debug-non-zts-$_PHP52_API" msg "INFO: Installing latest version of New Relic Apps and Server Monitor..." echo "## New Relic APT Repository" > /etc/apt/sources.list.d/newrelic.list echo "deb http://apt.newrelic.com/debian/ newrelic non-free" >> /etc/apt/sources.list.d/newrelic.list st_runner "apt-get update -y" &> /dev/null st_runner "apt-get install newrelic-php5 newrelic-sysmond -f -y --force-yes -q --config-file /opt/tmp/apt.conf.noninteractive" 2> /dev/null NR_INSTALL_PHPLIST=/opt/php52/bin:/opt/php53/bin:/opt/php54/bin:/opt/php55/bin;export NR_INSTALL_PHPLIST;NR_INSTALL_SILENT='silent';export NR_INSTALL_SILENT;newrelic-install install &> /dev/null _X86_64_TEST=`uname -m` if [ "$_X86_64_TEST" = "x86_64" ] ; then _SYSTEM_ARCH="x64" else _SYSTEM_ARCH="x32" fi if [ -e "$_PHP_EXT_DIR_55" ] && [ ! -e "$_PHP_EXT_DIR_55/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP55_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP55_API.so $_PHP_EXT_DIR_55/newrelic.so fi if [ -e "$_PHP_EXT_DIR_54" ] && [ ! -e "$_PHP_EXT_DIR_54/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP54_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP54_API.so $_PHP_EXT_DIR_54/newrelic.so fi if [ -e "$_PHP_EXT_DIR_53" ] && [ ! -e "$_PHP_EXT_DIR_53/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP53_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP53_API.so $_PHP_EXT_DIR_53/newrelic.so fi if [ -e "$_PHP_EXT_DIR_52" ] && [ ! -e "$_PHP_EXT_DIR_52/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP52_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP52_API.so $_PHP_EXT_DIR_52/newrelic.so fi if [ ! -e "/etc/newrelic/newrelic.cfg" ] ; then echo "## New Relic Configuration" > /etc/newrelic/newrelic.cfg echo "license_key=$_NEWRELIC_KEY" >> /etc/newrelic/newrelic.cfg echo "pidfile=/var/run/newrelic-daemon.pid" >> /etc/newrelic/newrelic.cfg echo "logfile=/var/log/newrelic/newrelic-daemon.log" >> /etc/newrelic/newrelic.cfg echo "loglevel=error" >> /etc/newrelic/newrelic.cfg else sed -i "s/REPLACE_WITH_REAL_KEY/$_NEWRELIC_KEY/g" /etc/newrelic/newrelic.cfg &> /dev/null fi sed -i "s/REPLACE_WITH_REAL_KEY/$_NEWRELIC_KEY/g" /etc/newrelic/nrsysmond.cfg &> /dev/null fi fi } # # Install New Relic. install_newrelic () { ###--------------------### if [ ! -z "$_NEWRELIC_KEY" ] ; then _MULTI_NR=NO _PHP_EXT_DIR_55="/opt/php55/lib/php/extensions/no-debug-non-zts-$_PHP55_API" _PHP_EXT_DIR_54="/opt/php54/lib/php/extensions/no-debug-non-zts-$_PHP54_API" _PHP_EXT_DIR_53="/opt/php53/lib/php/extensions/no-debug-non-zts-$_PHP53_API" _PHP_EXT_DIR_52="/opt/php52/lib/php/extensions/no-debug-non-zts-$_PHP52_API" if [ -e "$_PHP_EXT_DIR_55" ] && [ ! -e "$_PHP_EXT_DIR_55/newrelic.so" ] ; then _MULTI_NR=YES fi if [ -e "$_PHP_EXT_DIR_54" ] && [ ! -e "$_PHP_EXT_DIR_54/newrelic.so" ] ; then _MULTI_NR=YES fi if [ -e "$_PHP_EXT_DIR_53" ] && [ ! -e "$_PHP_EXT_DIR_53/newrelic.so" ] ; then _MULTI_NR=YES fi if [ -e "$_PHP_EXT_DIR_52" ] && [ ! -e "$_PHP_EXT_DIR_52/newrelic.so" ] ; then _MULTI_NR=YES fi if [ "$_MULTI_NR" = "YES" ] || [ ! -e "/var/xdrago/log/newrelic-$_INSTALLER_VERSION.log" ] || [ ! -e "/etc/newrelic/newrelic.cfg" ] || [ ! -e "/etc/newrelic/nrsysmond.cfg" ] || [ ! -e "/etc/apt/sources.list.d/newrelic.list" ] ; then msg "INFO: Installing New Relic Apps and Server Monitor..." cd /var/opt _KEYS_SERVER_TEST=FALSE until [[ "$_KEYS_SERVER_TEST" =~ "GnuPG" ]] ; do rm -f 548C16BF.gpg* wget -q -U iCab http://download.newrelic.com/548C16BF.gpg _KEYS_SERVER_TEST=`grep GnuPG 548C16BF.gpg 2> /dev/null` sleep 2 done cat 548C16BF.gpg | apt-key add - &> /dev/null rm -f 548C16BF.gpg* echo "## New Relic APT Repository" > /etc/apt/sources.list.d/newrelic.list echo "deb http://apt.newrelic.com/debian/ newrelic non-free" >> /etc/apt/sources.list.d/newrelic.list st_runner "apt-get update -y" &> /dev/null st_runner "apt-get install newrelic-php5 newrelic-sysmond -f -y --force-yes -q --config-file /opt/tmp/apt.conf.noninteractive" 2> /dev/null if [ "$_MULTI_NR" = "YES" ] ; then msg "INFO: Installing latest version of New Relic Apps and Server Monitor..." NR_INSTALL_PHPLIST=/opt/php52/bin:/opt/php53/bin:/opt/php54/bin:/opt/php55/bin;export NR_INSTALL_PHPLIST;NR_INSTALL_SILENT='silent';export NR_INSTALL_SILENT;newrelic-install install &> /dev/null _X86_64_TEST=`uname -m` if [ "$_X86_64_TEST" = "x86_64" ] ; then _SYSTEM_ARCH="x64" else _SYSTEM_ARCH="x32" fi if [ -e "$_PHP_EXT_DIR_55" ] && [ ! -e "$_PHP_EXT_DIR_55/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP55_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP55_API.so $_PHP_EXT_DIR_55/newrelic.so fi if [ -e "$_PHP_EXT_DIR_54" ] && [ ! -e "$_PHP_EXT_DIR_54/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP54_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP54_API.so $_PHP_EXT_DIR_54/newrelic.so fi if [ -e "$_PHP_EXT_DIR_53" ] && [ ! -e "$_PHP_EXT_DIR_53/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP53_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP53_API.so $_PHP_EXT_DIR_53/newrelic.so fi if [ -e "$_PHP_EXT_DIR_52" ] && [ ! -e "$_PHP_EXT_DIR_52/newrelic.so" ] && [ -e "/usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP52_API.so" ] ; then ln -sf /usr/lib/newrelic-php5/agent/$_SYSTEM_ARCH/newrelic-$_PHP52_API.so $_PHP_EXT_DIR_52/newrelic.so fi if [ ! -e "/etc/newrelic/newrelic.cfg" ] ; then echo "## New Relic Configuration" > /etc/newrelic/newrelic.cfg echo "license_key=$_NEWRELIC_KEY" >> /etc/newrelic/newrelic.cfg echo "pidfile=/var/run/newrelic-daemon.pid" >> /etc/newrelic/newrelic.cfg echo "logfile=/var/log/newrelic/newrelic-daemon.log" >> /etc/newrelic/newrelic.cfg echo "loglevel=error" >> /etc/newrelic/newrelic.cfg else sed -i "s/REPLACE_WITH_REAL_KEY/$_NEWRELIC_KEY/g" /etc/newrelic/newrelic.cfg &> /dev/null fi sed -i "s/REPLACE_WITH_REAL_KEY/$_NEWRELIC_KEY/g" /etc/newrelic/nrsysmond.cfg &> /dev/null fi fi touch /var/xdrago/log/newrelic-$_INSTALLER_VERSION.log fi } # # Install or update Drush versions. get_drush_versions () { ###--------------------### mkdir -p /opt/tools/drush/{4,6,7} chown -R root:root /opt/tools rm -f -r /opt/tools/drush/4/* cd /opt/tools/drush/4/ get_dev_ext "drush-$_DRUSH_VERSION.tar.gz" msg "INFO: Drush $_DRUSH_VERSION installation complete" rm -f -r /opt/tools/drush/6/* cd /opt/tools/drush/6/ get_dev_ext "drush-$_DRUSH6_VERSION.tar.gz" cd /opt/tools/drush/6/drush/lib get_dev_ext "Console_Table-1.1.3.tgz" msg "INFO: Drush $_DRUSH6_VERSION installation complete" rm -f -r /opt/tools/drush/7/* # cd /opt/tools/drush/7/ # get_dev_ext "drush-$_DRUSH7_VERSION.tar.gz" # cd /opt/tools/drush/7/drush/lib # get_dev_ext "Console_Table-1.1.6.tgz" # msg "INFO: Drush $_DRUSH7_VERSION installation complete" find /opt/tools -type d -exec chmod 0755 {} \; &> /dev/null find /opt/tools -type f -exec chmod 0644 {} \; &> /dev/null chmod 755 /opt/tools/drush/*/drush/drush chmod 755 /opt/tools/drush/*/drush/drush.php if [ -x "/opt/tools/drush/4/drush/drush" ] ; then rm -f /usr/bin/drush4 rm -f /usr/bin/drush ln -s /opt/tools/drush/4/drush/drush /usr/bin/drush4 ln -s /opt/tools/drush/4/drush/drush /usr/bin/drush fi if [ -x "/opt/tools/drush/6/drush/drush" ] ; then rm -f /usr/bin/drush6 ln -s /opt/tools/drush/6/drush/drush /usr/bin/drush6 fi if [ -x "/opt/tools/drush/7/drush/drush" ] ; then rm -f /usr/bin/drush7 ln -s /opt/tools/drush/7/drush/drush /usr/bin/drush7 else rm -f /usr/bin/drush7 if [ -x "/opt/tools/drush/6/drush/drush" ] ; then ln -s /opt/tools/drush/6/drush/drush /usr/bin/drush7 fi fi if [ -e "/opt/tools/drush/5" ] ; then rm -f -r /opt/tools/drush/5 rm -f /usr/bin/drush5 fi chown -R root:root /opt/tools/drush cd /opt/tmp } # # Update packages sources list. update_sources_list () { ###--------------------### if [ -e "/var/xdrago/log/apt-fast-install-log.txt" ] || [ -e "/var/log/apt-fast-install-log.txt" ] ; then _APT_SOURCES_REWRITE=NO if [ ! -z "$_LOCAL_DEBIAN_MIRROR" ] ; then _APT_SOURCES_REWRITE=YES fi if [ ! -z "$_LOCAL_UBUNTU_MIRROR" ] ; then _APT_SOURCES_REWRITE=YES fi if [ "$_REL_VERSION" = "lenny" ] ; then sed -i "s/^deb.*security.debian.org.*/## security updates no longer available for lenny/g" /etc/apt/sources.list &> /dev/null sed -i "s/ftp.*debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null sed -i "s/volatile.debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null fi if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_REL_VERSION" = "squeeze" ] ; then run_silent_aptitude_full_upgrade _LOC_REL_VERSION=squeeze _REL_VERSION=wheezy _APT_SOURCES_REWRITE=YES elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_REL_VERSION" = "lenny" ] ; then run_silent_aptitude_full_upgrade _LOC_REL_VERSION=lenny _REL_VERSION=squeeze _APT_SOURCES_REWRITE=YES fi if [ "$_REL_VERSION" = "squeeze" ] ; then _VOLATILE_TEST=$(grep "MAJOR BUG FIX UPDATES" /etc/apt/sources.list) if [[ "$_VOLATILE_TEST" =~ "MAJOR BUG FIX UPDATES" ]] ; then _DO_NOTHING=YES else _APT_SOURCES_REWRITE=YES fi if [ "$_DB_SERVER" = "Percona" ] ; then if [ ! -e "/etc/apt/sources.list.d/percona.list" ]; then _APT_SOURCES_REWRITE=YES fi else if [ ! -e "/etc/apt/sources.list.d/mariadb.list" ]; then _APT_SOURCES_REWRITE=YES fi fi fi else _APT_SOURCES_REWRITE=YES fi if [ "$_APT_SOURCES_REWRITE" = "YES" ] ; then msg "INFO: Updating packages sources list..." mv -f /etc/apt/sources.list /var/backups/sources.list-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null if [ "$_THIS_OS" = "Ubuntu" ] ; then if [ "$_AUTOPILOT" = "YES" ] ; then if [ -z "$_LOCAL_UBUNTU_MIRROR" ] ; then _MIRROR=archive.ubuntu.com else _MIRROR=$_LOCAL_UBUNTU_MIRROR fi else if [ -z "$_LOCAL_UBUNTU_MIRROR" ] ; then msg "INFO: Now looking for the best/fastest $_THIS_OS mirror, this may take a while, please wait..." mkdir -p /opt/tmp/helpers cd /opt/tmp/helpers curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/helpers/ffmirror.sh.txt" -o ffmirror.sh.txt curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/helpers/apt-list-ubuntu.txt" -o apt-list-ubuntu.txt _MIRROR=`bash ffmirror.sh.txt < apt-list-ubuntu.txt` _MIRROR=`bash ffmirror.sh.txt < apt-list-ubuntu.txt` echo " " prompt_confirm_choice "Enter your own mirror to use or press enter to use the fastest found mirror" $_MIRROR echo " " _MIRROR=$_CONFIRMED_ANSWER else _MIRROR=$_LOCAL_UBUNTU_MIRROR fi if ! netcat -w 5 -z $_MIRROR 80 ; then msg "INFO: The mirror $_MIRROR doesn't respond now, let's try default" _MIRROR=archive.ubuntu.com fi fi msg "INFO: We will use $_THIS_OS mirror $_MIRROR" cd /var/opt echo "## MAIN REPOSITORIES" > /etc/apt/sources.list echo "deb http://$_MIRROR/ubuntu/ $_REL_VERSION main restricted universe multiverse" >> /etc/apt/sources.list echo "deb-src http://$_MIRROR/ubuntu/ $_REL_VERSION main restricted universe multiverse" >> /etc/apt/sources.list echo "" >> /etc/apt/sources.list echo "## MAJOR BUG FIX UPDATES produced after the final release" >> /etc/apt/sources.list echo "deb http://$_MIRROR/ubuntu/ $_REL_VERSION-updates main restricted universe multiverse" >> /etc/apt/sources.list echo "deb-src http://$_MIRROR/ubuntu/ $_REL_VERSION-updates main restricted universe multiverse" >> /etc/apt/sources.list echo "" >> /etc/apt/sources.list echo "## BACKPORTS" >> /etc/apt/sources.list echo "deb http://$_MIRROR/ubuntu/ $_REL_VERSION-backports main restricted universe multiverse" >> /etc/apt/sources.list echo "deb-src http://$_MIRROR/ubuntu/ $_REL_VERSION-backports main restricted universe multiverse" >> /etc/apt/sources.list echo "" >> /etc/apt/sources.list echo "## UBUNTU SECURITY UPDATES" >> /etc/apt/sources.list echo "deb http://security.ubuntu.com/ubuntu $_REL_VERSION-security main restricted universe multiverse" >> /etc/apt/sources.list echo "deb-src http://security.ubuntu.com/ubuntu $_REL_VERSION-security main restricted universe multiverse" >> /etc/apt/sources.list if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-ubuntu.txt" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-ubuntu.txt /etc/apt/preferences else curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/conf/etc-apt-preferences-ubuntu.txt" -o /etc/apt/preferences fi elif [ "$_THIS_OS" = "Debian" ] ; then _MIRROR_CHECK=NO if [ "$_REL_VERSION" = "lenny" ] ; then _MIRROR=archive.debian.org else if [ "$_AUTOPILOT" = "YES" ] ; then if [ -z "$_LOCAL_DEBIAN_MIRROR" ] ; then _MIRROR=ftp.debian.org else _MIRROR=$_LOCAL_DEBIAN_MIRROR fi else _MIRROR_CHECK=YES fi fi if [ "$_MIRROR_CHECK" = "YES" ] ; then if [ -z "$_LOCAL_DEBIAN_MIRROR" ] ; then msg "INFO: Now looking for the best/fastest $_THIS_OS mirror, this may take a while, please wait..." mkdir -p /opt/tmp/helpers cd /opt/tmp/helpers curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/helpers/ffmirror.sh.txt" -o ffmirror.sh.txt curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/helpers/apt-list-debian.txt" -o apt-list-debian.txt _MIRROR=`bash ffmirror.sh.txt < apt-list-debian.txt` _MIRROR=`bash ffmirror.sh.txt < apt-list-debian.txt` echo " " prompt_confirm_choice "Enter your own mirror to use or press enter to use the fastest found mirror" $_MIRROR echo " " _MIRROR=$_CONFIRMED_ANSWER else _MIRROR=$_LOCAL_DEBIAN_MIRROR fi if ! netcat -w 5 -z $_MIRROR 80 ; then msg "INFO: The mirror $_MIRROR doesn't respond now, let's try default" _MIRROR=ftp.debian.org fi fi msg "INFO: We will use $_THIS_OS mirror $_MIRROR" cd /var/opt echo "## MAIN REPOSITORIES" > /etc/apt/sources.list echo "deb http://$_MIRROR/debian/ $_REL_VERSION main contrib non-free" >> /etc/apt/sources.list echo "deb-src http://$_MIRROR/debian/ $_REL_VERSION main contrib non-free" >> /etc/apt/sources.list echo "" >> /etc/apt/sources.list echo "## MAJOR BUG FIX UPDATES produced after the final release" >> /etc/apt/sources.list if [ "$_REL_VERSION" = "lenny" ] ; then echo "deb http://archive.debian.org/debian-volatile $_REL_VERSION/volatile main contrib non-free" >> /etc/apt/sources.list echo "deb-src http://archive.debian.org/debian-volatile $_REL_VERSION/volatile main contrib non-free" >> /etc/apt/sources.list else echo "deb http://$_MIRROR/debian/ $_REL_VERSION-updates main" >> /etc/apt/sources.list echo "deb-src http://$_MIRROR/debian/ $_REL_VERSION-updates main" >> /etc/apt/sources.list echo "" >> /etc/apt/sources.list echo "## DEBIAN SECURITY UPDATES" >> /etc/apt/sources.list echo "deb http://security.debian.org/ $_REL_VERSION/updates main contrib non-free" >> /etc/apt/sources.list echo "deb-src http://security.debian.org/ $_REL_VERSION/updates main contrib non-free" >> /etc/apt/sources.list if [ "$_REL_VERSION" = "wheezy" ] ; then if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-wheezy.txt" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-wheezy.txt /etc/apt/preferences else curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/conf/etc-apt-preferences-wheezy.txt" -o /etc/apt/preferences fi fi if [ "$_REL_VERSION" = "squeeze" ] ; then if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-squeeze.txt" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-squeeze.txt /etc/apt/preferences else curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/conf/etc-apt-preferences-squeeze.txt" -o /etc/apt/preferences fi fi fi fi mkdir -p /var/xdrago/log touch /var/xdrago/log/apt-fast-install-log.txt cd /var/opt fi if [ ! -e "/etc/apt/preferences" ] ; then if [ "$_THIS_OS" = "Ubuntu" ] ; then if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-ubuntu.txt" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-ubuntu.txt /etc/apt/preferences else curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/conf/etc-apt-preferences-ubuntu.txt" -o /etc/apt/preferences fi else if [ "$_REL_VERSION" = "wheezy" ] ; then if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-wheezy.txt" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-wheezy.txt /etc/apt/preferences else curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/conf/etc-apt-preferences-wheezy.txt" -o /etc/apt/preferences fi else if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-squeeze.txt" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/etc-apt-preferences-squeeze.txt /etc/apt/preferences else curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/master/aegir/conf/etc-apt-preferences-squeeze.txt" -o /etc/apt/preferences fi fi fi fi } # # Install OpenSSH from sources. install_ssh_src () { _SSH_INSTALL_REQUIRED=NO _SSH_INSTALLED=`ssh -V 2>&1 | tr -d "\n" | tr -d "," | cut -d"_" -f2 | awk '{ print $1}'` if [ "$_SSH_FORCE_REINSTALL" = "YES" ] ; then _SSH_INSTALL_REQUIRED=YES msg "INFO: OpenSSH $_SSH_INSTALLED, rebuild forced" elif [ "$_SSH_INSTALLED" = "$_OPENSSH_VERSION" ] ; then _DO_NOTHING=YES else _SSH_INSTALL_REQUIRED=YES msg "INFO: Installed OpenSSH version $_SSH_INSTALLED, upgrade required" fi if [ "$_SSH_INSTALL_REQUIRED" = "YES" ] ; then msg "INFO: Installing OpenSSH $_OPENSSH_VERSION, please wait..." cd /var/opt rm -f -r openssh* get_dev_src "openssh-$_OPENSSH_VERSION.tar.gz" cd /var/opt/openssh-$_OPENSSH_VERSION st_runner "sh ./configure --without-openssl-header-check --prefix=/usr --with-pam" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null mrun "service ssh restart" &> /dev/null aptitude hold openssh-server &> /dev/null aptitude hold openssh-client &> /dev/null aptitude hold ssh &> /dev/null echo "openssh-server hold" | dpkg --set-selections &> /dev/null echo "openssh-client hold" | dpkg --set-selections &> /dev/null echo "ssh hold" | dpkg --set-selections &> /dev/null if [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then apt-mark hold openssh-server openssh-client ssh &> /dev/null fi else aptitude hold openssh-server &> /dev/null aptitude hold openssh-client &> /dev/null aptitude hold ssh &> /dev/null echo "openssh-server hold" | dpkg --set-selections &> /dev/null echo "openssh-client hold" | dpkg --set-selections &> /dev/null echo "ssh hold" | dpkg --set-selections &> /dev/null fi _SSH_FORCE_REINSTALL=NO } # # Install cURL from sources. install_curl_src () { _CURL_INSTALL_REQUIRED=NO _CURL_INSTALLED=`curl --version 2>&1 | tr -d "\n" | cut -d" " -f2 | awk '{ print $1}'` if [ "$_CURL_INSTALLED" = "$_CURL_VERSION" ] ; then _CURL_INSTALL_REQUIRED=NO else _CURL_INSTALL_REQUIRED=YES msg "INFO: Installed cURL version $_CURL_INSTALLED, upgrade required" fi _BROKEN_CURL_TEST=$(curl --version 2>&1) if [[ "$_BROKEN_CURL_TEST" =~ "libcurl.so.4" ]]; then _CURL_INSTALL_REQUIRED=YES msg "INFO: Installed libcurl is broken, cURL $_CURL_INSTALLED upgrade required" fi if [ "$_PHP_BIN_BROKEN" = "YES" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then _CURL_INSTALL_REQUIRED=YES msg "INFO: Installed cURL version $_CURL_INSTALLED, rebuild forced" fi if [ "$_CURL_INSTALL_REQUIRED" = "YES" ] ; then ###--------------------### echo "libcurl3 install" | dpkg --set-selections &> /dev/null echo "libcurl3-gnutls install" | dpkg --set-selections &> /dev/null echo "libcurl4-openssl-dev install" | dpkg --set-selections &> /dev/null echo "curl hold" | dpkg --set-selections &> /dev/null aptitude install libcurl3 -y &> /dev/null aptitude install libcurl3-gnutls -y &> /dev/null aptitude install libcurl4-openssl-dev -y &> /dev/null aptitude hold curl &> /dev/null if [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then apt-mark hold curl &> /dev/null fi msg "INFO: Installing cURL $_CURL_VERSION, please wait..." cd /var/opt rm -f -r curl* get_dev_src "curl-$_CURL_VERSION.tar.gz" cd /var/opt/curl-$_CURL_VERSION st_runner "sh ./configure --prefix=/usr" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null _UP_PHP=YES else ###--------------------### echo "libcurl3 install" | dpkg --set-selections &> /dev/null echo "libcurl3-gnutls install" | dpkg --set-selections &> /dev/null echo "libcurl4-openssl-dev install" | dpkg --set-selections &> /dev/null echo "curl hold" | dpkg --set-selections &> /dev/null aptitude install libcurl3 -y &> /dev/null aptitude install libcurl3-gnutls -y &> /dev/null aptitude install libcurl4-openssl-dev -y &> /dev/null aptitude hold curl &> /dev/null if [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then apt-mark hold curl &> /dev/null fi fi } # # Install OpenSSL from sources. install_ssl_src () { _SSL_INSTALL_REQUIRED=NO _SSL_INSTALLED=`openssl version 2>&1 | tr -d "\n" | cut -d" " -f2 | awk '{ print $1}'` if [ "$_SSL_INSTALLED" = "$_OPENSSL_VERSION" ] ; then _DO_NOTHING=YES _SSH_FORCE_REINSTALL=NO else _SSL_INSTALL_REQUIRED=YES _SSH_FORCE_REINSTALL=YES _NGX_FORCE_REINSTALL=YES _PHP_FORCE_REINSTALL=YES rm -f /var/xdrago/log/pure-ftpd-build-$_PURE_FTPD_VERSION-$_INSTALLER_VERSION.log rm -f /var/xdrago/log/mss-build-$_MSS_VERSION-$_INSTALLER_VERSION.log msg "INFO: Installed OpenSSL version $_SSL_INSTALLED, upgrade required" fi if [ "$_SSL_INSTALL_REQUIRED" = "YES" ] ; then ###--------------------### msg "INFO: Installing zlib $_ZLIB_VERSION, please wait..." cd /var/opt rm -f -r zlib* get_dev_src "zlib-$_ZLIB_VERSION.tar.gz" cd /var/opt/zlib-$_ZLIB_VERSION st_runner "./configure --prefix=/usr" 2> /dev/null st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null ###--------------------### msg "INFO: Installing OpenSSL $_OPENSSL_VERSION, please wait..." cd /var/opt rm -f -r openssl* get_dev_src "openssl-$_OPENSSL_VERSION.tar.gz" cd /var/opt/openssl-$_OPENSSL_VERSION _X86_64_IF=`uname -m` if [ "$_X86_64_IF" = "x86_64" ] ; then st_runner "sh ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared enable-ec_nistp_64_gcc_128" 2> /dev/null st_runner "make depend" 2> /dev/null else st_runner "sh ./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared" 2> /dev/null fi st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null ###--------------------### aptitude install libssl-dev -y &> /dev/null aptitude hold openssl &> /dev/null aptitude hold zlibc &> /dev/null aptitude hold zlib1g &> /dev/null aptitude hold zlib1g-dev &> /dev/null echo "libssl-dev install" | dpkg --set-selections &> /dev/null echo "openssl hold" | dpkg --set-selections &> /dev/null echo "zlibc hold" | dpkg --set-selections &> /dev/null echo "zlib1g hold" | dpkg --set-selections &> /dev/null echo "zlib1g-dev hold" | dpkg --set-selections &> /dev/null if [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then apt-mark hold openssl zlibc zlib1g zlib1g-dev &> /dev/null fi else aptitude install libssl-dev -y &> /dev/null aptitude hold openssl &> /dev/null aptitude hold zlibc &> /dev/null aptitude hold zlib1g &> /dev/null aptitude hold zlib1g-dev &> /dev/null echo "libssl-dev install" | dpkg --set-selections &> /dev/null echo "openssl hold" | dpkg --set-selections &> /dev/null echo "zlibc hold" | dpkg --set-selections &> /dev/null echo "zlib1g hold" | dpkg --set-selections &> /dev/null echo "zlib1g-dev hold" | dpkg --set-selections &> /dev/null fi } # # Fix multi-IP cron access. fix_multi_ip_cron_access () { rm -f /root/.local.IP.list.allow for _IP in `cat /root/.local.IP.list | cut -d '#' -f1 | sort | uniq | tr -d "\s"`;do echo " allow $_IP;" >> /root/.local.IP.list.allow;done echo " allow 127.0.0.1;" >> /root/.local.IP.list.allow echo " deny all;" >> /root/.local.IP.list.allow sed -i "s/allow .*;//g; s/ *$//g; /^$/d" /data/disk/*/config/includes/*.conf &> /dev/null sed -i "s/allow .*;//g; s/ *$//g; /^$/d" /var/aegir/config/includes/*.conf &> /dev/null sed -i "s/allow .*;//g; s/ *$//g; /^$/d" /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf &> /dev/null sed -i '/deny all;/ {r /root/.local.IP.list.allow d;};' /data/disk/*/config/includes/*.conf &> /dev/null sed -i '/deny all;/ {r /root/.local.IP.list.allow d;};' /var/aegir/config/includes/*.conf &> /dev/null sed -i '/deny all;/ {r /root/.local.IP.list.allow d;};' /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf &> /dev/null } # # Check if the PHP rebuild is required. check_php_rebuild () { if [ "$_FULL_FORCE_REINSTALL" = "YES" ] || [ "$_PHP_FORCE_REINSTALL" = "YES" ] ; then _PHP_INSTALLED=5.x if [ "$1" = "55" ] ; then rm -f /var/xdrago/log/*5.5* elif [ "$1" = "54" ] ; then rm -f /var/xdrago/log/*5.4* elif [ "$1" = "53" ] ; then rm -f /var/xdrago/log/*5.3* elif [ "$1" = "52" ] ; then rm -f /var/xdrago/log/*5.2* fi msg "INFO: PHP to $_PHP_VERSION rebuild forced" else _PHP_INSTALLED=`/opt/php$1/bin/php -v | grep 'PHP 5' | cut -d: -f1 | awk '{ print $2}'` fi if [ "$1" = "55" ] && [ -x "/opt/php$1/bin/php" ] ; then _PHP_DRIVERS=`/opt/php$1/bin/php -i | grep "with-mysql=/usr"` if [ -z "$_PHP_DRIVERS" ] ; then _PHP_DRIVERS_BUILD=NO else _PHP_DRIVERS_BUILD=YES fi fi if [ "$_PHP_DRIVERS_BUILD" = "NO" ] || [[ "$_PHP_INSTALLED" =~ "~" ]] || [[ "$_PHP_INSTALLED" =~ "dotdeb" ]] || [[ "$_PHP_INSTALLED" =~ "ubuntu" ]] ; then msg "INFO: Installed PHP version $_PHP_INSTALLED, upgrade required" install_php_multi "$1" else if [[ "$_PHP_INSTALLED" =~ "$_PHP_VERSION" ]] ; then if [ "$_UP_PHP" = "YES" ] ; then msg "INFO: PHP $_PHP_VERSION rebuild required to include upgraded libs" install_php_multi "$1" else msg "INFO: Installed PHP version $_PHP_INSTALLED, OK" fi else if [ "$_FULL_FORCE_REINSTALL" = "YES" ] || [ "$_PHP_FORCE_REINSTALL" = "YES" ] ; then _DO_NOTHING=YES else msg "INFO: Installed PHP version $_PHP_INSTALLED, upgrade required" fi install_php_multi "$1" fi fi _THIS_DB_SERVER_TEST=`mysql -V 2>&1` if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then if [ ! -e "/var/xdrago/log/installed-$_PHP_VERSION-$_MARIADB_VERSION-MariaDB.log" ] ; then msg "INFO: PHP $_PHP_VERSION rebuild required to include MariaDB $_MARIADB_VERSION libs" install_php_multi "$1" fi else if [ ! -e "/var/xdrago/log/installed-$_PHP_VERSION-$_PERCONA_VERSION-Percona.log" ] ; then msg "INFO: PHP $_PHP_VERSION rebuild required to include Percona $_PERCONA_VERSION libs" install_php_multi "$1" fi fi } # # Check if the PHP build is broken. check_php_broken () { _BROKEN_LIBCURL_TEST=$(/opt/php$1/bin/php -v 2>&1) if [[ "$_BROKEN_LIBCURL_TEST" =~ "libcurl.so.4" ]] ; then _PHP_BIN_BROKEN=YES msg "INFO: PHP $_PHP_VERSION rebuild required to fix broken libcurl" install_curl_src install_php_multi "$1" fi } # # Symlink to bash. symlink_to_bash () { if [ -x "/bin/bash" ] ; then rm -f /bin/sh ln -s /bin/bash /bin/sh fi } # # Switch to bash. switch_to_bash () { if [ -x "/bin/bash" ] ; then sed -i "s/:\/bin\/sh/:\/bin\/bash/g" /etc/passwd &> /dev/null sed -i "s/\/bin\/sh/\/bin\/bash/g" /etc/crontab &> /dev/null _X_BIN_PATHS="/usr/local/bin /usr/bin /bin /usr/local/sbin /usr/sbin /sbin /etc/alternatives /opt/php55/bin /opt/php54/bin /opt/php53/bin /opt/php52/bin /etc/init.d /usr/lib/postfix /etc/resolvconf /usr/lib/ConsoleKit/run-session.d /etc/network/if-up.d /etc/network/if-down.d /etc/webmin /usr/local/libexec/git-core /usr/lib/git-core /etc/cron.d /etc/cron.daily /etc/cron.monthly /etc/cron.weekly /usr/lib/sysstat" for p in $_X_BIN_PATHS; do if [ -e "$p" ] ; then for f in `find $p ! -perm -4000 ! -perm -2000 -type f` ; do if [[ "$f" =~ "drush"($) ]] || [[ "$f" =~ "clean-boa-env"($) ]] ; then _SKIP_THIS=YES else _SHELL_TEST=$(grep -I -o "/bin/sh" $f) if [ ! -z "$_SHELL_TEST" ] && [ "$f" != "/etc/init.d/clean-boa-env" ] ; then sed -i "s/^#\! \/.*/#\!\/bin\/bash/g" $f &> /dev/null sed -i "s/\/bin\/sh/\/bin\/bash/g" $f &> /dev/null fi fi done fi done fi } # # Optional Strict Permissions on All Binaries. strict_bin_permissions () { chown root:root /usr/local/bin /usr/bin /bin /usr/local/sbin /usr/sbin /sbin /etc/alternatives /opt/php55/bin /opt/php54/bin /opt/php53/bin /opt/php52/bin &> /dev/null chmod 711 /usr/local/bin /usr/bin /bin /usr/local/sbin /usr/sbin /sbin /etc/alternatives /opt/php55/bin /opt/php54/bin /opt/php53/bin /opt/php52/bin &> /dev/null _BIN_PATHS="/usr/local/bin /usr/bin /bin /usr/local/sbin /usr/sbin /sbin /etc/alternatives /opt/php55/bin /opt/php54/bin /opt/php53/bin /opt/php52/bin" for p in $_BIN_PATHS; do if [ -e "$p" ] ; then for f in `find $p -group users ! -perm -4000 ! -perm -2000 -type f` ; do chgrp root $f &> /dev/null chmod 750 $f &> /dev/null done fi done for p in $_BIN_PATHS; do if [ -e "$p" ] ; then for f in `find $p -group lshellg ! -perm -4000 ! -perm -2000 -type f` ; do chgrp root $f &> /dev/null chmod 750 $f &> /dev/null done fi done for p in $_BIN_PATHS; do if [ -e "$p" ] ; then for f in `find $p -group www-data ! -perm -4000 ! -perm -2000 -type f` ; do chgrp root $f &> /dev/null chmod 750 $f &> /dev/null done fi done for p in $_BIN_PATHS; do if [ -e "$p" ] ; then for f in `find $p -group root ! -perm -4000 ! -perm -2000 -type f` ; do chgrp users $f &> /dev/null chmod 750 $f &> /dev/null done fi done for p in $_BIN_PATHS; do if [ -e "$p" ] ; then for f in `find $p -group staff ! -perm -4000 ! -perm -2000 -type f` ; do chgrp users $f &> /dev/null chmod 750 $f &> /dev/null done fi done _WEBSERVER_BIN_PATHS="/usr/local/bin /usr/bin /bin /usr/local/sbin /usr/sbin /sbin /etc/alternatives" for p in $_WEBSERVER_BIN_PATHS; do for f in `find $p ! -perm -4000 ! -perm -2000 -type f | grep pdf` ; do if [ -e "$f" ] ; then chgrp root $f &> /dev/null chmod 755 $f &> /dev/null fi done done _BACKEND_ITEMS="wkhtmltopdf wkhtmltoimage convert compass curl sass sass-convert scss wget redis-server logger sendmail java java7 java6 rrdtool bash dash ffmpeg flvtool2 id which env nrsysmond newrelic-daemon avconv gs" for i in $_BACKEND_ITEMS; do _BIN_ITEM=$(which $i) if [ -e "$_BIN_ITEM" ] ; then chgrp root $_BIN_ITEM &> /dev/null chmod 755 $_BIN_ITEM &> /dev/null fi done _PROTECTED_ITEMS="barracuda boa octopus syncpass sftp-admin sftp-kill sftp-state named redis-cli redis-benchmark redis-check-dump redis-check-aof" for i in $_PROTECTED_ITEMS; do _BIN_ITEM=$(which $i) if [ -e "$_BIN_ITEM" ] ; then chown root:root $_BIN_ITEM &> /dev/null chmod 700 $_BIN_ITEM &> /dev/null fi done cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/helpers/websh.sh.txt /bin/websh chmod 755 /bin/websh chown root:root /bin/websh chown root:root /etc/passwd chmod 644 /etc/passwd } # # Fix for Open Atrium 2.18 7.28.1 fix_open_atrium () { if [ ! -e "/var/xdrago/log/open-atrium-og-fixed-001.log" ] ; then REVISIONS="001 003 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050" for i in $REVISIONS; do if [ -d "/data/all/$i/openatrium-7.x-2.18-7.28.1/profiles/openatrium/modules/contrib" ] ; then cd /data/all/$i/openatrium-7.x-2.18-7.28.1/profiles/openatrium/modules/contrib/ rm -f -r {context,ctools,entity,entityreference,mimemail,og} get_dev_contrib "context-7.x-3.2.tar.gz" get_dev_contrib "ctools-7.x-1.4.tar.gz" get_dev_contrib "entity-7.x-1.5.tar.gz" get_dev_contrib "entityreference-7.x-1.1.tar.gz" get_dev_contrib "mimemail-7.x-1.0-beta3.tar.gz" get_dev_contrib "og-7.x-2.7.tar.gz" fi done touch /var/xdrago/log/open-atrium-og-fixed-001.log cd fi } # # Final cleanup. finale () { ###--------------------### echo " " if [ "$_STATUS" = "INIT" ] ; then _L_ST="install" else _L_ST="upgrade" fi msg "CARD: Now charging your credit card for this auto-$_L_ST magic..." mrun "sleep 5" msg "JOKE: Just kidding! Enjoy your Aegir Hosting System :)" echo " " if [ "$_UP_LNX" = "YES" ] ; then msg "ALRT: Your OS kernel has been upgraded!" if [ ! -e "/usr/sbin/uptrack-upgrade" ] ; then msg "ALRT: You *must* reboot immediately to stay secure!" else msg "NOTE: You have Ksplice rebootless kernel updates installed" msg "HINT: Run uptrack-upgrade -y to make sure that all upgrades are fully applied" fi echo " " mrun "sleep 8" fi msg "Final post-$_L_ST cleaning, please wait a moment..." fix_open_atrium mv -f /etc/motd /var/backups/dragon/t/motd-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null mv -f /etc/motd-pre-* /var/backups/dragon/t/ &> /dev/null echo > /etc/motd echo " Barracuda System managed by Skynet Agent v.$_INSTALLER_VERSION welcomes you aboard" >> /etc/motd echo >> /etc/motd echo > /etc/motd.tail echo " Barracuda System managed by Skynet Agent v.$_INSTALLER_VERSION welcomes you aboard" >> /etc/motd.tail echo >> /etc/motd.tail aptitude autoclean -y &> /dev/null apt-get clean -qq &> /dev/null mkdir -p /data/conf/arch mv -f /data/conf/global.inc-pre* /data/conf/arch/ &> /dev/null mv -f /data/conf/global.inc-before* /data/conf/arch/ &> /dev/null mv -f /data/conf/global.inc-missing* /data/conf/arch/ &> /dev/null rm -f /tmp/cache.inc* rm -f /var/opt/._zendopcache* rm -f -r /var/opt/* rm -f -r /opt/tmp/* rm -f /var/xdrago/monitor/acrashsql.sh rm -f /var/xdrago/acrashsql.sh rm -f /var/xdrago/usage.sh rm -f /var/xdrago/memcache.sh* rm -f /var/xdrago/purge_cruft.sh rm -f -r /tmp/drush_make_tmp* rm -f -r /tmp/make_tmp* rm -f /tmp/pm-updatecode* rm -f /var/run/boa_run.pid rm -f /var/run/boa_wait.pid rm -f /var/aegir/.drush/.alias.drushrc.php rm -f /data/disk/*/.drush/.alias.drushrc.php rm -f /var/xdrago/log/protected-vhosts-clean.log rm -f /var/backups/.auth.IP.list* sed -i "s/### access .*//g; s/allow .*;//g; s/deny .*;//g; s/ *$//g; /^$/d" /var/aegir/config/server_master/nginx/vhost.d/chive.* &> /dev/null sed -i "s/### access .*//g; s/allow .*;//g; s/deny .*;//g; s/ *$//g; /^$/d" /var/aegir/config/server_master/nginx/vhost.d/cgp.* &> /dev/null sed -i "s/### access .*//g; s/allow .*;//g; s/deny .*;//g; s/ *$//g; /^$/d" /var/aegir/config/server_master/nginx/vhost.d/sqlbuddy.* &> /dev/null find /etc/[a-z]*\.lock -maxdepth 1 -type f -exec rm -rf {} \; &> /dev/null chmod 700 /root if [ ! -e "/etc/init.d/buagent" ] && [ -e "/var/backups/buagent-pre-$_INSTALLER_VERSION-$_NOW" ] ; then mv -f /var/backups/buagent-pre-$_INSTALLER_VERSION-$_NOW /etc/init.d/buagent &> /dev/null fi if [ -e "/etc/csf/csf.deny" ] && [ -e "/usr/sbin/csf" ] && [ -e "/var/xdrago/guest-fire.sh" ] && [ -e "/var/xdrago/guest-water.sh" ] ; then sed -i "s/.*fire.*//g" /etc/crontab &> /dev/null sed -i "s/.*water.*//g" /etc/crontab &> /dev/null if [[ "$_THISHOST" =~ ".host8." ]] ; then if [ "$_VMFAMILY" = "VS" ] ; then _DO_NOTHING=YES else echo "* * * * * root bash /var/xdrago/guest-fire.sh >/dev/null 2>&1" >> /etc/crontab echo "01 * * * * root bash /var/xdrago/guest-water.sh >/dev/null 2>&1" >> /etc/crontab fi else echo "* * * * * root bash /var/xdrago/guest-fire.sh >/dev/null 2>&1" >> /etc/crontab echo "01 * * * * root bash /var/xdrago/guest-water.sh >/dev/null 2>&1" >> /etc/crontab fi sed -i "/^$/d" /etc/crontab &> /dev/null else sed -i "s/.*fire.*//g" /etc/crontab &> /dev/null sed -i "s/.*water.*//g" /etc/crontab &> /dev/null sed -i "/^$/d" /etc/crontab &> /dev/null fi killall -9 memcached &> /dev/null chmod 0750 /sbin/audispd &> /dev/null service auditd restart &> /dev/null if [ ! -e "/root/.upstart.cnf" ] ; then service cron start &> /dev/null fi if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ] ; then csf -x &> /dev/null csf -e &> /dev/null csf -q &> /dev/null fi msg "BYE!" } ###--------------------### if [ `whoami` = "root" ] ; then chmod a+w /dev/null if [ ! -e "/dev/fd" ] ; then if [ -e "/proc/self/fd" ] ; then rm -rf /dev/fd ln -s /proc/self/fd /dev/fd fi fi echo " " msg "BOA Skynet welcomes you aboard!" echo " " sleep 3 chmod a+rw /dev/null rm -f -r /opt/tmp/* rm -f -r /tmp/drush_make_tmp* rm -f -r /tmp/make_tmp* rm -f /tmp/pm-updatecode* rm -f /tmp/cache.inc* if [ ! -e "/root/.upstart.cnf" ] ; then service cron stop &> /dev/null fi touch /var/run/boa_run.pid mkdir -p /var/xdrago/log find /etc/[a-z]*\.lock -maxdepth 1 -type f -exec rm -rf {} \; &> /dev/null _AWS_TEST_A=$(grep cloudimg /etc/fstab) _AWS_TEST_B=$(grep cloudconfig /etc/fstab) if [[ "$_AWS_TEST_A" =~ "cloudimg" ]] || [[ "$_AWS_TEST_B" =~ "cloudconfig" ]] ; then _VMFAMILY="AWS" _HTTP_WILDCARD=YES _THIS_DB_HOST=localhost fi _VM_TEST=`uname -a 2>&1` if [[ "$_VM_TEST" =~ beng ]] ; then _VMFAMILY="VS" touch /var/run/cloud_vhost.pid fi sleep 1 else msg "ERROR: This script should be ran as a root user - please `sudo -i` first" exit 1 fi ###--------------------### if [ ! -z "$_LOCAL_NETWORK_IP" ] ; then _LOCAL_NETWORK_IP=${_LOCAL_NETWORK_IP//[^0-9.]/} fi if [ ! -z "$_LOCAL_NETWORK_HN" ] ; then _LOCAL_NETWORK_HN=${_LOCAL_NETWORK_HN//[^a-zA-Z0-9-.]/} _LOCAL_NETWORK_HN=`echo -n $_LOCAL_NETWORK_HN | tr A-Z a-z` fi if [ ! -z "$_MY_OWNIP" ] ; then _MY_OWNIP=${_MY_OWNIP//[^0-9.]/} fi if [ ! -z "$_MY_HOSTN" ] ; then _MY_HOSTN=${_MY_HOSTN//[^a-zA-Z0-9-.]/} _MY_HOSTN=`echo -n $_MY_HOSTN | tr A-Z a-z` fi if [ ! -z "$_MY_FRONT" ] ; then _MY_FRONT=${_MY_FRONT//[^a-zA-Z0-9-.]/} _MY_FRONT=`echo -n $_MY_FRONT | tr A-Z a-z` fi if [ ! -z "$_SMTP_RELAY_HOST" ] ; then _SMTP_RELAY_HOST=${_SMTP_RELAY_HOST//[^a-zA-Z0-9-.]/} _SMTP_RELAY_HOST=`echo -n $_SMTP_RELAY_HOST | tr A-Z a-z` fi ###--------------------### if [ -e "/var/aegir/.drush/hostmaster.alias.drushrc.php" ] ; then _STATUS=UPGRADE msg "INFO: UPGRADE" barracuda_cnf if [ -f "/var/aegir/config/includes/wildcard_listen_http_enabled.txt" ] ; then _HTTP_WILDCARD=YES else _HTTP_WILDCARD=NO fi touch /var/run/boa_wait.pid else _STATUS=INIT if [ -d "/var/aegir" ] ; then msg "INFO: FORCED INIT" _FULL_FORCE_REINSTALL=YES else msg "INFO: NORMAL INIT" fi _ZOMBIE_HOME="/var/backups/zombie/$_INSTALLER_VERSION-$_NOW" mkdir -p $_ZOMBIE_HOME mv -f /etc/nginx/conf.d/* $_ZOMBIE_HOME/ &> /dev/null mv -f /var/aegir $_ZOMBIE_HOME/ &> /dev/null mv -f /var/xdrago $_ZOMBIE_HOME/ &> /dev/null mv -f /root/.my.cnf $_ZOMBIE_HOME/ &> /dev/null mv -f /root/.my.pass.txt $_ZOMBIE_HOME/ &> /dev/null cp -af /etc/sudoers $_ZOMBIE_HOME/ &> /dev/null sed -i "s/^aegir.*//g" /etc/sudoers &> /dev/null deluser aegir &> /dev/null rm -f /usr/bin/drush if [ "$_EASY_LOCALHOST" = "YES" ] && [ "$_EASY_PUBLIC" = "YES" ] ; then msg "FATAL ERROR: You must enable either _EASY_PUBLIC or _EASY_LOCALHOST mode, not both" exit 1 fi if [ "$_EASY_PUBLIC" = "YES" ] ; then if [ -z "$_EASY_HOSTNAME" ] || [ "$_EASY_HOSTNAME" = "wildcard-enabled-hostname" ] ; then msg "FATAL ERROR: You must define also _EASY_HOSTNAME when _EASY_PUBLIC mode is enabled" exit 1 fi fi if [ "$_EASY_LOCALHOST" = "YES" ] ; then msg "INFO: Easy Localhost Setup Mode Active" _XTRAS_LIST="CHV" _HTTP_WILDCARD=YES _AUTOPILOT=YES _DEBUG_MODE=NO _AEGIR_VERSION=HEAD _DB_SERVER=MariaDB _SSH_PORT=22 _DNS_SETUP_TEST=NO _THIS_DB_HOST=localhost _SMTP_RELAY_TEST=NO _LOCAL_NETWORK_IP="127.0.1.1" _LOCAL_NETWORK_HN="aegir.local" elif [ "$_EASY_PUBLIC" = "YES" ] ; then msg "INFO: Easy Public Setup Mode Active" _XTRAS_LIST="CSF CHV FTP" _HTTP_WILDCARD=YES _AUTOPILOT=YES _DEBUG_MODE=NO _AEGIR_VERSION=HEAD _DB_SERVER=MariaDB _SSH_PORT=22 _DNS_SETUP_TEST=YES _THIS_DB_HOST=localhost _SMTP_RELAY_TEST=YES _MY_HOSTN="$_EASY_HOSTNAME" _MY_FRONT="master.$_EASY_HOSTNAME" validate_public_ip &> /dev/null _MY_OWNIP="$_THISHTIP" fi barracuda_cnf fi _INITINS="/usr/bin/apt-get -y --force-yes install" _INSTALL="/usr/bin/apt-get -y --force-yes --config-file /opt/tmp/apt.conf.noninteractive install" if [ "$_AEGIR_VERSION" = "HEAD" ] && [ ! -z "$_FORCE_GIT_MIRROR" ] ; then if [ "$_FORCE_GIT_MIRROR" = "gitorious" ] ; then _INSTAPP="/usr/bin/aptitude-fast -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold install" else _INSTAPP="/usr/bin/aptitude -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold install" fi else _INSTAPP="/usr/bin/aptitude -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold install" fi _SRCDIR=/opt/tmp/files rm -f -r /var/opt/* mkdir -p $_SRCDIR chmod -R 777 /opt/tmp &> /dev/null rm -f /var/run/aegir_upgrade.pid if [ "$_STRICT_BIN_PERMISSIONS" = "YES" ] ; then symlink_to_bash switch_to_bash fi _PHP_SV=${_PHP_FPM_VERSION//[^0-9]/} if [ -z "$_PHP_SV" ] ; then _PHP_SV=53 fi _PHP_CN="www${_PHP_SV}" ###--------------------### if [ "$_STATUS" = "UPGRADE" ] ; then if [ ! -e "/root/.my.cnf" ] ; then msg "EXIT on error due to not found file with your MySQL/$_DB_SERVER root password" cat < /root/.my.cnf echo "user=root" >> /root/.my.cnf echo "password=your_SQL_ROOT_password" >> /root/.my.cnf chmod 0600 /root/.my.cnf EOF msg "EXIT on error due to not found file with your MySQL/$_DB_SERVER root password" exit 1 fi fi ###--------------------### if [ "$_STATUS" = "INIT" ] ; then msg "INFO: Installing some basic tools now, please wait..." apt-get update &> /dev/null $_INITINS locales &> /dev/null fix_locales $_INITINS lsb-release &> /dev/null $_INITINS dnsutils &> /dev/null $_INITINS netcat &> /dev/null $_INITINS curl &> /dev/null $_INITINS wget &> /dev/null fi ###--------------------### msg "INFO: Checking your system version..." _THIS_OS=`lsb_release -si` _THIS_RV=`lsb_release -sc` if [ "$_THIS_OS" = "Ubuntu" ] ; then if [ "$_THIS_RV" = "trusty" ] ; then _REL_VERSION="trusty" _HTTP_WILDCARD=YES _THIS_DB_HOST=localhost _DB_SERVER=MariaDB _DB_SERIES=10.0 _MARIADB_VERSION="$_MARIADB_10_VERSION" elif [ "$_THIS_RV" = "precise" ] ; then _REL_VERSION="precise" _HTTP_WILDCARD=YES _THIS_DB_HOST=localhost elif [ "$_THIS_RV" = "oneiric" ] ; then _REL_VERSION="oneiric" _HTTP_WILDCARD=YES _THIS_DB_HOST=localhost elif [ "$_THIS_RV" = "natty" ] ; then _REL_VERSION="natty" elif [ "$_THIS_RV" = "maverick" ] ; then _REL_VERSION="maverick" elif [ "$_THIS_RV" = "lucid" ] ; then _REL_VERSION="lucid" elif [ "$_THIS_RV" = "karmic" ] ; then _REL_VERSION="karmic" _DB_SERVER=MariaDB elif [ "$_THIS_RV" = "jaunty" ] ; then _REL_VERSION="jaunty" _DB_SERVER=MariaDB elif [ "$_THIS_RV" = "hardy" ] ; then _REL_VERSION="hardy" _DB_SERVER=MariaDB else not_supported_os fi elif [ "$_THIS_OS" = "Debian" ] ; then if [ "$_THIS_RV" = "wheezy" ] ; then _REL_VERSION="wheezy" _DB_SERVER=MariaDB elif [ "$_THIS_RV" = "squeeze" ] ; then _REL_VERSION="squeeze" elif [ "$_THIS_RV" = "lenny" ] ; then _REL_VERSION="lenny" _DB_SERVER=MariaDB _DB_SERIES=5.3 _MARIADB_VERSION=5.3.12 else not_supported_os fi elif [ "$_THIS_OS" = "Jolicloud" ] ; then if [ "$_THIS_RV" = "robby" ] ; then _THIS_OS=Ubuntu _REL_VERSION=jaunty _DB_SERVER=MariaDB else not_supported_os fi else not_supported_os fi echo " " msg "Aegir on $_THIS_OS/$_REL_VERSION - Skynet Agent v.$_INSTALLER_VERSION" echo " " ###--------------------### update_sources_list apt-get update &> /dev/null ###--------------------### if [ "$_STATUS" = "INIT" ] ; then msg "INFO: Installing more basic tools now, please wait..." if [ -e "/etc/debian_version" ] ; then _L_DEB_TEST=`grep "^5." /etc/debian_version 2> /dev/null` if [ ! -z "$_L_DEB_TEST" ] ; then sed -i "s/^deb.*security.debian.org.*/## security updates no longer available for lenny/g" /etc/apt/sources.list &> /dev/null sed -i "s/ftp.*debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null sed -i "s/volatile.debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null fi fi apt-get update &> /dev/null $_INITINS locales &> /dev/null fix_locales $_INITINS git-core &> /dev/null $_INITINS aptitude &> /dev/null $_INITINS axel &> /dev/null fi ###--------------------### wait_for_connection () { echo " " msg "I can not connect to github.com on port 9418 at the moment" msg "I will try again in 60 seconds, please wait..." msg "Waiting for attempt $1..." sleep 60 } check_connection () { if ! netcat -w 8 -z github.com 9418 ; then wait_for_connection "2/4" if ! netcat -w 8 -z github.com 9418 ; then wait_for_connection "3/4" if ! netcat -w 8 -z github.com 9418 ; then wait_for_connection "4/4" if ! netcat -w 8 -z github.com 9418 ; then echo " " msg "Sorry, I gave up." msg "EXIT on error due to GitHub git server at 9418 downtime" msg "Please try to run this script again in a few minutes" msg "You may want to check https://status.github.com/messages" msg "Also, make sure that the git port 9418 is open" msg "Bye" exit 1 fi fi fi fi } if [ "$_AEGIR_VERSION" = "HEAD" ] && [ "$_USE_STOCK" = "NO" ] ; then rm -f -r /opt/tmp/test-* check_connection _GITHUB_TEST=`git clone git://github.com/omega8cc/provision.git /opt/tmp/test-provision 2>&1` if [[ "$_GITHUB_TEST" =~ "fatal" ]] ; then echo " " msg "EXIT on error (provision) due to GitHub downtime" msg "Please try to run this script again in a few minutes" msg "You may want to check https://status.github.com/messages" msg "Bye" rm -f -r /opt/tmp/test-* exit 1 fi _GITHUB_TEST=`git clone git://github.com/omega8cc/hostmaster.git /opt/tmp/test-hostmaster 2>&1` if [[ "$_GITHUB_TEST" =~ "fatal" ]] ; then echo " " msg "EXIT on error (hostmaster) due to GitHub downtime" msg "Please try to run this script again in a few minutes" msg "You may want to check https://status.github.com/messages" msg "Bye" rm -f -r /opt/tmp/test-* exit 1 fi rm -f -r /opt/tmp/test-* fi if [[ "$_INSTALLER_VERSION" =~ "-dev" ]] && [ "$_USE_STOCK" = "NO" ] ; then rm -f -r /opt/tmp/test-* _GITHUB_TEST=`git clone git://github.com/omega8cc/boa.git /opt/tmp/test-boa 2>&1` if [[ "$_GITHUB_TEST" =~ "fatal" ]] ; then echo " " msg "EXIT on error (boa) due to GitHub downtime" msg "Please try to run this script again in a few minutes" msg "You may want to check https://status.github.com/messages" msg "Bye" rm -f -r /opt/tmp/test-* exit 1 fi rm -f -r /opt/tmp/test-* fi ###--------------------### if [ "$_STATUS" = "UPGRADE" ] ; then _DB_SERVER_TEST=`mysql -V 2>&1` if [[ "$_DB_SERVER_TEST" =~ "MariaDB" ]] ; then if [ "$_DB_SERVER" = "Percona" ] ; then _DB_SERVER_SRC=repo.percona.com else _DB_SERVER_SRC=ftp.osuosl.org fi else _DB_SERVER_SRC=repo.percona.com fi else if [ "$_DB_SERVER" = "Percona" ] ; then _DB_SERVER_SRC=repo.percona.com else _DB_SERVER_SRC=ftp.osuosl.org fi fi if ! netcat -w 8 -z $_DB_SERVER_SRC 80 ; then echo " " msg "EXIT on error due to $_DB_SERVER_SRC downtime" msg "Please try to run this script again in a few minutes" msg "or better yet, hours" msg "Bye" exit 1 fi ###--------------------### _BOA_REPO_NAME="boa" _BOA_REPO_GIT_URL="git://github.com/omega8cc" _BOA_REPO_GIT_URLX=${_BOA_REPO_GIT_URL//\//\\\/} if [ "$_AEGIR_VERSION" = "HEAD" ] && [ "$_USE_STOCK" = "NO" ] ; then check_git_repos_status fi ###--------------------### if [ -d "/usr/share/git-core" ] ; then chmod 644 /usr/share/git-core/templates/description &> /dev/null chmod 644 /usr/share/git-core/templates/hooks/* &> /dev/null chmod 644 /usr/share/git-core/templates/info/* &> /dev/null fi ###--------------------### msg "INFO: Downloading little helpers..." sleep 1 # # Git clone all cd /opt/tmp rm -f -r /opt/tmp/$_BOA_REPO_NAME if [ "$_AEGIR_VERSION" = "HEAD" ] ; then git clone $_BOA_REPO_GIT_URL/$_BOA_REPO_NAME.git &> /dev/null if [ ! -z "$_FORCE_GIT_MIRROR" ] ; then if [ "$_FORCE_GIT_MIRROR" = "test" ] ; then cd /opt/tmp/$_BOA_REPO_NAME git checkout 2.0.5-dev &> /dev/null cd /opt/tmp else _DO_NOTHING=YES fi fi else curl -L --max-redirs 10 -k -s --retry 10 --retry-delay 15 -A iCab "http://files.aegir.cc/versions/stable/tar/boa-$_INSTALLER_VERSION.tar.gz" | tar -xzf - _BOA_REPO_NAME="boa" fi # if [ ! -e "/opt/tmp/$_BOA_REPO_NAME/aegir/helpers/apt.conf.noninteractive" ] ; then echo " " msg "EXIT on error due to missing helpers" msg "Please try to run this script again in a few minutes" msg "Also, make sure that the git port 9418 is open" msg "Bye" exit 1 fi # Get apt helper rm -f apt.conf.noninteractive* cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/helpers/apt.conf.noninteractive ./ # # Create tmp stuff if [ "$_STATUS" = "INIT" ] ; then _LOG=/var/backups/barracuda-install-$_NOW.log else _LOG=/var/backups/barracuda-upgrade-$_NOW.log fi touch $_LOG chmod 600 $_LOG _SILENT=/opt/tmp/silent.log cd $_SRCDIR # # Get spinner rm -f spinner* cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/helpers/spinner ./ chmod +x spinner &> /dev/null # # Get axelerator if [ ! -e "/usr/bin/aptitude-fast" ] ; then git clone git://github.com/omega8cc/apt-fast.git /opt/tmp/apt-fast &> /dev/null cp -af /opt/tmp/apt-fast/apt-fast /usr/bin/aptitude-fast &> /dev/null chmod +x /usr/bin/aptitude-fast &> /dev/null cd /opt/tmp fi ###--------------------### msg "INFO: Checking BARRACUDA version..." if [ "$_AEGIR_VERSION" = "HEAD" ] ; then _FILE_VERSION=barracuda-release.txt else _FILE_VERSION=barracuda-version.txt fi if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/$_FILE_VERSION" ] ; then _VERSIONS_TEST=`cat /opt/tmp/$_BOA_REPO_NAME/aegir/conf/$_FILE_VERSION` if [[ "$_VERSIONS_TEST" =~ "-dev" ]] ; then if [[ "$_VERSIONS_TEST" =~ "$_INSTALLER_VERSION" ]] && [ "$_AEGIR_VERSION" = "HEAD" ] ; then _VERSIONS_TEST_RESULT=OK msg "INFO: BARRACUDA version test: OK" else _VERSIONS_TEST_RESULT=FAIL fi else if [[ "$_VERSIONS_TEST" =~ "$_INSTALLER_VERSION" ]] && [[ "$_AEGIR_VERSION" =~ "BOA" ]] ; then _VERSIONS_TEST_RESULT=OK msg "INFO: BARRACUDA version test: OK" else _VERSIONS_TEST_RESULT=FAIL fi fi if [ "$_VERSIONS_TEST_RESULT" = "FAIL" ] ; then msg "ERROR: This BARRACUDA version is outdated and will not work correctly" msg "Bye" exit 1 fi fi if [ -e "/var/log/barracuda_log.txt" ] ; then _LEGACY_TEST=`cat /var/log/barracuda_log.txt` if [[ "$_LEGACY_TEST" =~ "BOA-2.3." ]] && [[ "$_INSTALLER_VERSION" =~ "BOA-2.2." ]] ; then msg "ERROR: Your system has been already upgraded to BOA-2.3.x series" msg "ERROR: You can not downgrade back to legacy BOA-2.2.x series" msg "ERROR: Please use barracuda up-stable to upgrade this system" msg "Bye" exit 1 fi fi ###--------------------### if [ "$_STATUS" = "INIT" ] ; then if [ ! -z "$_LOCAL_NETWORK_IP" ] ; then if [ -z "$_LOCAL_NETWORK_HN" ] ; then msg "FATAL ERROR: you must specify also _LOCAL_NETWORK_HN" exit 1 else _DNS_SETUP_TEST=NO _SMTP_RELAY_TEST=NO _MY_OWNIP="$_LOCAL_NETWORK_IP" _MY_HOSTN="$_LOCAL_NETWORK_HN" _MY_FRONT="$_LOCAL_NETWORK_HN" fi fi fi ###--------------------### if [ "$_STATUS" = "INIT" ] ; then if [ "$_VMFAMILY" = "AWS" ] ; then _LOC_DOM="$_MY_HOSTN" find_correct_ip _MY_OWNIP="$_LOC_IP" fi _ETH_TEST=`ifconfig 2>&1` if [[ "$_ETH_TEST" =~ "venet0" ]] ; then _IFCONFIG="venet0" elif [ -e "/proc/bean_counters" ] ; then _IFCONFIG="venet0" else _IFCONFIG="eth0" fi if [ ! -z "$_MY_OWNIP" ] ; then if [ ! -z "$_MY_HOSTN" ] ; then _S_N=$_MY_HOSTN _S_T=${_S_N#*.*} _S_Q=${_S_N%%${_S_T}} _S_E=${_S_Q%*.*} if [ ! -z "$_LOCAL_NETWORK_HN" ] ; then if [ "$_EASY_LOCALHOST" = "YES" ] ; then _DO_NOTHING=YES else sed -i "s/^$_MY_OWNIP.*//g" /etc/hosts &> /dev/null echo "$_MY_OWNIP $_MY_HOSTN chive.$_MY_HOSTN sqlbuddy.$_MY_HOSTN cgp.$_MY_HOSTN $_S_E" >> /etc/hosts fi fi hostname -b $_MY_HOSTN ### force our custom FQDN/local hostname echo "$_MY_HOSTN" > /etc/hostname echo "$_MY_HOSTN" > /etc/mailname fi _THISHTIP="$_MY_OWNIP" _THISHOST="$_MY_HOSTN" _LOC_DOM="$_THISHOST" find_correct_ip _THISRDIP="$_LOC_IP" if [ "$_THISRDIP" = "$_THISHTIP" ] ; then _FQDNTEST="TRUE" _LOC_DOM="$_MY_FRONT" find_correct_ip _THEFRDIP="$_LOC_IP" if [ "$_THEFRDIP" = "$_THISHTIP" ] ; then _TESTHOST=`uname -n` _LOC_DOM="$_TESTHOST" find_correct_ip _TESTRDIP="$_LOC_IP" if [ "$_TESTRDIP" = "$_THISHTIP" ] ; then _FQDNTEST="TRUE" hostname -b $_TESTHOST else _FQDNTEST="FALSE" fi else _FQDNTEST="FALSE" fi else _FQDNTEST="FALSE" fi else _THISHTIP=`ifconfig $_IFCONFIG | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` if [[ "$_THISHTIP" =~ "127.0.0." ]] ; then _THISHTIP=`ifconfig ${_IFCONFIG}:0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` fi _FQDNPROB=`uname -n 2> /dev/null` _FQDNTEST="FALSE" _THISHOST=`uname -n` if [ ! -z "$_FQDNPROB" ] ; then _THISHOST=`uname -n` _THISHOST=${_THISHOST//[^a-zA-Z0-9-.]/} _THISHOST=`echo -n $_THISHOST | tr A-Z a-z` _LOC_DOM="$_THISHOST" find_correct_ip _THISRDIP="$_LOC_IP" if [ "$_THISRDIP" = "$_THISHTIP" ] ; then _FQDNTEST="TRUE" hostname -b $_THISHOST else _FQDNTEST="FALSE" _REVHOSTN=`host $_THISHTIP | cut -d: -f2 | awk '{ print $5}'` _REVHOSTN=`echo -n $_REVHOSTN |sed 's/\(.*\)./\1/'` _REVHOSTN=${_REVHOSTN//[^a-zA-Z0-9-.]/} _REVHOSTN=`echo -n $_REVHOSTN | tr A-Z a-z` _LOC_DOM="$_REVHOSTN" find_correct_ip _REVHSTIP="$_LOC_IP" if [ "$_REVHSTIP" = "$_THISHTIP" ] ; then hostname -b $_REVHOSTN _THISHOST="$_REVHOSTN" _FQDNTEST="TRUE" else _FQDNTEST="FALSE" fi fi else _REVHOSTN=`host $_THISHTIP | cut -d: -f2 | awk '{ print $5}'` _REVHOSTN=`echo -n $_REVHOSTN |sed 's/\(.*\)./\1/'` _REVHOSTN=${_REVHOSTN//[^a-zA-Z0-9-.]/} _REVHOSTN=`echo -n $_REVHOSTN | tr A-Z a-z` _LOC_DOM="$_REVHOSTN" find_correct_ip _REVHSTIP="$_LOC_IP" if [ "$_REVHSTIP" = "$_THISHTIP" ] ; then hostname -b $_REVHOSTN _THISHOST="$_REVHOSTN" _FQDNTEST="TRUE" else _FQDNTEST="FALSE" fi fi fi if [ ! -z "$_MY_FRONT" ] ; then _THIS_FRONT="$_MY_FRONT" else _THIS_FRONT="$_THISHOST" fi if [ "$_DNS_SETUP_TEST" = "NO" ] ; then _FQDNTEST=TRUE fi if [ "$_THISHOST" = "localhost" ] ; then msg "FATAL ERROR: you can't use localhost as your FQDN hostname" msg "Please try something like: aegir.local" exit 1 fi if [ "$_FQDNTEST" = "FALSE" ] ; then echo " " msg "EXIT on error due to invalid DNS setup" if [ ! -z "$_MY_OWNIP" ] ; then cat < /etc/hostname echo "$_THISHOST" > /etc/mailname hostname -b $_THISHOST msg "INFO: DNS test: OK" fi echo " " msg "INSTALL START -> checkpoint: " cat < checkpoint: " cat < /dev/null mkdir -p /var/backups/dragon/{x,z,t} ###--------------------### msg "INFO: Installing extra Drush versions" get_drush_versions ###--------------------### if [ "$_STATUS" = "UPGRADE" ] ; then if [[ "$_INSTALLER_VERSION" =~ "2.2.2" ]] ; then cp -af /etc/ssl/private/nginx-wild-ssl.crt /etc/ssl/private/pre-2.2.2-nginx-wild-ssl.crt cp -af /etc/ssl/private/nginx-wild-ssl.key /etc/ssl/private/pre-2.2.2-nginx-wild-ssl.key openssl req -x509 -nodes -days 7300 -subj "/C=US/ST=New York/O=Aegir/OU=Cloud/L=New York/CN=*.$_THISHOST" -newkey rsa:4096 -keyout /etc/ssl/private/nginx-wild-ssl.key -out /etc/ssl/private/nginx-wild-ssl.crt -batch 2> /dev/null sed -i "s/.*variables_hash_max_size .*//g" /var/aegir/config/server_master/nginx.conf &> /dev/null sed -i "s/fastcgi_temp_file_write_size .*/fastcgi_temp_file_write_size 256k;\n variables_hash_max_size 1024;/g" /var/aegir/config/server_master/nginx.conf &> /dev/null mrun "service nginx restart" &> /dev/null fi if [ "$_AEGIR_UPGRADE_ONLY" = "YES" ] && [ "$_SYSTEM_UPGRADE_ONLY" = "NO" ] ; then echo " " upgrade_aegir_master mrun "sleep 8" mrun "service nginx reload" &> /dev/null finale exit 0 fi fi ###--------------------### if [ -e "/etc/init.d/buagent" ] ; then mv -f /etc/init.d/buagent /var/backups/buagent-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null fi ###--------------------### if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then msg "WARN: Squeeze to Wheezy upgrade will start in 60 seconds..." msg "WARN: Now pray it will work... or hit ctrl-c to stop now!" if [ ! -e "/root/.upstart.cnf" ] ; then service cron stop &> /dev/null mrun "sleep 60" fi mv -f /etc/resolv.conf /etc/resolv.conf.pre-dist-upgrade echo "nameserver 8.8.8.8" >/etc/resolv.conf echo "nameserver 8.8.4.4" >>/etc/resolv.conf cat /etc/resolv.conf.pre-dist-upgrade >>/etc/resolv.conf mv -f /var/xdrago /var/xdrago_wait &> /dev/null mv -f /var/xdrago /var/xdrago_wait &> /dev/null msg "WARN: Too late! Squeeze to Wheezy upgrade in progress..." msg "HINT: Run tail -f $_LOG" msg "HINT: in another terminal window to watch details" _FULL_FORCE_REINSTALL=YES _PURGE_MODE=OFF rm -f /var/aegir/config/server_master/nginx/pre.d/nginx_speed_purge.conf if [ -e "/etc/init.d/bind" ] ; then rm -f /etc/init.d/bind fi if [ -e "/etc/default/tomcat" ] && [ -e "/etc/init.d/tomcat" ] ; then service tomcat stop &> /dev/null mv /etc/init.d/tomcat /etc/init.d/offtomcat kill -9 $(ps aux | grep '[t]omcat' | awk '{print $2}') &> /dev/null fi mrun "apt-get remove collectd -y --force-yes" &> /dev/null touch /etc/php5/conf.d/{opcache.ini,apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null mrun "aptitude remove php5 php5-cgi php5-curl php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-ldap php5-mcrypt php5-memcache php5-mysql php5-sqlite php5-xmlrpc php5-xsl -y" &> /dev/null mrun "apt-get autoremove -y --force-yes" &> /dev/null mrun "aptitude remove phpunit php-pear php-benchmark -y" &> /dev/null mrun "aptitude remove php5-cli php5-common -y" &> /dev/null mrun "aptitude remove php5-apc -y" &> /dev/null mrun "aptitude remove php-apc -y" &> /dev/null rm -f /etc/php5/conf.d/{opcache.ini,apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null mrun "apt-get purge svscan -y" &> /dev/null mrun "apt-get purge pound -y" &> /dev/null mrun "apt-get update -y" &> /dev/null mrun "apt-get autoremove -y --force-yes" &> /dev/null mrun "apt-get install apt dpkg aptitude -f -y --force-yes -q --config-file /opt/tmp/apt.conf.noninteractive" 2> /dev/null mrun "apt-get dist-upgrade -f -y --force-yes -q --config-file /opt/tmp/apt.conf.noninteractive" 2> /dev/null install_upgrade_nginx if [ -e "/etc/init.d/bind9" ] && [ ! -e "/etc/init.d/bind" ] ; then ln -sf /etc/init.d/bind9 /etc/init.d/bind fi if [ -d "/var/www/cgp" ] ; then st_runner "apt-get install collectd -y --force-yes" 2> /dev/null fi _L_VM_TEST=`uname -a 2>&1` if [[ "$_L_VM_TEST" =~ beng ]] ; then _REMOVE_LINKS="halt hwclock.sh hwclockfirst.sh ifupdown ifupdown-clean klogd mountall-bootclean.sh mountall.sh mountdevsubfs.sh mountkernfs.sh mountnfs-bootclean.sh mountnfs.sh mountoverflowtmp mountvirtfs mtab.sh networking reboot setserial umountfs umountnfs.sh umountroot urandom" for link in $_REMOVE_LINKS do update-rc.d -f $link remove &> /dev/null done fi mrun "aptitude update -y" &> /dev/null mrun "dpkg --configure --force-all -a" 2> /dev/null mrun "aptitude full-upgrade -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold" 2> /dev/null echo rotate > /var/log/syslog &> /dev/null mv -f /var/xdrago_wait /var/xdrago &> /dev/null msg "INFO: No errors? Then Squeeze to Wheezy upgrade was successful - congrats!" msg "HINT: Please remember to reboot when Barracuda will complete all upgrades" fi ###--------------------### if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then _FULL_FORCE_REINSTALL=YES msg "WARN: Lenny to Squeeze upgrade will start in 60 seconds..." msg "WARN: Now pray it will work... or hit ctrl-c to stop now!" if [ ! -e "/root/.upstart.cnf" ] ; then service cron stop &> /dev/null mrun "sleep 60" fi mv -f /etc/resolv.conf /etc/resolv.conf.pre-dist-upgrade echo "nameserver 8.8.8.8" >/etc/resolv.conf echo "nameserver 8.8.4.4" >>/etc/resolv.conf cat /etc/resolv.conf.pre-dist-upgrade >>/etc/resolv.conf mv -f /var/xdrago /var/xdrago_wait &> /dev/null msg "WARN: Too late! Lenny to Squeeze upgrade in progress..." msg "HINT: Run tail -f $_LOG" msg "HINT: in another terminal window to watch details" if [ -e "/etc/init.d/bind" ] ; then rm -f /etc/init.d/bind fi if [ -e "/etc/default/tomcat" ] && [ -e "/etc/init.d/tomcat" ] ; then service tomcat stop &> /dev/null mv /etc/init.d/tomcat /etc/init.d/offtomcat kill -9 $(ps aux | grep '[t]omcat' | awk '{print $2}') &> /dev/null fi mrun "apt-get remove collectd -y --force-yes" &> /dev/null mrun "apt-get remove libc-client2007b-dev -y --force-yes" &> /dev/null mrun "apt-get purge svscan -y" &> /dev/null mrun "apt-get purge pound -y" &> /dev/null if [[ "$_L_VM_TEST" =~ beng ]] ; then mrun "apt-get remove udev -y --force-yes" &> /dev/null fi mrun "apt-get remove lsb-release -y --force-yes" &> /dev/null mrun "apt-get update -y" &> /dev/null mrun "apt-get autoremove -y --force-yes" &> /dev/null mrun "apt-get install apt dpkg aptitude -f -y --force-yes -q --config-file /opt/tmp/apt.conf.noninteractive" 2> /dev/null mrun "apt-get dist-upgrade -f -y --force-yes -q --config-file /opt/tmp/apt.conf.noninteractive" 2> /dev/null mrun "apt-get install libgeoip1 libgeoip-dev geoip-database -y --force-yes" 2> /dev/null install_latest_git install_upgrade_nginx if [ -e "/etc/init.d/bind9" ] && [ ! -e "/etc/init.d/bind" ] ; then ln -sf /etc/init.d/bind9 /etc/init.d/bind fi if [ -d "/var/www/cgp" ] ; then mrun "apt-get install collectd -y --force-yes" 2> /dev/null fi mrun "apt-get install udev lsb-release libc-client2007e-dev -y --force-yes" 2> /dev/null _L_VM_TEST=`uname -a 2>&1` if [[ "$_L_VM_TEST" =~ beng ]] ; then _REMOVE_LINKS="halt hwclock.sh hwclockfirst.sh ifupdown ifupdown-clean klogd mountall-bootclean.sh mountall.sh mountdevsubfs.sh mountkernfs.sh mountnfs-bootclean.sh mountnfs.sh mountoverflowtmp mountvirtfs mtab.sh networking reboot setserial umountfs umountnfs.sh umountroot urandom" for link in $_REMOVE_LINKS do update-rc.d -f $link remove &> /dev/null done fi mrun "aptitude update -y" &> /dev/null mrun "dpkg --configure --force-all -a" 2> /dev/null mrun "aptitude full-upgrade -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold --allow-unauthenticated" 2> /dev/null echo rotate > /var/log/syslog &> /dev/null mv -f /var/xdrago_wait /var/xdrago &> /dev/null msg "INFO: No errors? Then Lenny to Squeeze upgrade was successful - congrats!" msg "HINT: Please remember to reboot when Barracuda will complete all upgrades" fi ###--------------------### if [ -d "/etc/webmin" ] ; then if [ ! -e "/var/xdrago/log/webmin_update_apt_src.log" ] ; then cd /var/opt echo "## Webmin APT Repository" > /etc/apt/sources.list.d/webmin.list echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list.d/webmin.list echo "deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib" >> /etc/apt/sources.list.d/webmin.list _KEYS_SERVER_TEST=FALSE until [[ "$_KEYS_SERVER_TEST" =~ "GnuPG" ]] ; do rm -f jcameron-key.asc* wget -q -U iCab http://files.aegir.cc/dev/jcameron-key.asc _KEYS_SERVER_TEST=`grep GnuPG jcameron-key.asc 2> /dev/null` sleep 2 done cat jcameron-key.asc | apt-key add - &> /dev/null rm -f jcameron-key.asc* touch /var/xdrago/log/webmin_update_apt_src.log fi fi ###--------------------### msg "INFO: Running aptitude update..." if [ "$_REL_VERSION" = "lenny" ] ; then sed -i "s/^deb.*security.debian.org.*/## security updates no longer available for lenny/g" /etc/apt/sources.list &> /dev/null sed -i "s/ftp.*debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null sed -i "s/volatile.debian.org/archive.debian.org/g" /etc/apt/sources.list &> /dev/null else st_runner "dpkg --configure --force-all -a" 2> /dev/null fi st_runner "aptitude update -y" &> /dev/null _DB_SERVER_TEST=`mysql -V 2>&1` if [ "$_STATUS" = "INIT" ] ; then st_runner "aptitude safe-upgrade -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold" 2> /dev/null st_runner "aptitude update -y" &> /dev/null st_runner "aptitude full-upgrade -f -y -q -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold" 2> /dev/null st_runner "aptitude autoclean -y" &> /dev/null else echo "gnupg-curl install" | dpkg --set-selections &> /dev/null if [ -e "/etc/php5/conf.d" ] ; then touch /etc/php5/conf.d/{opcache.ini,apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null fi st_runner "aptitude remove php5 php5-cgi php5-curl php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-ldap php5-mcrypt php5-memcache php5-mysql php5-sqlite php5-xmlrpc php5-xsl -y" &> /dev/null st_runner "apt-get autoremove -y --force-yes" &> /dev/null st_runner "aptitude remove phpunit php-pear php-benchmark -y" &> /dev/null st_runner "aptitude remove php5-cli php5-common -y" &> /dev/null st_runner "aptitude remove php5-apc -y" &> /dev/null st_runner "aptitude remove php-apc -y" &> /dev/null if [ -e "/etc/php5/conf.d" ] ; then rm -f /etc/php5/conf.d/{opcache.ini,apc.ini,imagick.ini,memcached.ini,redis.ini,suhosin.ini,newrelic.ini} &> /dev/null fi if [ "$_REL_VERSION" = "squeeze" ] ; then rm -f /etc/apt/sources.list.d/dotdeb.list fi rm -f /var/lib/mysql/debian-*.flag &> /dev/null _KEYS_SERVER_TEST=FALSE if [ ! -e "/root/.upstart.cnf" ] ; then service cron stop &> /dev/null fi if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ] ; then csf -x &> /dev/null fi until [[ "$_KEYS_SERVER_TEST" =~ "MariaDB" ]] ; do _KEYS_SERVER_TEST=`apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 1BB943DB 2>&1` sleep 2 done _UP_JDK=NO _UP_LNX=NO _UP_NRC=NO _UP_PHP=NO check_apt_updates fi ###--------------------### if [ "$_STATUS" = "INIT" ] ; then msg "INFO: Installing required libraries and tools" else msg "INFO: Upgrading required libraries and tools" if [ ! -e "/etc/init.d/php5-fpm" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/php5-fpm-init-vanilla /etc/init.d/php5-fpm fi fi msg "NOTE! This step may take a few minutes, please wait..." if [ "$_STATUS" = "INIT" ] ; then if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then _APT_XTRA="openjdk-7-jdk openjdk-6-jdk nginx" else _APT_XTRA="openjdk-6-jdk nginx" fi _APT_ELSE="netcat nginx" else if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then _APT_XTRA="openjdk-7-jdk openjdk-6-jdk" else _APT_XTRA="openjdk-6-jdk" fi _APT_ELSE="netcat" st_runner "aptitude remove nginx-extras -y" &> /dev/null st_runner "aptitude remove nginx -y" &> /dev/null st_runner "aptitude remove nginx-common -y" &> /dev/null st_runner "aptitude remove nginx-full -y" &> /dev/null st_runner "aptitude remove redis-server -y" &> /dev/null st_runner "apt-get autoremove -y --force-yes" &> /dev/null st_runner "apt-get update -y" &> /dev/null fi _EXTRA_LIB_APT="libmcrypt-dev" if [ ! -z "$_EXTRA_PACKAGES" ] ; then _EXTRA_PACKAGES="screen $_EXTRA_PACKAGES" else _EXTRA_PACKAGES="screen" fi _ETH_TEST=`ifconfig 2>&1` _VM_TEST=`uname -a 2>&1` if [[ "$_ETH_TEST" =~ "venet0" ]] || [ -e "/proc/bean_counters" ] ; then _IS_VZ="YES" else _IS_VZ="NO" fi if [ "$_IS_VZ" = "YES" ] || [ -e "/root/.use.sysklogd.cnf" ] ; then _SYSLOGD=sysklogd mrun "apt-get purge rsyslog -y" &> /dev/null mrun "killall -9 rsyslogd" &> /dev/null else _SYSLOGD=rsyslog fi if [ "$_NGINX_SPDY" = "YES" ] || [ "$_SSL_FROM_SOURCES" = "YES" ] || [ "$_NGINX_FORWARD_SECRECY" = "YES" ] ; then if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then _SSB_SRC=NO else _SSB_SRC=YES fi else _SSB_SRC=NO fi if [ "$_SSB_SRC" = "YES" ] ; then _EXTRA_PACKAGES="libcurl4-openssl-dev $_EXTRA_PACKAGES" else _EXTRA_PACKAGES="curl libcurl4-openssl-dev $_EXTRA_PACKAGES" fi if [ "$_REL_VERSION" = "trusty" ] ; then _EXTRA_PACKAGES="libgd2-noxpm-dev libgd2-xpm-dev libgd2-dev libgd3 libxpm-dev $_EXTRA_PACKAGES" else _EXTRA_PACKAGES="libgd2-xpm $_EXTRA_PACKAGES" fi if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "squeeze" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "lucid" ] || [ "$_REL_VERSION" = "maverick" ] || [ "$_REL_VERSION" = "natty" ] ; then _DEBDEPS="apticron aptitude auditd autoconf2.13 automake automake1.4 autotools-dev bc bison build-essential cron cvs defoma devscripts dnsutils dstat flex fontconfig-config ghostscript gnupg imagemagick htop ifstat iptables libapr1 lemon libaprutil1 libc-client-dev libc-client2007e libc-client2007e-dev libfilesys-diskspace-perl libfontconfig1 libfreetype6 libfreetype6-dev libfribidi0 libhtml-template-perl libjpeg-dev libjpeg62 $_EXTRA_LIB_APT libnet-daemon-perl libpcre3 libpcre3-dev libplrpc-perl libpng12-0 libpng12-dev libpq5 libsasl2-modules libssl-dev libt1-5 libt1-dev libtool libwww-perl libxml2-dev libxpm4 libxslt-dev libxslt1-dbg libxslt1-dev libxslt1.1 lftp m4 makepasswd mc mcrypt nano netcat ncurses-dev $_APT_XTRA postfix postfix-pcre pwgen python-dev cython re2c rsync shtool ssh ssl-cert subversion sudo sysstat sysvinit-utils t1lib-bin telnet time ttf-dejavu ttf-dejavu-core ttf-dejavu-extra unzip vim whois xml-core xml2 zip zlib1g-dev zlibc xpdf catdoc unrtf pdftk libterm-readkey-perl rrdtool libpam-umask ntpdate p7zip-full sipcalc $_SYSLOGD libgmp3-dev symlinks libgeoip1 libgeoip-dev geoip-database libmagickwand-dev gettext ncurses-term udev libpam-unix2 libxcrypt1 s3cmd python-software-properties ldap-utils $_EXTRA_PACKAGES" elif [ "$_REL_VERSION" = "lenny" ] ; then _DEBDEPS="apticron aptitude auditd autoconf2.13 automake automake1.4 autotools-dev bc bison build-essential cron cvs defoma devscripts dnsutils dstat flex fontconfig-config ghostscript gnupg imagemagick htop ifstat iptables lemon libapr1 libaprutil1 libc-client-dev libc-client2007b libc-client2007b-dev libfilesys-diskspace-perl libfontconfig1 libfreetype6 libfreetype6-dev libfribidi0 libhtml-template-perl libjpeg-dev libjpeg62 $_EXTRA_LIB_APT libnet-daemon-perl libpcre3 libpcre3-dev libplrpc-perl libpng12-dev libpng12-0 libpq5 libsasl2-modules libssl-dev libt1-5 libt1-dev libtool libwww-perl libxml2-dev libxpm4 libxslt-dev libxslt1-dbg libxslt1-dev libxslt1.1 lftp m4 makepasswd mc mcrypt nano $_APT_ELSE ncurses-dev openjdk-6-jdk postfix postfix-pcre pwgen python-dev cython re2c rsync shtool ssh ssl-cert subversion sudo sysstat sysvconfig t1lib-bin telnet time ttf-dejavu ttf-dejavu-core ttf-dejavu-extra vim whois xml-core xml2 zlib1g-dev zlibc unzip zip xpdf catdoc unrtf pdftk libterm-readkey-perl rrdtool libpam-umask ntpdate p7zip-full sipcalc $_SYSLOGD libgmp3-dev symlinks libgeoip1 libgeoip-dev libmagick9-dev gettext ncurses-term udev ldap-utils $_EXTRA_PACKAGES" else _DEBDEPS="apticron aptitude auditd autoconf2.13 automake automake1.4 autotools-dev bc bison build-essential cron cvs defoma devscripts dnsutils dstat flex fontconfig-config ghostscript gnupg imagemagick htop ifstat iptables lemon libapr1 libaprutil1 libc-client-dev libc-client2007b libc-client2007b-dev libfilesys-diskspace-perl libfontconfig1 libfreetype6 libfreetype6-dev libfribidi0 libhtml-template-perl libjpeg-dev libjpeg62 $_EXTRA_LIB_APT libnet-daemon-perl libpcre3 libpcre3-dev libplrpc-perl libpng12-dev libpng12-0 libpq5 libsasl2-modules libssl-dev libt1-5 libt1-dev libtool libwww-perl libxml2-dev libxpm4 libxslt-dev libxslt1-dbg libxslt1-dev libxslt1.1 lftp m4 makepasswd mc mcrypt nano $_APT_ELSE ncurses-dev openjdk-6-jdk postfix postfix-pcre pwgen python-dev cython re2c rsync shtool ssh ssl-cert subversion sudo sysstat sysvinit-utils t1lib-bin telnet time ttf-dejavu ttf-dejavu-core ttf-dejavu-extra vim whois xml-core xml2 zlib1g-dev zlibc unzip zip xpdf catdoc unrtf pdftk libterm-readkey-perl rrdtool libpam-umask ntpdate p7zip-full sipcalc $_SYSLOGD libgmp3-dev symlinks libgeoip1 libgeoip-dev libmagick9-dev gettext ncurses-term udev ldap-utils $_EXTRA_PACKAGES" fi install_with_aptitude_deps () { st_runner "$_INSTAPP $_DEBDEPS" 2> /dev/null if [[ "$_XTRAS_LIST" =~ "FMG" ]] ; then if [ "$_REL_VERSION" = "squeeze" ] ; then _EXTRA_APT="tree ffmpeg flvtool2 libavcodec52" elif [ "$_REL_VERSION" = "lucid" ] || [ "$_REL_VERSION" = "maverick" ] || [ "$_REL_VERSION" = "natty" ] ; then _EXTRA_APT="tree ffmpeg flvtool2 libavcodec-extra-52" elif [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "oneiric" ] ; then _EXTRA_APT="tree ffmpeg flvtool2 libavcodec-extra-53" else _EXTRA_APT="tree ffmpeg flvtool2 libavcodec51" fi else _EXTRA_APT="tree" fi st_runner "apt-get install $_EXTRA_APT -f -y --force-yes -q --config-file /opt/tmp/apt.conf.noninteractive" 2> /dev/null } install_percona_sql () { cd /var/opt _KEYS_SERVER_TEST=FALSE until [[ "$_KEYS_SERVER_TEST" =~ "Percona" ]] ; do _KEYS_SERVER_TEST=`gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A 2>&1` sleep 2 done gpg -a --export CD2EFD2A | apt-key add - &> /dev/null _THIS_REL_VERSION="$_REL_VERSION" echo "## Percona APT Repository" > /etc/apt/sources.list.d/percona.list echo "deb http://repo.percona.com/apt $_THIS_REL_VERSION main" >> /etc/apt/sources.list.d/percona.list echo "deb-src http://repo.percona.com/apt $_THIS_REL_VERSION main" >> /etc/apt/sources.list.d/percona.list st_runner "apt-get autoremove -y --force-yes" &> /dev/null st_runner "aptitude remove mysql-common -y" &> /dev/null st_runner "apt-get purge mysql-common -y" &> /dev/null st_runner "apt-get autoremove -y --force-yes" &> /dev/null st_runner "apt-get update -y" &> /dev/null SQLDEB="percona-server-server-5.5" if [ "$_REL_VERSION" = "squeeze" ] ; then SQLADD="libmysqlclient-dev libdbd-mysql-perl python-mysqldb libdbi-perl percona-toolkit" else SQLADD="libmysqlclient-dev libdbd-mysql-perl python-mysqldb libdbi-perl" fi } install_mariadb_sql () { cd /var/opt _KEYS_SERVER_TEST=FALSE until [[ "$_KEYS_SERVER_TEST" =~ "MariaDB" ]] ; do _KEYS_SERVER_TEST=`apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 1BB943DB 2>&1` sleep 2 done if [ "$_REL_VERSION" = "trusty" ] ; then st_runner "$_INSTAPP software-properties-common" 2> /dev/null fi if [ "$_THIS_OS" = "Debian" ] ; then _THIS_OS_NAME=debian elif [ "$_THIS_OS" = "Ubuntu" ] ; then _THIS_OS_NAME=ubuntu fi if [ "$_REL_VERSION" = "trusty" ] ; then _DB_SERIES=10.0 _MARIADB_VERSION="$_MARIADB_10_VERSION" msg "INFO: Forced MariaDB $_MARIADB_VERSION in $_THIS_OS/$_REL_VERSION" elif [ "$_REL_VERSION" = "lenny" ] ; then _DB_SERIES=5.3 _MARIADB_VERSION=5.3.12 msg "INFO: Forced MariaDB $_MARIADB_VERSION in $_THIS_OS/$_REL_VERSION" else if [ "$_DB_SERIES" = "10.0" ] || [ "$_DB_SERIES" = "5.5" ] ; then _DO_NOTHING=YES else _DB_SERIES=5.5 _MARIADB_VERSION="$_MARIADB_5_VERSION" msg "INFO: Forced MariaDB $_MARIADB_VERSION in $_THIS_OS/$_REL_VERSION" fi if [ -z "$_DB_SERIES" ] ; then _DB_SERIES=5.5 _MARIADB_VERSION="$_MARIADB_5_VERSION" msg "INFO: Forced MariaDB $_MARIADB_VERSION in $_THIS_OS/$_REL_VERSION" fi fi _THIS_REL_VERSION="$_REL_VERSION" echo "## MariaDB APT Repository" > /etc/apt/sources.list.d/mariadb.list echo "deb http://ftp.osuosl.org/pub/mariadb/repo/$_DB_SERIES/$_THIS_OS_NAME $_THIS_REL_VERSION main" >> /etc/apt/sources.list.d/mariadb.list echo "deb-src http://ftp.osuosl.org/pub/mariadb/repo/$_DB_SERIES/$_THIS_OS_NAME $_THIS_REL_VERSION main" >> /etc/apt/sources.list.d/mariadb.list st_runner "aptitude remove mytop -y" &> /dev/null st_runner "apt-get purge mytop -y" &> /dev/null rm -f /usr/bin/mytop st_runner "apt-get autoremove -y --force-yes" &> /dev/null st_runner "aptitude remove mysql-common -y" &> /dev/null st_runner "apt-get purge mysql-common -y" &> /dev/null st_runner "aptitude remove percona-server-common-5.5 -y" &> /dev/null st_runner "apt-get purge percona-server-common-5.5 -y" &> /dev/null st_runner "apt-get autoremove -y --force-yes" &> /dev/null st_runner "apt-get update -y" &> /dev/null SQLDEB="mariadb-server-$_DB_SERIES mariadb-client-$_DB_SERIES mariadb-common" SQLADD="libmariadbclient-dev libmariadbclient16 libmariadbd-dev libdbd-mysql-perl python-mysqldb libdbi-perl" } install_with_aptitude_sql () { if [ "$_REL_VERSION" = "squeeze" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "lucid" ] ; then _PERCONA_READY=YES msg "INFO: Installing $_DB_SERVER, please wait..." else _PERCONA_READY=NO msg "INFO: Installing MariaDB, please wait..." fi if [ "$_PERCONA_READY" = "YES" ] && [ "$_DB_SERVER" = "Percona" ] ; then install_percona_sql st_runner "$_INSTAPP mytop" 2> /dev/null else install_mariadb_sql st_runner "$_INSTAPP mytop" 2> /dev/null echo "fixed-mytop-mariadb" > /var/xdrago/log/fixed-mytop-mariadb.log fi st_runner "$_INSTAPP $SQLDEB" 2> /dev/null st_runner "$_INSTAPP $SQLADD" 2> /dev/null st_runner "$_INSTAPP $SQLDEB" 2> /dev/null } ###--------------------### if [ "$_STATUS" = "INIT" ] ; then st_runner "aptitude remove exim4 exim4-base exim4-config sendmail sendmail-base sendmail-cf sendmail-bin -y" &> /dev/null st_runner "apt-get purge exim4 exim4-base exim4-config sendmail sendmail-base sendmail-cf sendmail-bin -y" &> /dev/null st_runner "apt-get autoremove -y --force-yes" &> /dev/null rm -f /etc/aliases rm -f -r /etc/mail killall -9 sendmail &> /dev/null else _POSTFIX_TEST=`grep "fatal: open lock file" /var/log/mail.log 2>&1` if [[ "$_POSTFIX_TEST" =~ "fatal: open lock file" ]] ; then mrun "dpkg --configure -a" &> /dev/null mrun "apt-get clean -qq" &> /dev/null mrun "apt-get update -qq" &> /dev/null mrun "apt-get purge postfix -y" &> /dev/null echo > /var/log/mail.log fi fi install_with_aptitude_deps fix_locales if [ "$_LOCALE_TEST" = "BROKEN" ] ; then _STRONG_PASSWORDS=NO fi if [ ! -e "/etc/aliases" ] ; then echo "postmaster: root" > /etc/aliases newaliases &> /dev/null fi if [ "$_NGINX_SPDY" = "YES" ] || [ "$_SSL_FROM_SOURCES" = "YES" ] || [ "$_NGINX_FORWARD_SECRECY" = "YES" ] ; then if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then _DO_NOTHING=YES else install_ssl_src install_ssh_src install_curl_src fi fi if [ "$_SSH_FROM_SOURCES" = "YES" ] ; then install_ssh_src fi if [ "$_LENNY_TO_SQUEEZE" = "NO" ] ; then install_latest_git install_upgrade_nginx fi if [ "$_STATUS" = "INIT" ] ; then service cron stop &> /dev/null if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ] ; then csf -x &> /dev/null fi install_with_aptitude_sql else if [ "$_UP_NRC" = "YES" ] ; then update_newrelic fi _SQL_UPGRADE=NO if [[ "$_DB_SERVER_TEST" =~ "MariaDB" ]] ; then _SQL_TEST_UPGRADE=NO else _SQL_TEST_UPGRADE=YES fi if [ "$_SQL_TEST_UPGRADE" = "YES" ] && [ "$_DB_SERVER" = "MariaDB" ] ; then _SQL_UPGRADE=YES fi if [ "$_REL_VERSION" = "squeeze" ] && [[ "$_DB_SERVER_TEST" =~ "MariaDB" ]] && [[ "$_DB_SERVER_TEST" =~ " 5.3." ]] ; then _SQL_UPGRADE=YES fi if [[ "$_DB_SERVER_TEST" =~ "MariaDB" ]] ; then if [[ "$_DB_SERVER_TEST" =~ " 5.1." ]] || [[ "$_DB_SERVER_TEST" =~ " 5.2." ]] ; then _SQL_UPGRADE=YES fi if [ "$_DB_SERIES" = "10.0" ] ; then if [[ "$_DB_SERVER_TEST" =~ "10.0." ]] ; then _DO_NOTHING=YES else _SQL_UPGRADE=YES fi elif [ "$_DB_SERIES" = "5.5" ] ; then if [[ "$_DB_SERVER_TEST" =~ "5.5." ]] ; then _DO_NOTHING=YES else _SQL_UPGRADE=YES fi if [[ "$_DB_SERVER_TEST" =~ "10.0." ]] ; then _SQL_UPGRADE=NO fi fi fi if [ "$_SQL_FORCE_REINSTALL" = "YES" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then _SQL_UPGRADE=YES fi if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then _SQL_UPGRADE=NO fi if [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then _SQL_UPGRADE=NO fi if [ "$_SQL_UPGRADE" = "YES" ] ; then service cron stop &> /dev/null if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ] ; then csf -x &> /dev/null fi msg "INFO: Running $_DB_SERVER upgrade and then PHP-FPM forced rebuild, please wait..." mrun "sleep 50" mrun "service nginx stop" &> /dev/null if [ "$_DB_SERVER" = "Percona" ] ; then rm -f /etc/apt/sources.list.d/mariadb.list rm -f /etc/apt/sources.list.d/ourdelta.list st_runner "apt-get update -y" &> /dev/null elif [ "$_DB_SERVER" = "MariaDB" ] ; then rm -f /etc/apt/sources.list.d/percona.list rm -f /etc/apt/sources.list.d/ourdelta.list _KEYS_SERVER_TEST=FALSE until [[ "$_KEYS_SERVER_TEST" =~ "MariaDB" ]] ; do _KEYS_SERVER_TEST=`apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 1BB943DB 2>&1` sleep 2 done st_runner "apt-get update -y" &> /dev/null fi cp -af /etc/mysql/debian-start /etc/mysql/debian-start-mariadb &> /dev/null sed -i "s/.*default-table-type/#default-table-type/g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*language/#language/g" /etc/mysql/my.cnf &> /dev/null rm -f /var/lib/mysql/debian-*.flag &> /dev/null rm -f /var/lib/mysql/mysql_upgrade_info &> /dev/null install_with_aptitude_sql _THIS_DB_SERVER_TEST=`mysql -V 2>&1` if [[ "$_THIS_DB_SERVER_TEST" =~ "5.5." ]] || [[ "$_THIS_DB_SERVER_TEST" =~ "10.0" ]] ; then _DO_NOTHING=YES else sed -i "s/.*lc_messages_dir /#lc_messages_dir /g" /etc/mysql/my.cnf &> /dev/null sed -i "s/.*lc_messages /#lc_messages /g" /etc/mysql/my.cnf &> /dev/null fi if [[ "$_THIS_DB_SERVER_TEST" =~ "MariaDB" ]] ; then sed -i "s/.*innodb_lazy_drop_table /#innodb_lazy_drop_table /g" /etc/mysql/my.cnf &> /dev/null fi _PHP_FORCE_REINSTALL=YES mrun "sleep 8" msg "INFO: Restarting $_DB_SERVER server, please wait..." mrun "service mysql restart" &> /dev/null mrun "service nginx start" &> /dev/null if [ -e "/usr/sbin/csf" ] && [ -e "/etc/csf/csf.deny" ] ; then mrun "csf -e" &> /dev/null fi msg "INFO: Restarting $_DB_SERVER server completed" fi fi ###--------------------### run_aptitude_full_upgrade install_with_aptitude_deps mrun "service php5-fpm stop" &> /dev/null st_runner "update-rc.d -f php5-fpm remove" &> /dev/null install_latest_git install_upgrade_nginx kill_nash fix_sftp_ftps_modern disable_old_purge_cruft_machine enable_weekly_usage_monitor install_wkhtmltopdf install_wkhtmltoimage ###--------------------### if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "oneiric" ] || [ "$_REL_VERSION" = "natty" ] ; then if [ ! -L "/usr/lib/libXpm.so" ] ; then msg "INFO: Fix #1 for libs in $_THIS_OS $_REL_VERSION" _X86_64_TEST=`uname -m` if [ "$_X86_64_TEST" = "x86_64" ] ; then ln -sf /usr/lib/x86_64-linux-gnu/libgmp.so /usr/lib/libgmp.so ln -sf /usr/lib/x86_64-linux-gnu/libjpeg.so /usr/lib/libjpeg.so ln -sf /usr/lib/x86_64-linux-gnu/libkrb5.so /usr/lib/libkrb5.so ln -sf /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/libldap.so ln -sf /usr/lib/x86_64-linux-gnu/libpng.so /usr/lib/libpng.so ln -sf /usr/lib/x86_64-linux-gnu/libXpm.so /usr/lib/libXpm.so if [ ! -e "/usr/include/gmp.h" ] && [ -e "/usr/include/x86_64-linux-gnu/gmp.h" ] ; then ln -sf /usr/include/x86_64-linux-gnu/gmp.h /usr/include/gmp.h fi else ln -sf /usr/lib/i386-linux-gnu/libgmp.so /usr/lib/libgmp.so ln -sf /usr/lib/i386-linux-gnu/libjpeg.so /usr/lib/libjpeg.so ln -sf /usr/lib/i386-linux-gnu/libkrb5.so /usr/lib/libkrb5.so ln -sf /usr/lib/i386-linux-gnu/libldap.so /usr/lib/libldap.so ln -sf /usr/lib/i386-linux-gnu/libpng.so /usr/lib/libpng.so ln -sf /usr/lib/i386-linux-gnu/libXpm.so /usr/lib/libXpm.so if [ ! -e "/usr/include/gmp.h" ] && [ -e "/usr/include/i386-linux-gnu/gmp.h" ] ; then ln -sf /usr/include/i386-linux-gnu/gmp.h /usr/include/gmp.h fi fi fi fi ###--------------------### if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] || [ "$_REL_VERSION" = "oneiric" ] ; then _SSL_FIX_REQUIRED=YES if [ "$_NGINX_SPDY" = "YES" ] || [ "$_SSL_FROM_SOURCES" = "YES" ] || [ "$_NGINX_FORWARD_SECRECY" = "YES" ] ; then if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then _SSL_FIX_REQUIRED=YES else _SSL_FIX_REQUIRED=NO fi fi if [ ! -L "/usr/lib/libssl.so.1.0.0" ] && [ "$_SSL_FIX_REQUIRED" = "YES" ] ; then msg "INFO: Fix #2 for libs in $_THIS_OS $_REL_VERSION" _X86_64_TEST=`uname -m` if [ "$_X86_64_TEST" = "x86_64" ] ; then if [ -e "/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0" ] ; then ln -s /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.1.0.0 elif [ -e "/lib/x86_64-linux-gnu/libssl.so.1.0.0" ] ; then ln -s /lib/x86_64-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.1.0.0 fi if [ -e "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0" ] ; then ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.1.0.0 elif [ -e "/lib/x86_64-linux-gnu/libcrypto.so.1.0.0" ] ; then ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.1.0.0 fi else if [ -e "/usr/lib/i386-linux-gnu/libssl.so.1.0.0" ] ; then ln -s /usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.1.0.0 elif [ -e "/lib/i386-linux-gnu/libssl.so.1.0.0" ] ; then ln -s /lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.1.0.0 fi if [ -e "/usr/lib/i386-linux-gnu/libcrypto.so.1.0.0" ] ; then ln -s /usr/lib/i386-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.1.0.0 elif [ -e "/lib/i386-linux-gnu/libcrypto.so.1.0.0" ] ; then ln -s /lib/i386-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.1.0.0 fi fi fi fi ###--------------------### if [ "$_THIS_OS" = "Debian" ] ; then chmod 644 /usr/share/git-core/templates/description &> /dev/null chmod 644 /usr/share/git-core/templates/hooks/* &> /dev/null chmod 644 /usr/share/git-core/templates/info/* &> /dev/null fi ###--------------------### if [ -z "$_SMTP_RELAY_HOST" ] && [ "$_SMTP_RELAY_TEST" = "YES" ] ; then msg "INFO: Checking SMTP connections..." if ! netcat -w 8 -z smtp.gmail.com 25 ; then WE_NEED_RELAY="YES" cat < /dev/null sed -i "s/relayhost =/relayhost = $_SMTP_RELAY_HOST/g" /etc/postfix/main.cf &> /dev/null postfix reload &> /dev/null fi ### ### fi ###--------------------### _X_INIT_TEST=`cat /etc/init.d/nginx 2>&1` if [[ "$_X_INIT_TEST" =~ "github" ]] ; then _DO_NOTHING=YES else mv -f /etc/init.d/nginx /var/backups/nginx-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx /etc/init.d/nginx chmod 755 /etc/init.d/nginx &> /dev/null fi ###--------------------### if [ ! -e "/var/run/cloud_vhost.pid" ] ; then if [ ! -e "/var/xdrago/log/vnstat-$_VNSTAT_VERSION.log" ] || [ ! -e "/usr/bin/vnstat" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then msg "INFO: Installing VnStat monitor..." cd /var/opt rm -f -r vnstat* get_dev_src "vnstat-$_VNSTAT_VERSION.tar.gz" cd vnstat-$_VNSTAT_VERSION st_runner "make --quiet" 2> /dev/null st_runner "make --quiet install" 2> /dev/null for INF in `vnstat --iflist | sed "s/Available interfaces//g" | cut -d: -f2` ;do vnstat -u -i $INF &> /dev/null;done cp -af /var/opt/vnstat-$_VNSTAT_VERSION/examples/init.d/debian/vnstat /etc/init.d/vnstat chmod 755 /etc/init.d/vnstat &> /dev/null st_runner "update-rc.d vnstat defaults" &> /dev/null mrun "service vnstat start" &> /dev/null echo "vnstat-$_VNSTAT_VERSION $_NOW" > /var/xdrago/log/vnstat-$_VNSTAT_VERSION.log mrun "service vnstat restart" &> /dev/null fi fi if [ -e "/etc/init.d/vnstat" ] && [ "$_VMFAMILY" = "VS" ] && [ ! -e "/boot/grub/grub.cfg" ] && [ ! -e "/boot/grub/menu.lst" ] ; then service vnstat stop &> /dev/null update-rc.d -f vnstat remove &> /dev/null rm -f /etc/init.d/vnstat rm -f /usr/bin/vnstat rm -f -r /var/lib/vnstat fi ###--------------------### cd /var if [ -d "/var/xdrago/conf" ] && [ -e "/var/aegir/.drush/hostmaster.alias.drushrc.php" ] ; then msg "INFO: Upgrading a few more tools..." mv -f /var/xdrago-pre* /var/backups/dragon/x/ &> /dev/null rm -f -r /var/xdrago/log/init.d-pre* rm -f -r /var/backups/dragon/z/init.d-pre-* rm -f /var/xdrago/log/cron-root-pre* cp -af /var/xdrago /var/backups/dragon/x/xdrago-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null rm -f /var/xdrago/log/VISITOR_ABUSE_ONE.log rm -f /var/xdrago/log/blackIP.log rm -f /var/xdrago/{enableStatus,graceful,move_sql,run_all,second,Minute,firewall.sh,stop-mysql-innodb.sh,firewall_restarter,FireStart,memcache,redis} cp -af /var/spool/cron/crontabs/root /var/backups/dragon/z/cron-root-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null if [ "$_CUSTOM_CONFIG_LSHELL" = "YES" ] && [ -e "/var/xdrago/conf/lshell.conf" ] ; then cp -af /var/xdrago/conf/lshell.conf /var/backups/custom_lshell.conf fi cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/tools/system/* /var/xdrago/ &> /dev/null if [ "$_CUSTOM_CONFIG_LSHELL" = "YES" ] && [ -e "/var/backups/custom_lshell.conf" ] ; then cp -af /var/backups/custom_lshell.conf /var/xdrago/conf/lshell.conf fi if [ -z "$_THISHTIP" ] ; then _LOC_DOM="$_THISHOST" find_correct_ip _THISHTIP="$_LOC_IP" fi if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_THISHOST" =~ "v55.lon." ]]; then _NGINX_DOS_LIMIT=888 else if [ -z "$_NGINX_DOS_LIMIT" ] || [ "$_NGINX_DOS_LIMIT" = "300" ] ; then _NGINX_DOS_LIMIT=188 fi fi fi sed -i "s/88.88.88.88/$_THISHTIP/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null sed -i "s/= 222/= $_NGINX_DOS_LIMIT/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null sed -i "s/= 188/= $_NGINX_DOS_LIMIT/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null if [ ! -z "$_NGINX_DOS_KEYWORDS" ] ; then _NGINX_DOS_KEYWORDS=${_NGINX_DOS_KEYWORDS//[^a-zA-Z0-9|]/} if [ ! -z "$_NGINX_DOS_KEYWORDS" ] ; then msg "INFO: Configured _NGINX_DOS_KEYWORDS: $_NGINX_DOS_KEYWORDS" sed -i "s/foobar/$_NGINX_DOS_KEYWORDS/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null fi fi sed -i "s/EDIT_STRONG_PASSWORDS/$_STRONG_PASSWORDS/g" /var/xdrago/manage_ltd_users.sh &> /dev/null mv -f /etc/cron.daily/mlocate /var/backups/ &> /dev/null cp -af /var/xdrago/cron/crontabs/root /var/spool/cron/crontabs/ &> /dev/null if [ -e "/var/xdrago/cron/custom.txt" ] ; then cat /var/xdrago/cron/custom.txt >> /var/spool/cron/crontabs/root fi chown root:crontab /var/spool/cron/crontabs/root chmod 600 /var/spool/cron/crontabs/root if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else if [ -e "/root/.high_load.cnf" ] && [ ! -e "/root/.big_db.cnf" ] ; then sed -i "s/3600/60/g" /var/xdrago/minute.sh &> /dev/null sed -i "s/\* \* \* \* \* bash \/var\/xdrago\/runner.sh/*\/9 * * * * bash \/var\/xdrago\/runner.sh/g" /var/spool/cron/crontabs/root &> /dev/null elif [ -e "/root/.big_db.cnf" ] ; then sed -i "s/3600/1800/g" /var/xdrago/minute.sh &> /dev/null else sed -i "s/3600/900/g" /var/xdrago/minute.sh &> /dev/null fi sed -i "s/rotate 52/rotate 7/g" /etc/logrotate.d/nginx &> /dev/null sed -i "s/rotate 1/rotate 7/g" /etc/logrotate.d/nginx &> /dev/null sed -i "s/INTERVAL 1 HOUR/INTERVAL 15 MINUTE/g" /var/xdrago/purge_binlogs.sh &> /dev/null if [ -e "/usr/share/man/man3/buagent.3.gz" ] ; then chmod 644 /usr/share/man/man3/buagent.3.gz fi fi else sed -i "s/log\/lshell/log\/lsh/g" /etc/logrotate.d/lshell &> /dev/null fi fi if [ "$_STATUS" = "INIT" ] ; then msg "INFO: Installing a few more tools..." mkdir -p ./xdrago cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/tools/system/* ./xdrago/ &> /dev/null cp -af /var/xdrago/cron/crontabs/root /var/spool/cron/crontabs/ &> /dev/null chown root:crontab /var/spool/cron/crontabs/root chmod 600 /var/spool/cron/crontabs/root if [ -z "$_THISHTIP" ] ; then _LOC_DOM="$_THISHOST" find_correct_ip _THISHTIP="$_LOC_IP" fi if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_THISHOST" =~ "v55.lon." ]]; then _NGINX_DOS_LIMIT=888 else if [ -z "$_NGINX_DOS_LIMIT" ] || [ "$_NGINX_DOS_LIMIT" = "300" ] ; then _NGINX_DOS_LIMIT=188 fi fi fi sed -i "s/88.88.88.88/$_THISHTIP/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null sed -i "s/= 222/= $_NGINX_DOS_LIMIT/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null sed -i "s/= 188/= $_NGINX_DOS_LIMIT/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null if [ ! -z "$_NGINX_DOS_KEYWORDS" ] ; then _NGINX_DOS_KEYWORDS=${_NGINX_DOS_KEYWORDS//[^a-zA-Z0-9|]/} if [ ! -z "$_NGINX_DOS_KEYWORDS" ] ; then msg "INFO: Configured _NGINX_DOS_KEYWORDS: $_NGINX_DOS_KEYWORDS" sed -i "s/foobar/$_NGINX_DOS_KEYWORDS/g" /var/xdrago/monitor/check/scan_nginx &> /dev/null fi fi sed -i "s/EDIT_STRONG_PASSWORDS/$_STRONG_PASSWORDS/g" /var/xdrago/manage_ltd_users.sh &> /dev/null mv -f /etc/cron.daily/mlocate /var/backups/ &> /dev/null if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [[ "$_CHECK_HOST" =~ ".o8.io" ]] ; then _DO_NOTHING=YES else if [ -e "/root/.high_load.cnf" ] && [ ! -e "/root/.big_db.cnf" ] ; then sed -i "s/3600/60/g" /var/xdrago/minute.sh &> /dev/null sed -i "s/\* \* \* \* \* bash \/var\/xdrago\/runner.sh/*\/9 * * * * bash \/var\/xdrago\/runner.sh/g" /var/spool/cron/crontabs/root &> /dev/null elif [ -e "/root/.big_db.cnf" ] ; then sed -i "s/3600/1800/g" /var/xdrago/minute.sh &> /dev/null else sed -i "s/3600/900/g" /var/xdrago/minute.sh &> /dev/null fi sed -i "s/rotate 52/rotate 7/g" /etc/logrotate.d/nginx &> /dev/null sed -i "s/rotate 1/rotate 7/g" /etc/logrotate.d/nginx &> /dev/null if [ -e "/usr/share/man/man3/buagent.3.gz" ] ; then chmod 644 /usr/share/man/man3/buagent.3.gz fi fi fi fi if [ -d "/var/xdrago-pre-$_INSTALLER_VERSION-$_NOW" ] ; then cp -af /var/xdrago-pre-$_INSTALLER_VERSION-$_NOW/run-* /var/xdrago/ &> /dev/null fi sed -i "s/firewall/monitor/g" /var/xdrago/minute.sh &> /dev/null chmod -R 700 /var/xdrago/monitor/check &> /dev/null chmod 700 /var/xdrago/* &> /dev/null chmod 700 /var/xdrago &> /dev/null ###--------------------### if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then mrun "service nginx stop" &> /dev/null killall -9 nginx &> /dev/null elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then mrun "service nginx stop" &> /dev/null killall -9 nginx &> /dev/null fi ###--------------------### if [ "$_STATUS" = "UPGRADE" ] ; then msg "INFO: Checking if PHP upgrade is available" st_runner "aptitude remove php5-sasl php5-suhosin -y" &> /dev/null st_runner "apt-get purge php5-sasl php5-suhosin -y" &> /dev/null fi if [ "$_REL_VERSION" = "wheezy" ] || [ "$_REL_VERSION" = "trusty" ] || [ "$_REL_VERSION" = "precise" ] ; then _PHP_EXTRA="--with-ldap --with-gmp --with-xpm-dir=/usr" else _PHP_EXTRA="--with-ldap --with-gmp" fi if [ ! -z "$_PHP_EXTRA_CONF" ] ; then _PHP_EXTRA="$_PHP_EXTRA $_PHP_EXTRA_CONF" fi if [ ! -z "$_PHP_EXTRA" ] ; then msg "INFO: PHP EXTRA is $_PHP_EXTRA" fi if [ "$_REL_VERSION" = "trusty" ] ; then ln -sf /usr/include/freetype2 /usr/include/freetype2/freetype fi # # Install OpenSSH from sources. switch_php_cli () { if [ ! -z $1 ] ; then rm -f /usr/bin/php-cli ln -s /opt/php$1/bin/php /usr/bin/php-cli rm -f /usr/bin/php ln -s /opt/php$1/bin/php /usr/bin/php rm -f /usr/bin/php-config ln -s /opt/php$1/bin/php-config /usr/bin/php-config fi } if [[ "$_PHP_MULTI_INSTALL" =~ "5.2" ]] && [ ! -x "/opt/php52/bin/php" ] ; then _PHP_VERSION="$_PHP52_VERSION" msg "INFO: PHP $_PHP_VERSION will be installed now" switch_php_cli "52" install_php_multi "52" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" _FRESH_PHP52_BUILD=52 fi if [[ "$_PHP_MULTI_INSTALL" =~ "5.3" ]] && [ ! -x "/opt/php53/bin/php" ] ; then _PHP_VERSION="$_PHP53_VERSION" msg "INFO: PHP $_PHP_VERSION will be installed now" switch_php_cli "53" install_php_multi "53" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" _FRESH_PHP53_BUILD=53 fi if [[ "$_PHP_MULTI_INSTALL" =~ "5.4" ]] && [ ! -x "/opt/php54/bin/php" ] ; then _PHP_VERSION="$_PHP54_VERSION" msg "INFO: PHP $_PHP_VERSION will be installed now" switch_php_cli "54" install_php_multi "54" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" _FRESH_PHP54_BUILD=54 fi if [[ "$_PHP_MULTI_INSTALL" =~ "5.5" ]] && [ ! -x "/opt/php55/bin/php" ] ; then _PHP_VERSION="$_PHP55_VERSION" msg "INFO: PHP $_PHP_VERSION will be installed now" switch_php_cli "55" install_php_multi "55" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" _FRESH_PHP55_BUILD=55 fi if [ -x "/opt/php52/bin/php" ] && [ -z "$_FRESH_PHP52_BUILD" ] ; then _PHP_VERSION="$_PHP52_VERSION" _PHP_BIN_BROKEN=NO _BROKEN_LIBCURL_TEST="" switch_php_cli "52" check_php_broken "52" check_php_rebuild "52" update_php_multi "52" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" fi if [ -x "/opt/php53/bin/php" ] && [ -z "$_FRESH_PHP53_BUILD" ] ; then _PHP_VERSION="$_PHP53_VERSION" _PHP_BIN_BROKEN=NO _BROKEN_LIBCURL_TEST="" switch_php_cli "53" check_php_broken "53" check_php_rebuild "53" update_php_multi "53" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" fi if [ -x "/opt/php54/bin/php" ] && [ -z "$_FRESH_PHP54_BUILD" ] ; then _PHP_VERSION="$_PHP54_VERSION" _PHP_BIN_BROKEN=NO _BROKEN_LIBCURL_TEST="" switch_php_cli "54" check_php_broken "54" check_php_rebuild "54" update_php_multi "54" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" fi if [ -x "/opt/php55/bin/php" ] && [ -z "$_FRESH_PHP55_BUILD" ] ; then _PHP_VERSION="$_PHP55_VERSION" _PHP_BIN_BROKEN=NO _BROKEN_LIBCURL_TEST="" switch_php_cli "55" check_php_broken "55" check_php_rebuild "55" update_php_multi "55" _PHP_VERSION="" _LOC_PHP_VERSION="" _LOC_PHP_PATH="" _THIS_LOC_PHP_PATH="" fi if [ ! -e "/var/xdrago/log/ioncube-$_IONCUBE_VERSION.log" ] || [ "$_PHP_FORCE_REINSTALL" = "YES" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then install_ioncube fi ###--------------------### install_newrelic ###--------------------### if [[ "$_XTRAS_LIST" =~ "BZR" ]] ; then if [ "$_REL_VERSION" = "lenny" ] ; then _DO_NOTHING=YES else _PATH_BZR="/usr/local/bin/bzr" if [ ! -e "$_PATH_BZR" ] || [ ! -e "/var/xdrago/log/bzr-$_BZR_VERSION.log" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then msg "INFO: Installing Bazaar (bzr) $_BZR_VERSION, please wait..." if [ -e "/usr/local/lib/python2.6/dist-packages/bzrlib" ] ; then rm -f -r /usr/local/lib/python2.6/dist-packages/bzrlib fi if [ -e "/usr/local/lib/python2.7/dist-packages/bzrlib" ] ; then rm -f -r /usr/local/lib/python2.7/dist-packages/bzrlib fi cd /var/opt rm -f -r bzr* get_dev_src "bzr-$_BZR_VERSION.tar.gz" cd /var/opt/bzr-$_BZR_VERSION st_runner "python setup.py --quiet install build_ext --allow-python-fallback" 2> /dev/null st_runner "make --quiet" 2> /dev/null echo "bzr-$_BZR_VERSION" > /var/xdrago/log/bzr-$_BZR_VERSION.log mkdir -p /root/.bazaar echo ignore_missing_extensions=True > /root/.bazaar/bazaar.conf fi fi fi ###--------------------### if [ ! -e "/var/xdrago/log/umask_fixed_new.log" ] ; then mkdir -p /var/www/nginx-default sed -i "s/^UMASK.*//g" /etc/default/login &> /dev/null echo "UMASK=002" >> /etc/default/login sed -i "/^$/d" /etc/default/login &> /dev/null sed -i "s/^UMASK.*/UMASK 002/g" /etc/login.defs &> /dev/null sed -i "s/^umask.*022/umask 002/g" /etc/profile &> /dev/null sed -i "s/^session optional pam_umask.*//g" /etc/pam.d/login &> /dev/null echo "session optional pam_umask.so umask=0002" >> /etc/pam.d/login sed -i "/^$/d" /etc/pam.d/login &> /dev/null echo "umask 002" >> /var/www/.profile chown www-data:www-data /var/www/.profile &> /dev/null chown www-data:www-data /var/www/nginx-default &> /dev/null touch /var/xdrago/log/umask_fixed_new.log fi ###--------------------### if [ ! -e "/var/xdrago/log/umask_fixed_shell_sftp.log" ] ; then if [ "$_REL_VERSION" = "lenny" ] || [ "$_REL_VERSION" = "lucid" ] ; then _DO_NOTHING=YES else sed -e '/Subsystem\ssftp/s:server$:server -u 0002:' -i /etc/ssh/sshd_config fi echo "session optional pam_umask.so umask=0002" >> /etc/pam.d/sshd mrun "service ssh restart" &> /dev/null touch /var/xdrago/log/umask_fixed_shell_sftp.log fi if [ ! -e "/var/xdrago/log/src_umask_fixed_shell_sftp.log" ] && [ -e "/usr/etc/sshd_config" ] ; then if [ "$_REL_VERSION" = "lenny" ] || [ "$_REL_VERSION" = "lucid" ] ; then _DO_NOTHING=YES else sed -e '/Subsystem\ssftp/s:server$:server -u 0002:' -i /usr/etc/sshd_config fi mrun "service ssh restart" &> /dev/null touch /var/xdrago/log/src_umask_fixed_shell_sftp.log fi ###--------------------### if [ "$_REL_VERSION" = "lenny" ] ; then _PATH_LSHELL="/usr/bin/lshell" else _PATH_LSHELL="/usr/local/bin/lshell" fi if [ ! -e "/etc/logrotate.d/lshell" ] || [ ! -e "$_PATH_LSHELL" ] || [ ! -e "/var/xdrago/log/lshell-build-$_LSHELL_VERSION" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] || [ "$_SSL_INSTALL_REQUIRED" = "YES" ] ; then if [ "$_STATUS" = "UPGRADE" ] ; then msg "INFO: Upgrading Limited Shell to version $_LSHELL_VERSION..." cp -af /etc/lshell.conf /etc/lshell.conf-bak-$_NOW &> /dev/null else msg "INFO: Installing Limited Shell $_LSHELL_VERSION..." fi cd /var/opt rm -f -r lshell* get_dev_src "lshell-$_LSHELL_VERSION.tar.gz" for Files in `find /var/opt/lshell-$_LSHELL_VERSION -type f` ; do sed -i "s/kicked/logged/g" $Files &> /dev/null sed -i "s/Kicked/Logged/g" $Files &> /dev/null done cd /var/opt/lshell-$_LSHELL_VERSION rm -f -r /usr/local/lib/python2.6/dist-packages/lshell* rm -f -r /usr/local/lib/python2.7/dist-packages/lshell* st_runner "python setup.py install --no-compile" 2> /dev/null if [ "$_STATUS" = "UPGRADE" ] ; then cp -af /etc/lshell.conf-bak-$_NOW /etc/lshell.conf &> /dev/null else cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/tools/system/conf/lshell.conf /etc/lshell.conf echo "$_PATH_LSHELL" >> /etc/shells fi sed -i "s/log\/lshell/log\/lsh/g" /etc/logrotate.d/lshell &> /dev/null addgroup --system lshellg &> /dev/null mkdir -p /var/log/lsh chown :lshellg /var/log/lsh chmod 770 /var/log/lsh &> /dev/null echo "lshell-$_LSHELL_VERSION" > /var/xdrago/log/lshell-build-$_LSHELL_VERSION if [ -f "/var/xdrago/manage_ltd_users.sh" ] ; then if [ "$_STATUS" = "UPGRADE" ] && [ "$_CUSTOM_CONFIG_LSHELL" = "NO" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/tools/system/conf/lshell.conf /var/xdrago/conf/lshell.conf fi st_runner "bash /var/xdrago/manage_ltd_users.sh" &> /dev/null fi fi if [ -f "/usr/local/bin/lshell" ] ; then if [ ! -L "/usr/bin/lshell" ] ; then ln -sf /usr/local/bin/lshell /usr/bin/lshell &> /dev/null fi fi if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then sed -i "s/rotate 12/rotate 50/g" /etc/logrotate.d/lshell &> /dev/null fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "ALL" ]] || [[ "$_XTRAS_LIST" =~ "FTP" ]] ; then if [ ! -e "/etc/ssl/private/pure-ftpd.pem" ] || [ ! -e "/usr/local/sbin/pure-config.pl" ] || [ ! -e "/usr/local/sbin/pure-ftpd" ] || [ ! -e "/var/xdrago/log/pure-ftpd-build-$_PURE_FTPD_VERSION-$_INSTALLER_VERSION.log" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] || [ "$_SSL_INSTALL_REQUIRED" = "YES" ] ; then msg "INFO: Installing latest Pure-FTPd server, please wait..." if [ ! -e "/usr/local/sbin/pure-config.pl" ] ; then echo "/bin/false" >> /etc/shells echo "/bin/true" >> /etc/shells fi mkdir -p /etc/ssl/private/ rm -f /etc/ssl/private/pure-ftpd.pem rm -f /usr/local/sbin/pure-ftpd st_runner "openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -batch" 2> /dev/null chmod 600 /etc/ssl/private/pure-ftpd.pem &> /dev/null cd /var/opt rm -f -r pure-ftpd* mkdir -p /usr/local/etc get_dev_src "pure-ftpd-$_PURE_FTPD_VERSION.tar.gz" cd pure-ftpd-$_PURE_FTPD_VERSION st_runner "sh ./configure --with-everything --with-virtualchroot --without-humor --with-tls --with-diraliases --with-pam --with-certfile=/etc/ssl/private/pure-ftpd.pem" 2> /dev/null st_runner "make install-strip" 2> /dev/null cd /usr/local/sbin/ cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/pure-config.pl.txt ./ mv -f pure-config.pl.txt pure-config.pl &> /dev/null chmod 755 /usr/local/sbin/pure-config.pl &> /dev/null cp -af /var/opt/pure-ftpd-$_PURE_FTPD_VERSION/pam/pure-ftpd /etc/pam.d/ fix_ftps_pam cd /usr/local/etc rm -f pure-ftpd.conf cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/pure-ftpd.conf ./ killall -9 pure-ftpd &> /dev/null st_runner "/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf" &> /dev/null cd /var/opt echo "pure-ftpd-$_PURE_FTPD_VERSION-$_INSTALLER_VERSION" > /var/xdrago/log/pure-ftpd-build-$_PURE_FTPD_VERSION-$_INSTALLER_VERSION.log fi fi ###--------------------### if [ "$_STATUS" = "UPGRADE" ] ; then _REDIS_V_INSTALLED=`redis-server -v 2>&1 | tr -d "\n" | cut -d" " -f4 | awk '{ print $1}'` if [[ "$_REDIS_V_INSTALLED" =~ "sha" ]] ; then _REDIS_V_INSTALLED=`redis-server -v 2>&1 | tr -d "\n" | tr -d "v=" | cut -d" " -f3 | awk '{ print $1}'` fi if [ "$_REDIS_V_INSTALLED" = "$_REDIS_VERSION" ] ; then _REDIS_INSTALL_MISMATCH=NO msg "INFO: Installed Redis version $_REDIS_V_INSTALLED, OK" else _REDIS_INSTALL_MISMATCH=YES msg "INFO: Installed Redis version $_REDIS_V_INSTALLED, upgrade required" fi else if [ -x "/usr/bin/redis-server" ] ; then _REDIS_V_INSTALLED=`redis-server -v 2>&1 | tr -d "\n" | cut -d" " -f4 | awk '{ print $1}'` if [[ "$_REDIS_V_INSTALLED" =~ "sha" ]] ; then _REDIS_V_INSTALLED=`redis-server -v 2>&1 | tr -d "\n" | tr -d "v=" | cut -d" " -f3 | awk '{ print $1}'` fi if [ "$_REDIS_V_INSTALLED" = "$_REDIS_VERSION" ] ; then _REDIS_INSTALL_MISMATCH=NO msg "INFO: Installed Redis version $_REDIS_V_INSTALLED, no rebuild required" else _REDIS_INSTALL_MISMATCH=YES msg "INFO: Installed Redis version $_REDIS_V_INSTALLED, rebuild required" fi fi fi if [ "$_REDIS_INSTALL_MISMATCH" = "YES" ] || [ ! -e "/var/xdrago/log/redis-$_REDIS_VERSION-$_INSTALLER_VERSION-one.log" ] || [ ! -d "/var/run/redis" ] || [ ! -x "/usr/bin/redis-server" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then install_redis_src fi ###--------------------### _NEWRELIC_APP_CFG="/etc/newrelic/newrelic.cfg" if [ -e "$_NEWRELIC_APP_CFG" ] ; then _NEWRELIC_KEY_TEST=$(grep "REPLACE_WITH_REAL_KEY" $_NEWRELIC_APP_CFG) if [[ "$_NEWRELIC_KEY_TEST" =~ "REPLACE_WITH_REAL_KEY" ]] && [ ! -z "$_NEWRELIC_KEY" ] ; then sed -i "s/REPLACE_WITH_REAL_KEY/$_NEWRELIC_KEY/g" $_NEWRELIC_APP_CFG &> /dev/null fi sed -i "s/^loglevel=.*/loglevel=error/g" $_NEWRELIC_APP_CFG &> /dev/null mrun "service newrelic-daemon restart" &> /dev/null fi ###--------------------### _NEWRELIC_SYS_CFG="/etc/newrelic/nrsysmond.cfg" if [ -e "$_NEWRELIC_SYS_CFG" ] ; then _NEWRELIC_KEY_TEST=$(grep "REPLACE_WITH_REAL_KEY" $_NEWRELIC_SYS_CFG) if [[ "$_NEWRELIC_KEY_TEST" =~ "REPLACE_WITH_REAL_KEY" ]] && [ ! -z "$_NEWRELIC_KEY" ] ; then sed -i "s/REPLACE_WITH_REAL_KEY/$_NEWRELIC_KEY/g" $_NEWRELIC_SYS_CFG &> /dev/null fi sed -i "s/^loglevel=.*/loglevel=error/g" $_NEWRELIC_SYS_CFG &> /dev/null sed -i "s/.*pidfile=.*/pidfile=\/var\/run\/nrsysmond.pid/g" $_NEWRELIC_SYS_CFG &> /dev/null mrun "service newrelic-sysmond restart" &> /dev/null fi ###--------------------### if [ ! -e "/usr/lib/jvm/java-6-openjdk" ] && [ -d "/usr/lib/jvm/java-6-openjdk-amd64" ] ; then ln -sf /usr/lib/jvm/java-6-openjdk-amd64 /usr/lib/jvm/java-6-openjdk fi if [ ! -e "/usr/lib/jvm/java-6-openjdk" ] && [ -d "/usr/lib/jvm/java-6-openjdk-i386" ] ; then ln -sf /usr/lib/jvm/java-6-openjdk-i386 /usr/lib/jvm/java-6-openjdk fi if [ ! -e "/usr/lib/jvm/java-7-openjdk" ] && [ -d "/usr/lib/jvm/java-7-openjdk-amd64" ] ; then ln -sf /usr/lib/jvm/java-7-openjdk-amd64 /usr/lib/jvm/java-7-openjdk fi if [ ! -e "/usr/lib/jvm/java-7-openjdk" ] && [ -d "/usr/lib/jvm/java-7-openjdk-i386" ] ; then ln -sf /usr/lib/jvm/java-7-openjdk-i386 /usr/lib/jvm/java-7-openjdk fi if [ ! -e "/usr/bin/java7" ] && [ -e "/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java" ] ; then ln -sf /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java /usr/bin/java7 fi if [ ! -e "/usr/bin/java7" ] && [ -e "/usr/lib/jvm/java-7-openjdk-i386/jre/bin/java" ] ; then ln -sf /usr/lib/jvm/java-7-openjdk-i386/jre/bin/java /usr/bin/java7 fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "SR4" ]] ; then if [ ! -d "/opt/solr4" ] ; then if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then _REAL_JETTY=9 else _REAL_JETTY=8 fi echo " " if prompt_yes_no "Do you want to install MultiCore Apache Solr 4 with Jetty $_REAL_JETTY?" ; then true msg "INFO: Installing MultiCore Apache Solr 4 with Jetty $_REAL_JETTY..." cd /var/opt rm -f -r jetty-distribution-* rm -f -r /opt/solr4 rm -f -r /opt/jetty9 rm -f /etc/jetty.conf if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then get_dev_arch "jetty-distribution-$_JETTY_9_VERSION.tar.gz" mv /var/opt/jetty-distribution-$_JETTY_9_VERSION /opt/jetty9 echo $_JETTY_9_VERSION > /opt/jetty9/jetty-ctrl-$_JETTY_9_VERSION-version.txt else get_dev_arch "jetty-distribution-$_JETTY_8_VERSION.tar.gz" mv /var/opt/jetty-distribution-$_JETTY_8_VERSION /opt/jetty9 echo $_JETTY_8_VERSION > /opt/jetty9/jetty-ctrl-$_JETTY_8_VERSION-version.txt fi get_dev_arch "solr-$_SOLR_4_VERSION.tgz" cp -af /var/opt/solr-$_SOLR_4_VERSION/dist/solr-$_SOLR_4_VERSION.war /opt/jetty9/webapps/solr.war mv -f /var/opt/solr-$_SOLR_4_VERSION/example/multicore /opt/solr4 &> /dev/null mkdir -p /opt/solr4/core{0,1,2,3,4,5,6,7,8,9}/conf mkdir -p /opt/solr4/core{0,1,2,3,4,5,6,7,8,9}/data mkdir -p /var/log/jetty9 if [ ! -e "/opt/tika9" ] ; then cd /var/opt rm -f -r apachesolr_attachments* get_dev_contrib "apachesolr_attachments-7.x-1.x-dev.tar.gz" cd /var/opt/solr-$_SOLR_4_VERSION/example/solr/collection1/conf/ patch -p0 < /var/opt/apachesolr_attachments/solrconfig.tika.patch &> /dev/null ln -sf /opt/jetty9/lib /opt/tika9 cd /opt/tika9 wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.3.jar wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.1.jar fi for Dir in `find /opt/solr4/core{0,1,2,3,4,5,6,7,8,9}/ -maxdepth 1 -mindepth 1 -type d | grep conf` ; do rm -f -r $Dir/* cp -af /var/opt/solr-$_SOLR_4_VERSION/example/solr/collection1/conf/* $Dir/ &> /dev/null done adduser --system --group --home /opt/solr4 jetty9 &> /dev/null if [ ! -e "/opt/solr4/search_api_solr-7.x-1.5.log" ] ; then cd /var/opt rm -f -r search_api_solr* get_dev_contrib "search_api_solr-7.x-1.5.tar.gz" for Dir in `find /opt/solr4/core{0,1,2,3,4,5,6,7,8,9}/ -maxdepth 1 -mindepth 1 -type d | grep conf` ; do cp -af /var/opt/search_api_solr/solr-conf/4.x/* $Dir/ &> /dev/null done sed -i "s/8983/8099/g" /opt/solr4/core{0,1,2,3,4,5,6,7,8,9}/conf/solrcore.properties &> /dev/null touch /opt/solr4/search_api_solr-7.x-1.5.log fi cp -af /opt/tmp/$_BOA_REPO_NAME/docs/SOLR.txt /opt/solr4/README.txt &> /dev/null chown -R jetty9:jetty9 /opt/solr4 chown -R jetty9:jetty9 /opt/jetty9 chown -R jetty9:jetty9 /var/log/jetty9 if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then echo "JAVA=/usr/bin/java7 # Path to Java 1.7" > /etc/default/jetty9 echo "JAVA_HOME=/usr/lib/jvm/java-7-openjdk/jre # Path to Java 1.7" >> /etc/default/jetty9 else echo "JAVA=/usr/bin/java # Path to Java 1.6" > /etc/default/jetty9 echo "JAVA_HOME=/usr/lib/jvm/java-6-openjdk/jre # Path to Java 1.6" >> /etc/default/jetty9 fi echo "NO_START=0 # Start on boot" >> /etc/default/jetty9 echo "JETTY_HOST=127.0.0.1 # Listen on localhost" >> /etc/default/jetty9 echo "JETTY_PORT=8099 # Run on this port" >> /etc/default/jetty9 echo "JETTY_USER=jetty9 # Run as this user" >> /etc/default/jetty9 echo "JETTY_HOME=/opt/jetty9 # Home directory" >> /etc/default/jetty9 echo "JETTY_LOGS=/var/log/jetty9 # Logs directory" >> /etc/default/jetty9 echo "JETTY_RUN=/var/run # Run directory" >> /etc/default/jetty9 echo "JETTY_PID=\$JETTY_RUN/jetty9.pid # Pid file" >> /etc/default/jetty9 echo "JAVA_OPTIONS=\"-Xms8m -Xmx128m -Djava.awt.headless=true -Dsolr.solr.home=/opt/solr4 \$JAVA_OPTIONS\" # Options" >> /etc/default/jetty9 if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then _DO_NOTHING=YES else sed -i "s/8/9/g" /opt/jetty9/bin/jetty.sh &> /dev/null sed -i "s/9090/8099/g" /opt/jetty9/bin/jetty.sh &> /dev/null fi if [ -e "/opt/jetty9/start.d/http.ini" ] ; then sed -i "s/8080/8099/g" /opt/jetty9/start.d/http.ini &> /dev/null touch /opt/jetty9/start.d/.fixed.http.ini.txt &> /dev/null fi sed -i "s/8080/8099/g" /opt/jetty9/bin/jetty.sh &> /dev/null ln -sf /opt/jetty9/bin/jetty.sh /etc/init.d/jetty9 &> /dev/null chmod 755 /etc/init.d/jetty9 st_runner "update-rc.d jetty9 defaults" &> /dev/null mrun "service jetty9 start" &> /dev/null msg "INFO: MultiCore Apache Solr 4 with Jetty $_REAL_JETTY installation completed" else msg "INFO: MultiCore Apache Solr 4 with Jetty $_REAL_JETTY installation skipped" fi fi fi if [ "$_UP_JDK" = "YES" ] && [ -e "/etc/init.d/jetty9" ] ; then msg "INFO: Jetty 9 restart in progress - required after java upgrade" kill -9 $(ps aux | grep '[j]etty9' | awk '{print $2}') &> /dev/null mrun "service jetty9 start" &> /dev/null msg "INFO: Jetty 9 restart completed" fi if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then _REAL_JETTY=9 _JETTY_CTRL="/opt/jetty9/jetty-ctrl-$_JETTY_9_VERSION-version.txt" else _REAL_JETTY=8 _JETTY_CTRL="/opt/jetty9/jetty-ctrl-$_JETTY_8_VERSION-version.txt" fi _SOLR_CTRL="/opt/jetty9/solr-$_SOLR_4_VERSION-version.txt" if [ -e "/opt/jetty9/start.d/http.ini" ] ; then _PORT_CTRL="/opt/jetty9/start.d/.fixed.http.ini.txt" else _PORT_CTRL="$_JETTY_CTRL" fi if [ -e "/opt/jetty9/VERSION.txt" ] ; then if [ ! -e "$_PORT_CTRL" ] || [ ! -e "$_JETTY_CTRL" ] || [ ! -e "$_SOLR_CTRL" ] ; then msg "INFO: Upgrading MultiCore Apache Solr 4 with Jetty $_REAL_JETTY..." cd /var/opt rm -f -r jetty-distribution-* kill -9 $(ps aux | grep '[j]etty9' | awk '{print $2}') &> /dev/null mv -f /opt/jetty9 /var/backups/jetty9-$_INSTALLER_VERSION-$_NOW if [[ "$_APT_XTRA" =~ "openjdk-7-jdk" ]] ; then get_dev_arch "jetty-distribution-$_JETTY_9_VERSION.tar.gz" mv /var/opt/jetty-distribution-$_JETTY_9_VERSION /opt/jetty9 echo $_JETTY_9_VERSION > /opt/jetty9/jetty-ctrl-$_JETTY_9_VERSION-version.txt else get_dev_arch "jetty-distribution-$_JETTY_8_VERSION.tar.gz" mv /var/opt/jetty-distribution-$_JETTY_8_VERSION /opt/jetty9 echo $_JETTY_8_VERSION > /opt/jetty9/jetty-ctrl-$_JETTY_8_VERSION-version.txt sed -i "s/8/9/g" /opt/jetty9/bin/jetty.sh &> /dev/null sed -i "s/9090/8099/g" /opt/jetty9/bin/jetty.sh &> /dev/null fi if [ -e "/opt/jetty9/start.d/http.ini" ] ; then sed -i "s/8080/8099/g" /opt/jetty9/start.d/http.ini &> /dev/null touch /opt/jetty9/start.d/.fixed.http.ini.txt &> /dev/null fi sed -i "s/8080/8099/g" /opt/jetty9/bin/jetty.sh &> /dev/null get_dev_arch "solr-$_SOLR_4_VERSION.tgz" cp -af /var/opt/solr-$_SOLR_4_VERSION/dist/solr-$_SOLR_4_VERSION.war /opt/jetty9/webapps/solr.war rm -f -r /opt/jetty9/solr cd /opt/jetty9/lib/ wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.3.jar wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.1.jar cd /var/opt chown -R jetty9:jetty9 /opt/jetty9 mrun "service jetty9 start" &> /dev/null msg "INFO: MultiCore Apache Solr 4 with Jetty $_REAL_JETTY upgrade completed" echo "solr-$_SOLR_4_VERSION" > $_SOLR_CTRL fi fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "SR3" ]] ; then if [ ! -d "/opt/solr3" ] ; then echo " " if prompt_yes_no "Do you want to install MultiCore Apache Solr 3 with Jetty 8?" ; then true msg "INFO: Installing MultiCore Apache Solr 3 with Jetty 8..." cd /var/opt rm -f -r jetty-distribution-* rm -f -r /opt/solr3 rm -f -r /opt/jetty8 rm -f /etc/jetty.conf get_dev_arch "jetty-distribution-$_JETTY_8_VERSION.tar.gz" mv /var/opt/jetty-distribution-$_JETTY_8_VERSION /opt/jetty8 echo $_JETTY_8_VERSION > /opt/jetty8/jetty-ctrl-$_JETTY_8_VERSION-version.txt get_dev_arch "apache-solr-$_SOLR_3_VERSION.tgz" cp -af /var/opt/apache-solr-$_SOLR_3_VERSION/dist/apache-solr-$_SOLR_3_VERSION.war /opt/jetty8/webapps/solr.war mv -f /var/opt/apache-solr-$_SOLR_3_VERSION/example/multicore /opt/solr3 &> /dev/null mkdir -p /opt/solr3/core{0,1,2,3,4,5,6,7,8,9}/conf mkdir -p /opt/solr3/core{0,1,2,3,4,5,6,7,8,9}/data mkdir -p /var/log/jetty8 if [ ! -e "/opt/tika8" ] ; then cd /var/opt rm -f -r apachesolr_attachments* get_dev_contrib "apachesolr_attachments-7.x-1.x-dev.tar.gz" cd /var/opt/apache-solr-$_SOLR_3_VERSION/example/solr/conf patch -p0 < /var/opt/apachesolr_attachments/solrconfig.tika.patch &> /dev/null ln -sf /opt/jetty8/lib /opt/tika8 cd /opt/tika8 wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.3.jar wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.1.jar fi for Dir in `find /opt/solr3/core{0,1,2,3,4,5,6,7,8,9}/ -maxdepth 1 -mindepth 1 -type d | grep conf` ; do rm -f -r $Dir/* cp -af /var/opt/apache-solr-$_SOLR_3_VERSION/example/solr/conf/* $Dir/ &> /dev/null done adduser --system --group --home /opt/solr3 jetty8 &> /dev/null if [ ! -e "/opt/solr3/search_api_solr-7.x-1.5.log" ] ; then cd /var/opt rm -f -r search_api_solr* get_dev_contrib "search_api_solr-7.x-1.5.tar.gz" for Dir in `find /opt/solr3/core{0,1,2,3,4,5,6,7,8,9}/ -maxdepth 1 -mindepth 1 -type d | grep conf` ; do cp -af /var/opt/search_api_solr/solr-conf/3.x/* $Dir/ &> /dev/null done sed -i "s/8983/8088/g" /opt/solr3/core{0,1,2,3,4,5,6,7,8,9}/conf/solrcore.properties &> /dev/null touch /opt/solr3/search_api_solr-7.x-1.5.log fi cp -af /opt/tmp/$_BOA_REPO_NAME/docs/SOLR.txt /opt/solr3/README.txt &> /dev/null chown -R jetty8:jetty8 /opt/solr3 chown -R jetty8:jetty8 /opt/jetty8 chown -R jetty8:jetty8 /var/log/jetty8 echo "JAVA=/usr/bin/java # Path to Java 1.6" > /etc/default/jetty8 echo "JAVA_HOME=/usr/lib/jvm/java-6-openjdk/jre # Path to Java 1.6" >> /etc/default/jetty8 echo "NO_START=0 # Start on boot" >> /etc/default/jetty8 echo "JETTY_HOST=127.0.0.1 # Listen on localhost" >> /etc/default/jetty8 echo "JETTY_PORT=8088 # Run on this port" >> /etc/default/jetty8 echo "JETTY_USER=jetty8 # Run as this user" >> /etc/default/jetty8 echo "JETTY_HOME=/opt/jetty8 # Home directory" >> /etc/default/jetty8 echo "JETTY_LOGS=/var/log/jetty8 # Logs directory" >> /etc/default/jetty8 echo "JETTY_RUN=/var/run # Run directory" >> /etc/default/jetty8 echo "JETTY_PID=\$JETTY_RUN/jetty8.pid # Pid file" >> /etc/default/jetty8 echo "JAVA_OPTIONS=\"-Xms8m -Xmx128m -Djava.awt.headless=true -Dsolr.solr.home=/opt/solr3 \$JAVA_OPTIONS\" # Options" >> /etc/default/jetty8 sed -i "s/8080/8088/g" /opt/jetty8/bin/jetty.sh &> /dev/null ln -sf /opt/jetty8/bin/jetty.sh /etc/init.d/jetty8 &> /dev/null chmod 755 /etc/init.d/jetty8 st_runner "update-rc.d jetty8 defaults" &> /dev/null mrun "service jetty8 start" &> /dev/null msg "INFO: MultiCore Apache Solr 3 with Jetty 8 installation completed" else msg "INFO: MultiCore Apache Solr 3 with Jetty 8 installation skipped" fi fi fi if [ "$_UP_JDK" = "YES" ] && [ -e "/etc/init.d/jetty8" ] ; then msg "INFO: Jetty 8 restart in progress - required after java upgrade" kill -9 $(ps aux | grep '[j]etty8' | awk '{print $2}') &> /dev/null mrun "service jetty8 start" &> /dev/null msg "INFO: Jetty 8 restart completed" fi _JETTY_CTRL="/opt/jetty8/jetty-ctrl-$_JETTY_8_VERSION-version.txt" _SOLR_CTRL="/opt/jetty8/solr-$_SOLR_3_VERSION-version.txt" if [ -e "/opt/jetty8/VERSION.txt" ] ; then if [ ! -e "$_JETTY_CTRL" ] || [ ! -e "$_SOLR_CTRL" ] ; then msg "INFO: Upgrading MultiCore Apache Solr 3 with Jetty 8..." cd /var/opt rm -f -r jetty-distribution-* get_dev_arch "jetty-distribution-$_JETTY_8_VERSION.tar.gz" kill -9 $(ps aux | grep '[j]etty8' | awk '{print $2}') &> /dev/null mv -f /opt/jetty8 /var/backups/jetty8-$_INSTALLER_VERSION-$_NOW mv -f /var/opt/jetty-distribution-$_JETTY_8_VERSION /opt/jetty8 echo $_JETTY_8_VERSION > /opt/jetty8/jetty-ctrl-$_JETTY_8_VERSION-version.txt get_dev_arch "apache-solr-$_SOLR_3_VERSION.tgz" cp -af /var/opt/apache-solr-$_SOLR_3_VERSION/dist/apache-solr-$_SOLR_3_VERSION.war /opt/jetty8/webapps/solr.war rm -f -r /opt/jetty8/solr cd /opt/jetty8/lib/ wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.3.jar wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.1.jar cd /var/opt chown -R jetty8:jetty8 /opt/jetty8 mrun "service jetty8 start" &> /dev/null msg "INFO: MultiCore Apache Solr 3 with Jetty 8 upgrade completed" echo "solr-$_SOLR_3_VERSION" > $_SOLR_CTRL fi fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "SR1" ]] || [ "$_TOMCAT_TO_JETTY" = "YES" ] ; then if [ ! -d "/opt/solr1" ] ; then echo " " if prompt_yes_no "Do you want to install MultiCore Apache Solr 1 with Jetty 7?" ; then true msg "INFO: Installing MultiCore Apache Solr 1 with Jetty 7..." cd /var/opt rm -f -r jetty-distribution-* rm -f -r /opt/solr1 rm -f -r /opt/jetty7 rm -f /etc/jetty.conf get_dev_arch "jetty-distribution-$_JETTY_7_VERSION.tar.gz" mv /var/opt/jetty-distribution-$_JETTY_7_VERSION /opt/jetty7 echo $_JETTY_7_VERSION > /opt/jetty7/jetty-ctrl-$_JETTY_7_VERSION-version.txt get_dev_arch "apache-solr-$_SOLR_1_VERSION.tgz" cp -af /var/opt/apache-solr-$_SOLR_1_VERSION/dist/apache-solr-$_SOLR_1_VERSION.war /opt/jetty7/webapps/solr.war mv -f /var/opt/apache-solr-$_SOLR_1_VERSION/example/multicore /opt/solr1 &> /dev/null mkdir -p /opt/solr1/core{0,1,2,3,4,5,6,7,8,9}/conf mkdir -p /opt/solr1/core{0,1,2,3,4,5,6,7,8,9}/data mkdir -p /var/log/jetty7 if [ ! -e "/opt/tika7" ] ; then cd /var/opt rm -f -r apachesolr_attachments* get_dev_contrib "apachesolr_attachments-7.x-1.x-dev.tar.gz" cd /var/opt/apache-solr-$_SOLR_1_VERSION/example/solr/conf patch -p0 < /var/opt/apachesolr_attachments/solrconfig.tika.patch &> /dev/null ln -sf /opt/jetty7/lib /opt/tika7 cd /opt/tika7 wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.3.jar wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.1.jar fi for Dir in `find /opt/solr1/core{0,1,2,3,4,5,6,7,8,9}/ -maxdepth 1 -mindepth 1 -type d | grep conf` ; do rm -f -r $Dir/* cp -af /var/opt/apache-solr-$_SOLR_1_VERSION/example/solr/conf/* $Dir/ &> /dev/null done adduser --system --group --home /opt/solr1 jetty7 &> /dev/null if [ ! -e "/opt/solr1/search_api_solr-7.x-1.5.log" ] ; then cd /var/opt rm -f -r search_api_solr* get_dev_contrib "search_api_solr-7.x-1.5.tar.gz" for Dir in `find /opt/solr1/core{0,1,2,3,4,5,6,7,8,9}/ -maxdepth 1 -mindepth 1 -type d | grep conf` ; do cp -af /var/opt/search_api_solr/solr-conf/1.4/* $Dir/ &> /dev/null done sed -i "s/8983/8077/g" /opt/solr1/core{0,1,2,3,4,5,6,7,8,9}/conf/solrcore.properties &> /dev/null touch /opt/solr1/search_api_solr-7.x-1.5.log fi cp -af /opt/tmp/$_BOA_REPO_NAME/docs/SOLR.txt /opt/solr1/README.txt &> /dev/null rm -f -r /opt/jetty7/solr chown -R jetty7:jetty7 /opt/solr1 chown -R jetty7:jetty7 /opt/jetty7 chown -R jetty7:jetty7 /var/log/jetty7 echo "JAVA=/usr/bin/java # Path to Java 1.6" > /etc/default/jetty7 echo "JAVA_HOME=/usr/lib/jvm/java-6-openjdk/jre # Path to Java 1.6" >> /etc/default/jetty7 echo "NO_START=0 # Start on boot" >> /etc/default/jetty7 echo "JETTY_HOST=127.0.0.1 # Listen on localhost" >> /etc/default/jetty7 echo "JETTY_PORT=8077 # Run on this port" >> /etc/default/jetty7 echo "JETTY_USER=jetty7 # Run as this user" >> /etc/default/jetty7 echo "JETTY_HOME=/opt/jetty7 # Home directory" >> /etc/default/jetty7 echo "JETTY_LOGS=/var/log/jetty7 # Logs directory" >> /etc/default/jetty7 echo "JETTY_RUN=/var/run # Run directory" >> /etc/default/jetty7 echo "JETTY_PID=\$JETTY_RUN/jetty7.pid # Pid file" >> /etc/default/jetty7 echo "JAVA_OPTIONS=\"-Xms8m -Xmx128m -Djava.awt.headless=true -Dsolr.solr.home=/opt/solr1 \$JAVA_OPTIONS\" # Options" >> /etc/default/jetty7 sed -i "s/8080/8077/g" /opt/jetty7/bin/jetty.sh &> /dev/null ln -sf /opt/jetty7/bin/jetty.sh /etc/init.d/jetty7 &> /dev/null chmod 755 /etc/init.d/jetty7 st_runner "update-rc.d jetty7 defaults" &> /dev/null mrun "service jetty7 start" &> /dev/null msg "INFO: MultiCore Apache Solr 1 with Jetty 7 installation completed" else msg "INFO: MultiCore Apache Solr 1 with Jetty 7 installation skipped" fi fi fi if [ "$_UP_JDK" = "YES" ] && [ -e "/etc/init.d/jetty7" ] ; then msg "INFO: Jetty 7 restart in progress - required after java upgrade" kill -9 $(ps aux | grep '[j]etty7' | awk '{print $2}') &> /dev/null mrun "service jetty7 start" &> /dev/null msg "INFO: Jetty 7 restart completed" fi if [ "$_TOMCAT_TO_JETTY" = "YES" ] && [ -e "/etc/init.d/jetty7" ] && [ -e "/etc/default/tomcat" ] && [ -e "/etc/init.d/tomcat" ] ; then msg "INFO: Tomcat 6 to Jetty 7 migration for Apache Solr 1 in progress..." mrun "service tomcat stop" &> /dev/null st_runner "update-rc.d tomcat remove" &> /dev/null mv -f /etc/init.d/tomcat /etc/init.d/offtomcat &> /dev/null mv -f /opt/solr1/solr.xml /opt/solr1/vanilla-solr.xml mv -f /opt/solr/* /opt/solr1/ cp -af /opt/tmp/$_BOA_REPO_NAME/docs/SOLR.txt /opt/solr1/README.txt &> /dev/null chown -R jetty7:jetty7 /opt/solr1 sed -i "s/8077/8080/g" /etc/default/jetty7 &> /dev/null sed -i "s/8077/8080/g" /opt/solr1/core{0,1,2,3,4,5,6,7,8,9}/conf/solrcore.properties &> /dev/null sed -i "s/8077/8080/g" /opt/solr1/site_00{1,2,3,4,5,6,7,8,9}/conf/solrcore.properties &> /dev/null sed -i "s/8077/8080/g" /opt/solr1/conf/solrcore.properties &> /dev/null msg "INFO: Jetty 7 restart in progress - required after migration from Tomcat" kill -9 $(ps aux | grep '[j]etty7' | awk '{print $2}') &> /dev/null mrun "service jetty7 start" &> /dev/null sed -i "s/.*_TOMCAT_TO_JETTY.*//g" /root/.barracuda.cnf &> /dev/null sed -i "/^$/d" /root/.barracuda.cnf &> /dev/null msg "INFO: Tomcat 6 to Jetty 7 migration for Apache Solr 1 completed" fi _JETTY_CTRL="/opt/jetty7/jetty-ctrl-$_JETTY_7_VERSION-version.txt" _SOLR_CTRL="/opt/jetty7/solr-$_SOLR_1_VERSION-version.txt" if [ -e "/opt/jetty7/VERSION.txt" ] ; then if [ ! -e "$_JETTY_CTRL" ] || [ ! -e "$_SOLR_CTRL" ] ; then msg "INFO: Upgrading MultiCore Apache Solr 1 with Jetty 7..." cd /var/opt rm -f -r jetty-distribution-* get_dev_arch "jetty-distribution-$_JETTY_7_VERSION.tar.gz" kill -9 $(ps aux | grep '[j]etty7' | awk '{print $2}') &> /dev/null mv -f /opt/jetty7 /var/backups/jetty7-$_INSTALLER_VERSION-$_NOW mv -f /var/opt/jetty-distribution-$_JETTY_7_VERSION /opt/jetty7 echo $_JETTY_7_VERSION > /opt/jetty7/jetty-ctrl-$_JETTY_7_VERSION-version.txt get_dev_arch "apache-solr-$_SOLR_1_VERSION.tgz" cp -af /var/opt/apache-solr-$_SOLR_1_VERSION/dist/apache-solr-$_SOLR_1_VERSION.war /opt/jetty7/webapps/solr.war rm -f -r /opt/jetty7/solr cd /opt/jetty7/lib/ wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.3.jar wget -q -U iCab http://files.aegir.cc/dev/tika-app-1.1.jar cd /var/opt chown -R jetty7:jetty7 /opt/jetty7 mrun "service jetty7 start" &> /dev/null msg "INFO: MultiCore Apache Solr 1 with Jetty 7 upgrade completed" fi fi ###--------------------### if [ ! -e "/root/.my.pass.txt" ] ; then msg "INFO: Generating random password for $_DB_SERVER" touch /root/.my.pass.txt chmod 0600 /root/.my.pass.txt &> /dev/null _ESC_PASS="" _LEN_PASS=0 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then _ESC_PASS=$(randpass 32 esc) _ESC_PASS=`echo -n $_ESC_PASS | tr -d "\n"` _LEN_PASS=$(echo ${#_ESC_PASS}) fi if [ -z "$_ESC_PASS" ] || [ $_LEN_PASS -lt 19 ] ; then _ESC_PASS=`pwgen -v -s -1` _ESC_PASS=`echo -n $_ESC_PASS | tr -d "\n"` _ESC_PASS=`sanitize_string "$_ESC_PASS"` fi echo "$_ESC_PASS" > /root/.my.pass.txt fi if [ -e "/root/.my.pass.txt" ] ; then for Files in `find /var/xdrago -maxdepth 1 -mindepth 1 -type f` ; do sed -i "s/php-fpm nginx php/php-fpm php-cgi nginx php/g" $Files &> /dev/null done if [ "$_STATUS" = "INIT" ] ; then msg "INFO: Updating $_DB_SERVER and PHP configuration" update_sql_conf update_php_conf tune_memory_limits msg "INFO: Restarting $_DB_SERVER server" mrun "service mysql restart" &> /dev/null msg "INFO: OS and services installation completed" else msg "INFO: Updating $_DB_SERVER and PHP configuration" update_sql_conf update_php_conf tune_memory_limits msg "INFO: OS and services upgrade completed" fi else msg "EXIT on error due to not found file with your MySQL/$_DB_SERVER root password" cat < /root/.my.pass.txt chmod 0600 /root/.my.pass.txt EOF msg "EXIT on error due to not found file with your MySQL/$_DB_SERVER root password" exit 1 fi if [ "$_STATUS" = "INIT" ] ; then ###--------------------### if [ ! -e "/var/run/mysqld/mysqld.pid" ] || [ ! -e "/var/run/mysqld/mysqld.sock" ] ; then msg "ALRT: $_DB_SERVER server not running properly!" msg "EXIT: We can't proceed with installation and will exit now" msg "HINT: Please check $_LOG for more information," msg "HINT: (re)start $_DB_SERVER server and then run installer again" msg "Bye" rm -f /root/.my.pass.txt mkdir -p /var/aegir exit 1 fi msg "INFO: Installing Aegir Master Instance, please wait..." adduser --system --group --home /var/aegir aegir &> /dev/null usermod -aG www-data aegir &> /dev/null usermod -aG users aegir &> /dev/null echo "aegir ALL=NOPASSWD: /etc/init.d/nginx" >> /etc/sudoers ln -sf /var/aegir/config/nginx.conf /etc/nginx/conf.d/aegir.conf &> /dev/null update_nginx_conf cd /var/aegir _AEGIR_SCRIPT="AegirSetupM.sh.txt" for Files in `find /opt/tmp/$_BOA_REPO_NAME/aegir/scripts -type f` ; do sed -i "s/EDIT_AEGIR_VERSION/$_AEGIR_VERSION/g" $Files &> /dev/null sed -i "s/EDIT_BOA_REPO_GIT_URL/$_BOA_REPO_GIT_URLX/g" $Files &> /dev/null sed -i "s/EDIT_BOA_REPO_NAME/$_BOA_REPO_NAME/g" $Files &> /dev/null sed -i "s/EDIT_DRUSH_VERSION/$_DRUSH_VERSION/g" $Files &> /dev/null sed -i "s/EDIT_PHP_CLI_VERSION/$_PHP_CLI_VERSION/g" $Files &> /dev/null sed -i "s/EDIT_THIS_DB_HOST/$_THIS_DB_HOST/g" $Files &> /dev/null sed -i "s/EDIT_USE_STOCK/$_USE_STOCK/g" $Files &> /dev/null sed -i "s/EDIT_LOCAL_NETWORK_IP/$_LOCAL_NETWORK_IP/g" $Files &> /dev/null done cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/scripts/$_AEGIR_SCRIPT ./ if [ "$_USE_STOCK" = "YES" ] ; then if [ "$_DEBUG_MODE" = "YES" ] ; then su -s /bin/bash - aegir -c "bash $_AEGIR_SCRIPT $_THIS_FRONT --http_service_type='nginx' --aegir_db_host='$_THIS_DB_HOST' --client_email='$_MY_EMAIL' -y -d" else su -s /bin/bash - aegir -c "bash $_AEGIR_SCRIPT $_THIS_FRONT --http_service_type='nginx' --aegir_db_host='$_THIS_DB_HOST' --client_email='$_MY_EMAIL' -y >/var/aegir/install.log 2>&1" fi else if [ "$_DEBUG_MODE" = "YES" ] ; then su -s /bin/bash - aegir -c "bash $_AEGIR_SCRIPT $_THIS_FRONT --http_service_type='nginx' --db_service_type='mysql' --db_port='3306' --aegir_db_host='$_THIS_DB_HOST' --client_email='$_MY_EMAIL' -y -d" else su -s /bin/bash - aegir -c "bash $_AEGIR_SCRIPT $_THIS_FRONT --http_service_type='nginx' --db_service_type='mysql' --db_port='3306' --aegir_db_host='$_THIS_DB_HOST' --client_email='$_MY_EMAIL' -y >/var/aegir/install.log 2>&1" fi fi if [ -e "/opt/tmp/status-AegirSetupM-FAIL" ] ; then msg "FATAL ERROR: AegirSetupM installer failed" msg "FATAL ERROR: Aborting Barracuda installer NOW!" msg "HINT: Please check /var/aegir/install.log for more information on errors occured" touch /opt/tmp/status-Barracuda-FAIL exit 1 fi _U_HD="/var/aegir/.drush" chattr +i $_U_HD/php.ini &> /dev/null if [ "$_HTTP_WILDCARD" = "YES" ] ; then sed -i "s/\!empty.*';/'*';/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/server.tpl.php &> /dev/null sed -i "s/\!empty.*';/'*';/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/vhost.tpl.php &> /dev/null sed -i "s/\!empty.*';/'*';/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/vhost_disabled.tpl.php &> /dev/null sed -i "s/\!empty.*';/'*';/g" /var/aegir/.drush/xts/provision_cdn/Provision/Config/cdn.tpl.php &> /dev/null fi if [ "$_USE_STOCK" = "YES" ] || [ "$_DRUSH_CC_REQ" = "YES" ] ; then su -s /bin/bash - aegir -c "drush cache-clear drush &> /dev/null" fi msg "INFO: Running hosting-dispatch (1/3)..." su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" mrun "sleep 5" msg "INFO: Running hosting-dispatch (2/3)..." su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" mrun "sleep 5" msg "INFO: Running hosting-dispatch (3/3)..." su -s /bin/bash - aegir -c "drush @hostmaster hosting-dispatch &> /dev/null" if [ "$_HTTP_WILDCARD" = "YES" ] && [ -d "/var/aegir/config/includes" ] ; then echo "WILD" > /var/aegir/config/includes/wildcard_listen_http_enabled.txt fi _THIS_HM_ROOT=`cat /var/aegir/.drush/hostmaster.alias.drushrc.php | grep "root'" | cut -d: -f2 | awk '{ print $3}' | sed "s/[\,']//g"` mkdir -p $_THIS_HM_ROOT/sites/all/{modules,themes,libraries} &> /dev/null chown -R aegir:aegir $_THIS_HM_ROOT/sites/all &> /dev/null rm -f /var/aegir/$_AEGIR_SCRIPT ###--------------------### if [ -e "/var/aegir/config/includes/nginx_modern_include.conf" ] && [ "$_USE_STOCK" = "NO" ] ; then _DO_NOTHING=YES elif [ -e "/var/aegir/config/includes/nginx_vhost_common.conf" ] && [ "$_USE_STOCK" = "YES" ] ; then _DO_NOTHING=YES else msg "FATAL ERROR: Something went wrong, Aegir Master Instance not installed - exit now" msg "HINT: Please check /var/aegir/install.log for more information on errors occured" exit 1 fi ###--------------------### if [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/var/aegir/config/includes/global.inc" ] ; then mv -f /var/aegir/config/includes/global.inc /var/aegir/config/includes/global.inc-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null fi mkdir -p /data/conf cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc /data/conf/global.inc sed -i "s/3600/$_SPEED_VALID_MAX/g" /data/conf/global.inc &> /dev/null if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then ln -sf /data/conf/global.inc /var/aegir/config/includes/global.inc fi update_redis_password force_advanced_nginx_config if [ "$_DRUSH_VERSION" = "mini-4-14-03-2014" ] ; then sed -i "s/which one she wants./which one she wants.\n chdir(\$request['base_project_path'])\;/g" /var/aegir/drush/commands/pm/package_handler/wget.inc &> /dev/null fi chmod 0711 /var/aegir/config/includes &> /dev/null chmod 0711 /var/aegir/config &> /dev/null find /var/aegir/host_master/*/profiles/* -type d -exec chmod 0755 {} \; &> /dev/null find /var/aegir/host_master/*/profiles/* -type f -exec chmod 0644 {} \; &> /dev/null find /var/aegir/*/profiles/* -type d -exec chmod 0755 {} \; &> /dev/null find /var/aegir/*/profiles/* -type f -exec chmod 0644 {} \; &> /dev/null chown -R aegir:aegir /var/aegir/.drush &> /dev/null find /var/aegir/.drush -type d -exec chmod 0755 {} \; &> /dev/null find /var/aegir/.drush -type f -exec chmod 0644 {} \; &> /dev/null chmod 0440 /var/aegir/.drush/*.php &> /dev/null chmod 0711 /var/aegir/.drush &> /dev/null cd /var/aegir rm -f /etc/nginx/sites-available/default rm -f /etc/nginx/sites-enabled/default if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx.conf" ] ; then mv -f /etc/nginx/nginx.conf /etc/nginx/nginx.conf-old &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx.conf /etc/nginx/nginx.conf fi mrun "service nginx reload" &> /dev/null msg "INFO: Aegir Master Instance installation completed" else echo " " if [ "$_SQUEEZE_TO_WHEEZY" = "YES" ] && [ "$_LOC_REL_VERSION" = "squeeze" ] ; then msg "INFO: Aegir Master Instance upgrade skipped!" echo " " msg "NOTE! You *must* reboot the server and then run boa up-stable *again*" msg "NOTE! to complete all system upgrades and upgrade also" msg "NOTE! Aegir Master Instance securely" echo " " elif [ "$_LENNY_TO_SQUEEZE" = "YES" ] && [ "$_LOC_REL_VERSION" = "lenny" ] ; then msg "INFO: Aegir Master Instance upgrade skipped!" echo " " msg "NOTE! You *must* reboot the server and then run boa up-stable *again*" msg "NOTE! to complete all system upgrades and upgrade also" msg "NOTE! Aegir Master Instance securely" echo " " elif [ "$_SYSTEM_UPGRADE_ONLY" = "YES" ] ; then msg "INFO: Aegir Master Instance upgrade skipped" echo " " else msg "INFO: Restarting $_DB_SERVER server, please wait..." rm -f /var/lib/mysql/mysql_upgrade_info &> /dev/null mrun "service mysql restart" &> /dev/null mrun "sleep 8" msg "INFO: Upgrading $_DB_SERVER tables if necessary, please wait a minute..." mrun "sleep 60" if [ ! -e "/var/run/mysqld/mysqld.pid" ] || [ ! -e "/var/run/mysqld/mysqld.sock" ] ; then msg "ALRT: $_DB_SERVER server not running properly!" msg "EXIT: We can't proceed with upgrade and will exit now" msg "HINT: Please check $_LOG for more information," msg "HINT: (re)start $_DB_SERVER server and then run installer again" msg "Bye" exit 1 fi echo " " upgrade_aegir_master fi fi update_php_cli_cron ###--------------------### if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/mime.types" ] ; then mv -f /etc/nginx/mime.types /etc/nginx/mime.types-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/mime.types /etc/nginx/mime.types if [ ! -L "/var/www/nginx-default/index.html" ] && [ ! -L "/var/www/nginx-default/under_construction.jpg" ] ; then mkdir -p /var/www/nginx-default mv -f /var/www/nginx-default/index.html /var/www/nginx-default/index.html-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/uc.html /var/www/nginx-default/index.html cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/under_construction.jpg /var/www/nginx-default/under_construction.jpg fi rm -f /etc/nginx/sites-available/default rm -f /etc/nginx/sites-enabled/default if [ ! -e "/var/run/aegir_upgrade.pid" ] ; then mrun "service nginx reload" &> /dev/null fi fi ###--------------------### if [ ! -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] ; then msg "INFO: Installing default SSL Wildcard Nginx Proxy..." _HTTPS_TEST=`netstat -ln | grep :443 2>&1` if [[ "$_HTTPS_TEST" =~ "443" ]] ; then _HTTPS_TEST=EXIST msg "WARNING!" cat < /dev/null validate_xtras_ip &> /dev/null openssl req -x509 -nodes -days 7300 -subj "/C=US/ST=New York/O=Aegir/OU=Cloud/L=New York/CN=*.$_THISHOST" -newkey rsa:4096 -keyout /etc/ssl/private/nginx-wild-ssl.key -out /etc/ssl/private/nginx-wild-ssl.crt -batch 2> /dev/null _WILD_SSL_VHOST="/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" cp -a /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_wild_ssl.conf $_WILD_SSL_VHOST if [ "$_HTTP_WILDCARD" = "YES" ] ; then sed -i "s/127.0.0.1:80/localhost:80/g" $_WILD_SSL_VHOST &> /dev/null else sed -i "s/127.0.0.1:80/$_THISHTIP:80/g" $_WILD_SSL_VHOST &> /dev/null fi sed -i "s/127.0.0.1:443/$_XTRAS_THISHTIP:443/g" $_WILD_SSL_VHOST &> /dev/null mkdir -p /data/conf if [ -e "/opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc" ] ; then cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/global.inc /data/conf/global.inc fi if [ -e "/var/aegir/config/includes" ] && [ ! -L "/var/aegir/config/includes/global.inc" ] && [ -e "/data/conf/global.inc" ] ; then ln -sf /data/conf/global.inc /var/aegir/config/includes/global.inc fi sed -i "s/3600/$_SPEED_VALID_MAX/g" /data/conf/global.inc &> /dev/null update_redis_password killall -9 nginx &> /dev/null mrun "service nginx start" &> /dev/null fi fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "ALL" ]] || [[ "$_XTRAS_LIST" =~ "CHV" ]] ; then _CHIVE_VHOST="/var/aegir/config/server_master/nginx/vhost.d/chive.$_THIS_FRONT" if [ ! -d "/var/www/chive" ] || [ ! -f "$_CHIVE_VHOST" ] || [ ! -f "/var/xdrago/log/chive-$_CHIVE_VERSION.fx3vhost.log" ] ; then echo " " if prompt_yes_no "Do you want to install Chive $_DB_SERVER Manager?" ; then true msg "INFO: Installing Chive $_DB_SERVER Manager..." cd /var/www rm -f -r /var/www/chive &> /dev/null get_dev_arch "chive_$_CHIVE_VERSION.tar.gz" validate_public_ip &> /dev/null validate_xtras_ip &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_sql_chive.conf $_CHIVE_VHOST sed -i "s/127.0.0.1:80/$_XTRAS_THISHTIP:80/g" $_CHIVE_VHOST &> /dev/null sed -i "s/127.0.0.1:443/$_XTRAS_THISHTIP:443/g" $_CHIVE_VHOST &> /dev/null sed -i "s/chive_name/chive.$_THIS_FRONT $_THISHTIP/g" $_CHIVE_VHOST &> /dev/null touch /var/xdrago/log/chive-$_CHIVE_VERSION.fx3vhost.log msg "INFO: Chive $_DB_SERVER Manager installation completed" else msg "INFO: Chive $_DB_SERVER Manager installation skipped" fi fi fi ###--------------------### if [ -d "/var/www/chive" ] ; then if [ ! -z "$_PHP_CN" ] ; then msg "INFO: _PHP_CN set to $_PHP_CN for Chive $_DB_SERVER Manager" chown -R $_PHP_CN:www-data /var/www/chive else msg "NOTE: _PHP_CN not set for Chive $_DB_SERVER Manager" chown -R www-data:www-data /var/www/chive fi find /var/www/chive -type d -exec chmod 0775 {} \; &> /dev/null find /var/www/chive -type f -exec chmod 0664 {} \; &> /dev/null fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "BDD" ]] ; then _SQLBUDDY_VHOST="/var/aegir/config/server_master/nginx/vhost.d/sqlbuddy.$_THIS_FRONT" if [ ! -d "/var/www/sqlbuddy" ] || [ ! -f "$_SQLBUDDY_VHOST" ] || [ ! -f "/var/xdrago/log/sqlbuddy.fx3vhost.log" ] ; then echo " " if prompt_yes_no "Do you want to install SQL Buddy $_DB_SERVER Manager?" ; then true msg "INFO: Installing SQL Buddy $_DB_SERVER Manager..." rm -f -r /var/www/sqlbuddy cd /var/www get_dev_arch "sqlbuddy_1_3_3.tar.gz" validate_public_ip &> /dev/null validate_xtras_ip &> /dev/null cp -a /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_sql_buddy.conf $_SQLBUDDY_VHOST sed -i "s/127.0.0.1:80/$_XTRAS_THISHTIP:80/g" $_SQLBUDDY_VHOST &> /dev/null sed -i "s/127.0.0.1:443/$_XTRAS_THISHTIP:443/g" $_SQLBUDDY_VHOST &> /dev/null sed -i "s/buddy_name/sqlbuddy.$_THIS_FRONT/g" $_SQLBUDDY_VHOST &> /dev/null touch /var/xdrago/log/sqlbuddy.fx3vhost.log msg "INFO: SQL Buddy $_DB_SERVER Manager installation completed" else msg "INFO: SQL Buddy $_DB_SERVER Manager installation skipped" fi fi fi ###--------------------### if [ -d "/var/www/sqlbuddy" ] ; then if [ ! -z "$_PHP_CN" ] ; then msg "INFO: _PHP_CN set to $_PHP_CN for SQL Buddy $_DB_SERVER Manager" chown -R $_PHP_CN:www-data /var/www/sqlbuddy else msg "NOTE: _PHP_CN not set for SQL Buddy $_DB_SERVER Manager" chown -R www-data:www-data /var/www/sqlbuddy fi find /var/www/sqlbuddy -type d -exec chmod 0775 {} \; &> /dev/null find /var/www/sqlbuddy -type f -exec chmod 0664 {} \; &> /dev/null fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "ALL" ]] || [[ "$_XTRAS_LIST" =~ "CGP" ]] ; then _CGP_VHOST="/var/aegir/config/server_master/nginx/vhost.d/cgp.$_THIS_FRONT" if [ ! -e "/var/run/cloud_vhost.pid" ] ; then if [ ! -d "/var/www/cgp" ] || [ ! -f "$_CGP_VHOST" ] || [ ! -f "/var/xdrago/log/cgp-$_CGP_VERSION.fx3vhost.log" ] ; then echo " " if prompt_yes_no "Do you want to install Collectd Graph Panel?" ; then true msg "INFO: Installing Collectd Graph Panel..." st_runner "$_INSTAPP collectd" 2> /dev/null rm -f -r /var/www/cgp cd /var/www get_dev_arch "cgp-$_CGP_VERSION.tar.gz" if [ -e "/var/www/cgp-$_CGP_VERSION" ] ; then mv -f cgp-$_CGP_VERSION cgp &> /dev/null fi sed -i "s/>uncategorizedBarracuda Server /dev/null sed -i "s/'uncategorized'/'Barracuda Server'/g" /var/www/cgp/index.php &> /dev/null validate_public_ip &> /dev/null validate_xtras_ip &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/nginx_sql_cgp.conf $_CGP_VHOST sed -i "s/127.0.0.1:80/$_XTRAS_THISHTIP:80/g" $_CGP_VHOST &> /dev/null sed -i "s/127.0.0.1:443/$_XTRAS_THISHTIP:443/g" $_CGP_VHOST &> /dev/null sed -i "s/cgp_name/cgp.$_THIS_FRONT/g" $_CGP_VHOST &> /dev/null st_runner "update-rc.d collectd defaults" &> /dev/null echo collectd5 > /var/xdrago/log/cgp-$_CGP_VERSION.fx3vhost.log msg "INFO: Collectd Graph Panel installation completed" else msg "INFO: Collectd Graph Panel installation skipped" fi fi fi fi ###--------------------### fix_collectd_rrd_syslog_flood () { _COLLECTD_CNF="/etc/collectd/collectd.conf" if [ -e "$_COLLECTD_CNF" ] ; then _COLLECTD_CNF_TEST=$(grep "rootfs" $_COLLECTD_CNF) if [[ "$_COLLECTD_CNF_TEST" =~ "rootfs" ]] ; then _DO_NOTHING=YES else echo "" >> $_COLLECTD_CNF echo " FSType \"rootfs\"" >> $_COLLECTD_CNF echo " IgnoreSelected true" >> $_COLLECTD_CNF echo "" >> $_COLLECTD_CNF mrun "service collectd restart" &> /dev/null fi fi } ### Credit: http://emacstragic.net/collectd-causing-rrd-illegal-attempt-to-update-using-time-errors/ ###--------------------### fix_collectd_nginx () { _COLLECTD_CNF="/etc/collectd/collectd.conf" if [ -e "$_COLLECTD_CNF" ] ; then _COLLECTD_CNF_TEST=$(grep "^LoadPlugin nginx" $_COLLECTD_CNF) if [[ "$_COLLECTD_CNF_TEST" =~ "LoadPlugin nginx" ]] ; then _DO_NOTHING=YES else echo "" >> $_COLLECTD_CNF echo " URL \"http://127.0.0.1/nginx_status\"" >> $_COLLECTD_CNF echo " VerifyPeer false" >> $_COLLECTD_CNF echo " VerifyHost false" >> $_COLLECTD_CNF echo "" >> $_COLLECTD_CNF sed -i "s/^#LoadPlugin nginx/LoadPlugin nginx/g" $_COLLECTD_CNF mrun "service collectd restart" &> /dev/null fi fi } ###--------------------### if [ -d "/var/www/cgp" ] && [ "$_VMFAMILY" = "VS" ] && [ ! -e "/boot/grub/grub.cfg" ] && [ ! -e "/boot/grub/menu.lst" ] ; then rm -f /var/aegir/config/server_master/nginx/vhost.d/cgp* mrun "apt-get remove collectd -y --force-yes" &> /dev/null mrun "apt-get purge collectd -y --force-yes" &> /dev/null rm -f -r /var/www/cgp fi ###--------------------### if [ -d "/var/www/cgp" ] ; then if [ ! -z "$_PHP_CN" ] ; then msg "INFO: _PHP_CN set to $_PHP_CN for Collectd Graph Panel" chown -R $_PHP_CN:www-data /var/www/cgp else msg "NOTE: _PHP_CN not set for Collectd Graph Panel" chown -R www-data:www-data /var/www/cgp fi find /var/www/cgp -type d -exec chmod 0775 {} \; &> /dev/null find /var/www/cgp -type f -exec chmod 0664 {} \; &> /dev/null fix_collectd_rrd_syslog_flood fix_collectd_nginx fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "ALL" ]] || [[ "$_XTRAS_LIST" =~ "WMN" ]] ; then if [ ! -d "/etc/webmin" ] && [ ! -e "/var/run/cloud_vhost.pid" ] ; then echo " " if prompt_yes_no "Do you want to install Webmin Control Panel?" ; then true msg "INFO: Installing Webmin Control Panel..." cd /var/opt echo "## Webmin APT Repository" > /etc/apt/sources.list.d/webmin.list echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list.d/webmin.list echo "deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib" >> /etc/apt/sources.list.d/webmin.list _KEYS_SERVER_TEST=FALSE until [[ "$_KEYS_SERVER_TEST" =~ "GnuPG" ]] ; do rm -f jcameron-key.asc* wget -q -U iCab http://files.aegir.cc/dev/jcameron-key.asc _KEYS_SERVER_TEST=`grep GnuPG jcameron-key.asc 2> /dev/null` sleep 2 done cat jcameron-key.asc | apt-key add - &> /dev/null rm -f jcameron-key.asc* touch /var/xdrago/log/webmin_update_apt_src.log st_runner "apt-get update -y --force-yes" &> /dev/null st_runner "$_INSTAPP webmin libxml-simple-perl libcrypt-ssleay-perl" 2> /dev/null update-rc.d webmin defaults &> /dev/null msg "INFO: Webmin Control Panel installation completed" else msg "INFO: Webmin Control Panel installation skipped" fi fi fi ###--------------------### if [[ "$_XTRAS_LIST" =~ "BND" ]] ; then if [ ! -e "/usr/sbin/named" ] || [ "$_FULL_FORCE_REINSTALL" = "YES" ] ; then echo " " if prompt_yes_no "Do you want to install Bind9 DNS Server?" ; then true msg "INFO: Installing Bind9 DNS Server..." if [ -z "$_THISHTIP" ] ; then _LOC_DOM="$_THISHOST" find_correct_ip _THISHTIP="$_LOC_IP" fi st_runner "$_INSTAPP bind9" 2> /dev/null cp -af /etc/bind/named.conf.options /var/backups/named.conf.options.pre-$_INSTALLER_VERSION-$_NOW cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/named.conf.options /etc/bind/named.conf.options sed -i "s/127.0.1.1/$_THISHTIP/g" /etc/bind/named.conf.options &> /dev/null mrun "service bind9 restart" &> /dev/null if [ ! -e "/etc/init.d/bind" ] ; then ln -sf /etc/init.d/bind9 /etc/init.d/bind fi sed -i "s/.*bind.*//g" /etc/sudoers &> /dev/null sed -i "/^$/d" /etc/sudoers &> /dev/null msg "INFO: Bind9 DNS Server installation completed" else msg "INFO: Bind9 DNS Server installation skipped" fi fi fi ###--------------------### fix_compass_path () { if [[ ! -e "/var/xdrago/log/fix-gem-symlinks-$_RUBY_VERSION-$_INSTALLER_VERSION.log" || ! -e "/usr/local/bin/coderay" || "$_RUBY_UPGRADE" = "YES" ]] && [[ -x "/usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/compass" ]] ; then if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [ "$_KEEP_BUNDLER" = "NO" ] ; then rm -f /usr/local/bin/bundle rm -f /usr/local/bin/bundler else ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/bundle /usr/local/bin/bundle &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/bundler /usr/local/bin/bundler &> /dev/null fi else ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/bundle /usr/local/bin/bundle &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/bundler /usr/local/bin/bundler &> /dev/null fi ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/coderay /usr/local/bin/coderay &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/compass /usr/local/bin/compass &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/guard /usr/local/bin/guard &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/listen /usr/local/bin/listen &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/sass /usr/local/bin/sass &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/scss /usr/local/bin/scss &> /dev/null ln -sf /usr/local/rvm/rubies/ruby-$_RUBY_VERSION/bin/gem /usr/local/bin/gem &> /dev/null ln -sf /usr/local/rvm/rubies/ruby-$_RUBY_VERSION/bin/ruby /usr/local/bin/ruby &> /dev/null ln -sf /usr/local/rvm/bin/rvm /usr/local/bin/rvm &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/compass-validate /usr/local/bin/compass-validate &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/ruby_executable_hooks /usr/local/bin/ruby_executable_hooks &> /dev/null ln -sf /usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/sass-convert /usr/local/bin/sass-convert &> /dev/null touch /var/xdrago/log/fix-gem-symlinks-$_RUBY_VERSION-$_INSTALLER_VERSION.log fi } if [ "$_REL_VERSION" = "lenny" ] || [ "$_REL_VERSION" = "lucid" ] ; then _DO_NOTHING=YES else if [[ "$_XTRAS_LIST" =~ "ALL" ]] || [[ "$_XTRAS_LIST" =~ "CSS" ]] || [[ "$_THISHOST" =~ ".host8." ]] || [ -e "/root/.host8.cnf" ] || [ "$_VMFAMILY" = "VS" ] ; then if [ -e "/root/.keep.bundler.cnf" ] ; then _KEEP_BUNDLER=YES else _KEEP_BUNDLER=NO fi if [ "$_STATUS" = "INIT" ] ; then _L_ST="install" else _L_ST="upgrade" fi if [ ! -e "/var/xdrago/log/compass-$_INSTALLER_VERSION-$_NOW-ruby-$_RUBY_VERSION.log" ] ; then echo " " if prompt_yes_no "Do you want to $_L_ST Compass Tools?" ; then true msg "INFO: Running Compass Tools ${_L_ST}..." msg "NOTE! This step may take a LONG time, please wait..." curl -sSL https://get.rvm.io | bash -s stable &> /dev/null if [ -e "/etc/profile.d/rvm.sh" ] ; then source /etc/profile.d/rvm.sh fi if [ ! -x "/usr/local/rvm/rubies/ruby-$_RUBY_VERSION/bin/gem" ] ; then _RUBY_UPGRADE=YES fi if [ ! -e "/var/xdrago/log/gem-conservative-002.log" ] || [ "$_STATUS" = "INIT" ] || [ "$_RUBY_UPGRADE" = "YES" ] ; then mrun "apt-get update -y --force-yes" &> /dev/null mrun "apt-get remove rubygems ruby1.9.1-dev libruby1.9.1 ruby1.9.1 -y --force-yes" &> /dev/null mrun "apt-get autoremove -y --force-yes" &> /dev/null mrun "rvm install $_RUBY_VERSION" &> /dev/null mrun "rvm use $_RUBY_VERSION --default" &> /dev/null ### update rvm mrun "rvm get stable" 2> /dev/null ### install new versions mrun "rvm @global do gem install --conservative bootstrap-sass-extensions" 2> /dev/null mrun "rvm @global do gem install --conservative bootstrap-sass" 2> /dev/null mrun "rvm @global do gem install --conservative breakpoint" 2> /dev/null if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [ "$_KEEP_BUNDLER" = "NO" ] ; then mrun "rvm @global do gem uninstall bundler -x -q -a" 2> /dev/null else mrun "rvm @global do gem install --conservative bundler" 2> /dev/null fi else mrun "rvm @global do gem install --conservative bundler" 2> /dev/null fi mrun "rvm @global do gem install --conservative chunky_png" 2> /dev/null mrun "rvm @global do gem install --conservative compass_radix" 2> /dev/null mrun "rvm @global do gem install --conservative compass_twitter_bootstrap" 2> /dev/null mrun "rvm @global do gem install --conservative compass-960-plugin" 2> /dev/null mrun "rvm @global do gem install --conservative compass-h5bp" 2> /dev/null mrun "rvm @global do gem install --conservative compass-normalize" 2> /dev/null mrun "rvm @global do gem install --conservative compass-rgbapng" 2> /dev/null mrun "rvm @global do gem install --conservative compass-susy-plugin" 2> /dev/null mrun "rvm @global do gem install --conservative compass-validator" 2> /dev/null mrun "rvm @global do gem install --conservative compass" 2> /dev/null mrun "rvm @global do gem install --conservative css_parser" 2> /dev/null mrun "rvm @global do gem install --conservative grunt" 2> /dev/null mrun "rvm @global do gem install --conservative guard-compass" 2> /dev/null mrun "rvm @global do gem install --conservative guard-livereload" 2> /dev/null mrun "rvm @global do gem install --conservative guard-shell" 2> /dev/null mrun "rvm @global do gem install --conservative guard" 2> /dev/null mrun "rvm @global do gem install --conservative oily_png" 2> /dev/null mrun "rvm @global do gem install --conservative rb-inotify" 2> /dev/null mrun "rvm @global do gem install --conservative sass-globbing" 2> /dev/null mrun "rvm @global do gem install --conservative sass" 2> /dev/null mrun "rvm @global do gem install --conservative singularitygs" 2> /dev/null mrun "rvm @global do gem install --conservative susy" 2> /dev/null mrun "rvm @global do gem install --conservative toolkit" 2> /dev/null mrun "rvm @global do gem install --conservative yajl-ruby" 2> /dev/null mrun "rvm @global do gem install --conservative zen-grids" 2> /dev/null mrun "rvm @global do gem install --conservative zurb-foundation" 2> /dev/null ### versions required explicitly by some popular themes mrun "rvm @global do gem install --conservative --version 0.0.2 compass-blend-modes" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.0.6 rb-fchange" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.12.2 compass" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.12.4 compass" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.12.5 compass" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.15.0 celluloid-io" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.15.2 celluloid" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.18.1 thor" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.2.10 fssm" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.2.8 color-schemer" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.9.12.4 pry" 2> /dev/null mrun "rvm @global do gem install --conservative --version 0.9.12.6 pry" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.0.0 guard-compass" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.0.0 sassy-strings" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.0.4 lumberjack" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.0.9 susy" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.1.0 oily_png" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.1.0 timers" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.1.2 singularitygs" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.2.9 chunky_png" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.3.0 chunky_png" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.3.8 toolkit" 2> /dev/null mrun "rvm @global do gem install --conservative --version 1.4.3 compass-normalize" 2> /dev/null mrun "rvm @global do gem install --conservative --version 2.0.1 compass_radix" 2> /dev/null if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then if [ "$_KEEP_BUNDLER" = "NO" ] ; then _DO_NOTHING=YES else mrun "rvm @global do gem install --conservative --version 1.6.2 bundler" 2> /dev/null fi else mrun "rvm @global do gem install --conservative --version 1.6.2 bundler" 2> /dev/null fi mrun "rvm @global do gem install --conservative --version 1.8.4 multi_json" 2> /dev/null mrun "rvm @global do gem install --conservative --version 2.0.7 breakpoint" 2> /dev/null mrun "rvm @global do gem install --conservative --version 2.1.0 guard-livereload" 2> /dev/null mrun "rvm @global do gem install --conservative --version 2.2.5 guard" 2> /dev/null mrun "rvm @global do gem install --conservative --version 2.3.5 addressable" 2> /dev/null mrun "rvm @global do gem install --conservative --version 2.3.6 addressable" 2> /dev/null mrun "rvm @global do gem install --conservative --version 2.4.0 listen" 2> /dev/null mrun "rvm @global do gem install --conservative --version 3.2.13 sass" 2> /dev/null mrun "rvm @global do gem install --conservative --version 3.2.19 sass" 2> /dev/null mrun "rvm @global do gem install --conservative --version 3.4.7 slop" 2> /dev/null mrun "rvm @global do gem install --conservative --version 4.3.2 zurb-foundation" 2> /dev/null ### cleanup & update gems mrun "rvm @global do gem uninstall sassy-math -x -q -a" 2> /dev/null mrun "rvm @global do gem update -q" 2> /dev/null touch /var/xdrago/log/gem-conservative-002.log else ### cleanup & update gems mrun "rvm get stable" 2> /dev/null mrun "rvm @global do gem update -q" 2> /dev/null fi _RBY_FILE="/usr/local/rvm/rubies/ruby-$_RUBY_VERSION/bin/ruby" _RBY_PATH=${_RBY_FILE//\//\\\/} _GEM_FILE="/usr/local/rvm/gems/ruby-$_RUBY_VERSION@global/bin/scout" _GEM_PATH=${_GEM_FILE//\//\\\/} _GEM_CRON="/etc/crontab" _VAR_IF_PRESENT=$(grep "scout" $_GEM_CRON) if [[ "$_VAR_IF_PRESENT" =~ "scout" ]] && [ ! -e "$_GEM_FILE" ] && [ ! -z "$_SCOUT_KEY" ] ; then st_runner "rvm @global do gem install --conservative scout" 2> /dev/null usermod -aG users scout &> /dev/null sed -i "s/\* \* \* \* \* scout .*/* * * * * scout $_GEM_PATH $_SCOUT_KEY/g" $_GEM_CRON &> /dev/null fi if [ -e "$_GEM_FILE" ] ; then sed -i "s/^#\!\/.*/#\!$_RBY_PATH/g" $_GEM_FILE &> /dev/null fi fix_compass_path PATH=/usr/local/bin:/usr/local/sbin:/opt/local/bin:/usr/bin:/usr/sbin:/bin:/sbin;export PATH echo "compass-$_INSTALLER_VERSION-$_NOW" > /var/xdrago/log/compass-$_INSTALLER_VERSION-$_NOW-ruby-$_RUBY_VERSION.log msg "INFO: Compass Tools $_L_ST completed" else msg "INFO: Compass Tools $_L_ST skipped" fi fi fi fi ###--------------------### if [ "$_STATUS" = "INIT" ] ; then msg "INFO: Updating init scripts" cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/clean-boa-env /etc/init.d/clean-boa-env chmod 755 /etc/init.d/clean-boa-env &> /dev/null st_runner "update-rc.d clean-boa-env defaults" &> /dev/null _SSH_USEDNS_TEST=$(grep "UseDNS" /etc/ssh/sshd_config) if [[ "$_SSH_USEDNS_TEST" =~ (^)"UseDNS no" ]] ; then _DO_NOTHING=YES elif [[ "$_SSH_USEDNS_TEST" =~ "UseDNS" ]] ; then sed -i "s/.*UseDNS.*/UseDNS no/g" /etc/ssh/sshd_config &> /dev/null else echo >> /etc/ssh/sshd_config echo "UseDNS no" >> /etc/ssh/sshd_config fi if [ -e "/usr/etc/sshd_config" ] ; then _SSH_USEDNS_TEST=$(grep "UseDNS" /usr/etc/sshd_config) if [[ "$_SSH_USEDNS_TEST" =~ (^)"UseDNS no" ]] ; then _DO_NOTHING=YES elif [[ "$_SSH_USEDNS_TEST" =~ "UseDNS" ]] ; then sed -i "s/.*UseDNS.*/UseDNS no/g" /usr/etc/sshd_config &> /dev/null else echo >> /usr/etc/sshd_config echo "UseDNS no" >> /usr/etc/sshd_config fi fi mrun "service ssh reload" &> /dev/null if [ -e "/etc/default/jetty9" ] && [ -e "/etc/init.d/jetty9" ] ; then msg "INFO: Restarting Jetty 9" kill -9 $(ps aux | grep '[j]etty9' | awk '{print $2}') &> /dev/null mrun "service jetty9 start" &> /dev/null fi if [ -e "/etc/default/jetty8" ] && [ -e "/etc/init.d/jetty8" ] ; then msg "INFO: Restarting Jetty 8" kill -9 $(ps aux | grep '[j]etty8' | awk '{print $2}') &> /dev/null mrun "service jetty8 start" &> /dev/null fi if [ -e "/etc/default/jetty7" ] && [ -e "/etc/init.d/jetty7" ] ; then msg "INFO: Restarting Jetty 7" kill -9 $(ps aux | grep '[j]etty7' | awk '{print $2}') &> /dev/null mrun "service jetty7 start" &> /dev/null fi if [ ! -e "/var/run/aegir_upgrade.pid" ] ; then msg "INFO: Starting Redis, PHP-FPM and Nginx" mrun "service redis-server start" &> /dev/null killall -9 nginx php-cgi php-fpm &> /dev/null st_runner "update-rc.d -f php5-fpm remove" &> /dev/null st_runner "update-rc.d cron defaults" &> /dev/null if [ -e "/etc/init.d/php55-fpm" ] ; then st_runner "update-rc.d php55-fpm defaults" &> /dev/null mrun "service php55-fpm start" &> /dev/null fi if [ -e "/etc/init.d/php54-fpm" ] ; then st_runner "update-rc.d php54-fpm defaults" &> /dev/null mrun "service php54-fpm start" &> /dev/null fi if [ -e "/etc/init.d/php53-fpm" ] ; then st_runner "update-rc.d php53-fpm defaults" &> /dev/null mrun "service php53-fpm start" &> /dev/null fi if [ -e "/etc/init.d/php52-fpm" ] ; then st_runner "update-rc.d php52-fpm defaults" &> /dev/null mrun "service php52-fpm start" &> /dev/null fi st_runner "update-rc.d nginx defaults" &> /dev/null mrun "service nginx start" &> /dev/null fi else if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then sed -i "s/.*UseDNS.*//g" /etc/ssh/sshd_config &> /dev/null sed -i "s/^ClientAliveCountMax.*//g" /etc/ssh/sshd_config &> /dev/null sed -i "s/^ClientAliveInterval.*//g" /etc/ssh/sshd_config &> /dev/null sed -i "s/^IgnoreUserKnownHosts.*//g" /etc/ssh/sshd_config &> /dev/null sed -i "s/^PasswordAuthentication.*//g" /etc/ssh/sshd_config &> /dev/null sed -i "s/^PermitRootLogin.*/PermitRootLogin without-password/g" /etc/ssh/sshd_config &> /dev/null echo >> /etc/ssh/sshd_config echo "IgnoreUserKnownHosts no" >> /etc/ssh/sshd_config echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config echo "UseDNS no" >> /etc/ssh/sshd_config echo "ClientAliveInterval 300" >> /etc/ssh/sshd_config echo "ClientAliveCountMax 3" >> /etc/ssh/sshd_config sed -i "/^$/d" /etc/ssh/sshd_config &> /dev/null if [ -e "/usr/etc/sshd_config" ] ; then sed -i "s/.*UseDNS.*//g" /usr/etc/sshd_config &> /dev/null sed -i "s/^ClientAliveCountMax.*//g" /usr/etc/sshd_config &> /dev/null sed -i "s/^ClientAliveInterval.*//g" /usr/etc/sshd_config &> /dev/null sed -i "s/^IgnoreUserKnownHosts.*//g" /usr/etc/sshd_config &> /dev/null sed -i "s/^PasswordAuthentication.*//g" /usr/etc/sshd_config &> /dev/null sed -i "s/^PermitRootLogin.*/PermitRootLogin without-password/g" /usr/etc/sshd_config &> /dev/null echo >> /usr/etc/sshd_config echo "IgnoreUserKnownHosts no" >> /usr/etc/sshd_config echo "PasswordAuthentication yes" >> /usr/etc/sshd_config echo "UseDNS no" >> /usr/etc/sshd_config echo "ClientAliveInterval 300" >> /usr/etc/sshd_config echo "ClientAliveCountMax 3" >> /usr/etc/sshd_config sed -i "/^$/d" /usr/etc/sshd_config &> /dev/null fi mrun "service ssh reload" &> /dev/null else _SSH_USEDNS_TEST=$(grep "^UseDNS no" /etc/ssh/sshd_config) if [[ "$_SSH_USEDNS_TEST" =~ "UseDNS no" ]] ; then _DO_NOTHING=YES else sed -i "s/.*UseDNS.*/UseDNS no/g" /etc/ssh/sshd_config &> /dev/null fi if [ -e "/usr/etc/sshd_config" ] ; then _SSH_USEDNS_TEST=$(grep "^UseDNS no" /usr/etc/sshd_config) if [[ "$_SSH_USEDNS_TEST" =~ "UseDNS no" ]] ; then _DO_NOTHING=YES else sed -i "s/.*UseDNS.*/UseDNS no/g" /usr/etc/sshd_config &> /dev/null fi fi mrun "service ssh reload" &> /dev/null fi fix_on_upgrade tune_memory_limits kill -9 $(ps aux | grep '[j]etty' | awk '{print $2}') &> /dev/null kill -9 $(ps aux | grep '[t]omcat' | awk '{print $2}') &> /dev/null if [ -e "/etc/default/jetty9" ] && [ -e "/etc/init.d/jetty9" ] ; then msg "INFO: Restarting Jetty 9" mrun "service jetty9 start" &> /dev/null fi if [ -e "/etc/default/jetty8" ] && [ -e "/etc/init.d/jetty8" ] ; then msg "INFO: Restarting Jetty 8" mrun "service jetty8 start" &> /dev/null fi if [ -e "/etc/default/jetty7" ] && [ -e "/etc/init.d/jetty7" ] ; then msg "INFO: Restarting Jetty 7" mrun "service jetty7 start" &> /dev/null fi if [ ! -e "/var/run/aegir_upgrade.pid" ] ; then msg "INFO: Restarting Redis, PHP-FPM and Nginx" mrun "service redis-server restart" &> /dev/null st_runner "update-rc.d -f php5-fpm remove" &> /dev/null mrun "service nginx stop" &> /dev/null if [ -e "/etc/init.d/php55-fpm" ] ; then st_runner "update-rc.d php55-fpm defaults" &> /dev/null mrun "service php55-fpm stop" &> /dev/null fi if [ -e "/etc/init.d/php54-fpm" ] ; then st_runner "update-rc.d php54-fpm defaults" &> /dev/null mrun "service php54-fpm stop" &> /dev/null fi if [ -e "/etc/init.d/php53-fpm" ] ; then st_runner "update-rc.d php53-fpm defaults" &> /dev/null mrun "service php53-fpm stop" &> /dev/null fi if [ -e "/etc/init.d/php52-fpm" ] ; then st_runner "update-rc.d php52-fpm defaults" &> /dev/null mrun "service php52-fpm stop" &> /dev/null fi killall -9 php-fpm &> /dev/null killall -9 php-cgi &> /dev/null killall -9 pure-ftpd &> /dev/null msg "INFO: Restarting $_DB_SERVER server" mrun "service mysql restart" &> /dev/null if [ -e "/etc/init.d/php55-fpm" ] ; then mrun "service php55-fpm start" &> /dev/null fi if [ -e "/etc/init.d/php54-fpm" ] ; then mrun "service php54-fpm start" &> /dev/null fi if [ -e "/etc/init.d/php53-fpm" ] ; then mrun "service php53-fpm start" &> /dev/null fi if [ -e "/etc/init.d/php52-fpm" ] ; then mrun "service php52-fpm start" &> /dev/null fi mrun "service nginx start" &> /dev/null fi fi # # Forced MySQL root password update. forced_mysql_root_password_update () { mv -f /root/.my.cnf-pre-* /var/backups/ &> /dev/null mv -f /root/.my.pass.txt-pre-* /var/backups/ &> /dev/null touch /root/.my.pass.txt chmod 0600 /root/.my.pass.txt &> /dev/null _ESC_PASS="" _LEN_PASS=0 if [ "$_STRONG_PASSWORDS" = "YES" ] ; then _ESC_PASS=$(randpass 32 esc) _ESC_PASS=`echo -n $_ESC_PASS | tr -d "\n"` _LEN_PASS=$(echo ${#_ESC_PASS}) fi if [ -z "$_ESC_PASS" ] || [ $_LEN_PASS -lt 19 ] ; then _ESC_PASS=`pwgen -v -s -1` _ESC_PASS=`echo -n $_ESC_PASS | tr -d "\n"` _ESC_PASS=`sanitize_string "$_ESC_PASS"` fi if [ ! -z "$_ESC_PASS" ] ; then cp -af /root/.my.cnf /root/.my.cnf-pre-$_INSTALLER_VERSION-$_NOW cp -af /root/.my.pass.txt /root/.my.pass.txt-pre-$_INSTALLER_VERSION-$_NOW mysql -u root -e "FLUSH HOSTS;" &> /dev/null mysql -u root -e "DELETE FROM mysql.user WHERE User='';" &> /dev/null mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" &> /dev/null mysql -u root -e "DROP DATABASE test;" &> /dev/null mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" &> /dev/null mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_PASS') WHERE User='root';" &> /dev/null mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null echo "[client]" > /root/.my.cnf echo "user=root" >> /root/.my.cnf echo "password=$_ESC_PASS" >> /root/.my.cnf chmod 0600 /root/.my.cnf echo "db=mysql" > /root/.mytop chmod 0600 /root/.mytop echo "$_ESC_PASS" > /root/.my.pass.txt echo " " if [ "$_STRONG_PASSWORDS" = "YES" ] ; then msg "INFO: New secure random password for $_DB_SERVER generated and updated" else msg "INFO: New random password for $_DB_SERVER generated and updated" fi fi } ###--------------------### if [ ! -e "/root/.my.cnf" ] ; then msg "INFO: $_DB_SERVER final setup" # # Let's just do what mysql_secure_installation does, so we can do it non-interactively: # - remove anonymous users # - remove remote root # - remove test database # - remove privileges on test database # - set auto-generated root password # - reload privileges table # if [ -e "/root/.my.pass.txt" ] ; then if [ -z "$_ESC_PASS" ] ; then PXSWD=`cat /root/.my.pass.txt` else PXSWD="$_ESC_PASS" fi PASWD=`echo -n $PXSWD | tr -d "\n"` mysql -u root -e "FLUSH HOSTS;" &> /dev/null mysql -u root -e "DELETE FROM mysql.user WHERE User='';" &> /dev/null mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" &> /dev/null mysql -u root -e "DROP DATABASE test;" &> /dev/null mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" &> /dev/null mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$PASWD') WHERE User='root';" &> /dev/null mysql -u root -e "FLUSH PRIVILEGES;" &> /dev/null fi echo "[client]" > /root/.my.cnf echo "user=root" >> /root/.my.cnf echo "password=$PASWD" >> /root/.my.cnf chmod 0600 /root/.my.cnf echo "db=mysql" > /root/.mytop chmod 0600 /root/.mytop if [ "$_THIS_DB_HOST" = "localhost" ] ; then echo "skip-name-resolve" > /etc/mysql/skip-name-resolve.txt else sed -i "s/.*skip-name-resolve/#skip-name-resolve/g" /etc/mysql/my.cnf &> /dev/null fi sed -i "s/.*check_for_crashed_tables/#check_for_crashed_tables/g" /etc/mysql/debian-start &> /dev/null mrun "service mysql restart" &> /dev/null msg "INFO: $_DB_SERVER setup completed" msg "INFO: You can now log in as root by typing only 'mysql' on the command line" else if [ ! -e "/root/.mysql.no.new.password.cnf" ] ; then forced_mysql_root_password_update fi fi ###--------------------### if [ -L "/var/aegir/config/includes/barracuda_log.txt" ] ; then rm -f /var/aegir/config/includes/barracuda_log.txt fi if [ "$_THIS_DB_HOST" = "localhost" ] ; then _LOG_DB_HOST=localhost else _LOG_DB_HOST=FQDN fi if [ ! -z "$_FORCE_GIT_MIRROR" ] ; then _LOG_GIT_MIRROR="-$_FORCE_GIT_MIRROR" fi _LOG_DB_V=`mysql -V 2>&1 | tr -d "\n" | cut -d" " -f6 | awk '{ print $1}' | cut -d"-" -f1 | awk '{ print $1}' | sed "s/[\,']//g"` _BARRACUDA_VERSION_INFO="`date` / `lsb_release -si`.`lsb_release -sc` `uname -m` $_VMFAMILY / Aegir $_AEGIR_VERSION / Barracuda $_INSTALLER_VERSION$_LOG_GIT_MIRROR / Nginx $_NGINX_VERSION / PHP $_PHP_MULTI_INSTALL / FPM $_PHP_FPM_VERSION / CLI $_PHP_CLI_VERSION / $_DB_SERVER-$_LOG_DB_V $_LOG_DB_HOST / Wildcard $_HTTP_WILDCARD" echo "$_BARRACUDA_VERSION_INFO" >> /var/log/barracuda_log.txt echo "$_BARRACUDA_VERSION_INFO" >> /var/backups/barracuda_log.txt msg "INFO: New entry added to /var/log/barracuda_log.txt" ###--------------------### if [ ! -e "/var/xdrago/log/sysctl.conf-$_INSTALLER_VERSION-$_NOW.log" ] ; then cp -af /etc/sysctl.conf /var/backups/dragon/t/sysctl.conf-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/sysctl.conf /etc/sysctl.conf if [ -e "/etc/security/limits.conf" ] ; then _IF_NF=$(grep '524288' /etc/security/limits.conf) if [ -z "$_IF_NF" ] ; then echo "* hard nofile 524288" >> /etc/security/limits.conf echo "* soft nofile 524288" >> /etc/security/limits.conf echo "root hard nofile 1048576" >> /etc/security/limits.conf echo "root soft nofile 1048576" >> /etc/security/limits.conf fi fi if [ -e "/boot/grub/grub.cfg" ] || [ -e "/boot/grub/menu.lst" ] ; then sysctl -p /etc/sysctl.conf &> /dev/null _IF_CDP=$(ps aux | grep '[c]dp_io' | awk '{print $2}') if [ -z "$_IF_CDP" ] && [ ! -e "/root/.no.swap.clear.cnf" ] ; then msg "INFO: Cleaning up system swap, it may take a moment, please wait..." st_runner "swapoff -a" &> /dev/null st_runner "swapon -a" &> /dev/null fi else sysctl -p /etc/sysctl.conf &> /dev/null fi touch /var/xdrago/log/sysctl.conf-$_INSTALLER_VERSION-$_NOW.log fi XPTEMAIL=${_MY_EMAIL//\@/\\\\\@} sed -i "s/notify\@omega8.cc/$_MY_EMAIL/g" /etc/csf/csf.conf &> /dev/null sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/checksql.cgi &> /dev/null sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/daily.sh &> /dev/null sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/weekly.sh &> /dev/null sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/monitor/check/segfault_alert &> /dev/null sed -i "s/notify\\\@omega8.cc/$XPTEMAIL/g" /var/xdrago/monitor/check/escapecheck &> /dev/null if [ -e "/usr/sbin/apticron" ] ; then if [ -e "/etc/apticron/apticron.conf" ] ; then _APTICRON_TEST=$(grep "NOTIFY_HOLDS" /etc/apticron/apticron.conf) if [[ "$_APTICRON_TEST" =~ "NOTIFY_HOLDS" ]] ; then sed -i "s/^# NOTIFY_HOLDS=\"0\"/NOTIFY_HOLDS=\"0\"/g" /etc/apticron/apticron.conf &> /dev/null sed -i "s/notify\@omega8.cc/$_MY_EMAIL/g" /etc/apticron/apticron.conf &> /dev/null sed -i "s/root/$_MY_EMAIL/g" /etc/apticron/apticron.conf &> /dev/null else mrun "apt-get remove apticron -y --force-yes" &> /dev/null mrun "apt-get purge apticron -y" &> /dev/null mrun "apt-get install apticron -y" &> /dev/null sed -i "s/^# NOTIFY_HOLDS=\"0\"/NOTIFY_HOLDS=\"0\"/g" /etc/apticron/apticron.conf &> /dev/null sed -i "s/notify\@omega8.cc/$_MY_EMAIL/g" /etc/apticron/apticron.conf &> /dev/null sed -i "s/root/$_MY_EMAIL/g" /etc/apticron/apticron.conf &> /dev/null fi fi if [[ "$_INSTALLER_VERSION" =~ "dev" ]] && [ "$_AEGIR_VERSION" = "HEAD" ] ; then sed -i "s/aptitude full-upgrade/barracuda up-head system/g" /usr/sbin/apticron &> /dev/null sed -i "s/apt-get dist-upgrade/barracuda up-head system/g" /usr/sbin/apticron &> /dev/null sed -i "s/barracuda up-head.*/barracuda up-head system/g" /usr/sbin/apticron &> /dev/null else sed -i "s/aptitude full-upgrade/barracuda up-stable system/g" /usr/sbin/apticron &> /dev/null sed -i "s/apt-get dist-upgrade/barracuda up-stable system/g" /usr/sbin/apticron &> /dev/null sed -i "s/barracuda up-stable.*/barracuda up-stable system/g" /usr/sbin/apticron &> /dev/null fi fi if [ "$_STATUS" = "INIT" ] ; then if [ "$_EASY_LOCALHOST" = "NO" ] && [ "$_EASY_PUBLIC" = "YES" ] ; then mrun "bash /usr/sbin/apticron" &> /dev/null fi if [ "$_DEBUG_MODE" = "YES" ] ; then _DO_NOTHING=YES else _AEGIR_LOGIN_URL=`grep --text "^http://$_THIS_FRONT" /var/aegir/install.log 2> /dev/null` if [ ! -z "$_AEGIR_LOGIN_URL" ] ; then echo " " msg "INFO: Congratulations, Aegir backend and frontend have been installed successfully" msg "NOTE! Please wait 2 minutes before opening the following link in your web browser:" echo " " msg "LINK: $_AEGIR_LOGIN_URL" else msg "ALRT: Something went wrong" msg "ALRT: Please check the install log for details:" msg "ALRT: /var/aegir/install.log" fi fi fi if [ ! -e "/var/xdrago/log/cron_aegir_off.pid" ] ; then touch /var/xdrago/log/cron_aegir_off.pid fi ###--------------------### if [ "$_FORCE_REDIS_RESTART" = "YES" ] ; then service redis-server stop &> /dev/null killall -9 redis-server &> /dev/null service redis-server start &> /dev/null fi if [ "$_STATUS" = "INIT" ] ; then service cron start &> /dev/null if [ "$_EASY_LOCALHOST" = "NO" ] && [ "$_EASY_PUBLIC" = "NO" ] ; then echo " " msg "Now waiting 2 minutes before restarting Nginx..." mrun "sleep 111" fi force_advanced_nginx_config mrun "sleep 8" mrun "service nginx restart" &> /dev/null else if [ -e "/var/aegir/config/server_master/nginx/pre.d/nginx_wild_ssl.conf" ] ; then sed -i "s/SSLv3 TLSv1;/SSLv3 TLSv1 TLSv1.1 TLSv1.2;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/HIGH:\!ADH:\!MD5;/RC4:HIGH:\!aNULL:\!MD5;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/.*gzip_vary .*//g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/.*gzip_vary .*//g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/.*proxy_buffer_size .*//g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/.*proxy_buffer_size .*//g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/.*proxy_buffers .*//g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/.*proxy_buffers .*//g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/.*proxy_busy_buffers_size .*//g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/.*proxy_busy_buffers_size .*//g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/.*proxy_temp_file_write_size .*//g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/.*proxy_temp_file_write_size .*//g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/.*proxy_buffering .*//g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/.*proxy_buffering .*//g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/proxy_redirect .*/proxy_redirect off;\n gzip_vary off;\n proxy_buffering off;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/proxy_redirect .*/proxy_redirect off;\n gzip_vary off;\n proxy_buffering off;/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/ *$//g; /^$/d" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/ *$//g; /^$/d" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/add_header Vary .*//g" /var/aegir/config/server_master/nginx.conf &> /dev/null fi if [ "$_NGINX_SPDY" = "YES" ] ; then sed -i "s/:443;/:443 ssl spdy;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/:443;/:443 ssl spdy;/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null fi _SSL_INSTALLED=`openssl version 2>&1 | tr -d "\n" | cut -d" " -f2 | awk '{ print $1}'` if [ "$_SSL_INSTALLED" = "$_OPENSSL_VERSION" ] &&[ "$_NGINX_FORWARD_SECRECY" = "YES" ] ; then _ALLOW_NGINX_FORWARD_SECRECY=YES _SSL_PROTOCOLS="SSLv3 TLSv1 TLSv1.1 TLSv1.2;" _SSL_CIPHERS="EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:\!aNULL:\!eNULL:\!LOW:\!3DES:\!MD5:\!EXP:\!PSK:\!SRP:\!DSS:+RC4:RC4;" else _ALLOW_NGINX_FORWARD_SECRECY=NO fi if [ "$_ALLOW_NGINX_FORWARD_SECRECY" = "YES" ] ; then sed -i "s/ssl_protocols .*/ssl_protocols $_SSL_PROTOCOLS/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/ssl_protocols .*/ssl_protocols $_SSL_PROTOCOLS/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/ssl_ciphers .*/ssl_ciphers $_SSL_CIPHERS/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/ssl_ciphers .*/ssl_ciphers $_SSL_CIPHERS/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null fi sed -i "s/gulag/limreq/g" /data/disk/*/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/gulag/limreq/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/gulag/limreq/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/gulag/limreq/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/gulag/limreq/g" /data/disk/*/config/includes/*.conf &> /dev/null sed -i "s/gulag/limreq/g" /data/disk/*/config/server_master/nginx.conf &> /dev/null sed -i "s/gulag/limreq/g" /data/disk/*/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/config/includes/*.conf &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/config/server_master/nginx.conf &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/gulag/limreq/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /data/disk/*/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /data/disk/*/config/includes/*.conf &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /data/disk/*/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /data/disk/*/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/config/includes/*.conf &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/limreq 32;/limreq 5555;/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /data/disk/*/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /data/disk/*/config/includes/*.conf &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /data/disk/*/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /data/disk/*/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/config/includes/*.conf &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/limreq 555;/limreq 5555;/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /data/disk/*/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /data/disk/*/config/includes/*.conf &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /data/disk/*/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /data/disk/*/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/config/includes/*.conf &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/limreq 88;/limreq 8888;/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /data/disk/*/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /data/disk/*/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /data/disk/*/config/includes/*.conf &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /data/disk/*/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /data/disk/*/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/.drush/xts/provision_cdn/Provision/Config/*.tpl.php &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/*.tpl.php &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/.drush/sys/provision/http/Provision/Config/Nginx/Ssl/*.tpl.php &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/config/includes/*.conf &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/config/server_master/nginx.conf &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/config/server_master/nginx/pre.d/*.conf &> /dev/null sed -i "s/limreq 888;/limreq 8888;/g" /var/aegir/config/server_master/nginx/vhost.d/* &> /dev/null sed -i "s/OctopusMicroNoCacheID/NoCacheID/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/OctopusMicroNoCacheID/NoCacheID/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/OctopusNCookie/AegirCookie/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/OctopusNCookie/AegirCookie/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/OctopusNoCacheID/NoCacheID/g" /data/disk/*/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/OctopusNoCacheID/NoCacheID/g" /var/aegir/.drush/sys/provision/http/Provision/Service/http/*.conf &> /dev/null sed -i "s/60/180/g" /var/aegir/config/server_master/nginx.conf &> /dev/null sed -i "s/300/180/g" /var/aegir/config/server_master/nginx.conf &> /dev/null validate_public_ip &> /dev/null _CRON_IP=${_THISHTIP//[^0-9.]/} if [ ! -e "/root/.local.IP.list" ] ; then rm -f /root/.tmp.IP.list* rm -f /root/.local.IP.list* for _IP in `hostname -I`;do echo $_IP >> /root/.tmp.IP.list;done for _IP in `cat /root/.tmp.IP.list | sort | uniq`;do echo "$_IP # local IP address" >> /root/.local.IP.list;done rm -f /root/.tmp.IP.list* fi _IP_IF_PRESENT=$(grep "$_CRON_IP" /root/.local.IP.list) if [[ "$_IP_IF_PRESENT" =~ "$_CRON_IP" ]] ; then _IP_PRESENT=YES else _IP_PRESENT=NO fi if [ ! -z "$_CRON_IP" ] && [ "$_IP_PRESENT" = "YES" ] && [ -e "/root/.local.IP.list" ] ; then fix_multi_ip_cron_access fi mrun "service nginx reload" &> /dev/null fi ###--------------------### # # Fix csf.uidignore file to whitelist important system uids when UID_INTERVAL != 0 fix_lfd_uidignore () { _THIS_FILE=/etc/csf/csf.uidignore if [ -e "$_THIS_FILE" ] ; then _CSF_UIDIGNORE_TEST=$(grep "pdnsd" $_THIS_FILE) if [[ "$_CSF_UIDIGNORE_TEST" =~ "pdnsd" ]] ; then _DO_NOTHING=YES else echo "#root" >> /etc/csf/csf.uidignore &> /dev/null echo `id -u root` >> /etc/csf/csf.uidignore &> /dev/null echo "#pdnsd" >> /etc/csf/csf.uidignore &> /dev/null echo `id -u pdnsd` >> /etc/csf/csf.uidignore &> /dev/null echo "#postfix" >> /etc/csf/csf.uidignore &> /dev/null echo `id -u postfix` >> /etc/csf/csf.uidignore &> /dev/null echo "#www-data" >> /etc/csf/csf.uidignore &> /dev/null echo `id -u www-data` >> /etc/csf/csf.uidignore &> /dev/null fi if [ -e "/usr/sbin/named" ] ; then _CSF_UIDIGNORE_TEST=$(grep "bind" $_THIS_FILE) if [[ "$_CSF_UIDIGNORE_TEST" =~ "bind" ]] ; then _DO_NOTHING=YES else echo "#bind" >> /etc/csf/csf.uidignore &> /dev/null echo `id -u bind` >> /etc/csf/csf.uidignore &> /dev/null fi fi sed -i "/^$/d" $_THIS_FILE &> /dev/null fi } # # Fix csf.fignore file to whitelist /tmp/drush_* fix_lfd_whitelist () { _THIS_FILE=/etc/csf/csf.fignore if [ -e "$_THIS_FILE" ] ; then _CSF_WHITELIST_TEST=$(grep "jetty" $_THIS_FILE) if [[ "$_CSF_WHITELIST_TEST" =~ "jetty" ]] ; then _DO_NOTHING=YES else sed -i "s/.*\/tmp\/.*//g" $_THIS_FILE &> /dev/null sed -i "/^$/d" $_THIS_FILE &> /dev/null echo "/tmp/drush_tmp.*" >> $_THIS_FILE echo "/tmp/drush_make_tmp.*" >> $_THIS_FILE echo "/tmp/make_tmp.*" >> $_THIS_FILE echo "/tmp/hsperfdata.*" >> $_THIS_FILE echo "/tmp/jetty.*" >> $_THIS_FILE fi fi } # csf_install () { if [ "$_CSF_MODE" = "install" ] ; then msg "INFO: Installing csf/lfd firewall..." else msg "INFO: Upgrading csf/lfd firewall..." fi cd /var/opt rm -f /var/xdrago/log/lastFire if ! netcat -w 8 -z www.configserver.com 80 ; then get_dev_arch "csf.tgz" else curl -L --max-redirs 10 -k -s -O --retry 10 --retry-delay 15 -A iCab "http://www.configserver.com/free/csf.tgz" extract_archive "csf.tgz" fi cd csf st_runner "sh install.sh" 2> /dev/null cd /var/opt if [[ "$_THISHOST" =~ ".host8." ]] || [ "$_VMFAMILY" = "VS" ] ; then _SSH_PORT=22 fi _CSF_COMPATIBILITY_TEST=$(perl /etc/csf/csftest.pl) if [[ "$_CSF_COMPATIBILITY_TEST" =~ "RESULT: csf should function on this server" ]] ; then _CSF_COMPATIBILITY=YES elif [[ "$_CSF_COMPATIBILITY_TEST" =~ "RESULT: csf will function on this server but some features will not work" ]] ; then _CSF_COMPATIBILITY=PARTIAL sed -i "s/^PORTFLOOD .*/PORTFLOOD = \"\"/g" /etc/csf/csf.conf &> /dev/null sed -i "s/^CONNLIMIT .*/CONNLIMIT = \"\"/g" /etc/csf/csf.conf &> /dev/null sed -i "s/^USE_CONNTRACK .*/USE_CONNTRACK = \"0\"/g" /etc/csf/csf.conf &> /dev/null elif [[ "$_CSF_COMPATIBILITY_TEST" =~ "FATAL" ]] ; then _CSF_COMPATIBILITY=NO else _CSF_COMPATIBILITY=NO fi if [ "$_CSF_COMPATIBILITY" = "YES" ] || [ "$_CSF_COMPATIBILITY" = "PARTIAL" ] ; then if [ "$_CSF_COMPATIBILITY" = "PARTIAL" ] ; then msg "TEST: csf/lfd firewall should mostly work on this system" else msg "TEST: csf/lfd firewall should work fine on this system" fi mv -f /etc/csf/csf.conf /etc/csf/csf.conf-pre-$_INSTALLER_VERSION-$_NOW &> /dev/null cp -af /opt/tmp/$_BOA_REPO_NAME/aegir/conf/csf.conf /etc/csf/csf.conf sed -i "s/notify\@omega8.cc/$_MY_EMAIL/g" /etc/csf/csf.conf &> /dev/null sed -i "s/TCP_IN = \"20,21,22,/TCP_IN = \"20,21,$_SSH_PORT,/g" /etc/csf/csf.conf &> /dev/null chmod 600 /etc/csf/csf.conf &> /dev/null sed -i "s/^Port.*/Port $_SSH_PORT/g" /etc/ssh/sshd_config &> /dev/null if [ -e "/usr/etc/sshd_config" ] ; then sed -i "s/^Port.*/Port $_SSH_PORT/g" /usr/etc/sshd_config &> /dev/null fi sed -i "s/30 \* \* \* \* bash/#30 * * * * bash/g" /var/spool/cron/crontabs/root &> /dev/null mrun "service ssh restart" &> /dev/null if [ "$_CSF_MODE" = "install" ] ; then msg "INFO: csf/lfd firewall installation completed" else msg "INFO: csf/lfd firewall upgrade completed" fi touch /var/xdrago/log/csf_$_INSTALLER_VERSION.log else msg "TEST: csf/lfd firewall can not be installed on this system" fi } if [[ "$_XTRAS_LIST" =~ "ALL" ]] || [[ "$_XTRAS_LIST" =~ "CSF" ]] ; then if [ ! -e "/var/run/cloud_vhost.pid" ] ; then if [ ! -e "/usr/sbin/csf" ] ; then echo " " if prompt_yes_no "Do you want to install csf/lfd firewall?" ; then true _CSF_MODE=install csf_install else msg "INFO: csf/lfd firewall installation skipped" fi fi fi fi if [ -e "/usr/sbin/csf" ] && [ "$_VMFAMILY" = "VS" ] && [ ! -e "/boot/grub/grub.cfg" ] && [ ! -e "/boot/grub/menu.lst" ] ; then csf -x &> /dev/null update-rc.d -f csf remove &> /dev/null update-rc.d -f lfd remove &> /dev/null rm -f /etc/cron.d/{csf,lfd}* rm -f /usr/sbin/{csf,lfd} rm -f /etc/init.d/{csf,lfd} rm -f -r /etc/csf fi if [ "$_CSF_COMPATIBILITY" = "NO" ] ; then csf -x &> /dev/null update-rc.d -f csf remove &> /dev/null update-rc.d -f lfd remove &> /dev/null rm -f /etc/cron.d/{csf,lfd}* rm -f /usr/sbin/{csf,lfd} rm -f /etc/init.d/{csf,lfd} rm -f -r /etc/csf fi if [ -e "/usr/sbin/csf" ] ; then if [ "$_CUSTOM_CONFIG_CSF" = "YES" ] ; then _DO_NOTHING=YES else _CSF_MODE=upgrade csf_install fi if [ -e "/root/.host8.cnf" ] || [[ "$_CHECK_HOST" =~ ".host8." ]] ; then sed -i "s/^AUTO_UPDATES .*/AUTO_UPDATES = \"1\"/g" /etc/csf/csf.conf &> /dev/null fi if [ "$_VMFAMILY" = "VZ" ] ; then sed -i "s/^PORTFLOOD .*/PORTFLOOD = \"\"/g" /etc/csf/csf.conf &> /dev/null sed -i "s/^CONNLIMIT .*/CONNLIMIT = \"\"/g" /etc/csf/csf.conf &> /dev/null sed -i "s/^USE_CONNTRACK .*/USE_CONNTRACK = \"0\"/g" /etc/csf/csf.conf &> /dev/null fi if [ -e "/var/xdrago/log/lastFire" ] ; then sed -i "s/30 \* \* \* \* bash/#30 * * * * bash/g" /var/spool/cron/crontabs/root &> /dev/null rm -f /var/xdrago/log/lastFire mrun "csf -x" &> /dev/null mrun "csf -e" &> /dev/null mrun "csf -q" &> /dev/null fi fi ###--------------------### install_pdnsd_cache () { msg "INFO: Installing DNS cache pdnsd server..." cp -af /etc/resolv.conf /var/backups/resolv.conf.pre-$_INSTALLER_VERSION-$_NOW rm -f /etc/resolv.conf echo "nameserver 8.8.8.8" > /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf st_runner "apt-get update -y" &> /dev/null st_runner "aptitude purge pdnsd resolvconf -y" &> /dev/null st_runner "apt-get autoremove -y --force-yes" &> /dev/null rm -f /etc/resolv.conf echo "nameserver 8.8.8.8" > /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf st_runner "$_INSTALL pdnsd resolvconf" &> /dev/null sed -i "s/START_DAEMON=no/START_DAEMON=yes/g" /etc/default/pdnsd &> /dev/null cat /opt/tmp/$_BOA_REPO_NAME/aegir/conf/pdnsd.conf > /etc/pdnsd.conf if [ ! -L "/etc/resolvconf/run" ] || [ ! -e "/lib/init/rw/resolvconf/enable-updates" ] || [ ! -e "/lib/init/rw/resolvconf/interface/lo.pdnsd" ] ; then rm -f -r /run/resolvconf rm -f -r /etc/resolvconf/run ln -s /lib/init/rw/resolvconf /etc/resolvconf/run if [ ! -e "/lib/init/rw/resolvconf/interface" ] ; then mkdir -p /lib/init/rw/resolvconf/interface fi rm -f /lib/init/rw/resolvconf/postponed-update touch /lib/init/rw/resolvconf/enable-updates rm -f /etc/resolvconf/resolv.conf.d/tail touch /etc/resolvconf/resolv.conf.d/tail fi if [ -e "/etc/resolvconf/run" ] ; then rm -f /etc/resolvconf/run/interface/* echo "nameserver 127.0.0.1" > /etc/resolvconf/run/interface/lo.pdnsd sed -i "s/^search.*//g" /etc/resolvconf/run/resolv.conf &> /dev/null sed -i "s/^domain.*//g" /etc/resolvconf/run/resolv.conf &> /dev/null sed -i "s/^nameserver.*//g" /etc/resolvconf/run/resolv.conf &> /dev/null echo "nameserver 127.0.0.1" >> /etc/resolvconf/run/resolv.conf sed -i "/^$/d" /etc/resolvconf/run/resolv.conf &> /dev/null if [ -e "/etc/resolvconf/run/resolv.conf" ] ; then rm -f /etc/resolv.conf ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf else rm -f /etc/resolv.conf echo "nameserver 8.8.8.8" > /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf fi rm -f /etc/resolvconf/run/interface/eth* resolvconf -u &> /dev/null else if [ -e "/usr/sbin/pdnsd" ] ; then rm -f /etc/resolv.conf echo "nameserver 127.0.0.1" > /etc/resolv.conf fi fi if [ -e "/etc/NetworkManager/NetworkManager.conf" ] ; then sed -i "s/^dns=.*/dns=pdnsd/g" /etc/NetworkManager/NetworkManager.conf &> /dev/null mrun "service network-manager restart" &> /dev/null fi mrun "service pdnsd stop" &> /dev/null rm -f /var/cache/pdnsd/pdnsd.cache mrun "service pdnsd start" &> /dev/null mrun "service pdnsd stop" &> /dev/null rm -f /var/cache/pdnsd/pdnsd.cache mrun "service pdnsd start" &> /dev/null } if [ -f "/etc/default/dhcpcd" ] ; then sed -i "s/.*SET_DNS/#SET_DNS/g" /etc/default/dhcpcd &> /dev/null sed -i "s/.*SET_HOSTNAME/#SET_HOSTNAME/g" /etc/default/dhcpcd &> /dev/null fi if [ ! -e "/usr/sbin/pdnsd" ] ; then install_pdnsd_cache else if [ ! -L "/etc/resolvconf/run" ] || [ ! -e "/lib/init/rw/resolvconf/enable-updates" ] || [ ! -e "/lib/init/rw/resolvconf/interface/lo.pdnsd" ] ; then msg "INFO: DNS cache pdnsd server re-installation forced" install_pdnsd_cache fi fi fix_lfd_whitelist fix_lfd_uidignore ###--------------------### if [ "$_STRICT_BIN_PERMISSIONS" = "YES" ] ; then usermod -aG users aegir &> /dev/null usermod -aG users man &> /dev/null switch_to_bash strict_bin_permissions fi finale exit 0 ###----------------------------------------### ### ### Barracuda Aegir Installer ### Copyright (C) 2010-2014 Omega8.cc ### noc@omega8.cc www.omega8.cc ### ###----------------------------------------###